Fedora bind import

Import commit 91d60335005d38c4fa34b1cc3c835a0ec15983ed
This commit is contained in:
Petr Menšík 2024-06-10 15:42:57 +02:00
parent 47e32c28b7
commit ec071137db
42 changed files with 6624 additions and 0 deletions

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

224
.gitignore vendored
View File

@ -0,0 +1,224 @@
bind-9.7.1-P2.tar.gz
config-8.tar.bz2
bind-9.7.2b1.tar.gz
/config-8.tar.bz2
/bind-9.7.2rc1.tar.gz
/bind-9.7.2.tar.gz
/bind-9.7.2-P2.tar.gz
/bind-9.7.2-P3.tar.gz
/bind-9.7.3b1.tar.gz
/bind-9.7.3rc1.tar.gz
/bind-9.7.3.tar.gz
/bind-9.8.0rc1.tar.gz
/bind-9.8.0.tar.gz
/bind-9.8.0-P1.tar.gz
/bind-9.8.0-P2.tar.gz
/bind-9.8.0-P4.tar.gz
/bind-9.8.1rc1.tar.gz
/bind-9.8.1.tar.gz
/bind-9.9.0b1.tar.gz
/bind-9.9.0b2.tar.gz
/bind-9.9.0rc1.tar.gz
/bind-9.9.0rc2.tar.gz
/bind-9.9.0.tar.gz
/bind-9.9.1.tar.gz
/bind-9.9.1-P1.tar.gz
/bind-9.9.1-P2.tar.gz
/bind-9.9.1-P3.tar.gz
/bind-9.9.2.tar.gz
/bind-9.9.2-P1.tar.gz
/config-9.tar.bz2
/config-10.tar.bz2
/bind-9.9.2-P2.tar.gz
/bind-9.9.3rc1.tar.gz
/config-11.tar.bz2
/bind-9.9.3rc2.tar.gz
/bind-9.9.3.tar.gz
/bind-9.9.3-P1.tar.gz
/bind-9.9.4b1.tar.gz
/bind-9.9.4rc1.tar.gz
/bind-9.9.4rc2.tar.gz
/bind-9.9.4.tar.gz
/config-12.tar.bz2
/bind-9.9.5b1.tar.gz
/bind-9.9.5rc2.tar.gz
/bind-9.9.5.tar.gz
/bind-9.9.5-P1.tar.gz
/bind-9.9.6.tar.gz
/bind-9.9.6-P1.tar.gz
/bind-9.10.1b2.tar.gz
/bind-9.10.1.tar.gz
/bind-9.10.1-P1.tar.gz
/bind-9.10.2rc1.tar.gz
/bind-9.10.2rc2.tar.gz
/bind-9.10.2.tar.gz
/config-13.tar.bz2
/config-14.tar.bz2
/bind-9.10.2-P1.tar.gz
/bind-9.10.2-P2.tar.gz
/bind-9.10.2-P3.tar.gz
/bind-9.10.3rc1.tar.gz
/bind-9.10.3.tar.gz
/bind-9.10.3-P2.tar.gz
/config-15.tar.bz2
/bind-9.10.3-P3.tar.gz
/bind-9.10.3-P4.tar.gz
/bind-9.10.4-P1.tar.gz
/bind-9.10.4-P2.tar.gz
/bind-9.10.4-P3.tar.gz
/bind-9.10.4-P4.tar.gz
/bind-9.11.0-P1.tar.gz
/bind-9.11.0-P2.tar.gz
/bind-9.11.0-P3.tar.gz
/bind-9.11.0-P5.tar.gz
/config-16.tar.bz2
/bind-9.11.1-P1.tar.gz
/bind-9.11.1-P2.tar.gz
/bind-9.11.1-P3.tar.gz
/bind-9.11.2b1.tar.gz
/bind-9.11.2.tar.gz
/config-17.tar.bz2
/bind-9.11.2-P1.tar.gz
/bind-9.11.3b1.tar.gz
/bind-9.11.3.tar.gz
/config-18.tar.bz2
/bind-9.11.4rc1.tar.gz
/bind-9.11.4.tar.gz
/bind-9.11.4-P1.tar.gz
/bind-9.11.4-P2.tar.gz
/bind-9.11.5.tar.gz
/bind-9.11.5-P1.tar.gz
/config-19.tar.bz2
/bind-9.11.5-P4.tar.gz
/bind-9.11.6.tar.gz
/bind-9.11.6-P1.tar.gz
/bind-9.11.7.tar.gz
/bind-9.11.8.tar.gz
/bind-9.11.9.tar.gz
/bind-9.11.10.tar.gz
/bind-9.11.11.tar.gz
/bind-9.11.12.tar.gz
/bind-9.11.13.tar.gz
/bind-9.11.13.tar.gz.asc
/bind-9.11.14.tar.gz
/bind-9.11.14.tar.gz.asc
/bind-9.11.17.tar.gz
/bind-9.11.17.tar.gz.asc
/bind-9.11.18.tar.gz
/bind-9.11.18.tar.gz.asc
/bind-9.11.19.tar.gz
/bind-9.11.19.tar.gz.asc
/bind-9.11.20.tar.gz
/bind-9.11.20.tar.gz.asc
/bind-9.11.21.tar.gz
/bind-9.11.21.tar.gz.asc
/bind-9.11.22.tar.gz
/bind-9.11.22.tar.gz.asc
/bind-9.11.23.tar.gz
/bind-9.11.23.tar.gz.asc
/bind-9.11.24.tar.gz
/bind-9.11.24.tar.gz.asc
/bind-9.11.25.tar.gz
/bind-9.11.25.tar.gz.asc
/bind-9.11.26.tar.gz
/bind-9.11.26.tar.gz.asc
/bind-9.16.1.tar.xz
/bind-9.16.1.tar.xz.asc
/bind-9.16.2.tar.xz
/bind-9.16.2.tar.xz.asc
/bind-9.16.4.tar.xz
/bind-9.16.4.tar.xz.asc
/bind-9.16.5.tar.xz
/bind-9.16.5.tar.xz.asc
/bind-9.16.6.tar.xz
/bind-9.16.6.tar.xz.asc
/bind-9.16.7.tar.xz
/bind-9.16.7.tar.xz.asc
/bind-9.16.8.tar.xz
/bind-9.16.8.tar.xz.asc
/bind-9.16.9.tar.xz
/bind-9.16.9.tar.xz.asc
/bind-9.16.10.tar.xz
/bind-9.16.10.tar.xz.asc
/bind-9.16.11.tar.xz
/bind-9.16.11.tar.xz.asc
/bind-9.16.13.tar.xz
/bind-9.16.13.tar.xz.asc
/bind-9.16.15.tar.xz
/bind-9.16.15.tar.xz.asc
/bind-9.16.16.tar.xz
/bind-9.16.16.tar.xz.asc
/bind-9.16.17.tar.xz
/bind-9.16.17.tar.xz.asc
/bind-9.16.18.tar.xz
/bind-9.16.18.tar.xz.asc
/bind-9.16.19.tar.xz
/bind-9.16.19.tar.xz.asc
/bind-9.16.20.tar.xz
/bind-9.16.20.tar.xz.asc
/bind-9.16.21.tar.xz
/bind-9.16.21.tar.xz.asc
/bind-9.16.22.tar.xz
/bind-9.16.22.tar.xz.asc
/bind-9.16.23.tar.xz
/bind-9.16.23.tar.xz.asc
/bind-9.16.24.tar.xz
/bind-9.16.24.tar.xz.asc
/bind-9.16.25.tar.xz
/bind-9.16.25.tar.xz.asc
/bind-9.16.26.tar.xz
/bind-9.16.26.tar.xz.asc
/bind-9.16.27.tar.xz
/bind-9.16.27.tar.xz.asc
/bind-9.16.28.tar.xz
/bind-9.16.28.tar.xz.asc
/bind-9.16.29.tar.xz
/bind-9.16.29.tar.xz.asc
/bind-9.16.30.tar.xz
/bind-9.16.30.tar.xz.asc
/bind-9.18.0.tar.xz
/bind-9.18.0.tar.xz.asc
/bind-9.18.1.tar.xz
/bind-9.18.1.tar.xz.asc
/bind-9.18.2.tar.xz
/bind-9.18.2.tar.xz.asc
/bind-9.18.3.tar.xz
/bind-9.18.3.tar.xz.asc
/bind-9.18.4.tar.xz
/bind-9.18.4.tar.xz.asc
/bind-9.18.5.tar.xz
/bind-9.18.5.tar.xz.asc
/bind-9.18.6.tar.xz
/bind-9.18.6.tar.xz.asc
/bind-9.18.7.tar.xz
/bind-9.18.7.tar.xz.asc
/bind-9.18.8.tar.xz
/bind-9.18.8.tar.xz.asc
/bind-9.18.9.tar.xz
/bind-9.18.9.tar.xz.asc
/bind-9.18.10.tar.xz
/bind-9.18.10.tar.xz.asc
/bind-9.18.11.tar.xz
/bind-9.18.11.tar.xz.asc
/bind-9.18.12.tar.xz
/bind-9.18.12.tar.xz.asc
/bind-9.18.13.tar.xz
/bind-9.18.13.tar.xz.asc
/bind-9.18.14.tar.xz
/bind-9.18.14.tar.xz.asc
/bind-9.18.15.tar.xz
/bind-9.18.15.tar.xz.asc
/bind-9.18.16.tar.xz
/bind-9.18.16.tar.xz.asc
/bind-9.18.17.tar.xz
/bind-9.18.17.tar.xz.asc
/bind-9.18.18.tar.xz
/bind-9.18.18.tar.xz.asc
/bind-9.18.19.tar.xz
/bind-9.18.19.tar.xz.asc
/bind-9.18.20.tar.xz
/bind-9.18.20.tar.xz.asc
/bind-9.18.21.tar.xz
/bind-9.18.21.tar.xz.asc
/bind-9.18.24.tar.xz
/bind-9.18.24.tar.xz.asc

43
Changes.md Normal file
View File

@ -0,0 +1,43 @@
# Significant Changes in BIND9 package
## BIND 9.16
### New features
- *libuv* is used for network subsystem as a mandatory dependency
- *dnssec-policy* support in named.conf is introduced, providing a a key and signing policy
([KASP](https://gitlab.isc.org/isc-projects/bind9/-/wikis/DNSSEC-Key-and-Signing-Policy-(KASP)))
- *trusted-keys* and *managed-keys* are deprecated, replaced by *trust-anchors*
- *trust-anchors* support also anchor in a *DS* format, in addition to *DNSKEY* format
- **dig, mdig** and **delv** support **+yaml** parameter to print detailed machine parseable output
### Feature changes
- Static trust anchor and *dnssec-validation auto;* are incompatible and cause fatal error, when used together.
- *DS* and *CDS* now generates only SHA-256 digest, SHA-1 is no longer generated by default
- SipHash 2-4 DNS Cookie ([RFC 7873](https://www.rfc-editor.org/rfc/rfc7873.html) is now default).
Only AES alternative algorithm is kept, HMAC-SHA cookie support were removed.
- **dnssec-signzone** and **dnssec-verify** commands print output to stdout, *-q* parameter can silence them
### Features removed
- *dnssec-enable* option is obsolete, DNSSEC support is always enabled
- *dnssec-lookaside* option is deprecated and support for it removed from all tools
- *cleaning-interval* option is removed
### Upstream release notes
- [9.16.10 notes](https://downloads.isc.org/isc/bind9/9.16.10/doc/arm/html/notes.html#notes-for-bind-9-16-10)
- [9.16.0 notes](https://downloads.isc.org/isc/bind9/9.16.0/doc/arm/html/notes.html#notes-for-bind-9-16-0)
## BIND 9.14
- single thread support removed. Cannot provide *bind-export-libs* for DHCP
- *lwres* support completely removed. Both daemon and library
- common parts of daemon moved into *libns* shared library
- introduced plugin for filtering aaaa responses
- some SDB utilities no longer supported
### Upstream release notes
- [9.14.7 notes](https://downloads.isc.org/isc/bind9/9.14.7/RELEASE-NOTES-bind-9.14.7.html)

33
README.md Normal file
View File

@ -0,0 +1,33 @@
# BIND 9
[BIND (Berkeley Internet Name Domain)](https://www.isc.org/downloads/bind/doc/) is a complete, highly portable
implementation of the DNS (Domain Name System) protocol.
Internet Systems Consortium
([https://www.isc.org](https://www.isc.org)), a 501(c)(3) public benefit
corporation dedicated to providing software and services in support of the
Internet infrastructure, developed BIND 9 and is responsible for its
ongoing maintenance and improvement.
More details about upstream project can be found on their
[gitlab](https://gitlab.isc.org/isc-projects/bind9). This repository contains
only upstream sources and packaging instructions for
[Fedora Project](https://fedoraproject.org).
## Subpackages
The package contains several subpackages, some of them can be disabled on rebuild.
* **bind** -- *named* daemon providing DNS server
* **bind-utils** -- set of tools to analyse DNS responses or update entries (dig, host)
* **bind-doc** -- documentation for current bind, *BIND 9 Administrator Reference Manual*.
* **bind-license** -- Shared license for all packages but bind-export-libs.
* **bind-libs** -- Shared libraries used by some others programs
* **bind-devel** -- Development headers for libs. Can be disabled by `--without DEVEL`
## Optional features
* *GSSTSIG* -- Support for Kerberos authentication in BIND.
* *LMDB* -- Support for dynamic database for managing runtime added zones. Provides faster removal of added zone with much less overhead. But requires lmdb linked to base libs.
* *DLZ* -- Support for dynamic loaded modules providing support for features *bind-sdb* provides, but only small module is required.

16
bind-9.11.12.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABAgAdFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAl2WMooACgkQdLtrmky7
PThv2RAAnXNLYTzXtH6ls29tRm5Hc+D6UaeqcWDNQ4BpkRVhrFxtukalGCi9mmB6
NPJzFyXmaOW654pypCIuEgqJNFUpDtLzLzT7SUF+mhm+5plsaRSBnh4mq87l5KSp
twODAPnfCJV+HBk5RmToLEstAbGQ7xEBTyQtZoFkY+V7zEFwENKiCvWsoSWOkYR3
zXo3sKjc83HV9ShbW/mCtbZf5L0qlbrKOAzqJfAFMhNNJi8kMbmr/Zi2sIfN+Rhv
g8HQo89Epv6r51yAdeED8idIX4rKjjcEtHrZeDmLdCcdHgSEj2sIlH92Joce6vL0
S59A0rItIXm6fW8sz6WNpcj4tVtWYbIYjXZ4SPFNkaUrHv8cUekq+5vbI+v07Gh3
2bhtDsDyTY5I1/AsY/EFmwkCAjUS00jZryBnuJpLB3v5JtUog4ek32yLBzPrqRBo
1876j4nlXAia8mG0OgJNWZ0gHyUPe/TgfR8fQDLmHxHHlKrJNTEwY6bLW8jzFTX1
zk510fI1K7J9tiQgf5wcBQ2h3EBlqzDNIJDovoATzLYIf0HKyVegh/vnQdtdEhUR
1DzJAt3bsBfAP1AFfWPD/ACu5Zdm7SxY1wE/pjkwttDU3sRZqOfuwNBGeolu3cVN
O9/h1zsyVeVS0ui2vu4+V4EvNitmXsVbG2doDq9L5yBiIKGO2Ew=
=GCy6
-----END PGP SIGNATURE-----

16
bind-9.14.7.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABAgAdFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAl2WMpEACgkQdLtrmky7
PTh/sg//QbNRAQvADQfwF1PPo+JxB+3WzQ9oJAWeHbOoiubwkUwO9xE+BEnTNd5o
oM1lSLqFxNykOTaoeJlqPftPod1cxo7lSzkwflugGyB/59wliCpqCg053YV4x9mO
QggvA/E50+0FI/Om/7v4GHGADu/JE83FovOueWAB0LgqfDSD6QFcNFF9sUJJ4P7r
FcEXSWj8QbrHMWBKncZUOpD2ECotvtrYmi0DTHl1XfigESDQpWtsnTFuabCCsvkh
ch9wQRplAes2Mf/aS5tl1y0QKKBFuEjtGiTdgrDl6o9GLnx6CueX5saZehu2EVkr
fq2vEYUC2lRQSjuxSMMJ3L0TGUcl7+ixlAIISS2K9L5Xx7MhBXt/EH5KiKPfsEet
3EH+DhxV5uXjDU7MgvREnxT+ssV23e0HWTz4tVVQ9LpvYmWPIgLcSOhHCc57yoQF
c46V0f69dMWbMAlQ93EZSG274ZvpIszpK8+3hGI3/TuDFFgiQJeJJBFVtYJMle69
3mEEclfzO7fBiXZFec6nVx2309bL64bafN7zszPKXl4XgoefOfD0v0eWqQT4fxfm
dnGC0qMqSZs5F+d0fISV5JUUNYzt9PZjvnzqLLGOeTF6l3/n9G1mmNsXcxJ1OEIF
6qh1oO7JTPjt0MFhKac4QjNQi/Bnp25O3I/PRyWZCbiwXkyvyQU=
=ZT7s
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,66 @@
From 402403b4bbb4f603693378e86b6c97997ccb0401 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Wed, 17 Jun 2020 23:17:13 +0200
Subject: [PATCH] Update man named with Red Hat specifics
This is almost unmodified text and requires revalidation. Some of those
statements are no longer correct.
---
bin/named/named.rst | 41 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/bin/named/named.rst b/bin/named/named.rst
index ea440b2..fa51984 100644
--- a/bin/named/named.rst
+++ b/bin/named/named.rst
@@ -212,6 +212,47 @@ Files
|named_pid|
The default process-id file.
+Notes
+~~~~~
+
+**Red Hat SELinux BIND Security Profile:**
+
+By default, Red Hat ships BIND with the most secure SELinux policy
+that will not prevent normal BIND operation and will prevent exploitation
+of all known BIND security vulnerabilities . See the selinux(8) man page
+for information about SElinux.
+
+It is not necessary to run named in a chroot environment if the Red Hat
+SELinux policy for named is enabled. When enabled, this policy is far
+more secure than a chroot environment. Users are recommended to enable
+SELinux and remove the bind-chroot package.
+
+*With this extra security comes some restrictions:*
+
+By default, the SELinux policy does not allow named to write any master
+zone database files. Only the root user may create files in the $ROOTDIR/var/named
+zone database file directory (the options { "directory" } option), where
+$ROOTDIR is set in /etc/sysconfig/named.
+
+The "named" group must be granted read privelege to
+these files in order for named to be enabled to read them.
+
+Any file created in the zone database file directory is automatically assigned
+the SELinux file context *named_zone_t* .
+
+By default, SELinux prevents any role from modifying *named_zone_t* files; this
+means that files in the zone database directory cannot be modified by dynamic
+DNS (DDNS) updates or zone transfers.
+
+The Red Hat BIND distribution and SELinux policy creates three directories where
+named is allowed to create and modify files: */var/named/slaves*, */var/named/dynamic*
+*/var/named/data*. By placing files you want named to modify, such as
+slave or DDNS updateable zone files and database / statistics dump files in
+these directories, named will work normally and no further operator action is
+required. Files in these directories are automatically assigned the '*named_cache_t*'
+file context, which SELinux allows named to write.
+
+
See Also
~~~~~~~~
--
2.34.1

View File

@ -0,0 +1,75 @@
From 0f3a398fe813189c5dd56b0367a72c7b3f19504b Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Wed, 14 Sep 2022 13:06:24 +0200
Subject: [PATCH] Disable some often failing tests
Make those tests skipped in default build, when CI=true environment is
set. It is not clear why they fail mostly on COPR, but they do fail
often.
---
tests/isc/netmgr_test.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/tests/isc/netmgr_test.c b/tests/isc/netmgr_test.c
index 94e4bf7..7f9629c 100644
--- a/tests/isc/netmgr_test.c
+++ b/tests/isc/netmgr_test.c
@@ -1567,13 +1567,13 @@ stream_half_recv_half_send(void **state __attribute__((unused))) {
/* TCP */
ISC_RUN_TEST_IMPL(tcp_noop) { stream_noop(state); }
-ISC_RUN_TEST_IMPL(tcp_noresponse) { stream_noresponse(state); }
+ISC_RUN_TEST_IMPL(tcp_noresponse) { SKIP_IN_CI; stream_noresponse(state); }
ISC_RUN_TEST_IMPL(tcp_timeout_recovery) { stream_timeout_recovery(state); }
ISC_RUN_TEST_IMPL(tcp_recv_one) { stream_recv_one(state); }
-ISC_RUN_TEST_IMPL(tcp_recv_two) { stream_recv_two(state); }
+ISC_RUN_TEST_IMPL(tcp_recv_two) { SKIP_IN_CI; stream_recv_two(state); }
ISC_RUN_TEST_IMPL(tcp_recv_send) {
SKIP_IN_CI;
@@ -1623,6 +1623,7 @@ ISC_RUN_TEST_IMPL(tcp_recv_one_quota) {
}
ISC_RUN_TEST_IMPL(tcp_recv_two_quota) {
+ SKIP_IN_CI;
atomic_store(&check_listener_quota, true);
stream_recv_two(state);
}
@@ -1836,6 +1837,7 @@ ISC_RUN_TEST_IMPL(tcpdns_recv_two) {
isc_result_t result = ISC_R_SUCCESS;
isc_nmsocket_t *listen_sock = NULL;
+ SKIP_IN_CI;
atomic_store(&nsends, 2);
result = isc_nm_listentcpdns(listen_nm, &tcp_listen_addr,
@@ -2095,6 +2097,7 @@ ISC_RUN_TEST_IMPL(tls_recv_one) {
}
ISC_RUN_TEST_IMPL(tls_recv_two) {
+ SKIP_IN_CI;
stream_use_TLS = true;
stream_recv_two(state);
}
@@ -2160,6 +2163,7 @@ ISC_RUN_TEST_IMPL(tls_recv_one_quota) {
}
ISC_RUN_TEST_IMPL(tls_recv_two_quota) {
+ SKIP_IN_CI;
stream_use_TLS = true;
atomic_store(&check_listener_quota, true);
stream_recv_two(state);
@@ -2395,6 +2399,7 @@ ISC_RUN_TEST_IMPL(tlsdns_recv_two) {
isc_result_t result = ISC_R_SUCCESS;
isc_nmsocket_t *listen_sock = NULL;
+ SKIP_IN_CI;
atomic_store(&nsends, 2);
result = isc_nm_listentlsdns(listen_nm, &tcp_listen_addr,
--
2.37.2

17
bind-9.5-PIE.patch Normal file
View File

@ -0,0 +1,17 @@
diff --git a/bin/named/Makefile.am b/bin/named/Makefile.am
index 57a023b..085f2f7 100644
--- a/bin/named/Makefile.am
+++ b/bin/named/Makefile.am
@@ -32,9 +32,12 @@ AM_CPPFLAGS += \
endif HAVE_LIBXML2
AM_CPPFLAGS += \
+ -fpie \
-DNAMED_LOCALSTATEDIR=\"${localstatedir}\" \
-DNAMED_SYSCONFDIR=\"${sysconfdir}\"
+AM_LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
+
sbin_PROGRAMS = named
nodist_named_SOURCES = xsl.c

3981
bind.spec Normal file

File diff suppressed because it is too large Load Diff

1
bind.tmpfiles.d Normal file
View File

@ -0,0 +1 @@
d /run/named 0755 named named -

226
bind97-exportlib.patch Normal file
View File

@ -0,0 +1,226 @@
diff -up bind-9.9.3rc2/isc-config.sh.in.exportlib bind-9.9.3rc2/isc-config.sh.in
diff -up bind-9.9.3rc2/lib/export/dns/Makefile.in.exportlib bind-9.9.3rc2/lib/export/dns/Makefile.in
--- bind-9.9.3rc2/lib/export/dns/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
+++ bind-9.9.3rc2/lib/export/dns/Makefile.in 2013-05-13 10:45:22.574089729 +0200
@@ -35,9 +35,9 @@ CDEFINES = -DUSE_MD5 @USE_OPENSSL@ @USE_
CWARNINGS =
-ISCLIBS = ../isc/libisc.@A@
+ISCLIBS = ../isc/libisc-export.@A@
-ISCDEPLIBS = ../isc/libisc.@A@
+ISCDEPLIBS = ../isc/libisc-export.@A@
LIBS = @LIBS@
@@ -116,29 +116,29 @@ version.@O@: ${srcdir}/version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
-libdns.@SA@: ${OBJS}
+libdns-export.@SA@: ${OBJS}
${AR} ${ARFLAGS} $@ ${OBJS}
${RANLIB} $@
-libdns.la: ${OBJS}
+libdns-export.la: ${OBJS}
${LIBTOOL_MODE_LINK} \
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns.la \
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-export.la \
-rpath ${export_libdir} \
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
-timestamp: libdns.@A@
+timestamp: libdns-export.@A@
touch timestamp
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libdns.@A@ \
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libdns-export.@A@ \
${DESTDIR}${export_libdir}/
clean distclean::
- rm -f libdns.@A@ timestamp
+ rm -f libdns-export.@A@ timestamp
rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
rm -f include/dns/rdatastruct.h
diff -up bind-9.9.3rc2/lib/export/irs/Makefile.in.exportlib bind-9.9.3rc2/lib/export/irs/Makefile.in
--- bind-9.9.3rc2/lib/export/irs/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
+++ bind-9.9.3rc2/lib/export/irs/Makefile.in 2013-05-13 10:45:22.575089729 +0200
@@ -43,9 +43,9 @@ SRCS = context.c \
gai_sterror.c getaddrinfo.c getnameinfo.c \
resconf.c
-ISCLIBS = ../isc/libisc.@A@
-DNSLIBS = ../dns/libdns.@A@
-ISCCFGLIBS = ../isccfg/libisccfg.@A@
+ISCLIBS = ../isc/libisc-export.@A@
+DNSLIBS = ../dns/libdns-export.@A@
+ISCCFGLIBS = ../isccfg/libisccfg-export.@A@
LIBS = @LIBS@
@@ -62,26 +62,26 @@ version.@O@: ${srcdir}/version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
-libirs.@SA@: ${OBJS} version.@O@
+libirs-export.@SA@: ${OBJS} version.@O@
${AR} ${ARFLAGS} $@ ${OBJS} version.@O@
${RANLIB} $@
-libirs.la: ${OBJS} version.@O@
+libirs-export.la: ${OBJS} version.@O@
${LIBTOOL_MODE_LINK} \
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libirs.la \
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libirs-export.la \
-rpath ${export_libdir} \
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
${OBJS} version.@O@ ${LIBS} ${ISCCFGLIBS} ${DNSLIBS} ${ISCLIBS}
-timestamp: libirs.@A@
+timestamp: libirs-export.@A@
touch timestamp
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libirs.@A@ \
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libirs-export.@A@ \
${DESTDIR}${export_libdir}/
clean distclean::
- rm -f libirs.@A@ libirs.la timestamp
+ rm -f libirs-export.@A@ libirs-export.la timestamp
diff -up bind-9.9.3rc2/lib/export/isccfg/Makefile.in.exportlib bind-9.9.3rc2/lib/export/isccfg/Makefile.in
--- bind-9.9.3rc2/lib/export/isccfg/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
+++ bind-9.9.3rc2/lib/export/isccfg/Makefile.in 2013-05-13 10:45:22.576089729 +0200
@@ -30,11 +30,11 @@ CINCLUDES = -I. ${DNS_INCLUDES} -I${expo
CDEFINES =
CWARNINGS =
-ISCLIBS = ../isc/libisc.@A@
-DNSLIBS = ../dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCLIBS = ../isc/libisc-export.@A@
+DNSLIBS = ../dns/libdns-export.@A@ @DNS_CRYPTO_LIBS@
ISCDEPLIBS = ../../lib/isc/libisc.@A@
-ISCCFGDEPLIBS = libisccfg.@A@
+ISCCFGDEPLIBS = libisccfg-export.@A@
LIBS = @LIBS@
@@ -58,26 +58,26 @@ version.@O@: ${srcdir}/version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
-libisccfg.@SA@: ${OBJS}
+libisccfg-export.@SA@: ${OBJS}
${AR} ${ARFLAGS} $@ ${OBJS}
${RANLIB} $@
-libisccfg.la: ${OBJS}
+libisccfg-export.la: ${OBJS}
${LIBTOOL_MODE_LINK} \
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisccfg.la \
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisccfg-export.la \
-rpath ${export_libdir} \
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
${OBJS} ${LIBS} ${DNSLIBS} ${ISCLIBS}
-timestamp: libisccfg.@A@
+timestamp: libisccfg-export.@A@
touch timestamp
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisccfg.@A@ \
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisccfg-export.@A@ \
${DESTDIR}${export_libdir}/
clean distclean::
- rm -f libisccfg.@A@ timestamp
+ rm -f libisccfg-export.@A@ timestamp
diff -up bind-9.9.3rc2/lib/export/isc/Makefile.in.exportlib bind-9.9.3rc2/lib/export/isc/Makefile.in
--- bind-9.9.3rc2/lib/export/isc/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
+++ bind-9.9.3rc2/lib/export/isc/Makefile.in 2013-05-13 10:45:22.576089729 +0200
@@ -100,6 +100,10 @@ SRCS = @ISC_EXTRA_SRCS@ \
LIBS = @LIBS@
+# Note: the order of SUBDIRS is important.
+# Attempt to disable parallel processing.
+.NOTPARALLEL:
+.NO_PARALLEL:
SUBDIRS = include unix nls @ISC_THREAD_DIR@
TARGETS = timestamp
@@ -113,26 +117,26 @@ version.@O@: ${srcdir}/version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
-libisc.@SA@: ${OBJS}
+libisc-export.@SA@: ${OBJS}
${AR} ${ARFLAGS} $@ ${OBJS}
${RANLIB} $@
-libisc.la: ${OBJS}
+libisc-export.la: ${OBJS}
${LIBTOOL_MODE_LINK} \
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc.la \
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-export.la \
-rpath ${export_libdir} \
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
${OBJS} ${LIBS}
-timestamp: libisc.@A@
+timestamp: libisc-export.@A@
touch timestamp
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisc.@A@ \
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisc-export.@A@ \
${DESTDIR}${export_libdir}
clean distclean::
- rm -f libisc.@A@ libisc.la timestamp
+ rm -f libisc-export.@A@ libisc-export.la timestamp
diff -up bind-9.9.3rc2/lib/export/samples/Makefile.in.exportlib bind-9.9.3rc2/lib/export/samples/Makefile.in
--- bind-9.9.3rc2/lib/export/samples/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
+++ bind-9.9.3rc2/lib/export/samples/Makefile.in 2013-05-13 10:45:22.577089729 +0200
@@ -31,15 +31,15 @@ CINCLUDES = -I${srcdir}/include -I../dns
CDEFINES =
CWARNINGS =
-DNSLIBS = ../dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-ISCLIBS = ../isc/libisc.@A@
-ISCCFGLIBS = ../isccfg/libisccfg.@A@
-IRSLIBS = ../irs/libirs.@A@
+DNSLIBS = ../dns/libdns-export.@A@ @DNS_CRYPTO_LIBS@
+ISCLIBS = ../isc/libisc-export.@A@
+ISCCFGLIBS = ../isccfg/libisccfg-export.@A@
+IRSLIBS = ../irs/libirs-export.@A@
-DNSDEPLIBS = ../dns/libdns.@A@
-ISCDEPLIBS = ../isc/libisc.@A@
-ISCCFGDEPLIBS = ../isccfg/libisccfg.@A@
-IRSDEPLIBS = ../irs/libirs.@A@
+DNSDEPLIBS = ../dns/libdns-export.@A@
+ISCDEPLIBS = ../isc/libisc-export.@A@
+ISCCFGDEPLIBS = ../isccfg/libisccfg-export.@A@
+IRSDEPLIBS = ../irs/libirs-export.@A@
DEPLIBS = ${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${ISCDEPLIBS}

1
ci.fmf Normal file
View File

@ -0,0 +1 @@
resultsdb-testcase: separate

252
codesign2019.txt Normal file
View File

@ -0,0 +1,252 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - http://gpgtools.org
mQINBFwq9BQBEADHjPDCwsHVtxnMNilgu187W8a9rYTMLgLfQwioSbjsF7dUJu8m
r1w2stcsatRs7HBk/j26RNJagY2Jt0QufOQLlTePpTl6UPU8EeiJ8c15DNf45TMk
pa/3MdIVpDnBioyD1JNqsI4z+yCYZ7p/TRVCyh5vCcwmt5pdKjKMTcu7aD2PtTtI
yhTIetJavy1HQmgOl4/t/nKL7Lll2xtZ56JFUt7epo0h69fiUvPewkhykzoEf4UG
ZFHSLZKqdMNPs/Jr9n7zS+iOgEXJnKDkp8SoXpAcgJ5fncROMXpxgY2U+G5rB9n0
/hvV1zG+EP6OLIGqekiDUga84LdmR/8Cyc7DimUmaoIZXrAo0Alpt0aZ8GimdKmh
qirIguJOSrrsZTeZLilCWu37fRIjCQ3dSMNyhHJaOhRJQpQOEDG7jHxFak7627aF
UnVwBAOK3NlFfbomapXQm64lYNoONGrpV0ctueD3VoPipxIyzNHHgcsXDZ6C00sv
SbuuS9jlFEDonA6S8tApKgkEJuToBuopM4xqqwHNJ4e6QoXYjERIgIBTco3r/76D
o22ZxSK1m2m2i+p0gnWTlFn6RH+r6gfLwZRj8iR4fa0yMn3DztyTO6H8AiaslONt
LV2kvkhBar1/6dzlBvMdiRBejrVnw+Jg2bOmYTncFN00szPOXbEalps8wwARAQAB
tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5
LCAyMDE5LTIwMjApIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBK4/rHln
EexZ/AB6pHS7a5pMuz04BQJcKvQUAhsDBQkD7JcABQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAAAoJEHS7a5pMuz0476oP/1+UaSHfe4WVHV43QaQ/z1rw7vg2aHEwyWJA
1D1tBr9+LvfohswwWBLIjcKRaoXZ4pLBFjuiYHBTsdaAQFeQQvQTXMmBx21ZyUZj
tjim8f9T1JhmIrMx6tF14NbqFpjw82Mv0rc8y74pdRvkdnFigqLKUoN2tFQlKeG+
5T24zNwrGrlR3S7gnM47nD1JqKwt4GnczLnMBW/0gbLscMUpAeNo/gY4g0GV/zkn
Rt91bLpcEyDAv+ZhQZbkJ49dnNzl5cTK5+uQWnlAZAdPecdLkvBNRNgj/FKL41RF
JGN6eqq3+jlPbyj9okeJoGQ64Ibv1ZHVTQIx5vT1+PuVX/Nm0GqSUZdLqR33daKI
hjpgUdUK/D0AnN5ulVuE1NnZWjVDTXVEeU8DFvi4lxZVHnZixejxFIZ7vRMvyaHa
xLwbevwEUuPLzWn3XhC5yQeqCe6zmzzaPhPlg6NTnM5wgzcKORqCXgxzmtnX+Pbd
gXTwNKAJId/141vj1OtZQKJexG9QLufMjBg5rg/qdKooozremeM+FovIocbdFnmX
pzP8it8r8FKi7FpXRE3fwxwba4Y9AS2/owtuixlJ2+7M2OXwZEtxyXTXw2v5GFOP
vN64G/b71l9c3yKVlQ3BXD0jErv9XcieeFDR9PK0XGlsxykPcIXZYVy2KSWptkSf
6f2op3tMiQEzBBABCAAdFiEEFcm6uMUTPAcGawLtlumWUDlMmawFAlwuSqAACgkQ
lumWUDlMmaz+igf/ZW8OY5aWjRk7QiXp93jkWRIbMi8kB9jW5u6tfYXFjMADpqiQ
yYdzEHFayRF92PQwj81UzIWzOWjErFWLDE2xol9sP5LdzeqoyED+XTqKggpVsIs+
Lq672qnumQoZKp1YGb8MDocU2DNg/VsMdi7kCnEnPbcSuBxksmxGYomusXNrAF94
1OJ2sqd9BuFamLIyn8XUCGGYlsvMoe4kTCg6Cc1sQvx0lDG8urKN57jBKWbP4alV
+JBV5KQcf74gzPmE3ypgY1tMEwxyH/WyS9ekDbai0qauX6eUAsM1bduH8fIcknLS
Zl5hrJTrzWFF9/DKOth8QOwhJ9zoIF1fcAsx9okBMwQQAQgAHRYhBHpqR7X54SM6
0lUrXL2X3GOe6MR7BQJcLktcAAoJEL2X3GOe6MR7jwEH/iaolMeno1oeWAgzN6Mg
bx3maweh/9Vqty1fwk7Crq1G78X5i1OCkknEL2p0Bfle4ApwcC4HZVcqCgoYpRV3
/EEXtwkMNy3plWdBbLCQSev/E1D39GzgAHiMnv7NUJnkoJbvMrvrAiUTXPTtARMM
gjEpvgEs60wuJxS8ESomRhe/KW4myxDoBxF+K+e5bOkOvvWVcAYJHWZ1BIZs4n6b
+C2vO8q5aKTkQ/XvNT7utbTOqj1SGhItRaAQKXHBdzkQ1Et3wTA4+uRg4gK12624
9LperYs26w9X9UzApl+qVxQhtWUw3tnUXMastDfQrRcvJgq1xpv++OqX5Uc93RTf
SNWJAjMEEAEIAB0WIQS+DpdItxglOii7if/xsRvwXPAuVwUCXC5LlQAKCRDxsRvw
XPAuV29KEACEwlTVVKe4gnBYHnlAD7csoQ0+gJ6C+Ofzlw+UItRIcFeVCAknSGBs
NPxr9JStIvKpmsbSKpCNUEAYnRP2immh94y/C6BuTe1uUUmqBGr1f4OAUwZpmI29
ixYeY/uUs9FZO3bS0/WtG46tdcJK41qtM0DYAGT3oeZhJMTW15dfvMGlFukauSOU
+BbR+6sZhqdbWl/AOTE/6x5otnAaW0GObY/BW240Xq/KTgBrzVdK5qNoYsMVsiTd
0im0JKvFG08ED+ZfcILhlO6G9jRhoTkhtYuf8CKN1dPf2IoB5FrRFf0xqRr9hNlk
X7ViNMP9OPb8i3BubWvRi5rNSquCwrFATSiAgaA9Yi1BNzQsmQxOql9lsh7eCH7m
+8zzUg9umWI6PkSv8vHBo2kPX73wmtEsF6vxJlk0yDBuQw7y0uuKh406tEEk4cP2
8U4baq+ihpioupDhNuEII1h1Eh/RBE408RAOpcr+2F0m/fKOoJyz7u+AxyV81Ia6
fyBnUfZnlfKo16w87c1HJRs9dKkRa5yGziBf9TcED3sru58Pftes2Nr80/iOh26i
P2pRihcIyrmeAqDWnneErVCmPMDTe6zkMrm/0iZ25/Jfq+M8IHEzFEw3Y1FBOeFg
9TyMDwYG2biJPTNTDO0BQ+Rrvs4SjFWEYSxgJSvG1jMfSPt5AR6MJrkCDQRcKvQU
ARAAufZX5WzJr0lZAhxaGpHY6JMBr4jVOCP4TrDZhwC2K4CXNM/PLLNisWzquiWa
FvUDhB89kCxrEhipwVFYhBr16CDQxrr8yhah3RIxrBMYhRTxgIAkANgkhGWfDJSE
zXauA7krYtS3rYwhfXe4cNsTkLPbnMUlyLJcqj2wnZcZIt97aL+NFRPyfIw1KfUb
9u3tB9seDYbvTEULeL07aTnHpWM5f3bTwJrJ2OFPzXseCCzPiVNh3Bv+YtJ1pMTr
c/UHO5DoJuHLsF0wicPSrpD0twspFdR/0rT6eNycsaCtV4GQzBcMPvY7qai5XrZm
Cqgluo1W6l6+F5YrKvRMtyyFkUNGcPywdjSlP44JyRrS2uzvFUViSsJArcmFG2TJ
LCohnse8wqjw0dIUVbmDbE4zjaG56zkvu0k+04Wwp3XPgOZrbl6cbhX3yLhu/Gt0
dzd9EReoNfKXk32hBzKas/vdeB5DZejbOOOWYftqyZC1LvDvvrYFhFK6VGozfZ6L
Fml1hzn+xPahp5tRv93/T9zXeVPm9zilGMqm/gjRgh8ojWxNQoNzJyqTPWIvWmbu
EIP3T3cTFq6lJpJsg3+sfzofGWZCGnBZQGqm8rEOoUWiaKe1BvQCX1x8p4/x8/tX
TaVDpQCGoqxXt09plkDuGMuiDICxBlaHWUR2jLoHc2cLrB8AEQEAAYkCPAQYAQgA
JhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcKvQUAhsMBQkD7JcAAAoJEHS7a5pM
uz04pB8P/Amfg54IFeALiPOrKbjC3bVAQzrsf09IL8sUln/LCZIx9HgGAJj/f35S
Q35sK2ucjWiDX6qCxVrWmC6caQXFgXOFSKIlqladmmgj4sIdLM5wj4nbomHChpB5
rqV/GgkFwWBQ3kPCatXvc8Bg+zKJ+wXgTuPFXefyE9R+SLuas2grQ9hAjvTGHYbq
iYxSlNDFc1aHLAQ3bS76351MHuMHOpLzoB0OkZDCVNW4GNEqrLbINdr50RAK+Loo
Z2UBIobEZjXYor9A2FWkSvdjyz6X1QKMdQMath6R91k/O0abBa7ly4/805eAGXM3
w1Xf2eMlpiUs69BeYoJBklK8aNMntpDREunJjhiPU4JoDzSxl5Qv7LuXylyo0YJA
9YmydKhTTcRdwsKc//nGr/ckg4BRl+VbtJBYvd3xGB7IQ+pT/TOakv9qCospAhr3
EQjVP/XpnWJRd+x+dq8UXqwWmTenWDE42cNr7BDFJdOqS5ZWy4sIz4sdjpSxXMB9
8iiRtKSpKRCJgXScB7SYebh835EgG2YyQGdhJMO7C6ok9POYQBqL8sBqRzImJKoT
VDvOH42WArKwJWTHa4mPdiDHEIZlkONerec3JXtl4Mfv8cwZ5Lb8fSiB/x8AWvqs
puc/7hQtkus4TcgutS1fwhAwpnFItpVF6+73CMQrJsblBdTjW0T+uQINBFxbVHwB
EADebZOJbhPdhHeBPdlZYE3rRjB8scDpWdjrCupfmeTC9MM6JgCE4DEMBtBXk+h1
+7wfpblYYNFwGVFvytG5nvGRDtHWxwd1Z9O8Fx4Zqu0Fx/wAn7ZL3ryE+tdHR7JK
7SLxOa2X49T/8LY0U8Q65I4ZRo/b4VMcXApCmncw3QSRqHT/mYdNnf+HHPvi3jza
md3iVptCS4Iaisc079DFda+htWXspBc13lmPi2vGQkWjjS3B4yO8JackyQPVhpsg
KYbRBzOH0Kii8bXmyA6O5uIJYEddp5Veged4FE/ej3CrgGP1D0Yk1epx8lLbi9RB
kwFS7DA5rQ23UnbSy1WyV1ZgPrWqQAWuGpjMTVTWN0ElI3AGxAnE8lZlSXyE+XyV
uHjjIVrayBjLKVqDuSLdKZeCvI4QsyHH6F0NKJQkngvXxLZYxO6s0c2EFFLzdVWT
1V9GMP8UsDrrb+JsZjUVmPR1tTP4xqEQG6KjfFoQm5XWpGtFwh91OK1lwf/Bx2/C
j+PquLLFcj7hEP79VDTUZPQAduTTxIeTzHXH+x1PCHFB10xxH3e82VSdJeBUrJxn
riXzK50SKTTmF+uYpHqE8Jg1N2Y1n5ksuxeYUy8PFjhAeBCqZ6ZcldUDf4999e/z
PT8bwfCDr8jRdqJHrq7RxTJiP5RsMudWpKeohzJGwQ5uZwARAQABiQRyBBgBCAAm
FiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVHwCGwIFCQO9IQACQAkQdLtrmky7
PTjBdCAEGQEIAB0WIQSVztolaxygoV8wL7WVIaftXazpGAUCXFtUfAAKCRCVIaft
XazpGPeMEACm9nxA/VKf8RxDo2ZuTgyuSwlR8tCjAE4k3+UoiYUbamkW4pjx9Vgd
1zC5bNxSWZ5vlJ4CH8ArKFqNK5LBVDZqhYureAo/1Af2b9vRJw0/QQHhuXz/jqeT
wwrLuKpy796Gpt+aFfcmS0ZC4QXfxJERhAP6tu1p6YmAsSb+bjziQVkKrt9mhOrL
dtz6WP0Fg1joRj33FgnnLtayHvtgQrNFI3ztCjk/B2FjYZxqbBGfk5gyo0cTE2Fi
oLhG/XrxIoZepFMJkGYETnYQXrOt2KuJLvawV70YQmG8EqHYY8drKA0XDZs8TVdT
5cvGvtm8ERz5znsssRBxQMI5Ml6O2ahrXp8Eq4htCzlvO8t2MOtzvqAJRiyAd6bA
Uo+MGVRpnvePOR1SAgBXCd416rF0iCXc1utZxnqwdq9kJAZ+8mCLx4N4jk6AdGpX
zcNkLg7QmUzXn75RxZ6GrIUYZJNMlswXq5XhSW4o8ePlaxWjh9+QTtU964AZhpA1
uoHsKGTBxHJs0w6McZm14kb2PuaO2/rpf8s8IZyc93+Y5O/gHZ6/agBjA9qN6wkQ
R1d5UhJC4QS/m35rBGBKK9X3fqQxaBCio6Qz+m4A3GchrztJpq+2P+ma5ylsTq5j
V4njky26WNtrV7+N0C4Moj3I4Qn6YU/eSManTXzHzoiPZCEH/IOxgXIiD/9Zm3Zz
I+h4NCfSGyP11/w1gEzlTHQ4at/FXIIDh0Y2ZNpWPffuFQLtcER2vyKPwhDYpGMy
NNHXks4azfrXVCv0wmSNBbeS8pJrYtopZpCEBrAbg/YLv9m5lpDSRHaR3gv/qMZ7
QxY+NwqciqTwGq68PuF4mDSvtfuFmbEES9Iybiie+eL/6DU2knfBjgshUe6vElR+
LYoPQ45GY2IxRTJ1pMXaZw1+evwH3UvseRGkRygiaBgoU/qR4prynvjMQcacCa+C
aRnXZJYp/usVBeY0xut9toc9/OcLGoBr5h9l5YjruO2vu8VHou8N0tarVQn3YbQR
Fi+YtNtclWJa8Pq1AsKRTCFwDwP6eODv6mNOrEFydNRcpiQmzp47VWF/YHRfHzCq
A1wHLxLUrpQTaVw6J4FqedAQ31aAO4faA7MS+ZMNBqZCZ7lTGC6TvojqqBAN2yX7
AnnYpZHM+lGpi2/ukVzLqSkGmdNOgbu+UZvoej3YnHYig4yWP+z2xrlJl8bkhU/d
r9IQE5aRCEPB/JWhHJ2/GqYl9qjshlB52+6X2KDarwptOtzT9ooArYhpMwKIYh34
c7X8tlAKYk7V5j7txIRFDKKAftC7dM82PntXJxSkWyR70GYnYjiXyrqqerqT7xIC
mDEQgFOPpy09zFW62paO9uiZw6qwybwqgGpoX7kCDQRcW1TbARAA3ERo2mPv2VVg
ZUFr4MtPDm4UG00YJW/LYa3D3k0e9tdSScACXprk1sAoxUlQx/CSdErPKwXG4rax
iN4t5nICUUNYSC0dh09G25jC7nwsWc0AYyZu+h/FzfvpOm3fBwmBlzILlGh0URwH
Ffj9fHt6hos4C+3PFZZ/X24aMJF/cov1oYi9rqFwt/l0mgtPE88Iyj2/Vp3Lergg
QMzKfEuyluj9fL2cgU0Qa7oAPXmaxhHtua4cvbM5SXGo3FXjIgzH9OfM+2orebeN
wH1M3ec6w+nPmRmCJLvPKGOeS7GVXL5/aOyPlDWzSXYnpCKS2ntw4K4nt0IA8n8z
1db109l/C2noDrDSJEqOo843ShNGTYOMVUrj3a+Y7o2ATc9pNZalf0PwnKas7NDb
IJ152PEQw665iYXcv2awjLF6W0yuSq8kfiaAxIrsie2Dto0zgqOs0Ot9Y74u11Hh
wBSHUO3mEZJScAAcI/yDF2PvjvCQSzu4mdXb77t6X2O6YHULz4A7bVQCMazcTDI9
/S0W2+ixPnnJVnE3xgjK9zuizji8JDJw1hJCQM+yTLVqq9pfvcRfQ6uwpMRzz/O3
S0zDRiA69/GyfNwkpgz5QaGpY02IK5WrQU1doRjIz4BHAYzoIOkMkRqTtjdElQZw
/D3wSO2uwsEMNwRzibR/Lz1JF2aGn6EAEQEAAYkEcgQYAQgAJhYhBK4/rHlnEexZ
/AB6pHS7a5pMuz04BQJcW1TbAhsCBQkDvSEAAkAJEHS7a5pMuz04wXQgBBkBCAAd
FiEE1wyE5ktVjlvM7AchMuIXXx11eioFAlxbVNsACgkQMuIXXx11eiqCfQ//SFDf
rOIEoslp6n6vlCuavOg02wvjskKQGP1P1Q4v40Fw1Gl87n9uXAoMpeF4H+pzUxOi
BHYCQi+EemwocSThzaWfPzd3JG/0OcRymf+ZOcBb+58VJL7p88QdMFIAi5J+KMuA
fEG0zLkc9anEnXoVMmQJX5K+6PyeVDvBbYGjLjQAsWTZTiVuQI0w3WxFtDGWqQII
8e/qE0DA7c/auGn7j2hid308+FcdfpmLefW9YesWjE1yYvHoCRdFOJ/7Sft4MQCI
Re7UET3TRMBvtisP2DcqyzGPp22s4ZYFCCJJNiB92bXdEl5zXe4Ff7JTfNE/QrR7
Wg5R9hZHgHdbp8p8bA3f0y29YCx3puYg7BbmQWiMh3rXWE5b090pSpw0K9BQU3vO
irr+5/2TaFOJXHl4VF03GrWsSncShCbdsdRIv4TB0lY2mN4q+e7bjlAzJJeoaS97
GIqu3DBlAJyx/ZwWW23DXXwoQ4jNuJhpl2jaCE7rVQB0uLjbp0i9Zdd4SdYZxmO/
Y+JfgoJz8eyx8wZi4eDz1ijN0WKsIGjxJH5VUK9STjijDMeG6ZZRLc6b1QCGhe97
ZbDkEUTdQGoeu4L5Fiqoma13NEsf8ofBDv+myJm/O67Va9JI3gxhIrhmF7LMzQQp
lYx2peZC1CmhEnn83dtt83mhXvX6Dth657BW/Qd+GQ//SVuTPuNkBXfrTi4dbnv+
cU6IsoIBodTF/WsQ6h4kbtsPhO5DbrsLNuNumrqVEN8jw+HUsEeNvFNeMrTPdG2V
87ShQ4BQGkCf+GFRBj0myxxXOFZYQx6RpY5fCe7yOcTzpkbnPWmm7V8HdOuZ0NnL
JNQ5YogOI6UvXVKv35R9qBo+G9jkhhb0eaAu6BERzKVANKfsGN7545ElZ1qlffMh
AQhXGb6TsvCeSg2cWGb2cnVL2d58uVukD4PDiq4qqwgClkF3bOO70SIgGrCteHbi
4Hseopex5m6GqqjoUYXr7QQBwSaQdc+gKtEjMHCsHbUyHRk0qEHdEe+2RmL0d0ra
QMJfKyYQjcCR7tnrgN4WD1h4NKRdC/KRW31MDmH9XVPrkOMQCUCnArXkOwdKWsKf
h8af9HqweXOT1FHJN/M3tWaBpv6KoduF2f2pj1VhPZ2EqFUycJ26lrHyOpsynQR6
+TD+c1uXotDwKN5RW+YL1cydk6mhib64fdOyPUeTcHehjMAFgM2f5wi35Ujcj8id
37cWOqRsggSbMnGO4AUA/YtcVNG8TjZbakson8ENK7e8q4sEiNFUZ7/CtzNokwHQ
5uOG1+qB85Y4ImGnIZVeiBpjt73VVawg4Zvm/omtW50P9R+4rVhMJZZFAgrWg8BH
H/KNznW0vUuShG8B+2FA/eu5Ag0EXFtVDAEQAL5ftI1GgVJEFgX5VsuFnfBnH95c
zqmwEXaTP4s7Xm3O0Wy579EzRUD1eEw/UaD/q2OHScwvMP65cZYQ9w4hnCN6H96P
96Teo7LOMCssvSXIO7gqP33LKTqDzsIoAFHwWE3dq1jbyP6T1Je85mr0Edvk8kOC
B1hudswAARno/7X9zGulhhwuEHk5Iey7R59yRUQqBctdNcetGyaiFjjX0evuVADi
/z/s07XhDLDt7+3Vglh1/7XGC64QhB9QjZ8j0u7+0xfmLLjhi+7EpkDlAHIJXX1H
0wAsPOGKlYruQUmIsMNfBINZeulHEBZ4cAd30xsM296DzJ6QL9sAGfYMhRs0YHB/
EJ10Zv0iw1pU2jCCUv/9Kf4F4nwgHQWQP7JAbfhOIUOUq/YlxjTLnkd25+7vD3KH
NQ6UiRDROR9Jwetpd/zokpf5O5iTBpVL+sCq+NsTZyDOjITve2sY0V8v10M+Z+pL
cp/cUZ4JEDS/WJ4/ovBNJP8b+YwN/RBgCjl8UBX/N+e7AA52eYP2H9GK9XPkzSCE
VxEf5PyjGrwedpoLkzagrHsDuWo3uBquLyneT/ozihqKQAuInUy5B7rWU4mpKHe5
Vto5o6Zuj+6MgHgIQzRK6Da2ziMNEmroxwZibcYCtUPdvcvxGh+byclnzBclKjOw
kAalFPx0SxEbHmzPABEBAAGJBHIEGAEIACYWIQSuP6x5ZxHsWfwAeqR0u2uaTLs9
OAUCXFtVDAIbAgUJA70hAAJACRB0u2uaTLs9OMF0IAQZAQgAHRYhBK7WIv4CB360
tcFGwUKiedJIzcMQBQJcW1UMAAoJEEKiedJIzcMQH+cQAIQYXDnqi4Hl21LtAgky
pZxug+x/LECVlwkrIfaQF337+fG+H9J7SdU87Sn1Xe/YUgQnF0XP/fjIVFM0e/Tb
xVlmTFqiejLnIwJJDgUaHO3POT2sGEyO3tc0mqSzyRBxtMQ8yvApccBhL5QODv3h
hlRWgk5MXU0IPeXw134IWm+o/PRiPBoXPawvVfEVIBlUFaiSZASf4BAiSad4aJQe
P8PyP7FPvQB1xiib0iSetn6ZmNeN2OSUJPiPA8aE9JCKuFtomVQEDM0BqQDl5A7h
5O2uyf0Li+/ArqBvfBjrH03e5zbID02dO3D2BjsV3jUeVPQ5WDgVg8LH+nfg/rRy
wfCsx9zFp1mt3K4xN2v7IKwxGndApgCcx17gsjzMvLz0J7sSGov4MNjzqvGEDKCl
uUvNKXqy7je9xcQLpoyvWtoWFXWTbQAcK5Vv+hC67r9bHpjI1KuqA8hYqNKxsv7s
wiLZdd4SK9SIuwf0j8/XTZwmoFfGolJil0ZNxyqBF39+CMVpaHdLM1qKZz99TVzS
h4obOOjkUjK458xSo0XCbJ4qXYp7PgxyWK6GIbTozbbG/1ldw+LUnqxt8Shf797L
J9lbI3ICuR2P5PYlKJf3b6D9GyfqyrP387fKAKhHsYkZ1XD54/8wIgTrdfeNPtL0
1mjWDjw5KvO9kuPBjcmzgt+NrtsQAJwKeZsiqLLcY8kJ9xP+/xtTlh2iVuZMfxwq
hwlo4MMCzpobLDZ/JKU398m77eboTKJSBfeUYxQd4ATn1L8NLKjLxKAaBkjEk0nN
8w9OUQbFlhQ/asLzzF7Z9IGGh9/SEgBZ8V67a0O3Qw9Xdi3ARK3bbZ8RIVJ0+P9G
CGrfq9j4ZmGA2L4irLjsvDAv7CSMb4WBKW8j0Jz5LFMwOMJgG1TT5c6lNqFj6y09
rZcVLnt8+lUv2Bw3LC0oI1TjFkrrCzIdfg++mPi3K/ZFc50bvnWF4eCOjgZ5U9Vb
sxFZq3+vTRcIfI9z2lZ9CNDRA1O5jGvuVtEGLiSLF2aJ6kiNriLuuGTlXfg/Fpgh
GTvyppOTzF7PtHzHBQ/ZjnhWojnc/jyJRwLK8cCl6+EOc887v8BDmqgFWtmycsE2
5fDJ7UFGP13g/eDL3ZUgMDty5dQaUOTX145t2KT+lMqpY6ZK2EC+eoqrnIGJ+tYy
0l4RRxi10mbNhuPIIDdph7X+mUHgCeA9gyF0Y+LqiB6CX+zFg7ovLvnCbMPxdGXq
z7AjfwqZBKI+BVuBeDtyW4onmElCu5cXNKsg3W0IlQlZf9PMDU6Ht0XLUs7EPfbQ
sH1Vqi1XE1W/tGnkmjcpG/qlt9Gx1uwFGLP6iomqUBc2c0GZ6R1xplXvd3w3yC8d
8lAgPGImuQINBFxbVToBEADkuxhQx9gxlzzCc0nUu2v82XsD+GzONp9irt14gslx
te96eKaTXTi0t5eya0X5TIY3wbREwjlfAeM9AfcAmWcsM4izrfPtANM6WOxB2Tbz
EY2cqv7NBQii7Z5aqPyjcIiT0b0Gs2evlDkn3xEBBqTSrNcnGSA29bZPIkaUb7Qo
p/Ani0S3/tgcR21gXsJwkgpfNKwvPT03Lz3/o5rXAyag0M/25adgk9SVKNcXc8h2
HSGv5ENjwUKNNnowVbNLw4287mFUM2Vd6unGJ2MBj7aUwTrfBl7gNV96mMdDJWcB
hGKYkxUvibuHCa2KH7gTrnV6X7sdrgD5CbJMPq6OZNSP6n6bUVg22eHxoETplFwT
4NvV3clRMWIAG1XgXR1l99LAh7PPnPMM1pHQGPwYHQskoBFS4g5knzHpB9h9TfZ3
MM4cDZR5NgWmE0fYVnWe5ax+wW0/IOklUoHv3qoL4yiN9wFJq2oLzUNQd9+tsqiy
vxSTh8iYmHegyn5KuBPsrMPgvqiKOdalTZKkak9DOx4cGQL2qHspKxiBOb6uox2v
fjMQ5bDeUn+4DYMdnZNHeywCUegJmDakUtlfvN+136IDHGwfdGcitqzswzd3+PI2
qlwPE19gkrp9NUaD3Qj2ZtDP7sU2cThc6Gra5KRFW8f98bI77j1Wu6pCnYFLqPz4
QQARAQABiQRyBBgBCAAmFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVToCGwIF
CQO9IQACQAkQdLtrmky7PTjBdCAEGQEIAB0WIQR5HX64jryNAThDSqwz3zWa56YK
eQUCXFtVOgAKCRAz3zWa56YKeSWOEADK8u03LESGSQlZQqnnCAI8iYs1s+XRMEnG
2tAQ1OK7/4eNgr1yZckmaW4FBMgeEgYIBJ7v3SlW7Hf7dE10TYPNGbP6UxVW8HIP
rA4CINcGZXWWwpS374JNMS6A5eb6viuEgEMEi00jx0MmLvCMZKypmwXQUl5YJ5nB
ytpQ1681mCQxGBMhT1eKQt3B4nAsoEnP+HnqVM/nKxBemSBNXX+C0b/YeQoLC3sD
L+Z0NRI8U6PZl9Rokod3uynH0vfBYCEJd6MvsjtnJlVVaseYIA3ESNrFG12tw95I
wKNrVCANZ1DBSyK4ovmmWsDrH+uFTHSLNjlxIuVxUfmXcLfgcepVCmd/7Z7UrWYr
SXSvP0VG4ZmEPE7tNb8bfyADftO1cVsmcHBQeSrgvpSrTv9L8MocojpR5vJc1f+a
sBT7rAeGzZP9riz1GmryXawaZgdLfaaJfzRQkc1uTChb7kMN+UMhVUdCAXmho0XO
SfcsW84u/LpjdYh2Ww41xQO6EWvbZDNgD/Fdmp8Uh1MqJ1Dejri6kjNn6wPImXJd
Eu6nHqWDRdYsfT4XUB18tB+4aIpFzCyIgpf7p1uaVU7Oqip5sZkc/WXKr77lV23m
PQvpGRNCzgU2TJY7ktR3LOvUVN6wNfLMHzeQk18NdmcEGUrJ0YYtl9vE5/Eg9L6x
LBH9PKt17IQ8D/9DLwQX8pl3fuTM8ZbzIPLxiXhbgzBBTXKRE2u1888+RIq9xE7c
aVFjwq4qpgqZ5SFonTcG4Pi5ck3mFAzyA5zLRF+ckpmBpwSPMpLwCpv10369D1jh
AF3JsUwt6DIb2BISMhh2ThSUMSKO75q8GSotsKjJyjD6vl1x4L7WXubTWxEiNuwD
3kAjFWS1Z1VWtA9SURWAbsDaCV4VmwCCpSIwRr9OTbyu9XuMdMxGNpl8SwW7MVQb
x4aYNvR7Hl/wIR71AHAXoSfrKp3p12anXjYYASHmbm16ugP4H7HLMBfznKet2f76
gIxJr1CsAMTSqypcC1UoVb6Gz8djeIR+GU+6efHI4TIUMy5uMIUx8tYbwSEeo/y6
NnjpJFYYjJa671iSABInNxs4+X+1zrFa+wl45EnaFxziEet2Qzv/VsusoLvLwnYi
BZckclAS5xoVGFW0WJ01OfLUDHxGMt9GSheL8c+GLMaMtaCWunpmmt9zZ9WdpBOu
AGluMG1Cee50TrhXaGE8CdNr8nOdSeLNAveBAPmuVa0JDSe20/D/RuYJLKeG9Vsq
BZvjuGlOUsfl6UjtiGRbgS9OWpxeez5ugc9yyV+rBGIpmnIb+9quz2HmGxE65eA2
cRNsZRIjFLzeAx/0RMaT1nlLFTBbUuZ+tJ+fgFtRGMhifZn1pb2dMQo0N7kCDQRc
W1VuARAAv4LYaNq2Zev/v7M5DnxLpgHRcMkG7TOQpycrlK5653llpZzTy3mh5peW
vcq3IDmdeUIJxQ+WDh2f0vS+NIKDC/HAddfHrZPbhO7zLxLcMW5KmV05ancaRSP0
s0+IyQmvVxUNrgPinZiphlvRGoLXS6pdgfc4jIR9B2umPecfvfu/6EWFPnXZgG8K
yY3Z+mwrmEO0FaXHBQuu6nactiPe79N4bLe8hk9RW6yIxLBeJzIoOlIcJmuRHapt
nS2lV3mfhZdFnkAp1o6a2TL5BwgMY0wZUKZr78HEMKh6LbPN9rPepf0neUeq/k1l
NJU7V6XMS+rezF31vgSJ5KoNGYhxtWZ54uksH2rcw7+ltpSVtqY91G/vibpRCJG3
LdX/kxHni1NEWyZlpS/6ntuH6HSoNYsR9IMsbESs3QVCH74ApK88CxYCRB0SEo0M
yAElbQ3bfEKCKl/FwC4IzAYAJ2arWKwBHRSJlsrNCtczrjG7j3EyJrn8+Tm5yjO6
0THQjvc/nBxrNE09r1Lzz7jrDWC9Rl+BH6wqdniymoYyUAQsX2rZ+Jhah1Zkf+Gu
76qtY+EH494dPM+0FazcBlgBd6/J5mh3Wk9JuecXLTEUGtzd1GmI9CENPAklCauX
tNOWeTop27djuKWsZxuP1GyV6UYixFVOSWteyAbA32cncVv/2ZUAEQEAAYkEcgQY
AQgAJhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcW1VuAhsCBQkDvSEAAkAJEHS7
a5pMuz04wXQgBBkBCAAdFiEEFWiQaF6g32oTce8gF8xdsfAIhAcFAlxbVW4ACgkQ
F8xdsfAIhAd4jxAAiO9+VRQQ3eBOsJRgANdgL/l51kq7qE3u8xnSqNkrmdYDdT2H
TYH5W4n2AmGo50BDafdjd6tut0qtzA3/hGWCooydxKFOsnIYziUeoHvlICj3RkHO
y7utcFhAgRWi+kzFwnnXGf13dMU9iG7yvKrCrCEw44gzoQ1KnY1Xsj18n5JkqxeT
94bzcSbz20OpOSIMfSQPrpy18WrZYwHodcIZ3IUUACCpMZdfTa9c/qHRQ/rcwl+B
0JlHx0V4AYiSAsiMVgflO1Eqi7apPuwxPPd5nnHkrdDM9CYC3LdBORBXwncG3oZ5
eTSXmsvFxHXH41JHsm/1QFcVmFAYhu9qJFCGiD+8UeTFtT+nnHU69BszgtUskqX8
k9PqLdK7Vxkp16wc6WOp1NeIQ6Fd4PxTGrPqs9bJk7TlYtTFWpA0X+EMj/San+Ku
PxqLEa4Ab12R4vs1pCrn/g1z3C/6ujH4B70HOrRTIeTjULJ6xdwXGtwUA09hio0r
pHhtyZhAh5irUJNto4ZOk/Qyd+dfMsNvRJfbVIK2mmeRaBnp902AsQNgYVdi2Aki
0h4kz3bVLGw7iD/xV2hV69+JwLSijkkmOpz/EjMwj0hDDYrHH3Y3o0dV3dNdk/5i
6lQgcxSVsl9kWlHcoEllKbf0Hb1muKVwoGGYxFYna2jsLFVjG29M7iPSgrHjmg/+
I3fmsLZ0VI9kmxniUlZ6gz5NB5PJ3RXmwKO9LkBgE5C1wpuZbNEQ1NsR2bprlJPm
++GNSo8HaheuTRJn42kkOgfIJwjuvXih3FE/NtRA/W8H2uF6YLDjBKGZJbxQcmsd
CTEuCRCVP8X7C5n3rl1YqzfWfNr8QFxvH7ivG7KOlSxvyTKcYatWb9uDUPrnr74f
ZaMljHGsNyKj70MzZcrrsmt61yWGR0h+02rmIKlskl4hkh+qF5ehI+Bkd7eblsBy
rxEREHq/ij2Vd7l0Z606YCE8vj8WfcsJj8JjwR3A+nND/oNJTTbQ3b8OvasvqIey
WqqmGg73nbHjd/VIAUsfvnsEYatDk4pAA/wQr9c4T4s5Q/QRwDrAsa4J89FrDjWC
hQBPL7TaP8Af/3Y3/86jLCN4lnW1qjPXv5rhBFeI0EVi1k1qdV06qr5HOk7CwQTT
uc4rCdFcEnw8kVKZa/yFnlJfRa0Z4IwSahdp5fdFEuad6LpOcFFnYxWtIWhcg4GT
RcMha/OZnsfqOqiAt6In+1IwuJBz3uMM7xw2AMaxzAejGEL63F81C5iJ6Ld6kQK+
XblDW0G643bVbzkBb46MAT+UnLuWQUs3NDtk1FEioJyWUgbO/srMH4MoWM7rG8ZT
nQPohNmPBrqL2phmE27HQsQ0rTjH2Z2ol7iy9OFMtT0=
=MkGo
-----END PGP PUBLIC KEY BLOCK-----

16
gating.yaml Normal file
View File

@ -0,0 +1,16 @@
--- !Policy
product_versions:
- fedora-*
decision_contexts: [bodhi_update_push_testing]
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
#gating rawhide
--- !Policy
product_versions:
- fedora-*
decision_contexts: [bodhi_update_push_stable]
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}

33
generate-rndc-key.sh Executable file
View File

@ -0,0 +1,33 @@
#!/bin/bash
if [ -r /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
else
success() {
echo $" OK "
}
failure() {
echo -n " "
echo $"FAILED"
}
fi
# This script generates /etc/rndc.key if doesn't exist AND if there is no rndc.conf
if [ ! -s /etc/rndc.key ] && [ ! -s /etc/rndc.conf ]; then
echo -n $"Generating /etc/rndc.key:"
if /usr/sbin/rndc-confgen -a -A hmac-sha256 > /dev/null 2>&1
then
chmod 640 /etc/rndc.key
chown root:named /etc/rndc.key
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key
success $"/etc/rndc.key generation"
echo
else
rc=$?
failure $"/etc/rndc.key generation"
echo
exit $rc
fi
fi

175
isc-keyblock.asc Normal file
View File

@ -0,0 +1,175 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGNjen4BEADDHiUVNbkFtiKPaMWjKxbKmF1nmv7XKjDhwSww6WFiGPbQyxNM
r8EHlEJx5kMT67rx0IYMhTLiXm/9C4dGYyUfFWc35CGetuzstzCNkwJs7vZAhEyk
+06CX4GFiHPOmWIupGCxFkNz1Qopz3ZePMlZRslVCHzW4dbg5NKLI0ojXlNaTDU5
mgUXpsPi/6l6QE6q3ouvmWPF4u71cZ1+W4UkIRAXOlbVsDzGaMaoHjJd8cOM8DrZ
gKHACNPjzqOvEujXDC2vyKw6XpxR+pHz0QcrRtlKnVhPNiKcDfw2mJJ5zxi9uSDc
dh5FomMn9sS4gy2Tub2urELnPf9xnURftRGG3VO6nZc81ufQB4s1BNT2ny0Uhx5V
mXUJwefMypMBfAvWCWBCeyWYtBeo7LT3NmtLq3oVGPfl7+a0ToFAYeghspK8/nOX
6/fqF1MEtzvWjXljz6K7FSDYSY9AoaESLHGwCo6dtff5S7f1+l6PCUNo6aM/B5Ke
SIAN9Lm6z2iVuy9Lukw+5IRoRKHHV4rJauPtDeYoWnNiSd7Q4vFtotUIjRpDARpm
xWS711Q2T+knHFLEiU8QzxjLhOnTzh4n9dDLHCkOY5WM5krldVeL5EuTyPKinuSn
oE01A7I4IGJp753CshibxjNYDiEOVeK93R38Y543edlIrYxnfyMVsiqPkwARAQAB
tDRNaWNoYcWCIEvEmXBpZcWEIChDb2RlLVNpZ25pbmcgS2V5KSA8bWljaGFsQGlz
Yy5vcmc+iQJOBBMBCgA4FiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmNjen4CGwMF
CwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQUQpkKgbFLOwiLxAAjYuI4JQ8mPq7
YrV9m4tu+jOKvoKfpjct2Rh02n/X3ChOgrdcXU898eH56tRk8Mv/E+cBTPN9zQn6
rLprbYR2t2R+zgvuUZWA8In7aewoPIJw8OdlG0gTK9m3VHJIOhIX07qcFttSZw4m
4rEU5mdxi9FatBWBzqnVm4Pn577aqRXK908j+6TvgWbZ6Cq0tw3syVT4kGj+93+P
uIQQQkTYN8UDQPsAKzfzkbQC9I5YXBKUoB9CfhXig8V9N75R0gsWkJ8Vy/8wsPXT
9/EPIIzhnhSuUIjvvBPbLGrzDgbhrfUQ/QVuXDVN8xl3rAWM/tiNGOnmzoYORyM5
ftrnCDIaO4aVKR6rtEzfdQa5Kid1StfhFien/U8jYErxkEn2HRt2gVEX5nYq31T+
0jgVode2Dzkm4+HKHmfOYsQeC07Mu6wZw9raNYqFjTcfh0ajFpLIT3j2YqOJE2jy
KbcveJcy2NiOiUl13exIZuBkZm0wEVbvgVX1PlgL3GJqnbU/Q+maRTb8FBoQVsOd
GIm7U/phU91qR+00SkOcp2LgHCCNKrmHXgiBNYBbInNIp6ze3bFvfKTRFn8WdY9v
Z7vNfKar8rt90mpjYG9qMhmvh4E9icfp3wRUtOwyi7VVtVTTUq0iFTe2C0m0v6KW
XcDwwwaTbl79BOqOH3Gp1flS2ECBsyiZAg0EY2N8xQEQAMWcyZbpxEyefX4JTszG
ocpz8C8yqvZJQUfoDK5AecQWR7OegPkIqwJcHEH5cz+MduklXNQdra/snn6pxGig
At3xCwfzRTH/aYXdjcjnma1elzZSTgk6Maw4zR/W9wea2DcUtMCcsys0gviN/VUe
Aqt+5pmhy2PlEWfJG+Mzyrqgz3Q8hRyAJAKONAwNhs1A4ZqQX/6iuCkJbH1CBeoW
+c+5qJHYEXsx25qR1yiKOFo5b90QOcwaebUq+xKQRlnESn75FTgDjDfDm9BqrHcn
Tv79kOuIN5vhz4BCsuo5QbNu4RGrs/1VSTPvMf5AN7xs9pYNMAEde7pSF1Ps3B5p
CE6iUw9L53ytV4iJQKXpzG29LofUu65YQjIXPgK7NbBO7FUHA41YbSfoWiOAjfMh
iE025YM2+RPQh/Nrc3PqBj4h21ycT+d8eEXKfc/okbVFFE9dKS1hUwKgSrs7baOG
CBZdpiB+t3jWrr8UrteALab7v0rndco3QKOe9U3f+Gm3MdgLK1TGiRgpdyiIXEel
J7zhsdoYEvaKMgUOjhf+COdlf8b9ITg93mDKe8h0OcpirCXw4O2ma3sklabzZKZf
CPhhja6Ro5gmO5pxaLau+esQWNrjEikynNIs+GRphtcFsVVH+ww26mR0nI65Llgv
kb4+DrbDGSPP6R/C2q/LMLM1ABEBAAG0ME1pY2hhbCBOb3dhayAoQ29kZS1TaWdu
aW5nIEtleSkgPG1ub3dha0Bpc2Mub3JnPokCTgQTAQoAOBYhBNmczq+Hl0cBTwON
YxguI1eUYu+qBQJjY3zFAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEBgu
I1eUYu+q9IAP/j/GGneuvjwbXdATiQAmkiFlOxjs+SsO/hgA/mmWcm+Kpg4cAlbP
C2xEDa6biJyZ8TmLZEqPNrRm/umiisC8JnIJpIbInn42n4aDCRDW35lrYGdnP1Ft
fexnEOWAJBDRVvh9OnfRfvf+HLFfLFl40b/15YzkTYGIfrMR9y8zalkzXxsVNsyr
9Eq2pmYR7BT2z8d/9SAVuh8D3qgUylIgcFcCFJodsrI4zJSpIMfMntwVsZxDlis8
JVFN8/pfhuBBe6vjqX/cGJnj6OL3T12jvvniv13W3rar2Ocm6XA9j1t5TZNhKqAy
azAKu52NtdJjh25B6C/H+haXAX1eduCCE74uSarqS3F1wf6JI3p8fnWzk4hZNzxp
nZjIk3vrHNjE4jXTZosXCf5DoVRfMpNbxj3YEnXV+kNZQRYPPatUPgFYbxz91hbN
tHyCiy0GmTyf0QId8LTc0y9mPtP9QureJJ6rL8lt7pvXyrYglqhxDgRhJIGKMKdw
0bQtTEF4tyNzC4/sg4/omAGH66clhXlqMmuUjHSUiQyA4LL1mJl63Q+bwqXX4B8t
898tSUmb4Jmg3jLZ3Z9Hl7H8Sp3yYPOLzb2YUF6w3xFsUrNNzVxHFo8tAtEhtEfX
D+ypkowZq8g41WqMlOBrrzQFuExUSXckH2Cn97lV6lkBoueqxP+Zv0bbmQINBGNj
qIkBEADDw/CKszyuFKpVp4Z26rKJ3ooOlp8p9a+fmfuknPtMjJMSX8xK8pOlK739
K83yvDRUidT4+R9IAUKM7TqGA0hoPZmZQLiK0YLlAAXufKxO9IsDZI/7DuF2d8fu
usKQfS4oJC/IbzOAVwgwodnvKhttLWutT09GxiHrnfVPu6Uf4A+GWtrcTIWhXuxE
m7+16ToxBOTLtQ3hh79/RndUuM0ldKRRzJUzASGIPmdQJDLCKgSSeaGjZAdq6gkl
qT/K/R8eoLWSOaBRq8lBE1k7Tq4nSwthMHtCQq4+vxFWH3VF9hwy6ixccROPqt9s
fNfJK3KF4KGhfejMuVn/Lxp1v+Ne2DsdnVofFakAbBMpMyauzAyXPncYSfFhzLBD
kkn7THkfRznmHD8ux89kV534EyqYLjAy8AAD6zNc3tSYgfC0UUw7yz05Sl/eV9Xc
pbezu2ipONlXko8jpCQiiHck599cy+StrjjYPwcHF5m8uUlNnzHoUj8qsoK5SA8u
RnTW2I4DFbL0+x8eL7gmNQYFdMaA4azogtaTFWgPL2jPJ3B+/bUfHDZflvR0FB5+
OD/QHsDv4SB6uX8TOhGbFsHpt7E0scb2U9B8gQeQQJZ3jmcIRp+K18mjYh/ErDFW
23ixBe7h3tn2MGUTOhv1ibOYDE3GYBuGLQiom6yhCs8zrneuAQARAQABtDFXbG9k
ZWsgV2VuY2VsIChDb2RlLVNpZ25pbmcgS2V5KSA8d2xvZGVrQGlzYy5vcmc+iQJO
BBMBCgA4FiEEAlmjO19aOkRmzzRcel4ITKylGIQFAmNjqIkCGwMFCwkIBwMFFQoJ
CAsFFgIDAQACHgECF4AACgkQel4ITKylGIRk9g//XrvOYy9zQkpo4Dkol8yLxr99
Dq9Ur2v8F5Ba4za4QdUxeYrlq8J827mkUqMtnlyb/+3zSMy2I6HAI8QxlDZL5K0g
Gm7iLrwVTM8nAQiNU5vAe4D6PeO5ATBEvRdAUTQGz4xeaTrUXbmNUSC1dZEPvH1z
Fa/Z1WZoy9GLeuWDXix6OXTP8FlQWUTL4/ILLtfJDsWCCX7efkyfnvad8Ye2NfU9
tBjRX5QQ0Dpvgpr8/7El44XcmaHxPWEiq8X2p/d6j3nU/7LspUXRu3ptu5Q2RqMM
iRDZme2c8zieHETpC7m5sshzGxRtT5jWEtZ6V37On5DNTObvXCiaGV95qgiHi5VG
s3MFD3QSo1jJI951k68UM8V+OnzbJGN7TezZ3fTn5Pwdd4C4035QMl0E5NXCcXc8
9d+3DeFmewRRGCaOKPuO/jFPLWcwMlQqp5tkNx8LpqEZfD7/t6FrSvDUsUDU8Rn0
TQILnUZioO68HmeuJbhKaUCMuZGjBIbBqviiufFRiJuEFOVKADQ1u/P5ct/0T/gE
JAho3aubzdYMH5DLsaw03W5KfOjeTLW10zSmSK65wnR6fdwlo5l/Sg6Z63QXD+/H
/OIFgzviJkyoh6MkH55z2K8BDWbhOmaUBjNAcQEXV1KyHeLDkQ+TJfLjctv4KIpv
D7i6kNIp1b6OSdDS9W+ZAg0EY2OzdwEQAMRWPO237ohaXNpKO+dw1qkfOYYisiTQ
yfkT7BG0Xvu8jxeOdRuvUzzplgOfwWhOQkyEEXd205/PpwReeeRwhiu0BDSrzYGM
KZdw9Bw4enoaOinf5WTqM76mc5WUYfvDJIiHies+ANxj4EqTzvSif9hxvvzrbKYV
lHdaGtLm40D6yZSzDEe3X49DmEABM4g/Bs7NfVJcJ3LtLo6qbLy2tKEgNPW+VN/s
harufucxnH5HM6BUUOGZx8L04UCNJu+jvZ0zjLc5DqubNO1526kZclAo94DfTkb+
ir9nxKn7RkdcseibeYPdeIh3le6aU6M0KhTJs3RCxaQF9At08Vrrkh+wkK2Jr5QW
bs8cHpEJ+Q7BwDuAQetFi94eq7Sswh4mjhJ6ZnFCx8v9EbQnvL76afMbhZOezpaQ
aAwXVuIio2fsJpHfxWnXb93H1QKiOQdBZZLQGowcFQCqAWg7h2FwWWbKMV1smGHr
/28tLZtk/4aSCd9cZ9+nofFPPemPLbYwnBECIZN21QKZ2oBXKxb3hchy4EBTKWtC
G/fbTsjSfTCUpMNZ57HO3rGXchjSdIf+tTGJpAqWkTcXuhWXBMWPK6/2REk/DKis
XHugHg9R9hqGs2DaMpGh5NrOLly9+0dsjU15iTQucXbCS9895bRtmDjIN8dLSo9H
6DDw4yO7SHTlABEBAAG0NE1hcmNpbiBHb2R6aW5hIChDb2RlLVNpZ25pbmcgS2V5
KSA8bWdvZHppbmFAaXNjLm9yZz6JAk4EEwEKADgWIQQJCioHkj+SW1dngDpC5d94
yDJx2wUCY2OzdwIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBC5d94yDJx
29U0D/41C8WaGEphQW1N5lT/1284qiPuz3w3iSciAAoAe8iHUGBcSNpAWQmWvWXI
buKb92Gtt8JtSOHwQj8qiHjqRsUu02t/tEgQMQUq6p2jqbxODJfHR8oMFMMB0i0I
RgKtEQeq5wRJpVtH+zIFSl9PorsJtHHfhVbqxvE/axcNKa+WaqZdHuKMqADupQEw
6rD7yYVX6YPiHxMhba2AAAoHT/3VpHC0JidZ5BWGwkfnGbV1/7O91GHfJx6KN/AK
DKb5hFl4TrieDLJzphBWg0y4FJ4K7WSIKvcT2cLel9f9pHV6ysqSZWkCbkjkaVIi
LyoA0o7l263WU0D5oG2ihW6Pa2YrWHDDjfTem+kOEFsMjN+Gw74I4KWUBtldfnHK
A8TyeviKkVok1lwDAoJ3LJi/bcyCLgBZLInOU31mQ7mIXq1ENCOIvQvaG0Lwdt59
sBI8sknHkt+54t/VCaKbWSBOzgGur6EDf9WtPHWvHNCKEleDiHCELdhRYYtENO7T
vTv6Fq6Lh26dor26LnARLPvGLAKwONJ0vlTEG8IyoD5AHz9MwdXYgzh8wIvc/HtD
/0FlQGLd0WYVI6UjZfPxHOZAzARJKXLJMqiSn8hnO8v6JZaUcOF0yRKTKtzqsjzU
v9TubCGdQAaCSCaD2fmA0BEs/FpOnZ8P1fXMpcHGEtMV0qc0wZkCDQRjY7/GARAA
ubCCHkdiMblMA9ZlcOVN1Wep7TuYxQouATTb+73iHDQRNIU7DvluHoSq5zJe1Qst
zjTmtlkr2dyI5JnBexUEKrw2X7gPXfLaXY01gLLB/Jn8tU9VxPqBybxmjmEdP58B
I7BwmCyMYNqDuvPSfTMlogH/pF35Al+c8UbOfDEQqxSO2nKPNa4T5ZoVxvMxV4gn
hEJPv8Xte/wiE+CxxbmO2we6rwJjWe7O3T0mNmqvpO8iIsLlQnwTFD5L1huywPc0
UDHK0nl8k2lkue2buaOiancLatXt/i+L1DIimCgZwOt3DlVLURH5lz5ALXE/fn+5
wKkp+XVyNTAEFhSGifgBDYFw3nZeRTU7unMsRssL8SjuwPWoCcRI/3VE08xCuXc+
h6NpGfeJjLRgUSSBF+958djY320TcXaRLrqRhjcJ34dBsDYsRSC15nnq2JU6Vj5t
rJL9qOdwVAFwKeAfROUULcy/LHZ3QgKLN5jOfdqYzE2KHk1+VANttRPTG34i6uq6
yzCFFYadwST22+QWvxh2ohYj2INvvrzRf3lVxssWyb4USB0JPajgnGeNY/hSYfDa
KArqOr9S+3q7h0v4RgoPxDRFIC8v/10W4wPC7R3wj0m/1WHkSm951Wtzq3V84uCF
LLhx2ByNpnJFRFqklonAH3WHUIeYcdXAsTeunrGU/XsAEQEAAbQuR3JlZyBDaG91
bGVzIChDb2RlLVNpZ25pbmcgS2V5KSA8Z3JlZ0Bpc2Mub3JnPokCTgQTAQoAOBYh
BJWA1r8syA8eO7ESUt6rkdVLE8m4BQJjY7/GAhsDBQsJCAcDBRUKCQgLBRYCAwEA
Ah4BAheAAAoJEN6rkdVLE8m42PwP/RFmUzgsoM23Z/NQ2AacCFTmHweEllkmf+25
3hP80BuSHKsdzlmllFux+xbKZEpQK0nL3fqW8yyv69WmsoKZPpZJxmQ6bwUbtXC7
rHkt5gfOXiTaxDBmgO2dcnDsKLb+bEQ7C5hay1P8rOvf13a4UZeTP37gRGmMr38+
LvADIspIxBdSvFa7Hb4HKG4VVDai8jaPCF0q8daEWMJxyKSfOQBtSVVAzjLcGrYR
bCPDAI1DEASyQOru52WREe4vJCwSaq9dZyGhaWcnyTVQO8bsSLxu7cUVxA3SOheQ
izYKkYNbaBDmWlZxLYFsTUf5izEYdW5BwHaowmw22hSspFod+c37BoY/ePfkR5iQ
YuEff/unyqvdHMDqIXWZqpAi5o5hW3jdCd7ZL5T0WWjz4CQ8eko1ZYYnYzZlDrge
F0veW8+lzHBLx3Ad8HyVGwtRe+VV1V0AZ0lpWMtxo02ZDRtqNDqPqVfLT5P87ZPv
r5GhKtedgrjwY2clgmCT0xgAKNxi2SC+c/vI5PRkIoqwbTiryLIYq8tl6T1k6AMY
eN1ZNQR7eNEXpIvYRD/BZw7IWKkCRaKwfDVhUHCm0ikylwdLXIfEEEA5mu2LJeZh
vCddhks0S8+lRyWR/3okurF6rlloNtM1pslceh2AMDwfs3fORhYJxFsV7O7fyRnD
NS93fq56mQINBGNj8P4BEADXK//p0lWEUNUYirsm6BUyUXqPlPrpVTdPB1tJPj1o
zgeMKFOpYRPU1IZF1G6pbKD09gL6y19LehQYx1a57PF7kCx2ZvvcFN24EHto1H1p
Ti48dZ7KyyEO1rBeLY5Zjgz6YvQZcSH3cd6cTrAo7hPIAjtgSTWp04FjtYJqf+tT
gf+9ZWY+i4nQ6/Q5Z5NUd8jsOcOoFDsmY6Fds+lzn0aZSg2yfd8fnX5QFOIwDv66
aM25q2kvkrX0wtvSQbulC8x5g6fIB3xEL6MWbXcEBYkBMW5Cnw/Kmyj7lJwVwvEO
FFhKaOH/d2LG3rM66gl048aJYLhEJyFSyooBynXs8S/NLDgca94Bvb54FPX8LC3p
lqJRLxhdkha5NLcUYiHOq/L7LWdThh5rRAy87Ggog8TVza118K3oiYujlyVEzLhB
NVMT8x5kl15YknVgOKJAv9j28bSZihHrS7aga1BtYFD8yA9MuuDaHARV6YmThkdg
OEz/PNECjsxCLcT5Bbthzg6Jg1qo3Unyeup0UbyX4zxSphCVmerDmMYddLjJ/ydc
1uxyn4IPINBSx2sAPuUIymhVC29MB6N+SnB37/poTvSsIH15Vg264OVdaervIpuC
W3eUANr7zrdO85nc1CTWGhugFwccXv9nyxAt8zUF/ci17p1/mLpy9K3LqlStVI9j
MwARAQABtDBDYXRoeSBBbG1vbmQgKENvZGUtU2lnbmluZyBLZXkpIDxjYXRoeWFA
aXNjLm9yZz6JAk4EEwEKADgWIQT8h0w+P+hncHCscb617/asfhrd+AUCY2Pw/gIb
AwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRC17/asfhrd+HM6D/9KD/n245Fq
jVzew92lJtufAxAFkTA5WO6fXweMlUeqMOub4vpVMLPLoFe5TzWbJMtF0m/P5+aU
YbcvZBWFHsrnwTgA55c1VrhggLOxpw4EU0TvBdwrO7PFOYc2WznaMG+mJdqw+uNM
yK+G44aIaC6rvi3ILSo5HPnbgQWHs39QIRLLcUjtqvavQQeyYAl0zrvNI9Xrs/Nf
eE6PS4hIXg90A9VJRhay18w9hA+STb+xmK+3oSwP1ayLqqQ43OnV/pExSHBsjBQk
4p1nIPlRFL30lGp/o2MoBsRvQM1tELpgBTk1LaTHzuKEpOskrWU37xu0QgEtj7YE
r0X+GGBxgJuUzqSyLsaDgH1sEDqE+AthFfv2dxDadcXM2cdch9y3OyuSMo89aWGc
mEVyesjYoV40tDCG73qLtfehhV/iARDMCfnZGyGYIZdDBL+tZTNeLKVDIUi/R3x9
OmpEl8ZuCuYltyEsJnCF/rQBVMgcTOmsMu6CMx+qT3kC8iGtHqkUT2ufpKISahTn
e329FQjClEWwBHkr0T4K80Z0REjSo6UBtio73IOCxXe0RqO37L/qgo8xKZbLxy86
857PRWJhgbw169FJ2kR5p+M5d/g/MUeYnigvWlORW5LyrFg6RnZ1ZbULZI80QhHN
aSFf/w020HBsLCkzWA/XM6MO2ifJTSn8NpkCDQRkSjCrARAApLUMHAbmxUMWLgDQ
apRZBwWXriEyIVqA/SIy1PyWPPFXqs3LZ5Kn5Gw1WO8PfzkPZNtccGmNLjujIoRB
qR41nV5zxcpS896SujBoYl80A4F4v9Op9i2pFeI9r9acFcUDjbGWBqNro4EfRcJN
Ctkd9+pl3TUvFX06QCTxmmHy3M81SW3b4NWI+jia1cKjCd+qBFBgKWdjSMBeVTBC
R9eKqsBQ1UJql2bRzc8pReS+TYCeEbhaOCvUCCKCwGtsSUOW726iNB/4zR4OOuQV
B9ORufwed+E/RXa8N08/l5O96uXG0krJtOVm0/qQcXOaKxiDo6djnAgCdjFK5zaj
7594wqbI7de58alWb/egqIhjBTgk+/cO+epZ05qx5SoJZL7ny2ottrfS2cBqP4g1
SIt1sYl9ImHmJkNrNDy0s25nE9Nga6OfRqVbwnwot4ouTGwj0oZsCjw+gWjDdztH
1fUWSnlA8jaX9/RZG2wKt9dI+Tp/U4d5dyTb8lIIzzgtAzDmDfPxwwT0rxAAL13A
gDkJ0AzXA4WTOxb/JE2yfCz//kt7n8SYM//LixL4VAB7e/wnfZBhTq0OFpaPjFU0
h/k0dc40AqcUuK3lSSjQr3KTzRHtjz8qtN4DFSuyZac83QSVtWE1rFKjS8bl3XHC
kFFRJ2dMt2WRSkLOYNiTGbYLvmEAEQEAAbQwQW5kcmVpIFBhdmVsIChDb2RlLVNp
Z25pbmcgS2V5KSA8YW5kcmVpQGlzYy5vcmc+iQJOBBMBCgA4FiEE2mo1COZypJ3T
gq/ZW49NkbiO2QkFAmRKMKsCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ
W49NkbiO2QnQZw//XCpeqT0z/sqtu4FYWwYLz1OvWqhe+uA45f9BccnNSVkGFa7w
3hlLQC/FLUIx2cVy9AluJBP29iQge/bCcXnzo/QvCbhe/4lCTxhr7nsBe1bWpuNI
4Pl+cQxZQBwcz74zZ1jjaaQOqm3XtdZxeKNfCQmNvz389UZEk2m8K6qJD23fy20V
n5Y2C502UuP3MitbYKBxBSbs+Auwy1evz/prQ9VeD4Nv3Zr+jWbWFW+dSDC8jkrX
cGdwWrUQ51QD8VBB9lPWPGY6yTbRmacr4AlVSo2DAfyjHRrGHigRF/VAD5p1+u2g
3UFLJaEyujfzwU1kG4+zQCWZ2W2UBOekklq/yefxEY5vU1/Lad7vQhBmogQNF21T
FvLUE6ez7XNsdMZStDPiT8OoTyFZYLRM4yw5rWKw+1mICBv7NV82YD/8hoMoZPyX
2tNRTXv2MZ6qD++0dMCIZNEyFTB344srvQSyJ7K7vwxulc7iFWngRA8oe6JkAhH4
B0yNq1FJm6jIL41S2FmnDL3DlfAdKWapBqzgqkv+X5DQBaTlG9a4BcSsdMJgU/Yx
dD03YsKhDtEWTqBmmEamR1K1CgCC3mOJfsHB5z+Qhdraz2hMr00EQrD5lnpLLpcF
rYWoilvVlRy7Y7U5wfhY4074L2ZfB+yElKsvtfGKJX/8g+eJdeRuII+hjEc=
=NX7P
-----END PGP PUBLIC KEY BLOCK-----

411
ldap2zone.c Normal file
View File

@ -0,0 +1,411 @@
/*
* Copyright (C) 2004, 2005 Stig Venaas <venaas@uninett.no>
* $Id: ldap2zone.c,v 1.1 2007/07/24 15:18:00 atkac Exp $
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*/
#define LDAP_DEPRECATED 1
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <ldap.h>
struct string {
void *data;
size_t len;
};
struct assstack_entry {
struct string key;
struct string val;
struct assstack_entry *next;
};
struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key);
void assstack_push(struct assstack_entry **stack, struct assstack_entry *item);
void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item);
void printsoa(struct string *soa);
void printrrs(char *defaultttl, struct assstack_entry *item);
void print_zone(char *defaultttl, struct assstack_entry *stack);
void usage(char *name);
void err(char *name, const char *msg);
int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val);
struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key) {
for (; stack; stack = stack->next)
if (stack->key.len == key->len && !memcmp(stack->key.data, key->data, key->len))
return stack;
return NULL;
}
void assstack_push(struct assstack_entry **stack, struct assstack_entry *item) {
item->next = *stack;
*stack = item;
}
void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item) {
struct assstack_entry *p;
item->next = NULL;
if (!*stack) {
*stack = item;
return;
}
/* find end, should keep track of end somewhere */
/* really a queue, not a stack */
p = *stack;
while (p->next)
p = p->next;
p->next = item;
}
void printsoa(struct string *soa) {
char *s;
size_t i;
s = (char *)soa->data;
i = 0;
while (i < soa->len) {
putchar(s[i]);
if (s[i++] == ' ')
break;
}
while (i < soa->len) {
putchar(s[i]);
if (s[i++] == ' ')
break;
}
printf("(\n\t\t\t\t");
while (i < soa->len) {
putchar(s[i]);
if (s[i++] == ' ')
break;
}
printf("; Serialnumber\n\t\t\t\t");
while (i < soa->len) {
if (s[i] == ' ')
break;
putchar(s[i++]);
}
i++;
printf("\t; Refresh\n\t\t\t\t");
while (i < soa->len) {
if (s[i] == ' ')
break;
putchar(s[i++]);
}
i++;
printf("\t; Retry\n\t\t\t\t");
while (i < soa->len) {
if (s[i] == ' ')
break;
putchar(s[i++]);
}
i++;
printf("\t; Expire\n\t\t\t\t");
while (i < soa->len) {
putchar(s[i++]);
}
printf(" )\t; Minimum TTL\n");
}
void printrrs(char *defaultttl, struct assstack_entry *item) {
struct assstack_entry *stack;
char *s;
int first;
size_t i;
char *ttl, *type;
int top;
s = (char *)item->key.data;
if (item->key.len == 1 && *s == '@') {
top = 1;
printf("@\t");
} else {
top = 0;
for (i = 0; i < item->key.len; i++)
putchar(s[i]);
if (item->key.len < 8)
putchar('\t');
putchar('\t');
}
first = 1;
for (stack = (struct assstack_entry *) item->val.data; stack; stack = stack->next) {
ttl = (char *)stack->key.data;
s = strchr(ttl, ' ');
*s++ = '\0';
type = s;
if (first)
first = 0;
else
printf("\t\t");
if (strcmp(defaultttl, ttl))
printf("%s", ttl);
putchar('\t');
if (top) {
top = 0;
printf("IN\t%s\t", type);
/* Should always be SOA here */
if (!strcmp(type, "SOA")) {
printsoa(&stack->val);
continue;
}
} else
printf("%s\t", type);
s = (char *)stack->val.data;
for (i = 0; i < stack->val.len; i++)
putchar(s[i]);
putchar('\n');
}
}
void print_zone(char *defaultttl, struct assstack_entry *stack) {
printf("$TTL %s\n", defaultttl);
for (; stack; stack = stack->next)
printrrs(defaultttl, stack);
};
void usage(char *name) {
fprintf(stderr, "Usage:%s zone-name LDAP-URL default-ttl [serial]\n", name);
exit(1);
};
void err(char *name, const char *msg) {
fprintf(stderr, "%s: %s\n", name, msg);
exit(1);
};
int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val) {
struct string key;
struct assstack_entry *rr, *rrdata;
/* Do nothing if name or value have 0 length */
if (!name->bv_len || !val->bv_len)
return 0;
/* see if already have an entry for this name */
key.len = name->bv_len;
key.data = name->bv_val;
rr = assstack_find(*stack, &key);
if (!rr) {
/* Not found, create and push new entry */
rr = (struct assstack_entry *) malloc(sizeof(struct assstack_entry));
if (!rr)
return -1;
rr->key.len = name->bv_len;
rr->key.data = (void *) malloc(rr->key.len);
if (!rr->key.data) {
free(rr);
return -1;
}
memcpy(rr->key.data, name->bv_val, name->bv_len);
rr->val.len = sizeof(void *);
rr->val.data = NULL;
if (name->bv_len == 1 && *(char *)name->bv_val == '@')
assstack_push(stack, rr);
else
assstack_insertbottom(stack, rr);
}
rrdata = (struct assstack_entry *) malloc(sizeof(struct assstack_entry));
if (!rrdata) {
free(rr->key.data);
free(rr);
return -1;
}
rrdata->key.len = strlen(type) + strlen(ttl) + 1;
rrdata->key.data = (void *) malloc(rrdata->key.len);
if (!rrdata->key.data) {
free(rrdata);
free(rr->key.data);
free(rr);
return -1;
}
sprintf((char *)rrdata->key.data, "%s %s", ttl, type);
rrdata->val.len = val->bv_len;
rrdata->val.data = (void *) malloc(val->bv_len);
if (!rrdata->val.data) {
free(rrdata->key.data);
free(rrdata);
free(rr->key.data);
free(rr);
return -1;
}
memcpy(rrdata->val.data, val->bv_val, val->bv_len);
if (!strcmp(type, "SOA"))
assstack_push((struct assstack_entry **) &(rr->val.data), rrdata);
else
assstack_insertbottom((struct assstack_entry **) &(rr->val.data), rrdata);
return 0;
}
int main(int argc, char **argv) {
char *s, *hostporturl, *base = NULL;
char *ttl, *defaultttl;
LDAP *ld;
char *fltr = NULL;
LDAPMessage *res, *e;
char *a, **ttlvals, **soavals, *serial;
struct berval **vals, **names;
char type[64];
BerElement *ptr;
int i, j, rc, msgid;
struct assstack_entry *zone = NULL;
if (argc < 4 || argc > 5)
usage(argv[0]);
hostporturl = argv[2];
if (hostporturl != strstr( hostporturl, "ldap"))
err(argv[0], "Not an LDAP URL");
s = strchr(hostporturl, ':');
if (!s || strlen(s) < 3 || s[1] != '/' || s[2] != '/')
err(argv[0], "Not an LDAP URL");
s = strchr(s+3, '/');
if (s) {
*s++ = '\0';
base = s;
s = strchr(base, '?');
if (s)
err(argv[0], "LDAP URL can only contain host, port and base");
}
defaultttl = argv[3];
rc = ldap_initialize(&ld, hostporturl);
if (rc != LDAP_SUCCESS)
err(argv[0], "ldap_initialize() failed");
if (argc == 5) {
/* serial number specified, check if different from one in SOA */
fltr = (char *)malloc(strlen(argv[1]) + strlen("(&(relativeDomainName=@)(zoneName=))") + 1);
sprintf(fltr, "(&(relativeDomainName=@)(zoneName=%s))", argv[1]);
msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0);
if (msgid == -1)
err(argv[0], "ldap_search() failed");
while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) {
/* not supporting continuation references at present */
if (rc != LDAP_RES_SEARCH_ENTRY)
err(argv[0], "ldap_result() returned cont.ref? Exiting");
/* only one entry per result message */
e = ldap_first_entry(ld, res);
if (e == NULL) {
ldap_msgfree(res);
err(argv[0], "ldap_first_entry() failed");
}
soavals = ldap_get_values(ld, e, "SOARecord");
if (soavals)
break;
}
ldap_msgfree(res);
if (!soavals) {
err(argv[0], "No SOA Record found");
}
/* We have a SOA, compare serial numbers */
/* Only checkinf first value, should be only one */
s = strchr(soavals[0], ' ');
s++;
s = strchr(s, ' ');
s++;
serial = s;
s = strchr(s, ' ');
*s = '\0';
if (!strcmp(serial, argv[4])) {
ldap_value_free(soavals);
err(argv[0], "serial numbers match");
}
ldap_value_free(soavals);
}
if (!fltr)
fltr = (char *)malloc(strlen(argv[1]) + strlen("(zoneName=)") + 1);
if (!fltr)
err(argv[0], "Malloc failed");
sprintf(fltr, "(zoneName=%s)", argv[1]);
msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0);
if (msgid == -1)
err(argv[0], "ldap_search() failed");
while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) {
/* not supporting continuation references at present */
if (rc != LDAP_RES_SEARCH_ENTRY)
err(argv[0], "ldap_result() returned cont.ref? Exiting");
/* only one entry per result message */
e = ldap_first_entry(ld, res);
if (e == NULL) {
ldap_msgfree(res);
err(argv[0], "ldap_first_entry() failed");
}
names = ldap_get_values_len(ld, e, "relativeDomainName");
if (!names)
continue;
ttlvals = ldap_get_values(ld, e, "dNSTTL");
ttl = ttlvals ? ttlvals[0] : defaultttl;
for (a = ldap_first_attribute(ld, e, &ptr); a != NULL; a = ldap_next_attribute(ld, e, ptr)) {
char *s;
for (s = a; *s; s++)
*s = toupper(*s);
s = strstr(a, "RECORD");
if ((s == NULL) || (s == a) || (s - a >= (signed int)sizeof(type))) {
ldap_memfree(a);
continue;
}
strncpy(type, a, s - a);
type[s - a] = '\0';
vals = ldap_get_values_len(ld, e, a);
if (vals) {
for (i = 0; vals[i]; i++)
for (j = 0; names[j]; j++)
if (putrr(&zone, names[j], type, ttl, vals[i]))
err(argv[0], "malloc failed");
ldap_value_free_len(vals);
}
ldap_memfree(a);
}
if (ptr)
ber_free(ptr, 0);
if (ttlvals)
ldap_value_free(ttlvals);
ldap_value_free_len(names);
/* free this result */
ldap_msgfree(res);
}
/* free final result */
ldap_msgfree(res);
print_zone(defaultttl, zone);
return 0;
}

143
makefile-replace-libs.py Executable file
View File

@ -0,0 +1,143 @@
#!/usr/bin/python3
#
# Makefile modificator
#
# Should help in building bin/tests/system tests standalone,
# linked to libraries installed into the system.
# TODO:
# - Fix top_srcdir, because dyndb/driver/Makefile uses $TOPSRC/mkinstalldirs
# - Fix conf.sh to contain paths to system tools
# - Export $TOP/version somewhere, where it would be used
# - system tests needs bin/tests code. Do not include just bin/tests/system
#
# Possible solution:
#
# sed -e 's/$TOP\/s\?bin\/\(delv\|confgen\|named\|nsupdate\|pkcs11\|python\|rndc\|check\|dig\|dnssec\|tools\)\/\([[:alnum:]-]\+\)/`type -p \2`/' conf.sh
# sed -e 's,../../../../\(isc-config.sh\),\1,' builtin/tests.sh
# or use: $NAMED -V | head -1 | cut -d ' ' -f 2
import re
import argparse
"""
Script for replacing Makefile ISC_INCLUDES with runtime flags.
Should translate part of Makefile to use isc-config.sh instead static linked sources.
ISC_INCLUDES = -I/home/pemensik/rhel/bind/bind-9.11.12/build/lib/isc/include \
-I${top_srcdir}/lib/isc \
-I${top_srcdir}/lib/isc/include \
-I${top_srcdir}/lib/isc/unix/include \
-I${top_srcdir}/lib/isc/pthreads/include \
-I${top_srcdir}/lib/isc/x86_32/include
Should be translated to:
ISC_INCLUDES = $(shell isc-config.sh --cflags isc)
"""
def isc_config(mode, lib):
if mode:
return '$(shell isc-config.sh {mode} {lib})'.format(mode=mode, lib=lib)
else:
return ''
def check_match(match, debug=False):
"""
Check this definition is handled by internal library
"""
if not match:
return False
lib = match.group(2).lower()
ok = not lib_filter or lib in lib_filter
if debug:
print('{status} {lib}: {text}'.format(status=ok, lib=lib, text=match.group(1)))
return ok
def fix_line(match, mode):
lib = match.group(2).lower()
return match.group(1)+isc_config(mode, lib)+"\n"
def fix_file_lines(path, debug=False):
"""
Opens file and scans fixes selected parameters
Returns list of lines if something should be changed,
None if no action is required
"""
fixed = []
changed = False
with open(path, 'r') as fin:
fout = None
line = next(fin, None)
while line:
appended = False
while line.endswith("\\\n"):
line += next(fin, None)
inc = re_includes.match(line)
deplibs = re_deplibs.match(line)
libs = re_libs.match(line)
newline = None
if check_match(inc, debug=debug):
newline = fix_line(inc, '--cflags')
elif check_match(deplibs, debug=debug):
newline = fix_line(libs, None)
elif check_match(libs, debug=debug):
newline = fix_line(libs, '--libs')
if newline and line != newline:
changed = True
line = newline
fixed.append(line)
line = next(fin, None)
if not changed:
return None
else:
return fixed
def write_lines(path, lines):
fout = open(path, 'w')
for line in lines:
fout.write(line)
fout.close()
def print_lines(lines):
for line in lines:
print(line, end='')
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Makefile multiline include replacer')
parser.add_argument('files', nargs='+')
parser.add_argument('--filter', type=str,
default='isc isccc isccfg dns lwres bind9 irs',
help='List of libraries supported by isc-config.sh')
parser.add_argument('--check', action='store_true',
help='Test file only')
parser.add_argument('--print', action='store_true',
help='Print changed file only')
parser.add_argument('--debug', action='store_true',
help='Enable debug outputs')
args = parser.parse_args()
lib_filter = None
re_includes = re.compile(r'^\s*((\w+)_INCLUDES\s+=\s*).*')
re_deplibs = re.compile(r'^\s*((\w+)DEPLIBS\s*=).*')
re_libs = re.compile(r'^\s*((\w+)LIBS\s*=).*')
if args.filter:
lib_filter = set(args.filter.split(' '))
pass
for path in args.files:
lines = fix_file_lines(path, debug=args.debug)
if lines:
if args.print:
print_lines(lines)
elif not args.check:
write_lines(path, lines)
print('File {path} was fixed'.format(path=path))
else:
print('File {path} does not need fixing'.format(path=path))

View File

@ -0,0 +1,12 @@
[Unit]
Description=Set-up/destroy chroot environment for named (DNS)
BindsTo=named-chroot.service
Wants=named-setup-rndc.service
After=named-setup-rndc.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/libexec/setup-named-chroot.sh /var/named/chroot on /etc/named-chroot.files
ExecStop=/usr/libexec/setup-named-chroot.sh /var/named/chroot off /etc/named-chroot.files

25
named-chroot.files Normal file
View File

@ -0,0 +1,25 @@
# Configuration of files used in chroot
# Following files are made available after named-chroot.service start
# if they are missing or empty in target directory.
/etc/localtime
/etc/named.root.key
/etc/named.conf
/etc/named.rfc1912.zones
/etc/rndc.conf
/etc/rndc.key
/etc/named.iscdlv.key
/etc/crypto-policies/back-ends/bind.config
/etc/protocols
/etc/services
/etc/named.dnssec.keys
/etc/pki/dnssec-keys
/etc/named
/usr/lib64/bind
/usr/lib/bind
/usr/share/GeoIP
/run/named
/proc/sys/net/ipv4/ip_local_port_range
# Warning: the order is important
# If a directory containing $ROOTDIR is listed here,
# it MUST be listed last. (/var/named contains /var/named/chroot)
/var/named

31
named-chroot.service Normal file
View File

@ -0,0 +1,31 @@
# Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log"
# line to your /etc/rsyslog.conf file. Otherwise your logging becomes
# broken when rsyslogd daemon is restarted (due update, for example).
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Requires=named-chroot-setup.service
Before=nss-lookup.target
After=named-chroot-setup.service
After=network.target
[Service]
Type=forking
Environment=NAMEDCONF=/etc/named.conf
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/var/named/chroot/run/named/named.pid
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/bin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
PrivateTmp=false
Restart=on-abnormal
[Install]
WantedBy=multi-user.target

7
named-setup-rndc.service Normal file
View File

@ -0,0 +1,7 @@
[Unit]
Description=Generate rndc key for BIND (DNS)
[Service]
Type=oneshot
ExecStart=/usr/libexec/generate-rndc-key.sh

59
named.conf Normal file
View File

@ -0,0 +1,59 @@
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

243
named.conf.sample Normal file
View File

@ -0,0 +1,243 @@
/*
Sample named.conf BIND DNS server 'named' configuration file
for the Red Hat BIND distribution.
See the BIND Administrator's Reference Manual (ARM) for details, in:
file:///usr/share/doc/bind-{version}/arm/Bv9ARM.html
Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
its manual.
*/
options
{
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
secroots-file "data/named.secroots";
recursing-file "data/named.recursing";
/*
Specify listenning interfaces. You can use list of addresses (';' is
delimiter) or keywords "any"/"none"
*/
//listen-on port 53 { any; };
listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { any; };
listen-on-v6 port 53 { ::1; };
/*
Access restrictions
There are two important options:
allow-query { argument; };
- allow queries for authoritative data
allow-query-cache { argument; };
- allow queries for non-authoritative data (mostly cached data)
You can use address, network address or keywords "any"/"localhost"/"none" as argument
Examples:
allow-query { localhost; 10.0.0.1; 192.168.1.0/8; };
allow-query-cache { ::1; fe80::5c63:a8ff:fe2f:4526; 10.0.0.1; };
*/
allow-query { localhost; };
allow-query-cache { localhost; };
/* Enable/disable recursion - recursion yes/no;
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
/* DNSSEC related options. See information about keys ("Trusted keys", bellow) */
/* Enable DNSSEC validation on recursive servers */
dnssec-validation yes;
/* In Fedora we use /run/named instead of default /var/run/named
so we have to configure paths properly. */
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
managed-keys-directory "/var/named/dynamic";
/* In Fedora we use system-wide Crypto Policy */
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
/*
Views let a name server answer a DNS query differently depending on who is asking.
By default, if named.conf contains no "view" clauses, all zones are in the
"default" view, which matches all clients.
Views are processed sequentially. The first match is used so the last view should
match "any" - it's fallback and the most restricted view.
If named.conf contains any "view" clause, then all zones MUST be in a view.
*/
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { localhost; };
recursion yes;
# all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};
/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* not leak to the other nameservers:
*/
include "/etc/named.rfc1912.zones";
};
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { localnets; };
recursion yes;
zone "." IN {
type hint;
file "/var/named/named.ca";
};
/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* not leak to the other nameservers:
*/
include "/etc/named.rfc1912.zones";
// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :
/*
NOTE for dynamic DNS zones and secondary zones:
DO NOT USE SAME FILES IN MULTIPLE VIEWS!
If you are using views and DDNS/secondary zones it is strongly
recommended to read FAQ on ISC site (www.isc.org), section
"Configuration and Setup Questions", questions
"How do I share a dynamic zone between multiple views?" and
"How can I make a server a slave for both an internal and an external
view at the same time?"
*/
zone "my.internal.zone" {
type primary;
file "my.internal.zone.db";
};
zone "my.slave.internal.zone" {
type secondary;
file "slaves/my.slave.internal.zone.db";
masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
// put slave zones in the slaves/ directory so named can update them
};
zone "my.ddns.internal.zone" {
type primary;
allow-update { key ddns_key; };
file "dynamic/my.ddns.internal.zone.db";
// put dynamically updateable zones in the slaves/ directory so named can update them
};
};
key ddns_key
{
algorithm hmac-sha256;
secret "use /usr/sbin/ddns-confgen to generate TSIG keys";
};
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not match any above view:
*/
match-clients { any; };
zone "." IN {
type hint;
file "/var/named/named.ca";
};
recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers
// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:
zone "my.external.zone" {
type primary;
file "my.external.zone.db";
};
};
/* Trusted keys
This statement contains DNSSEC keys. If you want DNSSEC aware resolver you
should configure at least one trusted key.
Note that no key written below is valid. Especially root key because root zone
is not signed yet.
*/
/*
trust-anchors {
// Root Key
. initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
R1AkUTV74bU=";
// Key for forward zone
example.com. static-key 257 3 8 "AwEAAZ0aqu1rJ6orJynrRfNpPmayJZoAx9Ic2/Rl9VQW
LMHyjxxem3VUSoNUIFXERQbj0A9Ogp0zDM9YIccKLRd6
LmWiDCt7UJQxVdD+heb5Ec4qlqGmyX9MDabkvX2NvMws
UecbYBq8oXeTT9LRmCUt9KUt/WOi6DKECxoG/bWTykrX
yBR8elD+SQY43OAVjlWrVltHxgp4/rhBCvRbmdflunaP
Igu27eE2U4myDSLT8a4A0rB5uHG4PkOa9dIRs9y00M2m
Wf4lyPee7vi5few2dbayHXmieGcaAHrx76NGAABeY393
xjlmDNcUkF1gpNWUla4fWZbbaYQzA93mLdrng+M=";
// Key for reverse zone.
2.0.192.IN-ADDRPA.NET. initial-ds 31406 8 2 "F78CF3344F72137235098ECBBD08947C2C9001C7F6A085A17F518B5D8F6B916D";
};
*/

10
named.empty Normal file
View File

@ -0,0 +1,10 @@
$TTL 3H
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1

10
named.localhost Normal file
View File

@ -0,0 +1,10 @@
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1

12
named.logrotate Normal file
View File

@ -0,0 +1,12 @@
/var/named/data/named.run {
missingok
su named named
create 0644 named named
postrotate
/usr/bin/systemctl reload named.service > /dev/null 2>&1 || true
/usr/bin/systemctl reload named-chroot.service > /dev/null 2>&1 || true
/usr/bin/systemctl reload named-sdb.service > /dev/null 2>&1 || true
/usr/bin/systemctl reload named-sdb-chroot.service > /dev/null 2>&1 || true
/usr/bin/systemctl reload named-pkcs11.service > /dev/null 2>&1 || true
endscript
}

11
named.loopback Normal file
View File

@ -0,0 +1,11 @@
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
PTR localhost.

45
named.rfc1912.zones Normal file
View File

@ -0,0 +1,45 @@
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and https://tools.ietf.org/html/rfc6303
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// Note: empty-zones-enable yes; option is default.
// If private ranges should be forwarded, add
// disable-empty-zone "."; into options
//
zone "localhost.localdomain" IN {
type primary;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type primary;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type primary;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type primary;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type primary;
file "named.empty";
allow-update { none; };
};

92
named.root Normal file
View File

@ -0,0 +1,92 @@
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: December 20, 2023
; related version of root zone: 2023122001
;
; FORMERLY NS.INTERNIC.NET
;
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 170.247.170.2
B.ROOT-SERVERS.NET. 3600000 AAAA 2801:1b8:10::b
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of file

13
named.root.key Normal file
View File

@ -0,0 +1,13 @@
trust-anchors {
# ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
# for current trust anchor information.
#
# This key (20326) was published in the root zone in 2017.
# Servers which were already using the old key (19036) should
# roll seamlessly to this new one via RFC 5011 rollover. Servers
# being set up for the first time can use the contents of this
# file as initializing keys; thereafter, the keys in the
# managed key database will be trusted and maintained
# automatically.
. initial-ds 20326 8 2 "E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D";
};

6
named.rwtab Normal file
View File

@ -0,0 +1,6 @@
dirs /var/named
files /var/named/named.ca
files /var/named/named.empty
files /var/named/named.localhost
files /var/named/named.loopback

26
named.service Normal file
View File

@ -0,0 +1,26 @@
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=named-setup-rndc.service
Before=nss-lookup.target
After=named-setup-rndc.service
After=network.target
[Service]
Type=forking
Environment=NAMEDCONF=/etc/named.conf
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/run/named/named.pid
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/bin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
PrivateTmp=true
Restart=on-abnormal
[Install]
WantedBy=multi-user.target

17
named.sysconfig Normal file
View File

@ -0,0 +1,17 @@
# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# OPTIONS="whatever" -- These additional options will be passed to named
# at startup. Don't add -t here, enable proper
# -chroot.service unit file.
#
# NAMEDCONF=/etc/named/alternate.conf
# -- Don't use -c to change configuration file.
# Extend systemd named.service instead or use this
# variable.
#
# DISABLE_ZONE_CHECKING -- By default, service file calls named-checkzone
# utility for every zone to ensure all zones are
# valid before named starts. If you set this option
# to 'yes' then service file doesn't perform those
# checks.

10
plans/all.fmf Normal file
View File

@ -0,0 +1,10 @@
summary: Test plan with all beakerlib tests
environment+:
PACKAGE: bind
discover:
how: fmf
url: https://src.fedoraproject.org/tests/bind.git
execute:
how: tmt
context:
component: bind

11
plans/tier1-public.fmf Normal file
View File

@ -0,0 +1,11 @@
summary: Public (Fedora) Tier1 beakerlib tests
environment+:
PACKAGE: bind
discover:
how: fmf
url: https://src.fedoraproject.org/tests/bind.git
filter: 'tier: 1'
execute:
how: tmt
context:
component: bind

117
setup-named-chroot.sh Executable file
View File

@ -0,0 +1,117 @@
#!/bin/bash
ROOTDIR="$1"
CONFIG_FILES="${3:-/etc/named-chroot.files}"
usage()
{
echo
echo 'This script setups chroot environment for BIND'
echo 'Usage: setup-named-chroot.sh ROOTDIR <on|off> [chroot.files]'
}
if ! [ "$#" -ge 2 -a "$#" -le 3 ]; then
echo 'Wrong number of arguments'
usage
exit 1
fi
# Exit if ROOTDIR doesn't exist
if ! [ -d "$ROOTDIR" ]; then
echo "Root directory $ROOTDIR doesn't exist"
usage
exit 1
fi
if ! [ -r "$CONFIG_FILES" ]; then
echo "Files list $CONFIG_FILES doesn't exist" 2>&1
usage
exit 1
fi
dev_create()
{
DEVNAME="$ROOTDIR/dev/$1"
shift
if ! [ -e "$DEVNAME" ]; then
/bin/mknod -m 0664 "$DEVNAME" $@
/bin/chgrp named "$DEVNAME"
if [ -x /usr/sbin/selinuxenabled -a -x /sbin/restorecon ]; then
/usr/sbin/selinuxenabled && /sbin/restorecon "$DEVNAME" > /dev/null || :
fi
fi
}
dev_chroot_prep()
{
dev_create random c 1 8
dev_create urandom c 1 9
dev_create zero c 1 5
dev_create null c 1 3
}
files_comment_filter()
{
if [ -d "$1" ]; then
grep -v '^[[:space:]]*#' "$1"/*.files
else
grep -v '^[[:space:]]*#' "$1"
fi
}
mount_chroot_conf()
{
if [ -n "$ROOTDIR" ]; then
# Check devices are prepared
dev_chroot_prep
files_comment_filter "$CONFIG_FILES" | while read -r all; do
# Skip nonexistant files
[ -e "$all" ] || continue
# If mount source is a file
if ! [ -d "$all" ]; then
# mount it only if it is not present in chroot or it is empty
if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then
touch "$ROOTDIR$all"
mount --bind "$all" "$ROOTDIR$all"
fi
else
# Mount source is a directory. Mount it only if directory in chroot is
# empty.
if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
mount --bind --make-private "$all" "$ROOTDIR$all"
fi
fi
done
fi
}
umount_chroot_conf()
{
if [ -n "$ROOTDIR" ]; then
files_comment_filter "$CONFIG_FILES" | while read -r all; do
# Check if file is mount target. Do not use /proc/mounts because detecting
# of modified mounted files can fail.
if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
umount "$ROOTDIR$all"
# Remove temporary created files
[ -f "$all" ] && rm -f "$ROOTDIR$all"
fi
done
fi
}
case "$2" in
on)
mount_chroot_conf
;;
off)
umount_chroot_conf
;;
*)
echo 'Second argument has to be "on" or "off"'
usage
exit 1
esac
exit 0

124
setup-named-softhsm.sh Executable file
View File

@ -0,0 +1,124 @@
#!/bin/sh
#
# This script will initialise token storage of softhsm PKCS11 provider
# in custom location. Is useful to store tokens in non-standard location.
#
# Output can be evaluated from bash, it will prepare it for usage of temporary tokens.
# Quotes around eval are mandatory!
# Recommended use:
# eval "$(bash setup-named-softhsm.sh -A)"
#
SOFTHSM2_CONF="$1"
TOKENPATH="$2"
GROUPNAME="$3"
# Do not use this script for real keys worth protection
# This is intended for crypto accelerators using PKCS11 interface.
# Uninitialized token would fail any crypto operation.
PIN=1234
SO_PIN=1234
LABEL=rpm
set -e
echo_i()
{
echo "#" $@
}
random()
{
if [ -x "$(which openssl 2>/dev/null)" ]; then
openssl rand -base64 $1
else
dd if=/dev/urandom bs=1c count=$1 | base64
fi
}
usage()
{
echo "Usage: $0 -A [token directory] [group]"
echo " or: $0 <config file> <token directory> [group]"
}
if [ "$SOFTHSM2_CONF" = "-A" -a -z "$TOKENPATH" ]; then
TOKENPATH=$(mktemp -d /var/tmp/softhsm-XXXXXX)
fi
if [ -z "$SOFTHSM2_CONF" -o -z "$TOKENPATH" ]; then
usage >&2
exit 1
fi
if [ "$SOFTHSM2_CONF" = "-A" ]; then
# Automagic mode instead
MODE=secure
SOFTHSM2_CONF="$TOKENPATH/softhsm2.conf"
PIN_SOURCE="$TOKENPATH/pin"
SOPIN_SOURCE="$TOKENPATH/so-pin"
TOKENPATH="$TOKENPATH/tokens"
else
MODE=legacy
fi
[ -d "$TOKENPATH" ] || mkdir -p "$TOKENPATH"
umask 0022
if ! [ -f "$SOFTHSM2_CONF" ]; then
cat << SED > "$SOFTHSM2_CONF"
# SoftHSM v2 configuration file
directories.tokendir = ${TOKENPATH}
objectstore.backend = file
# ERROR, WARNING, INFO, DEBUG
log.level = ERROR
# If CKF_REMOVABLE_DEVICE flag should be set
slots.removable = false
SED
else
echo_i "Config file $SOFTHSM2_CONF already exists" >&2
fi
if [ -n "$PIN_SOURCE" ]; then
touch "$PIN_SOURCE" "$SOPIN_SOURCE"
chmod 0600 "$PIN_SOURCE" "$SOPIN_SOURCE"
if [ -n "$GROUPNAME" ]; then
chgrp "$GROUPNAME" "$PIN_SOURCE" "$SOPIN_SOURCE"
chmod g+r "$PIN_SOURCE" "$SOPIN_SOURCE"
fi
fi
export SOFTHSM2_CONF
if softhsm2-util --show-slots | grep 'Initialized:[[:space:]]*yes' > /dev/null
then
echo_i "Token in ${TOKENPATH} is already initialized" >&2
[ -f "$PIN_SOURCE" ] && PIN=$(cat "$PIN_SOURCE")
[ -f "$SOPIN_SOURCE" ] && SO_PIN=$(cat "$SOPIN_SOURCE")
else
PIN=$(random 6)
SO_PIN=$(random 18)
if [ -n "$PIN_SOURCE" ]; then
echo -n "$PIN" > "$PIN_SOURCE"
echo -n "$SO_PIN" > "$SOPIN_SOURCE"
fi
echo_i "Initializing tokens to ${TOKENPATH}..."
softhsm2-util --init-token --free --label "$LABEL" --pin "$PIN" --so-pin "$SO_PIN" | sed -e 's/^/# /'
if [ -n "$GROUPNAME" ]; then
chgrp -R -- "$GROUPNAME" "$TOKENPATH"
chmod -R -- g=rX,o= "$TOKENPATH"
fi
fi
echo "export SOFTHSM2_CONF=\"$SOFTHSM2_CONF\""
echo "export PIN_SOURCE=\"$PIN_SOURCE\""
echo "export SOPIN_SOURCE=\"$SOPIN_SOURCE\""
# These are intentionaly not exported
echo "PIN=\"$PIN\""
echo "SO_PIN=\"$SO_PIN\""

10
softhsm2.conf.in Normal file
View File

@ -0,0 +1,10 @@
# SoftHSM v2 configuration file
directories.tokendir = @TOKENPATH@
objectstore.backend = file
# ERROR, WARNING, INFO, DEBUG
log.level = ERROR
# If CKF_REMOVABLE_DEVICE flag should be set
slots.removable = false

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (bind-9.18.24.tar.xz) = 465f5b01570fdde5c95adfb780f54e0585814bd25baf914bb95bf5972f15a672e3e7b743a55f1804e69e17609d5a0cd66cc2bbab9174238b3c89e5ad732dc085
SHA512 (bind-9.18.24.tar.xz.asc) = ee16356b2f523bea1a98fb74216aafa134af3dca42e64438f1c89d8a971919614274af316a170ff9d6f952a5101f44ec1f9fe2c460de42797b06a361c994fb6d

1
trusted-key.key Normal file
View File

@ -0,0 +1 @@
. 3600 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=