Copy named.* into /usr/share/named
Imagemode might have separate /var partition not properly initialized by package installation. Add creation of compat files into tmpfiles.d definition. Make copies of those files from /var/named to /usr/shared/named, so we even have some place to symlink them from. Originally it had only copy in sample documentation, which may not be installed. These source file should be read-only from named and not modified anyway. Move them to /usr/share/named as read-only, always present sources. Make symlinks in /var/named to point to them only when files are missing. To maximize backward compatibility, make copies and avoid replacing those files with symlinks. Resolves: RHEL-122168
This commit is contained in:
Petr Menšík
parent
6b33345a14
commit
cae911494f
32
bind.spec
32
bind.spec
@ -32,7 +32,7 @@
|
||||
%global chroot_prefix %{bind_dir}/chroot
|
||||
%global chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\
|
||||
%{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\
|
||||
%{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4
|
||||
%{_libdir}/bind %{_libdir}/named %{_datadir}/{GeoIP,named} /proc/sys/net/ipv4
|
||||
|
||||
%global selinuxbooleans named_write_master_zones=1
|
||||
|
||||
@ -56,7 +56,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
|
||||
Name: bind
|
||||
License: MPLv2.0
|
||||
Version: 9.16.23
|
||||
Release: 35%{?dist}
|
||||
Release: 36%{?dist}
|
||||
Epoch: 32
|
||||
Url: https://www.isc.org/downloads/bind/
|
||||
#
|
||||
@ -869,21 +869,28 @@ touch ${RPM_BUILD_ROOT}%{_sysconfdir}/rndc.{key,conf}
|
||||
install -m 644 %{SOURCE27} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.root.key
|
||||
install -m 644 %{SOURCE36} ${RPM_BUILD_ROOT}%{_sysconfdir}/trusted-key.key
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/named
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/named
|
||||
install -p -m 644 %{SOURCE17} ${RPM_BUILD_ROOT}%{_datadir}/named/named.ca
|
||||
install -p -m 644 %{SOURCE18} ${RPM_BUILD_ROOT}%{_datadir}/named/named.localhost
|
||||
install -p -m 644 %{SOURCE19} ${RPM_BUILD_ROOT}%{_datadir}/named/named.loopback
|
||||
install -p -m 644 %{SOURCE20} ${RPM_BUILD_ROOT}%{_datadir}/named/named.empty
|
||||
|
||||
# data files:
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/named
|
||||
install -m 640 %{SOURCE17} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.ca
|
||||
install -m 640 %{SOURCE18} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.localhost
|
||||
install -m 640 %{SOURCE19} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.loopback
|
||||
install -m 640 %{SOURCE20} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.empty
|
||||
install -m 640 %{SOURCE23} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.rfc1912.zones
|
||||
# Create duplicate copies for maximal backward compatibility
|
||||
install -p -m 644 %{SOURCE17} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.ca
|
||||
install -p -m 644 %{SOURCE18} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.localhost
|
||||
install -p -m 644 %{SOURCE19} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.loopback
|
||||
install -p -m 644 %{SOURCE20} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.empty
|
||||
install -p -m 640 %{SOURCE23} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.rfc1912.zones
|
||||
|
||||
# sample bind configuration files for %%doc:
|
||||
mkdir -p sample/etc sample/var/named/{data,slaves}
|
||||
install -m 644 %{SOURCE25} sample/etc/named.conf
|
||||
# Copy default configuration to %%doc to make it usable from system-config-bind
|
||||
# Copy default configuration to %%doc
|
||||
install -m 644 %{SOURCE16} named.conf.default
|
||||
install -m 644 %{SOURCE23} sample/etc/named.rfc1912.zones
|
||||
# Extra copies in documentation too.
|
||||
install -m 644 %{SOURCE18} %{SOURCE19} %{SOURCE20} sample/var/named
|
||||
install -m 644 %{SOURCE17} sample/var/named/named.ca
|
||||
for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.internal.zone.db my.external.zone.db; do
|
||||
@ -893,10 +900,10 @@ done
|
||||
:;
|
||||
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir}
|
||||
install -m 644 %{SOURCE35} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/named.conf
|
||||
install -p -m 644 %{SOURCE35} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/named.conf
|
||||
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d
|
||||
install -m 644 %{SOURCE43} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named
|
||||
install -p -m 644 %{SOURCE43} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named
|
||||
|
||||
%pre
|
||||
if [ "$1" -eq 1 ]; then
|
||||
@ -1052,6 +1059,7 @@ fi;
|
||||
%dir %{_localstatedir}/named/dynamic
|
||||
%ghost %{_localstatedir}/log/named.log
|
||||
%defattr(0640,root,named,0750)
|
||||
%{_datadir}/named/
|
||||
%config %verify(not link) %{_localstatedir}/named/named.ca
|
||||
%config %verify(not link) %{_localstatedir}/named/named.localhost
|
||||
%config %verify(not link) %{_localstatedir}/named/named.loopback
|
||||
@ -1170,6 +1178,7 @@ fi;
|
||||
%dir %{chroot_prefix}/%{_libdir}/bind
|
||||
%dir %{chroot_prefix}/%{_libdir}/named
|
||||
%dir %{chroot_prefix}/%{_datadir}/GeoIP
|
||||
%dir %{chroot_prefix}/%{_datadir}/named
|
||||
%{chroot_prefix}/proc
|
||||
%defattr(0660,root,named,01770)
|
||||
%dir %{chroot_prefix}%{_localstatedir}/named
|
||||
@ -1243,6 +1252,9 @@ fi;
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Oct 29 2025 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-36
|
||||
- Copy named.* files from /var/named into /usr/share/named
|
||||
|
||||
* Wed Oct 29 2025 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-35
|
||||
- Prevent cache poisoning due to weak PRNG (CVE-2025-40780)
|
||||
- Replace downstream fixes with upstream changes
|
||||
|
||||
@ -1 +1,10 @@
|
||||
# vim: ft=conf:
|
||||
d /run/named 0755 named named -
|
||||
d /var/named 01770 root named -
|
||||
d /var/named/slaves 0770 named named -
|
||||
d /var/named/data 0770 named named -
|
||||
d /var/named/dynamic 0770 named named -
|
||||
L /var/named/named.ca 0640 named named - ../../../usr/share/named/named.ca
|
||||
L /var/named/named.localhost 0640 named named - ../../../usr/share/named/named.localhost
|
||||
L /var/named/named.loopback 0640 named named - ../../../usr/share/named/named.loopback
|
||||
L /var/named/named.empty 0640 named named - ../../../usr/share/named/named.empty
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
# if they are missing or empty in target directory.
|
||||
/etc/localtime
|
||||
/etc/named.root.key
|
||||
/etc/named.ca
|
||||
/etc/named.conf
|
||||
/etc/named.rfc1912.zones
|
||||
/etc/rndc.conf
|
||||
@ -19,6 +20,7 @@
|
||||
/usr/lib64/named
|
||||
/usr/lib/named
|
||||
/usr/share/GeoIP
|
||||
/usr/share/named
|
||||
/run/named
|
||||
/proc/sys/net/ipv4/ip_local_port_range
|
||||
# Warning: the order is important
|
||||
|
||||
Loading…
Reference in New Issue
Block a user