Import version from branch v9_18
Uses git checkout 38726e67340b2b60715fa2f342dc800273d3772f -- . Remove unused patches from distgit.
This commit is contained in:
parent
d540d034df
commit
8a47aa2c75
10
.gitignore
vendored
10
.gitignore
vendored
@ -176,3 +176,13 @@ bind-9.7.2b1.tar.gz
|
||||
/bind-9.16.29.tar.xz.asc
|
||||
/bind-9.16.30.tar.xz
|
||||
/bind-9.16.30.tar.xz.asc
|
||||
/bind-9.18.0.tar.xz
|
||||
/bind-9.18.0.tar.xz.asc
|
||||
/bind-9.18.1.tar.xz
|
||||
/bind-9.18.1.tar.xz.asc
|
||||
/bind-9.18.2.tar.xz
|
||||
/bind-9.18.2.tar.xz.asc
|
||||
/bind-9.18.3.tar.xz
|
||||
/bind-9.18.3.tar.xz.asc
|
||||
/bind-9.18.4.tar.xz
|
||||
/bind-9.18.4.tar.xz.asc
|
||||
|
@ -22,10 +22,8 @@ The package contains several subpackages, some of them can be disabled on rebuil
|
||||
* **bind-utils** -- set of tools to analyse DNS responses or update entries (dig, host)
|
||||
* **bind-doc** -- documentation for current bind, *BIND 9 Administrator Reference Manual*.
|
||||
* **bind-license** -- Shared license for all packages but bind-export-libs.
|
||||
* **bind-pkcs11** -- *named* daemon built with native PKCS#11 support. Can be disabled by `--without PKCS11`.
|
||||
* **bind-libs** and **bind-libs-lite** -- Shared libraries used by some others programs
|
||||
* **bind-devel** -- Development headers for libs.
|
||||
* **bind-dlz-\*** -- Dynamic loadable [DLZ plugins](http://bind-dlz.sourceforge.net/) with support for external databases
|
||||
* **bind-libs** -- Shared libraries used by some others programs
|
||||
* **bind-devel** -- Development headers for libs. Can be disabled by `--without DEVEL`
|
||||
|
||||
|
||||
## Optional features
|
||||
|
@ -1,541 +0,0 @@
|
||||
From 1cbffe7e8b5bced9134abbae23a2a20c83d39a6a Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Thu, 21 Jan 2021 10:46:20 +0100
|
||||
Subject: [PATCH] Enable custom pkcs11 native build
|
||||
|
||||
Share common parts like libisc, libcc and others. But provide native
|
||||
pkcs11 libraries as a new copy of libdns and libns.
|
||||
---
|
||||
bin/Makefile.in | 2 +-
|
||||
bin/confgen/Makefile.in | 2 +-
|
||||
bin/dnssec-pkcs11/Makefile.in | 39 +++++++++++++++++---------------
|
||||
bin/named-pkcs11/Makefile.in | 31 +++++++++++++------------
|
||||
configure.ac | 19 ++++++++++++++++
|
||||
lib/Makefile.in | 2 +-
|
||||
lib/dns-pkcs11/Makefile.in | 22 +++++++++---------
|
||||
lib/dns-pkcs11/tests/Makefile.in | 8 +++----
|
||||
lib/ns-pkcs11/Makefile.in | 26 ++++++++++-----------
|
||||
lib/ns-pkcs11/tests/Makefile.in | 12 +++++-----
|
||||
make/includes.in | 7 ++++++
|
||||
11 files changed, 100 insertions(+), 70 deletions(-)
|
||||
|
||||
diff --git a/bin/Makefile.in b/bin/Makefile.in
|
||||
index 9ad7f62..094775a 100644
|
||||
--- a/bin/Makefile.in
|
||||
+++ b/bin/Makefile.in
|
||||
@@ -11,7 +11,7 @@ srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
top_srcdir = @top_srcdir@
|
||||
|
||||
-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \
|
||||
+SUBDIRS = named named-pkcs11 rndc dig delv dnssec dnssec-pkcs11 tools nsupdate check confgen \
|
||||
@NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins tests
|
||||
TARGETS =
|
||||
|
||||
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
|
||||
index c126bf3..1b7512d 100644
|
||||
--- a/bin/confgen/Makefile.in
|
||||
+++ b/bin/confgen/Makefile.in
|
||||
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
|
||||
CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
|
||||
${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
|
||||
|
||||
-CDEFINES = @USE_PKCS11@
|
||||
+CDEFINES =
|
||||
CWARNINGS =
|
||||
|
||||
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
|
||||
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
|
||||
index ace0e5a..e0f6a00 100644
|
||||
--- a/bin/dnssec-pkcs11/Makefile.in
|
||||
+++ b/bin/dnssec-pkcs11/Makefile.in
|
||||
@@ -15,18 +15,18 @@ VERSION=@BIND9_VERSION@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
-CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
|
||||
+CINCLUDES = ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
|
||||
${OPENSSL_CFLAGS}
|
||||
|
||||
-CDEFINES = -DVERSION=\"${VERSION}\" -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
|
||||
+CDEFINES = -DVERSION=\"${VERSION}\" -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\" -DUSE_PKCS11=1
|
||||
CWARNINGS =
|
||||
|
||||
-DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
|
||||
ISCLIBS = ../../lib/isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
|
||||
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @NO_LIBTOOL_ISCLIBS@
|
||||
|
||||
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
|
||||
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
|
||||
ISCDEPLIBS = ../../lib/isc/libisc.@A@
|
||||
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
|
||||
|
||||
@@ -36,12 +36,15 @@ LIBS = ${DNSLIBS} ${ISCCFGLIBS} ${ISCLIBS} @LIBS@
|
||||
|
||||
NOSYMLIBS = ${DNSLIBS} ${ISCCFGLIBS} ${ISCNOSYMLIBS} @LIBS@
|
||||
|
||||
+# Add suffix to all targets
|
||||
+EXEEXT = -pkcs11@EXEEXT@
|
||||
+
|
||||
# Alphabetically
|
||||
-TARGETS = dnssec-cds@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
|
||||
- dnssec-importkey@EXEEXT@ dnssec-keyfromlabel@EXEEXT@ \
|
||||
- dnssec-keygen@EXEEXT@ dnssec-revoke@EXEEXT@ \
|
||||
- dnssec-settime@EXEEXT@ dnssec-signzone@EXEEXT@ \
|
||||
- dnssec-verify@EXEEXT@
|
||||
+TARGETS = dnssec-cds${EXEEXT} dnssec-dsfromkey${EXEEXT} \
|
||||
+ dnssec-importkey${EXEEXT} dnssec-keyfromlabel${EXEEXT} \
|
||||
+ dnssec-keygen${EXEEXT} dnssec-revoke${EXEEXT} \
|
||||
+ dnssec-settime${EXEEXT} dnssec-signzone${EXEEXT} \
|
||||
+ dnssec-verify${EXEEXT}
|
||||
|
||||
OBJS = dnssectool.@O@
|
||||
|
||||
@@ -52,19 +55,19 @@ SRCS = dnssec-cds.c dnssec-dsfromkey.c dnssec-importkey.c \
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
|
||||
-dnssec-cds@EXEEXT@: dnssec-cds.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-cds-pkcs11@EXEEXT@: dnssec-cds.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-cds.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
-dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-dsfromkey-pkcs11@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
-dnssec-keyfromlabel@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-keyfromlabel-pkcs11@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-keyfromlabel.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
-dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-keygen-pkcs11@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
@@ -72,7 +75,7 @@ dnssec-signzone.@O@: dnssec-signzone.c
|
||||
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
|
||||
-c ${srcdir}/dnssec-signzone.c
|
||||
|
||||
-dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-signzone-pkcs11@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
@@ -80,19 +83,19 @@ dnssec-verify.@O@: dnssec-verify.c
|
||||
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
|
||||
-c ${srcdir}/dnssec-verify.c
|
||||
|
||||
-dnssec-verify@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-verify-pkcs11@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-verify.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
-dnssec-revoke@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-revoke-pkcs11@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
|
||||
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
|
||||
dnssec-revoke.@O@ ${OBJS} ${LIBS}
|
||||
|
||||
-dnssec-settime@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-settime-pkcs11@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}
|
||||
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
|
||||
dnssec-settime.@O@ ${OBJS} ${LIBS}
|
||||
|
||||
-dnssec-importkey@EXEEXT@: dnssec-importkey.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-importkey-pkcs11@EXEEXT@: dnssec-importkey.@O@ ${OBJS} ${DEPLIBS}
|
||||
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
|
||||
dnssec-importkey.@O@ ${OBJS} ${LIBS}
|
||||
|
||||
diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in
|
||||
index debb906..ecfdb6c 100644
|
||||
--- a/bin/named-pkcs11/Makefile.in
|
||||
+++ b/bin/named-pkcs11/Makefile.in
|
||||
@@ -37,13 +37,14 @@ DBDRIVER_LIBS =
|
||||
|
||||
DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers
|
||||
|
||||
-DLZDRIVER_OBJS = @DLZ_DRIVER_OBJS@
|
||||
-DLZDRIVER_SRCS = @DLZ_DRIVER_SRCS@
|
||||
-DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@
|
||||
-DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@
|
||||
+# Skip building on PKCS11 variant
|
||||
+DLZDRIVER_OBJS =
|
||||
+DLZDRIVER_SRCS =
|
||||
+DLZDRIVER_INCLUDES =
|
||||
+DLZDRIVER_LIBS =
|
||||
|
||||
CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
|
||||
- ${NS_INCLUDES} ${DNS_INCLUDES} \
|
||||
+ ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} \
|
||||
${BIND9_INCLUDES} ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \
|
||||
${ISC_INCLUDES} ${DLZDRIVER_INCLUDES} \
|
||||
${DBDRIVER_INCLUDES} \
|
||||
@@ -56,24 +57,24 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
|
||||
${LIBXML2_CFLAGS} \
|
||||
${MAXMINDDB_CFLAGS}
|
||||
|
||||
-CDEFINES = @CONTRIB_DLZ@
|
||||
+CDEFINES =
|
||||
|
||||
CWARNINGS =
|
||||
|
||||
-DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
|
||||
ISCCCLIBS = ../../lib/isccc/libisccc.@A@
|
||||
ISCLIBS = ../../lib/isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
|
||||
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @NO_LIBTOOL_ISCLIBS@
|
||||
BIND9LIBS = ../../lib/bind9/libbind9.@A@
|
||||
-NSLIBS = ../../lib/ns/libns.@A@
|
||||
+NSLIBS = ../../lib/ns-pkcs11/libns-pkcs11.@A@
|
||||
|
||||
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
|
||||
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
|
||||
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
|
||||
ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@
|
||||
ISCDEPLIBS = ../../lib/isc/libisc.@A@
|
||||
BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
|
||||
-NSDEPLIBS = ../../lib/ns/libns.@A@
|
||||
+NSDEPLIBS = ../../lib/ns-pkcs11/libns-pkcs11.@A@
|
||||
|
||||
DEPLIBS = ${NSDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
|
||||
${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS}
|
||||
@@ -93,7 +94,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
|
||||
|
||||
SUBDIRS = unix
|
||||
|
||||
-TARGETS = named@EXEEXT@
|
||||
+TARGETS = named-pkcs11@EXEEXT@
|
||||
|
||||
GEOIP2LINKOBJS = geoip.@O@
|
||||
|
||||
@@ -151,7 +152,7 @@ server.@O@: server.c
|
||||
-DPRODUCT=\"${PRODUCT}\" \
|
||||
-DVERSION=\"${VERSION}\" -c ${srcdir}/server.c
|
||||
|
||||
-named@EXEEXT@: ${OBJS} ${DEPLIBS}
|
||||
+named-pkcs11@EXEEXT@: ${OBJS} ${DEPLIBS}
|
||||
export MAKE_SYMTABLE="yes"; \
|
||||
export BASEOBJS="${OBJS} ${UOBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
@@ -170,11 +171,11 @@ statschannel.@O@: bind9.xsl.h
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
|
||||
|
||||
-install:: named@EXEEXT@ installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}
|
||||
+install:: named-pkcs11@EXEEXT@ installdirs
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-pkcs11@EXEEXT@ ${DESTDIR}${sbindir}
|
||||
|
||||
uninstall::
|
||||
- ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named@EXEEXT@
|
||||
+ ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-pkcs11@EXEEXT@
|
||||
|
||||
@DLZ_DRIVER_RULES@
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index e405eaf..efaa5a7 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1269,12 +1269,14 @@ AC_SUBST(USE_GSSAPI)
|
||||
AC_SUBST(DST_GSSAPI_INC)
|
||||
AC_SUBST(DNS_GSSAPI_LIBS)
|
||||
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS"
|
||||
+DNS_CRYPTO_PK11_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_PK11_LIBS"
|
||||
|
||||
#
|
||||
# Applications linking with libdns also need to link with these libraries.
|
||||
#
|
||||
|
||||
AC_SUBST(DNS_CRYPTO_LIBS)
|
||||
+AC_SUBST(DNS_CRYPTO_PK11_LIBS)
|
||||
|
||||
#
|
||||
# was --with-lmdb specified?
|
||||
@@ -2345,6 +2347,8 @@ AC_SUBST(BIND9_DNS_BUILDINCLUDE)
|
||||
AC_SUBST(BIND9_NS_BUILDINCLUDE)
|
||||
AC_SUBST(BIND9_BIND9_BUILDINCLUDE)
|
||||
AC_SUBST(BIND9_IRS_BUILDINCLUDE)
|
||||
+AC_SUBST(BIND9_DNS_PKCS11_BUILDINCLUDE)
|
||||
+AC_SUBST(BIND9_NS_PKCS11_BUILDINCLUDE)
|
||||
if test "X$srcdir" != "X"; then
|
||||
BIND9_ISC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isc/include"
|
||||
BIND9_ISCCC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isccc/include"
|
||||
@@ -2353,6 +2357,8 @@ if test "X$srcdir" != "X"; then
|
||||
BIND9_NS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/ns/include"
|
||||
BIND9_BIND9_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/bind9/include"
|
||||
BIND9_IRS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/irs/include"
|
||||
+ BIND9_DNS_PKCS11_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/dns-pkcs11/include"
|
||||
+ BIND9_NS_PKCS11_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/ns-pkcs11/include"
|
||||
else
|
||||
BIND9_ISC_BUILDINCLUDE=""
|
||||
BIND9_ISCCC_BUILDINCLUDE=""
|
||||
@@ -2361,6 +2367,8 @@ else
|
||||
BIND9_NS_BUILDINCLUDE=""
|
||||
BIND9_BIND9_BUILDINCLUDE=""
|
||||
BIND9_IRS_BUILDINCLUDE=""
|
||||
+ BIND9_DNS_PKCS11_BUILDINCLUDE=""
|
||||
+ BIND9_NS_PKCS11_BUILDINCLUDE=""
|
||||
fi
|
||||
|
||||
AC_SUBST_FILE(BIND9_MAKE_INCLUDES)
|
||||
@@ -2816,8 +2824,11 @@ AC_CONFIG_FILES([
|
||||
bin/delv/Makefile
|
||||
bin/dig/Makefile
|
||||
bin/dnssec/Makefile
|
||||
+ bin/dnssec-pkcs11/Makefile
|
||||
bin/named/Makefile
|
||||
bin/named/unix/Makefile
|
||||
+ bin/named-pkcs11/Makefile
|
||||
+ bin/named-pkcs11/unix/Makefile
|
||||
bin/nsupdate/Makefile
|
||||
bin/pkcs11/Makefile
|
||||
bin/plugins/Makefile
|
||||
@@ -2879,6 +2890,10 @@ AC_CONFIG_FILES([
|
||||
lib/dns/include/dns/Makefile
|
||||
lib/dns/include/dst/Makefile
|
||||
lib/dns/tests/Makefile
|
||||
+ lib/dns-pkcs11/Makefile
|
||||
+ lib/dns-pkcs11/include/Makefile
|
||||
+ lib/dns-pkcs11/include/dns/Makefile
|
||||
+ lib/dns-pkcs11/include/dst/Makefile
|
||||
lib/irs/Makefile
|
||||
lib/irs/include/Makefile
|
||||
lib/irs/include/irs/Makefile
|
||||
@@ -2911,6 +2926,10 @@ AC_CONFIG_FILES([
|
||||
lib/ns/include/Makefile
|
||||
lib/ns/include/ns/Makefile
|
||||
lib/ns/tests/Makefile
|
||||
+ lib/ns-pkcs11/Makefile
|
||||
+ lib/ns-pkcs11/include/Makefile
|
||||
+ lib/ns-pkcs11/include/ns/Makefile
|
||||
+ lib/ns-pkcs11/tests/Makefile
|
||||
make/Makefile
|
||||
make/mkdep
|
||||
unit/unittest.sh
|
||||
diff --git a/lib/Makefile.in b/lib/Makefile.in
|
||||
index 833964e..058ba2f 100644
|
||||
--- a/lib/Makefile.in
|
||||
+++ b/lib/Makefile.in
|
||||
@@ -15,7 +15,7 @@ top_srcdir = @top_srcdir@
|
||||
# Attempt to disable parallel processing.
|
||||
.NOTPARALLEL:
|
||||
.NO_PARALLEL:
|
||||
-SUBDIRS = isc isccc dns ns isccfg bind9 irs
|
||||
+SUBDIRS = isc isccc dns dns-pkcs11 ns ns-pkcs11 isccfg bind9 irs
|
||||
TARGETS =
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
|
||||
index 58bda3c..d6a45df 100644
|
||||
--- a/lib/dns-pkcs11/Makefile.in
|
||||
+++ b/lib/dns-pkcs11/Makefile.in
|
||||
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
-CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
|
||||
+CINCLUDES = -I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} \
|
||||
${ISC_INCLUDES} \
|
||||
${FSTRM_CFLAGS} \
|
||||
${OPENSSL_CFLAGS} @DST_GSSAPI_INC@ \
|
||||
@@ -32,7 +32,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
|
||||
${LMDB_CFLAGS} \
|
||||
${MAXMINDDB_CFLAGS}
|
||||
|
||||
-CDEFINES = @USE_GSSAPI@
|
||||
+CDEFINES = @USE_GSSAPI@ @USE_PKCS11@
|
||||
|
||||
CWARNINGS =
|
||||
|
||||
@@ -135,15 +135,15 @@ version.@O@: version.c
|
||||
-DMAPAPI=\"${MAPAPI}\" \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libdns.@SA@: ${OBJS}
|
||||
+libdns-pkcs11.@SA@: ${OBJS}
|
||||
${AR} ${ARFLAGS} $@ ${OBJS}
|
||||
${RANLIB} $@
|
||||
|
||||
-libdns.la: ${OBJS}
|
||||
+libdns-pkcs11.la: ${OBJS}
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns.la -rpath ${libdir} \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-pkcs11.la -rpath ${libdir} \
|
||||
-release "${VERSION}" \
|
||||
- ${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
|
||||
+ ${OBJS} ${ISCLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS}
|
||||
|
||||
include: gen
|
||||
${MAKE} include/dns/enumtype.h
|
||||
@@ -174,22 +174,22 @@ gen: gen.c
|
||||
${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c \
|
||||
${BUILD_LIBS} ${LFS_LIBS}
|
||||
|
||||
-timestamp: include libdns.@A@
|
||||
+timestamp: include libdns-pkcs11.@A@
|
||||
touch timestamp
|
||||
|
||||
-testdirs: libdns.@A@
|
||||
+testdirs: libdns-pkcs11.@A@
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libdns.@A@ ${DESTDIR}${libdir}
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libdns-pkcs11.@A@ ${DESTDIR}${libdir}
|
||||
|
||||
uninstall::
|
||||
- ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libdns.@A@
|
||||
+ ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libdns-pkcs11.@A@
|
||||
|
||||
clean distclean::
|
||||
- rm -f libdns.@A@ timestamp
|
||||
+ rm -f libdns-pkcs11.@A@ timestamp
|
||||
rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
|
||||
rm -f include/dns/rdatastruct.h
|
||||
rm -f dnstap.pb-c.c dnstap.pb-c.h
|
||||
diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in
|
||||
index da91394..aadb73f 100644
|
||||
--- a/lib/dns-pkcs11/tests/Makefile.in
|
||||
+++ b/lib/dns-pkcs11/tests/Makefile.in
|
||||
@@ -15,15 +15,15 @@ VERSION=@BIND9_VERSION@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
-CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \
|
||||
+CINCLUDES = -I. -Iinclude ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \
|
||||
${FSTRM_CFLAGS} ${OPENSSL_CFLAGS} \
|
||||
${PROTOBUF_C_CFLAGS} ${MAXMINDDB_CFLAGS} @CMOCKA_CFLAGS@
|
||||
-CDEFINES = -DTESTS="\"${top_builddir}/lib/dns/tests/\""
|
||||
+CDEFINES = @USE_PKCS11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\""
|
||||
|
||||
ISCLIBS = ../../isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
|
||||
ISCDEPLIBS = ../../isc/libisc.@A@
|
||||
-DNSLIBS = ../libdns.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
-DNSDEPLIBS = ../libdns.@A@
|
||||
+DNSLIBS = ../libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
+DNSDEPLIBS = ../libdns-pkcs11.@A@
|
||||
|
||||
LIBS = @LIBS@ @CMOCKA_LIBS@
|
||||
|
||||
diff --git a/lib/ns-pkcs11/Makefile.in b/lib/ns-pkcs11/Makefile.in
|
||||
index bc683ce..7a9d2f2 100644
|
||||
--- a/lib/ns-pkcs11/Makefile.in
|
||||
+++ b/lib/ns-pkcs11/Makefile.in
|
||||
@@ -16,12 +16,12 @@ VERSION=@BIND9_VERSION@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
-CINCLUDES = -I. -I${top_srcdir}/lib/ns -Iinclude \
|
||||
- ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
|
||||
+CINCLUDES = -I. -I${top_srcdir}/lib/ns-pkcs11 -Iinclude \
|
||||
+ ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \
|
||||
${OPENSSL_CFLAGS} @DST_GSSAPI_INC@ \
|
||||
${FSTRM_CFLAGS}
|
||||
|
||||
-CDEFINES = -DNAMED_PLUGINDIR=\"${plugindir}\"
|
||||
+CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\"
|
||||
|
||||
CWARNINGS =
|
||||
|
||||
@@ -29,9 +29,9 @@ ISCLIBS = ../../lib/isc/libisc.@A@
|
||||
|
||||
ISCDEPLIBS = ../../lib/isc/libisc.@A@
|
||||
|
||||
-DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
|
||||
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
|
||||
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
@@ -60,28 +60,28 @@ version.@O@: version.c
|
||||
-DMAJOR=\"${MAJOR}\" \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libns.@SA@: ${OBJS}
|
||||
+libns-pkcs11.@SA@: ${OBJS}
|
||||
${AR} ${ARFLAGS} $@ ${OBJS}
|
||||
${RANLIB} $@
|
||||
|
||||
-libns.la: ${OBJS}
|
||||
+libns-pkcs11.la: ${OBJS}
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libns.la -rpath ${libdir} \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libns-pkcs11.la -rpath ${libdir} \
|
||||
-release "${VERSION}" \
|
||||
- ${OBJS} ${ISCLIBS} ${DNSLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
|
||||
+ ${OBJS} ${ISCLIBS} ${DNSLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS}
|
||||
|
||||
-timestamp: libns.@A@
|
||||
+timestamp: libns-pkcs11.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libns.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libns-pkcs11.@A@ \
|
||||
${DESTDIR}${libdir}
|
||||
|
||||
uninstall::
|
||||
- ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libns.@A@
|
||||
+ ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libns-pkcs11.@A@
|
||||
|
||||
clean distclean::
|
||||
- rm -f libns.@A@ timestamp
|
||||
+ rm -f libns-pkcs11.@A@ timestamp
|
||||
diff --git a/lib/ns-pkcs11/tests/Makefile.in b/lib/ns-pkcs11/tests/Makefile.in
|
||||
index 4c3e694..c1b6d99 100644
|
||||
--- a/lib/ns-pkcs11/tests/Makefile.in
|
||||
+++ b/lib/ns-pkcs11/tests/Makefile.in
|
||||
@@ -17,17 +17,17 @@ VERSION=@BIND9_VERSION@
|
||||
|
||||
WRAP_OPTIONS = -Wl,--wrap=isc__nmhandle_detach -Wl,--wrap=isc__nmhandle_attach
|
||||
|
||||
-CINCLUDES = -I. -Iinclude ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
|
||||
+CINCLUDES = -I. -Iinclude ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \
|
||||
${OPENSSL_CFLAGS} \
|
||||
@CMOCKA_CFLAGS@
|
||||
-CDEFINES = -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\"
|
||||
+CDEFINES = -DTESTS="\"${top_builddir}/lib/ns-pkcs11/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\" @USE_PKCS11@
|
||||
|
||||
ISCLIBS = ../../isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
|
||||
ISCDEPLIBS = ../../isc/libisc.@A@
|
||||
-DNSLIBS = ../../dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
-DNSDEPLIBS = ../../dns/libdns.@A@
|
||||
-NSLIBS = ../libns.@A@
|
||||
-NSDEPLIBS = ../libns.@A@
|
||||
+DNSLIBS = ../../dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
+DNSDEPLIBS = ../../dns-pkcs11/libdns-pkcs11.@A@
|
||||
+NSLIBS = ../libns-pkcs11.@A@
|
||||
+NSDEPLIBS = ../libns-pkcs11.@A@
|
||||
|
||||
LIBS = @LIBS@ @CMOCKA_LIBS@
|
||||
|
||||
diff --git a/make/includes.in b/make/includes.in
|
||||
index b8317d3..b73b0c4 100644
|
||||
--- a/make/includes.in
|
||||
+++ b/make/includes.in
|
||||
@@ -39,3 +39,10 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
|
||||
|
||||
TEST_INCLUDES = \
|
||||
-I${top_srcdir}/lib/tests/include
|
||||
+
|
||||
+DNS_PKCS11_INCLUDES = @BIND9_DNS_PKCS11_BUILDINCLUDE@ \
|
||||
+ -I${top_srcdir}/lib/dns-pkcs11/include
|
||||
+
|
||||
+NS_PKCS11_INCLUDES = @BIND9_NS_PKCS11_BUILDINCLUDE@ \
|
||||
+ -I${top_srcdir}/lib/ns-pkcs11/include
|
||||
+
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 9575852be2344244ac182d7d019869406d3bd963 Mon Sep 17 00:00:00 2001
|
||||
From 8bbfacc1a90301a71a487e776db071fa2ef6c8dd Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 2 Aug 2018 23:46:45 +0200
|
||||
Subject: [PATCH] FIPS tests changes
|
||||
@ -73,8 +73,6 @@ Date: Wed Mar 7 10:44:23 2018 +0100
|
||||
.../system/allow-query/ns2/named40.conf.in | 4 +-
|
||||
bin/tests/system/allow-query/tests.sh | 18 ++---
|
||||
bin/tests/system/catz/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/catz/ns2/named1.conf.in | 2 +-
|
||||
bin/tests/system/catz/ns2/named2.conf.in | 2 +-
|
||||
bin/tests/system/checkconf/bad-tsig.conf | 2 +-
|
||||
bin/tests/system/checkconf/good.conf | 2 +-
|
||||
bin/tests/system/feature-test.c | 14 ++++
|
||||
@ -83,23 +81,21 @@ Date: Wed Mar 7 10:44:23 2018 +0100
|
||||
bin/tests/system/nsupdate/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/nsupdate/ns2/named.conf.in | 2 +-
|
||||
bin/tests/system/nsupdate/setup.sh | 6 +-
|
||||
bin/tests/system/nsupdate/tests.sh | 15 +++--
|
||||
bin/tests/system/nsupdate/tests.sh | 11 ++-
|
||||
bin/tests/system/rndc/setup.sh | 2 +-
|
||||
bin/tests/system/rndc/tests.sh | 23 ++++---
|
||||
bin/tests/system/rndc/tests.sh | 22 +++---
|
||||
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
|
||||
bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++
|
||||
bin/tests/system/tsig/setup.sh | 5 ++
|
||||
bin/tests/system/tsig/tests.sh | 65 ++++++++++++-------
|
||||
bin/tests/system/tsig/tests.sh | 67 ++++++++++++-------
|
||||
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/upforwd/tests.sh | 2 +-
|
||||
34 files changed, 163 insertions(+), 109 deletions(-)
|
||||
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
31 files changed, 149 insertions(+), 106 deletions(-)
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
index 60f22e1..249f672 100644
|
||||
index 745048a..93cb411 100644
|
||||
--- a/bin/tests/system/acl/ns2/named1.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
@@ -35,12 +35,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
@ -115,10 +111,10 @@ index 60f22e1..249f672 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
index ada97bc..f82d858 100644
|
||||
index 21aa991..78e71cc 100644
|
||||
--- a/bin/tests/system/acl/ns2/named2.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
@@ -35,12 +35,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
@ -134,10 +130,10 @@ index ada97bc..f82d858 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
index 97684e4..de6a2e9 100644
|
||||
index 3208c92..bed6325 100644
|
||||
--- a/bin/tests/system/acl/ns2/named3.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
@@ -33,17 +33,17 @@ options {
|
||||
@@ -35,17 +35,17 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
@ -159,28 +155,9 @@ index 97684e4..de6a2e9 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
index 462b3fa..994b35c 100644
|
||||
index 14e82ed..a22cafe 100644
|
||||
--- a/bin/tests/system/acl/ns2/named4.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
index 728da58..8f00d09 100644
|
||||
--- a/bin/tests/system/acl/ns2/named5.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
@@ -35,12 +35,12 @@ options {
|
||||
};
|
||||
|
||||
@ -196,11 +173,30 @@ index 728da58..8f00d09 100644
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
index f43f33c..f4a865a 100644
|
||||
--- a/bin/tests/system/acl/ns2/named5.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
@@ -37,12 +37,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
|
||||
index be59d64..13d5bdc 100644
|
||||
index 9ee3984..f7d4388 100644
|
||||
--- a/bin/tests/system/acl/tests.sh
|
||||
+++ b/bin/tests/system/acl/tests.sh
|
||||
@@ -22,14 +22,14 @@ echo_i "testing basic ACL processing"
|
||||
@@ -23,14 +23,14 @@ echo_i "testing basic ACL processing"
|
||||
# key "one" should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@ -217,7 +213,7 @@ index be59d64..13d5bdc 100644
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
copy_setports ns2/named2.conf.in ns2/named.conf
|
||||
@@ -39,18 +39,18 @@ sleep 5
|
||||
@@ -40,18 +40,18 @@ sleep 5
|
||||
# prefix 10/8 should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@ -239,7 +235,7 @@ index be59d64..13d5bdc 100644
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
echo_i "testing nested ACL processing"
|
||||
@@ -62,31 +62,31 @@ sleep 5
|
||||
@@ -63,31 +63,31 @@ sleep 5
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@ -276,7 +272,7 @@ index be59d64..13d5bdc 100644
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
t=`expr $t + 1`
|
||||
@@ -97,7 +97,7 @@ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1
|
||||
@@ -98,7 +98,7 @@ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1
|
||||
# and other values? right out
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@ -285,7 +281,7 @@ index be59d64..13d5bdc 100644
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two
|
||||
@@ -108,31 +108,31 @@ sleep 5
|
||||
@@ -109,31 +109,31 @@ sleep 5
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@ -323,10 +319,10 @@ index be59d64..13d5bdc 100644
|
||||
|
||||
echo_i "testing allow-query-on ACL processing"
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
index 7d43e36..f7b25f9 100644
|
||||
index b91d19a..7d777c2 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
@@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
@ -336,10 +332,10 @@ index 7d43e36..f7b25f9 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
index 2952518..121557e 100644
|
||||
index 308c4ca..00f6f40 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
@@ -10,12 +10,12 @@
|
||||
@@ -12,12 +12,12 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
@ -355,10 +351,10 @@ index 2952518..121557e 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
index 0c01071..ceabbb5 100644
|
||||
index 6b0fe55..491e514 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
@@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
@ -368,10 +364,10 @@ index 0c01071..ceabbb5 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
index 4c17292..9cd9d1f 100644
|
||||
index aefc474..7c06596 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
@@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
@ -381,10 +377,10 @@ index 4c17292..9cd9d1f 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
index a2690a4..f488730 100644
|
||||
index 27eccc2..eecb990 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
@@ -10,12 +10,12 @@
|
||||
@@ -12,12 +12,12 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
@ -400,10 +396,10 @@ index a2690a4..f488730 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
index a0708c8..51fa457 100644
|
||||
index adbb203..744d122 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
@@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
@ -413,10 +409,10 @@ index a0708c8..51fa457 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
index 687768e..d24d6d2 100644
|
||||
index 364f94b..9518f82 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
@@ -14,12 +14,12 @@ acl accept { 10.53.0.2; };
|
||||
@@ -16,12 +16,12 @@ acl accept { 10.53.0.2; };
|
||||
acl badaccept { 10.53.0.1; };
|
||||
|
||||
key one {
|
||||
@ -432,10 +428,10 @@ index 687768e..d24d6d2 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh
|
||||
index fe40635..543c663 100644
|
||||
index bbffe07..80da0fe 100644
|
||||
--- a/bin/tests/system/allow-query/tests.sh
|
||||
+++ b/bin/tests/system/allow-query/tests.sh
|
||||
@@ -182,7 +182,7 @@ rndc_reload ns2 10.53.0.2
|
||||
@@ -200,7 +200,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key allowed - query allowed"
|
||||
ret=0
|
||||
@ -444,25 +440,25 @@ index fe40635..543c663 100644
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -195,7 +195,7 @@ rndc_reload ns2 10.53.0.2
|
||||
@@ -213,7 +213,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key not allowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -208,7 +208,7 @@ rndc_reload ns2 10.53.0.2
|
||||
@@ -227,7 +227,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key disallowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -341,7 +341,7 @@ rndc_reload ns2 10.53.0.2
|
||||
@@ -366,7 +366,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key allowed - query allowed"
|
||||
ret=0
|
||||
@ -471,25 +467,25 @@ index fe40635..543c663 100644
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -354,7 +354,7 @@ rndc_reload ns2 10.53.0.2
|
||||
@@ -379,7 +379,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key not allowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -367,7 +367,7 @@ rndc_reload ns2 10.53.0.2
|
||||
@@ -393,7 +393,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key disallowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -500,7 +500,7 @@ status=`expr $status + $ret`
|
||||
@@ -533,7 +533,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key allowed - query allowed"
|
||||
ret=0
|
||||
@ -498,51 +494,29 @@ index fe40635..543c663 100644
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -510,7 +510,7 @@ status=`expr $status + $ret`
|
||||
@@ -543,7 +543,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key not allowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -520,7 +520,7 @@ status=`expr $status + $ret`
|
||||
@@ -554,7 +554,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key disallowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
|
||||
index 1218669..e62715e 100644
|
||||
index 5a46d39..fc1bd07 100644
|
||||
--- a/bin/tests/system/catz/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/catz/ns1/named.conf.in
|
||||
@@ -61,5 +61,5 @@ zone "catalog4.example" {
|
||||
|
||||
key tsig_key. {
|
||||
secret "LSAnCU+Z";
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
};
|
||||
diff --git a/bin/tests/system/catz/ns2/named1.conf.in b/bin/tests/system/catz/ns2/named1.conf.in
|
||||
index 30333e6..4005152 100644
|
||||
--- a/bin/tests/system/catz/ns2/named1.conf.in
|
||||
+++ b/bin/tests/system/catz/ns2/named1.conf.in
|
||||
@@ -70,5 +70,5 @@ zone "catalog4.example" {
|
||||
|
||||
key tsig_key. {
|
||||
secret "LSAnCU+Z";
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
};
|
||||
diff --git a/bin/tests/system/catz/ns2/named2.conf.in b/bin/tests/system/catz/ns2/named2.conf.in
|
||||
index fcd99ca..84c97ca 100644
|
||||
--- a/bin/tests/system/catz/ns2/named2.conf.in
|
||||
+++ b/bin/tests/system/catz/ns2/named2.conf.in
|
||||
@@ -56,5 +56,5 @@ zone "catalog4.example" {
|
||||
@@ -63,5 +63,5 @@ zone "catalog4.example" {
|
||||
|
||||
key tsig_key. {
|
||||
secret "LSAnCU+Z";
|
||||
@ -550,10 +524,10 @@ index fcd99ca..84c97ca 100644
|
||||
+ algorithm hmac-sha256;
|
||||
};
|
||||
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
|
||||
index 21be03e..e57c308 100644
|
||||
index 4af25b0..9f202d5 100644
|
||||
--- a/bin/tests/system/checkconf/bad-tsig.conf
|
||||
+++ b/bin/tests/system/checkconf/bad-tsig.conf
|
||||
@@ -11,7 +11,7 @@
|
||||
@@ -13,7 +13,7 @@
|
||||
|
||||
/* Bad secret */
|
||||
key "badtsig" {
|
||||
@ -563,10 +537,10 @@ index 21be03e..e57c308 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
|
||||
index 616a544..e3a59a5 100644
|
||||
index 897dc86..e4b6dc1 100644
|
||||
--- a/bin/tests/system/checkconf/good.conf
|
||||
+++ b/bin/tests/system/checkconf/good.conf
|
||||
@@ -268,6 +268,6 @@ dyndb "name" "library.so" {
|
||||
@@ -270,6 +270,6 @@ dyndb "name" "library.so" {
|
||||
system;
|
||||
};
|
||||
key "mykey" {
|
||||
@ -575,10 +549,10 @@ index 616a544..e3a59a5 100644
|
||||
secret "qwertyuiopasdfgh";
|
||||
};
|
||||
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
|
||||
index 877504f..577660a 100644
|
||||
index 30e6e14..ba7f98e 100644
|
||||
--- a/bin/tests/system/feature-test.c
|
||||
+++ b/bin/tests/system/feature-test.c
|
||||
@@ -14,6 +14,7 @@
|
||||
@@ -16,6 +16,7 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
@ -586,8 +560,8 @@ index 877504f..577660a 100644
|
||||
#include <isc/net.h>
|
||||
#include <isc/print.h>
|
||||
#include <isc/util.h>
|
||||
@@ -186,6 +187,19 @@ main(int argc, char **argv) {
|
||||
#endif /* ifdef DLZ_FILESYSTEM */
|
||||
@@ -140,6 +141,19 @@ main(int argc, char **argv) {
|
||||
#endif
|
||||
}
|
||||
|
||||
+ if (strcmp(argv[1], "--md5") == 0) {
|
||||
@ -603,14 +577,14 @@ index 877504f..577660a 100644
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (strcmp(argv[1], "--with-idn") == 0) {
|
||||
#ifdef HAVE_LIBIDN2
|
||||
return (0);
|
||||
if (strcmp(argv[1], "--ipv6only=no") == 0) {
|
||||
#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
|
||||
int s;
|
||||
diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
|
||||
index 1ee8df4..2b75d9a 100644
|
||||
index 5cab276..d4a7bf3 100644
|
||||
--- a/bin/tests/system/notify/ns5/named.conf.in
|
||||
+++ b/bin/tests/system/notify/ns5/named.conf.in
|
||||
@@ -10,17 +10,17 @@
|
||||
@@ -12,17 +12,17 @@
|
||||
*/
|
||||
|
||||
key "a" {
|
||||
@ -632,10 +606,10 @@ index 1ee8df4..2b75d9a 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
|
||||
index 3d7e0b7..ec4d9a7 100644
|
||||
index 52d2f81..1fd02d4 100644
|
||||
--- a/bin/tests/system/notify/tests.sh
|
||||
+++ b/bin/tests/system/notify/tests.sh
|
||||
@@ -212,16 +212,16 @@ ret=0
|
||||
@@ -187,7 +187,7 @@ test_start "checking notify to multiple views using tsig"
|
||||
$NSUPDATE << EOF
|
||||
server 10.53.0.5 ${PORT}
|
||||
zone x21
|
||||
@ -644,22 +618,23 @@ index 3d7e0b7..ec4d9a7 100644
|
||||
update add added.x21 0 in txt "test string"
|
||||
send
|
||||
EOF
|
||||
|
||||
@@ -195,9 +195,9 @@ fnb="dig.out.b.ns5.test$n"
|
||||
fnc="dig.out.c.ns5.test$n"
|
||||
for i in 1 2 3 4 5 6 7 8 9
|
||||
do
|
||||
- $DIG $DIGOPTS added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
||||
+ $DIG $DIGOPTS added.x21. -y hmac-sha256:b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
||||
txt > dig.out.b.ns5.test$n || ret=1
|
||||
- $DIG $DIGOPTS added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \
|
||||
+ $DIG $DIGOPTS added.x21. -y hmac-sha256:c:cccccccccccccccccccc @10.53.0.5 \
|
||||
txt > dig.out.c.ns5.test$n || ret=1
|
||||
grep "test string" dig.out.b.ns5.test$n > /dev/null &&
|
||||
grep "test string" dig.out.c.ns5.test$n > /dev/null &&
|
||||
- dig_plus_opts added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
||||
+ dig_plus_opts added.x21. -y hmac-sha256:b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
||||
txt > "$fnb" || ret=1
|
||||
- dig_plus_opts added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \
|
||||
+ dig_plus_opts added.x21. -y hmac-sha256:c:cccccccccccccccccccc @10.53.0.5 \
|
||||
txt > "$fnc" || ret=1
|
||||
grep "test string" "$fnb" > /dev/null &&
|
||||
grep "test string" "$fnc" > /dev/null &&
|
||||
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
index b51e700..436c97d 100644
|
||||
index 81d0c99..effbe2e 100644
|
||||
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
@@ -37,7 +37,7 @@ controls {
|
||||
@@ -39,7 +39,7 @@ controls {
|
||||
};
|
||||
|
||||
key altkey {
|
||||
@ -669,10 +644,10 @@ index b51e700..436c97d 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
index da6b3b4..c547e47 100644
|
||||
index f1a1735..da2b3d1 100644
|
||||
--- a/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
@@ -32,7 +32,7 @@ controls {
|
||||
@@ -34,7 +34,7 @@ controls {
|
||||
};
|
||||
|
||||
key altkey {
|
||||
@ -682,27 +657,27 @@ index da6b3b4..c547e47 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
|
||||
index 5593a2e..7cd1a74 100644
|
||||
index 50056dc..a4a1a3f 100644
|
||||
--- a/bin/tests/system/nsupdate/setup.sh
|
||||
+++ b/bin/tests/system/nsupdate/setup.sh
|
||||
@@ -71,7 +71,11 @@ EOF
|
||||
@@ -72,7 +72,11 @@ EOF
|
||||
|
||||
$DDNSCONFGEN -q -z example.nil > ns1/ddns.key
|
||||
$TSIGKEYGEN ddns-key.example.nil > ns1/ddns.key
|
||||
|
||||
-$DDNSCONFGEN -q -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
|
||||
-$TSIGKEYGEN -a hmac-md5 md5-key > ns1/md5.key
|
||||
+if $FEATURETEST --md5; then
|
||||
+ $DDNSCONFGEN -q -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
|
||||
+ $TSIGKEYGEN -a hmac-md5 md5-key > ns1/md5.key
|
||||
+else
|
||||
+ echo -n > ns1/md5.key
|
||||
+fi
|
||||
$DDNSCONFGEN -q -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key
|
||||
$DDNSCONFGEN -q -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
|
||||
$DDNSCONFGEN -q -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
|
||||
$TSIGKEYGEN -a hmac-sha1 sha1-key > ns1/sha1.key
|
||||
$TSIGKEYGEN -a hmac-sha224 sha224-key > ns1/sha224.key
|
||||
$TSIGKEYGEN -a hmac-sha256 sha256-key > ns1/sha256.key
|
||||
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
|
||||
index 8839131..fde6135 100755
|
||||
index 0863d0a..559def7 100755
|
||||
--- a/bin/tests/system/nsupdate/tests.sh
|
||||
+++ b/bin/tests/system/nsupdate/tests.sh
|
||||
@@ -824,7 +824,14 @@ fi
|
||||
@@ -841,7 +841,14 @@ fi
|
||||
n=`expr $n + 1`
|
||||
ret=0
|
||||
echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
|
||||
@ -718,7 +693,7 @@ index 8839131..fde6135 100755
|
||||
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
|
||||
server 10.53.0.1 ${PORT}
|
||||
update add ${alg}.keytests.nil. 600 A 10.10.10.3
|
||||
@@ -832,7 +839,7 @@ send
|
||||
@@ -849,7 +856,7 @@ send
|
||||
END
|
||||
done
|
||||
sleep 2
|
||||
@ -727,29 +702,11 @@ index 8839131..fde6135 100755
|
||||
$DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
|
||||
done
|
||||
if [ $ret -ne 0 ]; then
|
||||
@@ -843,7 +850,7 @@ fi
|
||||
n=`expr $n + 1`
|
||||
ret=0
|
||||
echo_i "check TSIG key algorithms (nsupdate -y) ($n)"
|
||||
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
||||
+for alg in $ALGS; do
|
||||
secret=$(sed -n 's/.*secret "\(.*\)";.*/\1/p' ns1/${alg}.key)
|
||||
$NSUPDATE -y "hmac-${alg}:${alg}-key:$secret" <<END > /dev/null || ret=1
|
||||
server 10.53.0.1 ${PORT}
|
||||
@@ -852,7 +859,7 @@ send
|
||||
END
|
||||
done
|
||||
sleep 2
|
||||
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
||||
+for alg in $ALGS; do
|
||||
$DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.50 > /dev/null 2>&1 || ret=1
|
||||
done
|
||||
if [ $ret -ne 0 ]; then
|
||||
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
|
||||
index 225722f..63ac938 100644
|
||||
index 4dd6fa7..1b79263 100644
|
||||
--- a/bin/tests/system/rndc/setup.sh
|
||||
+++ b/bin/tests/system/rndc/setup.sh
|
||||
@@ -38,7 +38,7 @@ make_key () {
|
||||
@@ -47,7 +47,7 @@ make_key () {
|
||||
sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf
|
||||
}
|
||||
|
||||
@ -759,13 +716,13 @@ index 225722f..63ac938 100644
|
||||
make_key 3 ${EXTRAPORT3} hmac-sha224
|
||||
make_key 4 ${EXTRAPORT4} hmac-sha256
|
||||
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
|
||||
index 9bf86c6..b8a7a1f 100644
|
||||
index 85c271b..ac69f32 100644
|
||||
--- a/bin/tests/system/rndc/tests.sh
|
||||
+++ b/bin/tests/system/rndc/tests.sh
|
||||
@@ -349,15 +349,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
@@ -350,15 +350,19 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status+ret))
|
||||
|
||||
n=`expr $n + 1`
|
||||
n=$((n+1))
|
||||
-echo_i "testing rndc with hmac-md5 ($n)"
|
||||
-ret=0
|
||||
-$RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
|
||||
@ -774,9 +731,8 @@ index 9bf86c6..b8a7a1f 100644
|
||||
- $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
|
||||
-done
|
||||
-if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
-status=`expr $status + $ret`
|
||||
-status=$((status+ret))
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ echo_i "testing rndc with hmac-md5 ($n)"
|
||||
+ ret=0
|
||||
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
|
||||
@ -785,18 +741,18 @@ index 9bf86c6..b8a7a1f 100644
|
||||
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
|
||||
+ done
|
||||
+ if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
+ status=`expr $status + $ret`
|
||||
+ status=$((status+ret))
|
||||
+else
|
||||
+ echo_i "skipping rndc with hmac-md5 ($n)"
|
||||
+fi
|
||||
|
||||
n=`expr $n + 1`
|
||||
n=$((n+1))
|
||||
echo_i "testing rndc with hmac-sha1 ($n)"
|
||||
diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in
|
||||
index 3470c4f..cf539cd 100644
|
||||
index 76cf970..22637af 100644
|
||||
--- a/bin/tests/system/tsig/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/tsig/ns1/named.conf.in
|
||||
@@ -21,10 +21,7 @@ options {
|
||||
@@ -23,10 +23,7 @@ options {
|
||||
notify no;
|
||||
};
|
||||
|
||||
@ -808,7 +764,7 @@ index 3470c4f..cf539cd 100644
|
||||
|
||||
key "sha1" {
|
||||
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
||||
@@ -51,10 +48,7 @@ key "sha512" {
|
||||
@@ -53,10 +50,7 @@ key "sha512" {
|
||||
algorithm hmac-sha512;
|
||||
};
|
||||
|
||||
@ -820,27 +776,11 @@ index 3470c4f..cf539cd 100644
|
||||
|
||||
key "sha1-trunc" {
|
||||
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
||||
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
new file mode 100644
|
||||
index 0000000..0682194
|
||||
--- /dev/null
|
||||
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
@@ -0,0 +1,10 @@
|
||||
+# Conditionally included when support for MD5 is available
|
||||
+key "md5" {
|
||||
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
+ algorithm hmac-md5;
|
||||
+};
|
||||
+
|
||||
+key "md5-trunc" {
|
||||
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
+ algorithm hmac-md5-80;
|
||||
+};
|
||||
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
|
||||
index e3b4a45..ae21d04 100644
|
||||
index 34cc73b..d51ff21 100644
|
||||
--- a/bin/tests/system/tsig/setup.sh
|
||||
+++ b/bin/tests/system/tsig/setup.sh
|
||||
@@ -15,3 +15,8 @@ SYSTEMTESTTOP=..
|
||||
@@ -16,3 +16,8 @@
|
||||
$SHELL clean.sh
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
@ -850,10 +790,10 @@ index e3b4a45..ae21d04 100644
|
||||
+ cat ns1/rndc5.conf.in >> ns1/named.conf
|
||||
+fi
|
||||
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
|
||||
index 38d842a..668aa6f 100644
|
||||
index 1067227..ee05e83 100644
|
||||
--- a/bin/tests/system/tsig/tests.sh
|
||||
+++ b/bin/tests/system/tsig/tests.sh
|
||||
@@ -26,20 +26,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
|
||||
@@ -27,20 +27,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
|
||||
|
||||
status=0
|
||||
|
||||
@ -864,6 +804,13 @@ index 38d842a..668aa6f 100644
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
-fi
|
||||
-
|
||||
-echo_i "fetching using hmac-md5 (new form)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
||||
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ echo_i "fetching using hmac-md5 (old form)"
|
||||
@ -873,13 +820,7 @@ index 38d842a..668aa6f 100644
|
||||
+ if [ $ret -eq 1 ] ; then
|
||||
+ echo_i "failed"; status=1
|
||||
+ fi
|
||||
|
||||
-echo_i "fetching using hmac-md5 (new form)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
||||
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
+
|
||||
+ echo_i "fetching using hmac-md5 (new form)"
|
||||
+ ret=0
|
||||
+ $DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
||||
@ -892,7 +833,7 @@ index 38d842a..668aa6f 100644
|
||||
fi
|
||||
|
||||
echo_i "fetching using hmac-sha1"
|
||||
@@ -87,12 +92,17 @@ fi
|
||||
@@ -88,12 +93,17 @@ fi
|
||||
# Truncated TSIG
|
||||
#
|
||||
#
|
||||
@ -916,7 +857,7 @@ index 38d842a..668aa6f 100644
|
||||
fi
|
||||
|
||||
echo_i "fetching using hmac-sha1 (trunc)"
|
||||
@@ -141,12 +151,17 @@ fi
|
||||
@@ -142,12 +152,17 @@ fi
|
||||
# Check for bad truncation.
|
||||
#
|
||||
#
|
||||
@ -941,10 +882,10 @@ index 38d842a..668aa6f 100644
|
||||
|
||||
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
|
||||
diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
index 3873c7c..b359a5a 100644
|
||||
index c2b57dd..cb13aa1 100644
|
||||
--- a/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
@@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
key "update.example." {
|
||||
@ -954,10 +895,10 @@ index 3873c7c..b359a5a 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
|
||||
index a50c896..8062d68 100644
|
||||
index a6de312..ebcadb1 100644
|
||||
--- a/bin/tests/system/upforwd/tests.sh
|
||||
+++ b/bin/tests/system/upforwd/tests.sh
|
||||
@@ -79,7 +79,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
|
||||
@@ -80,7 +80,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
|
||||
|
||||
echo_i "updating zone (signed) ($n)"
|
||||
ret=0
|
||||
@ -967,5 +908,5 @@ index a50c896..8062d68 100644
|
||||
update add updated.example. 600 A 10.10.10.1
|
||||
update add updated.example. 600 TXT Foo
|
||||
--
|
||||
2.31.1
|
||||
2.34.1
|
||||
|
||||
|
@ -1,58 +0,0 @@
|
||||
From 1241f2005d08673c28a595c5a6cd61350b95a929 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Tue, 2 Jan 2018 18:13:07 +0100
|
||||
Subject: [PATCH] Fix pkcs11 variants atf tests
|
||||
|
||||
Add dns-pkcs11 tests Makefile to configure
|
||||
|
||||
Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode
|
||||
---
|
||||
configure.ac | 1 +
|
||||
lib/Kyuafile | 2 ++
|
||||
lib/dns-pkcs11/tests/dh_test.c | 3 ++-
|
||||
3 files changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index d80ae31..0fb9328 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -3090,6 +3090,7 @@ AC_CONFIG_FILES([
|
||||
lib/dns-pkcs11/include/Makefile
|
||||
lib/dns-pkcs11/include/dns/Makefile
|
||||
lib/dns-pkcs11/include/dst/Makefile
|
||||
+ lib/dns-pkcs11/tests/Makefile
|
||||
lib/irs/Makefile
|
||||
lib/irs/include/Makefile
|
||||
lib/irs/include/irs/Makefile
|
||||
diff --git a/lib/Kyuafile b/lib/Kyuafile
|
||||
index 39ce986..037e5ef 100644
|
||||
--- a/lib/Kyuafile
|
||||
+++ b/lib/Kyuafile
|
||||
@@ -2,8 +2,10 @@ syntax(2)
|
||||
test_suite('bind9')
|
||||
|
||||
include('dns/Kyuafile')
|
||||
+include('dns-pkcs11/Kyuafile')
|
||||
include('irs/Kyuafile')
|
||||
include('isc/Kyuafile')
|
||||
include('isccc/Kyuafile')
|
||||
include('isccfg/Kyuafile')
|
||||
include('ns/Kyuafile')
|
||||
+include('ns-pkcs11/Kyuafile')
|
||||
diff --git a/lib/dns-pkcs11/tests/dh_test.c b/lib/dns-pkcs11/tests/dh_test.c
|
||||
index 934e8fd..658d1af 100644
|
||||
--- a/lib/dns-pkcs11/tests/dh_test.c
|
||||
+++ b/lib/dns-pkcs11/tests/dh_test.c
|
||||
@@ -87,7 +87,8 @@ dh_computesecret(void **state) {
|
||||
result = dst_key_computesecret(key, key, &buf);
|
||||
assert_int_equal(result, DST_R_NOTPRIVATEKEY);
|
||||
result = key->func->computesecret(key, key, &buf);
|
||||
- assert_int_equal(result, DST_R_COMPUTESECRETFAILURE);
|
||||
+ /* PKCS11 variant gives different result, accept both */
|
||||
+ assert_true(result == DST_R_COMPUTESECRETFAILURE || result == DST_R_INVALIDPRIVATEKEY);
|
||||
|
||||
dst_key_free(&key);
|
||||
}
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,29 +0,0 @@
|
||||
From d05d116da39c0a5c580ceaac6ba069899b82c5a0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Wed, 16 Jan 2019 16:27:33 +0100
|
||||
Subject: [PATCH] Fix possible crash when loading corrupted file
|
||||
|
||||
Some values passes internal triggers by coincidence. Fix the check and
|
||||
check also first_node_offset before even passing it further.
|
||||
---
|
||||
lib/dns/rbt.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c
|
||||
index 5aee5f6..7f2c2d2 100644
|
||||
--- a/lib/dns/rbt.c
|
||||
+++ b/lib/dns/rbt.c
|
||||
@@ -945,7 +945,9 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize,
|
||||
rbt->root = (dns_rbtnode_t *)((char *)base_address + header_offset +
|
||||
header->first_node_offset);
|
||||
|
||||
- if ((header->nodecount * sizeof(dns_rbtnode_t)) > filesize) {
|
||||
+ if ((header->nodecount * sizeof(dns_rbtnode_t)) > filesize
|
||||
+ || header->first_node_offset > filesize) {
|
||||
+
|
||||
result = ISC_R_INVALIDFILE;
|
||||
goto cleanup;
|
||||
}
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,83 +0,0 @@
|
||||
From e6ab9c67f0a14adc23c1067e03a106da1b1651b7 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Fri, 18 Oct 2019 21:30:52 +0200
|
||||
Subject: [PATCH] Move USE_PKCS11 and USE_OPENSSL out of config.h
|
||||
|
||||
Building two variants with the same common code requires to unset
|
||||
USE_PKCS11 on part of build. That is not possible with config.h value.
|
||||
Move it as normal define to CDEFINES.
|
||||
---
|
||||
bin/confgen/Makefile.in | 2 +-
|
||||
configure.ac | 8 ++++++--
|
||||
lib/dns/dst_internal.h | 12 +++++++++---
|
||||
3 files changed, 16 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
|
||||
index 1b7512d..c126bf3 100644
|
||||
--- a/bin/confgen/Makefile.in
|
||||
+++ b/bin/confgen/Makefile.in
|
||||
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
|
||||
CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
|
||||
${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
|
||||
|
||||
-CDEFINES =
|
||||
+CDEFINES = @USE_PKCS11@
|
||||
CWARNINGS =
|
||||
|
||||
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index f5483fe..08a7d8a 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -935,10 +935,14 @@ AC_SUBST([PKCS11_TEST])
|
||||
AC_SUBST([PKCS11_TOOLS])
|
||||
AC_SUBST([PKCS11_MANS])
|
||||
|
||||
+USE_PKCS11='-DUSE_PKCS11=0'
|
||||
+USE_OPENSSL='-DUSE_OPENSSL=0'
|
||||
AC_SUBST([CRYPTO])
|
||||
AS_CASE([$CRYPTO],
|
||||
- [pkcs11],[AC_DEFINE([USE_PKCS11], [1], [define if PKCS11 is used for Public-Key Cryptography])],
|
||||
- [AC_DEFINE([USE_OPENSSL], [1], [define if OpenSSL is used for Public-Key Cryptography])])
|
||||
+ [pkcs11],[USE_PKCS11='-DUSE_PKCS11=1'],
|
||||
+ [USE_OPENSSL='-DUSE_OPENSSL=1'])
|
||||
+AC_SUBST(USE_PKCS11)
|
||||
+AC_SUBST(USE_OPENSSL)
|
||||
|
||||
# preparation for automake
|
||||
# AM_CONDITIONAL([PKCS11_TOOLS], [test "$with_native_pkcs11" = "yes"])
|
||||
diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h
|
||||
index 2c3b4a3..55e9dc4 100644
|
||||
--- a/lib/dns/dst_internal.h
|
||||
+++ b/lib/dns/dst_internal.h
|
||||
@@ -38,6 +38,13 @@
|
||||
#include <isc/stdtime.h>
|
||||
#include <isc/types.h>
|
||||
|
||||
+#ifndef USE_PKCS11
|
||||
+#define USE_PKCS11 0
|
||||
+#endif
|
||||
+#ifndef USE_OPENSSL
|
||||
+#define USE_OPENSSL (! USE_PKCS11)
|
||||
+#endif
|
||||
+
|
||||
#if USE_PKCS11
|
||||
#include <pk11/pk11.h>
|
||||
#include <pk11/site.h>
|
||||
@@ -116,11 +123,10 @@ struct dst_key {
|
||||
void *generic;
|
||||
dns_gss_ctx_id_t gssctx;
|
||||
DH *dh;
|
||||
-#if USE_OPENSSL
|
||||
- EVP_PKEY *pkey;
|
||||
-#endif /* if USE_OPENSSL */
|
||||
#if USE_PKCS11
|
||||
pk11_object_t *pkey;
|
||||
+#else
|
||||
+ EVP_PKEY *pkey;
|
||||
#endif /* if USE_PKCS11 */
|
||||
dst_hmac_key_t *hmac_key;
|
||||
} keydata; /*%< pointer to key in crypto pkg fmt */
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 3a161af91bffcd457586ab466e32ac8484028763 Mon Sep 17 00:00:00 2001
|
||||
From 402403b4bbb4f603693378e86b6c97997ccb0401 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Wed, 17 Jun 2020 23:17:13 +0200
|
||||
Subject: [PATCH] Update man named with Red Hat specifics
|
||||
@ -6,15 +6,15 @@ Subject: [PATCH] Update man named with Red Hat specifics
|
||||
This is almost unmodified text and requires revalidation. Some of those
|
||||
statements are no longer correct.
|
||||
---
|
||||
bin/named/named.rst | 35 +++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 35 insertions(+)
|
||||
bin/named/named.rst | 41 +++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 41 insertions(+)
|
||||
|
||||
diff --git a/bin/named/named.rst b/bin/named/named.rst
|
||||
index 6fd8f87..3cd6350 100644
|
||||
index ea440b2..fa51984 100644
|
||||
--- a/bin/named/named.rst
|
||||
+++ b/bin/named/named.rst
|
||||
@@ -228,6 +228,41 @@ Files
|
||||
``/var/run/named/named.pid``
|
||||
@@ -212,6 +212,47 @@ Files
|
||||
|named_pid|
|
||||
The default process-id file.
|
||||
|
||||
+Notes
|
||||
@ -24,7 +24,7 @@ index 6fd8f87..3cd6350 100644
|
||||
+
|
||||
+By default, Red Hat ships BIND with the most secure SELinux policy
|
||||
+that will not prevent normal BIND operation and will prevent exploitation
|
||||
+of all known BIND security vulnerabilities. See the selinux(8) man page
|
||||
+of all known BIND security vulnerabilities . See the selinux(8) man page
|
||||
+for information about SElinux.
|
||||
+
|
||||
+It is not necessary to run named in a chroot environment if the Red Hat
|
||||
@ -34,27 +34,33 @@ index 6fd8f87..3cd6350 100644
|
||||
+
|
||||
+*With this extra security comes some restrictions:*
|
||||
+
|
||||
+By default, the SELinux policy does not allow named to write outside directory
|
||||
+/var/named. That directory used to be read-only for named, but write access is
|
||||
+enabled by default now.
|
||||
+By default, the SELinux policy does not allow named to write any master
|
||||
+zone database files. Only the root user may create files in the $ROOTDIR/var/named
|
||||
+zone database file directory (the options { "directory" } option), where
|
||||
+$ROOTDIR is set in /etc/sysconfig/named.
|
||||
+
|
||||
+The "named" group must be granted read privelege to
|
||||
+these files in order for named to be enabled to read them.
|
||||
+Any file updated by named must be writeable by named user or named group.
|
||||
+
|
||||
+Any file created in the zone database file directory is automatically assigned
|
||||
+the SELinux file context *named_zone_t* .
|
||||
+
|
||||
+By default, SELinux prevents any role from modifying *named_zone_t* files; this
|
||||
+means that files in the zone database directory cannot be modified by dynamic
|
||||
+DNS (DDNS) updates or zone transfers.
|
||||
+
|
||||
+The Red Hat BIND distribution and SELinux policy creates three directories where
|
||||
+named were allowed to create and modify files: */var/named/slaves*, */var/named/dynamic*
|
||||
+*/var/named/data*. The service is able to write and file under */var/named* with appropriate
|
||||
+permissions. They are used for better organisation of zones and backward compatibility.
|
||||
+Files in these directories are automatically assigned the '*named_cache_t*'
|
||||
+file context, which SELinux always allows named to write.
|
||||
+named is allowed to create and modify files: */var/named/slaves*, */var/named/dynamic*
|
||||
+*/var/named/data*. By placing files you want named to modify, such as
|
||||
+slave or DDNS updateable zone files and database / statistics dump files in
|
||||
+these directories, named will work normally and no further operator action is
|
||||
+required. Files in these directories are automatically assigned the '*named_cache_t*'
|
||||
+file context, which SELinux allows named to write.
|
||||
+
|
||||
+
|
||||
See Also
|
||||
~~~~~~~~
|
||||
|
||||
--
|
||||
2.26.2
|
||||
2.34.1
|
||||
|
||||
|
@ -1,113 +0,0 @@
|
||||
From 7270604440268bb17b39ae734ff33003a67c8343 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Tue, 20 Jul 2021 19:34:42 +0200
|
||||
Subject: [PATCH] Check parsed resconf values
|
||||
|
||||
Add 'attempts' check, fix 'ndots' data. Create a bunch of verification
|
||||
functions and check parsed values, not just return codes.
|
||||
---
|
||||
lib/irs/tests/resconf_test.c | 46 ++++++++++++++++++--
|
||||
lib/irs/tests/testdata/options-attempts.conf | 10 +++++
|
||||
lib/irs/tests/testdata/options-ndots.conf | 2 +-
|
||||
3 files changed, 54 insertions(+), 4 deletions(-)
|
||||
create mode 100644 lib/irs/tests/testdata/options-attempts.conf
|
||||
|
||||
diff --git a/lib/irs/tests/resconf_test.c b/lib/irs/tests/resconf_test.c
|
||||
index 6951758..ce94345 100644
|
||||
--- a/lib/irs/tests/resconf_test.c
|
||||
+++ b/lib/irs/tests/resconf_test.c
|
||||
@@ -45,6 +45,43 @@ setup_test() {
|
||||
assert_return_code(chdir(TESTS), 0);
|
||||
}
|
||||
|
||||
+static isc_result_t
|
||||
+check_number(unsigned int n, unsigned int expected) {
|
||||
+ return ((n == expected) ? ISC_R_SUCCESS : ISC_R_BADNUMBER);
|
||||
+}
|
||||
+
|
||||
+static isc_result_t
|
||||
+check_attempts(irs_resconf_t *resconf) {
|
||||
+ return (check_number(irs_resconf_getattempts(resconf), 4));
|
||||
+}
|
||||
+
|
||||
+static isc_result_t
|
||||
+check_timeout(irs_resconf_t *resconf) {
|
||||
+ return (check_number(irs_resconf_gettimeout(resconf), 1));
|
||||
+}
|
||||
+
|
||||
+static isc_result_t
|
||||
+check_ndots(irs_resconf_t *resconf) {
|
||||
+ return (check_number(irs_resconf_getndots(resconf), 2));
|
||||
+}
|
||||
+
|
||||
+static isc_result_t
|
||||
+check_options(irs_resconf_t *resconf) {
|
||||
+ if (irs_resconf_getattempts(resconf) != 3) {
|
||||
+ return ISC_R_BADNUMBER; /* default value only */
|
||||
+ }
|
||||
+
|
||||
+ if (irs_resconf_getndots(resconf) != 2) {
|
||||
+ return ISC_R_BADNUMBER;
|
||||
+ }
|
||||
+
|
||||
+ if (irs_resconf_gettimeout(resconf) != 1) {
|
||||
+ return ISC_R_BADNUMBER;
|
||||
+ }
|
||||
+
|
||||
+ return (ISC_R_SUCCESS);
|
||||
+}
|
||||
+
|
||||
/* test irs_resconf_load() */
|
||||
static void
|
||||
irs_resconf_load_test(void **state) {
|
||||
@@ -64,15 +101,18 @@ irs_resconf_load_test(void **state) {
|
||||
ISC_R_SUCCESS },
|
||||
{ "testdata/nameserver-v6-scoped.conf", ISC_R_SUCCESS, NULL,
|
||||
ISC_R_SUCCESS },
|
||||
+ { "testdata/options-attempts.conf", ISC_R_SUCCESS,
|
||||
+ check_attempts, ISC_R_SUCCESS },
|
||||
{ "testdata/options-debug.conf", ISC_R_SUCCESS, NULL,
|
||||
ISC_R_SUCCESS },
|
||||
- { "testdata/options-ndots.conf", ISC_R_SUCCESS, NULL,
|
||||
+ { "testdata/options-ndots.conf", ISC_R_SUCCESS, check_ndots,
|
||||
ISC_R_SUCCESS },
|
||||
- { "testdata/options-timeout.conf", ISC_R_SUCCESS, NULL,
|
||||
+ { "testdata/options-timeout.conf", ISC_R_SUCCESS, check_timeout,
|
||||
ISC_R_SUCCESS },
|
||||
{ "testdata/options-unknown.conf", ISC_R_SUCCESS, NULL,
|
||||
ISC_R_SUCCESS },
|
||||
- { "testdata/options.conf", ISC_R_SUCCESS, NULL, ISC_R_SUCCESS },
|
||||
+ { "testdata/options.conf", ISC_R_SUCCESS, check_options,
|
||||
+ ISC_R_SUCCESS },
|
||||
{ "testdata/options-bad-ndots.conf", ISC_R_RANGE, NULL,
|
||||
ISC_R_SUCCESS },
|
||||
{ "testdata/options-empty.conf", ISC_R_UNEXPECTEDEND, NULL,
|
||||
diff --git a/lib/irs/tests/testdata/options-attempts.conf b/lib/irs/tests/testdata/options-attempts.conf
|
||||
new file mode 100644
|
||||
index 0000000..4538643
|
||||
--- /dev/null
|
||||
+++ b/lib/irs/tests/testdata/options-attempts.conf
|
||||
@@ -0,0 +1,10 @@
|
||||
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
+#
|
||||
+# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
+# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
+#
|
||||
+# See the COPYRIGHT file distributed with this work for additional
|
||||
+# information regarding copyright ownership.
|
||||
+
|
||||
+options attempts:4
|
||||
diff --git a/lib/irs/tests/testdata/options-ndots.conf b/lib/irs/tests/testdata/options-ndots.conf
|
||||
index 5d18d26..f37c712 100644
|
||||
--- a/lib/irs/tests/testdata/options-ndots.conf
|
||||
+++ b/lib/irs/tests/testdata/options-ndots.conf
|
||||
@@ -9,4 +9,4 @@
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
-option ndots:2
|
||||
+options ndots:2
|
||||
--
|
||||
2.35.3
|
||||
|
@ -1,203 +0,0 @@
|
||||
From b0e79979672935ff07bf23703c675ee788940c59 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Tue, 22 Jun 2021 16:35:46 +0200
|
||||
Subject: [PATCH] Parse 'timeout' and 'attempts' from resolv.conf
|
||||
|
||||
It was supported by lwres in BIND 9.11, and is still mentioned in
|
||||
the manual page. Restore support for it by adding it to libirs.
|
||||
---
|
||||
bin/dig/dighost.c | 13 ++++++-
|
||||
lib/irs/include/irs/resconf.h | 20 +++++++++++
|
||||
lib/irs/resconf.c | 64 ++++++++++++++++++++++++++++-------
|
||||
3 files changed, 84 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
|
||||
index 0222454..274e894 100644
|
||||
--- a/bin/dig/dighost.c
|
||||
+++ b/bin/dig/dighost.c
|
||||
@@ -133,7 +133,7 @@ int sendcount = 0;
|
||||
int recvcount = 0;
|
||||
int sockcount = 0;
|
||||
int ndots = -1;
|
||||
-int tries = 3;
|
||||
+int tries = -1;
|
||||
int lookup_counter = 0;
|
||||
|
||||
static char servercookie[256];
|
||||
@@ -1330,6 +1330,17 @@ setup_system(bool ipv4only, bool ipv6only) {
|
||||
ndots = irs_resconf_getndots(resconf);
|
||||
debug("ndots is %d.", ndots);
|
||||
}
|
||||
+ if (timeout == 0) {
|
||||
+ timeout = irs_resconf_gettimeout(resconf);
|
||||
+ debug("timeout is %d.", timeout);
|
||||
+ }
|
||||
+ if (tries == -1) {
|
||||
+ tries = irs_resconf_getattempts(resconf);
|
||||
+ if (tries == 0) {
|
||||
+ tries = 3;
|
||||
+ }
|
||||
+ debug("retries is %d.", tries);
|
||||
+ }
|
||||
|
||||
/* If user doesn't specify server use nameservers from resolv.conf. */
|
||||
if (ISC_LIST_EMPTY(server_list)) {
|
||||
diff --git a/lib/irs/include/irs/resconf.h b/lib/irs/include/irs/resconf.h
|
||||
index 424b795..74fc84a 100644
|
||||
--- a/lib/irs/include/irs/resconf.h
|
||||
+++ b/lib/irs/include/irs/resconf.h
|
||||
@@ -113,6 +113,26 @@ irs_resconf_getndots(irs_resconf_t *conf);
|
||||
*\li 'conf' is a valid resconf object.
|
||||
*/
|
||||
|
||||
+unsigned int
|
||||
+irs_resconf_getattempts(irs_resconf_t *conf);
|
||||
+/*%<
|
||||
+ * Return the 'attempts' value stored in 'conf'.
|
||||
+ *
|
||||
+ * Requires:
|
||||
+ *
|
||||
+ *\li 'conf' is a valid resconf object.
|
||||
+ */
|
||||
+
|
||||
+unsigned int
|
||||
+irs_resconf_gettimeout(irs_resconf_t *conf);
|
||||
+/*%<
|
||||
+ * Return the 'timeout' value stored in 'conf'.
|
||||
+ *
|
||||
+ * Requires:
|
||||
+ *
|
||||
+ *\li 'conf' is a valid resconf object.
|
||||
+ */
|
||||
+
|
||||
ISC_LANG_ENDDECLS
|
||||
|
||||
#endif /* IRS_RESCONF_H */
|
||||
diff --git a/lib/irs/resconf.c b/lib/irs/resconf.c
|
||||
index 096064b..dd51d71 100644
|
||||
--- a/lib/irs/resconf.c
|
||||
+++ b/lib/irs/resconf.c
|
||||
@@ -80,6 +80,13 @@
|
||||
#define RESCONFMAXLINELEN 256U /*%< max size of a line */
|
||||
#define RESCONFMAXSORTLIST 10U /*%< max 10 */
|
||||
|
||||
+#define CHECK(op) \
|
||||
+ do { \
|
||||
+ result = (op); \
|
||||
+ if (result != ISC_R_SUCCESS) \
|
||||
+ goto cleanup; \
|
||||
+ } while (0)
|
||||
+
|
||||
/*!
|
||||
* configuration data structure
|
||||
*/
|
||||
@@ -114,6 +121,10 @@ struct irs_resconf {
|
||||
uint8_t resdebug;
|
||||
/*%< set to n in 'options ndots:n' */
|
||||
uint8_t ndots;
|
||||
+ /*%< set to n in 'options attempts:n' */
|
||||
+ uint8_t attempts;
|
||||
+ /*%< set to n in 'options timeout:n' */
|
||||
+ uint8_t timeout;
|
||||
};
|
||||
|
||||
static isc_result_t
|
||||
@@ -176,8 +187,8 @@ eatwhite(FILE *fp) {
|
||||
*/
|
||||
static int
|
||||
getword(FILE *fp, char *buffer, size_t size) {
|
||||
+ char *p = NULL;
|
||||
int ch;
|
||||
- char *p;
|
||||
|
||||
REQUIRE(buffer != NULL);
|
||||
REQUIRE(size > 0U);
|
||||
@@ -457,11 +468,26 @@ resconf_parsesortlist(irs_resconf_t *conf, FILE *fp) {
|
||||
return (ISC_R_SUCCESS);
|
||||
}
|
||||
|
||||
+static isc_result_t
|
||||
+resconf_optionnumber(const char *word, uint8_t *number) {
|
||||
+ char *p;
|
||||
+ long n;
|
||||
+
|
||||
+ n = strtol(word, &p, 10);
|
||||
+ if (*p != '\0') { /* Bad string. */
|
||||
+ return (ISC_R_UNEXPECTEDTOKEN);
|
||||
+ }
|
||||
+ if (n < 0 || n > 0xff) { /* Out of range. */
|
||||
+ return (ISC_R_RANGE);
|
||||
+ }
|
||||
+ *number = n;
|
||||
+ return (ISC_R_SUCCESS);
|
||||
+}
|
||||
+
|
||||
static isc_result_t
|
||||
resconf_parseoption(irs_resconf_t *conf, FILE *fp) {
|
||||
int delim;
|
||||
- long ndots;
|
||||
- char *p;
|
||||
+ isc_result_t result = ISC_R_SUCCESS;
|
||||
char word[RESCONFMAXLINELEN];
|
||||
|
||||
delim = getword(fp, word, sizeof(word));
|
||||
@@ -473,14 +499,11 @@ resconf_parseoption(irs_resconf_t *conf, FILE *fp) {
|
||||
if (strcmp("debug", word) == 0) {
|
||||
conf->resdebug = 1;
|
||||
} else if (strncmp("ndots:", word, 6) == 0) {
|
||||
- ndots = strtol(word + 6, &p, 10);
|
||||
- if (*p != '\0') { /* Bad string. */
|
||||
- return (ISC_R_UNEXPECTEDTOKEN);
|
||||
- }
|
||||
- if (ndots < 0 || ndots > 0xff) { /* Out of range. */
|
||||
- return (ISC_R_RANGE);
|
||||
- }
|
||||
- conf->ndots = (uint8_t)ndots;
|
||||
+ CHECK(resconf_optionnumber(word + 6, &conf->ndots));
|
||||
+ } else if (strncmp("attempts:", word, 9) == 0) {
|
||||
+ CHECK(resconf_optionnumber(word + 9, &conf->attempts));
|
||||
+ } else if (strncmp("timeout:", word, 8) == 0) {
|
||||
+ CHECK(resconf_optionnumber(word + 8, &conf->timeout));
|
||||
}
|
||||
|
||||
if (delim == EOF || delim == '\n') {
|
||||
@@ -490,7 +513,8 @@ resconf_parseoption(irs_resconf_t *conf, FILE *fp) {
|
||||
}
|
||||
}
|
||||
|
||||
- return (ISC_R_SUCCESS);
|
||||
+cleanup:
|
||||
+ return (result);
|
||||
}
|
||||
|
||||
static isc_result_t
|
||||
@@ -532,6 +556,8 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp) {
|
||||
conf->sortlistnxt = 0;
|
||||
conf->resdebug = 0;
|
||||
conf->ndots = 1;
|
||||
+ conf->attempts = 3;
|
||||
+ conf->timeout = 0;
|
||||
for (i = 0; i < RESCONFMAXSEARCH; i++) {
|
||||
conf->search[i] = NULL;
|
||||
}
|
||||
@@ -687,3 +713,17 @@ irs_resconf_getndots(irs_resconf_t *conf) {
|
||||
|
||||
return ((unsigned int)conf->ndots);
|
||||
}
|
||||
+
|
||||
+unsigned int
|
||||
+irs_resconf_getattempts(irs_resconf_t *conf) {
|
||||
+ REQUIRE(IRS_RESCONF_VALID(conf));
|
||||
+
|
||||
+ return ((unsigned int)conf->attempts);
|
||||
+}
|
||||
+
|
||||
+unsigned int
|
||||
+irs_resconf_gettimeout(irs_resconf_t *conf) {
|
||||
+ REQUIRE(IRS_RESCONF_VALID(conf));
|
||||
+
|
||||
+ return ((unsigned int)conf->timeout);
|
||||
+}
|
||||
--
|
||||
2.35.3
|
||||
|
@ -1,30 +1,20 @@
|
||||
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
|
||||
index eb622d1..37053a7 100644
|
||||
--- a/bin/named/Makefile.in
|
||||
+++ b/bin/named/Makefile.in
|
||||
@@ -117,8 +117,12 @@ SRCS = builtin.c config.c control.c \
|
||||
tkeyconf.c tsigconf.c zoneconf.c \
|
||||
${DLZDRIVER_SRCS} ${DBDRIVER_SRCS}
|
||||
diff --git a/bin/named/Makefile.am b/bin/named/Makefile.am
|
||||
index 7065a90..e2e485b 100644
|
||||
--- a/bin/named/Makefile.am
|
||||
+++ b/bin/named/Makefile.am
|
||||
@@ -32,6 +32,7 @@ AM_CPPFLAGS += \
|
||||
endif HAVE_LIBXML2
|
||||
|
||||
+EXT_CFLAGS = -fpie
|
||||
AM_CPPFLAGS += \
|
||||
+ -fpie \
|
||||
-DNAMED_LOCALSTATEDIR=\"${localstatedir}\" \
|
||||
-DNAMED_SYSCONFDIR=\"${sysconfdir}\"
|
||||
|
||||
@@ -122,5 +123,7 @@ named_LDADD += \
|
||||
$(LIBNGHTTP2_LIBS)
|
||||
endif HAVE_LIBNGHTTP2
|
||||
|
||||
+AM_LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
|
||||
+
|
||||
@BIND9_MAKE_RULES@
|
||||
|
||||
+LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
|
||||
+
|
||||
main.@O@: main.c
|
||||
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
|
||||
-DVERSION=\"${VERSION}\" \
|
||||
diff --git a/bin/named/unix/Makefile.in b/bin/named/unix/Makefile.in
|
||||
index fd9ca8d..f1c102c 100644
|
||||
--- a/bin/named/unix/Makefile.in
|
||||
+++ b/bin/named/unix/Makefile.in
|
||||
@@ -11,6 +11,8 @@ srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
top_srcdir = @top_srcdir@
|
||||
|
||||
+EXT_CFLAGS = -fpie
|
||||
+
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \
|
||||
MAINTAINERCLEANFILES = \
|
||||
named.conf.rst
|
||||
|
@ -1,53 +0,0 @@
|
||||
diff --git a/contrib/dlz/config.dlz.in b/contrib/dlz/config.dlz.in
|
||||
index 47525af..eefe3c3 100644
|
||||
--- a/contrib/dlz/config.dlz.in
|
||||
+++ b/contrib/dlz/config.dlz.in
|
||||
@@ -17,6 +17,13 @@
|
||||
#
|
||||
dlzdir='${DLZ_DRIVER_DIR}'
|
||||
|
||||
+AC_MSG_CHECKING([for target libdir])
|
||||
+AC_RUN_IFELSE([int main(void) {exit((sizeof(void *) == 8) ? 0 : 1);}],
|
||||
+ [target_lib=lib64],
|
||||
+ [target_lib=lib],
|
||||
+)
|
||||
+AC_MSG_RESULT(["$target_lib"])
|
||||
+
|
||||
#
|
||||
# Private autoconf macro to simplify configuring drivers:
|
||||
#
|
||||
@@ -292,9 +299,9 @@ case "$use_dlz_bdb" in
|
||||
then
|
||||
break
|
||||
fi
|
||||
- elif test -f "$dd/lib/lib${d}.so"
|
||||
+ elif test -f "$dd/${target_lib}/lib${d}.so"
|
||||
then
|
||||
- dlz_bdb_libs="-L${dd}/lib -l${d}"
|
||||
+ dlz_bdb_libs="-L${dd}/${target_lib} -l${d}"
|
||||
break
|
||||
fi
|
||||
done
|
||||
@@ -396,7 +403,7 @@ case "$use_dlz_ldap" in
|
||||
*)
|
||||
DLZ_ADD_DRIVER(LDAP, dlz_ldap_driver,
|
||||
[-I$use_dlz_ldap/include],
|
||||
- [-L$use_dlz_ldap/lib -lldap -llber])
|
||||
+ [-L$use_dlz_ldap/${target_lib} -lldap -llber])
|
||||
|
||||
AC_MSG_RESULT(
|
||||
[using LDAP from $use_dlz_ldap/lib and $use_dlz_ldap/include])
|
||||
@@ -432,11 +439,11 @@ then
|
||||
odbcdirs="/usr /usr/local /usr/pkg"
|
||||
for d in $odbcdirs
|
||||
do
|
||||
- if test -f $d/include/sql.h -a -f $d/lib/libodbc.a
|
||||
+ if test -f $d/include/sql.h -a -f $d/${target_lib}/libodbc.a
|
||||
then
|
||||
use_dlz_odbc=$d
|
||||
dlz_odbc_include="-I$use_dlz_odbc/include"
|
||||
- dlz_odbc_libs="-L$use_dlz_odbc/lib -lodbc"
|
||||
+ dlz_odbc_libs="-L$use_dlz_odbc/${target_lib} -lodbc"
|
||||
break
|
||||
fi
|
||||
done
|
@ -1,31 +0,0 @@
|
||||
diff -up bind-9.10.1b1/contrib/dlz/config.dlz.in.libdb bind-9.10.1b1/contrib/dlz/config.dlz.in
|
||||
--- bind-9.10.1b1/contrib/dlz/config.dlz.in.libdb 2014-08-04 12:33:09.320735111 +0200
|
||||
+++ bind-9.10.1b1/contrib/dlz/config.dlz.in 2014-08-04 12:41:46.888241910 +0200
|
||||
@@ -263,7 +263,7 @@ case "$use_dlz_bdb" in
|
||||
# Check other locations for includes.
|
||||
# Order is important (sigh).
|
||||
|
||||
- bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db"
|
||||
+ bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /libdb /db"
|
||||
# include a blank element first
|
||||
for d in "" $bdb_incdirs
|
||||
do
|
||||
@@ -288,16 +288,9 @@ case "$use_dlz_bdb" in
|
||||
bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db"
|
||||
for d in $bdb_libnames
|
||||
do
|
||||
- if test "$dd" = "/usr"
|
||||
+ if test -f "$dd/${target_lib}/lib${d}.so"
|
||||
then
|
||||
- AC_CHECK_LIB($d, db_create, dlz_bdb_libs="-l${d}")
|
||||
- if test $dlz_bdb_libs != "yes"
|
||||
- then
|
||||
- break
|
||||
- fi
|
||||
- elif test -f "$dd/${target_lib}/lib${d}.so"
|
||||
- then
|
||||
- dlz_bdb_libs="-L${dd}/${target_lib} -l${d}"
|
||||
+ dlz_bdb_libs="-L${dd}/${target_lib}/libdb -l${d}"
|
||||
break
|
||||
fi
|
||||
done
|
288
bind.spec
288
bind.spec
@ -9,15 +9,19 @@
|
||||
%bcond_without GSSTSIG
|
||||
# it is not possible to build the package without PKCS11 sub-package
|
||||
# due to extensive changes to Makefiles
|
||||
%bcond_without PKCS11
|
||||
%bcond_with PKCS11 # TODO: Remove
|
||||
%bcond_without JSON
|
||||
# FIXME: Not ready. Should it be worked on?
|
||||
%bcond_without DLZ
|
||||
# New MaxMind GeoLite support
|
||||
%bcond_without GEOIP2
|
||||
# Disabled temporarily until kyua is fixed on rawhide, bug #1926779
|
||||
%bcond_without UNITTEST
|
||||
%bcond_without DNSTAP
|
||||
%bcond_without LMDB
|
||||
%bcond_without DOC
|
||||
# Because of issues with PDF rebuild, include only HTML pages
|
||||
# Current error: unable top find isc-logo.pdf
|
||||
%if 0%{?fedora}
|
||||
# RHEL and ELN do not have all required packages
|
||||
%bcond_without DOCPDF
|
||||
@ -47,18 +51,26 @@
|
||||
# lib*.so.X versions of selected libraries no longer provided,
|
||||
# lib*-%%{version}-RH.so is provided as an internal implementation detail
|
||||
|
||||
# Upstream package name
|
||||
%global upname bind
|
||||
%define upname_compat() \
|
||||
%if "%{name}" != "%{upname}" \
|
||||
Provides: %1 = %{epoch}:%{version}-%{release} \
|
||||
Obsoletes: %1 < 32:9.17.0 \
|
||||
Conflicts: %1 \
|
||||
%endif
|
||||
|
||||
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
|
||||
Name: bind
|
||||
License: MPLv2.0
|
||||
Version: 9.16.30
|
||||
Version: 9.18.4
|
||||
Release: 2%{?dist}
|
||||
Epoch: 32
|
||||
Url: https://www.isc.org/downloads/bind/
|
||||
#
|
||||
Source0: https://downloads.isc.org/isc/bind9/%{version}/bind-%{version}.tar.xz
|
||||
Source0: https://downloads.isc.org/isc/bind9/%{version}/%{upname}-%{version}.tar.xz
|
||||
Source1: named.sysconfig
|
||||
Source2: https://downloads.isc.org/isc/bind9/%{version}/bind-%{version}.tar.xz.asc
|
||||
Source2: https://downloads.isc.org/isc/bind9/%{version}/%{upname}-%{version}.tar.xz.asc
|
||||
Source3: named.logrotate
|
||||
Source4: https://downloads.isc.org/isc/pgpkeys/codesign2021.txt
|
||||
Source16: named.conf
|
||||
@ -84,27 +96,11 @@ Source47: named-pkcs11.service
|
||||
Source48: setup-named-softhsm.sh
|
||||
Source49: named-chroot.files
|
||||
|
||||
# Make PKCS11 used only for pkcs11 parts
|
||||
Patch1: bind-9.14-config-pkcs11.patch
|
||||
# Fedora specific patch to distribute native-pkcs#11 functionality
|
||||
Patch2: bind-9.10-dist-native-pkcs11.patch
|
||||
# Do not use isc-pkcs11.
|
||||
Patch3: bind-9.11-kyua-pkcs11.patch
|
||||
|
||||
# Common patches
|
||||
Patch18: bind-9.5-PIE.patch
|
||||
Patch19: bind-9.16-redhat_doc.patch
|
||||
Patch20: bind-9.5-dlz-64bit.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5601
|
||||
Patch21: bind93-rh490837.patch
|
||||
# FIXME: Is this still required?
|
||||
Patch10: bind-9.5-PIE.patch
|
||||
Patch16: bind-9.16-redhat_doc.patch
|
||||
Patch22: bind-9.11-fips-tests.patch
|
||||
Patch24: bind-9.9.1-P2-dlz-libdb.patch
|
||||
|
||||
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/2689
|
||||
Patch25:bind-9.11-rh1666814.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5273
|
||||
Patch27: bind-9.16-resolv.conf-options-timeout.patch
|
||||
Patch28: bind-9.16-resolv.conf-options-timeout-test.patch
|
||||
|
||||
%{?systemd_ordering}
|
||||
Requires: coreutils
|
||||
@ -112,22 +108,23 @@ Requires(pre): shadow-utils
|
||||
Requires(post): shadow-utils
|
||||
Requires(post): glibc-common
|
||||
Requires(post): grep
|
||||
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
# This wild require should satisfy %%selinux_set_boolean macro only
|
||||
# in case it needs to be used
|
||||
Requires(post): ((policycoreutils-python-utils and libselinux-utils) if (selinux-policy-targeted or selinux-policy-mls))
|
||||
Requires(post): ((selinux-policy and selinux-policy-base) if (selinux-policy-targeted or selinux-policy-mls))
|
||||
Recommends: bind-utils bind-dnssec-utils
|
||||
Recommends: %{name}-utils %{name}-dnssec-utils
|
||||
%upname_compat %{upname}
|
||||
|
||||
BuildRequires: gcc, make
|
||||
BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
|
||||
BuildRequires: libidn2-devel, libxml2-devel
|
||||
BuildRequires: systemd-rpm-macros
|
||||
BuildRequires: selinux-policy
|
||||
# needed for %%{__python3} macro
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3-ply
|
||||
BuildRequires: findutils sed
|
||||
BuildRequires: libnghttp2-devel
|
||||
%if 0%{?fedora}
|
||||
BuildRequires: jemalloc-devel
|
||||
BuildRequires: gnupg2
|
||||
%endif
|
||||
BuildRequires: libuv-devel
|
||||
@ -136,7 +133,7 @@ BuildRequires: openldap-devel, libpq-devel, sqlite-devel, mariadb-connector-c-d
|
||||
%endif
|
||||
%if %{with UNITTEST}
|
||||
# make unit dependencies
|
||||
BuildRequires: libcmocka-devel kyua
|
||||
BuildRequires: libcmocka-devel
|
||||
%endif
|
||||
%if %{with PKCS11} && (%{with UNITTEST} || %{with SYSTEMTEST})
|
||||
BuildRequires: softhsm
|
||||
@ -185,9 +182,9 @@ tools for verifying that the DNS server is operating properly.
|
||||
%if %{with PKCS11}
|
||||
%package pkcs11
|
||||
Summary: Bind with native PKCS#11 functionality for crypto
|
||||
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Recommends: softhsm
|
||||
|
||||
%description pkcs11
|
||||
@ -195,21 +192,27 @@ This is a version of BIND server built with native PKCS#11 functionality.
|
||||
It is important to have SoftHSM v2+ installed and some token initialized.
|
||||
For other supported HSM modules please check the BIND documentation.
|
||||
|
||||
# TODO: Those utils can be used also without pkcs11 variant, but are not?
|
||||
%package pkcs11-utils
|
||||
Summary: Bind tools with native PKCS#11 for using DNSSEC
|
||||
Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Obsoletes: bind-pkcs11 < 32:9.9.4-16.P2
|
||||
Requires: bind-dnssec-doc = %{epoch}:%{version}-%{release}
|
||||
Obsoletes: %{name}-pkcs11 < 32:9.9.4-16.P2
|
||||
Requires: %{name}-dnssec-doc = %{epoch}:%{version}-%{release}
|
||||
%if %{with PKCS11}
|
||||
Requires: %{name}-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
%endif
|
||||
|
||||
%description pkcs11-utils
|
||||
This is a set of PKCS#11 utilities that when used together create rsa
|
||||
keys in a PKCS11 keystore. Also utilities for working with DNSSEC
|
||||
keys in a PKCS11 keystore.
|
||||
%if %{with PKCS11}
|
||||
Also utilities for working with DNSSEC
|
||||
compiled with native PKCS#11 functionality are included.
|
||||
%endif
|
||||
|
||||
%package pkcs11-libs
|
||||
Summary: Bind libraries compiled with native PKCS#11
|
||||
Requires: bind-license = %{epoch}:%{version}-%{release}
|
||||
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-license = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description pkcs11-libs
|
||||
This is a set of BIND libraries (dns, isc) compiled with native PKCS#11
|
||||
@ -217,8 +220,8 @@ functionality.
|
||||
|
||||
%package pkcs11-devel
|
||||
Summary: Development files for Bind libraries compiled with native PKCS#11
|
||||
Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: bind-devel%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description pkcs11-devel
|
||||
This a set of development files for BIND libraries (dns, isc) compiled
|
||||
@ -227,13 +230,13 @@ with native PKCS#11 functionality.
|
||||
|
||||
%package libs
|
||||
Summary: Libraries used by the BIND DNS packages
|
||||
Requires: bind-license = %{epoch}:%{version}-%{release}
|
||||
Provides: bind-libs-lite = %{epoch}:%{version}-%{release}
|
||||
Obsoletes: bind-libs-lite < 32:9.16.13
|
||||
Requires: %{name}-license = %{epoch}:%{version}-%{release}
|
||||
Provides: %{name}-libs-lite = %{epoch}:%{version}-%{release}
|
||||
Obsoletes: %{name}-libs-lite < 32:9.16.13
|
||||
|
||||
%description libs
|
||||
Contains heavyweight version of BIND suite libraries used by both named DNS
|
||||
server and utilities in bind-utils package.
|
||||
server and utilities in %{name}-utils package.
|
||||
|
||||
%package license
|
||||
Summary: License of the BIND DNS suite
|
||||
@ -244,9 +247,10 @@ Contains license of the BIND DNS suite.
|
||||
|
||||
%package utils
|
||||
Summary: Utilities for querying DNS name servers
|
||||
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
# For compatibility with Debian package
|
||||
Provides: dnsutils = %{epoch}:%{version}-%{release}
|
||||
%upname_compat %{upname}-utils
|
||||
|
||||
%description utils
|
||||
Bind-utils contains a collection of utilities for querying DNS (Domain
|
||||
@ -255,37 +259,37 @@ hosts. These tools will provide you with the IP addresses for given
|
||||
host names, as well as other information about registered domains and
|
||||
network addresses.
|
||||
|
||||
You should install bind-utils if you need to get information from DNS name
|
||||
You should install %{name}-utils if you need to get information from DNS name
|
||||
servers.
|
||||
|
||||
%package dnssec-utils
|
||||
Summary: DNSSEC keys and zones management utilities
|
||||
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Recommends: bind-utils
|
||||
Requires: python3-bind = %{epoch}:%{version}-%{release}
|
||||
Requires: bind-dnssec-doc = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Recommends: %{name}-utils
|
||||
Requires: %{name}-dnssec-doc = %{epoch}:%{version}-%{release}
|
||||
%upname_compat %{upname}-dnssec-utils
|
||||
|
||||
%description dnssec-utils
|
||||
Bind-dnssec-utils contains a collection of utilities for editing
|
||||
%{name}-dnssec-utils contains a collection of utilities for editing
|
||||
DNSSEC keys and BIND zone files. These tools provide generation,
|
||||
revocation and verification of keys and DNSSEC signatures in zone files.
|
||||
|
||||
You should install bind-dnssec-utils if you need to sign a DNS zone
|
||||
You should install %{name}-dnssec-utils if you need to sign a DNS zone
|
||||
or maintain keys for it.
|
||||
|
||||
%package dnssec-doc
|
||||
Summary: Manual pages of DNSSEC utilities
|
||||
Requires: bind-license = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-license = %{epoch}:%{version}-%{release}
|
||||
BuildArch:noarch
|
||||
|
||||
%description dnssec-doc
|
||||
Bind-dnssec-doc contains manual pages for bind-dnssec-utils.
|
||||
%{name}-dnssec-doc contains manual pages for %{name}-dnssec-utils.
|
||||
|
||||
%package devel
|
||||
Summary: Header files and libraries needed for bind-dyndb-ldap
|
||||
Provides: bind-lite-devel = %{epoch}:%{version}-%{release}
|
||||
Obsoletes: bind-lite-devel < 32:9.16.6-3
|
||||
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Provides: %{name}-lite-devel = %{epoch}:%{version}-%{release}
|
||||
Obsoletes: %{name}-lite-devel < 32:9.16.6-3
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: openssl-devel%{?_isa} libxml2-devel%{?_isa}
|
||||
Requires: libcap-devel%{?_isa}
|
||||
%if %{with GSSTSIG}
|
||||
@ -305,7 +309,7 @@ Requires: libmaxminddb-devel%{?_isa}
|
||||
%endif
|
||||
|
||||
%description devel
|
||||
The bind-devel package contains full version of the header files and libraries
|
||||
The %{name}-devel package contains full version of the header files and libraries
|
||||
required for building bind-dyndb-ldap. Upstream no longer supports nor recommends
|
||||
bind libraries for third party applications.
|
||||
|
||||
@ -314,7 +318,7 @@ Summary: A chroot runtime environment for the ISC BIND DNS server, named(
|
||||
Prefix: %{chroot_prefix}
|
||||
# grep is required due to setup-named-chroot.sh script
|
||||
Requires: grep
|
||||
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description chroot
|
||||
This package contains a tree of files which can be used as a
|
||||
@ -325,21 +329,21 @@ Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
|
||||
%if %{with DLZ}
|
||||
%package dlz-filesystem
|
||||
Summary: BIND server filesystem DLZ module
|
||||
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description dlz-filesystem
|
||||
Dynamic Loadable Zones filesystem module for BIND server.
|
||||
|
||||
%package dlz-ldap
|
||||
Summary: BIND server ldap DLZ module
|
||||
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description dlz-ldap
|
||||
Dynamic Loadable Zones LDAP module for BIND server.
|
||||
|
||||
%package dlz-mysql
|
||||
Summary: BIND server mysql and mysqldyn DLZ modules
|
||||
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Provides: %{name}-dlz-mysqldyn = %{epoch}:%{version}-%{release}
|
||||
Obsoletes: %{name}-dlz-mysqldyn < 32:9.16.6-3
|
||||
|
||||
@ -349,28 +353,16 @@ Contains also mysqldyn module with dynamic DNS updates (DDNS) support.
|
||||
|
||||
%package dlz-sqlite3
|
||||
Summary: BIND server sqlite3 DLZ module
|
||||
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description dlz-sqlite3
|
||||
Dynamic Loadable Zones sqlite3 module for BIND server.
|
||||
%endif
|
||||
|
||||
|
||||
%package -n python3-bind
|
||||
Summary: A module allowing rndc commands to be sent from Python programs
|
||||
Requires: bind-license = %{epoch}:%{version}-%{release}
|
||||
Requires: python3 python3-ply %{?py3_dist:%py3_dist ply}
|
||||
BuildArch: noarch
|
||||
%{?python_provide:%python_provide python3-bind}
|
||||
%{?python_provide:%python_provide python3-isc}
|
||||
|
||||
%description -n python3-bind
|
||||
This package provides a module which allows commands to be sent to rndc directly from Python programs.
|
||||
|
||||
%if %{with DOC}
|
||||
%package doc
|
||||
Summary: BIND 9 Administrator Reference Manual
|
||||
Requires: bind-license = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-license = %{epoch}:%{version}-%{release}
|
||||
Requires: python3-sphinx_rtd_theme
|
||||
BuildArch: noarch
|
||||
|
||||
@ -392,25 +384,15 @@ in HTML and PDF format.
|
||||
# RHEL does not yet support this verification
|
||||
%{gpgverify} --keyring='%{SOURCE4}' --signature='%{SOURCE2}' --data='%{SOURCE0}'
|
||||
%endif
|
||||
%autosetup -n %{name}-%{version} -N
|
||||
%autopatch -p1 -m 18
|
||||
%if %{with PKCS11}
|
||||
%autopatch -p1 -m 1 -M 1
|
||||
cp -r bin/named{,-pkcs11}
|
||||
cp -r bin/dnssec{,-pkcs11}
|
||||
cp -r lib/dns{,-pkcs11}
|
||||
cp -r lib/ns{,-pkcs11}
|
||||
%autopatch -p1 -m 2 -M 17
|
||||
%endif
|
||||
%autosetup -n %{upname}-%{version} -p1
|
||||
|
||||
# Sparc and s390 arches need to use -fPIE
|
||||
%ifarch sparcv9 sparc64 s390 s390x
|
||||
for i in bin/named/{,unix}/Makefile.in; do
|
||||
for i in bin/named/Makefile.am; do
|
||||
sed -i 's|fpie|fPIE|g' $i
|
||||
done
|
||||
%endif
|
||||
|
||||
sed -e 's|"$TOP/config.guess"|"$TOP_SRCDIR/config.guess"|' -i bin/tests/system/ifconfig.sh
|
||||
:;
|
||||
|
||||
|
||||
@ -420,15 +402,12 @@ sed -e 's|"$TOP/config.guess"|"$TOP_SRCDIR/config.guess"|' -i bin/tests/system/i
|
||||
|
||||
# normal and pkcs11 unit tests
|
||||
%define unit_prepare_build() \
|
||||
cp -uv Kyuafile "%{1}/" \
|
||||
find lib -name 'K*.key' -exec cp -uv '{}' "%{1}/{}" ';' \
|
||||
find lib -name 'Kyuafile' -exec cp -uv '{}' "%{1}/{}" ';' \
|
||||
find lib -name 'testdata' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \
|
||||
find lib -name 'testkeys' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \
|
||||
|
||||
%define systemtest_prepare_build() \
|
||||
cp -Tuav bin/tests "%{1}/bin/tests/" \
|
||||
cp -uv version "%{1}" \
|
||||
|
||||
CFLAGS="$CFLAGS $RPM_OPT_FLAGS"
|
||||
%if %{with TSAN}
|
||||
@ -439,10 +418,10 @@ export STD_CDEFINES="$CPPFLAGS"
|
||||
|
||||
|
||||
sed -i -e \
|
||||
's/RELEASEVER=\(.*\)/RELEASEVER=\1-RH/' \
|
||||
version
|
||||
's/([bind_VERSION_EXTRA],\s*\([^)]*\))/([bind_VERSION_EXTRA], \1-RH)/' \
|
||||
configure.ac
|
||||
|
||||
libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f
|
||||
autoreconf --force --install
|
||||
|
||||
mkdir build
|
||||
|
||||
@ -456,8 +435,6 @@ pushd build
|
||||
LIBDIR_SUFFIX=
|
||||
export LIBDIR_SUFFIX
|
||||
%configure \
|
||||
--with-python=%{__python3} \
|
||||
--with-libtool \
|
||||
--localstatedir=%{_var} \
|
||||
--with-pic \
|
||||
--disable-static \
|
||||
@ -471,7 +448,6 @@ export LIBDIR_SUFFIX
|
||||
--enable-native-pkcs11 \
|
||||
--with-pkcs11=%{_libdir}/pkcs11/libsofthsm2.so \
|
||||
%endif
|
||||
--with-dlopen=yes \
|
||||
%if %{with GSSTSIG}
|
||||
--with-gssapi=yes \
|
||||
%endif
|
||||
@ -481,7 +457,7 @@ export LIBDIR_SUFFIX
|
||||
--with-lmdb=no \
|
||||
%endif
|
||||
%if %{with JSON}
|
||||
--without-libjson --with-json-c \
|
||||
--with-json-c \
|
||||
%endif
|
||||
%if %{with DNSTAP}
|
||||
--enable-dnstap \
|
||||
@ -496,9 +472,6 @@ export LIBDIR_SUFFIX
|
||||
pushd lib
|
||||
SRCLIB="../../../lib"
|
||||
(cd dns && ln -s ${SRCLIB}/dns/dnstap.proto)
|
||||
%if %{with PKCS11}
|
||||
(cd dns-pkcs11 && ln -s ${SRCLIB}/dns-pkcs11/dnstap.proto)
|
||||
%endif
|
||||
popd
|
||||
%endif
|
||||
|
||||
@ -512,27 +485,14 @@ fmtutil-user --missing || :
|
||||
|
||||
%make_build
|
||||
|
||||
# Regenerate dig.1 manpage
|
||||
pushd bin/dig
|
||||
make man
|
||||
popd
|
||||
pushd bin/python
|
||||
make man
|
||||
popd
|
||||
|
||||
%if %{with DOC}
|
||||
make doc
|
||||
%endif
|
||||
|
||||
%if %{with DLZ}
|
||||
pushd contrib/dlz/modules
|
||||
for DIR in mysql mysqldyn; do
|
||||
sed -e 's/@DLZ_DRIVER_MYSQL_INCLUDES@/$(shell mysql_config --cflags)/' \
|
||||
-e 's/@DLZ_DRIVER_MYSQL_LIBS@/$(shell mysql_config --libs)/' \
|
||||
$DIR/Makefile.in > $DIR/Makefile
|
||||
done
|
||||
for DIR in filesystem ldap mysql mysqldyn sqlite3; do
|
||||
make -C $DIR CFLAGS="-fPIC -I../include $CFLAGS $LDFLAGS"
|
||||
make -C $DIR CFLAGS="-fPIC -I../include $CFLAGS $LDFLAGS -DPTHREADS=1" LDFLAGS="$LDFLAGS"
|
||||
done
|
||||
popd
|
||||
%endif
|
||||
@ -639,11 +599,6 @@ install -m 644 %{SOURCE46} ${RPM_BUILD_ROOT}%{_unitdir}
|
||||
|
||||
%if %{with PKCS11}
|
||||
install -m 644 %{SOURCE47} ${RPM_BUILD_ROOT}%{_unitdir}
|
||||
%else
|
||||
# Not packaged without PKCS11
|
||||
find ${RPM_BUILD_ROOT}%{_includedir}/bind9/pk11 ${RPM_BUILD_ROOT}%{_includedir}/bind9/pkcs11 \
|
||||
-name '*.h' \! -name site.h -delete
|
||||
|
||||
%endif
|
||||
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir}
|
||||
@ -659,14 +614,22 @@ mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
|
||||
install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named
|
||||
install -m 644 %{SOURCE49} ${RPM_BUILD_ROOT}%{_sysconfdir}/named-chroot.files
|
||||
|
||||
pushd ${RPM_BUILD_ROOT}%{_sbindir}
|
||||
# Compatibility with previous major versions, only for selected binaries
|
||||
for BIN in named-checkconf named-checkzone named-compilezone
|
||||
do
|
||||
ln -s ../bin/$BIN $BIN
|
||||
done
|
||||
popd
|
||||
|
||||
%if %{with DLZ}
|
||||
pushd build
|
||||
pushd contrib/dlz/modules
|
||||
for DIR in filesystem ldap mysql mysqldyn sqlite3; do
|
||||
%make_install -C $DIR libdir=%{_libdir}/named
|
||||
%make_install -C $DIR libdir=%{_libdir}/bind
|
||||
done
|
||||
pushd ${RPM_BUILD_ROOT}/%{_libdir}/bind
|
||||
cp -s ../named/dlz_*.so .
|
||||
pushd ${RPM_BUILD_ROOT}/%{_libdir}/named
|
||||
cp -s ../bind/dlz_*.so .
|
||||
popd
|
||||
mkdir -p doc/{mysql,mysqldyn}
|
||||
cp -p mysqldyn/testing/README doc/mysqldyn/README.testing
|
||||
@ -676,9 +639,6 @@ install -m 644 %{SOURCE49} ${RPM_BUILD_ROOT}%{_sysconfdir}/named-chroot.files
|
||||
popd
|
||||
%endif
|
||||
|
||||
# Install isc/errno2result.h header
|
||||
install -m 644 lib/isc/unix/errno2result.h ${RPM_BUILD_ROOT}%{_includedir}/bind9/isc
|
||||
|
||||
# Remove libtool .la files:
|
||||
find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';
|
||||
|
||||
@ -708,15 +668,15 @@ rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/named-nzd2nzf.8* || true
|
||||
|
||||
pushd ${RPM_BUILD_ROOT}%{_mandir}/man8
|
||||
ln -s ddns-confgen.8.gz tsig-keygen.8.gz
|
||||
ln -s named-checkzone.8.gz named-compilezone.8.gz
|
||||
popd
|
||||
pushd ${RPM_BUILD_ROOT}%{_mandir}/man1
|
||||
ln -s named-checkzone.1.gz named-compilezone.1.gz
|
||||
popd
|
||||
|
||||
%if %{with DOC}
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_pkgdocdir}
|
||||
cp -a build/doc/arm/_build/html ${RPM_BUILD_ROOT}%{_pkgdocdir}
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_pkgdocdir}/html/.{buildinfo,doctrees}
|
||||
# Backward compatible link to 9.11 documentation
|
||||
(cd ${RPM_BUILD_ROOT}%{_pkgdocdir} && ln -s html/index.html Bv9ARM.html)
|
||||
# Share static data from original sphinx package
|
||||
for DIR in %{python3_sitelib}/sphinx_rtd_theme/static/*
|
||||
do
|
||||
@ -729,7 +689,7 @@ do
|
||||
done
|
||||
%endif
|
||||
%if %{with DOCPDF}
|
||||
cp -a build/doc/arm/Bv9ARM.pdf ${RPM_BUILD_ROOT}%{_pkgdocdir}
|
||||
cp -p build/doc/arm/_build/latex/Bv9ARM.pdf ${RPM_BUILD_ROOT}%{_pkgdocdir}
|
||||
%endif
|
||||
|
||||
# Ghost config files:
|
||||
@ -795,7 +755,7 @@ else
|
||||
/sbin/usermod -s /sbin/nologin named
|
||||
fi
|
||||
# Checkconf will parse out comments
|
||||
if /usr/sbin/named-checkconf -p /etc/named.conf 2>/dev/null | grep -q named.iscdlv.key
|
||||
if /usr/bin/named-checkconf -p /etc/named.conf 2>/dev/null | grep -q named.iscdlv.key
|
||||
then
|
||||
echo "Replacing obsolete named.iscdlv.key with named.root.key..."
|
||||
if cp -Rf --preserve=all --remove-destination /etc/named.conf /etc/named.conf.rpmbackup; then
|
||||
@ -880,10 +840,10 @@ fi;
|
||||
|
||||
%files
|
||||
# TODO: Move from lib/bind to lib/named, as used by upstream
|
||||
# FIXME: current build targets filters into %%_libdir/bind again?
|
||||
%dir %{_libdir}/bind
|
||||
%{_libdir}/bind/filter*.so
|
||||
%dir %{_libdir}/named
|
||||
%{_libdir}/named/*.so
|
||||
%exclude %{_libdir}/named/dlz_*.so
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/named
|
||||
%config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.root.key
|
||||
%config(noreplace) %{_sysconfdir}/logrotate.d/named
|
||||
@ -891,12 +851,13 @@ fi;
|
||||
%{_sysconfdir}/rwtab.d/named
|
||||
%{_unitdir}/named.service
|
||||
%{_unitdir}/named-setup-rndc.service
|
||||
%{_sbindir}/named-journalprint
|
||||
%{_sbindir}/named-checkconf
|
||||
%{_bindir}/named-journalprint
|
||||
%{_bindir}/named-checkconf
|
||||
%{_bindir}/named-rrchecker
|
||||
%{_bindir}/mdig
|
||||
%{_sbindir}/named
|
||||
%{_sbindir}/rndc*
|
||||
%{_sbindir}/named-checkconf
|
||||
%{_libexecdir}/generate-rndc-key.sh
|
||||
%{_mandir}/man1/mdig.1*
|
||||
%{_mandir}/man1/named-rrchecker.1*
|
||||
@ -904,11 +865,11 @@ fi;
|
||||
%{_mandir}/man5/rndc.conf.5*
|
||||
%{_mandir}/man8/rndc.8*
|
||||
%{_mandir}/man8/named.8*
|
||||
%{_mandir}/man8/named-checkconf.8*
|
||||
%{_mandir}/man1/named-checkconf.1*
|
||||
%{_mandir}/man8/rndc-confgen.8*
|
||||
%{_mandir}/man8/named-journalprint.8*
|
||||
%{_mandir}/man8/filter-aaaa.8.gz
|
||||
%doc CHANGES README named.conf.default
|
||||
%{_mandir}/man1/named-journalprint.1*
|
||||
%{_mandir}/man8/filter-*.8.gz
|
||||
%doc CHANGES README.md named.conf.default
|
||||
%doc sample/
|
||||
|
||||
# Hide configuration
|
||||
@ -958,7 +919,9 @@ fi;
|
||||
%{_bindir}/arpaname
|
||||
%{_sbindir}/ddns-confgen
|
||||
%{_sbindir}/tsig-keygen
|
||||
%{_sbindir}/nsec3hash
|
||||
%{_bindir}/nsec3hash
|
||||
%{_bindir}/named-checkzone
|
||||
%{_bindir}/named-compilezone
|
||||
%{_sbindir}/named-checkzone
|
||||
%{_sbindir}/named-compilezone
|
||||
%if %{with DNSTAP}
|
||||
@ -966,8 +929,8 @@ fi;
|
||||
%{_mandir}/man1/dnstap-read.1*
|
||||
%endif
|
||||
%if %{with LMDB}
|
||||
%{_sbindir}/named-nzd2nzf
|
||||
%{_mandir}/man8/named-nzd2nzf.8*
|
||||
%{_bindir}/named-nzd2nzf
|
||||
%{_mandir}/man1/named-nzd2nzf.1*
|
||||
%endif
|
||||
%{_mandir}/man1/host.1*
|
||||
%{_mandir}/man1/nsupdate.1*
|
||||
@ -977,21 +940,21 @@ fi;
|
||||
%{_mandir}/man1/arpaname.1*
|
||||
%{_mandir}/man8/ddns-confgen.8*
|
||||
%{_mandir}/man8/tsig-keygen.8*
|
||||
%{_mandir}/man8/nsec3hash.8*
|
||||
%{_mandir}/man8/named-checkzone.8*
|
||||
%{_mandir}/man8/named-compilezone.8*
|
||||
%{_mandir}/man1/nsec3hash.1*
|
||||
%{_mandir}/man1/named-checkzone.1*
|
||||
%{_mandir}/man1/named-compilezone.1*
|
||||
%{_sysconfdir}/trusted-key.key
|
||||
|
||||
%files dnssec-utils
|
||||
%{_sbindir}/dnssec*
|
||||
%{_bindir}/dnssec*
|
||||
%if %{with PKCS11}
|
||||
%exclude %{_sbindir}/dnssec*pkcs11
|
||||
%endif
|
||||
|
||||
%files dnssec-doc
|
||||
%{_mandir}/man8/dnssec*.8*
|
||||
%{_mandir}/man1/dnssec*.1*
|
||||
%if %{with PKCS11}
|
||||
%exclude %{_mandir}/man8/dnssec*-pkcs11.8*
|
||||
%exclude %{_mandir}/man1/dnssec*-pkcs11.1*
|
||||
%endif
|
||||
|
||||
%files devel
|
||||
@ -1010,8 +973,6 @@ fi;
|
||||
%{_includedir}/bind9/dst
|
||||
%{_includedir}/bind9/irs
|
||||
%{_includedir}/bind9/isc
|
||||
%dir %{_includedir}/bind9/pk11
|
||||
%{_includedir}/bind9/pk11/site.h
|
||||
%{_includedir}/bind9/isccfg
|
||||
|
||||
%files chroot
|
||||
@ -1059,22 +1020,21 @@ fi;
|
||||
%{_libexecdir}/setup-named-softhsm.sh
|
||||
|
||||
%files pkcs11-utils
|
||||
%{_sbindir}/dnssec*pkcs11
|
||||
%{_sbindir}/pkcs11-destroy
|
||||
%{_sbindir}/pkcs11-keygen
|
||||
%{_sbindir}/pkcs11-list
|
||||
%{_sbindir}/pkcs11-tokens
|
||||
%{_mandir}/man8/pkcs11*.8*
|
||||
%{_mandir}/man8/dnssec*-pkcs11.8*
|
||||
%{_bindir}/pkcs11-destroy
|
||||
%{_bindir}/pkcs11-keygen
|
||||
%{_bindir}/pkcs11-list
|
||||
%{_bindir}/pkcs11-tokens
|
||||
%{_mandir}/man1/pkcs11-*.1*
|
||||
%if %{with PKCS11}
|
||||
%{_bindir}/dnssec*pkcs11
|
||||
%{_mandir}/man1/dnssec*-pkcs11.1*
|
||||
%endif
|
||||
|
||||
%files pkcs11-libs
|
||||
%{_libdir}/libdns-pkcs11-%{version}*.so
|
||||
%{_libdir}/libns-pkcs11-%{version}*.so
|
||||
|
||||
%files pkcs11-devel
|
||||
%{_includedir}/bind9/pk11/*.h
|
||||
%exclude %{_includedir}/bind9/pk11/site.h
|
||||
%{_includedir}/bind9/pkcs11
|
||||
%{_libdir}/libdns-pkcs11.so
|
||||
%{_libdir}/libns-pkcs11.so
|
||||
%endif
|
||||
@ -1099,14 +1059,9 @@ fi;
|
||||
|
||||
%endif
|
||||
|
||||
%files -n python3-bind
|
||||
%{python3_sitelib}/*.egg-info
|
||||
%{python3_sitelib}/isc/
|
||||
|
||||
%if %{with DOC}
|
||||
%files doc
|
||||
%dir %{_pkgdocdir}
|
||||
%doc %{_pkgdocdir}/Bv9ARM.html
|
||||
%doc %{_pkgdocdir}/html
|
||||
%endif
|
||||
%if %{with DOCPDF}
|
||||
@ -1114,6 +1069,9 @@ fi;
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Jul 20 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.4-1
|
||||
- Update to 9.18.4 (#2057493)
|
||||
|
||||
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.16.30-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
|
@ -1,34 +0,0 @@
|
||||
diff --git a/lib/isc/lex.c b/lib/isc/lex.c
|
||||
index cd44fe3..5b7c539 100644
|
||||
--- a/lib/isc/lex.c
|
||||
+++ b/lib/isc/lex.c
|
||||
@@ -27,6 +27,8 @@
|
||||
#include <isc/string.h>
|
||||
#include <isc/util.h>
|
||||
|
||||
+#include "../errno2result.h"
|
||||
+
|
||||
typedef struct inputsource {
|
||||
isc_result_t result;
|
||||
bool is_file;
|
||||
@@ -422,7 +424,7 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
|
||||
#endif /* if defined(HAVE_FLOCKFILE) && defined(HAVE_GETC_UNLOCKED) */
|
||||
if (c == EOF) {
|
||||
if (ferror(stream)) {
|
||||
- source->result = ISC_R_IOERROR;
|
||||
+ source->result = isc__errno2result(errno);
|
||||
result = source->result;
|
||||
goto done;
|
||||
}
|
||||
diff --git a/lib/isc/unix/errno2result.c b/lib/isc/unix/errno2result.c
|
||||
index e3e2644..5e58600 100644
|
||||
--- a/lib/isc/unix/errno2result.c
|
||||
+++ b/lib/isc/unix/errno2result.c
|
||||
@@ -37,6 +37,7 @@ isc___errno2result(int posixerrno, bool dolog, const char *file,
|
||||
case EINVAL: /* XXX sometimes this is not for files */
|
||||
case ENAMETOOLONG:
|
||||
case EBADF:
|
||||
+ case EISDIR:
|
||||
return (ISC_R_INVALIDFILE);
|
||||
case ENOENT:
|
||||
return (ISC_R_FILENOTFOUND);
|
252
codesign2019.txt
Normal file
252
codesign2019.txt
Normal file
@ -0,0 +1,252 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Comment: GPGTools - http://gpgtools.org
|
||||
|
||||
mQINBFwq9BQBEADHjPDCwsHVtxnMNilgu187W8a9rYTMLgLfQwioSbjsF7dUJu8m
|
||||
r1w2stcsatRs7HBk/j26RNJagY2Jt0QufOQLlTePpTl6UPU8EeiJ8c15DNf45TMk
|
||||
pa/3MdIVpDnBioyD1JNqsI4z+yCYZ7p/TRVCyh5vCcwmt5pdKjKMTcu7aD2PtTtI
|
||||
yhTIetJavy1HQmgOl4/t/nKL7Lll2xtZ56JFUt7epo0h69fiUvPewkhykzoEf4UG
|
||||
ZFHSLZKqdMNPs/Jr9n7zS+iOgEXJnKDkp8SoXpAcgJ5fncROMXpxgY2U+G5rB9n0
|
||||
/hvV1zG+EP6OLIGqekiDUga84LdmR/8Cyc7DimUmaoIZXrAo0Alpt0aZ8GimdKmh
|
||||
qirIguJOSrrsZTeZLilCWu37fRIjCQ3dSMNyhHJaOhRJQpQOEDG7jHxFak7627aF
|
||||
UnVwBAOK3NlFfbomapXQm64lYNoONGrpV0ctueD3VoPipxIyzNHHgcsXDZ6C00sv
|
||||
SbuuS9jlFEDonA6S8tApKgkEJuToBuopM4xqqwHNJ4e6QoXYjERIgIBTco3r/76D
|
||||
o22ZxSK1m2m2i+p0gnWTlFn6RH+r6gfLwZRj8iR4fa0yMn3DztyTO6H8AiaslONt
|
||||
LV2kvkhBar1/6dzlBvMdiRBejrVnw+Jg2bOmYTncFN00szPOXbEalps8wwARAQAB
|
||||
tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5
|
||||
LCAyMDE5LTIwMjApIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBK4/rHln
|
||||
EexZ/AB6pHS7a5pMuz04BQJcKvQUAhsDBQkD7JcABQsJCAcCBhUKCQgLAgQWAgMB
|
||||
Ah4BAheAAAoJEHS7a5pMuz0476oP/1+UaSHfe4WVHV43QaQ/z1rw7vg2aHEwyWJA
|
||||
1D1tBr9+LvfohswwWBLIjcKRaoXZ4pLBFjuiYHBTsdaAQFeQQvQTXMmBx21ZyUZj
|
||||
tjim8f9T1JhmIrMx6tF14NbqFpjw82Mv0rc8y74pdRvkdnFigqLKUoN2tFQlKeG+
|
||||
5T24zNwrGrlR3S7gnM47nD1JqKwt4GnczLnMBW/0gbLscMUpAeNo/gY4g0GV/zkn
|
||||
Rt91bLpcEyDAv+ZhQZbkJ49dnNzl5cTK5+uQWnlAZAdPecdLkvBNRNgj/FKL41RF
|
||||
JGN6eqq3+jlPbyj9okeJoGQ64Ibv1ZHVTQIx5vT1+PuVX/Nm0GqSUZdLqR33daKI
|
||||
hjpgUdUK/D0AnN5ulVuE1NnZWjVDTXVEeU8DFvi4lxZVHnZixejxFIZ7vRMvyaHa
|
||||
xLwbevwEUuPLzWn3XhC5yQeqCe6zmzzaPhPlg6NTnM5wgzcKORqCXgxzmtnX+Pbd
|
||||
gXTwNKAJId/141vj1OtZQKJexG9QLufMjBg5rg/qdKooozremeM+FovIocbdFnmX
|
||||
pzP8it8r8FKi7FpXRE3fwxwba4Y9AS2/owtuixlJ2+7M2OXwZEtxyXTXw2v5GFOP
|
||||
vN64G/b71l9c3yKVlQ3BXD0jErv9XcieeFDR9PK0XGlsxykPcIXZYVy2KSWptkSf
|
||||
6f2op3tMiQEzBBABCAAdFiEEFcm6uMUTPAcGawLtlumWUDlMmawFAlwuSqAACgkQ
|
||||
lumWUDlMmaz+igf/ZW8OY5aWjRk7QiXp93jkWRIbMi8kB9jW5u6tfYXFjMADpqiQ
|
||||
yYdzEHFayRF92PQwj81UzIWzOWjErFWLDE2xol9sP5LdzeqoyED+XTqKggpVsIs+
|
||||
Lq672qnumQoZKp1YGb8MDocU2DNg/VsMdi7kCnEnPbcSuBxksmxGYomusXNrAF94
|
||||
1OJ2sqd9BuFamLIyn8XUCGGYlsvMoe4kTCg6Cc1sQvx0lDG8urKN57jBKWbP4alV
|
||||
+JBV5KQcf74gzPmE3ypgY1tMEwxyH/WyS9ekDbai0qauX6eUAsM1bduH8fIcknLS
|
||||
Zl5hrJTrzWFF9/DKOth8QOwhJ9zoIF1fcAsx9okBMwQQAQgAHRYhBHpqR7X54SM6
|
||||
0lUrXL2X3GOe6MR7BQJcLktcAAoJEL2X3GOe6MR7jwEH/iaolMeno1oeWAgzN6Mg
|
||||
bx3maweh/9Vqty1fwk7Crq1G78X5i1OCkknEL2p0Bfle4ApwcC4HZVcqCgoYpRV3
|
||||
/EEXtwkMNy3plWdBbLCQSev/E1D39GzgAHiMnv7NUJnkoJbvMrvrAiUTXPTtARMM
|
||||
gjEpvgEs60wuJxS8ESomRhe/KW4myxDoBxF+K+e5bOkOvvWVcAYJHWZ1BIZs4n6b
|
||||
+C2vO8q5aKTkQ/XvNT7utbTOqj1SGhItRaAQKXHBdzkQ1Et3wTA4+uRg4gK12624
|
||||
9LperYs26w9X9UzApl+qVxQhtWUw3tnUXMastDfQrRcvJgq1xpv++OqX5Uc93RTf
|
||||
SNWJAjMEEAEIAB0WIQS+DpdItxglOii7if/xsRvwXPAuVwUCXC5LlQAKCRDxsRvw
|
||||
XPAuV29KEACEwlTVVKe4gnBYHnlAD7csoQ0+gJ6C+Ofzlw+UItRIcFeVCAknSGBs
|
||||
NPxr9JStIvKpmsbSKpCNUEAYnRP2immh94y/C6BuTe1uUUmqBGr1f4OAUwZpmI29
|
||||
ixYeY/uUs9FZO3bS0/WtG46tdcJK41qtM0DYAGT3oeZhJMTW15dfvMGlFukauSOU
|
||||
+BbR+6sZhqdbWl/AOTE/6x5otnAaW0GObY/BW240Xq/KTgBrzVdK5qNoYsMVsiTd
|
||||
0im0JKvFG08ED+ZfcILhlO6G9jRhoTkhtYuf8CKN1dPf2IoB5FrRFf0xqRr9hNlk
|
||||
X7ViNMP9OPb8i3BubWvRi5rNSquCwrFATSiAgaA9Yi1BNzQsmQxOql9lsh7eCH7m
|
||||
+8zzUg9umWI6PkSv8vHBo2kPX73wmtEsF6vxJlk0yDBuQw7y0uuKh406tEEk4cP2
|
||||
8U4baq+ihpioupDhNuEII1h1Eh/RBE408RAOpcr+2F0m/fKOoJyz7u+AxyV81Ia6
|
||||
fyBnUfZnlfKo16w87c1HJRs9dKkRa5yGziBf9TcED3sru58Pftes2Nr80/iOh26i
|
||||
P2pRihcIyrmeAqDWnneErVCmPMDTe6zkMrm/0iZ25/Jfq+M8IHEzFEw3Y1FBOeFg
|
||||
9TyMDwYG2biJPTNTDO0BQ+Rrvs4SjFWEYSxgJSvG1jMfSPt5AR6MJrkCDQRcKvQU
|
||||
ARAAufZX5WzJr0lZAhxaGpHY6JMBr4jVOCP4TrDZhwC2K4CXNM/PLLNisWzquiWa
|
||||
FvUDhB89kCxrEhipwVFYhBr16CDQxrr8yhah3RIxrBMYhRTxgIAkANgkhGWfDJSE
|
||||
zXauA7krYtS3rYwhfXe4cNsTkLPbnMUlyLJcqj2wnZcZIt97aL+NFRPyfIw1KfUb
|
||||
9u3tB9seDYbvTEULeL07aTnHpWM5f3bTwJrJ2OFPzXseCCzPiVNh3Bv+YtJ1pMTr
|
||||
c/UHO5DoJuHLsF0wicPSrpD0twspFdR/0rT6eNycsaCtV4GQzBcMPvY7qai5XrZm
|
||||
Cqgluo1W6l6+F5YrKvRMtyyFkUNGcPywdjSlP44JyRrS2uzvFUViSsJArcmFG2TJ
|
||||
LCohnse8wqjw0dIUVbmDbE4zjaG56zkvu0k+04Wwp3XPgOZrbl6cbhX3yLhu/Gt0
|
||||
dzd9EReoNfKXk32hBzKas/vdeB5DZejbOOOWYftqyZC1LvDvvrYFhFK6VGozfZ6L
|
||||
Fml1hzn+xPahp5tRv93/T9zXeVPm9zilGMqm/gjRgh8ojWxNQoNzJyqTPWIvWmbu
|
||||
EIP3T3cTFq6lJpJsg3+sfzofGWZCGnBZQGqm8rEOoUWiaKe1BvQCX1x8p4/x8/tX
|
||||
TaVDpQCGoqxXt09plkDuGMuiDICxBlaHWUR2jLoHc2cLrB8AEQEAAYkCPAQYAQgA
|
||||
JhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcKvQUAhsMBQkD7JcAAAoJEHS7a5pM
|
||||
uz04pB8P/Amfg54IFeALiPOrKbjC3bVAQzrsf09IL8sUln/LCZIx9HgGAJj/f35S
|
||||
Q35sK2ucjWiDX6qCxVrWmC6caQXFgXOFSKIlqladmmgj4sIdLM5wj4nbomHChpB5
|
||||
rqV/GgkFwWBQ3kPCatXvc8Bg+zKJ+wXgTuPFXefyE9R+SLuas2grQ9hAjvTGHYbq
|
||||
iYxSlNDFc1aHLAQ3bS76351MHuMHOpLzoB0OkZDCVNW4GNEqrLbINdr50RAK+Loo
|
||||
Z2UBIobEZjXYor9A2FWkSvdjyz6X1QKMdQMath6R91k/O0abBa7ly4/805eAGXM3
|
||||
w1Xf2eMlpiUs69BeYoJBklK8aNMntpDREunJjhiPU4JoDzSxl5Qv7LuXylyo0YJA
|
||||
9YmydKhTTcRdwsKc//nGr/ckg4BRl+VbtJBYvd3xGB7IQ+pT/TOakv9qCospAhr3
|
||||
EQjVP/XpnWJRd+x+dq8UXqwWmTenWDE42cNr7BDFJdOqS5ZWy4sIz4sdjpSxXMB9
|
||||
8iiRtKSpKRCJgXScB7SYebh835EgG2YyQGdhJMO7C6ok9POYQBqL8sBqRzImJKoT
|
||||
VDvOH42WArKwJWTHa4mPdiDHEIZlkONerec3JXtl4Mfv8cwZ5Lb8fSiB/x8AWvqs
|
||||
puc/7hQtkus4TcgutS1fwhAwpnFItpVF6+73CMQrJsblBdTjW0T+uQINBFxbVHwB
|
||||
EADebZOJbhPdhHeBPdlZYE3rRjB8scDpWdjrCupfmeTC9MM6JgCE4DEMBtBXk+h1
|
||||
+7wfpblYYNFwGVFvytG5nvGRDtHWxwd1Z9O8Fx4Zqu0Fx/wAn7ZL3ryE+tdHR7JK
|
||||
7SLxOa2X49T/8LY0U8Q65I4ZRo/b4VMcXApCmncw3QSRqHT/mYdNnf+HHPvi3jza
|
||||
md3iVptCS4Iaisc079DFda+htWXspBc13lmPi2vGQkWjjS3B4yO8JackyQPVhpsg
|
||||
KYbRBzOH0Kii8bXmyA6O5uIJYEddp5Veged4FE/ej3CrgGP1D0Yk1epx8lLbi9RB
|
||||
kwFS7DA5rQ23UnbSy1WyV1ZgPrWqQAWuGpjMTVTWN0ElI3AGxAnE8lZlSXyE+XyV
|
||||
uHjjIVrayBjLKVqDuSLdKZeCvI4QsyHH6F0NKJQkngvXxLZYxO6s0c2EFFLzdVWT
|
||||
1V9GMP8UsDrrb+JsZjUVmPR1tTP4xqEQG6KjfFoQm5XWpGtFwh91OK1lwf/Bx2/C
|
||||
j+PquLLFcj7hEP79VDTUZPQAduTTxIeTzHXH+x1PCHFB10xxH3e82VSdJeBUrJxn
|
||||
riXzK50SKTTmF+uYpHqE8Jg1N2Y1n5ksuxeYUy8PFjhAeBCqZ6ZcldUDf4999e/z
|
||||
PT8bwfCDr8jRdqJHrq7RxTJiP5RsMudWpKeohzJGwQ5uZwARAQABiQRyBBgBCAAm
|
||||
FiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVHwCGwIFCQO9IQACQAkQdLtrmky7
|
||||
PTjBdCAEGQEIAB0WIQSVztolaxygoV8wL7WVIaftXazpGAUCXFtUfAAKCRCVIaft
|
||||
XazpGPeMEACm9nxA/VKf8RxDo2ZuTgyuSwlR8tCjAE4k3+UoiYUbamkW4pjx9Vgd
|
||||
1zC5bNxSWZ5vlJ4CH8ArKFqNK5LBVDZqhYureAo/1Af2b9vRJw0/QQHhuXz/jqeT
|
||||
wwrLuKpy796Gpt+aFfcmS0ZC4QXfxJERhAP6tu1p6YmAsSb+bjziQVkKrt9mhOrL
|
||||
dtz6WP0Fg1joRj33FgnnLtayHvtgQrNFI3ztCjk/B2FjYZxqbBGfk5gyo0cTE2Fi
|
||||
oLhG/XrxIoZepFMJkGYETnYQXrOt2KuJLvawV70YQmG8EqHYY8drKA0XDZs8TVdT
|
||||
5cvGvtm8ERz5znsssRBxQMI5Ml6O2ahrXp8Eq4htCzlvO8t2MOtzvqAJRiyAd6bA
|
||||
Uo+MGVRpnvePOR1SAgBXCd416rF0iCXc1utZxnqwdq9kJAZ+8mCLx4N4jk6AdGpX
|
||||
zcNkLg7QmUzXn75RxZ6GrIUYZJNMlswXq5XhSW4o8ePlaxWjh9+QTtU964AZhpA1
|
||||
uoHsKGTBxHJs0w6McZm14kb2PuaO2/rpf8s8IZyc93+Y5O/gHZ6/agBjA9qN6wkQ
|
||||
R1d5UhJC4QS/m35rBGBKK9X3fqQxaBCio6Qz+m4A3GchrztJpq+2P+ma5ylsTq5j
|
||||
V4njky26WNtrV7+N0C4Moj3I4Qn6YU/eSManTXzHzoiPZCEH/IOxgXIiD/9Zm3Zz
|
||||
I+h4NCfSGyP11/w1gEzlTHQ4at/FXIIDh0Y2ZNpWPffuFQLtcER2vyKPwhDYpGMy
|
||||
NNHXks4azfrXVCv0wmSNBbeS8pJrYtopZpCEBrAbg/YLv9m5lpDSRHaR3gv/qMZ7
|
||||
QxY+NwqciqTwGq68PuF4mDSvtfuFmbEES9Iybiie+eL/6DU2knfBjgshUe6vElR+
|
||||
LYoPQ45GY2IxRTJ1pMXaZw1+evwH3UvseRGkRygiaBgoU/qR4prynvjMQcacCa+C
|
||||
aRnXZJYp/usVBeY0xut9toc9/OcLGoBr5h9l5YjruO2vu8VHou8N0tarVQn3YbQR
|
||||
Fi+YtNtclWJa8Pq1AsKRTCFwDwP6eODv6mNOrEFydNRcpiQmzp47VWF/YHRfHzCq
|
||||
A1wHLxLUrpQTaVw6J4FqedAQ31aAO4faA7MS+ZMNBqZCZ7lTGC6TvojqqBAN2yX7
|
||||
AnnYpZHM+lGpi2/ukVzLqSkGmdNOgbu+UZvoej3YnHYig4yWP+z2xrlJl8bkhU/d
|
||||
r9IQE5aRCEPB/JWhHJ2/GqYl9qjshlB52+6X2KDarwptOtzT9ooArYhpMwKIYh34
|
||||
c7X8tlAKYk7V5j7txIRFDKKAftC7dM82PntXJxSkWyR70GYnYjiXyrqqerqT7xIC
|
||||
mDEQgFOPpy09zFW62paO9uiZw6qwybwqgGpoX7kCDQRcW1TbARAA3ERo2mPv2VVg
|
||||
ZUFr4MtPDm4UG00YJW/LYa3D3k0e9tdSScACXprk1sAoxUlQx/CSdErPKwXG4rax
|
||||
iN4t5nICUUNYSC0dh09G25jC7nwsWc0AYyZu+h/FzfvpOm3fBwmBlzILlGh0URwH
|
||||
Ffj9fHt6hos4C+3PFZZ/X24aMJF/cov1oYi9rqFwt/l0mgtPE88Iyj2/Vp3Lergg
|
||||
QMzKfEuyluj9fL2cgU0Qa7oAPXmaxhHtua4cvbM5SXGo3FXjIgzH9OfM+2orebeN
|
||||
wH1M3ec6w+nPmRmCJLvPKGOeS7GVXL5/aOyPlDWzSXYnpCKS2ntw4K4nt0IA8n8z
|
||||
1db109l/C2noDrDSJEqOo843ShNGTYOMVUrj3a+Y7o2ATc9pNZalf0PwnKas7NDb
|
||||
IJ152PEQw665iYXcv2awjLF6W0yuSq8kfiaAxIrsie2Dto0zgqOs0Ot9Y74u11Hh
|
||||
wBSHUO3mEZJScAAcI/yDF2PvjvCQSzu4mdXb77t6X2O6YHULz4A7bVQCMazcTDI9
|
||||
/S0W2+ixPnnJVnE3xgjK9zuizji8JDJw1hJCQM+yTLVqq9pfvcRfQ6uwpMRzz/O3
|
||||
S0zDRiA69/GyfNwkpgz5QaGpY02IK5WrQU1doRjIz4BHAYzoIOkMkRqTtjdElQZw
|
||||
/D3wSO2uwsEMNwRzibR/Lz1JF2aGn6EAEQEAAYkEcgQYAQgAJhYhBK4/rHlnEexZ
|
||||
/AB6pHS7a5pMuz04BQJcW1TbAhsCBQkDvSEAAkAJEHS7a5pMuz04wXQgBBkBCAAd
|
||||
FiEE1wyE5ktVjlvM7AchMuIXXx11eioFAlxbVNsACgkQMuIXXx11eiqCfQ//SFDf
|
||||
rOIEoslp6n6vlCuavOg02wvjskKQGP1P1Q4v40Fw1Gl87n9uXAoMpeF4H+pzUxOi
|
||||
BHYCQi+EemwocSThzaWfPzd3JG/0OcRymf+ZOcBb+58VJL7p88QdMFIAi5J+KMuA
|
||||
fEG0zLkc9anEnXoVMmQJX5K+6PyeVDvBbYGjLjQAsWTZTiVuQI0w3WxFtDGWqQII
|
||||
8e/qE0DA7c/auGn7j2hid308+FcdfpmLefW9YesWjE1yYvHoCRdFOJ/7Sft4MQCI
|
||||
Re7UET3TRMBvtisP2DcqyzGPp22s4ZYFCCJJNiB92bXdEl5zXe4Ff7JTfNE/QrR7
|
||||
Wg5R9hZHgHdbp8p8bA3f0y29YCx3puYg7BbmQWiMh3rXWE5b090pSpw0K9BQU3vO
|
||||
irr+5/2TaFOJXHl4VF03GrWsSncShCbdsdRIv4TB0lY2mN4q+e7bjlAzJJeoaS97
|
||||
GIqu3DBlAJyx/ZwWW23DXXwoQ4jNuJhpl2jaCE7rVQB0uLjbp0i9Zdd4SdYZxmO/
|
||||
Y+JfgoJz8eyx8wZi4eDz1ijN0WKsIGjxJH5VUK9STjijDMeG6ZZRLc6b1QCGhe97
|
||||
ZbDkEUTdQGoeu4L5Fiqoma13NEsf8ofBDv+myJm/O67Va9JI3gxhIrhmF7LMzQQp
|
||||
lYx2peZC1CmhEnn83dtt83mhXvX6Dth657BW/Qd+GQ//SVuTPuNkBXfrTi4dbnv+
|
||||
cU6IsoIBodTF/WsQ6h4kbtsPhO5DbrsLNuNumrqVEN8jw+HUsEeNvFNeMrTPdG2V
|
||||
87ShQ4BQGkCf+GFRBj0myxxXOFZYQx6RpY5fCe7yOcTzpkbnPWmm7V8HdOuZ0NnL
|
||||
JNQ5YogOI6UvXVKv35R9qBo+G9jkhhb0eaAu6BERzKVANKfsGN7545ElZ1qlffMh
|
||||
AQhXGb6TsvCeSg2cWGb2cnVL2d58uVukD4PDiq4qqwgClkF3bOO70SIgGrCteHbi
|
||||
4Hseopex5m6GqqjoUYXr7QQBwSaQdc+gKtEjMHCsHbUyHRk0qEHdEe+2RmL0d0ra
|
||||
QMJfKyYQjcCR7tnrgN4WD1h4NKRdC/KRW31MDmH9XVPrkOMQCUCnArXkOwdKWsKf
|
||||
h8af9HqweXOT1FHJN/M3tWaBpv6KoduF2f2pj1VhPZ2EqFUycJ26lrHyOpsynQR6
|
||||
+TD+c1uXotDwKN5RW+YL1cydk6mhib64fdOyPUeTcHehjMAFgM2f5wi35Ujcj8id
|
||||
37cWOqRsggSbMnGO4AUA/YtcVNG8TjZbakson8ENK7e8q4sEiNFUZ7/CtzNokwHQ
|
||||
5uOG1+qB85Y4ImGnIZVeiBpjt73VVawg4Zvm/omtW50P9R+4rVhMJZZFAgrWg8BH
|
||||
H/KNznW0vUuShG8B+2FA/eu5Ag0EXFtVDAEQAL5ftI1GgVJEFgX5VsuFnfBnH95c
|
||||
zqmwEXaTP4s7Xm3O0Wy579EzRUD1eEw/UaD/q2OHScwvMP65cZYQ9w4hnCN6H96P
|
||||
96Teo7LOMCssvSXIO7gqP33LKTqDzsIoAFHwWE3dq1jbyP6T1Je85mr0Edvk8kOC
|
||||
B1hudswAARno/7X9zGulhhwuEHk5Iey7R59yRUQqBctdNcetGyaiFjjX0evuVADi
|
||||
/z/s07XhDLDt7+3Vglh1/7XGC64QhB9QjZ8j0u7+0xfmLLjhi+7EpkDlAHIJXX1H
|
||||
0wAsPOGKlYruQUmIsMNfBINZeulHEBZ4cAd30xsM296DzJ6QL9sAGfYMhRs0YHB/
|
||||
EJ10Zv0iw1pU2jCCUv/9Kf4F4nwgHQWQP7JAbfhOIUOUq/YlxjTLnkd25+7vD3KH
|
||||
NQ6UiRDROR9Jwetpd/zokpf5O5iTBpVL+sCq+NsTZyDOjITve2sY0V8v10M+Z+pL
|
||||
cp/cUZ4JEDS/WJ4/ovBNJP8b+YwN/RBgCjl8UBX/N+e7AA52eYP2H9GK9XPkzSCE
|
||||
VxEf5PyjGrwedpoLkzagrHsDuWo3uBquLyneT/ozihqKQAuInUy5B7rWU4mpKHe5
|
||||
Vto5o6Zuj+6MgHgIQzRK6Da2ziMNEmroxwZibcYCtUPdvcvxGh+byclnzBclKjOw
|
||||
kAalFPx0SxEbHmzPABEBAAGJBHIEGAEIACYWIQSuP6x5ZxHsWfwAeqR0u2uaTLs9
|
||||
OAUCXFtVDAIbAgUJA70hAAJACRB0u2uaTLs9OMF0IAQZAQgAHRYhBK7WIv4CB360
|
||||
tcFGwUKiedJIzcMQBQJcW1UMAAoJEEKiedJIzcMQH+cQAIQYXDnqi4Hl21LtAgky
|
||||
pZxug+x/LECVlwkrIfaQF337+fG+H9J7SdU87Sn1Xe/YUgQnF0XP/fjIVFM0e/Tb
|
||||
xVlmTFqiejLnIwJJDgUaHO3POT2sGEyO3tc0mqSzyRBxtMQ8yvApccBhL5QODv3h
|
||||
hlRWgk5MXU0IPeXw134IWm+o/PRiPBoXPawvVfEVIBlUFaiSZASf4BAiSad4aJQe
|
||||
P8PyP7FPvQB1xiib0iSetn6ZmNeN2OSUJPiPA8aE9JCKuFtomVQEDM0BqQDl5A7h
|
||||
5O2uyf0Li+/ArqBvfBjrH03e5zbID02dO3D2BjsV3jUeVPQ5WDgVg8LH+nfg/rRy
|
||||
wfCsx9zFp1mt3K4xN2v7IKwxGndApgCcx17gsjzMvLz0J7sSGov4MNjzqvGEDKCl
|
||||
uUvNKXqy7je9xcQLpoyvWtoWFXWTbQAcK5Vv+hC67r9bHpjI1KuqA8hYqNKxsv7s
|
||||
wiLZdd4SK9SIuwf0j8/XTZwmoFfGolJil0ZNxyqBF39+CMVpaHdLM1qKZz99TVzS
|
||||
h4obOOjkUjK458xSo0XCbJ4qXYp7PgxyWK6GIbTozbbG/1ldw+LUnqxt8Shf797L
|
||||
J9lbI3ICuR2P5PYlKJf3b6D9GyfqyrP387fKAKhHsYkZ1XD54/8wIgTrdfeNPtL0
|
||||
1mjWDjw5KvO9kuPBjcmzgt+NrtsQAJwKeZsiqLLcY8kJ9xP+/xtTlh2iVuZMfxwq
|
||||
hwlo4MMCzpobLDZ/JKU398m77eboTKJSBfeUYxQd4ATn1L8NLKjLxKAaBkjEk0nN
|
||||
8w9OUQbFlhQ/asLzzF7Z9IGGh9/SEgBZ8V67a0O3Qw9Xdi3ARK3bbZ8RIVJ0+P9G
|
||||
CGrfq9j4ZmGA2L4irLjsvDAv7CSMb4WBKW8j0Jz5LFMwOMJgG1TT5c6lNqFj6y09
|
||||
rZcVLnt8+lUv2Bw3LC0oI1TjFkrrCzIdfg++mPi3K/ZFc50bvnWF4eCOjgZ5U9Vb
|
||||
sxFZq3+vTRcIfI9z2lZ9CNDRA1O5jGvuVtEGLiSLF2aJ6kiNriLuuGTlXfg/Fpgh
|
||||
GTvyppOTzF7PtHzHBQ/ZjnhWojnc/jyJRwLK8cCl6+EOc887v8BDmqgFWtmycsE2
|
||||
5fDJ7UFGP13g/eDL3ZUgMDty5dQaUOTX145t2KT+lMqpY6ZK2EC+eoqrnIGJ+tYy
|
||||
0l4RRxi10mbNhuPIIDdph7X+mUHgCeA9gyF0Y+LqiB6CX+zFg7ovLvnCbMPxdGXq
|
||||
z7AjfwqZBKI+BVuBeDtyW4onmElCu5cXNKsg3W0IlQlZf9PMDU6Ht0XLUs7EPfbQ
|
||||
sH1Vqi1XE1W/tGnkmjcpG/qlt9Gx1uwFGLP6iomqUBc2c0GZ6R1xplXvd3w3yC8d
|
||||
8lAgPGImuQINBFxbVToBEADkuxhQx9gxlzzCc0nUu2v82XsD+GzONp9irt14gslx
|
||||
te96eKaTXTi0t5eya0X5TIY3wbREwjlfAeM9AfcAmWcsM4izrfPtANM6WOxB2Tbz
|
||||
EY2cqv7NBQii7Z5aqPyjcIiT0b0Gs2evlDkn3xEBBqTSrNcnGSA29bZPIkaUb7Qo
|
||||
p/Ani0S3/tgcR21gXsJwkgpfNKwvPT03Lz3/o5rXAyag0M/25adgk9SVKNcXc8h2
|
||||
HSGv5ENjwUKNNnowVbNLw4287mFUM2Vd6unGJ2MBj7aUwTrfBl7gNV96mMdDJWcB
|
||||
hGKYkxUvibuHCa2KH7gTrnV6X7sdrgD5CbJMPq6OZNSP6n6bUVg22eHxoETplFwT
|
||||
4NvV3clRMWIAG1XgXR1l99LAh7PPnPMM1pHQGPwYHQskoBFS4g5knzHpB9h9TfZ3
|
||||
MM4cDZR5NgWmE0fYVnWe5ax+wW0/IOklUoHv3qoL4yiN9wFJq2oLzUNQd9+tsqiy
|
||||
vxSTh8iYmHegyn5KuBPsrMPgvqiKOdalTZKkak9DOx4cGQL2qHspKxiBOb6uox2v
|
||||
fjMQ5bDeUn+4DYMdnZNHeywCUegJmDakUtlfvN+136IDHGwfdGcitqzswzd3+PI2
|
||||
qlwPE19gkrp9NUaD3Qj2ZtDP7sU2cThc6Gra5KRFW8f98bI77j1Wu6pCnYFLqPz4
|
||||
QQARAQABiQRyBBgBCAAmFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVToCGwIF
|
||||
CQO9IQACQAkQdLtrmky7PTjBdCAEGQEIAB0WIQR5HX64jryNAThDSqwz3zWa56YK
|
||||
eQUCXFtVOgAKCRAz3zWa56YKeSWOEADK8u03LESGSQlZQqnnCAI8iYs1s+XRMEnG
|
||||
2tAQ1OK7/4eNgr1yZckmaW4FBMgeEgYIBJ7v3SlW7Hf7dE10TYPNGbP6UxVW8HIP
|
||||
rA4CINcGZXWWwpS374JNMS6A5eb6viuEgEMEi00jx0MmLvCMZKypmwXQUl5YJ5nB
|
||||
ytpQ1681mCQxGBMhT1eKQt3B4nAsoEnP+HnqVM/nKxBemSBNXX+C0b/YeQoLC3sD
|
||||
L+Z0NRI8U6PZl9Rokod3uynH0vfBYCEJd6MvsjtnJlVVaseYIA3ESNrFG12tw95I
|
||||
wKNrVCANZ1DBSyK4ovmmWsDrH+uFTHSLNjlxIuVxUfmXcLfgcepVCmd/7Z7UrWYr
|
||||
SXSvP0VG4ZmEPE7tNb8bfyADftO1cVsmcHBQeSrgvpSrTv9L8MocojpR5vJc1f+a
|
||||
sBT7rAeGzZP9riz1GmryXawaZgdLfaaJfzRQkc1uTChb7kMN+UMhVUdCAXmho0XO
|
||||
SfcsW84u/LpjdYh2Ww41xQO6EWvbZDNgD/Fdmp8Uh1MqJ1Dejri6kjNn6wPImXJd
|
||||
Eu6nHqWDRdYsfT4XUB18tB+4aIpFzCyIgpf7p1uaVU7Oqip5sZkc/WXKr77lV23m
|
||||
PQvpGRNCzgU2TJY7ktR3LOvUVN6wNfLMHzeQk18NdmcEGUrJ0YYtl9vE5/Eg9L6x
|
||||
LBH9PKt17IQ8D/9DLwQX8pl3fuTM8ZbzIPLxiXhbgzBBTXKRE2u1888+RIq9xE7c
|
||||
aVFjwq4qpgqZ5SFonTcG4Pi5ck3mFAzyA5zLRF+ckpmBpwSPMpLwCpv10369D1jh
|
||||
AF3JsUwt6DIb2BISMhh2ThSUMSKO75q8GSotsKjJyjD6vl1x4L7WXubTWxEiNuwD
|
||||
3kAjFWS1Z1VWtA9SURWAbsDaCV4VmwCCpSIwRr9OTbyu9XuMdMxGNpl8SwW7MVQb
|
||||
x4aYNvR7Hl/wIR71AHAXoSfrKp3p12anXjYYASHmbm16ugP4H7HLMBfznKet2f76
|
||||
gIxJr1CsAMTSqypcC1UoVb6Gz8djeIR+GU+6efHI4TIUMy5uMIUx8tYbwSEeo/y6
|
||||
NnjpJFYYjJa671iSABInNxs4+X+1zrFa+wl45EnaFxziEet2Qzv/VsusoLvLwnYi
|
||||
BZckclAS5xoVGFW0WJ01OfLUDHxGMt9GSheL8c+GLMaMtaCWunpmmt9zZ9WdpBOu
|
||||
AGluMG1Cee50TrhXaGE8CdNr8nOdSeLNAveBAPmuVa0JDSe20/D/RuYJLKeG9Vsq
|
||||
BZvjuGlOUsfl6UjtiGRbgS9OWpxeez5ugc9yyV+rBGIpmnIb+9quz2HmGxE65eA2
|
||||
cRNsZRIjFLzeAx/0RMaT1nlLFTBbUuZ+tJ+fgFtRGMhifZn1pb2dMQo0N7kCDQRc
|
||||
W1VuARAAv4LYaNq2Zev/v7M5DnxLpgHRcMkG7TOQpycrlK5653llpZzTy3mh5peW
|
||||
vcq3IDmdeUIJxQ+WDh2f0vS+NIKDC/HAddfHrZPbhO7zLxLcMW5KmV05ancaRSP0
|
||||
s0+IyQmvVxUNrgPinZiphlvRGoLXS6pdgfc4jIR9B2umPecfvfu/6EWFPnXZgG8K
|
||||
yY3Z+mwrmEO0FaXHBQuu6nactiPe79N4bLe8hk9RW6yIxLBeJzIoOlIcJmuRHapt
|
||||
nS2lV3mfhZdFnkAp1o6a2TL5BwgMY0wZUKZr78HEMKh6LbPN9rPepf0neUeq/k1l
|
||||
NJU7V6XMS+rezF31vgSJ5KoNGYhxtWZ54uksH2rcw7+ltpSVtqY91G/vibpRCJG3
|
||||
LdX/kxHni1NEWyZlpS/6ntuH6HSoNYsR9IMsbESs3QVCH74ApK88CxYCRB0SEo0M
|
||||
yAElbQ3bfEKCKl/FwC4IzAYAJ2arWKwBHRSJlsrNCtczrjG7j3EyJrn8+Tm5yjO6
|
||||
0THQjvc/nBxrNE09r1Lzz7jrDWC9Rl+BH6wqdniymoYyUAQsX2rZ+Jhah1Zkf+Gu
|
||||
76qtY+EH494dPM+0FazcBlgBd6/J5mh3Wk9JuecXLTEUGtzd1GmI9CENPAklCauX
|
||||
tNOWeTop27djuKWsZxuP1GyV6UYixFVOSWteyAbA32cncVv/2ZUAEQEAAYkEcgQY
|
||||
AQgAJhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcW1VuAhsCBQkDvSEAAkAJEHS7
|
||||
a5pMuz04wXQgBBkBCAAdFiEEFWiQaF6g32oTce8gF8xdsfAIhAcFAlxbVW4ACgkQ
|
||||
F8xdsfAIhAd4jxAAiO9+VRQQ3eBOsJRgANdgL/l51kq7qE3u8xnSqNkrmdYDdT2H
|
||||
TYH5W4n2AmGo50BDafdjd6tut0qtzA3/hGWCooydxKFOsnIYziUeoHvlICj3RkHO
|
||||
y7utcFhAgRWi+kzFwnnXGf13dMU9iG7yvKrCrCEw44gzoQ1KnY1Xsj18n5JkqxeT
|
||||
94bzcSbz20OpOSIMfSQPrpy18WrZYwHodcIZ3IUUACCpMZdfTa9c/qHRQ/rcwl+B
|
||||
0JlHx0V4AYiSAsiMVgflO1Eqi7apPuwxPPd5nnHkrdDM9CYC3LdBORBXwncG3oZ5
|
||||
eTSXmsvFxHXH41JHsm/1QFcVmFAYhu9qJFCGiD+8UeTFtT+nnHU69BszgtUskqX8
|
||||
k9PqLdK7Vxkp16wc6WOp1NeIQ6Fd4PxTGrPqs9bJk7TlYtTFWpA0X+EMj/San+Ku
|
||||
PxqLEa4Ab12R4vs1pCrn/g1z3C/6ujH4B70HOrRTIeTjULJ6xdwXGtwUA09hio0r
|
||||
pHhtyZhAh5irUJNto4ZOk/Qyd+dfMsNvRJfbVIK2mmeRaBnp902AsQNgYVdi2Aki
|
||||
0h4kz3bVLGw7iD/xV2hV69+JwLSijkkmOpz/EjMwj0hDDYrHH3Y3o0dV3dNdk/5i
|
||||
6lQgcxSVsl9kWlHcoEllKbf0Hb1muKVwoGGYxFYna2jsLFVjG29M7iPSgrHjmg/+
|
||||
I3fmsLZ0VI9kmxniUlZ6gz5NB5PJ3RXmwKO9LkBgE5C1wpuZbNEQ1NsR2bprlJPm
|
||||
++GNSo8HaheuTRJn42kkOgfIJwjuvXih3FE/NtRA/W8H2uF6YLDjBKGZJbxQcmsd
|
||||
CTEuCRCVP8X7C5n3rl1YqzfWfNr8QFxvH7ivG7KOlSxvyTKcYatWb9uDUPrnr74f
|
||||
ZaMljHGsNyKj70MzZcrrsmt61yWGR0h+02rmIKlskl4hkh+qF5ehI+Bkd7eblsBy
|
||||
rxEREHq/ij2Vd7l0Z606YCE8vj8WfcsJj8JjwR3A+nND/oNJTTbQ3b8OvasvqIey
|
||||
WqqmGg73nbHjd/VIAUsfvnsEYatDk4pAA/wQr9c4T4s5Q/QRwDrAsa4J89FrDjWC
|
||||
hQBPL7TaP8Af/3Y3/86jLCN4lnW1qjPXv5rhBFeI0EVi1k1qdV06qr5HOk7CwQTT
|
||||
uc4rCdFcEnw8kVKZa/yFnlJfRa0Z4IwSahdp5fdFEuad6LpOcFFnYxWtIWhcg4GT
|
||||
RcMha/OZnsfqOqiAt6In+1IwuJBz3uMM7xw2AMaxzAejGEL63F81C5iJ6Ld6kQK+
|
||||
XblDW0G643bVbzkBb46MAT+UnLuWQUs3NDtk1FEioJyWUgbO/srMH4MoWM7rG8ZT
|
||||
nQPohNmPBrqL2phmE27HQsQ0rTjH2Z2ol7iy9OFMtT0=
|
||||
=MkGo
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
@ -16,8 +16,6 @@
|
||||
/etc/named
|
||||
/usr/lib64/bind
|
||||
/usr/lib/bind
|
||||
/usr/lib64/named
|
||||
/usr/lib/named
|
||||
/usr/share/GeoIP
|
||||
/run/named
|
||||
/proc/sys/net/ipv4/ip_local_port_range
|
||||
|
@ -17,7 +17,7 @@ EnvironmentFile=-/etc/sysconfig/named
|
||||
Environment=KRB5_KTNAME=/etc/named.keytab
|
||||
PIDFile=/var/named/chroot/run/named/named.pid
|
||||
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/bin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS
|
||||
|
||||
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
|
||||
|
@ -13,7 +13,7 @@ EnvironmentFile=-/etc/sysconfig/named
|
||||
Environment=KRB5_KTNAME=/etc/named.keytab
|
||||
PIDFile=/run/named/named.pid
|
||||
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/bin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStart=/usr/sbin/named-pkcs11 -u named -c ${NAMEDCONF} $OPTIONS
|
||||
|
||||
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
|
||||
|
153
named.root
153
named.root
@ -1,61 +1,92 @@
|
||||
|
||||
; <<>> DiG 9.11.3-RedHat-9.11.3-3.fc27 <<>> +bufsize=1200 +norec @a.root-servers.net
|
||||
; (2 servers found)
|
||||
;; global options: +cmd
|
||||
;; Got answer:
|
||||
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46900
|
||||
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27
|
||||
|
||||
;; OPT PSEUDOSECTION:
|
||||
; EDNS: version: 0, flags:; udp: 1472
|
||||
;; QUESTION SECTION:
|
||||
;. IN NS
|
||||
|
||||
;; ANSWER SECTION:
|
||||
. 518400 IN NS a.root-servers.net.
|
||||
. 518400 IN NS b.root-servers.net.
|
||||
. 518400 IN NS c.root-servers.net.
|
||||
. 518400 IN NS d.root-servers.net.
|
||||
. 518400 IN NS e.root-servers.net.
|
||||
. 518400 IN NS f.root-servers.net.
|
||||
. 518400 IN NS g.root-servers.net.
|
||||
. 518400 IN NS h.root-servers.net.
|
||||
. 518400 IN NS i.root-servers.net.
|
||||
. 518400 IN NS j.root-servers.net.
|
||||
. 518400 IN NS k.root-servers.net.
|
||||
. 518400 IN NS l.root-servers.net.
|
||||
. 518400 IN NS m.root-servers.net.
|
||||
|
||||
;; ADDITIONAL SECTION:
|
||||
a.root-servers.net. 518400 IN A 198.41.0.4
|
||||
b.root-servers.net. 518400 IN A 199.9.14.201
|
||||
c.root-servers.net. 518400 IN A 192.33.4.12
|
||||
d.root-servers.net. 518400 IN A 199.7.91.13
|
||||
e.root-servers.net. 518400 IN A 192.203.230.10
|
||||
f.root-servers.net. 518400 IN A 192.5.5.241
|
||||
g.root-servers.net. 518400 IN A 192.112.36.4
|
||||
h.root-servers.net. 518400 IN A 198.97.190.53
|
||||
i.root-servers.net. 518400 IN A 192.36.148.17
|
||||
j.root-servers.net. 518400 IN A 192.58.128.30
|
||||
k.root-servers.net. 518400 IN A 193.0.14.129
|
||||
l.root-servers.net. 518400 IN A 199.7.83.42
|
||||
m.root-servers.net. 518400 IN A 202.12.27.33
|
||||
a.root-servers.net. 518400 IN AAAA 2001:503:ba3e::2:30
|
||||
b.root-servers.net. 518400 IN AAAA 2001:500:200::b
|
||||
c.root-servers.net. 518400 IN AAAA 2001:500:2::c
|
||||
d.root-servers.net. 518400 IN AAAA 2001:500:2d::d
|
||||
e.root-servers.net. 518400 IN AAAA 2001:500:a8::e
|
||||
f.root-servers.net. 518400 IN AAAA 2001:500:2f::f
|
||||
g.root-servers.net. 518400 IN AAAA 2001:500:12::d0d
|
||||
h.root-servers.net. 518400 IN AAAA 2001:500:1::53
|
||||
i.root-servers.net. 518400 IN AAAA 2001:7fe::53
|
||||
j.root-servers.net. 518400 IN AAAA 2001:503:c27::2:30
|
||||
k.root-servers.net. 518400 IN AAAA 2001:7fd::1
|
||||
l.root-servers.net. 518400 IN AAAA 2001:500:9f::42
|
||||
m.root-servers.net. 518400 IN AAAA 2001:dc3::35
|
||||
|
||||
;; Query time: 24 msec
|
||||
;; SERVER: 198.41.0.4#53(198.41.0.4)
|
||||
;; WHEN: Thu Apr 05 15:57:34 CEST 2018
|
||||
;; MSG SIZE rcvd: 811
|
||||
|
||||
; This file holds the information on root name servers needed to
|
||||
; initialize cache of Internet domain name servers
|
||||
; (e.g. reference this file in the "cache . <file>"
|
||||
; configuration file of BIND domain name servers).
|
||||
;
|
||||
; This file is made available by InterNIC
|
||||
; under anonymous FTP as
|
||||
; file /domain/named.cache
|
||||
; on server FTP.INTERNIC.NET
|
||||
; -OR- RS.INTERNIC.NET
|
||||
;
|
||||
; last update: June 24, 2021
|
||||
; related version of root zone: 2021062401
|
||||
;
|
||||
; FORMERLY NS.INTERNIC.NET
|
||||
;
|
||||
. 3600000 NS A.ROOT-SERVERS.NET.
|
||||
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
|
||||
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
|
||||
;
|
||||
; FORMERLY NS1.ISI.EDU
|
||||
;
|
||||
. 3600000 NS B.ROOT-SERVERS.NET.
|
||||
B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201
|
||||
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
|
||||
;
|
||||
; FORMERLY C.PSI.NET
|
||||
;
|
||||
. 3600000 NS C.ROOT-SERVERS.NET.
|
||||
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
|
||||
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
|
||||
;
|
||||
; FORMERLY TERP.UMD.EDU
|
||||
;
|
||||
. 3600000 NS D.ROOT-SERVERS.NET.
|
||||
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
|
||||
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
|
||||
;
|
||||
; FORMERLY NS.NASA.GOV
|
||||
;
|
||||
. 3600000 NS E.ROOT-SERVERS.NET.
|
||||
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
|
||||
E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
|
||||
;
|
||||
; FORMERLY NS.ISC.ORG
|
||||
;
|
||||
. 3600000 NS F.ROOT-SERVERS.NET.
|
||||
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
|
||||
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
|
||||
;
|
||||
; FORMERLY NS.NIC.DDN.MIL
|
||||
;
|
||||
. 3600000 NS G.ROOT-SERVERS.NET.
|
||||
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
|
||||
G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
|
||||
;
|
||||
; FORMERLY AOS.ARL.ARMY.MIL
|
||||
;
|
||||
. 3600000 NS H.ROOT-SERVERS.NET.
|
||||
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
|
||||
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
|
||||
;
|
||||
; FORMERLY NIC.NORDU.NET
|
||||
;
|
||||
. 3600000 NS I.ROOT-SERVERS.NET.
|
||||
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
|
||||
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
|
||||
;
|
||||
; OPERATED BY VERISIGN, INC.
|
||||
;
|
||||
. 3600000 NS J.ROOT-SERVERS.NET.
|
||||
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
|
||||
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
|
||||
;
|
||||
; OPERATED BY RIPE NCC
|
||||
;
|
||||
. 3600000 NS K.ROOT-SERVERS.NET.
|
||||
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
|
||||
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
|
||||
;
|
||||
; OPERATED BY ICANN
|
||||
;
|
||||
. 3600000 NS L.ROOT-SERVERS.NET.
|
||||
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
|
||||
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
|
||||
;
|
||||
; OPERATED BY WIDE
|
||||
;
|
||||
. 3600000 NS M.ROOT-SERVERS.NET.
|
||||
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
|
||||
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
|
||||
; End of file
|
@ -13,7 +13,7 @@ EnvironmentFile=-/etc/sysconfig/named
|
||||
Environment=KRB5_KTNAME=/etc/named.keytab
|
||||
PIDFile=/run/named/named.pid
|
||||
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/bin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS
|
||||
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
|
||||
|
||||
|
@ -10,7 +10,7 @@ usage()
|
||||
echo 'Usage: setup-named-chroot.sh ROOTDIR <on|off> [chroot.files]'
|
||||
}
|
||||
|
||||
if ! [ "$#" -ge 2 ] && [ "$#" -le 3 ]; then
|
||||
if ! [ "$#" -ge 2 -a "$#" -le 3 ]; then
|
||||
echo 'Wrong number of arguments'
|
||||
usage
|
||||
exit 1
|
||||
@ -34,9 +34,9 @@ dev_create()
|
||||
DEVNAME="$ROOTDIR/dev/$1"
|
||||
shift
|
||||
if ! [ -e "$DEVNAME" ]; then
|
||||
/bin/mknod -m 0664 "$DEVNAME" "$@"
|
||||
/bin/mknod -m 0664 "$DEVNAME" $@
|
||||
/bin/chgrp named "$DEVNAME"
|
||||
if [ -x /usr/sbin/selinuxenabled ] && [ -x /sbin/restorecon ]; then
|
||||
if [ -x /usr/sbin/selinuxenabled -a -x /sbin/restorecon ]; then
|
||||
/usr/sbin/selinuxenabled && /sbin/restorecon "$DEVNAME" > /dev/null || :
|
||||
fi
|
||||
fi
|
||||
@ -78,7 +78,7 @@ mount_chroot_conf()
|
||||
else
|
||||
# Mount source is a directory. Mount it only if directory in chroot is
|
||||
# empty.
|
||||
if [ -e "$all" ] && [ `ls -1A "$ROOTDIR$all" | wc -l` -eq 0 ]; then
|
||||
if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
|
||||
mount --bind --make-private "$all" "$ROOTDIR$all"
|
||||
fi
|
||||
fi
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (bind-9.16.30.tar.xz) = cc9bcbedf63c2efe0a23f14db3e57fdae46f0509aac58e5840a6805ce4fbd76cad5bfde4d461442adb88c4d947f8d79bf979aeb24aeb9303b6adc8d169b7118c
|
||||
SHA512 (bind-9.16.30.tar.xz.asc) = 943ff140aaa413f125d039748a0c10d7ae20b0fa4075227ab0b9d065816e7960a3c4e0fb2a4498946926409568c71076026cbd0be33a78db73966366d43bfdb1
|
||||
SHA512 (bind-9.18.4.tar.xz) = 5deb46f6549e42087734fe80f8cd8de8f3fa54590e4635f8c0e2e8d362f8756404e911e46d7fe1cd75f0f19217532ca402e7a5947111f16e412c8aaa754b9e16
|
||||
SHA512 (bind-9.18.4.tar.xz.asc) = dfe7b24c499e6e54bc836350b73ef24deb78e1394059d75acc434512b3a60ab44708d3e1faa861be161afa0e69f789fd6b75dd881777679e4845a56f2fd6ab9a
|
||||
|
Loading…
Reference in New Issue
Block a user