From cae911494fb966b2e02ab9747d6d6fb33bda8f44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Fri, 3 Oct 2025 15:43:05 +0200
Subject: [PATCH] Copy named.* into /usr/share/named

Imagemode might have separate /var partition not properly initialized by
package installation. Add creation of compat files into tmpfiles.d
definition.

Make copies of those files from /var/named to /usr/shared/named, so we
even have some place to symlink them from. Originally it had only copy
in sample documentation, which may not be installed.

These source file should be read-only from named and not modified
anyway. Move them to /usr/share/named as read-only, always present
sources. Make symlinks in /var/named to point to them only when files
are missing.

To maximize backward compatibility, make copies and avoid replacing
those files with symlinks.

Resolves: RHEL-122168
---
 bind.spec          | 32 ++++++++++++++++++++++----------
 bind.tmpfiles.d    |  9 +++++++++
 named-chroot.files |  2 ++
 3 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/bind.spec b/bind.spec
index 0d65b69..499e194 100644
--- a/bind.spec
+++ b/bind.spec
@@ -32,7 +32,7 @@
 %global        chroot_prefix     %{bind_dir}/chroot
 %global        chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\
                                          %{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\
-                                         %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4
+                                         %{_libdir}/bind %{_libdir}/named %{_datadir}/{GeoIP,named} /proc/sys/net/ipv4
 
 %global        selinuxbooleans   named_write_master_zones=1
 
@@ -56,7 +56,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.16.23
-Release:  35%{?dist}
+Release:  36%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@@ -869,21 +869,28 @@ touch ${RPM_BUILD_ROOT}%{_sysconfdir}/rndc.{key,conf}
 install -m 644 %{SOURCE27} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.root.key
 install -m 644 %{SOURCE36} ${RPM_BUILD_ROOT}%{_sysconfdir}/trusted-key.key
 mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/named
+mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/named
+install -p -m 644 %{SOURCE17} ${RPM_BUILD_ROOT}%{_datadir}/named/named.ca
+install -p -m 644 %{SOURCE18} ${RPM_BUILD_ROOT}%{_datadir}/named/named.localhost
+install -p -m 644 %{SOURCE19} ${RPM_BUILD_ROOT}%{_datadir}/named/named.loopback
+install -p -m 644 %{SOURCE20} ${RPM_BUILD_ROOT}%{_datadir}/named/named.empty
 
 # data files:
 mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/named
-install -m 640 %{SOURCE17} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.ca
-install -m 640 %{SOURCE18} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.localhost
-install -m 640 %{SOURCE19} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.loopback
-install -m 640 %{SOURCE20} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.empty
-install -m 640 %{SOURCE23} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.rfc1912.zones
+# Create duplicate copies for maximal backward compatibility
+install -p -m 644 %{SOURCE17} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.ca
+install -p -m 644 %{SOURCE18} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.localhost
+install -p -m 644 %{SOURCE19} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.loopback
+install -p -m 644 %{SOURCE20} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.empty
+install -p -m 640 %{SOURCE23} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.rfc1912.zones
 
 # sample bind configuration files for %%doc:
 mkdir -p sample/etc sample/var/named/{data,slaves}
 install -m 644 %{SOURCE25} sample/etc/named.conf
-# Copy default configuration to %%doc to make it usable from system-config-bind
+# Copy default configuration to %%doc
 install -m 644 %{SOURCE16} named.conf.default
 install -m 644 %{SOURCE23} sample/etc/named.rfc1912.zones
+# Extra copies in documentation too.
 install -m 644 %{SOURCE18} %{SOURCE19} %{SOURCE20}  sample/var/named
 install -m 644 %{SOURCE17} sample/var/named/named.ca
 for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.internal.zone.db my.external.zone.db; do 
@@ -893,10 +900,10 @@ done
 :;
 
 mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir}
-install -m 644 %{SOURCE35} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/named.conf
+install -p -m 644 %{SOURCE35} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/named.conf
 
 mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d
-install -m 644 %{SOURCE43} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named
+install -p -m 644 %{SOURCE43} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named
 
 %pre
 if [ "$1" -eq 1 ]; then
@@ -1052,6 +1059,7 @@ fi;
 %dir %{_localstatedir}/named/dynamic
 %ghost %{_localstatedir}/log/named.log
 %defattr(0640,root,named,0750)
+%{_datadir}/named/
 %config %verify(not link) %{_localstatedir}/named/named.ca
 %config %verify(not link) %{_localstatedir}/named/named.localhost
 %config %verify(not link) %{_localstatedir}/named/named.loopback
@@ -1170,6 +1178,7 @@ fi;
 %dir %{chroot_prefix}/%{_libdir}/bind
 %dir %{chroot_prefix}/%{_libdir}/named
 %dir %{chroot_prefix}/%{_datadir}/GeoIP
+%dir %{chroot_prefix}/%{_datadir}/named
 %{chroot_prefix}/proc
 %defattr(0660,root,named,01770)
 %dir %{chroot_prefix}%{_localstatedir}/named
@@ -1243,6 +1252,9 @@ fi;
 %endif
 
 %changelog
+* Wed Oct 29 2025 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-36
+- Copy named.* files from /var/named into /usr/share/named
+
 * Wed Oct 29 2025 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-35
 - Prevent cache poisoning due to weak PRNG (CVE-2025-40780)
 - Replace downstream fixes with upstream changes
diff --git a/bind.tmpfiles.d b/bind.tmpfiles.d
index 640a656..95d4975 100644
--- a/bind.tmpfiles.d
+++ b/bind.tmpfiles.d
@@ -1 +1,10 @@
+# vim: ft=conf:
 d /run/named 0755 named named -
+d /var/named 01770 root named -
+d /var/named/slaves  0770 named named -
+d /var/named/data    0770 named named -
+d /var/named/dynamic 0770 named named -
+L /var/named/named.ca        0640 named named - ../../../usr/share/named/named.ca
+L /var/named/named.localhost 0640 named named - ../../../usr/share/named/named.localhost
+L /var/named/named.loopback  0640 named named - ../../../usr/share/named/named.loopback
+L /var/named/named.empty     0640 named named - ../../../usr/share/named/named.empty
diff --git a/named-chroot.files b/named-chroot.files
index 75e6aa1..8511722 100644
--- a/named-chroot.files
+++ b/named-chroot.files
@@ -3,6 +3,7 @@
 # if they are missing or empty in target directory.
 /etc/localtime
 /etc/named.root.key
+/etc/named.ca
 /etc/named.conf
 /etc/named.rfc1912.zones
 /etc/rndc.conf
@@ -19,6 +20,7 @@
 /usr/lib64/named
 /usr/lib/named
 /usr/share/GeoIP
+/usr/share/named
 /run/named
 /proc/sys/net/ipv4/ip_local_port_range
 # Warning: the order is important