Add support for DNSTAP

Not enabled by default yet. Enables dumping of dns traffic.
Fix DNSTAP issues in build and unit tests.

Fool rpmlint to accept dnstap relative path. Rpmlint emited error
hardcoded-library-path on dnstap path. It is not system-wide library,
workaround by using variable.

Add dnstap-read utility to utils. When dnstap is enabled,
dnstap-read will be part of utils. Disadvantage is all utilities would have
dependency on protobuf library, including host and dig.

Resolves: #1564776

bind-9.11-unit-dnstap-pkcs11.patch

@@ -0,0 +1,24 @@
+diff --git a/lib/dns/tests/dnstap_test.c b/lib/dns/tests/dnstap_test.c
+index 56e3da4..1f31542 100644
+--- a/lib/dns/tests/dnstap_test.c
++++ b/lib/dns/tests/dnstap_test.c
+@@ -297,6 +297,9 @@ ATF_TC_BODY(totext, tc) {
+ 
+ 	UNUSED(tc);
+ 
++	/* make sure text conversion gets the right local time */
++	setenv("TZ", "PST8", 1);
++
+ 	result = dns_test_begin(NULL, true);
+ 	ATF_REQUIRE(result == ISC_R_SUCCESS);
+ 
+@@ -306,9 +309,6 @@ ATF_TC_BODY(totext, tc) {
+ 	result = isc_stdio_open(TAPTEXT, "r", &fp);
+ 	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ 
+-	/* make sure text conversion gets the right local time */
+-	setenv("TZ", "PST8", 1);
+-
+ 	while (dns_dt_getframe(handle, &data, &dsize) == ISC_R_SUCCESS) {
+ 		dns_dtdata_t *dtdata = NULL;
+ 		isc_buffer_t *b = NULL;

bind.spec

@@ -18,6 +18,7 @@
 %bcond_without DEVEL
 %bcond_with    LMDB
 %bcond_with    JSON
+%bcond_with    DNSTAP
 %bcond_with    DLZ
 %bcond_without EXPORT_LIBS
 %if 0%{?fedora} >= 17
@@ -124,7 +125,10 @@ Patch159:bind-9.11-rt46047.patch
 # commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c
 # commit 083461d3329ff6f2410745848a926090586a9846
 Patch160:bind-9.11-rh1624100.patch
+# https://gitlab.isc.org/isc-projects/bind9/issues/555
 Patch161:bind-9.11-host-idn-disable.patch
+# https://gitlab.isc.org/isc-projects/bind9/issues/624
+Patch162:bind-9.11-unit-dnstap-pkcs11.patch
 
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -187,6 +191,9 @@ BuildRequires:  lmdb-devel
 %if %{with JSON}
 BuildRequires:  json-c-devel
 %endif
+%if %{with DNSTAP}
+BuildRequires:  fstrm-devel protobuf-c-devel
+%endif
 # Needed to regenerate dig.1 manpage
 BuildRequires: docbook-style-xsl, libxslt
 
@@ -328,6 +335,9 @@ Requires: lmdb-devel
 %if %{with JSON}
 Requires:  json-c-devel%{?_isa}
 %endif
+%if %{with DNSTAP}
+Requires:  fstrm-devel%{?_isa} protobuf-c-devel%{?_isa}
+%endif
 
 %description lite-devel
 The bind-lite-devel package contains lite version of the header
@@ -475,6 +485,7 @@ are used for building ISC DHCP.
 %patch159 -p1 -b .rt46047
 %patch160 -p1 -b .rh1624100
 %patch161 -p1 -b .host-idn-disable
+%patch162 -p1 -b .dnstap-pkcs11
 
 mkdir lib/dns/tests/testdata/dstrandom
 cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@@ -605,6 +616,9 @@ export LIBDIR_SUFFIX
 %if %{with JSON}
   --with-libjson \
 %endif
+%if %{with DNSTAP}
+  --enable-dnstap \
+%endif
 %if %{with UNITTEST}
   --with-atf=${ATF_PATH} \
 %endif
@@ -612,6 +626,15 @@ export LIBDIR_SUFFIX
   --with-docbook-xsl=%{_datadir}/sgml/docbook/xsl-stylesheets \
   --enable-full-report \
 ;
+%if %{with DNSTAP}
+  pushd lib
+  SRCLIB="../../../lib"
+  (cd dns && ln -s ${SRCLIB}/dns/dnstap.proto)
+%if %{with PKCS11}
+  (cd dns-pkcs11 && ln -s ${SRCLIB}/dns-pkcs11/dnstap.proto)
+%endif
+  popd
+%endif
 make %{?_smp_mflags}
 
 ### FIXME hack!!!
@@ -1238,6 +1261,10 @@ rm -rf ${RPM_BUILD_ROOT}
 %if %{with LMDB}
 %{_sbindir}/named-nzd2nzf
 %endif
+%if %{with DNSTAP}
+%{_bindir}/dnstap-read
+%{_mandir}/man1/dnstap-read.1*
+%endif
 %{_mandir}/man1/host.1*
 %{_mandir}/man1/nsupdate.1*
 %{_mandir}/man1/dig.1*
@@ -1458,6 +1485,7 @@ rm -rf ${RPM_BUILD_ROOT}
 %changelog
 * Thu Oct 25 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-2
 - Add optional support for JSON statistics
+- Add optional DNSTAP support (#1564776), new dnstap-read tool
 
 * Wed Oct 24 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-1
 - Update to 9.11.5