import bind9.16-9.16.23-0.7.el8
This commit is contained in:
commit
9ac431116b
1
.bind9.16.metadata
Normal file
1
.bind9.16.metadata
Normal file
@ -0,0 +1 @@
|
||||
30cbd1f3e9d2d47d653498143334128aac1f8fc0 SOURCES/bind-9.16.23.tar.xz
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
SOURCES/bind-9.16.23.tar.xz
|
550
SOURCES/bind-9.10-dist-native-pkcs11.patch
Normal file
550
SOURCES/bind-9.10-dist-native-pkcs11.patch
Normal file
@ -0,0 +1,550 @@
|
||||
From 040227009453b3f0aa7914c7a6a94dc57ad5269b Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Thu, 21 Jan 2021 10:46:20 +0100
|
||||
Subject: [PATCH] Enable custom pkcs11 native build
|
||||
|
||||
Share common parts like libisc, libcc and others. But provide native
|
||||
pkcs11 libraries as a new copy of libdns and libns.
|
||||
---
|
||||
bin/Makefile.in | 2 +-
|
||||
bin/confgen/Makefile.in | 2 +-
|
||||
bin/dnssec-pkcs11/Makefile.in | 39 +++++++++++++++++---------------
|
||||
bin/named-pkcs11/Makefile.in | 33 ++++++++++++++-------------
|
||||
configure.ac | 19 ++++++++++++++++
|
||||
lib/Makefile.in | 2 +-
|
||||
lib/dns-pkcs11/Makefile.in | 22 +++++++++---------
|
||||
lib/dns-pkcs11/tests/Makefile.in | 8 +++----
|
||||
lib/ns-pkcs11/Makefile.in | 26 ++++++++++-----------
|
||||
lib/ns-pkcs11/tests/Makefile.in | 12 +++++-----
|
||||
make/includes.in | 7 ++++++
|
||||
11 files changed, 101 insertions(+), 71 deletions(-)
|
||||
|
||||
diff --git a/bin/Makefile.in b/bin/Makefile.in
|
||||
index 9ad7f62..094775a 100644
|
||||
--- a/bin/Makefile.in
|
||||
+++ b/bin/Makefile.in
|
||||
@@ -11,7 +11,7 @@ srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
top_srcdir = @top_srcdir@
|
||||
|
||||
-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \
|
||||
+SUBDIRS = named named-pkcs11 rndc dig delv dnssec dnssec-pkcs11 tools nsupdate check confgen \
|
||||
@NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins tests
|
||||
TARGETS =
|
||||
|
||||
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
|
||||
index c126bf3..1b7512d 100644
|
||||
--- a/bin/confgen/Makefile.in
|
||||
+++ b/bin/confgen/Makefile.in
|
||||
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
|
||||
CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
|
||||
${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
|
||||
|
||||
-CDEFINES = @USE_PKCS11@
|
||||
+CDEFINES =
|
||||
CWARNINGS =
|
||||
|
||||
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
|
||||
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
|
||||
index ace0e5a..e0f6a00 100644
|
||||
--- a/bin/dnssec-pkcs11/Makefile.in
|
||||
+++ b/bin/dnssec-pkcs11/Makefile.in
|
||||
@@ -15,18 +15,18 @@ VERSION=@BIND9_VERSION@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
-CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
|
||||
+CINCLUDES = ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
|
||||
${OPENSSL_CFLAGS}
|
||||
|
||||
-CDEFINES = -DVERSION=\"${VERSION}\" -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
|
||||
+CDEFINES = -DVERSION=\"${VERSION}\" -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\" -DUSE_PKCS11=1
|
||||
CWARNINGS =
|
||||
|
||||
-DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
|
||||
ISCLIBS = ../../lib/isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
|
||||
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @NO_LIBTOOL_ISCLIBS@
|
||||
|
||||
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
|
||||
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
|
||||
ISCDEPLIBS = ../../lib/isc/libisc.@A@
|
||||
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
|
||||
|
||||
@@ -36,12 +36,15 @@ LIBS = ${DNSLIBS} ${ISCCFGLIBS} ${ISCLIBS} @LIBS@
|
||||
|
||||
NOSYMLIBS = ${DNSLIBS} ${ISCCFGLIBS} ${ISCNOSYMLIBS} @LIBS@
|
||||
|
||||
+# Add suffix to all targets
|
||||
+EXEEXT = -pkcs11@EXEEXT@
|
||||
+
|
||||
# Alphabetically
|
||||
-TARGETS = dnssec-cds@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
|
||||
- dnssec-importkey@EXEEXT@ dnssec-keyfromlabel@EXEEXT@ \
|
||||
- dnssec-keygen@EXEEXT@ dnssec-revoke@EXEEXT@ \
|
||||
- dnssec-settime@EXEEXT@ dnssec-signzone@EXEEXT@ \
|
||||
- dnssec-verify@EXEEXT@
|
||||
+TARGETS = dnssec-cds${EXEEXT} dnssec-dsfromkey${EXEEXT} \
|
||||
+ dnssec-importkey${EXEEXT} dnssec-keyfromlabel${EXEEXT} \
|
||||
+ dnssec-keygen${EXEEXT} dnssec-revoke${EXEEXT} \
|
||||
+ dnssec-settime${EXEEXT} dnssec-signzone${EXEEXT} \
|
||||
+ dnssec-verify${EXEEXT}
|
||||
|
||||
OBJS = dnssectool.@O@
|
||||
|
||||
@@ -52,19 +55,19 @@ SRCS = dnssec-cds.c dnssec-dsfromkey.c dnssec-importkey.c \
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
|
||||
-dnssec-cds@EXEEXT@: dnssec-cds.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-cds-pkcs11@EXEEXT@: dnssec-cds.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-cds.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
-dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-dsfromkey-pkcs11@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
-dnssec-keyfromlabel@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-keyfromlabel-pkcs11@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-keyfromlabel.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
-dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-keygen-pkcs11@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
@@ -72,7 +75,7 @@ dnssec-signzone.@O@: dnssec-signzone.c
|
||||
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
|
||||
-c ${srcdir}/dnssec-signzone.c
|
||||
|
||||
-dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-signzone-pkcs11@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
@@ -80,19 +83,19 @@ dnssec-verify.@O@: dnssec-verify.c
|
||||
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
|
||||
-c ${srcdir}/dnssec-verify.c
|
||||
|
||||
-dnssec-verify@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-verify-pkcs11@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="dnssec-verify.@O@ ${OBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
-dnssec-revoke@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-revoke-pkcs11@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
|
||||
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
|
||||
dnssec-revoke.@O@ ${OBJS} ${LIBS}
|
||||
|
||||
-dnssec-settime@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-settime-pkcs11@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}
|
||||
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
|
||||
dnssec-settime.@O@ ${OBJS} ${LIBS}
|
||||
|
||||
-dnssec-importkey@EXEEXT@: dnssec-importkey.@O@ ${OBJS} ${DEPLIBS}
|
||||
+dnssec-importkey-pkcs11@EXEEXT@: dnssec-importkey.@O@ ${OBJS} ${DEPLIBS}
|
||||
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
|
||||
dnssec-importkey.@O@ ${OBJS} ${LIBS}
|
||||
|
||||
diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in
|
||||
index 98125dd..518a75f 100644
|
||||
--- a/bin/named-pkcs11/Makefile.in
|
||||
+++ b/bin/named-pkcs11/Makefile.in
|
||||
@@ -37,13 +37,14 @@ DBDRIVER_LIBS =
|
||||
|
||||
DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers
|
||||
|
||||
-DLZDRIVER_OBJS = @DLZ_DRIVER_OBJS@
|
||||
-DLZDRIVER_SRCS = @DLZ_DRIVER_SRCS@
|
||||
-DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@
|
||||
-DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@
|
||||
+# Skip building on PKCS11 variant
|
||||
+DLZDRIVER_OBJS =
|
||||
+DLZDRIVER_SRCS =
|
||||
+DLZDRIVER_INCLUDES =
|
||||
+DLZDRIVER_LIBS =
|
||||
|
||||
CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
|
||||
- ${NS_INCLUDES} ${DNS_INCLUDES} \
|
||||
+ ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} \
|
||||
${BIND9_INCLUDES} ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \
|
||||
${ISC_INCLUDES} ${DLZDRIVER_INCLUDES} \
|
||||
${DBDRIVER_INCLUDES} \
|
||||
@@ -56,24 +57,24 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
|
||||
${LIBXML2_CFLAGS} \
|
||||
${MAXMINDDB_CFLAGS}
|
||||
|
||||
-CDEFINES = @CONTRIB_DLZ@
|
||||
+CDEFINES =
|
||||
|
||||
CWARNINGS =
|
||||
|
||||
-DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
|
||||
ISCCCLIBS = ../../lib/isccc/libisccc.@A@
|
||||
ISCLIBS = ../../lib/isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
|
||||
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @NO_LIBTOOL_ISCLIBS@
|
||||
BIND9LIBS = ../../lib/bind9/libbind9.@A@
|
||||
-NSLIBS = ../../lib/ns/libns.@A@
|
||||
+NSLIBS = ../../lib/ns-pkcs11/libns-pkcs11.@A@
|
||||
|
||||
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
|
||||
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
|
||||
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
|
||||
ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@
|
||||
ISCDEPLIBS = ../../lib/isc/libisc.@A@
|
||||
BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
|
||||
-NSDEPLIBS = ../../lib/ns/libns.@A@
|
||||
+NSDEPLIBS = ../../lib/ns-pkcs11/libns-pkcs11.@A@
|
||||
|
||||
DEPLIBS = ${NSDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
|
||||
${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS}
|
||||
@@ -93,7 +94,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
|
||||
|
||||
SUBDIRS = unix
|
||||
|
||||
-TARGETS = named@EXEEXT@ feature-test@EXEEXT@
|
||||
+TARGETS = named-pkcs11@EXEEXT@ feature-test-pkcs11@EXEEXT@
|
||||
|
||||
GEOIP2LINKOBJS = geoip.@O@
|
||||
|
||||
@@ -151,7 +152,7 @@ server.@O@: server.c
|
||||
-DPRODUCT=\"${PRODUCT}\" \
|
||||
-DVERSION=\"${VERSION}\" -c ${srcdir}/server.c
|
||||
|
||||
-named@EXEEXT@: ${OBJS} ${DEPLIBS}
|
||||
+named-pkcs11@EXEEXT@: ${OBJS} ${DEPLIBS}
|
||||
export MAKE_SYMTABLE="yes"; \
|
||||
export BASEOBJS="${OBJS} ${UOBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
@@ -161,7 +162,7 @@ feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c
|
||||
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
|
||||
-c ${top_srcdir}/bin/tests/system/feature-test.c
|
||||
|
||||
-feature-test@EXEEXT@: feature-test.@O@
|
||||
+feature-test-pkcs11@EXEEXT@: feature-test.@O@
|
||||
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \
|
||||
-o $@ feature-test.@O@ ${ISCLIBS} ${LIBS}
|
||||
|
||||
@@ -180,11 +181,11 @@ statschannel.@O@: bind9.xsl.h
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
|
||||
|
||||
-install:: named@EXEEXT@ installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}
|
||||
+install:: named-pkcs11@EXEEXT@ installdirs
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-pkcs11@EXEEXT@ ${DESTDIR}${sbindir}
|
||||
|
||||
uninstall::
|
||||
- ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named@EXEEXT@
|
||||
+ ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-pkcs11@EXEEXT@
|
||||
|
||||
@DLZ_DRIVER_RULES@
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 032228b..64e3da0 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1251,12 +1251,14 @@ AC_SUBST(USE_GSSAPI)
|
||||
AC_SUBST(DST_GSSAPI_INC)
|
||||
AC_SUBST(DNS_GSSAPI_LIBS)
|
||||
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS"
|
||||
+DNS_CRYPTO_PK11_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_PK11_LIBS"
|
||||
|
||||
#
|
||||
# Applications linking with libdns also need to link with these libraries.
|
||||
#
|
||||
|
||||
AC_SUBST(DNS_CRYPTO_LIBS)
|
||||
+AC_SUBST(DNS_CRYPTO_PK11_LIBS)
|
||||
|
||||
#
|
||||
# was --with-lmdb specified?
|
||||
@@ -2327,6 +2329,8 @@ AC_SUBST(BIND9_DNS_BUILDINCLUDE)
|
||||
AC_SUBST(BIND9_NS_BUILDINCLUDE)
|
||||
AC_SUBST(BIND9_BIND9_BUILDINCLUDE)
|
||||
AC_SUBST(BIND9_IRS_BUILDINCLUDE)
|
||||
+AC_SUBST(BIND9_DNS_PKCS11_BUILDINCLUDE)
|
||||
+AC_SUBST(BIND9_NS_PKCS11_BUILDINCLUDE)
|
||||
if test "X$srcdir" != "X"; then
|
||||
BIND9_ISC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isc/include"
|
||||
BIND9_ISCCC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isccc/include"
|
||||
@@ -2335,6 +2339,8 @@ if test "X$srcdir" != "X"; then
|
||||
BIND9_NS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/ns/include"
|
||||
BIND9_BIND9_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/bind9/include"
|
||||
BIND9_IRS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/irs/include"
|
||||
+ BIND9_DNS_PKCS11_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/dns-pkcs11/include"
|
||||
+ BIND9_NS_PKCS11_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/ns-pkcs11/include"
|
||||
else
|
||||
BIND9_ISC_BUILDINCLUDE=""
|
||||
BIND9_ISCCC_BUILDINCLUDE=""
|
||||
@@ -2343,6 +2349,8 @@ else
|
||||
BIND9_NS_BUILDINCLUDE=""
|
||||
BIND9_BIND9_BUILDINCLUDE=""
|
||||
BIND9_IRS_BUILDINCLUDE=""
|
||||
+ BIND9_DNS_PKCS11_BUILDINCLUDE=""
|
||||
+ BIND9_NS_PKCS11_BUILDINCLUDE=""
|
||||
fi
|
||||
|
||||
AC_SUBST_FILE(BIND9_MAKE_INCLUDES)
|
||||
@@ -2798,8 +2806,11 @@ AC_CONFIG_FILES([
|
||||
bin/delv/Makefile
|
||||
bin/dig/Makefile
|
||||
bin/dnssec/Makefile
|
||||
+ bin/dnssec-pkcs11/Makefile
|
||||
bin/named/Makefile
|
||||
bin/named/unix/Makefile
|
||||
+ bin/named-pkcs11/Makefile
|
||||
+ bin/named-pkcs11/unix/Makefile
|
||||
bin/nsupdate/Makefile
|
||||
bin/pkcs11/Makefile
|
||||
bin/plugins/Makefile
|
||||
@@ -2861,6 +2872,10 @@ AC_CONFIG_FILES([
|
||||
lib/dns/include/dns/Makefile
|
||||
lib/dns/include/dst/Makefile
|
||||
lib/dns/tests/Makefile
|
||||
+ lib/dns-pkcs11/Makefile
|
||||
+ lib/dns-pkcs11/include/Makefile
|
||||
+ lib/dns-pkcs11/include/dns/Makefile
|
||||
+ lib/dns-pkcs11/include/dst/Makefile
|
||||
lib/irs/Makefile
|
||||
lib/irs/include/Makefile
|
||||
lib/irs/include/irs/Makefile
|
||||
@@ -2893,6 +2908,10 @@ AC_CONFIG_FILES([
|
||||
lib/ns/include/Makefile
|
||||
lib/ns/include/ns/Makefile
|
||||
lib/ns/tests/Makefile
|
||||
+ lib/ns-pkcs11/Makefile
|
||||
+ lib/ns-pkcs11/include/Makefile
|
||||
+ lib/ns-pkcs11/include/ns/Makefile
|
||||
+ lib/ns-pkcs11/tests/Makefile
|
||||
make/Makefile
|
||||
make/mkdep
|
||||
unit/unittest.sh
|
||||
diff --git a/lib/Makefile.in b/lib/Makefile.in
|
||||
index 833964e..058ba2f 100644
|
||||
--- a/lib/Makefile.in
|
||||
+++ b/lib/Makefile.in
|
||||
@@ -15,7 +15,7 @@ top_srcdir = @top_srcdir@
|
||||
# Attempt to disable parallel processing.
|
||||
.NOTPARALLEL:
|
||||
.NO_PARALLEL:
|
||||
-SUBDIRS = isc isccc dns ns isccfg bind9 irs
|
||||
+SUBDIRS = isc isccc dns dns-pkcs11 ns ns-pkcs11 isccfg bind9 irs
|
||||
TARGETS =
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
|
||||
index 58bda3c..d6a45df 100644
|
||||
--- a/lib/dns-pkcs11/Makefile.in
|
||||
+++ b/lib/dns-pkcs11/Makefile.in
|
||||
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
-CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
|
||||
+CINCLUDES = -I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} \
|
||||
${ISC_INCLUDES} \
|
||||
${FSTRM_CFLAGS} \
|
||||
${OPENSSL_CFLAGS} @DST_GSSAPI_INC@ \
|
||||
@@ -32,7 +32,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
|
||||
${LMDB_CFLAGS} \
|
||||
${MAXMINDDB_CFLAGS}
|
||||
|
||||
-CDEFINES = @USE_GSSAPI@
|
||||
+CDEFINES = @USE_GSSAPI@ @USE_PKCS11@
|
||||
|
||||
CWARNINGS =
|
||||
|
||||
@@ -135,15 +135,15 @@ version.@O@: version.c
|
||||
-DMAPAPI=\"${MAPAPI}\" \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libdns.@SA@: ${OBJS}
|
||||
+libdns-pkcs11.@SA@: ${OBJS}
|
||||
${AR} ${ARFLAGS} $@ ${OBJS}
|
||||
${RANLIB} $@
|
||||
|
||||
-libdns.la: ${OBJS}
|
||||
+libdns-pkcs11.la: ${OBJS}
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns.la -rpath ${libdir} \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-pkcs11.la -rpath ${libdir} \
|
||||
-release "${VERSION}" \
|
||||
- ${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
|
||||
+ ${OBJS} ${ISCLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS}
|
||||
|
||||
include: gen
|
||||
${MAKE} include/dns/enumtype.h
|
||||
@@ -174,22 +174,22 @@ gen: gen.c
|
||||
${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c \
|
||||
${BUILD_LIBS} ${LFS_LIBS}
|
||||
|
||||
-timestamp: include libdns.@A@
|
||||
+timestamp: include libdns-pkcs11.@A@
|
||||
touch timestamp
|
||||
|
||||
-testdirs: libdns.@A@
|
||||
+testdirs: libdns-pkcs11.@A@
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libdns.@A@ ${DESTDIR}${libdir}
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libdns-pkcs11.@A@ ${DESTDIR}${libdir}
|
||||
|
||||
uninstall::
|
||||
- ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libdns.@A@
|
||||
+ ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libdns-pkcs11.@A@
|
||||
|
||||
clean distclean::
|
||||
- rm -f libdns.@A@ timestamp
|
||||
+ rm -f libdns-pkcs11.@A@ timestamp
|
||||
rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
|
||||
rm -f include/dns/rdatastruct.h
|
||||
rm -f dnstap.pb-c.c dnstap.pb-c.h
|
||||
diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in
|
||||
index 3bb5e01..c96fe7d 100644
|
||||
--- a/lib/dns-pkcs11/tests/Makefile.in
|
||||
+++ b/lib/dns-pkcs11/tests/Makefile.in
|
||||
@@ -15,15 +15,15 @@ VERSION=@BIND9_VERSION@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
-CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \
|
||||
+CINCLUDES = -I. -Iinclude ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \
|
||||
${FSTRM_CFLAGS} ${OPENSSL_CFLAGS} \
|
||||
${PROTOBUF_C_CFLAGS} ${MAXMINDDB_CFLAGS} @CMOCKA_CFLAGS@
|
||||
-CDEFINES = -DTESTS="\"${top_builddir}/lib/dns/tests/\""
|
||||
+CDEFINES = @USE_PKCS11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\""
|
||||
|
||||
ISCLIBS = ../../isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
|
||||
ISCDEPLIBS = ../../isc/libisc.@A@
|
||||
-DNSLIBS = ../libdns.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
-DNSDEPLIBS = ../libdns.@A@
|
||||
+DNSLIBS = ../libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
+DNSDEPLIBS = ../libdns-pkcs11.@A@
|
||||
|
||||
LIBS = @LIBS@ @CMOCKA_LIBS@
|
||||
|
||||
diff --git a/lib/ns-pkcs11/Makefile.in b/lib/ns-pkcs11/Makefile.in
|
||||
index bc683ce..7a9d2f2 100644
|
||||
--- a/lib/ns-pkcs11/Makefile.in
|
||||
+++ b/lib/ns-pkcs11/Makefile.in
|
||||
@@ -16,12 +16,12 @@ VERSION=@BIND9_VERSION@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
-CINCLUDES = -I. -I${top_srcdir}/lib/ns -Iinclude \
|
||||
- ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
|
||||
+CINCLUDES = -I. -I${top_srcdir}/lib/ns-pkcs11 -Iinclude \
|
||||
+ ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \
|
||||
${OPENSSL_CFLAGS} @DST_GSSAPI_INC@ \
|
||||
${FSTRM_CFLAGS}
|
||||
|
||||
-CDEFINES = -DNAMED_PLUGINDIR=\"${plugindir}\"
|
||||
+CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\"
|
||||
|
||||
CWARNINGS =
|
||||
|
||||
@@ -29,9 +29,9 @@ ISCLIBS = ../../lib/isc/libisc.@A@
|
||||
|
||||
ISCDEPLIBS = ../../lib/isc/libisc.@A@
|
||||
|
||||
-DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
|
||||
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
|
||||
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
@@ -60,28 +60,28 @@ version.@O@: version.c
|
||||
-DMAJOR=\"${MAJOR}\" \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libns.@SA@: ${OBJS}
|
||||
+libns-pkcs11.@SA@: ${OBJS}
|
||||
${AR} ${ARFLAGS} $@ ${OBJS}
|
||||
${RANLIB} $@
|
||||
|
||||
-libns.la: ${OBJS}
|
||||
+libns-pkcs11.la: ${OBJS}
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libns.la -rpath ${libdir} \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libns-pkcs11.la -rpath ${libdir} \
|
||||
-release "${VERSION}" \
|
||||
- ${OBJS} ${ISCLIBS} ${DNSLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
|
||||
+ ${OBJS} ${ISCLIBS} ${DNSLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS}
|
||||
|
||||
-timestamp: libns.@A@
|
||||
+timestamp: libns-pkcs11.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libns.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libns-pkcs11.@A@ \
|
||||
${DESTDIR}${libdir}
|
||||
|
||||
uninstall::
|
||||
- ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libns.@A@
|
||||
+ ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libns-pkcs11.@A@
|
||||
|
||||
clean distclean::
|
||||
- rm -f libns.@A@ timestamp
|
||||
+ rm -f libns-pkcs11.@A@ timestamp
|
||||
diff --git a/lib/ns-pkcs11/tests/Makefile.in b/lib/ns-pkcs11/tests/Makefile.in
|
||||
index 4c3e694..c1b6d99 100644
|
||||
--- a/lib/ns-pkcs11/tests/Makefile.in
|
||||
+++ b/lib/ns-pkcs11/tests/Makefile.in
|
||||
@@ -17,17 +17,17 @@ VERSION=@BIND9_VERSION@
|
||||
|
||||
WRAP_OPTIONS = -Wl,--wrap=isc__nmhandle_detach -Wl,--wrap=isc__nmhandle_attach
|
||||
|
||||
-CINCLUDES = -I. -Iinclude ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
|
||||
+CINCLUDES = -I. -Iinclude ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \
|
||||
${OPENSSL_CFLAGS} \
|
||||
@CMOCKA_CFLAGS@
|
||||
-CDEFINES = -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\"
|
||||
+CDEFINES = -DTESTS="\"${top_builddir}/lib/ns-pkcs11/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\" @USE_PKCS11@
|
||||
|
||||
ISCLIBS = ../../isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
|
||||
ISCDEPLIBS = ../../isc/libisc.@A@
|
||||
-DNSLIBS = ../../dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
-DNSDEPLIBS = ../../dns/libdns.@A@
|
||||
-NSLIBS = ../libns.@A@
|
||||
-NSDEPLIBS = ../libns.@A@
|
||||
+DNSLIBS = ../../dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
|
||||
+DNSDEPLIBS = ../../dns-pkcs11/libdns-pkcs11.@A@
|
||||
+NSLIBS = ../libns-pkcs11.@A@
|
||||
+NSDEPLIBS = ../libns-pkcs11.@A@
|
||||
|
||||
LIBS = @LIBS@ @CMOCKA_LIBS@
|
||||
|
||||
diff --git a/make/includes.in b/make/includes.in
|
||||
index b8317d3..b73b0c4 100644
|
||||
--- a/make/includes.in
|
||||
+++ b/make/includes.in
|
||||
@@ -39,3 +39,10 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
|
||||
|
||||
TEST_INCLUDES = \
|
||||
-I${top_srcdir}/lib/tests/include
|
||||
+
|
||||
+DNS_PKCS11_INCLUDES = @BIND9_DNS_PKCS11_BUILDINCLUDE@ \
|
||||
+ -I${top_srcdir}/lib/dns-pkcs11/include
|
||||
+
|
||||
+NS_PKCS11_INCLUDES = @BIND9_NS_PKCS11_BUILDINCLUDE@ \
|
||||
+ -I${top_srcdir}/lib/ns-pkcs11/include
|
||||
+
|
||||
--
|
||||
2.26.3
|
||||
|
59
SOURCES/bind-9.11-feature-test-named.patch
Normal file
59
SOURCES/bind-9.11-feature-test-named.patch
Normal file
@ -0,0 +1,59 @@
|
||||
From e645046202006750f87531e21e3ff7c26fba3466 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Wed, 30 Jan 2019 14:37:17 +0100
|
||||
Subject: [PATCH] Create feature-test in source directory
|
||||
|
||||
Feature-test tool is used in system tests to test compiled in changes.
|
||||
Because we build more variants of named with different configuration,
|
||||
compile feature-test for each of them this way.
|
||||
---
|
||||
bin/named/Makefile.in | 12 +++++++++++-
|
||||
bin/tests/system/conf.sh.in | 2 +-
|
||||
2 files changed, 12 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
|
||||
index 37053a7..ed9add2 100644
|
||||
--- a/bin/named/Makefile.in
|
||||
+++ b/bin/named/Makefile.in
|
||||
@@ -91,7 +91,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
|
||||
|
||||
SUBDIRS = unix
|
||||
|
||||
-TARGETS = named@EXEEXT@
|
||||
+TARGETS = named@EXEEXT@ feature-test@EXEEXT@
|
||||
|
||||
GEOIP2LINKOBJS = geoip.@O@
|
||||
|
||||
@@ -154,6 +154,16 @@ named@EXEEXT@: ${OBJS} ${DEPLIBS}
|
||||
export BASEOBJS="${OBJS} ${UOBJS}"; \
|
||||
${FINALBUILDCMD}
|
||||
|
||||
+# Bit of hack, do not produce intermediate .o object for featuretest
|
||||
+feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c
|
||||
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
|
||||
+ -c ${top_srcdir}/bin/tests/system/feature-test.c
|
||||
+
|
||||
+feature-test@EXEEXT@: feature-test.@O@
|
||||
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \
|
||||
+ -o $@ feature-test.@O@ ${ISCLIBS} ${LIBS}
|
||||
+
|
||||
+
|
||||
clean distclean maintainer-clean::
|
||||
rm -f ${TARGETS} ${OBJS}
|
||||
|
||||
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
|
||||
index 7934930..e84fde2 100644
|
||||
--- a/bin/tests/system/conf.sh.in
|
||||
+++ b/bin/tests/system/conf.sh.in
|
||||
@@ -37,7 +37,7 @@ DELV=$TOP/bin/delv/delv
|
||||
DIG=$TOP/bin/dig/dig
|
||||
DNSTAPREAD=$TOP/bin/tools/dnstap-read
|
||||
DSFROMKEY=$TOP/bin/dnssec/dnssec-dsfromkey
|
||||
-FEATURETEST=$TOP/bin/tests/system/feature-test
|
||||
+FEATURETEST=$TOP/bin/named/feature-test
|
||||
FSTRM_CAPTURE=@FSTRM_CAPTURE@
|
||||
HOST=$TOP/bin/dig/host
|
||||
IMPORTKEY=$TOP/bin/dnssec/dnssec-importkey
|
||||
--
|
||||
2.26.2
|
||||
|
959
SOURCES/bind-9.11-fips-tests.patch
Normal file
959
SOURCES/bind-9.11-fips-tests.patch
Normal file
@ -0,0 +1,959 @@
|
||||
From 3f04cf343dbeb8819197702ce1be737e26e0638a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 2 Aug 2018 23:46:45 +0200
|
||||
Subject: [PATCH] FIPS tests changes
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Squashed commit of the following:
|
||||
|
||||
commit 09e5eb48698d4fef2fc1031870de86c553b6bfaa
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 20:35:13 2018 +0100
|
||||
|
||||
Fix nsupdate test. Do not use md5 by default for rndc, skip gracefully md5 if not available.
|
||||
|
||||
commit ab303db70082db76ecf36493d0b82ef3e8750cad
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 18:11:10 2018 +0100
|
||||
|
||||
Changed root key to be RSASHA256
|
||||
|
||||
Change bad trusted key to be the same algorithm.
|
||||
|
||||
commit 88ab07c0e14cc71247e1f9d11a1ea832b64c1ee8
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 16:56:17 2018 +0100
|
||||
|
||||
Change used key to not use hmac-md5
|
||||
|
||||
Fix upforwd test, do not use hmac-md5
|
||||
|
||||
commit aec891571626f053acfb4d0a247240cbc21a84e9
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 15:54:11 2018 +0100
|
||||
|
||||
Increase bitsize of DSA key to pass FIPS 140-2 mode.
|
||||
|
||||
commit bca8e164fa0d9aff2f946b8b4eb0f1f7e0bf6696
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 15:41:08 2018 +0100
|
||||
|
||||
Fix tsig and rndc tests for disabled md5
|
||||
|
||||
Use hmac-sha256 instead of hmac-md5.
|
||||
|
||||
commit 0d314c1ab6151aa13574a21ad22f28d3b7f42a67
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 13:21:00 2018 +0100
|
||||
|
||||
Add md5 availability detection to featuretest
|
||||
|
||||
commit f389a918803e2853e4b55fed62765dc4a492e34f
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 10:44:23 2018 +0100
|
||||
|
||||
Change tests to not use hmac-md5 algorithms if not required
|
||||
|
||||
Use hmac-sha256 instead of default hmac-md5 for allow-query
|
||||
---
|
||||
bin/tests/system/acl/ns2/named1.conf.in | 4 +-
|
||||
bin/tests/system/acl/ns2/named2.conf.in | 4 +-
|
||||
bin/tests/system/acl/ns2/named3.conf.in | 6 +-
|
||||
bin/tests/system/acl/ns2/named4.conf.in | 4 +-
|
||||
bin/tests/system/acl/ns2/named5.conf.in | 4 +-
|
||||
bin/tests/system/acl/tests.sh | 32 ++++-----
|
||||
.../system/allow-query/ns2/named10.conf.in | 2 +-
|
||||
.../system/allow-query/ns2/named11.conf.in | 4 +-
|
||||
.../system/allow-query/ns2/named12.conf.in | 2 +-
|
||||
.../system/allow-query/ns2/named30.conf.in | 2 +-
|
||||
.../system/allow-query/ns2/named31.conf.in | 4 +-
|
||||
.../system/allow-query/ns2/named32.conf.in | 2 +-
|
||||
.../system/allow-query/ns2/named40.conf.in | 4 +-
|
||||
bin/tests/system/allow-query/tests.sh | 18 ++---
|
||||
bin/tests/system/catz/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/catz/ns2/named.conf.in | 2 +-
|
||||
bin/tests/system/checkconf/bad-tsig.conf | 2 +-
|
||||
bin/tests/system/checkconf/good.conf | 2 +-
|
||||
bin/tests/system/feature-test.c | 14 ++++
|
||||
bin/tests/system/notify/ns5/named.conf.in | 6 +-
|
||||
bin/tests/system/notify/tests.sh | 6 +-
|
||||
bin/tests/system/nsupdate/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/nsupdate/ns2/named.conf.in | 2 +-
|
||||
bin/tests/system/nsupdate/setup.sh | 6 +-
|
||||
bin/tests/system/nsupdate/tests.sh | 15 +++--
|
||||
bin/tests/system/rndc/setup.sh | 2 +-
|
||||
bin/tests/system/rndc/tests.sh | 23 ++++---
|
||||
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
|
||||
bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++
|
||||
bin/tests/system/tsig/setup.sh | 5 ++
|
||||
bin/tests/system/tsig/tests.sh | 65 ++++++++++++-------
|
||||
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/upforwd/tests.sh | 2 +-
|
||||
33 files changed, 162 insertions(+), 108 deletions(-)
|
||||
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
index 60f22e1..249f672 100644
|
||||
--- a/bin/tests/system/acl/ns2/named1.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
index ada97bc..f82d858 100644
|
||||
--- a/bin/tests/system/acl/ns2/named2.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
index 97684e4..de6a2e9 100644
|
||||
--- a/bin/tests/system/acl/ns2/named3.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
@@ -33,17 +33,17 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key three {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
index 462b3fa..994b35c 100644
|
||||
--- a/bin/tests/system/acl/ns2/named4.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
index 728da58..8f00d09 100644
|
||||
--- a/bin/tests/system/acl/ns2/named5.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
@@ -35,12 +35,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
|
||||
index be59d64..13d5bdc 100644
|
||||
--- a/bin/tests/system/acl/tests.sh
|
||||
+++ b/bin/tests/system/acl/tests.sh
|
||||
@@ -22,14 +22,14 @@ echo_i "testing basic ACL processing"
|
||||
# key "one" should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
|
||||
# any other key should be fine
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
copy_setports ns2/named2.conf.in ns2/named.conf
|
||||
@@ -39,18 +39,18 @@ sleep 5
|
||||
# prefix 10/8 should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# any other address should work, as long as it sends key "one"
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
echo_i "testing nested ACL processing"
|
||||
@@ -62,31 +62,31 @@ sleep 5
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# but only one or the other should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
t=`expr $t + 1`
|
||||
@@ -97,7 +97,7 @@ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1
|
||||
# and other values? right out
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 127.0.0.1 axfr -y three:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:three:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two
|
||||
@@ -108,31 +108,31 @@ sleep 5
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.3 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
echo_i "testing allow-query-on ACL processing"
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
index 7d43e36..f7b25f9 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
index 2952518..121557e 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
@@ -10,12 +10,12 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234efgh8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
index 0c01071..ceabbb5 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
index 4c17292..9cd9d1f 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
index a2690a4..f488730 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
@@ -10,12 +10,12 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234efgh8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
index a0708c8..51fa457 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
index 687768e..d24d6d2 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
@@ -14,12 +14,12 @@ acl accept { 10.53.0.2; };
|
||||
acl badaccept { 10.53.0.1; };
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234efgh8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh
|
||||
index fe40635..543c663 100644
|
||||
--- a/bin/tests/system/allow-query/tests.sh
|
||||
+++ b/bin/tests/system/allow-query/tests.sh
|
||||
@@ -182,7 +182,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key allowed - query allowed"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -195,7 +195,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key not allowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -208,7 +208,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key disallowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -341,7 +341,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key allowed - query allowed"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -354,7 +354,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key not allowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -367,7 +367,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key disallowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -500,7 +500,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key allowed - query allowed"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -510,7 +510,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key not allowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -520,7 +520,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key disallowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
|
||||
index 1218669..e62715e 100644
|
||||
--- a/bin/tests/system/catz/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/catz/ns1/named.conf.in
|
||||
@@ -61,5 +61,5 @@ zone "catalog4.example" {
|
||||
|
||||
key tsig_key. {
|
||||
secret "LSAnCU+Z";
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
};
|
||||
diff --git a/bin/tests/system/catz/ns2/named.conf.in b/bin/tests/system/catz/ns2/named.conf.in
|
||||
index 30333e6..4005152 100644
|
||||
--- a/bin/tests/system/catz/ns2/named.conf.in
|
||||
+++ b/bin/tests/system/catz/ns2/named.conf.in
|
||||
@@ -70,5 +70,5 @@ zone "catalog4.example" {
|
||||
|
||||
key tsig_key. {
|
||||
secret "LSAnCU+Z";
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
};
|
||||
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
|
||||
index 21be03e..e57c308 100644
|
||||
--- a/bin/tests/system/checkconf/bad-tsig.conf
|
||||
+++ b/bin/tests/system/checkconf/bad-tsig.conf
|
||||
@@ -11,7 +11,7 @@
|
||||
|
||||
/* Bad secret */
|
||||
key "badtsig" {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "jEdD+BPKg==";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
|
||||
index e09b9e8..2e824b3 100644
|
||||
--- a/bin/tests/system/checkconf/good.conf
|
||||
+++ b/bin/tests/system/checkconf/good.conf
|
||||
@@ -210,6 +210,6 @@ dyndb "name" "library.so" {
|
||||
system;
|
||||
};
|
||||
key "mykey" {
|
||||
- algorithm "hmac-md5";
|
||||
+ algorithm "hmac-sha256";
|
||||
secret "qwertyuiopasdfgh";
|
||||
};
|
||||
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
|
||||
index 877504f..577660a 100644
|
||||
--- a/bin/tests/system/feature-test.c
|
||||
+++ b/bin/tests/system/feature-test.c
|
||||
@@ -14,6 +14,7 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
+#include <isc/md.h>
|
||||
#include <isc/net.h>
|
||||
#include <isc/print.h>
|
||||
#include <isc/util.h>
|
||||
@@ -186,6 +187,19 @@ main(int argc, char **argv) {
|
||||
#endif /* ifdef DLZ_FILESYSTEM */
|
||||
}
|
||||
|
||||
+ if (strcmp(argv[1], "--md5") == 0) {
|
||||
+ unsigned char digest[ISC_MAX_MD_SIZE];
|
||||
+ const unsigned char test[] = "test";
|
||||
+ unsigned int size = sizeof(digest);
|
||||
+
|
||||
+ if (isc_md(ISC_MD_MD5, test, sizeof(test),
|
||||
+ digest, &size) == ISC_R_SUCCESS) {
|
||||
+ return (0);
|
||||
+ } else {
|
||||
+ return (1);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (strcmp(argv[1], "--with-idn") == 0) {
|
||||
#ifdef HAVE_LIBIDN2
|
||||
return (0);
|
||||
diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
|
||||
index 1ee8df4..2b75d9a 100644
|
||||
--- a/bin/tests/system/notify/ns5/named.conf.in
|
||||
+++ b/bin/tests/system/notify/ns5/named.conf.in
|
||||
@@ -10,17 +10,17 @@
|
||||
*/
|
||||
|
||||
key "a" {
|
||||
- algorithm "hmac-md5";
|
||||
+ algorithm "hmac-sha256";
|
||||
secret "aaaaaaaaaaaaaaaaaaaa";
|
||||
};
|
||||
|
||||
key "b" {
|
||||
- algorithm "hmac-md5";
|
||||
+ algorithm "hmac-sha256";
|
||||
secret "bbbbbbbbbbbbbbbbbbbb";
|
||||
};
|
||||
|
||||
key "c" {
|
||||
- algorithm "hmac-md5";
|
||||
+ algorithm "hmac-sha256";
|
||||
secret "cccccccccccccccccccc";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
|
||||
index 3d7e0b7..ec4d9a7 100644
|
||||
--- a/bin/tests/system/notify/tests.sh
|
||||
+++ b/bin/tests/system/notify/tests.sh
|
||||
@@ -212,16 +212,16 @@ ret=0
|
||||
$NSUPDATE << EOF
|
||||
server 10.53.0.5 ${PORT}
|
||||
zone x21
|
||||
-key a aaaaaaaaaaaaaaaaaaaa
|
||||
+key hmac-sha256:a aaaaaaaaaaaaaaaaaaaa
|
||||
update add added.x21 0 in txt "test string"
|
||||
send
|
||||
EOF
|
||||
|
||||
for i in 1 2 3 4 5 6 7 8 9
|
||||
do
|
||||
- $DIG $DIGOPTS added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
||||
+ $DIG $DIGOPTS added.x21. -y hmac-sha256:b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
||||
txt > dig.out.b.ns5.test$n || ret=1
|
||||
- $DIG $DIGOPTS added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \
|
||||
+ $DIG $DIGOPTS added.x21. -y hmac-sha256:c:cccccccccccccccccccc @10.53.0.5 \
|
||||
txt > dig.out.c.ns5.test$n || ret=1
|
||||
grep "test string" dig.out.b.ns5.test$n > /dev/null &&
|
||||
grep "test string" dig.out.c.ns5.test$n > /dev/null &&
|
||||
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
index b51e700..436c97d 100644
|
||||
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
@@ -37,7 +37,7 @@ controls {
|
||||
};
|
||||
|
||||
key altkey {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha512;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
index da6b3b4..c547e47 100644
|
||||
--- a/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
@@ -32,7 +32,7 @@ controls {
|
||||
};
|
||||
|
||||
key altkey {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha512;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
|
||||
index c055da3..4e1242b 100644
|
||||
--- a/bin/tests/system/nsupdate/setup.sh
|
||||
+++ b/bin/tests/system/nsupdate/setup.sh
|
||||
@@ -56,7 +56,11 @@ EOF
|
||||
|
||||
$DDNSCONFGEN -q -z example.nil > ns1/ddns.key
|
||||
|
||||
-$DDNSCONFGEN -q -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
|
||||
+if $FEATURETEST --md5; then
|
||||
+ $DDNSCONFGEN -q -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
|
||||
+else
|
||||
+ echo -n > ns1/md5.key
|
||||
+fi
|
||||
$DDNSCONFGEN -q -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key
|
||||
$DDNSCONFGEN -q -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
|
||||
$DDNSCONFGEN -q -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
|
||||
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
|
||||
index b35d797..41c128e 100755
|
||||
--- a/bin/tests/system/nsupdate/tests.sh
|
||||
+++ b/bin/tests/system/nsupdate/tests.sh
|
||||
@@ -797,7 +797,14 @@ fi
|
||||
n=`expr $n + 1`
|
||||
ret=0
|
||||
echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
|
||||
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ ALGS="md5 sha1 sha224 sha256 sha384 sha512"
|
||||
+else
|
||||
+ ALGS="sha1 sha224 sha256 sha384 sha512"
|
||||
+ echo_i "skipping disabled md5 algorithm"
|
||||
+fi
|
||||
+for alg in $ALGS; do
|
||||
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
|
||||
server 10.53.0.1 ${PORT}
|
||||
update add ${alg}.keytests.nil. 600 A 10.10.10.3
|
||||
@@ -805,7 +812,7 @@ send
|
||||
END
|
||||
done
|
||||
sleep 2
|
||||
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
||||
+for alg in $ALGS; do
|
||||
$DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
|
||||
done
|
||||
if [ $ret -ne 0 ]; then
|
||||
@@ -816,7 +823,7 @@ fi
|
||||
n=`expr $n + 1`
|
||||
ret=0
|
||||
echo_i "check TSIG key algorithms (nsupdate -y) ($n)"
|
||||
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
||||
+for alg in $ALGS; do
|
||||
secret=$(sed -n 's/.*secret "\(.*\)";.*/\1/p' ns1/${alg}.key)
|
||||
$NSUPDATE -y "hmac-${alg}:${alg}-key:$secret" <<END > /dev/null || ret=1
|
||||
server 10.53.0.1 ${PORT}
|
||||
@@ -825,7 +832,7 @@ send
|
||||
END
|
||||
done
|
||||
sleep 2
|
||||
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
||||
+for alg in $ALGS; do
|
||||
$DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.50 > /dev/null 2>&1 || ret=1
|
||||
done
|
||||
if [ $ret -ne 0 ]; then
|
||||
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
|
||||
index b59e7a7..04d5f5a 100644
|
||||
--- a/bin/tests/system/rndc/setup.sh
|
||||
+++ b/bin/tests/system/rndc/setup.sh
|
||||
@@ -33,7 +33,7 @@ make_key () {
|
||||
sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf
|
||||
}
|
||||
|
||||
-make_key 1 ${EXTRAPORT1} hmac-md5
|
||||
+$FEATURETEST --md5 && make_key 1 ${EXTRAPORT1} hmac-md5
|
||||
make_key 2 ${EXTRAPORT2} hmac-sha1
|
||||
make_key 3 ${EXTRAPORT3} hmac-sha224
|
||||
make_key 4 ${EXTRAPORT4} hmac-sha256
|
||||
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
|
||||
index 9fd84ed..d0b188f 100644
|
||||
--- a/bin/tests/system/rndc/tests.sh
|
||||
+++ b/bin/tests/system/rndc/tests.sh
|
||||
@@ -348,15 +348,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
n=`expr $n + 1`
|
||||
-echo_i "testing rndc with hmac-md5 ($n)"
|
||||
-ret=0
|
||||
-$RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
|
||||
-for i in 2 3 4 5 6
|
||||
-do
|
||||
- $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
|
||||
-done
|
||||
-if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
-status=`expr $status + $ret`
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ echo_i "testing rndc with hmac-md5 ($n)"
|
||||
+ ret=0
|
||||
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
|
||||
+ for i in 2 3 4 5 6
|
||||
+ do
|
||||
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
|
||||
+ done
|
||||
+ if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
+ status=`expr $status + $ret`
|
||||
+else
|
||||
+ echo_i "skipping rndc with hmac-md5 ($n)"
|
||||
+fi
|
||||
|
||||
n=`expr $n + 1`
|
||||
echo_i "testing rndc with hmac-sha1 ($n)"
|
||||
diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in
|
||||
index 3470c4f..cf539cd 100644
|
||||
--- a/bin/tests/system/tsig/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/tsig/ns1/named.conf.in
|
||||
@@ -21,10 +21,7 @@ options {
|
||||
notify no;
|
||||
};
|
||||
|
||||
-key "md5" {
|
||||
- secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
- algorithm hmac-md5;
|
||||
-};
|
||||
+# md5 key appended by setup.sh at the end
|
||||
|
||||
key "sha1" {
|
||||
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
||||
@@ -51,10 +48,7 @@ key "sha512" {
|
||||
algorithm hmac-sha512;
|
||||
};
|
||||
|
||||
-key "md5-trunc" {
|
||||
- secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
- algorithm hmac-md5-80;
|
||||
-};
|
||||
+# md5-trunc key appended by setup.sh at the end
|
||||
|
||||
key "sha1-trunc" {
|
||||
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
||||
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
new file mode 100644
|
||||
index 0000000..0682194
|
||||
--- /dev/null
|
||||
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
@@ -0,0 +1,10 @@
|
||||
+# Conditionally included when support for MD5 is available
|
||||
+key "md5" {
|
||||
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
+ algorithm hmac-md5;
|
||||
+};
|
||||
+
|
||||
+key "md5-trunc" {
|
||||
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
+ algorithm hmac-md5-80;
|
||||
+};
|
||||
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
|
||||
index e3b4a45..ae21d04 100644
|
||||
--- a/bin/tests/system/tsig/setup.sh
|
||||
+++ b/bin/tests/system/tsig/setup.sh
|
||||
@@ -15,3 +15,8 @@ SYSTEMTESTTOP=..
|
||||
$SHELL clean.sh
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
+
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ cat ns1/rndc5.conf.in >> ns1/named.conf
|
||||
+fi
|
||||
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
|
||||
index 38d842a..668aa6f 100644
|
||||
--- a/bin/tests/system/tsig/tests.sh
|
||||
+++ b/bin/tests/system/tsig/tests.sh
|
||||
@@ -26,20 +26,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
|
||||
|
||||
status=0
|
||||
|
||||
-echo_i "fetching using hmac-md5 (old form)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "md5:$md5" @10.53.0.1 soa > dig.out.md5.old || ret=1
|
||||
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.old > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
-fi
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ echo_i "fetching using hmac-md5 (old form)"
|
||||
+ ret=0
|
||||
+ $DIG $DIGOPTS example.nil. -y "md5:$md5" @10.53.0.1 soa > dig.out.md5.old || ret=1
|
||||
+ grep -i "md5.*TSIG.*NOERROR" dig.out.md5.old > /dev/null || ret=1
|
||||
+ if [ $ret -eq 1 ] ; then
|
||||
+ echo_i "failed"; status=1
|
||||
+ fi
|
||||
|
||||
-echo_i "fetching using hmac-md5 (new form)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
||||
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
+ echo_i "fetching using hmac-md5 (new form)"
|
||||
+ ret=0
|
||||
+ $DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
||||
+ grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
||||
+ if [ $ret -eq 1 ] ; then
|
||||
+ echo_i "failed"; status=1
|
||||
+ fi
|
||||
+else
|
||||
+ echo_i "skipping using hmac-md5"
|
||||
fi
|
||||
|
||||
echo_i "fetching using hmac-sha1"
|
||||
@@ -87,12 +92,17 @@ fi
|
||||
# Truncated TSIG
|
||||
#
|
||||
#
|
||||
-echo_i "fetching using hmac-md5 (trunc)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5-trunc:$md5" @10.53.0.1 soa > dig.out.md5.trunc || ret=1
|
||||
-grep -i "md5-trunc.*TSIG.*NOERROR" dig.out.md5.trunc > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ echo_i "fetching using hmac-md5 (trunc)"
|
||||
+ ret=0
|
||||
+ $DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5-trunc:$md5" @10.53.0.1 soa > dig.out.md5.trunc || ret=1
|
||||
+ grep -i "md5-trunc.*TSIG.*NOERROR" dig.out.md5.trunc > /dev/null || ret=1
|
||||
+ if [ $ret -eq 1 ] ; then
|
||||
+ echo_i "failed"; status=1
|
||||
+ fi
|
||||
+else
|
||||
+ echo_i "skipping using hmac-md5 (trunc)"
|
||||
fi
|
||||
|
||||
echo_i "fetching using hmac-sha1 (trunc)"
|
||||
@@ -141,12 +151,17 @@ fi
|
||||
# Check for bad truncation.
|
||||
#
|
||||
#
|
||||
-echo_i "fetching using hmac-md5-80 (BADTRUNC)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5:$md5" @10.53.0.1 soa > dig.out.md5-80 || ret=1
|
||||
-grep -i "md5.*TSIG.*BADTRUNC" dig.out.md5-80 > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ echo_i "fetching using hmac-md5-80 (BADTRUNC)"
|
||||
+ ret=0
|
||||
+ $DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5:$md5" @10.53.0.1 soa > dig.out.md5-80 || ret=1
|
||||
+ grep -i "md5.*TSIG.*BADTRUNC" dig.out.md5-80 > /dev/null || ret=1
|
||||
+ if [ $ret -eq 1 ] ; then
|
||||
+ echo_i "failed"; status=1
|
||||
+ fi
|
||||
+else
|
||||
+ echo_i "skipping using hmac-md5-80 (BADTRUNC)"
|
||||
fi
|
||||
|
||||
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
|
||||
diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
index 3873c7c..b359a5a 100644
|
||||
--- a/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
key "update.example." {
|
||||
- algorithm "hmac-md5";
|
||||
+ algorithm "hmac-sha256";
|
||||
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
|
||||
index a50c896..8062d68 100644
|
||||
--- a/bin/tests/system/upforwd/tests.sh
|
||||
+++ b/bin/tests/system/upforwd/tests.sh
|
||||
@@ -79,7 +79,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
|
||||
|
||||
echo_i "updating zone (signed) ($n)"
|
||||
ret=0
|
||||
-$NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1
|
||||
+$NSUPDATE -y hmac-sha256:update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
update add updated.example. 600 A 10.10.10.1
|
||||
update add updated.example. 600 TXT Foo
|
||||
--
|
||||
2.26.2
|
||||
|
58
SOURCES/bind-9.11-kyua-pkcs11.patch
Normal file
58
SOURCES/bind-9.11-kyua-pkcs11.patch
Normal file
@ -0,0 +1,58 @@
|
||||
From 1241f2005d08673c28a595c5a6cd61350b95a929 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Tue, 2 Jan 2018 18:13:07 +0100
|
||||
Subject: [PATCH] Fix pkcs11 variants atf tests
|
||||
|
||||
Add dns-pkcs11 tests Makefile to configure
|
||||
|
||||
Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode
|
||||
---
|
||||
configure.ac | 1 +
|
||||
lib/Kyuafile | 2 ++
|
||||
lib/dns-pkcs11/tests/dh_test.c | 3 ++-
|
||||
3 files changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index d80ae31..0fb9328 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -3090,6 +3090,7 @@ AC_CONFIG_FILES([
|
||||
lib/dns-pkcs11/include/Makefile
|
||||
lib/dns-pkcs11/include/dns/Makefile
|
||||
lib/dns-pkcs11/include/dst/Makefile
|
||||
+ lib/dns-pkcs11/tests/Makefile
|
||||
lib/irs/Makefile
|
||||
lib/irs/include/Makefile
|
||||
lib/irs/include/irs/Makefile
|
||||
diff --git a/lib/Kyuafile b/lib/Kyuafile
|
||||
index 39ce986..037e5ef 100644
|
||||
--- a/lib/Kyuafile
|
||||
+++ b/lib/Kyuafile
|
||||
@@ -2,8 +2,10 @@ syntax(2)
|
||||
test_suite('bind9')
|
||||
|
||||
include('dns/Kyuafile')
|
||||
+include('dns-pkcs11/Kyuafile')
|
||||
include('irs/Kyuafile')
|
||||
include('isc/Kyuafile')
|
||||
include('isccc/Kyuafile')
|
||||
include('isccfg/Kyuafile')
|
||||
include('ns/Kyuafile')
|
||||
+include('ns-pkcs11/Kyuafile')
|
||||
diff --git a/lib/dns-pkcs11/tests/dh_test.c b/lib/dns-pkcs11/tests/dh_test.c
|
||||
index 934e8fd..658d1af 100644
|
||||
--- a/lib/dns-pkcs11/tests/dh_test.c
|
||||
+++ b/lib/dns-pkcs11/tests/dh_test.c
|
||||
@@ -87,7 +87,8 @@ dh_computesecret(void **state) {
|
||||
result = dst_key_computesecret(key, key, &buf);
|
||||
assert_int_equal(result, DST_R_NOTPRIVATEKEY);
|
||||
result = key->func->computesecret(key, key, &buf);
|
||||
- assert_int_equal(result, DST_R_COMPUTESECRETFAILURE);
|
||||
+ /* PKCS11 variant gives different result, accept both */
|
||||
+ assert_true(result == DST_R_COMPUTESECRETFAILURE || result == DST_R_INVALIDPRIVATEKEY);
|
||||
|
||||
dst_key_free(&key);
|
||||
}
|
||||
--
|
||||
2.20.1
|
||||
|
29
SOURCES/bind-9.11-rh1666814.patch
Normal file
29
SOURCES/bind-9.11-rh1666814.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From 0f03071080e7fa68433b322359d46abaca2cc5ad Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Wed, 16 Jan 2019 16:27:33 +0100
|
||||
Subject: [PATCH] Fix possible crash when loading corrupted file
|
||||
|
||||
Some values passes internal triggers by coincidence. Fix the check and
|
||||
check also first_node_offset before even passing it further.
|
||||
---
|
||||
lib/dns/rbt.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c
|
||||
index 5aee5f6..7f2c2d2 100644
|
||||
--- a/lib/dns/rbt.c
|
||||
+++ b/lib/dns/rbt.c
|
||||
@@ -945,7 +945,9 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize,
|
||||
rbt->root = (dns_rbtnode_t *)((char *)base_address + header_offset +
|
||||
header->first_node_offset);
|
||||
|
||||
- if ((header->nodecount * sizeof(dns_rbtnode_t)) > filesize) {
|
||||
+ if ((header->nodecount * sizeof(dns_rbtnode_t)) > filesize
|
||||
+ || header->first_node_offset > filesize) {
|
||||
+
|
||||
result = ISC_R_INVALIDFILE;
|
||||
goto cleanup;
|
||||
}
|
||||
--
|
||||
2.31.1
|
||||
|
65
SOURCES/bind-9.11-tests-variants.patch
Normal file
65
SOURCES/bind-9.11-tests-variants.patch
Normal file
@ -0,0 +1,65 @@
|
||||
From 607cec78382b016aad0fe041f2e1895b6896c647 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Fri, 1 Mar 2019 15:48:20 +0100
|
||||
Subject: [PATCH] Make alternative named builds testable in system tests
|
||||
|
||||
Red Hat has alternative variant builds of named, which are not ever
|
||||
tested by system tests. New variables make it relatively easy to test
|
||||
alternative variants.
|
||||
|
||||
For sdb variant use:
|
||||
export NAMED_VARIANT=-sdb DNSSEC_VARIANT=
|
||||
|
||||
For pkcs variant use:
|
||||
export NAMED_VARIANT=-pkcs11 DNSSEC_VARIANT=-pkcs11
|
||||
---
|
||||
bin/tests/system/conf.sh.in | 18 +++++++++---------
|
||||
1 file changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
|
||||
index d859909..9152f07 100644
|
||||
--- a/bin/tests/system/conf.sh.in
|
||||
+++ b/bin/tests/system/conf.sh.in
|
||||
@@ -37,17 +37,17 @@ DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen
|
||||
DELV=$TOP/bin/delv/delv
|
||||
DIG=$TOP/bin/dig/dig
|
||||
DNSTAPREAD=$TOP/bin/tools/dnstap-read
|
||||
-DSFROMKEY=$TOP/bin/dnssec/dnssec-dsfromkey
|
||||
-FEATURETEST=$TOP/bin/named/feature-test
|
||||
+DSFROMKEY=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-dsfromkey${DNSSEC_VARIANT}
|
||||
+FEATURETEST=$TOP/bin/named${NAMED_VARIANT}/feature-test${NAMED_VARIANT}
|
||||
FSTRM_CAPTURE=@FSTRM_CAPTURE@
|
||||
HOST=$TOP/bin/dig/host
|
||||
-IMPORTKEY=$TOP/bin/dnssec/dnssec-importkey
|
||||
+IMPORTKEY=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-importkey${DNSSEC_VARIANT}
|
||||
JOURNALPRINT=$TOP/bin/tools/named-journalprint
|
||||
-KEYFRLAB=$TOP/bin/dnssec/dnssec-keyfromlabel
|
||||
-KEYGEN=$TOP/bin/dnssec/dnssec-keygen
|
||||
+KEYFRLAB=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-keyfromlabel${DNSSEC_VARIANT}
|
||||
+KEYGEN=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-keygen${DNSSEC_VARIANT}
|
||||
KEYMGR=$TOP/bin/python/dnssec-keymgr
|
||||
MDIG=$TOP/bin/tools/mdig
|
||||
-NAMED=$TOP/bin/named/named
|
||||
+NAMED=$TOP/bin/named${NAMED_VARIANT}/named${NAMED_VARIANT}
|
||||
NSEC3HASH=$TOP/bin/tools/nsec3hash
|
||||
NSLOOKUP=$TOP/bin/dig/nslookup
|
||||
NSUPDATE=$TOP/bin/nsupdate/nsupdate
|
||||
@@ -56,12 +56,12 @@ PK11DEL="$TOP/bin/pkcs11/pkcs11-destroy -s ${SLOT:-0} -p ${HSMPIN:-1234} -w 0"
|
||||
PK11GEN="$TOP/bin/pkcs11/pkcs11-keygen -q -s ${SLOT:-0} -p ${HSMPIN:-1234}"
|
||||
PK11LIST="$TOP/bin/pkcs11/pkcs11-list -s ${SLOT:-0} -p ${HSMPIN:-1234}"
|
||||
RESOLVE=$TOP/bin/tests/system/resolve
|
||||
-REVOKE=$TOP/bin/dnssec/dnssec-revoke
|
||||
+REVOKE=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-revoke${DNSSEC_VARIANT}
|
||||
RNDC=$TOP/bin/rndc/rndc
|
||||
RNDCCONFGEN=$TOP/bin/confgen/rndc-confgen
|
||||
RRCHECKER=$TOP/bin/tools/named-rrchecker
|
||||
-SETTIME=$TOP/bin/dnssec/dnssec-settime
|
||||
-SIGNER=$TOP/bin/dnssec/dnssec-signzone
|
||||
+SETTIME=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-settime${DNSSEC_VARIANT}
|
||||
+SIGNER=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-signzone${DNSSEC_VARIANT}
|
||||
TSIGKEYGEN=$TOP/bin/confgen/tsig-keygen
|
||||
VERIFY=$TOP/bin/dnssec/dnssec-verify
|
||||
WIRETEST=$TOP/bin/tests/wire_test
|
||||
--
|
||||
2.26.3
|
||||
|
83
SOURCES/bind-9.14-config-pkcs11.patch
Normal file
83
SOURCES/bind-9.14-config-pkcs11.patch
Normal file
@ -0,0 +1,83 @@
|
||||
From e6ab9c67f0a14adc23c1067e03a106da1b1651b7 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Fri, 18 Oct 2019 21:30:52 +0200
|
||||
Subject: [PATCH] Move USE_PKCS11 and USE_OPENSSL out of config.h
|
||||
|
||||
Building two variants with the same common code requires to unset
|
||||
USE_PKCS11 on part of build. That is not possible with config.h value.
|
||||
Move it as normal define to CDEFINES.
|
||||
---
|
||||
bin/confgen/Makefile.in | 2 +-
|
||||
configure.ac | 8 ++++++--
|
||||
lib/dns/dst_internal.h | 12 +++++++++---
|
||||
3 files changed, 16 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
|
||||
index 1b7512d..c126bf3 100644
|
||||
--- a/bin/confgen/Makefile.in
|
||||
+++ b/bin/confgen/Makefile.in
|
||||
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
|
||||
CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
|
||||
${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
|
||||
|
||||
-CDEFINES =
|
||||
+CDEFINES = @USE_PKCS11@
|
||||
CWARNINGS =
|
||||
|
||||
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index f5483fe..08a7d8a 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -935,10 +935,14 @@ AC_SUBST([PKCS11_TEST])
|
||||
AC_SUBST([PKCS11_TOOLS])
|
||||
AC_SUBST([PKCS11_MANS])
|
||||
|
||||
+USE_PKCS11='-DUSE_PKCS11=0'
|
||||
+USE_OPENSSL='-DUSE_OPENSSL=0'
|
||||
AC_SUBST([CRYPTO])
|
||||
AS_CASE([$CRYPTO],
|
||||
- [pkcs11],[AC_DEFINE([USE_PKCS11], [1], [define if PKCS11 is used for Public-Key Cryptography])],
|
||||
- [AC_DEFINE([USE_OPENSSL], [1], [define if OpenSSL is used for Public-Key Cryptography])])
|
||||
+ [pkcs11],[USE_PKCS11='-DUSE_PKCS11=1'],
|
||||
+ [USE_OPENSSL='-DUSE_OPENSSL=1'])
|
||||
+AC_SUBST(USE_PKCS11)
|
||||
+AC_SUBST(USE_OPENSSL)
|
||||
|
||||
# preparation for automake
|
||||
# AM_CONDITIONAL([PKCS11_TOOLS], [test "$with_native_pkcs11" = "yes"])
|
||||
diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h
|
||||
index 2c3b4a3..55e9dc4 100644
|
||||
--- a/lib/dns/dst_internal.h
|
||||
+++ b/lib/dns/dst_internal.h
|
||||
@@ -38,6 +38,13 @@
|
||||
#include <isc/stdtime.h>
|
||||
#include <isc/types.h>
|
||||
|
||||
+#ifndef USE_PKCS11
|
||||
+#define USE_PKCS11 0
|
||||
+#endif
|
||||
+#ifndef USE_OPENSSL
|
||||
+#define USE_OPENSSL (! USE_PKCS11)
|
||||
+#endif
|
||||
+
|
||||
#if USE_PKCS11
|
||||
#include <pk11/pk11.h>
|
||||
#include <pk11/site.h>
|
||||
@@ -116,11 +123,10 @@ struct dst_key {
|
||||
void *generic;
|
||||
dns_gss_ctx_id_t gssctx;
|
||||
DH *dh;
|
||||
-#if USE_OPENSSL
|
||||
- EVP_PKEY *pkey;
|
||||
-#endif /* if USE_OPENSSL */
|
||||
#if USE_PKCS11
|
||||
pk11_object_t *pkey;
|
||||
+#else
|
||||
+ EVP_PKEY *pkey;
|
||||
#endif /* if USE_PKCS11 */
|
||||
dst_hmac_key_t *hmac_key;
|
||||
} keydata; /*%< pointer to key in crypto pkg fmt */
|
||||
--
|
||||
2.26.2
|
||||
|
60
SOURCES/bind-9.16-redhat_doc.patch
Normal file
60
SOURCES/bind-9.16-redhat_doc.patch
Normal file
@ -0,0 +1,60 @@
|
||||
From 3a161af91bffcd457586ab466e32ac8484028763 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Wed, 17 Jun 2020 23:17:13 +0200
|
||||
Subject: [PATCH] Update man named with Red Hat specifics
|
||||
|
||||
This is almost unmodified text and requires revalidation. Some of those
|
||||
statements are no longer correct.
|
||||
---
|
||||
bin/named/named.rst | 35 +++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 35 insertions(+)
|
||||
|
||||
diff --git a/bin/named/named.rst b/bin/named/named.rst
|
||||
index 6fd8f87..3cd6350 100644
|
||||
--- a/bin/named/named.rst
|
||||
+++ b/bin/named/named.rst
|
||||
@@ -228,6 +228,41 @@ Files
|
||||
``/var/run/named/named.pid``
|
||||
The default process-id file.
|
||||
|
||||
+Notes
|
||||
+~~~~~
|
||||
+
|
||||
+**Red Hat SELinux BIND Security Profile:**
|
||||
+
|
||||
+By default, Red Hat ships BIND with the most secure SELinux policy
|
||||
+that will not prevent normal BIND operation and will prevent exploitation
|
||||
+of all known BIND security vulnerabilities. See the selinux(8) man page
|
||||
+for information about SElinux.
|
||||
+
|
||||
+It is not necessary to run named in a chroot environment if the Red Hat
|
||||
+SELinux policy for named is enabled. When enabled, this policy is far
|
||||
+more secure than a chroot environment. Users are recommended to enable
|
||||
+SELinux and remove the bind-chroot package.
|
||||
+
|
||||
+*With this extra security comes some restrictions:*
|
||||
+
|
||||
+By default, the SELinux policy does not allow named to write outside directory
|
||||
+/var/named. That directory used to be read-only for named, but write access is
|
||||
+enabled by default now.
|
||||
+
|
||||
+The "named" group must be granted read privelege to
|
||||
+these files in order for named to be enabled to read them.
|
||||
+Any file updated by named must be writeable by named user or named group.
|
||||
+
|
||||
+Any file created in the zone database file directory is automatically assigned
|
||||
+the SELinux file context *named_zone_t* .
|
||||
+
|
||||
+The Red Hat BIND distribution and SELinux policy creates three directories where
|
||||
+named were allowed to create and modify files: */var/named/slaves*, */var/named/dynamic*
|
||||
+*/var/named/data*. The service is able to write and file under */var/named* with appropriate
|
||||
+permissions. They are used for better organisation of zones and backward compatibility.
|
||||
+Files in these directories are automatically assigned the '*named_cache_t*'
|
||||
+file context, which SELinux always allows named to write.
|
||||
+
|
||||
See Also
|
||||
~~~~~~~~
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
17
SOURCES/bind-9.16.23.tar.xz.asc
Normal file
17
SOURCES/bind-9.16.23.tar.xz.asc
Normal file
@ -0,0 +1,17 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Comment: GPGTools - https://gpgtools.org
|
||||
|
||||
iQIzBAABAgAdFiEEqtu6UHTxQC97adVrxbTukxqfnf0FAmGKhMcACgkQxbTukxqf
|
||||
nf1EbQ//YXsBbMtyI3c0MoleSi5zwzcpCTZTWTFHqH5WUiruLMDF453j/Fn2zaSC
|
||||
WuaUnhN61dR+BVtX+D2Y8GiVQFICo5X1nJj0jb/TcflXFq7YLWUAO0NPwPkBL1J4
|
||||
/PA0YCp1zYcvBXIxTKaU7AcBxlKmcGLdZcgCyGU6NSKaOJSxHOWXM460uD/crskB
|
||||
iSPEbMevN9TTJs9webztJNKH/3BuNkOD9SFb6JlUIQqwKx1v8rosgdI7BvgGMZqy
|
||||
s+10+GlIRFFvsX2XkX8BnjDlQ1QdzDOAoyCU+Se9rXDqu+zZf1VN4ReUCSDuPYf9
|
||||
z+GW1EbMxuZzEKrEIJvhnVNNiHqtKVaK6IIUX5bHqgPLEx87HxJMOPmbyBc1kDAe
|
||||
0WCmsITaq62WvKOG8Ho8wLrlG4AAO5+A7xit4bJ4XUtLiqyt+9FUIeEFY9nZb/6O
|
||||
OXK9eBMZHZ++r52RtA+GYZllkNRpzwnULOdR/9svVQuc10/MjnRoFqInzLlqwfwm
|
||||
2q6r372oWn8+MUvjQVBgzprn5BvY+HDo2gNEYEi5QyR3ql2dX/Qz7iUdUfhRvMNL
|
||||
FdPt3B3kktfOV98p/imrIwLwVVWwKBlphntkRxLtSZBs3nbo27F/ND54fixC2eCa
|
||||
epB6FF5IquzQ/MOiz4uql3YexNDQQ+7N2IGPJVMwO2ILAyZDNOQ=
|
||||
=pVtf
|
||||
-----END PGP SIGNATURE-----
|
30
SOURCES/bind-9.5-PIE.patch
Normal file
30
SOURCES/bind-9.5-PIE.patch
Normal file
@ -0,0 +1,30 @@
|
||||
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
|
||||
index eb622d1..37053a7 100644
|
||||
--- a/bin/named/Makefile.in
|
||||
+++ b/bin/named/Makefile.in
|
||||
@@ -117,8 +117,12 @@ SRCS = builtin.c config.c control.c \
|
||||
tkeyconf.c tsigconf.c zoneconf.c \
|
||||
${DLZDRIVER_SRCS} ${DBDRIVER_SRCS}
|
||||
|
||||
+EXT_CFLAGS = -fpie
|
||||
+
|
||||
@BIND9_MAKE_RULES@
|
||||
|
||||
+LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
|
||||
+
|
||||
main.@O@: main.c
|
||||
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
|
||||
-DVERSION=\"${VERSION}\" \
|
||||
diff --git a/bin/named/unix/Makefile.in b/bin/named/unix/Makefile.in
|
||||
index fd9ca8d..f1c102c 100644
|
||||
--- a/bin/named/unix/Makefile.in
|
||||
+++ b/bin/named/unix/Makefile.in
|
||||
@@ -11,6 +11,8 @@ srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
top_srcdir = @top_srcdir@
|
||||
|
||||
+EXT_CFLAGS = -fpie
|
||||
+
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \
|
53
SOURCES/bind-9.5-dlz-64bit.patch
Normal file
53
SOURCES/bind-9.5-dlz-64bit.patch
Normal file
@ -0,0 +1,53 @@
|
||||
diff --git a/contrib/dlz/config.dlz.in b/contrib/dlz/config.dlz.in
|
||||
index 47525af..eefe3c3 100644
|
||||
--- a/contrib/dlz/config.dlz.in
|
||||
+++ b/contrib/dlz/config.dlz.in
|
||||
@@ -17,6 +17,13 @@
|
||||
#
|
||||
dlzdir='${DLZ_DRIVER_DIR}'
|
||||
|
||||
+AC_MSG_CHECKING([for target libdir])
|
||||
+AC_RUN_IFELSE([int main(void) {exit((sizeof(void *) == 8) ? 0 : 1);}],
|
||||
+ [target_lib=lib64],
|
||||
+ [target_lib=lib],
|
||||
+)
|
||||
+AC_MSG_RESULT(["$target_lib"])
|
||||
+
|
||||
#
|
||||
# Private autoconf macro to simplify configuring drivers:
|
||||
#
|
||||
@@ -292,9 +299,9 @@ case "$use_dlz_bdb" in
|
||||
then
|
||||
break
|
||||
fi
|
||||
- elif test -f "$dd/lib/lib${d}.so"
|
||||
+ elif test -f "$dd/${target_lib}/lib${d}.so"
|
||||
then
|
||||
- dlz_bdb_libs="-L${dd}/lib -l${d}"
|
||||
+ dlz_bdb_libs="-L${dd}/${target_lib} -l${d}"
|
||||
break
|
||||
fi
|
||||
done
|
||||
@@ -396,7 +403,7 @@ case "$use_dlz_ldap" in
|
||||
*)
|
||||
DLZ_ADD_DRIVER(LDAP, dlz_ldap_driver,
|
||||
[-I$use_dlz_ldap/include],
|
||||
- [-L$use_dlz_ldap/lib -lldap -llber])
|
||||
+ [-L$use_dlz_ldap/${target_lib} -lldap -llber])
|
||||
|
||||
AC_MSG_RESULT(
|
||||
[using LDAP from $use_dlz_ldap/lib and $use_dlz_ldap/include])
|
||||
@@ -432,11 +439,11 @@ then
|
||||
odbcdirs="/usr /usr/local /usr/pkg"
|
||||
for d in $odbcdirs
|
||||
do
|
||||
- if test -f $d/include/sql.h -a -f $d/lib/libodbc.a
|
||||
+ if test -f $d/include/sql.h -a -f $d/${target_lib}/libodbc.a
|
||||
then
|
||||
use_dlz_odbc=$d
|
||||
dlz_odbc_include="-I$use_dlz_odbc/include"
|
||||
- dlz_odbc_libs="-L$use_dlz_odbc/lib -lodbc"
|
||||
+ dlz_odbc_libs="-L$use_dlz_odbc/${target_lib} -lodbc"
|
||||
break
|
||||
fi
|
||||
done
|
31
SOURCES/bind-9.9.1-P2-dlz-libdb.patch
Normal file
31
SOURCES/bind-9.9.1-P2-dlz-libdb.patch
Normal file
@ -0,0 +1,31 @@
|
||||
diff -up bind-9.10.1b1/contrib/dlz/config.dlz.in.libdb bind-9.10.1b1/contrib/dlz/config.dlz.in
|
||||
--- bind-9.10.1b1/contrib/dlz/config.dlz.in.libdb 2014-08-04 12:33:09.320735111 +0200
|
||||
+++ bind-9.10.1b1/contrib/dlz/config.dlz.in 2014-08-04 12:41:46.888241910 +0200
|
||||
@@ -263,7 +263,7 @@ case "$use_dlz_bdb" in
|
||||
# Check other locations for includes.
|
||||
# Order is important (sigh).
|
||||
|
||||
- bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db"
|
||||
+ bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /libdb /db"
|
||||
# include a blank element first
|
||||
for d in "" $bdb_incdirs
|
||||
do
|
||||
@@ -288,16 +288,9 @@ case "$use_dlz_bdb" in
|
||||
bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db"
|
||||
for d in $bdb_libnames
|
||||
do
|
||||
- if test "$dd" = "/usr"
|
||||
+ if test -f "$dd/${target_lib}/lib${d}.so"
|
||||
then
|
||||
- AC_CHECK_LIB($d, db_create, dlz_bdb_libs="-l${d}")
|
||||
- if test $dlz_bdb_libs != "yes"
|
||||
- then
|
||||
- break
|
||||
- fi
|
||||
- elif test -f "$dd/${target_lib}/lib${d}.so"
|
||||
- then
|
||||
- dlz_bdb_libs="-L${dd}/${target_lib} -l${d}"
|
||||
+ dlz_bdb_libs="-L${dd}/${target_lib}/libdb -l${d}"
|
||||
break
|
||||
fi
|
||||
done
|
1
SOURCES/bind.tmpfiles.d
Normal file
1
SOURCES/bind.tmpfiles.d
Normal file
@ -0,0 +1 @@
|
||||
d /run/named 0755 named named -
|
34
SOURCES/bind93-rh490837.patch
Normal file
34
SOURCES/bind93-rh490837.patch
Normal file
@ -0,0 +1,34 @@
|
||||
diff --git a/lib/isc/lex.c b/lib/isc/lex.c
|
||||
index cd44fe3..5b7c539 100644
|
||||
--- a/lib/isc/lex.c
|
||||
+++ b/lib/isc/lex.c
|
||||
@@ -27,6 +27,8 @@
|
||||
#include <isc/string.h>
|
||||
#include <isc/util.h>
|
||||
|
||||
+#include "../errno2result.h"
|
||||
+
|
||||
typedef struct inputsource {
|
||||
isc_result_t result;
|
||||
bool is_file;
|
||||
@@ -422,7 +424,7 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
|
||||
#endif /* if defined(HAVE_FLOCKFILE) && defined(HAVE_GETC_UNLOCKED) */
|
||||
if (c == EOF) {
|
||||
if (ferror(stream)) {
|
||||
- source->result = ISC_R_IOERROR;
|
||||
+ source->result = isc__errno2result(errno);
|
||||
result = source->result;
|
||||
goto done;
|
||||
}
|
||||
diff --git a/lib/isc/unix/errno2result.c b/lib/isc/unix/errno2result.c
|
||||
index e3e2644..5e58600 100644
|
||||
--- a/lib/isc/unix/errno2result.c
|
||||
+++ b/lib/isc/unix/errno2result.c
|
||||
@@ -37,6 +37,7 @@ isc___errno2result(int posixerrno, bool dolog, const char *file,
|
||||
case EINVAL: /* XXX sometimes this is not for files */
|
||||
case ENAMETOOLONG:
|
||||
case EBADF:
|
||||
+ case EISDIR:
|
||||
return (ISC_R_INVALIDFILE);
|
||||
case ENOENT:
|
||||
return (ISC_R_FILENOTFOUND);
|
31
SOURCES/bind97-rh645544.patch
Normal file
31
SOURCES/bind97-rh645544.patch
Normal file
@ -0,0 +1,31 @@
|
||||
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
|
||||
index 31549c6..65a14b6 100644
|
||||
--- a/lib/dns/resolver.c
|
||||
+++ b/lib/dns/resolver.c
|
||||
@@ -1762,7 +1762,7 @@ log_edns(fetchctx_t *fctx) {
|
||||
*/
|
||||
dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
|
||||
isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED,
|
||||
- DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
|
||||
+ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1),
|
||||
"success resolving '%s' (in '%s'?) after %s", fctx->info,
|
||||
domainbuf, fctx->reason);
|
||||
}
|
||||
@@ -5298,7 +5298,7 @@ log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) {
|
||||
dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
|
||||
isc_sockaddr_format(&addrinfo->sockaddr, addrbuf, sizeof(addrbuf));
|
||||
isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
|
||||
- DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
|
||||
+ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1),
|
||||
"lame server resolving '%s' (in '%s'?): %s", namebuf,
|
||||
domainbuf, addrbuf);
|
||||
}
|
||||
@@ -5316,7 +5316,7 @@ log_formerr(fetchctx_t *fctx, const char *format, ...) {
|
||||
isc_sockaddr_format(&fctx->addrinfo->sockaddr, nsbuf, sizeof(nsbuf));
|
||||
|
||||
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
|
||||
- DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
|
||||
+ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1),
|
||||
"DNS format error from %s resolving %s for %s: %s", nsbuf,
|
||||
fctx->info, fctx->clientstr, msgbuf);
|
||||
}
|
534
SOURCES/codesign2021.txt
Normal file
534
SOURCES/codesign2021.txt
Normal file
@ -0,0 +1,534 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFwq9BQBEADHjPDCwsHVtxnMNilgu187W8a9rYTMLgLfQwioSbjsF7dUJu8m
|
||||
r1w2stcsatRs7HBk/j26RNJagY2Jt0QufOQLlTePpTl6UPU8EeiJ8c15DNf45TMk
|
||||
pa/3MdIVpDnBioyD1JNqsI4z+yCYZ7p/TRVCyh5vCcwmt5pdKjKMTcu7aD2PtTtI
|
||||
yhTIetJavy1HQmgOl4/t/nKL7Lll2xtZ56JFUt7epo0h69fiUvPewkhykzoEf4UG
|
||||
ZFHSLZKqdMNPs/Jr9n7zS+iOgEXJnKDkp8SoXpAcgJ5fncROMXpxgY2U+G5rB9n0
|
||||
/hvV1zG+EP6OLIGqekiDUga84LdmR/8Cyc7DimUmaoIZXrAo0Alpt0aZ8GimdKmh
|
||||
qirIguJOSrrsZTeZLilCWu37fRIjCQ3dSMNyhHJaOhRJQpQOEDG7jHxFak7627aF
|
||||
UnVwBAOK3NlFfbomapXQm64lYNoONGrpV0ctueD3VoPipxIyzNHHgcsXDZ6C00sv
|
||||
SbuuS9jlFEDonA6S8tApKgkEJuToBuopM4xqqwHNJ4e6QoXYjERIgIBTco3r/76D
|
||||
o22ZxSK1m2m2i+p0gnWTlFn6RH+r6gfLwZRj8iR4fa0yMn3DztyTO6H8AiaslONt
|
||||
LV2kvkhBar1/6dzlBvMdiRBejrVnw+Jg2bOmYTncFN00szPOXbEalps8wwARAQAB
|
||||
tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5
|
||||
LCAyMDE5LTIwMjApIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBK4/rHln
|
||||
EexZ/AB6pHS7a5pMuz04BQJcKvQUAhsDBQkD7JcABQsJCAcCBhUKCQgLAgQWAgMB
|
||||
Ah4BAheAAAoJEHS7a5pMuz0476oP/1+UaSHfe4WVHV43QaQ/z1rw7vg2aHEwyWJA
|
||||
1D1tBr9+LvfohswwWBLIjcKRaoXZ4pLBFjuiYHBTsdaAQFeQQvQTXMmBx21ZyUZj
|
||||
tjim8f9T1JhmIrMx6tF14NbqFpjw82Mv0rc8y74pdRvkdnFigqLKUoN2tFQlKeG+
|
||||
5T24zNwrGrlR3S7gnM47nD1JqKwt4GnczLnMBW/0gbLscMUpAeNo/gY4g0GV/zkn
|
||||
Rt91bLpcEyDAv+ZhQZbkJ49dnNzl5cTK5+uQWnlAZAdPecdLkvBNRNgj/FKL41RF
|
||||
JGN6eqq3+jlPbyj9okeJoGQ64Ibv1ZHVTQIx5vT1+PuVX/Nm0GqSUZdLqR33daKI
|
||||
hjpgUdUK/D0AnN5ulVuE1NnZWjVDTXVEeU8DFvi4lxZVHnZixejxFIZ7vRMvyaHa
|
||||
xLwbevwEUuPLzWn3XhC5yQeqCe6zmzzaPhPlg6NTnM5wgzcKORqCXgxzmtnX+Pbd
|
||||
gXTwNKAJId/141vj1OtZQKJexG9QLufMjBg5rg/qdKooozremeM+FovIocbdFnmX
|
||||
pzP8it8r8FKi7FpXRE3fwxwba4Y9AS2/owtuixlJ2+7M2OXwZEtxyXTXw2v5GFOP
|
||||
vN64G/b71l9c3yKVlQ3BXD0jErv9XcieeFDR9PK0XGlsxykPcIXZYVy2KSWptkSf
|
||||
6f2op3tMuQINBFwq9BQBEAC59lflbMmvSVkCHFoakdjokwGviNU4I/hOsNmHALYr
|
||||
gJc0z88ss2KxbOq6JZoW9QOEHz2QLGsSGKnBUViEGvXoINDGuvzKFqHdEjGsExiF
|
||||
FPGAgCQA2CSEZZ8MlITNdq4DuSti1LetjCF9d7hw2xOQs9ucxSXIslyqPbCdlxki
|
||||
33tov40VE/J8jDUp9Rv27e0H2x4Nhu9MRQt4vTtpOcelYzl/dtPAmsnY4U/Nex4I
|
||||
LM+JU2HcG/5i0nWkxOtz9Qc7kOgm4cuwXTCJw9KukPS3CykV1H/StPp43JyxoK1X
|
||||
gZDMFww+9jupqLletmYKqCW6jVbqXr4Xlisq9Ey3LIWRQ0Zw/LB2NKU/jgnJGtLa
|
||||
7O8VRWJKwkCtyYUbZMksKiGex7zCqPDR0hRVuYNsTjONobnrOS+7ST7ThbCndc+A
|
||||
5mtuXpxuFffIuG78a3R3N30RF6g18peTfaEHMpqz+914HkNl6Ns445Zh+2rJkLUu
|
||||
8O++tgWEUrpUajN9nosWaXWHOf7E9qGnm1G/3f9P3Nd5U+b3OKUYyqb+CNGCHyiN
|
||||
bE1Cg3MnKpM9Yi9aZu4Qg/dPdxMWrqUmkmyDf6x/Oh8ZZkIacFlAaqbysQ6hRaJo
|
||||
p7UG9AJfXHynj/Hz+1dNpUOlAIairFe3T2mWQO4Yy6IMgLEGVodZRHaMugdzZwus
|
||||
HwARAQABiQI8BBgBCAAmFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlwq9BQCGwwF
|
||||
CQPslwAACgkQdLtrmky7PTikHw/8CZ+DnggV4AuI86spuMLdtUBDOux/T0gvyxSW
|
||||
f8sJkjH0eAYAmP9/flJDfmwra5yNaINfqoLFWtaYLpxpBcWBc4VIoiWqVp2aaCPi
|
||||
wh0sznCPiduiYcKGkHmupX8aCQXBYFDeQ8Jq1e9zwGD7Mon7BeBO48Vd5/IT1H5I
|
||||
u5qzaCtD2ECO9MYdhuqJjFKU0MVzVocsBDdtLvrfnUwe4wc6kvOgHQ6RkMJU1bgY
|
||||
0Sqstsg12vnREAr4uihnZQEihsRmNdiiv0DYVaRK92PLPpfVAox1Axq2HpH3WT87
|
||||
RpsFruXLj/zTl4AZczfDVd/Z4yWmJSzr0F5igkGSUrxo0ye2kNES6cmOGI9TgmgP
|
||||
NLGXlC/su5fKXKjRgkD1ibJ0qFNNxF3Cwpz/+cav9ySDgFGX5Vu0kFi93fEYHshD
|
||||
6lP9M5qS/2oKiykCGvcRCNU/9emdYlF37H52rxRerBaZN6dYMTjZw2vsEMUl06pL
|
||||
llbLiwjPix2OlLFcwH3yKJG0pKkpEImBdJwHtJh5uHzfkSAbZjJAZ2Ekw7sLqiT0
|
||||
85hAGovywGpHMiYkqhNUO84fjZYCsrAlZMdriY92IMcQhmWQ416t5zcle2Xgx+/x
|
||||
zBnktvx9KIH/HwBa+qym5z/uFC2S6zhNyC61LV/CEDCmcUi2lUXr7vcIxCsmxuUF
|
||||
1ONbRP65Ag0EXFtUfAEQAN5tk4luE92Ed4E92VlgTetGMHyxwOlZ2OsK6l+Z5ML0
|
||||
wzomAITgMQwG0FeT6HX7vB+luVhg0XAZUW/K0bme8ZEO0dbHB3Vn07wXHhmq7QXH
|
||||
/ACftkvevIT610dHskrtIvE5rZfj1P/wtjRTxDrkjhlGj9vhUxxcCkKadzDdBJGo
|
||||
dP+Zh02d/4cc++LePNqZ3eJWm0JLghqKxzTv0MV1r6G1ZeykFzXeWY+La8ZCRaON
|
||||
LcHjI7wlpyTJA9WGmyAphtEHM4fQqKLxtebIDo7m4glgR12nlV6B53gUT96PcKuA
|
||||
Y/UPRiTV6nHyUtuL1EGTAVLsMDmtDbdSdtLLVbJXVmA+tapABa4amMxNVNY3QSUj
|
||||
cAbECcTyVmVJfIT5fJW4eOMhWtrIGMspWoO5It0pl4K8jhCzIcfoXQ0olCSeC9fE
|
||||
tljE7qzRzYQUUvN1VZPVX0Yw/xSwOutv4mxmNRWY9HW1M/jGoRAboqN8WhCbldak
|
||||
a0XCH3U4rWXB/8HHb8KP4+q4ssVyPuEQ/v1UNNRk9AB25NPEh5PMdcf7HU8IcUHX
|
||||
THEfd7zZVJ0l4FSsnGeuJfMrnRIpNOYX65ikeoTwmDU3ZjWfmSy7F5hTLw8WOEB4
|
||||
EKpnplyV1QN/j3317/M9PxvB8IOvyNF2okeurtHFMmI/lGwy51akp6iHMkbBDm5n
|
||||
ABEBAAGJBHIEGAEIACYWIQSuP6x5ZxHsWfwAeqR0u2uaTLs9OAUCXFtUfAIbAgUJ
|
||||
A70hAAJACRB0u2uaTLs9OMF0IAQZAQgAHRYhBJXO2iVrHKChXzAvtZUhp+1drOkY
|
||||
BQJcW1R8AAoJEJUhp+1drOkY94wQAKb2fED9Up/xHEOjZm5ODK5LCVHy0KMATiTf
|
||||
5SiJhRtqaRbimPH1WB3XMLls3FJZnm+UngIfwCsoWo0rksFUNmqFi6t4Cj/UB/Zv
|
||||
29EnDT9BAeG5fP+Op5PDCsu4qnLv3oam35oV9yZLRkLhBd/EkRGEA/q27WnpiYCx
|
||||
Jv5uPOJBWQqu32aE6st23PpY/QWDWOhGPfcWCecu1rIe+2BCs0UjfO0KOT8HYWNh
|
||||
nGpsEZ+TmDKjRxMTYWKguEb9evEihl6kUwmQZgROdhBes63Yq4ku9rBXvRhCYbwS
|
||||
odhjx2soDRcNmzxNV1Ply8a+2bwRHPnOeyyxEHFAwjkyXo7ZqGtenwSriG0LOW87
|
||||
y3Yw63O+oAlGLIB3psBSj4wZVGme9485HVICAFcJ3jXqsXSIJdzW61nGerB2r2Qk
|
||||
Bn7yYIvHg3iOToB0alfNw2QuDtCZTNefvlHFnoashRhkk0yWzBerleFJbijx4+Vr
|
||||
FaOH35BO1T3rgBmGkDW6gewoZMHEcmzTDoxxmbXiRvY+5o7b+ul/yzwhnJz3f5jk
|
||||
7+Adnr9qAGMD2o3rCRBHV3lSEkLhBL+bfmsEYEor1fd+pDFoEKKjpDP6bgDcZyGv
|
||||
O0mmr7Y/6ZrnKWxOrmNXieOTLbpY22tXv43QLgyiPcjhCfphT95IxqdNfMfOiI9k
|
||||
IQf8g7GBciIP/1mbdnMj6Hg0J9IbI/XX/DWATOVMdDhq38VcggOHRjZk2lY99+4V
|
||||
Au1wRHa/Io/CENikYzI00deSzhrN+tdUK/TCZI0Ft5Lykmti2ilmkIQGsBuD9gu/
|
||||
2bmWkNJEdpHeC/+oxntDFj43CpyKpPAarrw+4XiYNK+1+4WZsQRL0jJuKJ754v/o
|
||||
NTaSd8GOCyFR7q8SVH4tig9DjkZjYjFFMnWkxdpnDX56/AfdS+x5EaRHKCJoGChT
|
||||
+pHimvKe+MxBxpwJr4JpGddklin+6xUF5jTG6322hz385wsagGvmH2XliOu47a+7
|
||||
xUei7w3S1qtVCfdhtBEWL5i021yVYlrw+rUCwpFMIXAPA/p44O/qY06sQXJ01Fym
|
||||
JCbOnjtVYX9gdF8fMKoDXAcvEtSulBNpXDongWp50BDfVoA7h9oDsxL5kw0GpkJn
|
||||
uVMYLpO+iOqoEA3bJfsCedilkcz6UamLb+6RXMupKQaZ006Bu75Rm+h6PdicdiKD
|
||||
jJY/7PbGuUmXxuSFT92v0hATlpEIQ8H8laEcnb8apiX2qOyGUHnb7pfYoNqvCm06
|
||||
3NP2igCtiGkzAohiHfhztfy2UApiTtXmPu3EhEUMooB+0Lt0zzY+e1cnFKRbJHvQ
|
||||
ZidiOJfKuqp6upPvEgKYMRCAU4+nLT3MVbralo726JnDqrDJvCqAamhfuQINBFxb
|
||||
VNsBEADcRGjaY+/ZVWBlQWvgy08ObhQbTRglb8thrcPeTR7211JJwAJemuTWwCjF
|
||||
SVDH8JJ0Ss8rBcbitrGI3i3mcgJRQ1hILR2HT0bbmMLufCxZzQBjJm76H8XN++k6
|
||||
bd8HCYGXMguUaHRRHAcV+P18e3qGizgL7c8Vln9fbhowkX9yi/WhiL2uoXC3+XSa
|
||||
C08TzwjKPb9Wnct6uCBAzMp8S7KW6P18vZyBTRBrugA9eZrGEe25rhy9szlJcajc
|
||||
VeMiDMf058z7ait5t43AfUzd5zrD6c+ZGYIku88oY55LsZVcvn9o7I+UNbNJdiek
|
||||
IpLae3Dgrie3QgDyfzPV1vXT2X8LaegOsNIkSo6jzjdKE0ZNg4xVSuPdr5jujYBN
|
||||
z2k1lqV/Q/Ccpqzs0NsgnXnY8RDDrrmJhdy/ZrCMsXpbTK5KryR+JoDEiuyJ7YO2
|
||||
jTOCo6zQ631jvi7XUeHAFIdQ7eYRklJwABwj/IMXY++O8JBLO7iZ1dvvu3pfY7pg
|
||||
dQvPgDttVAIxrNxMMj39LRbb6LE+eclWcTfGCMr3O6LOOLwkMnDWEkJAz7JMtWqr
|
||||
2l+9xF9Dq7CkxHPP87dLTMNGIDr38bJ83CSmDPlBoaljTYgrlatBTV2hGMjPgEcB
|
||||
jOgg6QyRGpO2N0SVBnD8PfBI7a7CwQw3BHOJtH8vPUkXZoafoQARAQABiQRyBBgB
|
||||
CAAmFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVNsCGwIFCQO9IQACQAkQdLtr
|
||||
mky7PTjBdCAEGQEIAB0WIQTXDITmS1WOW8zsByEy4hdfHXV6KgUCXFtU2wAKCRAy
|
||||
4hdfHXV6KoJ9D/9IUN+s4gSiyWnqfq+UK5q86DTbC+OyQpAY/U/VDi/jQXDUaXzu
|
||||
f25cCgyl4Xgf6nNTE6IEdgJCL4R6bChxJOHNpZ8/N3ckb/Q5xHKZ/5k5wFv7nxUk
|
||||
vunzxB0wUgCLkn4oy4B8QbTMuRz1qcSdehUyZAlfkr7o/J5UO8FtgaMuNACxZNlO
|
||||
JW5AjTDdbEW0MZapAgjx7+oTQMDtz9q4afuPaGJ3fTz4Vx1+mYt59b1h6xaMTXJi
|
||||
8egJF0U4n/tJ+3gxAIhF7tQRPdNEwG+2Kw/YNyrLMY+nbazhlgUIIkk2IH3Ztd0S
|
||||
XnNd7gV/slN80T9CtHtaDlH2FkeAd1unynxsDd/TLb1gLHem5iDsFuZBaIyHetdY
|
||||
TlvT3SlKnDQr0FBTe86Kuv7n/ZNoU4lceXhUXTcataxKdxKEJt2x1Ei/hMHSVjaY
|
||||
3ir57tuOUDMkl6hpL3sYiq7cMGUAnLH9nBZbbcNdfChDiM24mGmXaNoITutVAHS4
|
||||
uNunSL1l13hJ1hnGY79j4l+CgnPx7LHzBmLh4PPWKM3RYqwgaPEkflVQr1JOOKMM
|
||||
x4bpllEtzpvVAIaF73tlsOQRRN1Aah67gvkWKqiZrXc0Sx/yh8EO/6bImb87rtVr
|
||||
0kjeDGEiuGYXsszNBCmVjHal5kLUKaESefzd223zeaFe9foO2HrnsFb9B34ZD/9J
|
||||
W5M+42QFd+tOLh1ue/5xToiyggGh1MX9axDqHiRu2w+E7kNuuws2426aupUQ3yPD
|
||||
4dSwR428U14ytM90bZXztKFDgFAaQJ/4YVEGPSbLHFc4VlhDHpGljl8J7vI5xPOm
|
||||
Ruc9aabtXwd065nQ2csk1DliiA4jpS9dUq/flH2oGj4b2OSGFvR5oC7oERHMpUA0
|
||||
p+wY3vnjkSVnWqV98yEBCFcZvpOy8J5KDZxYZvZydUvZ3ny5W6QPg8OKriqrCAKW
|
||||
QXds47vRIiAasK14duLgex6il7HmboaqqOhRhevtBAHBJpB1z6Aq0SMwcKwdtTId
|
||||
GTSoQd0R77ZGYvR3StpAwl8rJhCNwJHu2euA3hYPWHg0pF0L8pFbfUwOYf1dU+uQ
|
||||
4xAJQKcCteQ7B0pawp+Hxp/0erB5c5PUUck38ze1ZoGm/oqh24XZ/amPVWE9nYSo
|
||||
VTJwnbqWsfI6mzKdBHr5MP5zW5ei0PAo3lFb5gvVzJ2TqaGJvrh907I9R5Nwd6GM
|
||||
wAWAzZ/nCLflSNyPyJ3ftxY6pGyCBJsycY7gBQD9i1xU0bxONltqSyifwQ0rt7yr
|
||||
iwSI0VRnv8K3M2iTAdDm44bX6oHzljgiYachlV6IGmO3vdVVrCDhm+b+ia1bnQ/1
|
||||
H7itWEwllkUCCtaDwEcf8o3OdbS9S5KEbwH7YUD967kCDQRcW1UMARAAvl+0jUaB
|
||||
UkQWBflWy4Wd8Gcf3lzOqbARdpM/iztebc7RbLnv0TNFQPV4TD9RoP+rY4dJzC8w
|
||||
/rlxlhD3DiGcI3of3o/3pN6jss4wKyy9Jcg7uCo/fcspOoPOwigAUfBYTd2rWNvI
|
||||
/pPUl7zmavQR2+TyQ4IHWG52zAABGej/tf3Ma6WGHC4QeTkh7LtHn3JFRCoFy101
|
||||
x60bJqIWONfR6+5UAOL/P+zTteEMsO3v7dWCWHX/tcYLrhCEH1CNnyPS7v7TF+Ys
|
||||
uOGL7sSmQOUAcgldfUfTACw84YqViu5BSYiww18Eg1l66UcQFnhwB3fTGwzb3oPM
|
||||
npAv2wAZ9gyFGzRgcH8QnXRm/SLDWlTaMIJS//0p/gXifCAdBZA/skBt+E4hQ5Sr
|
||||
9iXGNMueR3bn7u8Pcoc1DpSJENE5H0nB62l3/OiSl/k7mJMGlUv6wKr42xNnIM6M
|
||||
hO97axjRXy/XQz5n6ktyn9xRngkQNL9Ynj+i8E0k/xv5jA39EGAKOXxQFf8357sA
|
||||
DnZ5g/Yf0Yr1c+TNIIRXER/k/KMavB52mguTNqCsewO5aje4Gq4vKd5P+jOKGopA
|
||||
C4idTLkHutZTiakod7lW2jmjpm6P7oyAeAhDNEroNrbOIw0SaujHBmJtxgK1Q929
|
||||
y/EaH5vJyWfMFyUqM7CQBqUU/HRLERsebM8AEQEAAYkEcgQYAQgAJhYhBK4/rHln
|
||||
EexZ/AB6pHS7a5pMuz04BQJcW1UMAhsCBQkDvSEAAkAJEHS7a5pMuz04wXQgBBkB
|
||||
CAAdFiEErtYi/gIHfrS1wUbBQqJ50kjNwxAFAlxbVQwACgkQQqJ50kjNwxAf5xAA
|
||||
hBhcOeqLgeXbUu0CCTKlnG6D7H8sQJWXCSsh9pAXffv58b4f0ntJ1TztKfVd79hS
|
||||
BCcXRc/9+MhUUzR79NvFWWZMWqJ6MucjAkkOBRoc7c85PawYTI7e1zSapLPJEHG0
|
||||
xDzK8ClxwGEvlA4O/eGGVFaCTkxdTQg95fDXfghab6j89GI8Ghc9rC9V8RUgGVQV
|
||||
qJJkBJ/gECJJp3holB4/w/I/sU+9AHXGKJvSJJ62fpmY143Y5JQk+I8DxoT0kIq4
|
||||
W2iZVAQMzQGpAOXkDuHk7a7J/QuL78CuoG98GOsfTd7nNsgPTZ07cPYGOxXeNR5U
|
||||
9DlYOBWDwsf6d+D+tHLB8KzH3MWnWa3crjE3a/sgrDEad0CmAJzHXuCyPMy8vPQn
|
||||
uxIai/gw2POq8YQMoKW5S80perLuN73FxAumjK9a2hYVdZNtABwrlW/6ELruv1se
|
||||
mMjUq6oDyFio0rGy/uzCItl13hIr1Ii7B/SPz9dNnCagV8aiUmKXRk3HKoEXf34I
|
||||
xWlod0szWopnP31NXNKHihs46ORSMrjnzFKjRcJsnipdins+DHJYroYhtOjNtsb/
|
||||
WV3D4tSerG3xKF/v3ssn2VsjcgK5HY/k9iUol/dvoP0bJ+rKs/fzt8oAqEexiRnV
|
||||
cPnj/zAiBOt1940+0vTWaNYOPDkq872S48GNybOC342u2xAAnAp5myKostxjyQn3
|
||||
E/7/G1OWHaJW5kx/HCqHCWjgwwLOmhssNn8kpTf3ybvt5uhMolIF95RjFB3gBOfU
|
||||
vw0sqMvEoBoGSMSTSc3zD05RBsWWFD9qwvPMXtn0gYaH39ISAFnxXrtrQ7dDD1d2
|
||||
LcBErdttnxEhUnT4/0YIat+r2PhmYYDYviKsuOy8MC/sJIxvhYEpbyPQnPksUzA4
|
||||
wmAbVNPlzqU2oWPrLT2tlxUue3z6VS/YHDcsLSgjVOMWSusLMh1+D76Y+Lcr9kVz
|
||||
nRu+dYXh4I6OBnlT1VuzEVmrf69NFwh8j3PaVn0I0NEDU7mMa+5W0QYuJIsXZonq
|
||||
SI2uIu64ZOVd+D8WmCEZO/Kmk5PMXs+0fMcFD9mOeFaiOdz+PIlHAsrxwKXr4Q5z
|
||||
zzu/wEOaqAVa2bJywTbl8MntQUY/XeD94MvdlSAwO3Ll1BpQ5NfXjm3YpP6Uyqlj
|
||||
pkrYQL56iqucgYn61jLSXhFHGLXSZs2G48ggN2mHtf6ZQeAJ4D2DIXRj4uqIHoJf
|
||||
7MWDui8u+cJsw/F0ZerPsCN/CpkEoj4FW4F4O3JbiieYSUK7lxc0qyDdbQiVCVl/
|
||||
08wNToe3RctSzsQ99tCwfVWqLVcTVb+0aeSaNykb+qW30bHW7AUYs/qKiapQFzZz
|
||||
QZnpHXGmVe93fDfILx3yUCA8Yia5Ag0EXFtVOgEQAOS7GFDH2DGXPMJzSdS7a/zZ
|
||||
ewP4bM42n2Ku3XiCyXG173p4ppNdOLS3l7JrRflMhjfBtETCOV8B4z0B9wCZZywz
|
||||
iLOt8+0A0zpY7EHZNvMRjZyq/s0FCKLtnlqo/KNwiJPRvQazZ6+UOSffEQEGpNKs
|
||||
1ycZIDb1tk8iRpRvtCin8CeLRLf+2BxHbWBewnCSCl80rC89PTcvPf+jmtcDJqDQ
|
||||
z/blp2CT1JUo1xdzyHYdIa/kQ2PBQo02ejBVs0vDjbzuYVQzZV3q6cYnYwGPtpTB
|
||||
Ot8GXuA1X3qYx0MlZwGEYpiTFS+Ju4cJrYofuBOudXpfux2uAPkJskw+ro5k1I/q
|
||||
fptRWDbZ4fGgROmUXBPg29XdyVExYgAbVeBdHWX30sCHs8+c8wzWkdAY/BgdCySg
|
||||
EVLiDmSfMekH2H1N9ncwzhwNlHk2BaYTR9hWdZ7lrH7BbT8g6SVSge/eqgvjKI33
|
||||
AUmragvNQ1B3362yqLK/FJOHyJiYd6DKfkq4E+ysw+C+qIo51qVNkqRqT0M7HhwZ
|
||||
AvaoeykrGIE5vq6jHa9+MxDlsN5Sf7gNgx2dk0d7LAJR6AmYNqRS2V+837XfogMc
|
||||
bB90ZyK2rOzDN3f48jaqXA8TX2CSun01RoPdCPZm0M/uxTZxOFzoatrkpEVbx/3x
|
||||
sjvuPVa7qkKdgUuo/PhBABEBAAGJBHIEGAEIACYWIQSuP6x5ZxHsWfwAeqR0u2ua
|
||||
TLs9OAUCXFtVOgIbAgUJA70hAAJACRB0u2uaTLs9OMF0IAQZAQgAHRYhBHkdfriO
|
||||
vI0BOENKrDPfNZrnpgp5BQJcW1U6AAoJEDPfNZrnpgp5JY4QAMry7TcsRIZJCVlC
|
||||
qecIAjyJizWz5dEwScba0BDU4rv/h42CvXJlySZpbgUEyB4SBggEnu/dKVbsd/t0
|
||||
TXRNg80Zs/pTFVbwcg+sDgIg1wZldZbClLfvgk0xLoDl5vq+K4SAQwSLTSPHQyYu
|
||||
8IxkrKmbBdBSXlgnmcHK2lDXrzWYJDEYEyFPV4pC3cHicCygSc/4eepUz+crEF6Z
|
||||
IE1df4LRv9h5CgsLewMv5nQ1EjxTo9mX1GiSh3e7KcfS98FgIQl3oy+yO2cmVVVq
|
||||
x5ggDcRI2sUbXa3D3kjAo2tUIA1nUMFLIrii+aZawOsf64VMdIs2OXEi5XFR+Zdw
|
||||
t+Bx6lUKZ3/tntStZitJdK8/RUbhmYQ8Tu01vxt/IAN+07VxWyZwcFB5KuC+lKtO
|
||||
/0vwyhyiOlHm8lzV/5qwFPusB4bNk/2uLPUaavJdrBpmB0t9pol/NFCRzW5MKFvu
|
||||
Qw35QyFVR0IBeaGjRc5J9yxbzi78umN1iHZbDjXFA7oRa9tkM2AP8V2anxSHUyon
|
||||
UN6OuLqSM2frA8iZcl0S7qcepYNF1ix9PhdQHXy0H7hoikXMLIiCl/unW5pVTs6q
|
||||
KnmxmRz9ZcqvvuVXbeY9C+kZE0LOBTZMljuS1Hcs69RU3rA18swfN5CTXw12ZwQZ
|
||||
SsnRhi2X28Tn8SD0vrEsEf08q3XshDwP/0MvBBfymXd+5MzxlvMg8vGJeFuDMEFN
|
||||
cpETa7Xzzz5Eir3ETtxpUWPCriqmCpnlIWidNwbg+LlyTeYUDPIDnMtEX5ySmYGn
|
||||
BI8ykvAKm/XTfr0PWOEAXcmxTC3oMhvYEhIyGHZOFJQxIo7vmrwZKi2wqMnKMPq+
|
||||
XXHgvtZe5tNbESI27APeQCMVZLVnVVa0D1JRFYBuwNoJXhWbAIKlIjBGv05NvK71
|
||||
e4x0zEY2mXxLBbsxVBvHhpg29HseX/AhHvUAcBehJ+sqnenXZqdeNhgBIeZubXq6
|
||||
A/gfscswF/Ocp63Z/vqAjEmvUKwAxNKrKlwLVShVvobPx2N4hH4ZT7p58cjhMhQz
|
||||
Lm4whTHy1hvBIR6j/Lo2eOkkVhiMlrrvWJIAEic3Gzj5f7XOsVr7CXjkSdoXHOIR
|
||||
63ZDO/9Wy6ygu8vCdiIFlyRyUBLnGhUYVbRYnTU58tQMfEYy30ZKF4vxz4Ysxoy1
|
||||
oJa6emaa33Nn1Z2kE64AaW4wbUJ57nROuFdoYTwJ02vyc51J4s0C94EA+a5VrQkN
|
||||
J7bT8P9G5gksp4b1WyoFm+O4aU5Sx+XpSO2IZFuBL05anF57Pm6Bz3LJX6sEYima
|
||||
chv72q7PYeYbETrl4DZxE2xlEiMUvN4DH/RExpPWeUsVMFtS5n60n5+AW1EYyGJ9
|
||||
mfWlvZ0xCjQ3uQINBFxbVW4BEAC/gtho2rZl6/+/szkOfEumAdFwyQbtM5CnJyuU
|
||||
rnrneWWlnNPLeaHml5a9yrcgOZ15QgnFD5YOHZ/S9L40goML8cB118etk9uE7vMv
|
||||
EtwxbkqZXTlqdxpFI/SzT4jJCa9XFQ2uA+KdmKmGW9EagtdLql2B9ziMhH0Ha6Y9
|
||||
5x+9+7/oRYU+ddmAbwrJjdn6bCuYQ7QVpccFC67qdpy2I97v03hst7yGT1FbrIjE
|
||||
sF4nMig6Uhwma5Edqm2dLaVXeZ+Fl0WeQCnWjprZMvkHCAxjTBlQpmvvwcQwqHot
|
||||
s832s96l/Sd5R6r+TWU0lTtXpcxL6t7MXfW+BInkqg0ZiHG1Znni6SwfatzDv6W2
|
||||
lJW2pj3Ub++JulEIkbct1f+TEeeLU0RbJmWlL/qe24fodKg1ixH0gyxsRKzdBUIf
|
||||
vgCkrzwLFgJEHRISjQzIASVtDdt8QoIqX8XALgjMBgAnZqtYrAEdFImWys0K1zOu
|
||||
MbuPcTImufz5ObnKM7rRMdCO9z+cHGs0TT2vUvPPuOsNYL1GX4EfrCp2eLKahjJQ
|
||||
BCxfatn4mFqHVmR/4a7vqq1j4Qfj3h08z7QVrNwGWAF3r8nmaHdaT0m55xctMRQa
|
||||
3N3UaYj0IQ08CSUJq5e005Z5Oinbt2O4paxnG4/UbJXpRiLEVU5Ja17IBsDfZydx
|
||||
W//ZlQARAQABiQRyBBgBCAAmFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVW4C
|
||||
GwIFCQO9IQACQAkQdLtrmky7PTjBdCAEGQEIAB0WIQQVaJBoXqDfahNx7yAXzF2x
|
||||
8AiEBwUCXFtVbgAKCRAXzF2x8AiEB3iPEACI735VFBDd4E6wlGAA12Av+XnWSruo
|
||||
Te7zGdKo2SuZ1gN1PYdNgflbifYCYajnQENp92N3q263Sq3MDf+EZYKijJ3EoU6y
|
||||
chjOJR6ge+UgKPdGQc7Lu61wWECBFaL6TMXCedcZ/Xd0xT2IbvK8qsKsITDjiDOh
|
||||
DUqdjVeyPXyfkmSrF5P3hvNxJvPbQ6k5Igx9JA+unLXxatljAeh1whnchRQAIKkx
|
||||
l19Nr1z+odFD+tzCX4HQmUfHRXgBiJICyIxWB+U7USqLtqk+7DE893meceSt0Mz0
|
||||
JgLct0E5EFfCdwbehnl5NJeay8XEdcfjUkeyb/VAVxWYUBiG72okUIaIP7xR5MW1
|
||||
P6ecdTr0GzOC1SySpfyT0+ot0rtXGSnXrBzpY6nU14hDoV3g/FMas+qz1smTtOVi
|
||||
1MVakDRf4QyP9Jqf4q4/GosRrgBvXZHi+zWkKuf+DXPcL/q6MfgHvQc6tFMh5ONQ
|
||||
snrF3Bca3BQDT2GKjSukeG3JmECHmKtQk22jhk6T9DJ3518yw29El9tUgraaZ5Fo
|
||||
Gen3TYCxA2BhV2LYCSLSHiTPdtUsbDuIP/FXaFXr34nAtKKOSSY6nP8SMzCPSEMN
|
||||
iscfdjejR1Xd012T/mLqVCBzFJWyX2RaUdygSWUpt/QdvWa4pXCgYZjEVidraOws
|
||||
VWMbb0zuI9KCseOaD/4jd+awtnRUj2SbGeJSVnqDPk0Hk8ndFebAo70uQGATkLXC
|
||||
m5ls0RDU2xHZumuUk+b74Y1KjwdqF65NEmfjaSQ6B8gnCO69eKHcUT821ED9bwfa
|
||||
4XpgsOMEoZklvFByax0JMS4JEJU/xfsLmfeuXVirN9Z82vxAXG8fuK8bso6VLG/J
|
||||
Mpxhq1Zv24NQ+uevvh9loyWMcaw3IqPvQzNlyuuya3rXJYZHSH7TauYgqWySXiGS
|
||||
H6oXl6Ej4GR3t5uWwHKvEREQer+KPZV3uXRnrTpgITy+PxZ9ywmPwmPBHcD6c0P+
|
||||
g0lNNtDdvw69qy+oh7JaqqYaDvedseN39UgBSx++ewRhq0OTikAD/BCv1zhPizlD
|
||||
9BHAOsCxrgnz0WsONYKFAE8vtNo/wB//djf/zqMsI3iWdbWqM9e/muEEV4jQRWLW
|
||||
TWp1XTqqvkc6TsLBBNO5zisJ0VwSfDyRUplr/IWeUl9FrRngjBJqF2nl90US5p3o
|
||||
uk5wUWdjFa0haFyDgZNFwyFr85mex+o6qIC3oif7UjC4kHPe4wzvHDYAxrHMB6MY
|
||||
QvrcXzULmInot3qRAr5duUNbQbrjdtVvOQFvjowBP5Scu5ZBSzc0O2TUUSKgnJZS
|
||||
Bs7+yswfgyhYzusbxlOdA+iE2Y8GuovamGYTbsdCxDStOMfZnaiXuLL04Uy1PQ==
|
||||
=fX+D
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBF/u5KMBEAC0hPiTonjYEe5FqNzFn73KmcN8KGD2wzujmWWLnFXGEVDEpFcS
|
||||
ULQDshhCclwNeXUArUey4nficwpqUe+Xl2h4dP4z7yh3WiL5nA5JRjJjw8KJQGVW
|
||||
AkgiZTnJHH8DrzNt9LnDL516qMDJarTHemDUUUZLNxnuv0RDEhDxsXWiVCQZZcw/
|
||||
41yIY97uCf30dsDwnckVl3iEmYaGTYavWbKP60S8WaxO0YG57RI1etmlIQ0nMmka
|
||||
4bvFnwwb9Jdnwle4LIiRMCGymsheaKCKrEZgIJY+idyBuExLLykiL8iNBj2Pzi7z
|
||||
XSCniH9qcEwfqgZlP/KZwujLhGOc4c4peNwpuDGcmYZoAsUD8CZ8H/LU1FIR2A1u
|
||||
/UrRREtC8nNTDGxCckSMEquHNURfMk1QmDbJ9gaa9aOk0AArxuTxyj6Cn+KQd5l5
|
||||
0mN0R1sDVQq9xWdvnB7N0d3MDhnV7f19iUhi3KYvjVTkCMXjhNXjDH/KXFKoFhKa
|
||||
9SkxYGfW25inwSQoqbP1TE5+rESf57bo+XFxfVQuYfVJ5BlZobz+sRl2iDQyBJDM
|
||||
uDFyXE/t+E76BmwyHeOI1weqUMYebqHgu0x76dTYj9yWgWdQAC1pXi15/MTIaOtQ
|
||||
hWezb5rkI2yZqaZLaRBOIRBIPM5C5AOjL2XbfwUuSr2W4+TvxLocxi48DwARAQAB
|
||||
tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5
|
||||
LCAyMDIxLTIwMjIpIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBH4ckayA
|
||||
MKWlnR76uXUPPIdyPkASBQJf7uSjAhsPBQkD60WABQsJCAcCBhUKCQgLAgQWAgMB
|
||||
Ah4BAheAAAoJEHUPPIdyPkAS0lMP/2IgMErScBUaXrZXqYXoluR8xU0p9DyZEBx+
|
||||
ZGNAcJ2CTPAbn3FrkNGNpK4SOCLXEZPKOQ09umaIxl8H6uEGaTut1JLj1qGaZ8ID
|
||||
4gAeQcTIN9OQA5ElQo+ci20XE9JSvzqY1zb04EkMuVL678xPCYJhUSLS0MAQkcDJ
|
||||
JQLN17SwNi4vGqzVhnwKUviQU9/s+LRUkThsTg4qT0fNnmGoVJXqrshxJa2ZWM6J
|
||||
QtOWBgJiC6xZ+zRiZS898L0tekU4o9yxtnnDWry2bI+mJbxAp94ZAXgKahOU7LKV
|
||||
3SPxkx7TAng24nOWi1EaP51pe7usTFH1BR3CUHZdoIQ4xruZGkt/qPumskofzl+1
|
||||
8bw1bEFbq8S6jC+twT3JUcE02HbEIbrd6l2T8pYBXaojFggGjUTSv9d5YUN5N9U/
|
||||
/Qy0o3xZwHNdXLx6xSrUO+NT5JU1Nh/0sutEH7ru/YqFZof9vfCbV86y8fIOPgk8
|
||||
LkJNUSu4QCJ1PHKB+fJp7yAhlPkOXNG1b9+W/hVp96rdkovpCUkLD83s+suQyJGk
|
||||
QB7Qpem7nS4zp7/Naui+g3M3p/uRSzZgELTnXNyY//bw9fOqx5SDLjSUslUMz+TH
|
||||
sFTwfo/Mot70MPHMe6aE6tdTDoJTcv4Iim/8MDhJ6yqKt8sxprataZoWwFi6zAF9
|
||||
BzWkJcrbuQINBF/u5P4BEACso8iLzFJ+M1wqcsCDup+GtRMzte04CAlLmaLgyzfL
|
||||
3xxBo4AUgX6UbUCGycG878JVn52S6Nsl6FlasmyH00MGjZt1CuNz4htfSmLGcBMj
|
||||
IwQv1CYR8bm9EPwR15NaWdgzJHShCduMHv4HdfqSa6UQfzO/P8mwioER19fkDQSE
|
||||
U1KsY0yl//ipWiW3ZJGShGHLnn4YbxogQtsRPESKUsQ9MtzuMt3ehGtkN4RguOXC
|
||||
6pCWP8J4F9lgjSZ+uLOQKV4rmpbSMXntOJi2nu+14Zj36enW8xyAXO/w5z/wci2G
|
||||
LN/aa/v2a3GM3WJQsPNzpDwB+pr1n0Kp+wK6K7siVmDoV+WecD2KNNgOuSyUve7h
|
||||
BjWRM9W13LsgLGhKJA8yUpPvhXk91vLRUhwFJ2GUirxLPLs2TSTjHlHvhcPy6aX2
|
||||
HxbHkcOt53n2h0zx7ntl1N7XHozMWmHphPsSvOZ5StuQRAFvfE63EyfR84KUPIbZ
|
||||
kvftbAJPKCJC8W6GqhfORzYZqldDNNva5iYHF1OItF79ZLGI56diNsBV9SOVKk4d
|
||||
f9Qp6urYOd+9RGQGmCQte/WSFaU9z9QYPEGl1NlmGAWt7KKyB6QXZH1oEMwXtPd8
|
||||
4GQX3XGtyggEp6BGwkFFWRQzF1EZ0maRPrpN4bpQqLXSJiqQxsX+FAcOkhpo6X7b
|
||||
8QARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5P4CGwIF
|
||||
CQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQTpq255IzwEFuiZP0UMA6+pClln
|
||||
xAUCX+7k/gAKCRAMA6+pCllnxDtmD/0YCUccmKudW9PiQw7mI1HSuwL6aS+MlG6/
|
||||
LJ79nmi6TTpe87NDcEv2bBpVWYcQK87smCxIYyuj4SCZuBQivjyuecipRoG14PUh
|
||||
KU8UiqdF+vKDvUAA7huOBlR4dgr7/KvjirnbwO3mGouwZszDOLvaHuO403+TPm1b
|
||||
mJtEA9y6Wbk/+PTtfPymQwnaiJkPhQ6Q7ZbyasRIisO3MRPacUjt2DXFi5VV/Mya
|
||||
8o5Pae3zY+5SjMyE2siPnVE4/nzp424jDzSq4DGEUip/x+QYHFwxhCJmdZlRIFmn
|
||||
vSCAGXBpyPVbckC0Gw8kZ8HsGzNbMbx/VjDG3LFT8TR2Djsh99/6icO1J+jDkPNn
|
||||
IFEsYjAw7Tos5IPhIT1XkSCW84KqBG5pGI5h7fJzf19sR7Ki6XyFe6VYvggeQIS7
|
||||
VN1ISl3tRN/dk0GbrKkUKr0OVfaRD0wXQHTzbec8Fs43G0z/DKoFutGB/J3yjAmw
|
||||
IOcP5R6rqjhVp4APQpsB51XCaaqEXaXZyMWrKILbPIjlE6FHeh1qd+zdIjullnF2
|
||||
YZv89HU9dIXxKr35CM8f3BWm4D4cRjsUOWoGhMNwdHzHYOdys6T72KBK9D2irz8C
|
||||
L0bycjN+SIpde/auo+dQKqKD3/ipr4dyKJyOUsls9cyhxkFp031cZ5rWbXcLJ8/s
|
||||
1BeVPjFCngqPD/9rMKA6kCSnTo+rSqZRxo9RlQwy4K6xfPPdHZvBi3A4UYCsurgl
|
||||
qLtFtGG8SMWigmUZWLT6uhsi0orR5wfG7vzajF0Hcd8yuWa4zGeu0rFJXgG64Pyj
|
||||
nJHtv2Tzi8DNY5Y+8mfXqUewyEUXQLxnLqpGlPjNUAJKvjm4SstNadewgWeb6F8x
|
||||
UQJc8owGmK5+yZQ5LZj6bjt9Dr3SCM3Og/iS5XK5POGUJgtgXLXp3uy7p9SzsJ73
|
||||
qhrDII/YqSwToMu8tUv4xEGxyceVPDm+ywde5SXYmtvMYrq5DBdlalZ9kBlC5fyc
|
||||
IIzKoIOOkKKpa/YAyKdLTk8ZByjDk1RrdcOyP4VNpCvyisf6JPwWfKdM5mxf47hb
|
||||
s7zioUH7miUGA6i5TNi1e+DU2mL92sJwQ0WkHw6KaUez2Y9CaD8hZnQw/h/JcNq6
|
||||
nb8y0GR8h7qWms3K0rtSs8SuDXUsdZrFAeURivccmohXddtt0FDzkheKGXs27SSl
|
||||
8oOCh+jl/hEUzz2mJGFwRBo0FI5ipN51IfjhMJ8zzSmvfrtdwT2Tu6wSY9DLsYR7
|
||||
0tWGOc2HA6o7kdcC1V0p2jvQct281FrC9dTXFgcDuGUBYhzEZeWwjuYQXBzMquF6
|
||||
ersVnPo/Z5l1SnkK+wVBQbf4igHOaobl0AQxnb86W4CXBTZ3CvRq6o8vWbkCDQRf
|
||||
7uUlARAA7oTlVZXhdVlPnSQlnI5JwovG2jEIrRifpbyavlhlosX+rgtQ5EILn0DS
|
||||
PJ35CNfOAeOcLQeRrJAZj6w/x9FHWfKRAHUeiTTsVDzTrDyJBCVuC40ck587KVUc
|
||||
GuB3vee03/y8qAczj5TZNaDdl+4qAzOFQuV4MjwJOx5fsXZw3dUAS7pw1mTkAYTh
|
||||
nz557buc8JJCxrebT6FvN8bugk7LJ8SYmI154Q5wCdXB6Q42sdSMFlKKPYRRmIvX
|
||||
vI4Ytl/J35v43gCLbXccTWQpBX+ra75sndS2hYGQhcC+WdNtt4THgU6Sb7ErpJK7
|
||||
7A1r1Wf0WSioQ2VWjT0QbUE+6IXD1J8duh6ZgzuqppMm13aDdMDZGwdcxlFw+vlo
|
||||
bM+IAX+QgzPjslM3FHVvvfCLka+ctMO+lL0bz1G4njNEXcIAILhmoqRI4ItVH7Nl
|
||||
ZI3pAfLLB4qbhTKTIiS+uIoA82RU86ozr5oJZCsJa5N5EpJnYxnjv2tYhU42eh+j
|
||||
hyM+5ra1dXtveKvL5SkVuRUlPZvgOuwQ14Qnj6sv8CmtBpyVpupHmY2RbNtLVLdH
|
||||
Ix3lyQbgVo9iMJIoXiPXmcRWCgLgOeuETjFXsEcFLxuN+D0My0dtwWcg+271vtPn
|
||||
0orTObxkctFK+V32ByJYxVvytNCW245bICpxCicxmh5kYEmQCnMAEQEAAYkEcgQY
|
||||
AQgAJhYhBH4ckayAMKWlnR76uXUPPIdyPkASBQJf7uUlAhsCBQkD60WAAkAJEHUP
|
||||
PIdyPkASwXQgBBkBCAAdFiEEqtu6UHTxQC97adVrxbTukxqfnf0FAl/u5SUACgkQ
|
||||
xbTukxqfnf2aeg//ZspIr4ETVf3ai0dXCm2Pf6gpM7QUfI9fPUHymvBhNrNhfZqN
|
||||
ADpzbJefzLif8as7kUr904zTc5Jse5a0MzCrMyEwTDIoCKDv2ktLq1L20bwflZs+
|
||||
oP27CYC5FkJYgLYPrQZ/7hRC8EWjgn6v3seJtEo8G73kiVEBOnxVEfGZ8zxmX1Cp
|
||||
aOWfhiFYCmkEe6Ck9hG+OaWt7+WW0wWT1UFiluzRRAEMROcCUtyB5IPCqCH/Rz/m
|
||||
/bE6G+lHZo6OY/wY2q/oW2f9JB/4QyJeSI+fkjY/wDjfNQjiPMLfZctv25IeZYVY
|
||||
ZvIKrdnjbzRe+GwYLg5G/SbpSOEb5O55Ps8mNUpYFaMCfefW+DG48a4WyUGzFr52
|
||||
BMKvHKtc6c7P3+muBAqcNZYxRqyLIQiYiV9CCjpIV1WgUeedroHUXvJF/SAvNVvB
|
||||
ZR00I/D2hsD9BFh3B1FEYbw7GuYuG27Z6fgRolOQUeTabjQLI386SV3IxZ1KFwm4
|
||||
GU8BTbUA2zwT3hu/BaaCI5jTSLyBpdo10b1wgMEnqmXG6AbNdxFVEWwE+CE++BHW
|
||||
0YBhKp8fghHwwN1fwTCV+QyA4Qn6EBVDkTrUPKqTeCmHzt3AQh8WVrsmrodyr5Yp
|
||||
69LoRnlkLcGJiOCKMOmkop9Z32ckGieYHrl24Dw6hmUSWDG+pBn0ezbSPit3FhAA
|
||||
qD2y1VzqxsaCOD634Ltq8AbvphP8XZPrrsC3DIA36ITaCQDa5Cn7madLCXy/uP6N
|
||||
+tojtzXf4tUzumwGJGFLtdMXNmuEuXrj++NrU1xcscbvDn5O4NDMadwI1EDlQo7w
|
||||
uWK9jaQAVhF7iDEBEazZe26knQFxC0my4SyO1uQaEg3BKHj6z7dkAjzWJaQZhzql
|
||||
yrRzbCiVUUI8ZkrgM/+/6NJohUG/had6DoefgK6H8/yjgVx1Wtx+XAuBQ2cvclhc
|
||||
TAmHs128dWduNHxI2Yx+uM4kuHYpPKBwdEh91ZNeNqtBJURfSVjBCjKkTYiS7kiv
|
||||
XyvQOBdZVeSVpj/QoAfaUlQoBVm7aF6xf7GtYlVzjMsLYdpjXhy4ZbQQVUuPI+1f
|
||||
yFkw8PpASZ3gvO6KQ4V2w3hOYAxYQ1kSwTtaA7+18nyv65VolTmAotmLun94UKn7
|
||||
zjopByBnC/XEqsU3tibg9A7xQ2KUpWkpmG35f4ZR9aEIxSe2Jmm+Se0JfiAq6Szf
|
||||
dyWvr/TzaS/BZL4WEPk2Vw/mzWEPZOscpIkBFGK+Ul7yuXvbrbwr+zmAikHmTb1V
|
||||
XfPb9eBnwDDuRHhLBym4FMrPjzeziAxxkScTfDjWq6rvMmaEe1CX+dj6ldx9Jp9d
|
||||
iUngol89eSgAQOtptjcit5o0Y0Mu/RF6KIBG89ghFly5Ag0EX+7lVAEQAKFx5asK
|
||||
W7A9BNKPkaXgym0AlW2szQR1nwxi3APLVLS0Al9Y/3mnBbYyO84HDr82AtMSWSMY
|
||||
UZIKtkUj2sVqUb+xHOPkY/MenyoBrCl2qaTVJ89nnWMUjtrX2qk0O09+ByoYXTit
|
||||
BVPAIZ/qZfGNB+Dsp1haNKRdowkf6WXkw7A9dHB5isVmaM/Z0THNJRHwc6mcqbEV
|
||||
M4fDL+OCx6m2KQHTHirk+OE9Nwral82IIqj3d5UBHmjHAbQNXTDzZbWg6tYbLN3I
|
||||
EYxSRQpkJZIVheyBmWFZuivm4hCDZxJlZ1sgxQeIZk6wR2LBR6ccTW6PH11PhIpr
|
||||
6O8aQh8JUMg+/aJK2eQXINozYdjOTUjnWAUeUqML7Pg/vERRAgHXO9Z+NTIEWEOo
|
||||
Ee+8WOFmrmfjb9Uz27DtymhUjOl0ryiG6F1b90t1rZvVKWR2OaCUhICm88o3MCgb
|
||||
HFeOh7v3tnQb2Uot7kY1hgch6j1MNYWGb8LjwoTAmx9okEv9mh119k+SdVJP6wsX
|
||||
ZtL4860vTfTw6RQM7rkZBzTyf4qCvU5uRSd2u6JqtUhw4m/gkKQyW8jLEkqX7JaT
|
||||
+iEBgPzjALvfSWDbDgst0szqU5jltYpgjG3On7/ZGFFJrkB06orUvovxLThWWvm1
|
||||
iugw4/av3n64hl/yfxvKQHLQA3Kfkjjzc3oPABEBAAGJBHIEGAEIACYWIQR+HJGs
|
||||
gDClpZ0e+rl1DzyHcj5AEgUCX+7lVAIbAgUJA+tFgAJACRB1DzyHcj5AEsF0IAQZ
|
||||
AQgAHRYhBGFPhWcuJXtdQn6ZBiGZBzrXgrS4BQJf7uVUAAoJECGZBzrXgrS4jfkP
|
||||
/ApYZIRnBL+LdTPYdbZDYXotkE6RO6ZsPdcV1G6na5jJ7igdVuvoz5nP3rX+oQoH
|
||||
6k9DysQzyh/SkXRPnbOOyvQsI7atmH7SkhNn7ke8zmEJLzApHA0ZMGXtBJHQkZwA
|
||||
5LDWIQb8HbtJTBr2DyJcQdpRmP3hHDgyYgwg0AUG/2JEwYqps+/pqJCrLSP+GLOA
|
||||
ia+wRH9xwv1Vl2gIxWXqEO6U3puqUg+0z1Av4Gj/xzuw1F3eLrOfgklhpASc8QtC
|
||||
89kx1nhFS+OybQfRAH7YN9DKE5L1kJxQ4t+uW8TiXf9r+MdcVMEI3LATZRtgowFc
|
||||
493g7EkTppmqabFns9OamyxXdIzLAKoKvykr7HPCBWUnZn2I2RrcGQltRBQlR0Mb
|
||||
jO+sFi89XnFPwXIw/t/9zoq1bXCGTt7H5RtrfxC1wTYXqLEdV9pptNj7j5mlff9g
|
||||
DMw1v3MfUxbz9gIDzs7ANnw3SkWi+d0v0bLadWdItkq2WKvvgB58NJtKPc8Jwilh
|
||||
nO7W31U/kv8FR9JcFXzS9+Y6ejIClF4FAwr5tK07N/xSFAKEs5kyAYEKxP6vI59m
|
||||
5h+tO8cws+pi4gqfWa3t3b+dVzKl9AIkWAYjq9FvbfiqZgKTlTviSUMpmK5qJVld
|
||||
72+NiolUVniJbw9Z10ps4G4zmXSl1ZxyKnehUzcKyPieEEsP/1/tctQx1LhVu0TJ
|
||||
RLtWrE523hqxpqDdF8/QrNp9dX3YVoEkMQW3YYir2oERtaosWXmRjldq5dNfgtwc
|
||||
lhG+/CP5rxNeCJlI+b64pC/yQMCrbz/V74aAipuv7ZZMflgr7ZD5i3jyM/7/AunS
|
||||
qOUPwkKrjetNF85eibeO7c0Y9/HhILkLQ8EoNfJshdc0/scwMZEpLHTMAHSrxCAV
|
||||
FuhLsF9epenA6IbtuMsp43aSxshX05RH7F94uj4VCMUSs/90viB5njItpPdZCqUH
|
||||
eXSvLSjxqsmS4Tz9Dn+uWvxleBLRRcpZykuNLGgwVXafWftWbA+U9KaJnDWFdzjJ
|
||||
+gAsWfHfFBOa1RfXYP++e+VJflcHaEZ4byLG5Zf1HqAvvcaShAVuMXY1hoYJinvh
|
||||
uk1zJRW9dP7apZx7BXWxbWcn8LMR5GFfunl/M2iNASmkqxJ9gvy6TBRWJu2QeNbN
|
||||
5Ks0/GDUawQqvhmM3V6zFQWVsPwaHpufIaGqnKC2gXaIHXPP0ldyXdLXwgZ+6A7D
|
||||
IEqHQB2BDbiJtovk6GaK8PUCEHTiDmRF/mBzlpBJOn+Hc5ELufgr9E2lkrKJzFag
|
||||
CBCucNhVEaUedFrycxfSALing7DJPWb5cobu9K+3T9L3k57XgxSAj+g6vOxHuxHL
|
||||
ve1IPheCWfkKpJH5faFDWKpJYYPauQINBF/u5YABEADgWTS7wFA39XvpWNHSfAAR
|
||||
2/nlGWuTvD7zoirzUwOd2+I2XYwgl910KsznhlqDrHZlqKuGRjQlbpyTbsOH2N5k
|
||||
IE+0uEXidU3iwslSZ33RLL0h9+czDnlgijYXLCg5ScswBEC1E/kXX685AUCTPX2n
|
||||
D1+Ymxxgov3AvItVxKDd3N5ERsy6hYWPK4ACXt47hJFqPfPtnQe2IdFkRm3bOuX/
|
||||
X79Kb5N6cAoao65Tpsix1pm6tTNww0+THzIWzK/yhi1/tUOv/QJMEVAxeBAPr+Pm
|
||||
mvjHvsI9RNQt7VnoHVkqJhPDxyQZR2IOVQXvlYyCtkPA4WQlyxLzWM24TG8xhD1v
|
||||
zZzA8qs//o9QI8OLg2ZYxplC4lW6GEZk3GnrTXs7bW6HUq+RlayIbDw7oMs30jAv
|
||||
YyDdQpZrYuZvsWKbKu+65Yi3M5kW0v96LT3ueMJaL/RanL9JhAWuEqyezffsBZ5a
|
||||
88/i0n9FJ8cQ1fZq2/GLq/mN2JZ3e/HSWynTnlmk+qGk2bq0cRFJNHAs2HNAm0Id
|
||||
pjSFCPmek9j30wp2c2knML+SsSw5h6570mwILuKwFr6i2hyFlPk4H7nP04vPQ8P2
|
||||
Pu5O/Cfg9rPSBjIi9FsNS8/a29sSuOmsSGHZnMrVUpGw+iKmx/jVejOtqe6hYydu
|
||||
MSQtIU59E2fq5TM4tub6qwARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88
|
||||
h3I+QBIFAl/u5YACGwIFCQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQQjoUGa
|
||||
YHzyVyZWN3UsTffOV4ELlAUCX+7lgAAKCRAsTffOV4ELlDerEACBP9kAH17GHloL
|
||||
XJjd1IHttRWU2Qs/VV0H14g14hgRz2/Qa7KRR4mGrXPKS/ctMkDXwlvs4HPUTeO4
|
||||
MMT38hwxv54AjW7CtF8DR3EQFXKR51roICQognvqpPe1auNERdLzAdcn+NoHEQB7
|
||||
eyPqjQM3OGGq0SVRwNnv777o+Kd8Ncv/4fR1xvA20Ds94G5vCYpHB6J+lPPVXBmz
|
||||
rOYSf+QZWsXjAZdnAAYkpEjfJhNrqvqSoRxZ0dweCqieenm8Nzt/vdL9nT3+4AGy
|
||||
5hmaAG2ENj5AhI194gtgACvKwCl5hF0VKMhtm5d9SWS+1quHzgn3UFh3VZrfjPid
|
||||
CR64mIu3RpZe7EcR+lMl7gCJxdFlHVD3z1lbz2V6u+xH4ZsLrTY+v8kDxzY8ojM/
|
||||
zDbnlEK+xzA9akhlaD3D3wKXRVuSlrxfEVv14mwKN5AYHN7bLL3bjOo9WYtLznH6
|
||||
Av4GqXSQ+LOl0+6bLKmD68/N0q2IiZwUSOsxTE1fUdYPF8eiN8L+35Qt0jwybieU
|
||||
a3JYtmO8EW4ZEmjJGwKgyrf+eigJN2/0AeBwcJyUw1YfzaqqS35NNyn5eKANyFQ2
|
||||
ZhIjuXRyBOoUMBAx2TSm7FGeFOIw+aQgap6HuGbZ0EZBz6hr9ogNC9FVXCPENKo+
|
||||
GdTGoIEs0n6gGOPP5ssp7xUK3420AM3HEACSmYaNC1Gfq2d81fI0TBJ9ATCRPo14
|
||||
MjJGiWaFaXoVp/lQeOvlX2JyBG2I6fhMGPGKntCfX+/MERLNAiahQgOjvnOCQdlL
|
||||
hbq+6loQ1eSTX2AXpRlQpvyxLuebbM+HX3N/9mqAksgQdljmqoJQbiE/HqXqjmKe
|
||||
16ylU3Rjabyc2p/31p7hm0IJ/3yqDsM06FUBJ108SALQyVvKqRA6q1t/Odb3xgt2
|
||||
isbCEgvhJ8kYz3LQkvTW75rSa1cM53Udd1rbyo1t0PaOSGeUZw73/nY1+6LtUEg7
|
||||
Q0x4ohL1UE7z7+14mAtn4OvGDuZJil7Lf4cPszf0SFoHPs8iUFpSorBwn3u+5ZXW
|
||||
NYFblPU2WK3O52qZqsjuQI/gK7uQhXjJO5nA5M8Yv7bVrbLMOj64hdOpNbd56Ycc
|
||||
qwYbHZL3WyRAN7TNg5ZlHgIVac22StawjXiHWDGaAXpCaHJn8ryM3LY+LTz16R2M
|
||||
bi+HVaw+0fY9f/mIcOdT6AyDg+V200GkGXL6aw0LZkBZmDin+OMmL7AS8TZ4dvZt
|
||||
zj+sykcT8DsaFj5Au6zHJoCnsuShMquHOA/vcUkhoe8/E2Y2QdiX7zwDM8vFM8tX
|
||||
DujFLNPIZuItcVEpE3ysFV2ZfVgBXoxTlZUQxdgJBQ0zg6Ez7rDYEAhVqo2gY9sk
|
||||
XtN80X/unsjGSbkCDQRf7uWiARAA3i7pu8/QvukeIBoIk1V0GHGPjX+GeV3fR4fu
|
||||
ciYgx+NKTXT/oJ/89KVeetT4CSnGEZcEpAvsBL3hsiblJYyLVmeoCniFlU+rMem4
|
||||
zYP2PnEX70Q56d6SjBArs3K1FZK25S5qqv5ceM10NVRwPufV1RIuui6mQLm2ZwlY
|
||||
JyyANZZXMrHMJdaHpK9mMBSSF42MFQZhcauQCrhMhcpmZKn0D2+PpRveYwSr43Qi
|
||||
qBWR2INTDmj/V3ERMviE7vLajWQcmDdcrBp4u3miAJcJSn3XR5SiuL5W77jFEzgJ
|
||||
zR8yTC4hWE60nWJOk8UrEbpLyr7mBE0Tr7+1IBMgVXh8WHyzLE2ENREFvtp8KlSS
|
||||
y47Ky9n+5aqPI4M7epMNwU/ZGQnC8o3yX0zZL1tKq0fTAw1Ly4NGE1gRbmzrQcCh
|
||||
qUHg/J4KFYBMg8eCAzuPp4CRk8wUzu4fRWrOraoz/7bvhH8ilgPu1teLLKzDdOdx
|
||||
QAaiz/nGy00ICNbYqifR5m73K/rDdjtIqgsMp9Az0mEpgVNq8SPzM5grqAnP/iww
|
||||
QxwFftiXq/pEP2d8rn65e8NikN42Q28PH1D/uBYnOuVdZUvjU9wwywmfyr+NZMaH
|
||||
X9sN8R3Kk990W9VxwdOTITpAjz0qMtpE7i/GwPEtpZPTIfl54+cVKvyUjBuTXkWn
|
||||
vXN+6MkAEQEAAYkEcgQYAQgAJhYhBH4ckayAMKWlnR76uXUPPIdyPkASBQJf7uWi
|
||||
AhsCBQkD60WAAkAJEHUPPIdyPkASwXQgBBkBCAAdFiEEBjEqvVaiYb6sKxATk1aQ
|
||||
aqvQi4MFAl/u5aIACgkQk1aQaqvQi4P2Mg/9FXfsIZAgPN/Dq95y1fHG8jsPXEoY
|
||||
VNY1codxxAaNqvBXZkfJbFwSYpLY3xIbyxHuGuOtC9NpIy9M1+PR7MsxtZAvSjP+
|
||||
flP/12x+6nP2H3NWOICpsY1tNOnQe2SjKJxZXHFnDqDBgKpv3QfKUHmYEdExJe3p
|
||||
NQrjZAgmdbEHeoj+P2VV5vqRrJoqNV/pUbM9czfEHeMVMm/mwWNOi/paCh1y/PxZ
|
||||
Mkj2bqLMRFfML9O/7QOJRxu3wQwl6jJHj4o6CHks6t237FSB+qZhhQP+vR2CZl5w
|
||||
lQ4trw0wpNgbZRIMlU3tUfFQ+KdFsM7UqwzwrVgWFur5r7KrFzJN88EKSplrIY0q
|
||||
se6S5b58H7Tw1jtfjb/xF6jQz5aoZ9xemd8roLReRpKPq70o2eIP1HkjCtqmd5Xc
|
||||
RQaVEUvlv34WZQ5w2eA1bEBESjbrKhX+H0Un0msUS0JpnpegRNZqW3Bedeos0usy
|
||||
MsfqMYmZEcZb3hw51XnSb8B/WhkSmcoEuECRxeCu1tw0pn7o4GemAeqT5ng8LXeE
|
||||
RJhrUTlCIyRab8TIQZvmf6XjneT0stZLKCoZUXO+7FH7F7nPsew1dU+WFIauQX71
|
||||
PkZp2JMT7W57HKPuEillF8v5+H1k9Jq/2k+ZdgmT1Gd27nALBOc7q8rr00Lf6BU3
|
||||
K+XsfWo+p08CXKudfQ/+JFzzpyKeX5nVqiqbxqUakPy/Ot010/7457YVpvcLmcvT
|
||||
Yn4cR0dottl96lp5wT1jN7VXfZu/tsHEtTg1ofeExNuCL8DZVsSN836idRmObhLP
|
||||
dnYmThZcXBJ3RgSniQNwvuuGUtpH7OXb5vnAOe42+n3yucxhPI9Gzo5g6fTqWwb+
|
||||
qwh39ydxtiv3v3jgFixJLj/HH3MsxTm6cNUTWNLzvX+HugBeuOfyDG9++fe3UmZe
|
||||
MczAF9N9tDFP+0b1diXywJWfSdVLBmMARYeh0Swjud60SQLTqaqXVfPSECGo9LVc
|
||||
wot2u4q67QhUC2OTKiTkF6QVE05iKoPEPkCTmMvSpbHF3ERZE3J6YsVg17Uc7LrZ
|
||||
7DRRF+03mu4njS8LvIoeBuqsB96mNQNH/PwLSANWTtclCwj2C9W1HKy3zKjnu3kC
|
||||
PHLzwQFEO28TE5EsblnBdA8ozNIV887V7yw89MxPhpuXRn8BVAU1S9Dj7j3mNHLj
|
||||
rVAgZmr/nx3oDt8VfOZpK8u3u1voZdC+cnTBdcG2gzM8Ya+h8C60Y8dFzykr8hr4
|
||||
b5gDeDI1OkQ2vOQHtnQPdscYKl0v1ntHq2wrFuCIol4WneKh3Jrvdb37cL971u4g
|
||||
dpw0jTO/ykCvLlipxjJ/NrnXFb6TriZRgWZqiIwY2lKEfZDXqc/iOa2L0yBr21a5
|
||||
Ag0EX+7luwEQAM/CQdinTzIHaEJsCe42g6tt4dBC/UC4wD367rJcyJbEd+qaLJwS
|
||||
CQUbg/wrEdRT+aROHVKLwrvXxtgJs0x15vvFTurkn1BnNMh7p8woYwip7PKrNn2+
|
||||
96Yg7Aqc3a3gkDQeF8Q7uipOH/5feJh6l7Iu718pvnDUw4UFZt/RUrdqseFXVwr/
|
||||
ffSalLx7gJhL3mYuU1qpJZxsonNwAS43eViagI0FHSqixB5kPgFcbBf3BIiisOCy
|
||||
a1L9a+zSt1y1aEFC7m+9YlGJA3C0/X8s+dK0VWOrJlP/WmKUp3Epxpu6srsBItcT
|
||||
YMuGA82/03YAJ+jpGMRb+X1Dq9vuOUxvDjG+G10Cgew2EjiAkXpVg/1NsCrQWRbs
|
||||
KtFf5PXGfKCO0i8hEzwmJLd5OlNIIiup450iX4eS77Tey69hGyweLIC4YDPDwFpp
|
||||
bkDdRG6nDvePbEHi5z1L41NaWNa0wEyh28OqrmD0FCcGukk24pBVemVEx0En4siQ
|
||||
la6/1QXQlG/wTi7Yi71V/4oz7iZ4lSPWs0ACFGD9W5InlRykiRXC1cV27f+qMw9u
|
||||
Y6UbgvN70cWflK5C7e2h/eAQfxj+seYFUjMnJTkXiZE85m63p1Yu2A1c9+jqJ0L3
|
||||
Lfn5YIQdtWdY3Qc1RIQYPVRl5NcgXIPV7TwjvnjowuHjWX0IQbhv61lNABEBAAGJ
|
||||
BHIEGAEIACYWIQR+HJGsgDClpZ0e+rl1DzyHcj5AEgUCX+7luwIbAgUJA+tFgAJA
|
||||
CRB1DzyHcj5AEsF0IAQZAQgAHRYhBOJesM8c6ASdR/HZpjPhDkoYOo5GBQJf7uW7
|
||||
AAoJEDPhDkoYOo5GhpcQALowCpZ8UowMWlQFfZ2ySJalnZM6S2RxCFiss4W9pGuu
|
||||
9PKuN2wdXW3HGkBGDAuQgLwanSfhGSt/urT3+DT40OlDMzanRwEK0qiSaSs/xBtK
|
||||
dNL7JmGbcWTXpNP3aHhfYhVOg7NJnsfZ8Ti3dfuv3ZrjcLvgdnZ/s6O9S3gU8DtH
|
||||
fpnOfE3hxjUEHEw9hs9Otc6foCqMDZDvfU3emYduD5AvTiXYdeD/mZBD4OmF99II
|
||||
XWNuQexAJ+xgOPdvXaYt0lBuXmfMcn/1hrU3RJqguwnPZ2cU5zo41/uSbdsFrTHK
|
||||
yEOLTn0XYYk07mZGdscljzmXbpsbAC4Jp8CDBhUfdzfi1n3AOyblk1nywfionLlz
|
||||
HDtfWQYCxp16N8S2MU7tA1w8rFNwVDVwmxIfgjLrjPAgvqSpCmLHTXNBfdLUYRAv
|
||||
SpY9TR+U4YOOuEx2Niwnprdjm1qilN+fmPR3tWvVChlD3kHmSpi1+9ix+xizlBjN
|
||||
eZ08Eq5rDBPsTpqJmoNS8pHE0EL3IVpcB1pZ5rd6UBSa7LoMLeWwWm7Ap5VZALfp
|
||||
jMNws4SA2q5OTRY2or/+m1+cfDWIP+2XQV4YaNFMbO7XKr3vnUOxY9gyADqfRJiv
|
||||
DljHiw5iLzbkaHs7dYJOPNMGMlRzZfkkxg6Patx44TQ2rO7LnyCgVdFZWDHNevgR
|
||||
Z8AP/152xfh3qsOnT+R32Rt8CcwXmKFxLylgpjegcUmbutow9zdlX26qZ67cJ/3p
|
||||
hNLZgAYKPrGecGA0BJ2UzsPEKKz8I/dAp96LpHo/24WqUamh1z2PRAgyJGC43zm0
|
||||
rA/KAlcht8bbI/VuZ5eAYXjH01QfPS7i7fFOryYYFqfH+BTp3ZEr/A7FkcOZXmNV
|
||||
Gg4+oC2t6cJnzDsM0MUJ7dgNAHTLGx6RZZahdE3LJ8oVJ8Vek9KtjJbPr143EZLt
|
||||
ymkiy93pzLUaKWfCZJCCI9nfJnNZnvoQXv0l3wnrQIFE14Fv0jbTALHRgRJlB4cZ
|
||||
i3teEuf7shSDsd13JDdfmxMsxnfeVsIUPa+J0GBSbe14JHXlcd0t03cpbzO547Qb
|
||||
rFpD98XO6Y7OefWD3pwDF2Izjnn4Cny/hpUIEO1A2j4qHhUkqmnFmBO6yIFic637
|
||||
CJnYe3uU7ss/TNIUKLhujqlcNl8WeOMVPbhnCuOhyQh2aioAKn1yiQ1EgNSIGIVD
|
||||
LwqMt0kxI52/aDkZgCcEfBFC1c17IeUH+G0HMGm49/acFHkhX61S4efXhvzH5J0l
|
||||
Dr+0qk4aVKNwqkUNp56GSMLhiiSYivX9Xa4qQGNlmrki1pC2DamlTXDLB67XQcRp
|
||||
dAc+4nNTK4E/czrr0+wlkgz7pC1MAllCLilyTSPGnKIPlOd2uQINBF/u5d0BEADF
|
||||
+6hDuKvzbmKWZNXjJK6Em/5nnzBOa155YQLN91zMs6COI4p+YuIVPPzVWZYR0yHs
|
||||
gTWw45cMV+RYwuL/P+1Z84bgOyPloIVF9VQjOC+wB3Gn4qmTzobr6q+UfQVvUiUQ
|
||||
8fGG11teWvYpWiG91uialjHZmrpAOQxjHRxHPpi0cZtTFEqinCIy6c942xbtZnzf
|
||||
nzPpxkKl0a8s1eKZ0KlDK6Ab59nxAinilohXRg/U6sqypsyLl41L0qMZek5dEt4C
|
||||
r3spdSkZgxqJpLTqQy/5VB4pcfEaIaank3sLxhpil/oQiq+38WA0VkICQyeiCsvf
|
||||
eEKyt1C6COBNH+olegUxudTKDHFthyGMPRz3McI5jHxCyru0mfLJag2hHXzgGoaD
|
||||
VkYIwkvyVsHWDqrZMMXcCIUVlpphxtHo1M32AATnWFe4K1nFdbejR9XC5xWOgwbT
|
||||
zCblqporHzU0c8WBbfJ0Y10IDrHsa/F08PkFvVN48Ydik6rcwowSPxP+59Q9AKLh
|
||||
Isd2hzfWU2zAbG5Ph1wecwlYR3tp/0i3uSTDXfuuaY+vrqpoECN6fnSg8NxiBbjU
|
||||
JR0Ju6KDM2SeBUz5hp9BzL8+OPTogRZoinxBogrRAvdGLOnLG5hMjBezzF8UEvp6
|
||||
IMisGHBZgXoX4Juvf78RE8JOwHa+HUejj5kYiQW6TwARAQABiQRyBBgBCAAmFiEE
|
||||
fhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5d0CGwIFCQPrRYACQAkQdQ88h3I+QBLB
|
||||
dCAEGQEIAB0WIQT2AU9wN9W7TuO6I3E56nu98JFFWwUCX+7l3QAKCRA56nu98JFF
|
||||
W5whD/9Hu5cnJ0hnzqk3MQsdMXbTNLsv+KePV71kcMRat4hjw2Li/TUaC8xtA81d
|
||||
O/1obmsuoDAgv82KlQ7DLDXjFk2q45lJdgZxAkN3dEoYakdTIEi11FvwbhV+qxZK
|
||||
jTq3jFQho4i3GDLgrvBMG4B1TGMH0IPux9fmBGpxYKmp1GjhpgoMXp9bqzsV/mPZ
|
||||
TxPlmIpeJEO2jeCWKhHHw6rzwGjF68G3HiJ0TqvjdCtcNrwd3GTDsdEJtUl49aqF
|
||||
M7VfoqKjVdRO/YDL//+TJNOYz5EBGjIZxbhgZJ9Qz+geSBx9GJtDWdq193ofFi39
|
||||
oleTFnEMj+OeIr1Bc2pc8Z3HJttFknicJDkeze3mM0CZAkhVkLFy6DvAQkXrgvfp
|
||||
AUYFACQW8E2XmRBiKd4huojWYz5QGSEIk2fYRVhse2HAUZ9gTODSX2L13nls+BEi
|
||||
sArsmSFA/RQslDXW+Jl+P0e37BzN51uk2Dg4ylJUBgcpTRUn4Q8c1DgHDhkEVnBI
|
||||
ny2H/MFuhImw9g5xqlBfCEKh5D8D0e4fX28MhSsBlOCeIKJoY85U3GNY0tlIwAt8
|
||||
M7IIHe1n1qncPbAMmq0K48J1lfyTEbXpnSfArzEdbnosjBUaiQX5EwA656eZ6wb3
|
||||
Vq02UDei6KPuOosl4Voy+Ffq5MCkanVMA97/0wV3CeCvQYGbsvsUD/9fLYc3yH7A
|
||||
0xksK7PImztDR8MLsUPoiv/vnfZ+WJJ+YJ0TKAHm1ZO3NqeZmD7XoWHKwh83zsK8
|
||||
x/JUASCBN16isC+Ym6IwF83/HXJfKNvvotkr2WG6Dv8Vg1Hhk2Iv5y3EMbFa9rfv
|
||||
6vjxho+0sYrraJH8qQAM08IIOi7+afrkR/ikgA8V7ymqmdxtMMHZqG+h5R0VGTVw
|
||||
QBxZ5/ZiY56Qn5UH2m0Tc2AHOcAQTvCEwyb19IPyhif+rek3npSvKtDc6WBJioyi
|
||||
gvDhl+jgIfcIo77w6GthgbFc9k68Je56Peu2J30zWj76Z+Di1OJhAj1wFr4/XT5o
|
||||
c1MB/Vfyx3hEPRDNz7dRaDqoVnYVdoI0blyCiSkD9I4/axb4X3xN2SK4XA/zv+Lb
|
||||
1FbCM1XFL2aF+09tk+77EVdWsBmQpOArD0d54E1YulBGaxVm5QKfov23KiqHIFVF
|
||||
8WYqJqNJwbJRZii7klczkVm3wFte3NWK7HW8kfF147lv0z3AiZYnk0O6Mj1ip3R8
|
||||
Qm5yiv57DbbgIMkSPWCpEtFGHIoK2msJ2bQcizh2WGxLos00RTx3IVAeSAS54+kr
|
||||
rMBg50wNczcGHKPDUKLwkYczgHonUtljAkeXnTl69rifChI+KpjHNtF6dFgC1aSt
|
||||
MOud6HhAcd0f3lmuPzCGGp4YOQx9tV139bkCDQRf7uX4ARAAxaybudQK4fMIzLiV
|
||||
grIzthhb3/DK83PNohTNMemM2V2z1Ij5Dlu2XNDypMdR0rKM/QI3zWud1+vd2h/l
|
||||
QZlg58FspvrY6I7hI+cbdRldVaAKDGQHo5Bi0a7BkonZvS/0wnNUPIhy/znzXtXR
|
||||
f4L7ePZMofH/2shz4TZ1yNpU8zaomY6eNjSc51P4vVxtDQ4QofQeJEn8aO9a4whu
|
||||
O0TVEAPKRYBRgjM8faDuUJtLfiC3OrhLg+B7JVSF3di4JITAyafPbZACLjV7Umxb
|
||||
SUL3qTJZVpIuhF0xQOCE+WRx3Xs7lkPdHMqP2OaJ8Y4ymR08cSfIP2XFKsQFtoqT
|
||||
VyMQgGgI6VXF8OfnCnGgx0Do1vJNoL0neFzVXpCPPzh1RbcrtndZWum/1R4egkYg
|
||||
J8TPQH5X391J58Uwd5l9/ZDdoSeeQYdtTR4YQ8//ATFO3hoSRvES4U6ZwO8LM6di
|
||||
ra6pqb6j0liT+DdcBwE4C1bGJMJ6d93S5SfH3llDIMJo7uJDbKILFMES9rg7S6I8
|
||||
+SW75TjKUk4Y7L8R8qwURqEyuOOGfaQXirqvji4PdcGDBiIk2Oq69Ky6lmlJgyIH
|
||||
SZ7SO1JXk0yAJTXb+a6FJTLFxidkIZzu+LhLBn/MhAPjVyv3qCTQ7O0lu8Mfcqg5
|
||||
8hhJ6IE79PBHS3z8ok+mFK0iGrcAEQEAAYkEcgQYAQgAJhYhBH4ckayAMKWlnR76
|
||||
uXUPPIdyPkASBQJf7uX4AhsCBQkD60WAAkAJEHUPPIdyPkASwXQgBBkBCAAdFiEE
|
||||
JFV3TUL9/mucOD64/hACvFlwgR8FAl/u5fgACgkQ/hACvFlwgR+LoRAAgtIgaKb4
|
||||
ZY8qoAFZeph+Syg+mMKfPJkBuGUedJl6IxbHBSg2mhnCjJ0bmdqxsAXgtcSUqmtZ
|
||||
Yw9NyoGgiVjs+gu5sQp1Oxc2/keQXaVksTkoXwdnf+2iXyp1WPeeLGySHmzuwy9c
|
||||
eExt+h0mVmBgFls2wNdFGPbVfiT3PvFkwqsnta6HebDTN4pMzvG1IIGV7L5KRo1E
|
||||
dmkrt3lXQWmdgHl3JoNQ9v/Jgf4jo6gDw53YvJFKJcaOOAS3d4CzPWmcLzcy4mf0
|
||||
9YI3DoQCbYL3cRNelUwzUF2L6QyPCwonXemLCmfkBgsSVqvW4fq8qbEHGF2fK7x3
|
||||
d7bZEsUiGCt/tXOkDkNJ31T/mC35nxZfcj8AMPixO+BnAeKeYC37LbQD76jrw526
|
||||
tUXsAF+QON5DPeot+e8bIx9qSbvdqpXDkK4lGcRTuS2OVC8J9XfDTch4wm3Kd4P4
|
||||
lDdRAJWnLfVay0m05LGlekWdEzcjP8KDaICH9rEs6f9e1gy6mTEBnBW//41BxELT
|
||||
KxoTGlcX3yEhCmK36g5C/+d6b7Ji5arGGTCa96v/xG32KYc1zfn3TYkCx06pPUbz
|
||||
iAl2l0MTpGeqz2hJMOGA3JuxwlksJKqnPYy0hHKdVW4Pnn25NeXcBp8wpkt8VZOR
|
||||
bzjw/TJB7qvJHoRo1tat85Uij9rAXqTyO8Ea0hAAi/EfuiDDy3GV7bvjFSA1XEjL
|
||||
d+F40g2X0QG/PHTScYB4rFJwV0GFUxLHr4g7iypAVI+BB4EYikx8gpee6B0g3J+r
|
||||
aCFDDrRPDKdqrpZK53oYcBPkdSBbCr5MAa/M3DerKBEgoBVUbaSHWN7OH2ae+5R6
|
||||
X2ERmYZdW4PCj6lw7a+RhkAsgKo8RjonjV61ehQPZh20noI19Q80BYYSCfHHvzy5
|
||||
vwvByhmTMJNrl3PDpBy9/TwBR5DpnHfOPJX6bnl3pdu65F2TRM6yoFbfoUiEqrXV
|
||||
4wC1I++N9VjrQvXSp0ik/XaMWq87wLIg+1owElJIzwyZWukQkZMAYtesVFz20YwC
|
||||
7Nu8SNr/NTSCH1EqLsS4YhBTsjpc2T8AqUlgxKrilmLbrj64PXgMsQ9WYm5zwlC5
|
||||
UA5eky5YhETFJ25dIaplMm47aIbPSH5f9y5eYPkfOCoMu5oDzDzoXdH9V1YfsHqa
|
||||
8bboSgTdariC23x38E9PaWQNyY2MFKL6cFt2ilIsMSSD6JAm1x8kBtn1bBopG588
|
||||
7mTDtlqHCw/QrTuLreJG9KJ1dQFJ/Q42+csH09l081wlv4BBuVlN1Xmj+c2sWn90
|
||||
l1BPZfYHd9jhggI96yTZhfTfFbSMSuGPQyqHnwDYdA3cNj5BYievBkO5FZaCe9SZ
|
||||
4xcYgqlVpv15O7VrD+I=
|
||||
=Uugw
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
33
SOURCES/generate-rndc-key.sh
Executable file
33
SOURCES/generate-rndc-key.sh
Executable file
@ -0,0 +1,33 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ -r /etc/rc.d/init.d/functions ]; then
|
||||
. /etc/rc.d/init.d/functions
|
||||
else
|
||||
success() {
|
||||
echo $" OK "
|
||||
}
|
||||
|
||||
failure() {
|
||||
echo -n " "
|
||||
echo $"FAILED"
|
||||
}
|
||||
fi
|
||||
|
||||
# This script generates /etc/rndc.key if doesn't exist AND if there is no rndc.conf
|
||||
|
||||
if [ ! -s /etc/rndc.key -a ! -s /etc/rndc.conf ]; then
|
||||
echo -n $"Generating /etc/rndc.key:"
|
||||
if /usr/sbin/rndc-confgen -a -A hmac-sha256 > /dev/null 2>&1
|
||||
then
|
||||
chmod 640 /etc/rndc.key
|
||||
chown root:named /etc/rndc.key
|
||||
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key
|
||||
success $"/etc/rndc.key generation"
|
||||
echo
|
||||
else
|
||||
rc=$?
|
||||
failure $"/etc/rndc.key generation"
|
||||
echo
|
||||
exit $rc
|
||||
fi
|
||||
fi
|
12
SOURCES/named-chroot-setup.service
Normal file
12
SOURCES/named-chroot-setup.service
Normal file
@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description=Set-up/destroy chroot environment for named (DNS)
|
||||
BindsTo=named-chroot.service
|
||||
Wants=named-setup-rndc.service
|
||||
After=named-setup-rndc.service
|
||||
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart=/usr/libexec/setup-named-chroot.sh /var/named/chroot on /etc/named-chroot.files
|
||||
ExecStop=/usr/libexec/setup-named-chroot.sh /var/named/chroot off /etc/named-chroot.files
|
27
SOURCES/named-chroot.files
Normal file
27
SOURCES/named-chroot.files
Normal file
@ -0,0 +1,27 @@
|
||||
# Configuration of files used in chroot
|
||||
# Following files are made available after named-chroot.service start
|
||||
# if they are missing or empty in target directory.
|
||||
/etc/localtime
|
||||
/etc/named.root.key
|
||||
/etc/named.conf
|
||||
/etc/named.rfc1912.zones
|
||||
/etc/rndc.conf
|
||||
/etc/rndc.key
|
||||
/etc/named.iscdlv.key
|
||||
/etc/crypto-policies/back-ends/bind.config
|
||||
/etc/protocols
|
||||
/etc/services
|
||||
/etc/named.dnssec.keys
|
||||
/etc/pki/dnssec-keys
|
||||
/etc/named
|
||||
/usr/lib64/bind
|
||||
/usr/lib/bind
|
||||
/usr/lib64/named
|
||||
/usr/lib/named
|
||||
/usr/share/GeoIP
|
||||
/run/named
|
||||
/proc/sys/net/ipv4/ip_local_port_range
|
||||
# Warning: the order is important
|
||||
# If a directory containing $ROOTDIR is listed here,
|
||||
# it MUST be listed last. (/var/named contains /var/named/chroot)
|
||||
/var/named
|
30
SOURCES/named-chroot.service
Normal file
30
SOURCES/named-chroot.service
Normal file
@ -0,0 +1,30 @@
|
||||
# Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log"
|
||||
# line to your /etc/rsyslog.conf file. Otherwise your logging becomes
|
||||
# broken when rsyslogd daemon is restarted (due update, for example).
|
||||
|
||||
[Unit]
|
||||
Description=Berkeley Internet Name Domain (DNS)
|
||||
Wants=nss-lookup.target
|
||||
Requires=named-chroot-setup.service
|
||||
Before=nss-lookup.target
|
||||
After=named-chroot-setup.service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
Environment=NAMEDCONF=/etc/named.conf
|
||||
EnvironmentFile=-/etc/sysconfig/named
|
||||
Environment=KRB5_KTNAME=/etc/named.keytab
|
||||
PIDFile=/var/named/chroot/run/named/named.pid
|
||||
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS
|
||||
|
||||
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
|
||||
|
||||
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
|
||||
|
||||
PrivateTmp=false
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
26
SOURCES/named-pkcs11.service
Normal file
26
SOURCES/named-pkcs11.service
Normal file
@ -0,0 +1,26 @@
|
||||
[Unit]
|
||||
Description=Berkeley Internet Name Domain (DNS) with native PKCS#11
|
||||
Wants=nss-lookup.target
|
||||
Wants=named-setup-rndc.service
|
||||
Before=nss-lookup.target
|
||||
After=network.target
|
||||
After=named-setup-rndc.service
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
Environment=NAMEDCONF=/etc/named.conf
|
||||
EnvironmentFile=-/etc/sysconfig/named
|
||||
Environment=KRB5_KTNAME=/etc/named.keytab
|
||||
PIDFile=/run/named/named.pid
|
||||
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStart=/usr/sbin/named-pkcs11 -u named -c ${NAMEDCONF} $OPTIONS
|
||||
|
||||
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
|
||||
|
||||
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
|
||||
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
7
SOURCES/named-setup-rndc.service
Normal file
7
SOURCES/named-setup-rndc.service
Normal file
@ -0,0 +1,7 @@
|
||||
[Unit]
|
||||
Description=Generate rndc key for BIND (DNS)
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
|
||||
ExecStart=/usr/libexec/generate-rndc-key.sh
|
59
SOURCES/named.conf
Normal file
59
SOURCES/named.conf
Normal file
@ -0,0 +1,59 @@
|
||||
//
|
||||
// named.conf
|
||||
//
|
||||
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
|
||||
// server as a caching only nameserver (as a localhost DNS resolver only).
|
||||
//
|
||||
// See /usr/share/doc/bind*/sample/ for example named configuration files.
|
||||
//
|
||||
|
||||
options {
|
||||
listen-on port 53 { 127.0.0.1; };
|
||||
listen-on-v6 port 53 { ::1; };
|
||||
directory "/var/named";
|
||||
dump-file "/var/named/data/cache_dump.db";
|
||||
statistics-file "/var/named/data/named_stats.txt";
|
||||
memstatistics-file "/var/named/data/named_mem_stats.txt";
|
||||
secroots-file "/var/named/data/named.secroots";
|
||||
recursing-file "/var/named/data/named.recursing";
|
||||
allow-query { localhost; };
|
||||
|
||||
/*
|
||||
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
|
||||
- If you are building a RECURSIVE (caching) DNS server, you need to enable
|
||||
recursion.
|
||||
- If your recursive DNS server has a public IP address, you MUST enable access
|
||||
control to limit queries to your legitimate users. Failing to do so will
|
||||
cause your server to become part of large scale DNS amplification
|
||||
attacks. Implementing BCP38 within your network would greatly
|
||||
reduce such attack surface
|
||||
*/
|
||||
recursion yes;
|
||||
|
||||
dnssec-validation yes;
|
||||
|
||||
managed-keys-directory "/var/named/dynamic";
|
||||
geoip-directory "/usr/share/GeoIP";
|
||||
|
||||
pid-file "/run/named/named.pid";
|
||||
session-keyfile "/run/named/session.key";
|
||||
|
||||
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
|
||||
include "/etc/crypto-policies/back-ends/bind.config";
|
||||
};
|
||||
|
||||
logging {
|
||||
channel default_debug {
|
||||
file "data/named.run";
|
||||
severity dynamic;
|
||||
};
|
||||
};
|
||||
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "named.ca";
|
||||
};
|
||||
|
||||
include "/etc/named.rfc1912.zones";
|
||||
include "/etc/named.root.key";
|
||||
|
243
SOURCES/named.conf.sample
Normal file
243
SOURCES/named.conf.sample
Normal file
@ -0,0 +1,243 @@
|
||||
/*
|
||||
Sample named.conf BIND DNS server 'named' configuration file
|
||||
for the Red Hat BIND distribution.
|
||||
|
||||
See the BIND Administrator's Reference Manual (ARM) for details, in:
|
||||
file:///usr/share/doc/bind-{version}/arm/Bv9ARM.html
|
||||
Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
|
||||
its manual.
|
||||
*/
|
||||
|
||||
options
|
||||
{
|
||||
// Put files that named is allowed to write in the data/ directory:
|
||||
directory "/var/named"; // "Working" directory
|
||||
dump-file "data/cache_dump.db";
|
||||
statistics-file "data/named_stats.txt";
|
||||
memstatistics-file "data/named_mem_stats.txt";
|
||||
secroots-file "data/named.secroots";
|
||||
recursing-file "data/named.recursing";
|
||||
|
||||
|
||||
/*
|
||||
Specify listenning interfaces. You can use list of addresses (';' is
|
||||
delimiter) or keywords "any"/"none"
|
||||
*/
|
||||
//listen-on port 53 { any; };
|
||||
listen-on port 53 { 127.0.0.1; };
|
||||
|
||||
//listen-on-v6 port 53 { any; };
|
||||
listen-on-v6 port 53 { ::1; };
|
||||
|
||||
/*
|
||||
Access restrictions
|
||||
|
||||
There are two important options:
|
||||
allow-query { argument; };
|
||||
- allow queries for authoritative data
|
||||
|
||||
allow-query-cache { argument; };
|
||||
- allow queries for non-authoritative data (mostly cached data)
|
||||
|
||||
You can use address, network address or keywords "any"/"localhost"/"none" as argument
|
||||
Examples:
|
||||
allow-query { localhost; 10.0.0.1; 192.168.1.0/8; };
|
||||
allow-query-cache { ::1; fe80::5c63:a8ff:fe2f:4526; 10.0.0.1; };
|
||||
*/
|
||||
|
||||
allow-query { localhost; };
|
||||
allow-query-cache { localhost; };
|
||||
|
||||
/* Enable/disable recursion - recursion yes/no;
|
||||
|
||||
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
|
||||
- If you are building a RECURSIVE (caching) DNS server, you need to enable
|
||||
recursion.
|
||||
- If your recursive DNS server has a public IP address, you MUST enable access
|
||||
control to limit queries to your legitimate users. Failing to do so will
|
||||
cause your server to become part of large scale DNS amplification
|
||||
attacks. Implementing BCP38 within your network would greatly
|
||||
reduce such attack surface
|
||||
*/
|
||||
recursion yes;
|
||||
|
||||
/* DNSSEC related options. See information about keys ("Trusted keys", bellow) */
|
||||
|
||||
/* Enable DNSSEC validation on recursive servers */
|
||||
dnssec-validation yes;
|
||||
|
||||
/* In Fedora we use /run/named instead of default /var/run/named
|
||||
so we have to configure paths properly. */
|
||||
pid-file "/run/named/named.pid";
|
||||
session-keyfile "/run/named/session.key";
|
||||
|
||||
managed-keys-directory "/var/named/dynamic";
|
||||
|
||||
/* In Fedora we use system-wide Crypto Policy */
|
||||
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
|
||||
include "/etc/crypto-policies/back-ends/bind.config";
|
||||
};
|
||||
|
||||
logging
|
||||
{
|
||||
/* If you want to enable debugging, eg. using the 'rndc trace' command,
|
||||
* named will try to write the 'named.run' file in the $directory (/var/named).
|
||||
* By default, SELinux policy does not allow named to modify the /var/named directory,
|
||||
* so put the default debug log file in data/ :
|
||||
*/
|
||||
channel default_debug {
|
||||
file "data/named.run";
|
||||
severity dynamic;
|
||||
};
|
||||
};
|
||||
|
||||
/*
|
||||
Views let a name server answer a DNS query differently depending on who is asking.
|
||||
|
||||
By default, if named.conf contains no "view" clauses, all zones are in the
|
||||
"default" view, which matches all clients.
|
||||
|
||||
Views are processed sequentially. The first match is used so the last view should
|
||||
match "any" - it's fallback and the most restricted view.
|
||||
|
||||
If named.conf contains any "view" clause, then all zones MUST be in a view.
|
||||
*/
|
||||
|
||||
view "localhost_resolver"
|
||||
{
|
||||
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
|
||||
* If all you want is a caching-only nameserver, then you need only define this view:
|
||||
*/
|
||||
match-clients { localhost; };
|
||||
recursion yes;
|
||||
|
||||
# all views must contain the root hints zone:
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "/var/named/named.ca";
|
||||
};
|
||||
|
||||
/* these are zones that contain definitions for all the localhost
|
||||
* names and addresses, as recommended in RFC1912 - these names should
|
||||
* not leak to the other nameservers:
|
||||
*/
|
||||
include "/etc/named.rfc1912.zones";
|
||||
};
|
||||
view "internal"
|
||||
{
|
||||
/* This view will contain zones you want to serve only to "internal" clients
|
||||
that connect via your directly attached LAN interfaces - "localnets" .
|
||||
*/
|
||||
match-clients { localnets; };
|
||||
recursion yes;
|
||||
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "/var/named/named.ca";
|
||||
};
|
||||
|
||||
/* these are zones that contain definitions for all the localhost
|
||||
* names and addresses, as recommended in RFC1912 - these names should
|
||||
* not leak to the other nameservers:
|
||||
*/
|
||||
include "/etc/named.rfc1912.zones";
|
||||
|
||||
// These are your "authoritative" internal zones, and would probably
|
||||
// also be included in the "localhost_resolver" view above :
|
||||
|
||||
/*
|
||||
NOTE for dynamic DNS zones and secondary zones:
|
||||
|
||||
DO NOT USE SAME FILES IN MULTIPLE VIEWS!
|
||||
|
||||
If you are using views and DDNS/secondary zones it is strongly
|
||||
recommended to read FAQ on ISC site (www.isc.org), section
|
||||
"Configuration and Setup Questions", questions
|
||||
"How do I share a dynamic zone between multiple views?" and
|
||||
"How can I make a server a slave for both an internal and an external
|
||||
view at the same time?"
|
||||
*/
|
||||
|
||||
zone "my.internal.zone" {
|
||||
type master;
|
||||
file "my.internal.zone.db";
|
||||
};
|
||||
zone "my.slave.internal.zone" {
|
||||
type slave;
|
||||
file "slaves/my.slave.internal.zone.db";
|
||||
masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
|
||||
// put slave zones in the slaves/ directory so named can update them
|
||||
};
|
||||
zone "my.ddns.internal.zone" {
|
||||
type master;
|
||||
allow-update { key ddns_key; };
|
||||
file "dynamic/my.ddns.internal.zone.db";
|
||||
// put dynamically updateable zones in the slaves/ directory so named can update them
|
||||
};
|
||||
};
|
||||
|
||||
key ddns_key
|
||||
{
|
||||
algorithm hmac-sha256;
|
||||
secret "use /usr/sbin/ddns-confgen to generate TSIG keys";
|
||||
};
|
||||
|
||||
view "external"
|
||||
{
|
||||
/* This view will contain zones you want to serve only to "external" clients
|
||||
* that have addresses that are not match any above view:
|
||||
*/
|
||||
match-clients { any; };
|
||||
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "/var/named/named.ca";
|
||||
};
|
||||
|
||||
recursion no;
|
||||
// you'd probably want to deny recursion to external clients, so you don't
|
||||
// end up providing free DNS service to all takers
|
||||
|
||||
// These are your "authoritative" external zones, and would probably
|
||||
// contain entries for just your web and mail servers:
|
||||
|
||||
zone "my.external.zone" {
|
||||
type master;
|
||||
file "my.external.zone.db";
|
||||
};
|
||||
};
|
||||
|
||||
/* Trusted keys
|
||||
|
||||
This statement contains DNSSEC keys. If you want DNSSEC aware resolver you
|
||||
should configure at least one trusted key.
|
||||
|
||||
Note that no key written below is valid. Especially root key because root zone
|
||||
is not signed yet.
|
||||
*/
|
||||
/*
|
||||
trust-anchors {
|
||||
// Root Key
|
||||
. initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
|
||||
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
|
||||
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
|
||||
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
|
||||
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
|
||||
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
|
||||
R1AkUTV74bU=";
|
||||
|
||||
// Key for forward zone
|
||||
example.com. static-key 257 3 8 "AwEAAZ0aqu1rJ6orJynrRfNpPmayJZoAx9Ic2/Rl9VQW
|
||||
LMHyjxxem3VUSoNUIFXERQbj0A9Ogp0zDM9YIccKLRd6
|
||||
LmWiDCt7UJQxVdD+heb5Ec4qlqGmyX9MDabkvX2NvMws
|
||||
UecbYBq8oXeTT9LRmCUt9KUt/WOi6DKECxoG/bWTykrX
|
||||
yBR8elD+SQY43OAVjlWrVltHxgp4/rhBCvRbmdflunaP
|
||||
Igu27eE2U4myDSLT8a4A0rB5uHG4PkOa9dIRs9y00M2m
|
||||
Wf4lyPee7vi5few2dbayHXmieGcaAHrx76NGAABeY393
|
||||
xjlmDNcUkF1gpNWUla4fWZbbaYQzA93mLdrng+M=";
|
||||
|
||||
|
||||
// Key for reverse zone.
|
||||
2.0.192.IN-ADDRPA.NET. initial-ds 31406 8 2 "F78CF3344F72137235098ECBBD08947C2C9001C7F6A085A17F518B5D8F6B916D";
|
||||
};
|
||||
*/
|
10
SOURCES/named.empty
Normal file
10
SOURCES/named.empty
Normal file
@ -0,0 +1,10 @@
|
||||
$TTL 3H
|
||||
@ IN SOA @ rname.invalid. (
|
||||
0 ; serial
|
||||
1D ; refresh
|
||||
1H ; retry
|
||||
1W ; expire
|
||||
3H ) ; minimum
|
||||
NS @
|
||||
A 127.0.0.1
|
||||
AAAA ::1
|
10
SOURCES/named.localhost
Normal file
10
SOURCES/named.localhost
Normal file
@ -0,0 +1,10 @@
|
||||
$TTL 1D
|
||||
@ IN SOA @ rname.invalid. (
|
||||
0 ; serial
|
||||
1D ; refresh
|
||||
1H ; retry
|
||||
1W ; expire
|
||||
3H ) ; minimum
|
||||
NS @
|
||||
A 127.0.0.1
|
||||
AAAA ::1
|
12
SOURCES/named.logrotate
Normal file
12
SOURCES/named.logrotate
Normal file
@ -0,0 +1,12 @@
|
||||
/var/named/data/named.run {
|
||||
missingok
|
||||
su named named
|
||||
create 0644 named named
|
||||
postrotate
|
||||
/usr/bin/systemctl reload named.service > /dev/null 2>&1 || true
|
||||
/usr/bin/systemctl reload named-chroot.service > /dev/null 2>&1 || true
|
||||
/usr/bin/systemctl reload named-sdb.service > /dev/null 2>&1 || true
|
||||
/usr/bin/systemctl reload named-sdb-chroot.service > /dev/null 2>&1 || true
|
||||
/usr/bin/systemctl reload named-pkcs11.service > /dev/null 2>&1 || true
|
||||
endscript
|
||||
}
|
11
SOURCES/named.loopback
Normal file
11
SOURCES/named.loopback
Normal file
@ -0,0 +1,11 @@
|
||||
$TTL 1D
|
||||
@ IN SOA @ rname.invalid. (
|
||||
0 ; serial
|
||||
1D ; refresh
|
||||
1H ; retry
|
||||
1W ; expire
|
||||
3H ) ; minimum
|
||||
NS @
|
||||
A 127.0.0.1
|
||||
AAAA ::1
|
||||
PTR localhost.
|
45
SOURCES/named.rfc1912.zones
Normal file
45
SOURCES/named.rfc1912.zones
Normal file
@ -0,0 +1,45 @@
|
||||
// named.rfc1912.zones:
|
||||
//
|
||||
// Provided by Red Hat caching-nameserver package
|
||||
//
|
||||
// ISC BIND named zone configuration for zones recommended by
|
||||
// RFC 1912 section 4.1 : localhost TLDs and address zones
|
||||
// and https://tools.ietf.org/html/rfc6303
|
||||
// (c)2007 R W Franks
|
||||
//
|
||||
// See /usr/share/doc/bind*/sample/ for example named configuration files.
|
||||
//
|
||||
// Note: empty-zones-enable yes; option is default.
|
||||
// If private ranges should be forwarded, add
|
||||
// disable-empty-zone "."; into options
|
||||
//
|
||||
|
||||
zone "localhost.localdomain" IN {
|
||||
type master;
|
||||
file "named.localhost";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
||||
zone "localhost" IN {
|
||||
type master;
|
||||
file "named.localhost";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
||||
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
|
||||
type master;
|
||||
file "named.loopback";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
||||
zone "1.0.0.127.in-addr.arpa" IN {
|
||||
type master;
|
||||
file "named.loopback";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
||||
zone "0.in-addr.arpa" IN {
|
||||
type master;
|
||||
file "named.empty";
|
||||
allow-update { none; };
|
||||
};
|
61
SOURCES/named.root
Normal file
61
SOURCES/named.root
Normal file
@ -0,0 +1,61 @@
|
||||
|
||||
; <<>> DiG 9.11.3-RedHat-9.11.3-3.fc27 <<>> +bufsize=1200 +norec @a.root-servers.net
|
||||
; (2 servers found)
|
||||
;; global options: +cmd
|
||||
;; Got answer:
|
||||
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46900
|
||||
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27
|
||||
|
||||
;; OPT PSEUDOSECTION:
|
||||
; EDNS: version: 0, flags:; udp: 1472
|
||||
;; QUESTION SECTION:
|
||||
;. IN NS
|
||||
|
||||
;; ANSWER SECTION:
|
||||
. 518400 IN NS a.root-servers.net.
|
||||
. 518400 IN NS b.root-servers.net.
|
||||
. 518400 IN NS c.root-servers.net.
|
||||
. 518400 IN NS d.root-servers.net.
|
||||
. 518400 IN NS e.root-servers.net.
|
||||
. 518400 IN NS f.root-servers.net.
|
||||
. 518400 IN NS g.root-servers.net.
|
||||
. 518400 IN NS h.root-servers.net.
|
||||
. 518400 IN NS i.root-servers.net.
|
||||
. 518400 IN NS j.root-servers.net.
|
||||
. 518400 IN NS k.root-servers.net.
|
||||
. 518400 IN NS l.root-servers.net.
|
||||
. 518400 IN NS m.root-servers.net.
|
||||
|
||||
;; ADDITIONAL SECTION:
|
||||
a.root-servers.net. 518400 IN A 198.41.0.4
|
||||
b.root-servers.net. 518400 IN A 199.9.14.201
|
||||
c.root-servers.net. 518400 IN A 192.33.4.12
|
||||
d.root-servers.net. 518400 IN A 199.7.91.13
|
||||
e.root-servers.net. 518400 IN A 192.203.230.10
|
||||
f.root-servers.net. 518400 IN A 192.5.5.241
|
||||
g.root-servers.net. 518400 IN A 192.112.36.4
|
||||
h.root-servers.net. 518400 IN A 198.97.190.53
|
||||
i.root-servers.net. 518400 IN A 192.36.148.17
|
||||
j.root-servers.net. 518400 IN A 192.58.128.30
|
||||
k.root-servers.net. 518400 IN A 193.0.14.129
|
||||
l.root-servers.net. 518400 IN A 199.7.83.42
|
||||
m.root-servers.net. 518400 IN A 202.12.27.33
|
||||
a.root-servers.net. 518400 IN AAAA 2001:503:ba3e::2:30
|
||||
b.root-servers.net. 518400 IN AAAA 2001:500:200::b
|
||||
c.root-servers.net. 518400 IN AAAA 2001:500:2::c
|
||||
d.root-servers.net. 518400 IN AAAA 2001:500:2d::d
|
||||
e.root-servers.net. 518400 IN AAAA 2001:500:a8::e
|
||||
f.root-servers.net. 518400 IN AAAA 2001:500:2f::f
|
||||
g.root-servers.net. 518400 IN AAAA 2001:500:12::d0d
|
||||
h.root-servers.net. 518400 IN AAAA 2001:500:1::53
|
||||
i.root-servers.net. 518400 IN AAAA 2001:7fe::53
|
||||
j.root-servers.net. 518400 IN AAAA 2001:503:c27::2:30
|
||||
k.root-servers.net. 518400 IN AAAA 2001:7fd::1
|
||||
l.root-servers.net. 518400 IN AAAA 2001:500:9f::42
|
||||
m.root-servers.net. 518400 IN AAAA 2001:dc3::35
|
||||
|
||||
;; Query time: 24 msec
|
||||
;; SERVER: 198.41.0.4#53(198.41.0.4)
|
||||
;; WHEN: Thu Apr 05 15:57:34 CEST 2018
|
||||
;; MSG SIZE rcvd: 811
|
||||
|
13
SOURCES/named.root.key
Normal file
13
SOURCES/named.root.key
Normal file
@ -0,0 +1,13 @@
|
||||
trust-anchors {
|
||||
# ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
|
||||
# for current trust anchor information.
|
||||
#
|
||||
# This key (20326) was published in the root zone in 2017.
|
||||
# Servers which were already using the old key (19036) should
|
||||
# roll seamlessly to this new one via RFC 5011 rollover. Servers
|
||||
# being set up for the first time can use the contents of this
|
||||
# file as initializing keys; thereafter, the keys in the
|
||||
# managed key database will be trusted and maintained
|
||||
# automatically.
|
||||
. initial-ds 20326 8 2 "E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D";
|
||||
};
|
6
SOURCES/named.rwtab
Normal file
6
SOURCES/named.rwtab
Normal file
@ -0,0 +1,6 @@
|
||||
dirs /var/named
|
||||
|
||||
files /var/named/named.ca
|
||||
files /var/named/named.empty
|
||||
files /var/named/named.localhost
|
||||
files /var/named/named.loopback
|
25
SOURCES/named.service
Normal file
25
SOURCES/named.service
Normal file
@ -0,0 +1,25 @@
|
||||
[Unit]
|
||||
Description=Berkeley Internet Name Domain (DNS)
|
||||
Wants=nss-lookup.target
|
||||
Wants=named-setup-rndc.service
|
||||
Before=nss-lookup.target
|
||||
After=named-setup-rndc.service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
Environment=NAMEDCONF=/etc/named.conf
|
||||
EnvironmentFile=-/etc/sysconfig/named
|
||||
Environment=KRB5_KTNAME=/etc/named.keytab
|
||||
PIDFile=/run/named/named.pid
|
||||
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS
|
||||
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
|
||||
|
||||
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
|
||||
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
17
SOURCES/named.sysconfig
Normal file
17
SOURCES/named.sysconfig
Normal file
@ -0,0 +1,17 @@
|
||||
# BIND named process options
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# OPTIONS="whatever" -- These additional options will be passed to named
|
||||
# at startup. Don't add -t here, enable proper
|
||||
# -chroot.service unit file.
|
||||
#
|
||||
# NAMEDCONF=/etc/named/alternate.conf
|
||||
# -- Don't use -c to change configuration file.
|
||||
# Extend systemd named.service instead or use this
|
||||
# variable.
|
||||
#
|
||||
# DISABLE_ZONE_CHECKING -- By default, service file calls named-checkzone
|
||||
# utility for every zone to ensure all zones are
|
||||
# valid before named starts. If you set this option
|
||||
# to 'yes' then service file doesn't perform those
|
||||
# checks.
|
117
SOURCES/setup-named-chroot.sh
Executable file
117
SOURCES/setup-named-chroot.sh
Executable file
@ -0,0 +1,117 @@
|
||||
#!/bin/bash
|
||||
|
||||
ROOTDIR="$1"
|
||||
CONFIG_FILES="${3:-/etc/named-chroot.files}"
|
||||
|
||||
usage()
|
||||
{
|
||||
echo
|
||||
echo 'This script setups chroot environment for BIND'
|
||||
echo 'Usage: setup-named-chroot.sh ROOTDIR <on|off> [chroot.files]'
|
||||
}
|
||||
|
||||
if ! [ "$#" -ge 2 -a "$#" -le 3 ]; then
|
||||
echo 'Wrong number of arguments'
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Exit if ROOTDIR doesn't exist
|
||||
if ! [ -d "$ROOTDIR" ]; then
|
||||
echo "Root directory $ROOTDIR doesn't exist"
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! [ -r "$CONFIG_FILES" ]; then
|
||||
echo "Files list $CONFIG_FILES doesn't exist" 2>&1
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
dev_create()
|
||||
{
|
||||
DEVNAME="$ROOTDIR/dev/$1"
|
||||
shift
|
||||
if ! [ -e "$DEVNAME" ]; then
|
||||
/bin/mknod -m 0664 "$DEVNAME" $@
|
||||
/bin/chgrp named "$DEVNAME"
|
||||
if [ -x /usr/sbin/selinuxenabled -a -x /sbin/restorecon ]; then
|
||||
/usr/sbin/selinuxenabled && /sbin/restorecon "$DEVNAME" > /dev/null || :
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
dev_chroot_prep()
|
||||
{
|
||||
dev_create random c 1 8
|
||||
dev_create urandom c 1 9
|
||||
dev_create zero c 1 5
|
||||
dev_create null c 1 3
|
||||
}
|
||||
|
||||
files_comment_filter()
|
||||
{
|
||||
if [ -d "$1" ]; then
|
||||
grep -v '^[[:space:]]*#' "$1"/*.files
|
||||
else
|
||||
grep -v '^[[:space:]]*#' "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
mount_chroot_conf()
|
||||
{
|
||||
if [ -n "$ROOTDIR" ]; then
|
||||
# Check devices are prepared
|
||||
dev_chroot_prep
|
||||
files_comment_filter "$CONFIG_FILES" | while read -r all; do
|
||||
# Skip nonexistant files
|
||||
[ -e "$all" ] || continue
|
||||
|
||||
# If mount source is a file
|
||||
if ! [ -d "$all" ]; then
|
||||
# mount it only if it is not present in chroot or it is empty
|
||||
if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then
|
||||
touch "$ROOTDIR$all"
|
||||
mount --bind "$all" "$ROOTDIR$all"
|
||||
fi
|
||||
else
|
||||
# Mount source is a directory. Mount it only if directory in chroot is
|
||||
# empty.
|
||||
if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
|
||||
mount --bind --make-private "$all" "$ROOTDIR$all"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
umount_chroot_conf()
|
||||
{
|
||||
if [ -n "$ROOTDIR" ]; then
|
||||
files_comment_filter "$CONFIG_FILES" | while read -r all; do
|
||||
# Check if file is mount target. Do not use /proc/mounts because detecting
|
||||
# of modified mounted files can fail.
|
||||
if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
|
||||
umount "$ROOTDIR$all"
|
||||
# Remove temporary created files
|
||||
[ -f "$all" ] && rm -f "$ROOTDIR$all"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
case "$2" in
|
||||
on)
|
||||
mount_chroot_conf
|
||||
;;
|
||||
off)
|
||||
umount_chroot_conf
|
||||
;;
|
||||
*)
|
||||
echo 'Second argument has to be "on" or "off"'
|
||||
usage
|
||||
exit 1
|
||||
esac
|
||||
|
||||
exit 0
|
124
SOURCES/setup-named-softhsm.sh
Executable file
124
SOURCES/setup-named-softhsm.sh
Executable file
@ -0,0 +1,124 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# This script will initialise token storage of softhsm PKCS11 provider
|
||||
# in custom location. Is useful to store tokens in non-standard location.
|
||||
#
|
||||
# Output can be evaluated from bash, it will prepare it for usage of temporary tokens.
|
||||
# Quotes around eval are mandatory!
|
||||
# Recommended use:
|
||||
# eval "$(bash setup-named-softhsm.sh -A)"
|
||||
#
|
||||
|
||||
SOFTHSM2_CONF="$1"
|
||||
TOKENPATH="$2"
|
||||
GROUPNAME="$3"
|
||||
# Do not use this script for real keys worth protection
|
||||
# This is intended for crypto accelerators using PKCS11 interface.
|
||||
# Uninitialized token would fail any crypto operation.
|
||||
PIN=1234
|
||||
SO_PIN=1234
|
||||
LABEL=rpm
|
||||
|
||||
set -e
|
||||
|
||||
echo_i()
|
||||
{
|
||||
echo "#" $@
|
||||
}
|
||||
|
||||
random()
|
||||
{
|
||||
if [ -x "$(which openssl 2>/dev/null)" ]; then
|
||||
openssl rand -base64 $1
|
||||
else
|
||||
dd if=/dev/urandom bs=1c count=$1 | base64
|
||||
fi
|
||||
}
|
||||
|
||||
usage()
|
||||
{
|
||||
echo "Usage: $0 -A [token directory] [group]"
|
||||
echo " or: $0 <config file> <token directory> [group]"
|
||||
}
|
||||
|
||||
if [ "$SOFTHSM2_CONF" = "-A" -a -z "$TOKENPATH" ]; then
|
||||
TOKENPATH=$(mktemp -d /var/tmp/softhsm-XXXXXX)
|
||||
fi
|
||||
|
||||
if [ -z "$SOFTHSM2_CONF" -o -z "$TOKENPATH" ]; then
|
||||
usage >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$SOFTHSM2_CONF" = "-A" ]; then
|
||||
# Automagic mode instead
|
||||
MODE=secure
|
||||
SOFTHSM2_CONF="$TOKENPATH/softhsm2.conf"
|
||||
PIN_SOURCE="$TOKENPATH/pin"
|
||||
SOPIN_SOURCE="$TOKENPATH/so-pin"
|
||||
TOKENPATH="$TOKENPATH/tokens"
|
||||
else
|
||||
MODE=legacy
|
||||
fi
|
||||
|
||||
[ -d "$TOKENPATH" ] || mkdir -p "$TOKENPATH"
|
||||
|
||||
umask 0022
|
||||
|
||||
if ! [ -f "$SOFTHSM2_CONF" ]; then
|
||||
cat << SED > "$SOFTHSM2_CONF"
|
||||
# SoftHSM v2 configuration file
|
||||
|
||||
directories.tokendir = ${TOKENPATH}
|
||||
objectstore.backend = file
|
||||
|
||||
# ERROR, WARNING, INFO, DEBUG
|
||||
log.level = ERROR
|
||||
|
||||
# If CKF_REMOVABLE_DEVICE flag should be set
|
||||
slots.removable = false
|
||||
SED
|
||||
else
|
||||
echo_i "Config file $SOFTHSM2_CONF already exists" >&2
|
||||
fi
|
||||
|
||||
if [ -n "$PIN_SOURCE" ]; then
|
||||
touch "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
chmod 0600 "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
if [ -n "$GROUPNAME" ]; then
|
||||
chgrp "$GROUPNAME" "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
chmod g+r "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
fi
|
||||
fi
|
||||
|
||||
export SOFTHSM2_CONF
|
||||
|
||||
if softhsm2-util --show-slots | grep 'Initialized:[[:space:]]*yes' > /dev/null
|
||||
then
|
||||
echo_i "Token in ${TOKENPATH} is already initialized" >&2
|
||||
|
||||
[ -f "$PIN_SOURCE" ] && PIN=$(cat "$PIN_SOURCE")
|
||||
[ -f "$SOPIN_SOURCE" ] && SO_PIN=$(cat "$SOPIN_SOURCE")
|
||||
else
|
||||
PIN=$(random 6)
|
||||
SO_PIN=$(random 18)
|
||||
if [ -n "$PIN_SOURCE" ]; then
|
||||
echo -n "$PIN" > "$PIN_SOURCE"
|
||||
echo -n "$SO_PIN" > "$SOPIN_SOURCE"
|
||||
fi
|
||||
|
||||
echo_i "Initializing tokens to ${TOKENPATH}..."
|
||||
softhsm2-util --init-token --free --label "$LABEL" --pin "$PIN" --so-pin "$SO_PIN" | sed -e 's/^/# /'
|
||||
|
||||
if [ -n "$GROUPNAME" ]; then
|
||||
chgrp -R -- "$GROUPNAME" "$TOKENPATH"
|
||||
chmod -R -- g=rX,o= "$TOKENPATH"
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "export SOFTHSM2_CONF=\"$SOFTHSM2_CONF\""
|
||||
echo "export PIN_SOURCE=\"$PIN_SOURCE\""
|
||||
echo "export SOPIN_SOURCE=\"$SOPIN_SOURCE\""
|
||||
# These are intentionaly not exported
|
||||
echo "PIN=\"$PIN\""
|
||||
echo "SO_PIN=\"$SO_PIN\""
|
1
SOURCES/trusted-key.key
Normal file
1
SOURCES/trusted-key.key
Normal file
@ -0,0 +1 @@
|
||||
. 3600 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
|
3979
SPECS/bind9.16.spec
Normal file
3979
SPECS/bind9.16.spec
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user