Fedora bind import
Import commit 91d60335005d38c4fa34b1cc3c835a0ec15983ed
This commit is contained in:
parent
47e32c28b7
commit
ec071137db
1
.fmf/version
Normal file
1
.fmf/version
Normal file
@ -0,0 +1 @@
|
||||
1
|
224
.gitignore
vendored
224
.gitignore
vendored
@ -0,0 +1,224 @@
|
||||
bind-9.7.1-P2.tar.gz
|
||||
config-8.tar.bz2
|
||||
bind-9.7.2b1.tar.gz
|
||||
/config-8.tar.bz2
|
||||
/bind-9.7.2rc1.tar.gz
|
||||
/bind-9.7.2.tar.gz
|
||||
/bind-9.7.2-P2.tar.gz
|
||||
/bind-9.7.2-P3.tar.gz
|
||||
/bind-9.7.3b1.tar.gz
|
||||
/bind-9.7.3rc1.tar.gz
|
||||
/bind-9.7.3.tar.gz
|
||||
/bind-9.8.0rc1.tar.gz
|
||||
/bind-9.8.0.tar.gz
|
||||
/bind-9.8.0-P1.tar.gz
|
||||
/bind-9.8.0-P2.tar.gz
|
||||
/bind-9.8.0-P4.tar.gz
|
||||
/bind-9.8.1rc1.tar.gz
|
||||
/bind-9.8.1.tar.gz
|
||||
/bind-9.9.0b1.tar.gz
|
||||
/bind-9.9.0b2.tar.gz
|
||||
/bind-9.9.0rc1.tar.gz
|
||||
/bind-9.9.0rc2.tar.gz
|
||||
/bind-9.9.0.tar.gz
|
||||
/bind-9.9.1.tar.gz
|
||||
/bind-9.9.1-P1.tar.gz
|
||||
/bind-9.9.1-P2.tar.gz
|
||||
/bind-9.9.1-P3.tar.gz
|
||||
/bind-9.9.2.tar.gz
|
||||
/bind-9.9.2-P1.tar.gz
|
||||
/config-9.tar.bz2
|
||||
/config-10.tar.bz2
|
||||
/bind-9.9.2-P2.tar.gz
|
||||
/bind-9.9.3rc1.tar.gz
|
||||
/config-11.tar.bz2
|
||||
/bind-9.9.3rc2.tar.gz
|
||||
/bind-9.9.3.tar.gz
|
||||
/bind-9.9.3-P1.tar.gz
|
||||
/bind-9.9.4b1.tar.gz
|
||||
/bind-9.9.4rc1.tar.gz
|
||||
/bind-9.9.4rc2.tar.gz
|
||||
/bind-9.9.4.tar.gz
|
||||
/config-12.tar.bz2
|
||||
/bind-9.9.5b1.tar.gz
|
||||
/bind-9.9.5rc2.tar.gz
|
||||
/bind-9.9.5.tar.gz
|
||||
/bind-9.9.5-P1.tar.gz
|
||||
/bind-9.9.6.tar.gz
|
||||
/bind-9.9.6-P1.tar.gz
|
||||
/bind-9.10.1b2.tar.gz
|
||||
/bind-9.10.1.tar.gz
|
||||
/bind-9.10.1-P1.tar.gz
|
||||
/bind-9.10.2rc1.tar.gz
|
||||
/bind-9.10.2rc2.tar.gz
|
||||
/bind-9.10.2.tar.gz
|
||||
/config-13.tar.bz2
|
||||
/config-14.tar.bz2
|
||||
/bind-9.10.2-P1.tar.gz
|
||||
/bind-9.10.2-P2.tar.gz
|
||||
/bind-9.10.2-P3.tar.gz
|
||||
/bind-9.10.3rc1.tar.gz
|
||||
/bind-9.10.3.tar.gz
|
||||
/bind-9.10.3-P2.tar.gz
|
||||
/config-15.tar.bz2
|
||||
/bind-9.10.3-P3.tar.gz
|
||||
/bind-9.10.3-P4.tar.gz
|
||||
/bind-9.10.4-P1.tar.gz
|
||||
/bind-9.10.4-P2.tar.gz
|
||||
/bind-9.10.4-P3.tar.gz
|
||||
/bind-9.10.4-P4.tar.gz
|
||||
/bind-9.11.0-P1.tar.gz
|
||||
/bind-9.11.0-P2.tar.gz
|
||||
/bind-9.11.0-P3.tar.gz
|
||||
/bind-9.11.0-P5.tar.gz
|
||||
/config-16.tar.bz2
|
||||
/bind-9.11.1-P1.tar.gz
|
||||
/bind-9.11.1-P2.tar.gz
|
||||
/bind-9.11.1-P3.tar.gz
|
||||
/bind-9.11.2b1.tar.gz
|
||||
/bind-9.11.2.tar.gz
|
||||
/config-17.tar.bz2
|
||||
/bind-9.11.2-P1.tar.gz
|
||||
/bind-9.11.3b1.tar.gz
|
||||
/bind-9.11.3.tar.gz
|
||||
/config-18.tar.bz2
|
||||
/bind-9.11.4rc1.tar.gz
|
||||
/bind-9.11.4.tar.gz
|
||||
/bind-9.11.4-P1.tar.gz
|
||||
/bind-9.11.4-P2.tar.gz
|
||||
/bind-9.11.5.tar.gz
|
||||
/bind-9.11.5-P1.tar.gz
|
||||
/config-19.tar.bz2
|
||||
/bind-9.11.5-P4.tar.gz
|
||||
/bind-9.11.6.tar.gz
|
||||
/bind-9.11.6-P1.tar.gz
|
||||
/bind-9.11.7.tar.gz
|
||||
/bind-9.11.8.tar.gz
|
||||
/bind-9.11.9.tar.gz
|
||||
/bind-9.11.10.tar.gz
|
||||
/bind-9.11.11.tar.gz
|
||||
/bind-9.11.12.tar.gz
|
||||
/bind-9.11.13.tar.gz
|
||||
/bind-9.11.13.tar.gz.asc
|
||||
/bind-9.11.14.tar.gz
|
||||
/bind-9.11.14.tar.gz.asc
|
||||
/bind-9.11.17.tar.gz
|
||||
/bind-9.11.17.tar.gz.asc
|
||||
/bind-9.11.18.tar.gz
|
||||
/bind-9.11.18.tar.gz.asc
|
||||
/bind-9.11.19.tar.gz
|
||||
/bind-9.11.19.tar.gz.asc
|
||||
/bind-9.11.20.tar.gz
|
||||
/bind-9.11.20.tar.gz.asc
|
||||
/bind-9.11.21.tar.gz
|
||||
/bind-9.11.21.tar.gz.asc
|
||||
/bind-9.11.22.tar.gz
|
||||
/bind-9.11.22.tar.gz.asc
|
||||
/bind-9.11.23.tar.gz
|
||||
/bind-9.11.23.tar.gz.asc
|
||||
/bind-9.11.24.tar.gz
|
||||
/bind-9.11.24.tar.gz.asc
|
||||
/bind-9.11.25.tar.gz
|
||||
/bind-9.11.25.tar.gz.asc
|
||||
/bind-9.11.26.tar.gz
|
||||
/bind-9.11.26.tar.gz.asc
|
||||
/bind-9.16.1.tar.xz
|
||||
/bind-9.16.1.tar.xz.asc
|
||||
/bind-9.16.2.tar.xz
|
||||
/bind-9.16.2.tar.xz.asc
|
||||
/bind-9.16.4.tar.xz
|
||||
/bind-9.16.4.tar.xz.asc
|
||||
/bind-9.16.5.tar.xz
|
||||
/bind-9.16.5.tar.xz.asc
|
||||
/bind-9.16.6.tar.xz
|
||||
/bind-9.16.6.tar.xz.asc
|
||||
/bind-9.16.7.tar.xz
|
||||
/bind-9.16.7.tar.xz.asc
|
||||
/bind-9.16.8.tar.xz
|
||||
/bind-9.16.8.tar.xz.asc
|
||||
/bind-9.16.9.tar.xz
|
||||
/bind-9.16.9.tar.xz.asc
|
||||
/bind-9.16.10.tar.xz
|
||||
/bind-9.16.10.tar.xz.asc
|
||||
/bind-9.16.11.tar.xz
|
||||
/bind-9.16.11.tar.xz.asc
|
||||
/bind-9.16.13.tar.xz
|
||||
/bind-9.16.13.tar.xz.asc
|
||||
/bind-9.16.15.tar.xz
|
||||
/bind-9.16.15.tar.xz.asc
|
||||
/bind-9.16.16.tar.xz
|
||||
/bind-9.16.16.tar.xz.asc
|
||||
/bind-9.16.17.tar.xz
|
||||
/bind-9.16.17.tar.xz.asc
|
||||
/bind-9.16.18.tar.xz
|
||||
/bind-9.16.18.tar.xz.asc
|
||||
/bind-9.16.19.tar.xz
|
||||
/bind-9.16.19.tar.xz.asc
|
||||
/bind-9.16.20.tar.xz
|
||||
/bind-9.16.20.tar.xz.asc
|
||||
/bind-9.16.21.tar.xz
|
||||
/bind-9.16.21.tar.xz.asc
|
||||
/bind-9.16.22.tar.xz
|
||||
/bind-9.16.22.tar.xz.asc
|
||||
/bind-9.16.23.tar.xz
|
||||
/bind-9.16.23.tar.xz.asc
|
||||
/bind-9.16.24.tar.xz
|
||||
/bind-9.16.24.tar.xz.asc
|
||||
/bind-9.16.25.tar.xz
|
||||
/bind-9.16.25.tar.xz.asc
|
||||
/bind-9.16.26.tar.xz
|
||||
/bind-9.16.26.tar.xz.asc
|
||||
/bind-9.16.27.tar.xz
|
||||
/bind-9.16.27.tar.xz.asc
|
||||
/bind-9.16.28.tar.xz
|
||||
/bind-9.16.28.tar.xz.asc
|
||||
/bind-9.16.29.tar.xz
|
||||
/bind-9.16.29.tar.xz.asc
|
||||
/bind-9.16.30.tar.xz
|
||||
/bind-9.16.30.tar.xz.asc
|
||||
/bind-9.18.0.tar.xz
|
||||
/bind-9.18.0.tar.xz.asc
|
||||
/bind-9.18.1.tar.xz
|
||||
/bind-9.18.1.tar.xz.asc
|
||||
/bind-9.18.2.tar.xz
|
||||
/bind-9.18.2.tar.xz.asc
|
||||
/bind-9.18.3.tar.xz
|
||||
/bind-9.18.3.tar.xz.asc
|
||||
/bind-9.18.4.tar.xz
|
||||
/bind-9.18.4.tar.xz.asc
|
||||
/bind-9.18.5.tar.xz
|
||||
/bind-9.18.5.tar.xz.asc
|
||||
/bind-9.18.6.tar.xz
|
||||
/bind-9.18.6.tar.xz.asc
|
||||
/bind-9.18.7.tar.xz
|
||||
/bind-9.18.7.tar.xz.asc
|
||||
/bind-9.18.8.tar.xz
|
||||
/bind-9.18.8.tar.xz.asc
|
||||
/bind-9.18.9.tar.xz
|
||||
/bind-9.18.9.tar.xz.asc
|
||||
/bind-9.18.10.tar.xz
|
||||
/bind-9.18.10.tar.xz.asc
|
||||
/bind-9.18.11.tar.xz
|
||||
/bind-9.18.11.tar.xz.asc
|
||||
/bind-9.18.12.tar.xz
|
||||
/bind-9.18.12.tar.xz.asc
|
||||
/bind-9.18.13.tar.xz
|
||||
/bind-9.18.13.tar.xz.asc
|
||||
/bind-9.18.14.tar.xz
|
||||
/bind-9.18.14.tar.xz.asc
|
||||
/bind-9.18.15.tar.xz
|
||||
/bind-9.18.15.tar.xz.asc
|
||||
/bind-9.18.16.tar.xz
|
||||
/bind-9.18.16.tar.xz.asc
|
||||
/bind-9.18.17.tar.xz
|
||||
/bind-9.18.17.tar.xz.asc
|
||||
/bind-9.18.18.tar.xz
|
||||
/bind-9.18.18.tar.xz.asc
|
||||
/bind-9.18.19.tar.xz
|
||||
/bind-9.18.19.tar.xz.asc
|
||||
/bind-9.18.20.tar.xz
|
||||
/bind-9.18.20.tar.xz.asc
|
||||
/bind-9.18.21.tar.xz
|
||||
/bind-9.18.21.tar.xz.asc
|
||||
/bind-9.18.24.tar.xz
|
||||
/bind-9.18.24.tar.xz.asc
|
43
Changes.md
Normal file
43
Changes.md
Normal file
@ -0,0 +1,43 @@
|
||||
# Significant Changes in BIND9 package
|
||||
|
||||
## BIND 9.16
|
||||
|
||||
### New features
|
||||
|
||||
- *libuv* is used for network subsystem as a mandatory dependency
|
||||
- *dnssec-policy* support in named.conf is introduced, providing a a key and signing policy
|
||||
([KASP](https://gitlab.isc.org/isc-projects/bind9/-/wikis/DNSSEC-Key-and-Signing-Policy-(KASP)))
|
||||
- *trusted-keys* and *managed-keys* are deprecated, replaced by *trust-anchors*
|
||||
- *trust-anchors* support also anchor in a *DS* format, in addition to *DNSKEY* format
|
||||
- **dig, mdig** and **delv** support **+yaml** parameter to print detailed machine parseable output
|
||||
|
||||
### Feature changes
|
||||
|
||||
- Static trust anchor and *dnssec-validation auto;* are incompatible and cause fatal error, when used together.
|
||||
- *DS* and *CDS* now generates only SHA-256 digest, SHA-1 is no longer generated by default
|
||||
- SipHash 2-4 DNS Cookie ([RFC 7873](https://www.rfc-editor.org/rfc/rfc7873.html) is now default).
|
||||
Only AES alternative algorithm is kept, HMAC-SHA cookie support were removed.
|
||||
- **dnssec-signzone** and **dnssec-verify** commands print output to stdout, *-q* parameter can silence them
|
||||
|
||||
### Features removed
|
||||
|
||||
- *dnssec-enable* option is obsolete, DNSSEC support is always enabled
|
||||
- *dnssec-lookaside* option is deprecated and support for it removed from all tools
|
||||
- *cleaning-interval* option is removed
|
||||
|
||||
### Upstream release notes
|
||||
|
||||
- [9.16.10 notes](https://downloads.isc.org/isc/bind9/9.16.10/doc/arm/html/notes.html#notes-for-bind-9-16-10)
|
||||
- [9.16.0 notes](https://downloads.isc.org/isc/bind9/9.16.0/doc/arm/html/notes.html#notes-for-bind-9-16-0)
|
||||
|
||||
## BIND 9.14
|
||||
|
||||
- single thread support removed. Cannot provide *bind-export-libs* for DHCP
|
||||
- *lwres* support completely removed. Both daemon and library
|
||||
- common parts of daemon moved into *libns* shared library
|
||||
- introduced plugin for filtering aaaa responses
|
||||
- some SDB utilities no longer supported
|
||||
|
||||
### Upstream release notes
|
||||
|
||||
- [9.14.7 notes](https://downloads.isc.org/isc/bind9/9.14.7/RELEASE-NOTES-bind-9.14.7.html)
|
33
README.md
Normal file
33
README.md
Normal file
@ -0,0 +1,33 @@
|
||||
# BIND 9
|
||||
|
||||
[BIND (Berkeley Internet Name Domain)](https://www.isc.org/downloads/bind/doc/) is a complete, highly portable
|
||||
implementation of the DNS (Domain Name System) protocol.
|
||||
|
||||
Internet Systems Consortium
|
||||
([https://www.isc.org](https://www.isc.org)), a 501(c)(3) public benefit
|
||||
corporation dedicated to providing software and services in support of the
|
||||
Internet infrastructure, developed BIND 9 and is responsible for its
|
||||
ongoing maintenance and improvement.
|
||||
|
||||
More details about upstream project can be found on their
|
||||
[gitlab](https://gitlab.isc.org/isc-projects/bind9). This repository contains
|
||||
only upstream sources and packaging instructions for
|
||||
[Fedora Project](https://fedoraproject.org).
|
||||
|
||||
## Subpackages
|
||||
|
||||
The package contains several subpackages, some of them can be disabled on rebuild.
|
||||
|
||||
* **bind** -- *named* daemon providing DNS server
|
||||
* **bind-utils** -- set of tools to analyse DNS responses or update entries (dig, host)
|
||||
* **bind-doc** -- documentation for current bind, *BIND 9 Administrator Reference Manual*.
|
||||
* **bind-license** -- Shared license for all packages but bind-export-libs.
|
||||
* **bind-libs** -- Shared libraries used by some others programs
|
||||
* **bind-devel** -- Development headers for libs. Can be disabled by `--without DEVEL`
|
||||
|
||||
|
||||
## Optional features
|
||||
|
||||
* *GSSTSIG* -- Support for Kerberos authentication in BIND.
|
||||
* *LMDB* -- Support for dynamic database for managing runtime added zones. Provides faster removal of added zone with much less overhead. But requires lmdb linked to base libs.
|
||||
* *DLZ* -- Support for dynamic loaded modules providing support for features *bind-sdb* provides, but only small module is required.
|
16
bind-9.11.12.tar.gz.asc
Normal file
16
bind-9.11.12.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABAgAdFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAl2WMooACgkQdLtrmky7
|
||||
PThv2RAAnXNLYTzXtH6ls29tRm5Hc+D6UaeqcWDNQ4BpkRVhrFxtukalGCi9mmB6
|
||||
NPJzFyXmaOW654pypCIuEgqJNFUpDtLzLzT7SUF+mhm+5plsaRSBnh4mq87l5KSp
|
||||
twODAPnfCJV+HBk5RmToLEstAbGQ7xEBTyQtZoFkY+V7zEFwENKiCvWsoSWOkYR3
|
||||
zXo3sKjc83HV9ShbW/mCtbZf5L0qlbrKOAzqJfAFMhNNJi8kMbmr/Zi2sIfN+Rhv
|
||||
g8HQo89Epv6r51yAdeED8idIX4rKjjcEtHrZeDmLdCcdHgSEj2sIlH92Joce6vL0
|
||||
S59A0rItIXm6fW8sz6WNpcj4tVtWYbIYjXZ4SPFNkaUrHv8cUekq+5vbI+v07Gh3
|
||||
2bhtDsDyTY5I1/AsY/EFmwkCAjUS00jZryBnuJpLB3v5JtUog4ek32yLBzPrqRBo
|
||||
1876j4nlXAia8mG0OgJNWZ0gHyUPe/TgfR8fQDLmHxHHlKrJNTEwY6bLW8jzFTX1
|
||||
zk510fI1K7J9tiQgf5wcBQ2h3EBlqzDNIJDovoATzLYIf0HKyVegh/vnQdtdEhUR
|
||||
1DzJAt3bsBfAP1AFfWPD/ACu5Zdm7SxY1wE/pjkwttDU3sRZqOfuwNBGeolu3cVN
|
||||
O9/h1zsyVeVS0ui2vu4+V4EvNitmXsVbG2doDq9L5yBiIKGO2Ew=
|
||||
=GCy6
|
||||
-----END PGP SIGNATURE-----
|
16
bind-9.14.7.tar.gz.asc
Normal file
16
bind-9.14.7.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABAgAdFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAl2WMpEACgkQdLtrmky7
|
||||
PTh/sg//QbNRAQvADQfwF1PPo+JxB+3WzQ9oJAWeHbOoiubwkUwO9xE+BEnTNd5o
|
||||
oM1lSLqFxNykOTaoeJlqPftPod1cxo7lSzkwflugGyB/59wliCpqCg053YV4x9mO
|
||||
QggvA/E50+0FI/Om/7v4GHGADu/JE83FovOueWAB0LgqfDSD6QFcNFF9sUJJ4P7r
|
||||
FcEXSWj8QbrHMWBKncZUOpD2ECotvtrYmi0DTHl1XfigESDQpWtsnTFuabCCsvkh
|
||||
ch9wQRplAes2Mf/aS5tl1y0QKKBFuEjtGiTdgrDl6o9GLnx6CueX5saZehu2EVkr
|
||||
fq2vEYUC2lRQSjuxSMMJ3L0TGUcl7+ixlAIISS2K9L5Xx7MhBXt/EH5KiKPfsEet
|
||||
3EH+DhxV5uXjDU7MgvREnxT+ssV23e0HWTz4tVVQ9LpvYmWPIgLcSOhHCc57yoQF
|
||||
c46V0f69dMWbMAlQ93EZSG274ZvpIszpK8+3hGI3/TuDFFgiQJeJJBFVtYJMle69
|
||||
3mEEclfzO7fBiXZFec6nVx2309bL64bafN7zszPKXl4XgoefOfD0v0eWqQT4fxfm
|
||||
dnGC0qMqSZs5F+d0fISV5JUUNYzt9PZjvnzqLLGOeTF6l3/n9G1mmNsXcxJ1OEIF
|
||||
6qh1oO7JTPjt0MFhKac4QjNQi/Bnp25O3I/PRyWZCbiwXkyvyQU=
|
||||
=ZT7s
|
||||
-----END PGP SIGNATURE-----
|
66
bind-9.16-redhat_doc.patch
Normal file
66
bind-9.16-redhat_doc.patch
Normal file
@ -0,0 +1,66 @@
|
||||
From 402403b4bbb4f603693378e86b6c97997ccb0401 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Wed, 17 Jun 2020 23:17:13 +0200
|
||||
Subject: [PATCH] Update man named with Red Hat specifics
|
||||
|
||||
This is almost unmodified text and requires revalidation. Some of those
|
||||
statements are no longer correct.
|
||||
---
|
||||
bin/named/named.rst | 41 +++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 41 insertions(+)
|
||||
|
||||
diff --git a/bin/named/named.rst b/bin/named/named.rst
|
||||
index ea440b2..fa51984 100644
|
||||
--- a/bin/named/named.rst
|
||||
+++ b/bin/named/named.rst
|
||||
@@ -212,6 +212,47 @@ Files
|
||||
|named_pid|
|
||||
The default process-id file.
|
||||
|
||||
+Notes
|
||||
+~~~~~
|
||||
+
|
||||
+**Red Hat SELinux BIND Security Profile:**
|
||||
+
|
||||
+By default, Red Hat ships BIND with the most secure SELinux policy
|
||||
+that will not prevent normal BIND operation and will prevent exploitation
|
||||
+of all known BIND security vulnerabilities . See the selinux(8) man page
|
||||
+for information about SElinux.
|
||||
+
|
||||
+It is not necessary to run named in a chroot environment if the Red Hat
|
||||
+SELinux policy for named is enabled. When enabled, this policy is far
|
||||
+more secure than a chroot environment. Users are recommended to enable
|
||||
+SELinux and remove the bind-chroot package.
|
||||
+
|
||||
+*With this extra security comes some restrictions:*
|
||||
+
|
||||
+By default, the SELinux policy does not allow named to write any master
|
||||
+zone database files. Only the root user may create files in the $ROOTDIR/var/named
|
||||
+zone database file directory (the options { "directory" } option), where
|
||||
+$ROOTDIR is set in /etc/sysconfig/named.
|
||||
+
|
||||
+The "named" group must be granted read privelege to
|
||||
+these files in order for named to be enabled to read them.
|
||||
+
|
||||
+Any file created in the zone database file directory is automatically assigned
|
||||
+the SELinux file context *named_zone_t* .
|
||||
+
|
||||
+By default, SELinux prevents any role from modifying *named_zone_t* files; this
|
||||
+means that files in the zone database directory cannot be modified by dynamic
|
||||
+DNS (DDNS) updates or zone transfers.
|
||||
+
|
||||
+The Red Hat BIND distribution and SELinux policy creates three directories where
|
||||
+named is allowed to create and modify files: */var/named/slaves*, */var/named/dynamic*
|
||||
+*/var/named/data*. By placing files you want named to modify, such as
|
||||
+slave or DDNS updateable zone files and database / statistics dump files in
|
||||
+these directories, named will work normally and no further operator action is
|
||||
+required. Files in these directories are automatically assigned the '*named_cache_t*'
|
||||
+file context, which SELinux allows named to write.
|
||||
+
|
||||
+
|
||||
See Also
|
||||
~~~~~~~~
|
||||
|
||||
--
|
||||
2.34.1
|
||||
|
75
bind-9.18-unittest-netmgr-unstable.patch
Normal file
75
bind-9.18-unittest-netmgr-unstable.patch
Normal file
@ -0,0 +1,75 @@
|
||||
From 0f3a398fe813189c5dd56b0367a72c7b3f19504b Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Wed, 14 Sep 2022 13:06:24 +0200
|
||||
Subject: [PATCH] Disable some often failing tests
|
||||
|
||||
Make those tests skipped in default build, when CI=true environment is
|
||||
set. It is not clear why they fail mostly on COPR, but they do fail
|
||||
often.
|
||||
---
|
||||
tests/isc/netmgr_test.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tests/isc/netmgr_test.c b/tests/isc/netmgr_test.c
|
||||
index 94e4bf7..7f9629c 100644
|
||||
--- a/tests/isc/netmgr_test.c
|
||||
+++ b/tests/isc/netmgr_test.c
|
||||
@@ -1567,13 +1567,13 @@ stream_half_recv_half_send(void **state __attribute__((unused))) {
|
||||
/* TCP */
|
||||
ISC_RUN_TEST_IMPL(tcp_noop) { stream_noop(state); }
|
||||
|
||||
-ISC_RUN_TEST_IMPL(tcp_noresponse) { stream_noresponse(state); }
|
||||
+ISC_RUN_TEST_IMPL(tcp_noresponse) { SKIP_IN_CI; stream_noresponse(state); }
|
||||
|
||||
ISC_RUN_TEST_IMPL(tcp_timeout_recovery) { stream_timeout_recovery(state); }
|
||||
|
||||
ISC_RUN_TEST_IMPL(tcp_recv_one) { stream_recv_one(state); }
|
||||
|
||||
-ISC_RUN_TEST_IMPL(tcp_recv_two) { stream_recv_two(state); }
|
||||
+ISC_RUN_TEST_IMPL(tcp_recv_two) { SKIP_IN_CI; stream_recv_two(state); }
|
||||
|
||||
ISC_RUN_TEST_IMPL(tcp_recv_send) {
|
||||
SKIP_IN_CI;
|
||||
@@ -1623,6 +1623,7 @@ ISC_RUN_TEST_IMPL(tcp_recv_one_quota) {
|
||||
}
|
||||
|
||||
ISC_RUN_TEST_IMPL(tcp_recv_two_quota) {
|
||||
+ SKIP_IN_CI;
|
||||
atomic_store(&check_listener_quota, true);
|
||||
stream_recv_two(state);
|
||||
}
|
||||
@@ -1836,6 +1837,7 @@ ISC_RUN_TEST_IMPL(tcpdns_recv_two) {
|
||||
isc_result_t result = ISC_R_SUCCESS;
|
||||
isc_nmsocket_t *listen_sock = NULL;
|
||||
|
||||
+ SKIP_IN_CI;
|
||||
atomic_store(&nsends, 2);
|
||||
|
||||
result = isc_nm_listentcpdns(listen_nm, &tcp_listen_addr,
|
||||
@@ -2095,6 +2097,7 @@ ISC_RUN_TEST_IMPL(tls_recv_one) {
|
||||
}
|
||||
|
||||
ISC_RUN_TEST_IMPL(tls_recv_two) {
|
||||
+ SKIP_IN_CI;
|
||||
stream_use_TLS = true;
|
||||
stream_recv_two(state);
|
||||
}
|
||||
@@ -2160,6 +2163,7 @@ ISC_RUN_TEST_IMPL(tls_recv_one_quota) {
|
||||
}
|
||||
|
||||
ISC_RUN_TEST_IMPL(tls_recv_two_quota) {
|
||||
+ SKIP_IN_CI;
|
||||
stream_use_TLS = true;
|
||||
atomic_store(&check_listener_quota, true);
|
||||
stream_recv_two(state);
|
||||
@@ -2395,6 +2399,7 @@ ISC_RUN_TEST_IMPL(tlsdns_recv_two) {
|
||||
isc_result_t result = ISC_R_SUCCESS;
|
||||
isc_nmsocket_t *listen_sock = NULL;
|
||||
|
||||
+ SKIP_IN_CI;
|
||||
atomic_store(&nsends, 2);
|
||||
|
||||
result = isc_nm_listentlsdns(listen_nm, &tcp_listen_addr,
|
||||
--
|
||||
2.37.2
|
||||
|
17
bind-9.5-PIE.patch
Normal file
17
bind-9.5-PIE.patch
Normal file
@ -0,0 +1,17 @@
|
||||
diff --git a/bin/named/Makefile.am b/bin/named/Makefile.am
|
||||
index 57a023b..085f2f7 100644
|
||||
--- a/bin/named/Makefile.am
|
||||
+++ b/bin/named/Makefile.am
|
||||
@@ -32,9 +32,12 @@ AM_CPPFLAGS += \
|
||||
endif HAVE_LIBXML2
|
||||
|
||||
AM_CPPFLAGS += \
|
||||
+ -fpie \
|
||||
-DNAMED_LOCALSTATEDIR=\"${localstatedir}\" \
|
||||
-DNAMED_SYSCONFDIR=\"${sysconfdir}\"
|
||||
|
||||
+AM_LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
|
||||
+
|
||||
sbin_PROGRAMS = named
|
||||
|
||||
nodist_named_SOURCES = xsl.c
|
1
bind.tmpfiles.d
Normal file
1
bind.tmpfiles.d
Normal file
@ -0,0 +1 @@
|
||||
d /run/named 0755 named named -
|
226
bind97-exportlib.patch
Normal file
226
bind97-exportlib.patch
Normal file
@ -0,0 +1,226 @@
|
||||
diff -up bind-9.9.3rc2/isc-config.sh.in.exportlib bind-9.9.3rc2/isc-config.sh.in
|
||||
diff -up bind-9.9.3rc2/lib/export/dns/Makefile.in.exportlib bind-9.9.3rc2/lib/export/dns/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/dns/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/dns/Makefile.in 2013-05-13 10:45:22.574089729 +0200
|
||||
@@ -35,9 +35,9 @@ CDEFINES = -DUSE_MD5 @USE_OPENSSL@ @USE_
|
||||
|
||||
CWARNINGS =
|
||||
|
||||
-ISCLIBS = ../isc/libisc.@A@
|
||||
+ISCLIBS = ../isc/libisc-export.@A@
|
||||
|
||||
-ISCDEPLIBS = ../isc/libisc.@A@
|
||||
+ISCDEPLIBS = ../isc/libisc-export.@A@
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
@@ -116,29 +116,29 @@ version.@O@: ${srcdir}/version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libdns.@SA@: ${OBJS}
|
||||
+libdns-export.@SA@: ${OBJS}
|
||||
${AR} ${ARFLAGS} $@ ${OBJS}
|
||||
${RANLIB} $@
|
||||
|
||||
-libdns.la: ${OBJS}
|
||||
+libdns-export.la: ${OBJS}
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns.la \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-export.la \
|
||||
-rpath ${export_libdir} \
|
||||
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
||||
${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
|
||||
|
||||
-timestamp: libdns.@A@
|
||||
+timestamp: libdns-export.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libdns.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libdns-export.@A@ \
|
||||
${DESTDIR}${export_libdir}/
|
||||
|
||||
clean distclean::
|
||||
- rm -f libdns.@A@ timestamp
|
||||
+ rm -f libdns-export.@A@ timestamp
|
||||
rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
|
||||
rm -f include/dns/rdatastruct.h
|
||||
|
||||
diff -up bind-9.9.3rc2/lib/export/irs/Makefile.in.exportlib bind-9.9.3rc2/lib/export/irs/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/irs/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/irs/Makefile.in 2013-05-13 10:45:22.575089729 +0200
|
||||
@@ -43,9 +43,9 @@ SRCS = context.c \
|
||||
gai_sterror.c getaddrinfo.c getnameinfo.c \
|
||||
resconf.c
|
||||
|
||||
-ISCLIBS = ../isc/libisc.@A@
|
||||
-DNSLIBS = ../dns/libdns.@A@
|
||||
-ISCCFGLIBS = ../isccfg/libisccfg.@A@
|
||||
+ISCLIBS = ../isc/libisc-export.@A@
|
||||
+DNSLIBS = ../dns/libdns-export.@A@
|
||||
+ISCCFGLIBS = ../isccfg/libisccfg-export.@A@
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
@@ -62,26 +62,26 @@ version.@O@: ${srcdir}/version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libirs.@SA@: ${OBJS} version.@O@
|
||||
+libirs-export.@SA@: ${OBJS} version.@O@
|
||||
${AR} ${ARFLAGS} $@ ${OBJS} version.@O@
|
||||
${RANLIB} $@
|
||||
|
||||
-libirs.la: ${OBJS} version.@O@
|
||||
+libirs-export.la: ${OBJS} version.@O@
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libirs.la \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libirs-export.la \
|
||||
-rpath ${export_libdir} \
|
||||
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
||||
${OBJS} version.@O@ ${LIBS} ${ISCCFGLIBS} ${DNSLIBS} ${ISCLIBS}
|
||||
|
||||
-timestamp: libirs.@A@
|
||||
+timestamp: libirs-export.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libirs.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libirs-export.@A@ \
|
||||
${DESTDIR}${export_libdir}/
|
||||
|
||||
clean distclean::
|
||||
- rm -f libirs.@A@ libirs.la timestamp
|
||||
+ rm -f libirs-export.@A@ libirs-export.la timestamp
|
||||
diff -up bind-9.9.3rc2/lib/export/isccfg/Makefile.in.exportlib bind-9.9.3rc2/lib/export/isccfg/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/isccfg/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/isccfg/Makefile.in 2013-05-13 10:45:22.576089729 +0200
|
||||
@@ -30,11 +30,11 @@ CINCLUDES = -I. ${DNS_INCLUDES} -I${expo
|
||||
CDEFINES =
|
||||
CWARNINGS =
|
||||
|
||||
-ISCLIBS = ../isc/libisc.@A@
|
||||
-DNSLIBS = ../dns/libdns.@A@ @DNS_CRYPTO_LIBS@
|
||||
+ISCLIBS = ../isc/libisc-export.@A@
|
||||
+DNSLIBS = ../dns/libdns-export.@A@ @DNS_CRYPTO_LIBS@
|
||||
|
||||
ISCDEPLIBS = ../../lib/isc/libisc.@A@
|
||||
-ISCCFGDEPLIBS = libisccfg.@A@
|
||||
+ISCCFGDEPLIBS = libisccfg-export.@A@
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
@@ -58,26 +58,26 @@ version.@O@: ${srcdir}/version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libisccfg.@SA@: ${OBJS}
|
||||
+libisccfg-export.@SA@: ${OBJS}
|
||||
${AR} ${ARFLAGS} $@ ${OBJS}
|
||||
${RANLIB} $@
|
||||
|
||||
-libisccfg.la: ${OBJS}
|
||||
+libisccfg-export.la: ${OBJS}
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisccfg.la \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisccfg-export.la \
|
||||
-rpath ${export_libdir} \
|
||||
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
||||
${OBJS} ${LIBS} ${DNSLIBS} ${ISCLIBS}
|
||||
|
||||
-timestamp: libisccfg.@A@
|
||||
+timestamp: libisccfg-export.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisccfg.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisccfg-export.@A@ \
|
||||
${DESTDIR}${export_libdir}/
|
||||
|
||||
clean distclean::
|
||||
- rm -f libisccfg.@A@ timestamp
|
||||
+ rm -f libisccfg-export.@A@ timestamp
|
||||
diff -up bind-9.9.3rc2/lib/export/isc/Makefile.in.exportlib bind-9.9.3rc2/lib/export/isc/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/isc/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/isc/Makefile.in 2013-05-13 10:45:22.576089729 +0200
|
||||
@@ -100,6 +100,10 @@ SRCS = @ISC_EXTRA_SRCS@ \
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
+# Note: the order of SUBDIRS is important.
|
||||
+# Attempt to disable parallel processing.
|
||||
+.NOTPARALLEL:
|
||||
+.NO_PARALLEL:
|
||||
SUBDIRS = include unix nls @ISC_THREAD_DIR@
|
||||
TARGETS = timestamp
|
||||
|
||||
@@ -113,26 +117,26 @@ version.@O@: ${srcdir}/version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libisc.@SA@: ${OBJS}
|
||||
+libisc-export.@SA@: ${OBJS}
|
||||
${AR} ${ARFLAGS} $@ ${OBJS}
|
||||
${RANLIB} $@
|
||||
|
||||
-libisc.la: ${OBJS}
|
||||
+libisc-export.la: ${OBJS}
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc.la \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-export.la \
|
||||
-rpath ${export_libdir} \
|
||||
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
||||
${OBJS} ${LIBS}
|
||||
|
||||
-timestamp: libisc.@A@
|
||||
+timestamp: libisc-export.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisc.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisc-export.@A@ \
|
||||
${DESTDIR}${export_libdir}
|
||||
|
||||
clean distclean::
|
||||
- rm -f libisc.@A@ libisc.la timestamp
|
||||
+ rm -f libisc-export.@A@ libisc-export.la timestamp
|
||||
diff -up bind-9.9.3rc2/lib/export/samples/Makefile.in.exportlib bind-9.9.3rc2/lib/export/samples/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/samples/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/samples/Makefile.in 2013-05-13 10:45:22.577089729 +0200
|
||||
@@ -31,15 +31,15 @@ CINCLUDES = -I${srcdir}/include -I../dns
|
||||
CDEFINES =
|
||||
CWARNINGS =
|
||||
|
||||
-DNSLIBS = ../dns/libdns.@A@ @DNS_CRYPTO_LIBS@
|
||||
-ISCLIBS = ../isc/libisc.@A@
|
||||
-ISCCFGLIBS = ../isccfg/libisccfg.@A@
|
||||
-IRSLIBS = ../irs/libirs.@A@
|
||||
+DNSLIBS = ../dns/libdns-export.@A@ @DNS_CRYPTO_LIBS@
|
||||
+ISCLIBS = ../isc/libisc-export.@A@
|
||||
+ISCCFGLIBS = ../isccfg/libisccfg-export.@A@
|
||||
+IRSLIBS = ../irs/libirs-export.@A@
|
||||
|
||||
-DNSDEPLIBS = ../dns/libdns.@A@
|
||||
-ISCDEPLIBS = ../isc/libisc.@A@
|
||||
-ISCCFGDEPLIBS = ../isccfg/libisccfg.@A@
|
||||
-IRSDEPLIBS = ../irs/libirs.@A@
|
||||
+DNSDEPLIBS = ../dns/libdns-export.@A@
|
||||
+ISCDEPLIBS = ../isc/libisc-export.@A@
|
||||
+ISCCFGDEPLIBS = ../isccfg/libisccfg-export.@A@
|
||||
+IRSDEPLIBS = ../irs/libirs-export.@A@
|
||||
|
||||
DEPLIBS = ${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${ISCDEPLIBS}
|
||||
|
252
codesign2019.txt
Normal file
252
codesign2019.txt
Normal file
@ -0,0 +1,252 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Comment: GPGTools - http://gpgtools.org
|
||||
|
||||
mQINBFwq9BQBEADHjPDCwsHVtxnMNilgu187W8a9rYTMLgLfQwioSbjsF7dUJu8m
|
||||
r1w2stcsatRs7HBk/j26RNJagY2Jt0QufOQLlTePpTl6UPU8EeiJ8c15DNf45TMk
|
||||
pa/3MdIVpDnBioyD1JNqsI4z+yCYZ7p/TRVCyh5vCcwmt5pdKjKMTcu7aD2PtTtI
|
||||
yhTIetJavy1HQmgOl4/t/nKL7Lll2xtZ56JFUt7epo0h69fiUvPewkhykzoEf4UG
|
||||
ZFHSLZKqdMNPs/Jr9n7zS+iOgEXJnKDkp8SoXpAcgJ5fncROMXpxgY2U+G5rB9n0
|
||||
/hvV1zG+EP6OLIGqekiDUga84LdmR/8Cyc7DimUmaoIZXrAo0Alpt0aZ8GimdKmh
|
||||
qirIguJOSrrsZTeZLilCWu37fRIjCQ3dSMNyhHJaOhRJQpQOEDG7jHxFak7627aF
|
||||
UnVwBAOK3NlFfbomapXQm64lYNoONGrpV0ctueD3VoPipxIyzNHHgcsXDZ6C00sv
|
||||
SbuuS9jlFEDonA6S8tApKgkEJuToBuopM4xqqwHNJ4e6QoXYjERIgIBTco3r/76D
|
||||
o22ZxSK1m2m2i+p0gnWTlFn6RH+r6gfLwZRj8iR4fa0yMn3DztyTO6H8AiaslONt
|
||||
LV2kvkhBar1/6dzlBvMdiRBejrVnw+Jg2bOmYTncFN00szPOXbEalps8wwARAQAB
|
||||
tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5
|
||||
LCAyMDE5LTIwMjApIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBK4/rHln
|
||||
EexZ/AB6pHS7a5pMuz04BQJcKvQUAhsDBQkD7JcABQsJCAcCBhUKCQgLAgQWAgMB
|
||||
Ah4BAheAAAoJEHS7a5pMuz0476oP/1+UaSHfe4WVHV43QaQ/z1rw7vg2aHEwyWJA
|
||||
1D1tBr9+LvfohswwWBLIjcKRaoXZ4pLBFjuiYHBTsdaAQFeQQvQTXMmBx21ZyUZj
|
||||
tjim8f9T1JhmIrMx6tF14NbqFpjw82Mv0rc8y74pdRvkdnFigqLKUoN2tFQlKeG+
|
||||
5T24zNwrGrlR3S7gnM47nD1JqKwt4GnczLnMBW/0gbLscMUpAeNo/gY4g0GV/zkn
|
||||
Rt91bLpcEyDAv+ZhQZbkJ49dnNzl5cTK5+uQWnlAZAdPecdLkvBNRNgj/FKL41RF
|
||||
JGN6eqq3+jlPbyj9okeJoGQ64Ibv1ZHVTQIx5vT1+PuVX/Nm0GqSUZdLqR33daKI
|
||||
hjpgUdUK/D0AnN5ulVuE1NnZWjVDTXVEeU8DFvi4lxZVHnZixejxFIZ7vRMvyaHa
|
||||
xLwbevwEUuPLzWn3XhC5yQeqCe6zmzzaPhPlg6NTnM5wgzcKORqCXgxzmtnX+Pbd
|
||||
gXTwNKAJId/141vj1OtZQKJexG9QLufMjBg5rg/qdKooozremeM+FovIocbdFnmX
|
||||
pzP8it8r8FKi7FpXRE3fwxwba4Y9AS2/owtuixlJ2+7M2OXwZEtxyXTXw2v5GFOP
|
||||
vN64G/b71l9c3yKVlQ3BXD0jErv9XcieeFDR9PK0XGlsxykPcIXZYVy2KSWptkSf
|
||||
6f2op3tMiQEzBBABCAAdFiEEFcm6uMUTPAcGawLtlumWUDlMmawFAlwuSqAACgkQ
|
||||
lumWUDlMmaz+igf/ZW8OY5aWjRk7QiXp93jkWRIbMi8kB9jW5u6tfYXFjMADpqiQ
|
||||
yYdzEHFayRF92PQwj81UzIWzOWjErFWLDE2xol9sP5LdzeqoyED+XTqKggpVsIs+
|
||||
Lq672qnumQoZKp1YGb8MDocU2DNg/VsMdi7kCnEnPbcSuBxksmxGYomusXNrAF94
|
||||
1OJ2sqd9BuFamLIyn8XUCGGYlsvMoe4kTCg6Cc1sQvx0lDG8urKN57jBKWbP4alV
|
||||
+JBV5KQcf74gzPmE3ypgY1tMEwxyH/WyS9ekDbai0qauX6eUAsM1bduH8fIcknLS
|
||||
Zl5hrJTrzWFF9/DKOth8QOwhJ9zoIF1fcAsx9okBMwQQAQgAHRYhBHpqR7X54SM6
|
||||
0lUrXL2X3GOe6MR7BQJcLktcAAoJEL2X3GOe6MR7jwEH/iaolMeno1oeWAgzN6Mg
|
||||
bx3maweh/9Vqty1fwk7Crq1G78X5i1OCkknEL2p0Bfle4ApwcC4HZVcqCgoYpRV3
|
||||
/EEXtwkMNy3plWdBbLCQSev/E1D39GzgAHiMnv7NUJnkoJbvMrvrAiUTXPTtARMM
|
||||
gjEpvgEs60wuJxS8ESomRhe/KW4myxDoBxF+K+e5bOkOvvWVcAYJHWZ1BIZs4n6b
|
||||
+C2vO8q5aKTkQ/XvNT7utbTOqj1SGhItRaAQKXHBdzkQ1Et3wTA4+uRg4gK12624
|
||||
9LperYs26w9X9UzApl+qVxQhtWUw3tnUXMastDfQrRcvJgq1xpv++OqX5Uc93RTf
|
||||
SNWJAjMEEAEIAB0WIQS+DpdItxglOii7if/xsRvwXPAuVwUCXC5LlQAKCRDxsRvw
|
||||
XPAuV29KEACEwlTVVKe4gnBYHnlAD7csoQ0+gJ6C+Ofzlw+UItRIcFeVCAknSGBs
|
||||
NPxr9JStIvKpmsbSKpCNUEAYnRP2immh94y/C6BuTe1uUUmqBGr1f4OAUwZpmI29
|
||||
ixYeY/uUs9FZO3bS0/WtG46tdcJK41qtM0DYAGT3oeZhJMTW15dfvMGlFukauSOU
|
||||
+BbR+6sZhqdbWl/AOTE/6x5otnAaW0GObY/BW240Xq/KTgBrzVdK5qNoYsMVsiTd
|
||||
0im0JKvFG08ED+ZfcILhlO6G9jRhoTkhtYuf8CKN1dPf2IoB5FrRFf0xqRr9hNlk
|
||||
X7ViNMP9OPb8i3BubWvRi5rNSquCwrFATSiAgaA9Yi1BNzQsmQxOql9lsh7eCH7m
|
||||
+8zzUg9umWI6PkSv8vHBo2kPX73wmtEsF6vxJlk0yDBuQw7y0uuKh406tEEk4cP2
|
||||
8U4baq+ihpioupDhNuEII1h1Eh/RBE408RAOpcr+2F0m/fKOoJyz7u+AxyV81Ia6
|
||||
fyBnUfZnlfKo16w87c1HJRs9dKkRa5yGziBf9TcED3sru58Pftes2Nr80/iOh26i
|
||||
P2pRihcIyrmeAqDWnneErVCmPMDTe6zkMrm/0iZ25/Jfq+M8IHEzFEw3Y1FBOeFg
|
||||
9TyMDwYG2biJPTNTDO0BQ+Rrvs4SjFWEYSxgJSvG1jMfSPt5AR6MJrkCDQRcKvQU
|
||||
ARAAufZX5WzJr0lZAhxaGpHY6JMBr4jVOCP4TrDZhwC2K4CXNM/PLLNisWzquiWa
|
||||
FvUDhB89kCxrEhipwVFYhBr16CDQxrr8yhah3RIxrBMYhRTxgIAkANgkhGWfDJSE
|
||||
zXauA7krYtS3rYwhfXe4cNsTkLPbnMUlyLJcqj2wnZcZIt97aL+NFRPyfIw1KfUb
|
||||
9u3tB9seDYbvTEULeL07aTnHpWM5f3bTwJrJ2OFPzXseCCzPiVNh3Bv+YtJ1pMTr
|
||||
c/UHO5DoJuHLsF0wicPSrpD0twspFdR/0rT6eNycsaCtV4GQzBcMPvY7qai5XrZm
|
||||
Cqgluo1W6l6+F5YrKvRMtyyFkUNGcPywdjSlP44JyRrS2uzvFUViSsJArcmFG2TJ
|
||||
LCohnse8wqjw0dIUVbmDbE4zjaG56zkvu0k+04Wwp3XPgOZrbl6cbhX3yLhu/Gt0
|
||||
dzd9EReoNfKXk32hBzKas/vdeB5DZejbOOOWYftqyZC1LvDvvrYFhFK6VGozfZ6L
|
||||
Fml1hzn+xPahp5tRv93/T9zXeVPm9zilGMqm/gjRgh8ojWxNQoNzJyqTPWIvWmbu
|
||||
EIP3T3cTFq6lJpJsg3+sfzofGWZCGnBZQGqm8rEOoUWiaKe1BvQCX1x8p4/x8/tX
|
||||
TaVDpQCGoqxXt09plkDuGMuiDICxBlaHWUR2jLoHc2cLrB8AEQEAAYkCPAQYAQgA
|
||||
JhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcKvQUAhsMBQkD7JcAAAoJEHS7a5pM
|
||||
uz04pB8P/Amfg54IFeALiPOrKbjC3bVAQzrsf09IL8sUln/LCZIx9HgGAJj/f35S
|
||||
Q35sK2ucjWiDX6qCxVrWmC6caQXFgXOFSKIlqladmmgj4sIdLM5wj4nbomHChpB5
|
||||
rqV/GgkFwWBQ3kPCatXvc8Bg+zKJ+wXgTuPFXefyE9R+SLuas2grQ9hAjvTGHYbq
|
||||
iYxSlNDFc1aHLAQ3bS76351MHuMHOpLzoB0OkZDCVNW4GNEqrLbINdr50RAK+Loo
|
||||
Z2UBIobEZjXYor9A2FWkSvdjyz6X1QKMdQMath6R91k/O0abBa7ly4/805eAGXM3
|
||||
w1Xf2eMlpiUs69BeYoJBklK8aNMntpDREunJjhiPU4JoDzSxl5Qv7LuXylyo0YJA
|
||||
9YmydKhTTcRdwsKc//nGr/ckg4BRl+VbtJBYvd3xGB7IQ+pT/TOakv9qCospAhr3
|
||||
EQjVP/XpnWJRd+x+dq8UXqwWmTenWDE42cNr7BDFJdOqS5ZWy4sIz4sdjpSxXMB9
|
||||
8iiRtKSpKRCJgXScB7SYebh835EgG2YyQGdhJMO7C6ok9POYQBqL8sBqRzImJKoT
|
||||
VDvOH42WArKwJWTHa4mPdiDHEIZlkONerec3JXtl4Mfv8cwZ5Lb8fSiB/x8AWvqs
|
||||
puc/7hQtkus4TcgutS1fwhAwpnFItpVF6+73CMQrJsblBdTjW0T+uQINBFxbVHwB
|
||||
EADebZOJbhPdhHeBPdlZYE3rRjB8scDpWdjrCupfmeTC9MM6JgCE4DEMBtBXk+h1
|
||||
+7wfpblYYNFwGVFvytG5nvGRDtHWxwd1Z9O8Fx4Zqu0Fx/wAn7ZL3ryE+tdHR7JK
|
||||
7SLxOa2X49T/8LY0U8Q65I4ZRo/b4VMcXApCmncw3QSRqHT/mYdNnf+HHPvi3jza
|
||||
md3iVptCS4Iaisc079DFda+htWXspBc13lmPi2vGQkWjjS3B4yO8JackyQPVhpsg
|
||||
KYbRBzOH0Kii8bXmyA6O5uIJYEddp5Veged4FE/ej3CrgGP1D0Yk1epx8lLbi9RB
|
||||
kwFS7DA5rQ23UnbSy1WyV1ZgPrWqQAWuGpjMTVTWN0ElI3AGxAnE8lZlSXyE+XyV
|
||||
uHjjIVrayBjLKVqDuSLdKZeCvI4QsyHH6F0NKJQkngvXxLZYxO6s0c2EFFLzdVWT
|
||||
1V9GMP8UsDrrb+JsZjUVmPR1tTP4xqEQG6KjfFoQm5XWpGtFwh91OK1lwf/Bx2/C
|
||||
j+PquLLFcj7hEP79VDTUZPQAduTTxIeTzHXH+x1PCHFB10xxH3e82VSdJeBUrJxn
|
||||
riXzK50SKTTmF+uYpHqE8Jg1N2Y1n5ksuxeYUy8PFjhAeBCqZ6ZcldUDf4999e/z
|
||||
PT8bwfCDr8jRdqJHrq7RxTJiP5RsMudWpKeohzJGwQ5uZwARAQABiQRyBBgBCAAm
|
||||
FiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVHwCGwIFCQO9IQACQAkQdLtrmky7
|
||||
PTjBdCAEGQEIAB0WIQSVztolaxygoV8wL7WVIaftXazpGAUCXFtUfAAKCRCVIaft
|
||||
XazpGPeMEACm9nxA/VKf8RxDo2ZuTgyuSwlR8tCjAE4k3+UoiYUbamkW4pjx9Vgd
|
||||
1zC5bNxSWZ5vlJ4CH8ArKFqNK5LBVDZqhYureAo/1Af2b9vRJw0/QQHhuXz/jqeT
|
||||
wwrLuKpy796Gpt+aFfcmS0ZC4QXfxJERhAP6tu1p6YmAsSb+bjziQVkKrt9mhOrL
|
||||
dtz6WP0Fg1joRj33FgnnLtayHvtgQrNFI3ztCjk/B2FjYZxqbBGfk5gyo0cTE2Fi
|
||||
oLhG/XrxIoZepFMJkGYETnYQXrOt2KuJLvawV70YQmG8EqHYY8drKA0XDZs8TVdT
|
||||
5cvGvtm8ERz5znsssRBxQMI5Ml6O2ahrXp8Eq4htCzlvO8t2MOtzvqAJRiyAd6bA
|
||||
Uo+MGVRpnvePOR1SAgBXCd416rF0iCXc1utZxnqwdq9kJAZ+8mCLx4N4jk6AdGpX
|
||||
zcNkLg7QmUzXn75RxZ6GrIUYZJNMlswXq5XhSW4o8ePlaxWjh9+QTtU964AZhpA1
|
||||
uoHsKGTBxHJs0w6McZm14kb2PuaO2/rpf8s8IZyc93+Y5O/gHZ6/agBjA9qN6wkQ
|
||||
R1d5UhJC4QS/m35rBGBKK9X3fqQxaBCio6Qz+m4A3GchrztJpq+2P+ma5ylsTq5j
|
||||
V4njky26WNtrV7+N0C4Moj3I4Qn6YU/eSManTXzHzoiPZCEH/IOxgXIiD/9Zm3Zz
|
||||
I+h4NCfSGyP11/w1gEzlTHQ4at/FXIIDh0Y2ZNpWPffuFQLtcER2vyKPwhDYpGMy
|
||||
NNHXks4azfrXVCv0wmSNBbeS8pJrYtopZpCEBrAbg/YLv9m5lpDSRHaR3gv/qMZ7
|
||||
QxY+NwqciqTwGq68PuF4mDSvtfuFmbEES9Iybiie+eL/6DU2knfBjgshUe6vElR+
|
||||
LYoPQ45GY2IxRTJ1pMXaZw1+evwH3UvseRGkRygiaBgoU/qR4prynvjMQcacCa+C
|
||||
aRnXZJYp/usVBeY0xut9toc9/OcLGoBr5h9l5YjruO2vu8VHou8N0tarVQn3YbQR
|
||||
Fi+YtNtclWJa8Pq1AsKRTCFwDwP6eODv6mNOrEFydNRcpiQmzp47VWF/YHRfHzCq
|
||||
A1wHLxLUrpQTaVw6J4FqedAQ31aAO4faA7MS+ZMNBqZCZ7lTGC6TvojqqBAN2yX7
|
||||
AnnYpZHM+lGpi2/ukVzLqSkGmdNOgbu+UZvoej3YnHYig4yWP+z2xrlJl8bkhU/d
|
||||
r9IQE5aRCEPB/JWhHJ2/GqYl9qjshlB52+6X2KDarwptOtzT9ooArYhpMwKIYh34
|
||||
c7X8tlAKYk7V5j7txIRFDKKAftC7dM82PntXJxSkWyR70GYnYjiXyrqqerqT7xIC
|
||||
mDEQgFOPpy09zFW62paO9uiZw6qwybwqgGpoX7kCDQRcW1TbARAA3ERo2mPv2VVg
|
||||
ZUFr4MtPDm4UG00YJW/LYa3D3k0e9tdSScACXprk1sAoxUlQx/CSdErPKwXG4rax
|
||||
iN4t5nICUUNYSC0dh09G25jC7nwsWc0AYyZu+h/FzfvpOm3fBwmBlzILlGh0URwH
|
||||
Ffj9fHt6hos4C+3PFZZ/X24aMJF/cov1oYi9rqFwt/l0mgtPE88Iyj2/Vp3Lergg
|
||||
QMzKfEuyluj9fL2cgU0Qa7oAPXmaxhHtua4cvbM5SXGo3FXjIgzH9OfM+2orebeN
|
||||
wH1M3ec6w+nPmRmCJLvPKGOeS7GVXL5/aOyPlDWzSXYnpCKS2ntw4K4nt0IA8n8z
|
||||
1db109l/C2noDrDSJEqOo843ShNGTYOMVUrj3a+Y7o2ATc9pNZalf0PwnKas7NDb
|
||||
IJ152PEQw665iYXcv2awjLF6W0yuSq8kfiaAxIrsie2Dto0zgqOs0Ot9Y74u11Hh
|
||||
wBSHUO3mEZJScAAcI/yDF2PvjvCQSzu4mdXb77t6X2O6YHULz4A7bVQCMazcTDI9
|
||||
/S0W2+ixPnnJVnE3xgjK9zuizji8JDJw1hJCQM+yTLVqq9pfvcRfQ6uwpMRzz/O3
|
||||
S0zDRiA69/GyfNwkpgz5QaGpY02IK5WrQU1doRjIz4BHAYzoIOkMkRqTtjdElQZw
|
||||
/D3wSO2uwsEMNwRzibR/Lz1JF2aGn6EAEQEAAYkEcgQYAQgAJhYhBK4/rHlnEexZ
|
||||
/AB6pHS7a5pMuz04BQJcW1TbAhsCBQkDvSEAAkAJEHS7a5pMuz04wXQgBBkBCAAd
|
||||
FiEE1wyE5ktVjlvM7AchMuIXXx11eioFAlxbVNsACgkQMuIXXx11eiqCfQ//SFDf
|
||||
rOIEoslp6n6vlCuavOg02wvjskKQGP1P1Q4v40Fw1Gl87n9uXAoMpeF4H+pzUxOi
|
||||
BHYCQi+EemwocSThzaWfPzd3JG/0OcRymf+ZOcBb+58VJL7p88QdMFIAi5J+KMuA
|
||||
fEG0zLkc9anEnXoVMmQJX5K+6PyeVDvBbYGjLjQAsWTZTiVuQI0w3WxFtDGWqQII
|
||||
8e/qE0DA7c/auGn7j2hid308+FcdfpmLefW9YesWjE1yYvHoCRdFOJ/7Sft4MQCI
|
||||
Re7UET3TRMBvtisP2DcqyzGPp22s4ZYFCCJJNiB92bXdEl5zXe4Ff7JTfNE/QrR7
|
||||
Wg5R9hZHgHdbp8p8bA3f0y29YCx3puYg7BbmQWiMh3rXWE5b090pSpw0K9BQU3vO
|
||||
irr+5/2TaFOJXHl4VF03GrWsSncShCbdsdRIv4TB0lY2mN4q+e7bjlAzJJeoaS97
|
||||
GIqu3DBlAJyx/ZwWW23DXXwoQ4jNuJhpl2jaCE7rVQB0uLjbp0i9Zdd4SdYZxmO/
|
||||
Y+JfgoJz8eyx8wZi4eDz1ijN0WKsIGjxJH5VUK9STjijDMeG6ZZRLc6b1QCGhe97
|
||||
ZbDkEUTdQGoeu4L5Fiqoma13NEsf8ofBDv+myJm/O67Va9JI3gxhIrhmF7LMzQQp
|
||||
lYx2peZC1CmhEnn83dtt83mhXvX6Dth657BW/Qd+GQ//SVuTPuNkBXfrTi4dbnv+
|
||||
cU6IsoIBodTF/WsQ6h4kbtsPhO5DbrsLNuNumrqVEN8jw+HUsEeNvFNeMrTPdG2V
|
||||
87ShQ4BQGkCf+GFRBj0myxxXOFZYQx6RpY5fCe7yOcTzpkbnPWmm7V8HdOuZ0NnL
|
||||
JNQ5YogOI6UvXVKv35R9qBo+G9jkhhb0eaAu6BERzKVANKfsGN7545ElZ1qlffMh
|
||||
AQhXGb6TsvCeSg2cWGb2cnVL2d58uVukD4PDiq4qqwgClkF3bOO70SIgGrCteHbi
|
||||
4Hseopex5m6GqqjoUYXr7QQBwSaQdc+gKtEjMHCsHbUyHRk0qEHdEe+2RmL0d0ra
|
||||
QMJfKyYQjcCR7tnrgN4WD1h4NKRdC/KRW31MDmH9XVPrkOMQCUCnArXkOwdKWsKf
|
||||
h8af9HqweXOT1FHJN/M3tWaBpv6KoduF2f2pj1VhPZ2EqFUycJ26lrHyOpsynQR6
|
||||
+TD+c1uXotDwKN5RW+YL1cydk6mhib64fdOyPUeTcHehjMAFgM2f5wi35Ujcj8id
|
||||
37cWOqRsggSbMnGO4AUA/YtcVNG8TjZbakson8ENK7e8q4sEiNFUZ7/CtzNokwHQ
|
||||
5uOG1+qB85Y4ImGnIZVeiBpjt73VVawg4Zvm/omtW50P9R+4rVhMJZZFAgrWg8BH
|
||||
H/KNznW0vUuShG8B+2FA/eu5Ag0EXFtVDAEQAL5ftI1GgVJEFgX5VsuFnfBnH95c
|
||||
zqmwEXaTP4s7Xm3O0Wy579EzRUD1eEw/UaD/q2OHScwvMP65cZYQ9w4hnCN6H96P
|
||||
96Teo7LOMCssvSXIO7gqP33LKTqDzsIoAFHwWE3dq1jbyP6T1Je85mr0Edvk8kOC
|
||||
B1hudswAARno/7X9zGulhhwuEHk5Iey7R59yRUQqBctdNcetGyaiFjjX0evuVADi
|
||||
/z/s07XhDLDt7+3Vglh1/7XGC64QhB9QjZ8j0u7+0xfmLLjhi+7EpkDlAHIJXX1H
|
||||
0wAsPOGKlYruQUmIsMNfBINZeulHEBZ4cAd30xsM296DzJ6QL9sAGfYMhRs0YHB/
|
||||
EJ10Zv0iw1pU2jCCUv/9Kf4F4nwgHQWQP7JAbfhOIUOUq/YlxjTLnkd25+7vD3KH
|
||||
NQ6UiRDROR9Jwetpd/zokpf5O5iTBpVL+sCq+NsTZyDOjITve2sY0V8v10M+Z+pL
|
||||
cp/cUZ4JEDS/WJ4/ovBNJP8b+YwN/RBgCjl8UBX/N+e7AA52eYP2H9GK9XPkzSCE
|
||||
VxEf5PyjGrwedpoLkzagrHsDuWo3uBquLyneT/ozihqKQAuInUy5B7rWU4mpKHe5
|
||||
Vto5o6Zuj+6MgHgIQzRK6Da2ziMNEmroxwZibcYCtUPdvcvxGh+byclnzBclKjOw
|
||||
kAalFPx0SxEbHmzPABEBAAGJBHIEGAEIACYWIQSuP6x5ZxHsWfwAeqR0u2uaTLs9
|
||||
OAUCXFtVDAIbAgUJA70hAAJACRB0u2uaTLs9OMF0IAQZAQgAHRYhBK7WIv4CB360
|
||||
tcFGwUKiedJIzcMQBQJcW1UMAAoJEEKiedJIzcMQH+cQAIQYXDnqi4Hl21LtAgky
|
||||
pZxug+x/LECVlwkrIfaQF337+fG+H9J7SdU87Sn1Xe/YUgQnF0XP/fjIVFM0e/Tb
|
||||
xVlmTFqiejLnIwJJDgUaHO3POT2sGEyO3tc0mqSzyRBxtMQ8yvApccBhL5QODv3h
|
||||
hlRWgk5MXU0IPeXw134IWm+o/PRiPBoXPawvVfEVIBlUFaiSZASf4BAiSad4aJQe
|
||||
P8PyP7FPvQB1xiib0iSetn6ZmNeN2OSUJPiPA8aE9JCKuFtomVQEDM0BqQDl5A7h
|
||||
5O2uyf0Li+/ArqBvfBjrH03e5zbID02dO3D2BjsV3jUeVPQ5WDgVg8LH+nfg/rRy
|
||||
wfCsx9zFp1mt3K4xN2v7IKwxGndApgCcx17gsjzMvLz0J7sSGov4MNjzqvGEDKCl
|
||||
uUvNKXqy7je9xcQLpoyvWtoWFXWTbQAcK5Vv+hC67r9bHpjI1KuqA8hYqNKxsv7s
|
||||
wiLZdd4SK9SIuwf0j8/XTZwmoFfGolJil0ZNxyqBF39+CMVpaHdLM1qKZz99TVzS
|
||||
h4obOOjkUjK458xSo0XCbJ4qXYp7PgxyWK6GIbTozbbG/1ldw+LUnqxt8Shf797L
|
||||
J9lbI3ICuR2P5PYlKJf3b6D9GyfqyrP387fKAKhHsYkZ1XD54/8wIgTrdfeNPtL0
|
||||
1mjWDjw5KvO9kuPBjcmzgt+NrtsQAJwKeZsiqLLcY8kJ9xP+/xtTlh2iVuZMfxwq
|
||||
hwlo4MMCzpobLDZ/JKU398m77eboTKJSBfeUYxQd4ATn1L8NLKjLxKAaBkjEk0nN
|
||||
8w9OUQbFlhQ/asLzzF7Z9IGGh9/SEgBZ8V67a0O3Qw9Xdi3ARK3bbZ8RIVJ0+P9G
|
||||
CGrfq9j4ZmGA2L4irLjsvDAv7CSMb4WBKW8j0Jz5LFMwOMJgG1TT5c6lNqFj6y09
|
||||
rZcVLnt8+lUv2Bw3LC0oI1TjFkrrCzIdfg++mPi3K/ZFc50bvnWF4eCOjgZ5U9Vb
|
||||
sxFZq3+vTRcIfI9z2lZ9CNDRA1O5jGvuVtEGLiSLF2aJ6kiNriLuuGTlXfg/Fpgh
|
||||
GTvyppOTzF7PtHzHBQ/ZjnhWojnc/jyJRwLK8cCl6+EOc887v8BDmqgFWtmycsE2
|
||||
5fDJ7UFGP13g/eDL3ZUgMDty5dQaUOTX145t2KT+lMqpY6ZK2EC+eoqrnIGJ+tYy
|
||||
0l4RRxi10mbNhuPIIDdph7X+mUHgCeA9gyF0Y+LqiB6CX+zFg7ovLvnCbMPxdGXq
|
||||
z7AjfwqZBKI+BVuBeDtyW4onmElCu5cXNKsg3W0IlQlZf9PMDU6Ht0XLUs7EPfbQ
|
||||
sH1Vqi1XE1W/tGnkmjcpG/qlt9Gx1uwFGLP6iomqUBc2c0GZ6R1xplXvd3w3yC8d
|
||||
8lAgPGImuQINBFxbVToBEADkuxhQx9gxlzzCc0nUu2v82XsD+GzONp9irt14gslx
|
||||
te96eKaTXTi0t5eya0X5TIY3wbREwjlfAeM9AfcAmWcsM4izrfPtANM6WOxB2Tbz
|
||||
EY2cqv7NBQii7Z5aqPyjcIiT0b0Gs2evlDkn3xEBBqTSrNcnGSA29bZPIkaUb7Qo
|
||||
p/Ani0S3/tgcR21gXsJwkgpfNKwvPT03Lz3/o5rXAyag0M/25adgk9SVKNcXc8h2
|
||||
HSGv5ENjwUKNNnowVbNLw4287mFUM2Vd6unGJ2MBj7aUwTrfBl7gNV96mMdDJWcB
|
||||
hGKYkxUvibuHCa2KH7gTrnV6X7sdrgD5CbJMPq6OZNSP6n6bUVg22eHxoETplFwT
|
||||
4NvV3clRMWIAG1XgXR1l99LAh7PPnPMM1pHQGPwYHQskoBFS4g5knzHpB9h9TfZ3
|
||||
MM4cDZR5NgWmE0fYVnWe5ax+wW0/IOklUoHv3qoL4yiN9wFJq2oLzUNQd9+tsqiy
|
||||
vxSTh8iYmHegyn5KuBPsrMPgvqiKOdalTZKkak9DOx4cGQL2qHspKxiBOb6uox2v
|
||||
fjMQ5bDeUn+4DYMdnZNHeywCUegJmDakUtlfvN+136IDHGwfdGcitqzswzd3+PI2
|
||||
qlwPE19gkrp9NUaD3Qj2ZtDP7sU2cThc6Gra5KRFW8f98bI77j1Wu6pCnYFLqPz4
|
||||
QQARAQABiQRyBBgBCAAmFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVToCGwIF
|
||||
CQO9IQACQAkQdLtrmky7PTjBdCAEGQEIAB0WIQR5HX64jryNAThDSqwz3zWa56YK
|
||||
eQUCXFtVOgAKCRAz3zWa56YKeSWOEADK8u03LESGSQlZQqnnCAI8iYs1s+XRMEnG
|
||||
2tAQ1OK7/4eNgr1yZckmaW4FBMgeEgYIBJ7v3SlW7Hf7dE10TYPNGbP6UxVW8HIP
|
||||
rA4CINcGZXWWwpS374JNMS6A5eb6viuEgEMEi00jx0MmLvCMZKypmwXQUl5YJ5nB
|
||||
ytpQ1681mCQxGBMhT1eKQt3B4nAsoEnP+HnqVM/nKxBemSBNXX+C0b/YeQoLC3sD
|
||||
L+Z0NRI8U6PZl9Rokod3uynH0vfBYCEJd6MvsjtnJlVVaseYIA3ESNrFG12tw95I
|
||||
wKNrVCANZ1DBSyK4ovmmWsDrH+uFTHSLNjlxIuVxUfmXcLfgcepVCmd/7Z7UrWYr
|
||||
SXSvP0VG4ZmEPE7tNb8bfyADftO1cVsmcHBQeSrgvpSrTv9L8MocojpR5vJc1f+a
|
||||
sBT7rAeGzZP9riz1GmryXawaZgdLfaaJfzRQkc1uTChb7kMN+UMhVUdCAXmho0XO
|
||||
SfcsW84u/LpjdYh2Ww41xQO6EWvbZDNgD/Fdmp8Uh1MqJ1Dejri6kjNn6wPImXJd
|
||||
Eu6nHqWDRdYsfT4XUB18tB+4aIpFzCyIgpf7p1uaVU7Oqip5sZkc/WXKr77lV23m
|
||||
PQvpGRNCzgU2TJY7ktR3LOvUVN6wNfLMHzeQk18NdmcEGUrJ0YYtl9vE5/Eg9L6x
|
||||
LBH9PKt17IQ8D/9DLwQX8pl3fuTM8ZbzIPLxiXhbgzBBTXKRE2u1888+RIq9xE7c
|
||||
aVFjwq4qpgqZ5SFonTcG4Pi5ck3mFAzyA5zLRF+ckpmBpwSPMpLwCpv10369D1jh
|
||||
AF3JsUwt6DIb2BISMhh2ThSUMSKO75q8GSotsKjJyjD6vl1x4L7WXubTWxEiNuwD
|
||||
3kAjFWS1Z1VWtA9SURWAbsDaCV4VmwCCpSIwRr9OTbyu9XuMdMxGNpl8SwW7MVQb
|
||||
x4aYNvR7Hl/wIR71AHAXoSfrKp3p12anXjYYASHmbm16ugP4H7HLMBfznKet2f76
|
||||
gIxJr1CsAMTSqypcC1UoVb6Gz8djeIR+GU+6efHI4TIUMy5uMIUx8tYbwSEeo/y6
|
||||
NnjpJFYYjJa671iSABInNxs4+X+1zrFa+wl45EnaFxziEet2Qzv/VsusoLvLwnYi
|
||||
BZckclAS5xoVGFW0WJ01OfLUDHxGMt9GSheL8c+GLMaMtaCWunpmmt9zZ9WdpBOu
|
||||
AGluMG1Cee50TrhXaGE8CdNr8nOdSeLNAveBAPmuVa0JDSe20/D/RuYJLKeG9Vsq
|
||||
BZvjuGlOUsfl6UjtiGRbgS9OWpxeez5ugc9yyV+rBGIpmnIb+9quz2HmGxE65eA2
|
||||
cRNsZRIjFLzeAx/0RMaT1nlLFTBbUuZ+tJ+fgFtRGMhifZn1pb2dMQo0N7kCDQRc
|
||||
W1VuARAAv4LYaNq2Zev/v7M5DnxLpgHRcMkG7TOQpycrlK5653llpZzTy3mh5peW
|
||||
vcq3IDmdeUIJxQ+WDh2f0vS+NIKDC/HAddfHrZPbhO7zLxLcMW5KmV05ancaRSP0
|
||||
s0+IyQmvVxUNrgPinZiphlvRGoLXS6pdgfc4jIR9B2umPecfvfu/6EWFPnXZgG8K
|
||||
yY3Z+mwrmEO0FaXHBQuu6nactiPe79N4bLe8hk9RW6yIxLBeJzIoOlIcJmuRHapt
|
||||
nS2lV3mfhZdFnkAp1o6a2TL5BwgMY0wZUKZr78HEMKh6LbPN9rPepf0neUeq/k1l
|
||||
NJU7V6XMS+rezF31vgSJ5KoNGYhxtWZ54uksH2rcw7+ltpSVtqY91G/vibpRCJG3
|
||||
LdX/kxHni1NEWyZlpS/6ntuH6HSoNYsR9IMsbESs3QVCH74ApK88CxYCRB0SEo0M
|
||||
yAElbQ3bfEKCKl/FwC4IzAYAJ2arWKwBHRSJlsrNCtczrjG7j3EyJrn8+Tm5yjO6
|
||||
0THQjvc/nBxrNE09r1Lzz7jrDWC9Rl+BH6wqdniymoYyUAQsX2rZ+Jhah1Zkf+Gu
|
||||
76qtY+EH494dPM+0FazcBlgBd6/J5mh3Wk9JuecXLTEUGtzd1GmI9CENPAklCauX
|
||||
tNOWeTop27djuKWsZxuP1GyV6UYixFVOSWteyAbA32cncVv/2ZUAEQEAAYkEcgQY
|
||||
AQgAJhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcW1VuAhsCBQkDvSEAAkAJEHS7
|
||||
a5pMuz04wXQgBBkBCAAdFiEEFWiQaF6g32oTce8gF8xdsfAIhAcFAlxbVW4ACgkQ
|
||||
F8xdsfAIhAd4jxAAiO9+VRQQ3eBOsJRgANdgL/l51kq7qE3u8xnSqNkrmdYDdT2H
|
||||
TYH5W4n2AmGo50BDafdjd6tut0qtzA3/hGWCooydxKFOsnIYziUeoHvlICj3RkHO
|
||||
y7utcFhAgRWi+kzFwnnXGf13dMU9iG7yvKrCrCEw44gzoQ1KnY1Xsj18n5JkqxeT
|
||||
94bzcSbz20OpOSIMfSQPrpy18WrZYwHodcIZ3IUUACCpMZdfTa9c/qHRQ/rcwl+B
|
||||
0JlHx0V4AYiSAsiMVgflO1Eqi7apPuwxPPd5nnHkrdDM9CYC3LdBORBXwncG3oZ5
|
||||
eTSXmsvFxHXH41JHsm/1QFcVmFAYhu9qJFCGiD+8UeTFtT+nnHU69BszgtUskqX8
|
||||
k9PqLdK7Vxkp16wc6WOp1NeIQ6Fd4PxTGrPqs9bJk7TlYtTFWpA0X+EMj/San+Ku
|
||||
PxqLEa4Ab12R4vs1pCrn/g1z3C/6ujH4B70HOrRTIeTjULJ6xdwXGtwUA09hio0r
|
||||
pHhtyZhAh5irUJNto4ZOk/Qyd+dfMsNvRJfbVIK2mmeRaBnp902AsQNgYVdi2Aki
|
||||
0h4kz3bVLGw7iD/xV2hV69+JwLSijkkmOpz/EjMwj0hDDYrHH3Y3o0dV3dNdk/5i
|
||||
6lQgcxSVsl9kWlHcoEllKbf0Hb1muKVwoGGYxFYna2jsLFVjG29M7iPSgrHjmg/+
|
||||
I3fmsLZ0VI9kmxniUlZ6gz5NB5PJ3RXmwKO9LkBgE5C1wpuZbNEQ1NsR2bprlJPm
|
||||
++GNSo8HaheuTRJn42kkOgfIJwjuvXih3FE/NtRA/W8H2uF6YLDjBKGZJbxQcmsd
|
||||
CTEuCRCVP8X7C5n3rl1YqzfWfNr8QFxvH7ivG7KOlSxvyTKcYatWb9uDUPrnr74f
|
||||
ZaMljHGsNyKj70MzZcrrsmt61yWGR0h+02rmIKlskl4hkh+qF5ehI+Bkd7eblsBy
|
||||
rxEREHq/ij2Vd7l0Z606YCE8vj8WfcsJj8JjwR3A+nND/oNJTTbQ3b8OvasvqIey
|
||||
WqqmGg73nbHjd/VIAUsfvnsEYatDk4pAA/wQr9c4T4s5Q/QRwDrAsa4J89FrDjWC
|
||||
hQBPL7TaP8Af/3Y3/86jLCN4lnW1qjPXv5rhBFeI0EVi1k1qdV06qr5HOk7CwQTT
|
||||
uc4rCdFcEnw8kVKZa/yFnlJfRa0Z4IwSahdp5fdFEuad6LpOcFFnYxWtIWhcg4GT
|
||||
RcMha/OZnsfqOqiAt6In+1IwuJBz3uMM7xw2AMaxzAejGEL63F81C5iJ6Ld6kQK+
|
||||
XblDW0G643bVbzkBb46MAT+UnLuWQUs3NDtk1FEioJyWUgbO/srMH4MoWM7rG8ZT
|
||||
nQPohNmPBrqL2phmE27HQsQ0rTjH2Z2ol7iy9OFMtT0=
|
||||
=MkGo
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
16
gating.yaml
Normal file
16
gating.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_contexts: [bodhi_update_push_testing]
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
|
||||
|
||||
#gating rawhide
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_contexts: [bodhi_update_push_stable]
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
|
33
generate-rndc-key.sh
Executable file
33
generate-rndc-key.sh
Executable file
@ -0,0 +1,33 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ -r /etc/rc.d/init.d/functions ]; then
|
||||
. /etc/rc.d/init.d/functions
|
||||
else
|
||||
success() {
|
||||
echo $" OK "
|
||||
}
|
||||
|
||||
failure() {
|
||||
echo -n " "
|
||||
echo $"FAILED"
|
||||
}
|
||||
fi
|
||||
|
||||
# This script generates /etc/rndc.key if doesn't exist AND if there is no rndc.conf
|
||||
|
||||
if [ ! -s /etc/rndc.key ] && [ ! -s /etc/rndc.conf ]; then
|
||||
echo -n $"Generating /etc/rndc.key:"
|
||||
if /usr/sbin/rndc-confgen -a -A hmac-sha256 > /dev/null 2>&1
|
||||
then
|
||||
chmod 640 /etc/rndc.key
|
||||
chown root:named /etc/rndc.key
|
||||
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key
|
||||
success $"/etc/rndc.key generation"
|
||||
echo
|
||||
else
|
||||
rc=$?
|
||||
failure $"/etc/rndc.key generation"
|
||||
echo
|
||||
exit $rc
|
||||
fi
|
||||
fi
|
175
isc-keyblock.asc
Normal file
175
isc-keyblock.asc
Normal file
@ -0,0 +1,175 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGNjen4BEADDHiUVNbkFtiKPaMWjKxbKmF1nmv7XKjDhwSww6WFiGPbQyxNM
|
||||
r8EHlEJx5kMT67rx0IYMhTLiXm/9C4dGYyUfFWc35CGetuzstzCNkwJs7vZAhEyk
|
||||
+06CX4GFiHPOmWIupGCxFkNz1Qopz3ZePMlZRslVCHzW4dbg5NKLI0ojXlNaTDU5
|
||||
mgUXpsPi/6l6QE6q3ouvmWPF4u71cZ1+W4UkIRAXOlbVsDzGaMaoHjJd8cOM8DrZ
|
||||
gKHACNPjzqOvEujXDC2vyKw6XpxR+pHz0QcrRtlKnVhPNiKcDfw2mJJ5zxi9uSDc
|
||||
dh5FomMn9sS4gy2Tub2urELnPf9xnURftRGG3VO6nZc81ufQB4s1BNT2ny0Uhx5V
|
||||
mXUJwefMypMBfAvWCWBCeyWYtBeo7LT3NmtLq3oVGPfl7+a0ToFAYeghspK8/nOX
|
||||
6/fqF1MEtzvWjXljz6K7FSDYSY9AoaESLHGwCo6dtff5S7f1+l6PCUNo6aM/B5Ke
|
||||
SIAN9Lm6z2iVuy9Lukw+5IRoRKHHV4rJauPtDeYoWnNiSd7Q4vFtotUIjRpDARpm
|
||||
xWS711Q2T+knHFLEiU8QzxjLhOnTzh4n9dDLHCkOY5WM5krldVeL5EuTyPKinuSn
|
||||
oE01A7I4IGJp753CshibxjNYDiEOVeK93R38Y543edlIrYxnfyMVsiqPkwARAQAB
|
||||
tDRNaWNoYcWCIEvEmXBpZcWEIChDb2RlLVNpZ25pbmcgS2V5KSA8bWljaGFsQGlz
|
||||
Yy5vcmc+iQJOBBMBCgA4FiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmNjen4CGwMF
|
||||
CwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQUQpkKgbFLOwiLxAAjYuI4JQ8mPq7
|
||||
YrV9m4tu+jOKvoKfpjct2Rh02n/X3ChOgrdcXU898eH56tRk8Mv/E+cBTPN9zQn6
|
||||
rLprbYR2t2R+zgvuUZWA8In7aewoPIJw8OdlG0gTK9m3VHJIOhIX07qcFttSZw4m
|
||||
4rEU5mdxi9FatBWBzqnVm4Pn577aqRXK908j+6TvgWbZ6Cq0tw3syVT4kGj+93+P
|
||||
uIQQQkTYN8UDQPsAKzfzkbQC9I5YXBKUoB9CfhXig8V9N75R0gsWkJ8Vy/8wsPXT
|
||||
9/EPIIzhnhSuUIjvvBPbLGrzDgbhrfUQ/QVuXDVN8xl3rAWM/tiNGOnmzoYORyM5
|
||||
ftrnCDIaO4aVKR6rtEzfdQa5Kid1StfhFien/U8jYErxkEn2HRt2gVEX5nYq31T+
|
||||
0jgVode2Dzkm4+HKHmfOYsQeC07Mu6wZw9raNYqFjTcfh0ajFpLIT3j2YqOJE2jy
|
||||
KbcveJcy2NiOiUl13exIZuBkZm0wEVbvgVX1PlgL3GJqnbU/Q+maRTb8FBoQVsOd
|
||||
GIm7U/phU91qR+00SkOcp2LgHCCNKrmHXgiBNYBbInNIp6ze3bFvfKTRFn8WdY9v
|
||||
Z7vNfKar8rt90mpjYG9qMhmvh4E9icfp3wRUtOwyi7VVtVTTUq0iFTe2C0m0v6KW
|
||||
XcDwwwaTbl79BOqOH3Gp1flS2ECBsyiZAg0EY2N8xQEQAMWcyZbpxEyefX4JTszG
|
||||
ocpz8C8yqvZJQUfoDK5AecQWR7OegPkIqwJcHEH5cz+MduklXNQdra/snn6pxGig
|
||||
At3xCwfzRTH/aYXdjcjnma1elzZSTgk6Maw4zR/W9wea2DcUtMCcsys0gviN/VUe
|
||||
Aqt+5pmhy2PlEWfJG+Mzyrqgz3Q8hRyAJAKONAwNhs1A4ZqQX/6iuCkJbH1CBeoW
|
||||
+c+5qJHYEXsx25qR1yiKOFo5b90QOcwaebUq+xKQRlnESn75FTgDjDfDm9BqrHcn
|
||||
Tv79kOuIN5vhz4BCsuo5QbNu4RGrs/1VSTPvMf5AN7xs9pYNMAEde7pSF1Ps3B5p
|
||||
CE6iUw9L53ytV4iJQKXpzG29LofUu65YQjIXPgK7NbBO7FUHA41YbSfoWiOAjfMh
|
||||
iE025YM2+RPQh/Nrc3PqBj4h21ycT+d8eEXKfc/okbVFFE9dKS1hUwKgSrs7baOG
|
||||
CBZdpiB+t3jWrr8UrteALab7v0rndco3QKOe9U3f+Gm3MdgLK1TGiRgpdyiIXEel
|
||||
J7zhsdoYEvaKMgUOjhf+COdlf8b9ITg93mDKe8h0OcpirCXw4O2ma3sklabzZKZf
|
||||
CPhhja6Ro5gmO5pxaLau+esQWNrjEikynNIs+GRphtcFsVVH+ww26mR0nI65Llgv
|
||||
kb4+DrbDGSPP6R/C2q/LMLM1ABEBAAG0ME1pY2hhbCBOb3dhayAoQ29kZS1TaWdu
|
||||
aW5nIEtleSkgPG1ub3dha0Bpc2Mub3JnPokCTgQTAQoAOBYhBNmczq+Hl0cBTwON
|
||||
YxguI1eUYu+qBQJjY3zFAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEBgu
|
||||
I1eUYu+q9IAP/j/GGneuvjwbXdATiQAmkiFlOxjs+SsO/hgA/mmWcm+Kpg4cAlbP
|
||||
C2xEDa6biJyZ8TmLZEqPNrRm/umiisC8JnIJpIbInn42n4aDCRDW35lrYGdnP1Ft
|
||||
fexnEOWAJBDRVvh9OnfRfvf+HLFfLFl40b/15YzkTYGIfrMR9y8zalkzXxsVNsyr
|
||||
9Eq2pmYR7BT2z8d/9SAVuh8D3qgUylIgcFcCFJodsrI4zJSpIMfMntwVsZxDlis8
|
||||
JVFN8/pfhuBBe6vjqX/cGJnj6OL3T12jvvniv13W3rar2Ocm6XA9j1t5TZNhKqAy
|
||||
azAKu52NtdJjh25B6C/H+haXAX1eduCCE74uSarqS3F1wf6JI3p8fnWzk4hZNzxp
|
||||
nZjIk3vrHNjE4jXTZosXCf5DoVRfMpNbxj3YEnXV+kNZQRYPPatUPgFYbxz91hbN
|
||||
tHyCiy0GmTyf0QId8LTc0y9mPtP9QureJJ6rL8lt7pvXyrYglqhxDgRhJIGKMKdw
|
||||
0bQtTEF4tyNzC4/sg4/omAGH66clhXlqMmuUjHSUiQyA4LL1mJl63Q+bwqXX4B8t
|
||||
898tSUmb4Jmg3jLZ3Z9Hl7H8Sp3yYPOLzb2YUF6w3xFsUrNNzVxHFo8tAtEhtEfX
|
||||
D+ypkowZq8g41WqMlOBrrzQFuExUSXckH2Cn97lV6lkBoueqxP+Zv0bbmQINBGNj
|
||||
qIkBEADDw/CKszyuFKpVp4Z26rKJ3ooOlp8p9a+fmfuknPtMjJMSX8xK8pOlK739
|
||||
K83yvDRUidT4+R9IAUKM7TqGA0hoPZmZQLiK0YLlAAXufKxO9IsDZI/7DuF2d8fu
|
||||
usKQfS4oJC/IbzOAVwgwodnvKhttLWutT09GxiHrnfVPu6Uf4A+GWtrcTIWhXuxE
|
||||
m7+16ToxBOTLtQ3hh79/RndUuM0ldKRRzJUzASGIPmdQJDLCKgSSeaGjZAdq6gkl
|
||||
qT/K/R8eoLWSOaBRq8lBE1k7Tq4nSwthMHtCQq4+vxFWH3VF9hwy6ixccROPqt9s
|
||||
fNfJK3KF4KGhfejMuVn/Lxp1v+Ne2DsdnVofFakAbBMpMyauzAyXPncYSfFhzLBD
|
||||
kkn7THkfRznmHD8ux89kV534EyqYLjAy8AAD6zNc3tSYgfC0UUw7yz05Sl/eV9Xc
|
||||
pbezu2ipONlXko8jpCQiiHck599cy+StrjjYPwcHF5m8uUlNnzHoUj8qsoK5SA8u
|
||||
RnTW2I4DFbL0+x8eL7gmNQYFdMaA4azogtaTFWgPL2jPJ3B+/bUfHDZflvR0FB5+
|
||||
OD/QHsDv4SB6uX8TOhGbFsHpt7E0scb2U9B8gQeQQJZ3jmcIRp+K18mjYh/ErDFW
|
||||
23ixBe7h3tn2MGUTOhv1ibOYDE3GYBuGLQiom6yhCs8zrneuAQARAQABtDFXbG9k
|
||||
ZWsgV2VuY2VsIChDb2RlLVNpZ25pbmcgS2V5KSA8d2xvZGVrQGlzYy5vcmc+iQJO
|
||||
BBMBCgA4FiEEAlmjO19aOkRmzzRcel4ITKylGIQFAmNjqIkCGwMFCwkIBwMFFQoJ
|
||||
CAsFFgIDAQACHgECF4AACgkQel4ITKylGIRk9g//XrvOYy9zQkpo4Dkol8yLxr99
|
||||
Dq9Ur2v8F5Ba4za4QdUxeYrlq8J827mkUqMtnlyb/+3zSMy2I6HAI8QxlDZL5K0g
|
||||
Gm7iLrwVTM8nAQiNU5vAe4D6PeO5ATBEvRdAUTQGz4xeaTrUXbmNUSC1dZEPvH1z
|
||||
Fa/Z1WZoy9GLeuWDXix6OXTP8FlQWUTL4/ILLtfJDsWCCX7efkyfnvad8Ye2NfU9
|
||||
tBjRX5QQ0Dpvgpr8/7El44XcmaHxPWEiq8X2p/d6j3nU/7LspUXRu3ptu5Q2RqMM
|
||||
iRDZme2c8zieHETpC7m5sshzGxRtT5jWEtZ6V37On5DNTObvXCiaGV95qgiHi5VG
|
||||
s3MFD3QSo1jJI951k68UM8V+OnzbJGN7TezZ3fTn5Pwdd4C4035QMl0E5NXCcXc8
|
||||
9d+3DeFmewRRGCaOKPuO/jFPLWcwMlQqp5tkNx8LpqEZfD7/t6FrSvDUsUDU8Rn0
|
||||
TQILnUZioO68HmeuJbhKaUCMuZGjBIbBqviiufFRiJuEFOVKADQ1u/P5ct/0T/gE
|
||||
JAho3aubzdYMH5DLsaw03W5KfOjeTLW10zSmSK65wnR6fdwlo5l/Sg6Z63QXD+/H
|
||||
/OIFgzviJkyoh6MkH55z2K8BDWbhOmaUBjNAcQEXV1KyHeLDkQ+TJfLjctv4KIpv
|
||||
D7i6kNIp1b6OSdDS9W+ZAg0EY2OzdwEQAMRWPO237ohaXNpKO+dw1qkfOYYisiTQ
|
||||
yfkT7BG0Xvu8jxeOdRuvUzzplgOfwWhOQkyEEXd205/PpwReeeRwhiu0BDSrzYGM
|
||||
KZdw9Bw4enoaOinf5WTqM76mc5WUYfvDJIiHies+ANxj4EqTzvSif9hxvvzrbKYV
|
||||
lHdaGtLm40D6yZSzDEe3X49DmEABM4g/Bs7NfVJcJ3LtLo6qbLy2tKEgNPW+VN/s
|
||||
harufucxnH5HM6BUUOGZx8L04UCNJu+jvZ0zjLc5DqubNO1526kZclAo94DfTkb+
|
||||
ir9nxKn7RkdcseibeYPdeIh3le6aU6M0KhTJs3RCxaQF9At08Vrrkh+wkK2Jr5QW
|
||||
bs8cHpEJ+Q7BwDuAQetFi94eq7Sswh4mjhJ6ZnFCx8v9EbQnvL76afMbhZOezpaQ
|
||||
aAwXVuIio2fsJpHfxWnXb93H1QKiOQdBZZLQGowcFQCqAWg7h2FwWWbKMV1smGHr
|
||||
/28tLZtk/4aSCd9cZ9+nofFPPemPLbYwnBECIZN21QKZ2oBXKxb3hchy4EBTKWtC
|
||||
G/fbTsjSfTCUpMNZ57HO3rGXchjSdIf+tTGJpAqWkTcXuhWXBMWPK6/2REk/DKis
|
||||
XHugHg9R9hqGs2DaMpGh5NrOLly9+0dsjU15iTQucXbCS9895bRtmDjIN8dLSo9H
|
||||
6DDw4yO7SHTlABEBAAG0NE1hcmNpbiBHb2R6aW5hIChDb2RlLVNpZ25pbmcgS2V5
|
||||
KSA8bWdvZHppbmFAaXNjLm9yZz6JAk4EEwEKADgWIQQJCioHkj+SW1dngDpC5d94
|
||||
yDJx2wUCY2OzdwIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBC5d94yDJx
|
||||
29U0D/41C8WaGEphQW1N5lT/1284qiPuz3w3iSciAAoAe8iHUGBcSNpAWQmWvWXI
|
||||
buKb92Gtt8JtSOHwQj8qiHjqRsUu02t/tEgQMQUq6p2jqbxODJfHR8oMFMMB0i0I
|
||||
RgKtEQeq5wRJpVtH+zIFSl9PorsJtHHfhVbqxvE/axcNKa+WaqZdHuKMqADupQEw
|
||||
6rD7yYVX6YPiHxMhba2AAAoHT/3VpHC0JidZ5BWGwkfnGbV1/7O91GHfJx6KN/AK
|
||||
DKb5hFl4TrieDLJzphBWg0y4FJ4K7WSIKvcT2cLel9f9pHV6ysqSZWkCbkjkaVIi
|
||||
LyoA0o7l263WU0D5oG2ihW6Pa2YrWHDDjfTem+kOEFsMjN+Gw74I4KWUBtldfnHK
|
||||
A8TyeviKkVok1lwDAoJ3LJi/bcyCLgBZLInOU31mQ7mIXq1ENCOIvQvaG0Lwdt59
|
||||
sBI8sknHkt+54t/VCaKbWSBOzgGur6EDf9WtPHWvHNCKEleDiHCELdhRYYtENO7T
|
||||
vTv6Fq6Lh26dor26LnARLPvGLAKwONJ0vlTEG8IyoD5AHz9MwdXYgzh8wIvc/HtD
|
||||
/0FlQGLd0WYVI6UjZfPxHOZAzARJKXLJMqiSn8hnO8v6JZaUcOF0yRKTKtzqsjzU
|
||||
v9TubCGdQAaCSCaD2fmA0BEs/FpOnZ8P1fXMpcHGEtMV0qc0wZkCDQRjY7/GARAA
|
||||
ubCCHkdiMblMA9ZlcOVN1Wep7TuYxQouATTb+73iHDQRNIU7DvluHoSq5zJe1Qst
|
||||
zjTmtlkr2dyI5JnBexUEKrw2X7gPXfLaXY01gLLB/Jn8tU9VxPqBybxmjmEdP58B
|
||||
I7BwmCyMYNqDuvPSfTMlogH/pF35Al+c8UbOfDEQqxSO2nKPNa4T5ZoVxvMxV4gn
|
||||
hEJPv8Xte/wiE+CxxbmO2we6rwJjWe7O3T0mNmqvpO8iIsLlQnwTFD5L1huywPc0
|
||||
UDHK0nl8k2lkue2buaOiancLatXt/i+L1DIimCgZwOt3DlVLURH5lz5ALXE/fn+5
|
||||
wKkp+XVyNTAEFhSGifgBDYFw3nZeRTU7unMsRssL8SjuwPWoCcRI/3VE08xCuXc+
|
||||
h6NpGfeJjLRgUSSBF+958djY320TcXaRLrqRhjcJ34dBsDYsRSC15nnq2JU6Vj5t
|
||||
rJL9qOdwVAFwKeAfROUULcy/LHZ3QgKLN5jOfdqYzE2KHk1+VANttRPTG34i6uq6
|
||||
yzCFFYadwST22+QWvxh2ohYj2INvvrzRf3lVxssWyb4USB0JPajgnGeNY/hSYfDa
|
||||
KArqOr9S+3q7h0v4RgoPxDRFIC8v/10W4wPC7R3wj0m/1WHkSm951Wtzq3V84uCF
|
||||
LLhx2ByNpnJFRFqklonAH3WHUIeYcdXAsTeunrGU/XsAEQEAAbQuR3JlZyBDaG91
|
||||
bGVzIChDb2RlLVNpZ25pbmcgS2V5KSA8Z3JlZ0Bpc2Mub3JnPokCTgQTAQoAOBYh
|
||||
BJWA1r8syA8eO7ESUt6rkdVLE8m4BQJjY7/GAhsDBQsJCAcDBRUKCQgLBRYCAwEA
|
||||
Ah4BAheAAAoJEN6rkdVLE8m42PwP/RFmUzgsoM23Z/NQ2AacCFTmHweEllkmf+25
|
||||
3hP80BuSHKsdzlmllFux+xbKZEpQK0nL3fqW8yyv69WmsoKZPpZJxmQ6bwUbtXC7
|
||||
rHkt5gfOXiTaxDBmgO2dcnDsKLb+bEQ7C5hay1P8rOvf13a4UZeTP37gRGmMr38+
|
||||
LvADIspIxBdSvFa7Hb4HKG4VVDai8jaPCF0q8daEWMJxyKSfOQBtSVVAzjLcGrYR
|
||||
bCPDAI1DEASyQOru52WREe4vJCwSaq9dZyGhaWcnyTVQO8bsSLxu7cUVxA3SOheQ
|
||||
izYKkYNbaBDmWlZxLYFsTUf5izEYdW5BwHaowmw22hSspFod+c37BoY/ePfkR5iQ
|
||||
YuEff/unyqvdHMDqIXWZqpAi5o5hW3jdCd7ZL5T0WWjz4CQ8eko1ZYYnYzZlDrge
|
||||
F0veW8+lzHBLx3Ad8HyVGwtRe+VV1V0AZ0lpWMtxo02ZDRtqNDqPqVfLT5P87ZPv
|
||||
r5GhKtedgrjwY2clgmCT0xgAKNxi2SC+c/vI5PRkIoqwbTiryLIYq8tl6T1k6AMY
|
||||
eN1ZNQR7eNEXpIvYRD/BZw7IWKkCRaKwfDVhUHCm0ikylwdLXIfEEEA5mu2LJeZh
|
||||
vCddhks0S8+lRyWR/3okurF6rlloNtM1pslceh2AMDwfs3fORhYJxFsV7O7fyRnD
|
||||
NS93fq56mQINBGNj8P4BEADXK//p0lWEUNUYirsm6BUyUXqPlPrpVTdPB1tJPj1o
|
||||
zgeMKFOpYRPU1IZF1G6pbKD09gL6y19LehQYx1a57PF7kCx2ZvvcFN24EHto1H1p
|
||||
Ti48dZ7KyyEO1rBeLY5Zjgz6YvQZcSH3cd6cTrAo7hPIAjtgSTWp04FjtYJqf+tT
|
||||
gf+9ZWY+i4nQ6/Q5Z5NUd8jsOcOoFDsmY6Fds+lzn0aZSg2yfd8fnX5QFOIwDv66
|
||||
aM25q2kvkrX0wtvSQbulC8x5g6fIB3xEL6MWbXcEBYkBMW5Cnw/Kmyj7lJwVwvEO
|
||||
FFhKaOH/d2LG3rM66gl048aJYLhEJyFSyooBynXs8S/NLDgca94Bvb54FPX8LC3p
|
||||
lqJRLxhdkha5NLcUYiHOq/L7LWdThh5rRAy87Ggog8TVza118K3oiYujlyVEzLhB
|
||||
NVMT8x5kl15YknVgOKJAv9j28bSZihHrS7aga1BtYFD8yA9MuuDaHARV6YmThkdg
|
||||
OEz/PNECjsxCLcT5Bbthzg6Jg1qo3Unyeup0UbyX4zxSphCVmerDmMYddLjJ/ydc
|
||||
1uxyn4IPINBSx2sAPuUIymhVC29MB6N+SnB37/poTvSsIH15Vg264OVdaervIpuC
|
||||
W3eUANr7zrdO85nc1CTWGhugFwccXv9nyxAt8zUF/ci17p1/mLpy9K3LqlStVI9j
|
||||
MwARAQABtDBDYXRoeSBBbG1vbmQgKENvZGUtU2lnbmluZyBLZXkpIDxjYXRoeWFA
|
||||
aXNjLm9yZz6JAk4EEwEKADgWIQT8h0w+P+hncHCscb617/asfhrd+AUCY2Pw/gIb
|
||||
AwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRC17/asfhrd+HM6D/9KD/n245Fq
|
||||
jVzew92lJtufAxAFkTA5WO6fXweMlUeqMOub4vpVMLPLoFe5TzWbJMtF0m/P5+aU
|
||||
YbcvZBWFHsrnwTgA55c1VrhggLOxpw4EU0TvBdwrO7PFOYc2WznaMG+mJdqw+uNM
|
||||
yK+G44aIaC6rvi3ILSo5HPnbgQWHs39QIRLLcUjtqvavQQeyYAl0zrvNI9Xrs/Nf
|
||||
eE6PS4hIXg90A9VJRhay18w9hA+STb+xmK+3oSwP1ayLqqQ43OnV/pExSHBsjBQk
|
||||
4p1nIPlRFL30lGp/o2MoBsRvQM1tELpgBTk1LaTHzuKEpOskrWU37xu0QgEtj7YE
|
||||
r0X+GGBxgJuUzqSyLsaDgH1sEDqE+AthFfv2dxDadcXM2cdch9y3OyuSMo89aWGc
|
||||
mEVyesjYoV40tDCG73qLtfehhV/iARDMCfnZGyGYIZdDBL+tZTNeLKVDIUi/R3x9
|
||||
OmpEl8ZuCuYltyEsJnCF/rQBVMgcTOmsMu6CMx+qT3kC8iGtHqkUT2ufpKISahTn
|
||||
e329FQjClEWwBHkr0T4K80Z0REjSo6UBtio73IOCxXe0RqO37L/qgo8xKZbLxy86
|
||||
857PRWJhgbw169FJ2kR5p+M5d/g/MUeYnigvWlORW5LyrFg6RnZ1ZbULZI80QhHN
|
||||
aSFf/w020HBsLCkzWA/XM6MO2ifJTSn8NpkCDQRkSjCrARAApLUMHAbmxUMWLgDQ
|
||||
apRZBwWXriEyIVqA/SIy1PyWPPFXqs3LZ5Kn5Gw1WO8PfzkPZNtccGmNLjujIoRB
|
||||
qR41nV5zxcpS896SujBoYl80A4F4v9Op9i2pFeI9r9acFcUDjbGWBqNro4EfRcJN
|
||||
Ctkd9+pl3TUvFX06QCTxmmHy3M81SW3b4NWI+jia1cKjCd+qBFBgKWdjSMBeVTBC
|
||||
R9eKqsBQ1UJql2bRzc8pReS+TYCeEbhaOCvUCCKCwGtsSUOW726iNB/4zR4OOuQV
|
||||
B9ORufwed+E/RXa8N08/l5O96uXG0krJtOVm0/qQcXOaKxiDo6djnAgCdjFK5zaj
|
||||
7594wqbI7de58alWb/egqIhjBTgk+/cO+epZ05qx5SoJZL7ny2ottrfS2cBqP4g1
|
||||
SIt1sYl9ImHmJkNrNDy0s25nE9Nga6OfRqVbwnwot4ouTGwj0oZsCjw+gWjDdztH
|
||||
1fUWSnlA8jaX9/RZG2wKt9dI+Tp/U4d5dyTb8lIIzzgtAzDmDfPxwwT0rxAAL13A
|
||||
gDkJ0AzXA4WTOxb/JE2yfCz//kt7n8SYM//LixL4VAB7e/wnfZBhTq0OFpaPjFU0
|
||||
h/k0dc40AqcUuK3lSSjQr3KTzRHtjz8qtN4DFSuyZac83QSVtWE1rFKjS8bl3XHC
|
||||
kFFRJ2dMt2WRSkLOYNiTGbYLvmEAEQEAAbQwQW5kcmVpIFBhdmVsIChDb2RlLVNp
|
||||
Z25pbmcgS2V5KSA8YW5kcmVpQGlzYy5vcmc+iQJOBBMBCgA4FiEE2mo1COZypJ3T
|
||||
gq/ZW49NkbiO2QkFAmRKMKsCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ
|
||||
W49NkbiO2QnQZw//XCpeqT0z/sqtu4FYWwYLz1OvWqhe+uA45f9BccnNSVkGFa7w
|
||||
3hlLQC/FLUIx2cVy9AluJBP29iQge/bCcXnzo/QvCbhe/4lCTxhr7nsBe1bWpuNI
|
||||
4Pl+cQxZQBwcz74zZ1jjaaQOqm3XtdZxeKNfCQmNvz389UZEk2m8K6qJD23fy20V
|
||||
n5Y2C502UuP3MitbYKBxBSbs+Auwy1evz/prQ9VeD4Nv3Zr+jWbWFW+dSDC8jkrX
|
||||
cGdwWrUQ51QD8VBB9lPWPGY6yTbRmacr4AlVSo2DAfyjHRrGHigRF/VAD5p1+u2g
|
||||
3UFLJaEyujfzwU1kG4+zQCWZ2W2UBOekklq/yefxEY5vU1/Lad7vQhBmogQNF21T
|
||||
FvLUE6ez7XNsdMZStDPiT8OoTyFZYLRM4yw5rWKw+1mICBv7NV82YD/8hoMoZPyX
|
||||
2tNRTXv2MZ6qD++0dMCIZNEyFTB344srvQSyJ7K7vwxulc7iFWngRA8oe6JkAhH4
|
||||
B0yNq1FJm6jIL41S2FmnDL3DlfAdKWapBqzgqkv+X5DQBaTlG9a4BcSsdMJgU/Yx
|
||||
dD03YsKhDtEWTqBmmEamR1K1CgCC3mOJfsHB5z+Qhdraz2hMr00EQrD5lnpLLpcF
|
||||
rYWoilvVlRy7Y7U5wfhY4074L2ZfB+yElKsvtfGKJX/8g+eJdeRuII+hjEc=
|
||||
=NX7P
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
411
ldap2zone.c
Normal file
411
ldap2zone.c
Normal file
@ -0,0 +1,411 @@
|
||||
/*
|
||||
* Copyright (C) 2004, 2005 Stig Venaas <venaas@uninett.no>
|
||||
* $Id: ldap2zone.c,v 1.1 2007/07/24 15:18:00 atkac Exp $
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*/
|
||||
|
||||
#define LDAP_DEPRECATED 1
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <ctype.h>
|
||||
|
||||
#include <ldap.h>
|
||||
|
||||
struct string {
|
||||
void *data;
|
||||
size_t len;
|
||||
};
|
||||
|
||||
struct assstack_entry {
|
||||
struct string key;
|
||||
struct string val;
|
||||
struct assstack_entry *next;
|
||||
};
|
||||
|
||||
struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key);
|
||||
void assstack_push(struct assstack_entry **stack, struct assstack_entry *item);
|
||||
void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item);
|
||||
void printsoa(struct string *soa);
|
||||
void printrrs(char *defaultttl, struct assstack_entry *item);
|
||||
void print_zone(char *defaultttl, struct assstack_entry *stack);
|
||||
void usage(char *name);
|
||||
void err(char *name, const char *msg);
|
||||
int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val);
|
||||
|
||||
struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key) {
|
||||
for (; stack; stack = stack->next)
|
||||
if (stack->key.len == key->len && !memcmp(stack->key.data, key->data, key->len))
|
||||
return stack;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void assstack_push(struct assstack_entry **stack, struct assstack_entry *item) {
|
||||
item->next = *stack;
|
||||
*stack = item;
|
||||
}
|
||||
|
||||
void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item) {
|
||||
struct assstack_entry *p;
|
||||
|
||||
item->next = NULL;
|
||||
if (!*stack) {
|
||||
*stack = item;
|
||||
return;
|
||||
}
|
||||
/* find end, should keep track of end somewhere */
|
||||
/* really a queue, not a stack */
|
||||
p = *stack;
|
||||
while (p->next)
|
||||
p = p->next;
|
||||
p->next = item;
|
||||
}
|
||||
|
||||
void printsoa(struct string *soa) {
|
||||
char *s;
|
||||
size_t i;
|
||||
|
||||
s = (char *)soa->data;
|
||||
i = 0;
|
||||
while (i < soa->len) {
|
||||
putchar(s[i]);
|
||||
if (s[i++] == ' ')
|
||||
break;
|
||||
}
|
||||
while (i < soa->len) {
|
||||
putchar(s[i]);
|
||||
if (s[i++] == ' ')
|
||||
break;
|
||||
}
|
||||
printf("(\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
putchar(s[i]);
|
||||
if (s[i++] == ' ')
|
||||
break;
|
||||
}
|
||||
printf("; Serialnumber\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
if (s[i] == ' ')
|
||||
break;
|
||||
putchar(s[i++]);
|
||||
}
|
||||
i++;
|
||||
printf("\t; Refresh\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
if (s[i] == ' ')
|
||||
break;
|
||||
putchar(s[i++]);
|
||||
}
|
||||
i++;
|
||||
printf("\t; Retry\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
if (s[i] == ' ')
|
||||
break;
|
||||
putchar(s[i++]);
|
||||
}
|
||||
i++;
|
||||
printf("\t; Expire\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
putchar(s[i++]);
|
||||
}
|
||||
printf(" )\t; Minimum TTL\n");
|
||||
}
|
||||
|
||||
void printrrs(char *defaultttl, struct assstack_entry *item) {
|
||||
struct assstack_entry *stack;
|
||||
char *s;
|
||||
int first;
|
||||
size_t i;
|
||||
char *ttl, *type;
|
||||
int top;
|
||||
|
||||
s = (char *)item->key.data;
|
||||
|
||||
if (item->key.len == 1 && *s == '@') {
|
||||
top = 1;
|
||||
printf("@\t");
|
||||
} else {
|
||||
top = 0;
|
||||
for (i = 0; i < item->key.len; i++)
|
||||
putchar(s[i]);
|
||||
if (item->key.len < 8)
|
||||
putchar('\t');
|
||||
putchar('\t');
|
||||
}
|
||||
|
||||
first = 1;
|
||||
for (stack = (struct assstack_entry *) item->val.data; stack; stack = stack->next) {
|
||||
ttl = (char *)stack->key.data;
|
||||
s = strchr(ttl, ' ');
|
||||
*s++ = '\0';
|
||||
type = s;
|
||||
|
||||
if (first)
|
||||
first = 0;
|
||||
else
|
||||
printf("\t\t");
|
||||
|
||||
if (strcmp(defaultttl, ttl))
|
||||
printf("%s", ttl);
|
||||
putchar('\t');
|
||||
|
||||
if (top) {
|
||||
top = 0;
|
||||
printf("IN\t%s\t", type);
|
||||
/* Should always be SOA here */
|
||||
if (!strcmp(type, "SOA")) {
|
||||
printsoa(&stack->val);
|
||||
continue;
|
||||
}
|
||||
} else
|
||||
printf("%s\t", type);
|
||||
|
||||
s = (char *)stack->val.data;
|
||||
for (i = 0; i < stack->val.len; i++)
|
||||
putchar(s[i]);
|
||||
putchar('\n');
|
||||
}
|
||||
}
|
||||
|
||||
void print_zone(char *defaultttl, struct assstack_entry *stack) {
|
||||
printf("$TTL %s\n", defaultttl);
|
||||
for (; stack; stack = stack->next)
|
||||
printrrs(defaultttl, stack);
|
||||
};
|
||||
|
||||
void usage(char *name) {
|
||||
fprintf(stderr, "Usage:%s zone-name LDAP-URL default-ttl [serial]\n", name);
|
||||
exit(1);
|
||||
};
|
||||
|
||||
void err(char *name, const char *msg) {
|
||||
fprintf(stderr, "%s: %s\n", name, msg);
|
||||
exit(1);
|
||||
};
|
||||
|
||||
int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val) {
|
||||
struct string key;
|
||||
struct assstack_entry *rr, *rrdata;
|
||||
|
||||
/* Do nothing if name or value have 0 length */
|
||||
if (!name->bv_len || !val->bv_len)
|
||||
return 0;
|
||||
|
||||
/* see if already have an entry for this name */
|
||||
key.len = name->bv_len;
|
||||
key.data = name->bv_val;
|
||||
|
||||
rr = assstack_find(*stack, &key);
|
||||
if (!rr) {
|
||||
/* Not found, create and push new entry */
|
||||
rr = (struct assstack_entry *) malloc(sizeof(struct assstack_entry));
|
||||
if (!rr)
|
||||
return -1;
|
||||
rr->key.len = name->bv_len;
|
||||
rr->key.data = (void *) malloc(rr->key.len);
|
||||
if (!rr->key.data) {
|
||||
free(rr);
|
||||
return -1;
|
||||
}
|
||||
memcpy(rr->key.data, name->bv_val, name->bv_len);
|
||||
rr->val.len = sizeof(void *);
|
||||
rr->val.data = NULL;
|
||||
if (name->bv_len == 1 && *(char *)name->bv_val == '@')
|
||||
assstack_push(stack, rr);
|
||||
else
|
||||
assstack_insertbottom(stack, rr);
|
||||
}
|
||||
|
||||
rrdata = (struct assstack_entry *) malloc(sizeof(struct assstack_entry));
|
||||
if (!rrdata) {
|
||||
free(rr->key.data);
|
||||
free(rr);
|
||||
return -1;
|
||||
}
|
||||
rrdata->key.len = strlen(type) + strlen(ttl) + 1;
|
||||
rrdata->key.data = (void *) malloc(rrdata->key.len);
|
||||
if (!rrdata->key.data) {
|
||||
free(rrdata);
|
||||
free(rr->key.data);
|
||||
free(rr);
|
||||
return -1;
|
||||
}
|
||||
sprintf((char *)rrdata->key.data, "%s %s", ttl, type);
|
||||
|
||||
rrdata->val.len = val->bv_len;
|
||||
rrdata->val.data = (void *) malloc(val->bv_len);
|
||||
if (!rrdata->val.data) {
|
||||
free(rrdata->key.data);
|
||||
free(rrdata);
|
||||
free(rr->key.data);
|
||||
free(rr);
|
||||
return -1;
|
||||
}
|
||||
memcpy(rrdata->val.data, val->bv_val, val->bv_len);
|
||||
|
||||
if (!strcmp(type, "SOA"))
|
||||
assstack_push((struct assstack_entry **) &(rr->val.data), rrdata);
|
||||
else
|
||||
assstack_insertbottom((struct assstack_entry **) &(rr->val.data), rrdata);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
char *s, *hostporturl, *base = NULL;
|
||||
char *ttl, *defaultttl;
|
||||
LDAP *ld;
|
||||
char *fltr = NULL;
|
||||
LDAPMessage *res, *e;
|
||||
char *a, **ttlvals, **soavals, *serial;
|
||||
struct berval **vals, **names;
|
||||
char type[64];
|
||||
BerElement *ptr;
|
||||
int i, j, rc, msgid;
|
||||
struct assstack_entry *zone = NULL;
|
||||
|
||||
if (argc < 4 || argc > 5)
|
||||
usage(argv[0]);
|
||||
|
||||
hostporturl = argv[2];
|
||||
|
||||
if (hostporturl != strstr( hostporturl, "ldap"))
|
||||
err(argv[0], "Not an LDAP URL");
|
||||
|
||||
s = strchr(hostporturl, ':');
|
||||
|
||||
if (!s || strlen(s) < 3 || s[1] != '/' || s[2] != '/')
|
||||
err(argv[0], "Not an LDAP URL");
|
||||
|
||||
s = strchr(s+3, '/');
|
||||
if (s) {
|
||||
*s++ = '\0';
|
||||
base = s;
|
||||
s = strchr(base, '?');
|
||||
if (s)
|
||||
err(argv[0], "LDAP URL can only contain host, port and base");
|
||||
}
|
||||
|
||||
defaultttl = argv[3];
|
||||
|
||||
rc = ldap_initialize(&ld, hostporturl);
|
||||
if (rc != LDAP_SUCCESS)
|
||||
err(argv[0], "ldap_initialize() failed");
|
||||
|
||||
if (argc == 5) {
|
||||
/* serial number specified, check if different from one in SOA */
|
||||
fltr = (char *)malloc(strlen(argv[1]) + strlen("(&(relativeDomainName=@)(zoneName=))") + 1);
|
||||
sprintf(fltr, "(&(relativeDomainName=@)(zoneName=%s))", argv[1]);
|
||||
msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0);
|
||||
if (msgid == -1)
|
||||
err(argv[0], "ldap_search() failed");
|
||||
|
||||
while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) {
|
||||
/* not supporting continuation references at present */
|
||||
if (rc != LDAP_RES_SEARCH_ENTRY)
|
||||
err(argv[0], "ldap_result() returned cont.ref? Exiting");
|
||||
|
||||
/* only one entry per result message */
|
||||
e = ldap_first_entry(ld, res);
|
||||
if (e == NULL) {
|
||||
ldap_msgfree(res);
|
||||
err(argv[0], "ldap_first_entry() failed");
|
||||
}
|
||||
|
||||
soavals = ldap_get_values(ld, e, "SOARecord");
|
||||
if (soavals)
|
||||
break;
|
||||
}
|
||||
|
||||
ldap_msgfree(res);
|
||||
if (!soavals) {
|
||||
err(argv[0], "No SOA Record found");
|
||||
}
|
||||
|
||||
/* We have a SOA, compare serial numbers */
|
||||
/* Only checkinf first value, should be only one */
|
||||
s = strchr(soavals[0], ' ');
|
||||
s++;
|
||||
s = strchr(s, ' ');
|
||||
s++;
|
||||
serial = s;
|
||||
s = strchr(s, ' ');
|
||||
*s = '\0';
|
||||
if (!strcmp(serial, argv[4])) {
|
||||
ldap_value_free(soavals);
|
||||
err(argv[0], "serial numbers match");
|
||||
}
|
||||
ldap_value_free(soavals);
|
||||
}
|
||||
|
||||
if (!fltr)
|
||||
fltr = (char *)malloc(strlen(argv[1]) + strlen("(zoneName=)") + 1);
|
||||
if (!fltr)
|
||||
err(argv[0], "Malloc failed");
|
||||
sprintf(fltr, "(zoneName=%s)", argv[1]);
|
||||
|
||||
msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0);
|
||||
if (msgid == -1)
|
||||
err(argv[0], "ldap_search() failed");
|
||||
|
||||
while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) {
|
||||
/* not supporting continuation references at present */
|
||||
if (rc != LDAP_RES_SEARCH_ENTRY)
|
||||
err(argv[0], "ldap_result() returned cont.ref? Exiting");
|
||||
|
||||
/* only one entry per result message */
|
||||
e = ldap_first_entry(ld, res);
|
||||
if (e == NULL) {
|
||||
ldap_msgfree(res);
|
||||
err(argv[0], "ldap_first_entry() failed");
|
||||
}
|
||||
|
||||
names = ldap_get_values_len(ld, e, "relativeDomainName");
|
||||
if (!names)
|
||||
continue;
|
||||
|
||||
ttlvals = ldap_get_values(ld, e, "dNSTTL");
|
||||
ttl = ttlvals ? ttlvals[0] : defaultttl;
|
||||
|
||||
for (a = ldap_first_attribute(ld, e, &ptr); a != NULL; a = ldap_next_attribute(ld, e, ptr)) {
|
||||
char *s;
|
||||
|
||||
for (s = a; *s; s++)
|
||||
*s = toupper(*s);
|
||||
s = strstr(a, "RECORD");
|
||||
if ((s == NULL) || (s == a) || (s - a >= (signed int)sizeof(type))) {
|
||||
ldap_memfree(a);
|
||||
continue;
|
||||
}
|
||||
|
||||
strncpy(type, a, s - a);
|
||||
type[s - a] = '\0';
|
||||
vals = ldap_get_values_len(ld, e, a);
|
||||
if (vals) {
|
||||
for (i = 0; vals[i]; i++)
|
||||
for (j = 0; names[j]; j++)
|
||||
if (putrr(&zone, names[j], type, ttl, vals[i]))
|
||||
err(argv[0], "malloc failed");
|
||||
ldap_value_free_len(vals);
|
||||
}
|
||||
ldap_memfree(a);
|
||||
}
|
||||
|
||||
if (ptr)
|
||||
ber_free(ptr, 0);
|
||||
if (ttlvals)
|
||||
ldap_value_free(ttlvals);
|
||||
ldap_value_free_len(names);
|
||||
/* free this result */
|
||||
ldap_msgfree(res);
|
||||
}
|
||||
|
||||
/* free final result */
|
||||
ldap_msgfree(res);
|
||||
|
||||
print_zone(defaultttl, zone);
|
||||
return 0;
|
||||
}
|
143
makefile-replace-libs.py
Executable file
143
makefile-replace-libs.py
Executable file
@ -0,0 +1,143 @@
|
||||
#!/usr/bin/python3
|
||||
#
|
||||
# Makefile modificator
|
||||
#
|
||||
# Should help in building bin/tests/system tests standalone,
|
||||
# linked to libraries installed into the system.
|
||||
# TODO:
|
||||
# - Fix top_srcdir, because dyndb/driver/Makefile uses $TOPSRC/mkinstalldirs
|
||||
# - Fix conf.sh to contain paths to system tools
|
||||
# - Export $TOP/version somewhere, where it would be used
|
||||
# - system tests needs bin/tests code. Do not include just bin/tests/system
|
||||
#
|
||||
# Possible solution:
|
||||
#
|
||||
# sed -e 's/$TOP\/s\?bin\/\(delv\|confgen\|named\|nsupdate\|pkcs11\|python\|rndc\|check\|dig\|dnssec\|tools\)\/\([[:alnum:]-]\+\)/`type -p \2`/' conf.sh
|
||||
# sed -e 's,../../../../\(isc-config.sh\),\1,' builtin/tests.sh
|
||||
# or use: $NAMED -V | head -1 | cut -d ' ' -f 2
|
||||
|
||||
import re
|
||||
import argparse
|
||||
|
||||
"""
|
||||
Script for replacing Makefile ISC_INCLUDES with runtime flags.
|
||||
|
||||
Should translate part of Makefile to use isc-config.sh instead static linked sources.
|
||||
ISC_INCLUDES = -I/home/pemensik/rhel/bind/bind-9.11.12/build/lib/isc/include \
|
||||
-I${top_srcdir}/lib/isc \
|
||||
-I${top_srcdir}/lib/isc/include \
|
||||
-I${top_srcdir}/lib/isc/unix/include \
|
||||
-I${top_srcdir}/lib/isc/pthreads/include \
|
||||
-I${top_srcdir}/lib/isc/x86_32/include
|
||||
|
||||
Should be translated to:
|
||||
ISC_INCLUDES = $(shell isc-config.sh --cflags isc)
|
||||
"""
|
||||
|
||||
def isc_config(mode, lib):
|
||||
if mode:
|
||||
return '$(shell isc-config.sh {mode} {lib})'.format(mode=mode, lib=lib)
|
||||
else:
|
||||
return ''
|
||||
|
||||
def check_match(match, debug=False):
|
||||
"""
|
||||
Check this definition is handled by internal library
|
||||
"""
|
||||
if not match:
|
||||
return False
|
||||
lib = match.group(2).lower()
|
||||
ok = not lib_filter or lib in lib_filter
|
||||
if debug:
|
||||
print('{status} {lib}: {text}'.format(status=ok, lib=lib, text=match.group(1)))
|
||||
return ok
|
||||
|
||||
def fix_line(match, mode):
|
||||
lib = match.group(2).lower()
|
||||
return match.group(1)+isc_config(mode, lib)+"\n"
|
||||
|
||||
def fix_file_lines(path, debug=False):
|
||||
"""
|
||||
Opens file and scans fixes selected parameters
|
||||
|
||||
Returns list of lines if something should be changed,
|
||||
None if no action is required
|
||||
"""
|
||||
fixed = []
|
||||
changed = False
|
||||
with open(path, 'r') as fin:
|
||||
fout = None
|
||||
|
||||
line = next(fin, None)
|
||||
while line:
|
||||
appended = False
|
||||
while line.endswith("\\\n"):
|
||||
line += next(fin, None)
|
||||
|
||||
inc = re_includes.match(line)
|
||||
deplibs = re_deplibs.match(line)
|
||||
libs = re_libs.match(line)
|
||||
newline = None
|
||||
if check_match(inc, debug=debug):
|
||||
newline = fix_line(inc, '--cflags')
|
||||
elif check_match(deplibs, debug=debug):
|
||||
newline = fix_line(libs, None)
|
||||
elif check_match(libs, debug=debug):
|
||||
newline = fix_line(libs, '--libs')
|
||||
|
||||
if newline and line != newline:
|
||||
changed = True
|
||||
line = newline
|
||||
|
||||
fixed.append(line)
|
||||
line = next(fin, None)
|
||||
|
||||
if not changed:
|
||||
return None
|
||||
else:
|
||||
return fixed
|
||||
|
||||
def write_lines(path, lines):
|
||||
fout = open(path, 'w')
|
||||
for line in lines:
|
||||
fout.write(line)
|
||||
fout.close()
|
||||
|
||||
def print_lines(lines):
|
||||
for line in lines:
|
||||
print(line, end='')
|
||||
|
||||
if __name__ == '__main__':
|
||||
parser = argparse.ArgumentParser(description='Makefile multiline include replacer')
|
||||
parser.add_argument('files', nargs='+')
|
||||
parser.add_argument('--filter', type=str,
|
||||
default='isc isccc isccfg dns lwres bind9 irs',
|
||||
help='List of libraries supported by isc-config.sh')
|
||||
parser.add_argument('--check', action='store_true',
|
||||
help='Test file only')
|
||||
parser.add_argument('--print', action='store_true',
|
||||
help='Print changed file only')
|
||||
parser.add_argument('--debug', action='store_true',
|
||||
help='Enable debug outputs')
|
||||
|
||||
args = parser.parse_args()
|
||||
lib_filter = None
|
||||
|
||||
re_includes = re.compile(r'^\s*((\w+)_INCLUDES\s+=\s*).*')
|
||||
re_deplibs = re.compile(r'^\s*((\w+)DEPLIBS\s*=).*')
|
||||
re_libs = re.compile(r'^\s*((\w+)LIBS\s*=).*')
|
||||
|
||||
if args.filter:
|
||||
lib_filter = set(args.filter.split(' '))
|
||||
pass
|
||||
|
||||
for path in args.files:
|
||||
lines = fix_file_lines(path, debug=args.debug)
|
||||
if lines:
|
||||
if args.print:
|
||||
print_lines(lines)
|
||||
elif not args.check:
|
||||
write_lines(path, lines)
|
||||
print('File {path} was fixed'.format(path=path))
|
||||
else:
|
||||
print('File {path} does not need fixing'.format(path=path))
|
12
named-chroot-setup.service
Normal file
12
named-chroot-setup.service
Normal file
@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description=Set-up/destroy chroot environment for named (DNS)
|
||||
BindsTo=named-chroot.service
|
||||
Wants=named-setup-rndc.service
|
||||
After=named-setup-rndc.service
|
||||
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart=/usr/libexec/setup-named-chroot.sh /var/named/chroot on /etc/named-chroot.files
|
||||
ExecStop=/usr/libexec/setup-named-chroot.sh /var/named/chroot off /etc/named-chroot.files
|
25
named-chroot.files
Normal file
25
named-chroot.files
Normal file
@ -0,0 +1,25 @@
|
||||
# Configuration of files used in chroot
|
||||
# Following files are made available after named-chroot.service start
|
||||
# if they are missing or empty in target directory.
|
||||
/etc/localtime
|
||||
/etc/named.root.key
|
||||
/etc/named.conf
|
||||
/etc/named.rfc1912.zones
|
||||
/etc/rndc.conf
|
||||
/etc/rndc.key
|
||||
/etc/named.iscdlv.key
|
||||
/etc/crypto-policies/back-ends/bind.config
|
||||
/etc/protocols
|
||||
/etc/services
|
||||
/etc/named.dnssec.keys
|
||||
/etc/pki/dnssec-keys
|
||||
/etc/named
|
||||
/usr/lib64/bind
|
||||
/usr/lib/bind
|
||||
/usr/share/GeoIP
|
||||
/run/named
|
||||
/proc/sys/net/ipv4/ip_local_port_range
|
||||
# Warning: the order is important
|
||||
# If a directory containing $ROOTDIR is listed here,
|
||||
# it MUST be listed last. (/var/named contains /var/named/chroot)
|
||||
/var/named
|
31
named-chroot.service
Normal file
31
named-chroot.service
Normal file
@ -0,0 +1,31 @@
|
||||
# Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log"
|
||||
# line to your /etc/rsyslog.conf file. Otherwise your logging becomes
|
||||
# broken when rsyslogd daemon is restarted (due update, for example).
|
||||
|
||||
[Unit]
|
||||
Description=Berkeley Internet Name Domain (DNS)
|
||||
Wants=nss-lookup.target
|
||||
Requires=named-chroot-setup.service
|
||||
Before=nss-lookup.target
|
||||
After=named-chroot-setup.service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
Environment=NAMEDCONF=/etc/named.conf
|
||||
EnvironmentFile=-/etc/sysconfig/named
|
||||
Environment=KRB5_KTNAME=/etc/named.keytab
|
||||
PIDFile=/var/named/chroot/run/named/named.pid
|
||||
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/bin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS
|
||||
|
||||
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
|
||||
|
||||
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
|
||||
|
||||
PrivateTmp=false
|
||||
Restart=on-abnormal
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
7
named-setup-rndc.service
Normal file
7
named-setup-rndc.service
Normal file
@ -0,0 +1,7 @@
|
||||
[Unit]
|
||||
Description=Generate rndc key for BIND (DNS)
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
|
||||
ExecStart=/usr/libexec/generate-rndc-key.sh
|
59
named.conf
Normal file
59
named.conf
Normal file
@ -0,0 +1,59 @@
|
||||
//
|
||||
// named.conf
|
||||
//
|
||||
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
|
||||
// server as a caching only nameserver (as a localhost DNS resolver only).
|
||||
//
|
||||
// See /usr/share/doc/bind*/sample/ for example named configuration files.
|
||||
//
|
||||
|
||||
options {
|
||||
listen-on port 53 { 127.0.0.1; };
|
||||
listen-on-v6 port 53 { ::1; };
|
||||
directory "/var/named";
|
||||
dump-file "/var/named/data/cache_dump.db";
|
||||
statistics-file "/var/named/data/named_stats.txt";
|
||||
memstatistics-file "/var/named/data/named_mem_stats.txt";
|
||||
secroots-file "/var/named/data/named.secroots";
|
||||
recursing-file "/var/named/data/named.recursing";
|
||||
allow-query { localhost; };
|
||||
|
||||
/*
|
||||
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
|
||||
- If you are building a RECURSIVE (caching) DNS server, you need to enable
|
||||
recursion.
|
||||
- If your recursive DNS server has a public IP address, you MUST enable access
|
||||
control to limit queries to your legitimate users. Failing to do so will
|
||||
cause your server to become part of large scale DNS amplification
|
||||
attacks. Implementing BCP38 within your network would greatly
|
||||
reduce such attack surface
|
||||
*/
|
||||
recursion yes;
|
||||
|
||||
dnssec-validation yes;
|
||||
|
||||
managed-keys-directory "/var/named/dynamic";
|
||||
geoip-directory "/usr/share/GeoIP";
|
||||
|
||||
pid-file "/run/named/named.pid";
|
||||
session-keyfile "/run/named/session.key";
|
||||
|
||||
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
|
||||
include "/etc/crypto-policies/back-ends/bind.config";
|
||||
};
|
||||
|
||||
logging {
|
||||
channel default_debug {
|
||||
file "data/named.run";
|
||||
severity dynamic;
|
||||
};
|
||||
};
|
||||
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "named.ca";
|
||||
};
|
||||
|
||||
include "/etc/named.rfc1912.zones";
|
||||
include "/etc/named.root.key";
|
||||
|
243
named.conf.sample
Normal file
243
named.conf.sample
Normal file
@ -0,0 +1,243 @@
|
||||
/*
|
||||
Sample named.conf BIND DNS server 'named' configuration file
|
||||
for the Red Hat BIND distribution.
|
||||
|
||||
See the BIND Administrator's Reference Manual (ARM) for details, in:
|
||||
file:///usr/share/doc/bind-{version}/arm/Bv9ARM.html
|
||||
Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
|
||||
its manual.
|
||||
*/
|
||||
|
||||
options
|
||||
{
|
||||
// Put files that named is allowed to write in the data/ directory:
|
||||
directory "/var/named"; // "Working" directory
|
||||
dump-file "data/cache_dump.db";
|
||||
statistics-file "data/named_stats.txt";
|
||||
memstatistics-file "data/named_mem_stats.txt";
|
||||
secroots-file "data/named.secroots";
|
||||
recursing-file "data/named.recursing";
|
||||
|
||||
|
||||
/*
|
||||
Specify listenning interfaces. You can use list of addresses (';' is
|
||||
delimiter) or keywords "any"/"none"
|
||||
*/
|
||||
//listen-on port 53 { any; };
|
||||
listen-on port 53 { 127.0.0.1; };
|
||||
|
||||
//listen-on-v6 port 53 { any; };
|
||||
listen-on-v6 port 53 { ::1; };
|
||||
|
||||
/*
|
||||
Access restrictions
|
||||
|
||||
There are two important options:
|
||||
allow-query { argument; };
|
||||
- allow queries for authoritative data
|
||||
|
||||
allow-query-cache { argument; };
|
||||
- allow queries for non-authoritative data (mostly cached data)
|
||||
|
||||
You can use address, network address or keywords "any"/"localhost"/"none" as argument
|
||||
Examples:
|
||||
allow-query { localhost; 10.0.0.1; 192.168.1.0/8; };
|
||||
allow-query-cache { ::1; fe80::5c63:a8ff:fe2f:4526; 10.0.0.1; };
|
||||
*/
|
||||
|
||||
allow-query { localhost; };
|
||||
allow-query-cache { localhost; };
|
||||
|
||||
/* Enable/disable recursion - recursion yes/no;
|
||||
|
||||
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
|
||||
- If you are building a RECURSIVE (caching) DNS server, you need to enable
|
||||
recursion.
|
||||
- If your recursive DNS server has a public IP address, you MUST enable access
|
||||
control to limit queries to your legitimate users. Failing to do so will
|
||||
cause your server to become part of large scale DNS amplification
|
||||
attacks. Implementing BCP38 within your network would greatly
|
||||
reduce such attack surface
|
||||
*/
|
||||
recursion yes;
|
||||
|
||||
/* DNSSEC related options. See information about keys ("Trusted keys", bellow) */
|
||||
|
||||
/* Enable DNSSEC validation on recursive servers */
|
||||
dnssec-validation yes;
|
||||
|
||||
/* In Fedora we use /run/named instead of default /var/run/named
|
||||
so we have to configure paths properly. */
|
||||
pid-file "/run/named/named.pid";
|
||||
session-keyfile "/run/named/session.key";
|
||||
|
||||
managed-keys-directory "/var/named/dynamic";
|
||||
|
||||
/* In Fedora we use system-wide Crypto Policy */
|
||||
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
|
||||
include "/etc/crypto-policies/back-ends/bind.config";
|
||||
};
|
||||
|
||||
logging
|
||||
{
|
||||
/* If you want to enable debugging, eg. using the 'rndc trace' command,
|
||||
* named will try to write the 'named.run' file in the $directory (/var/named).
|
||||
* By default, SELinux policy does not allow named to modify the /var/named directory,
|
||||
* so put the default debug log file in data/ :
|
||||
*/
|
||||
channel default_debug {
|
||||
file "data/named.run";
|
||||
severity dynamic;
|
||||
};
|
||||
};
|
||||
|
||||
/*
|
||||
Views let a name server answer a DNS query differently depending on who is asking.
|
||||
|
||||
By default, if named.conf contains no "view" clauses, all zones are in the
|
||||
"default" view, which matches all clients.
|
||||
|
||||
Views are processed sequentially. The first match is used so the last view should
|
||||
match "any" - it's fallback and the most restricted view.
|
||||
|
||||
If named.conf contains any "view" clause, then all zones MUST be in a view.
|
||||
*/
|
||||
|
||||
view "localhost_resolver"
|
||||
{
|
||||
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
|
||||
* If all you want is a caching-only nameserver, then you need only define this view:
|
||||
*/
|
||||
match-clients { localhost; };
|
||||
recursion yes;
|
||||
|
||||
# all views must contain the root hints zone:
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "/var/named/named.ca";
|
||||
};
|
||||
|
||||
/* these are zones that contain definitions for all the localhost
|
||||
* names and addresses, as recommended in RFC1912 - these names should
|
||||
* not leak to the other nameservers:
|
||||
*/
|
||||
include "/etc/named.rfc1912.zones";
|
||||
};
|
||||
view "internal"
|
||||
{
|
||||
/* This view will contain zones you want to serve only to "internal" clients
|
||||
that connect via your directly attached LAN interfaces - "localnets" .
|
||||
*/
|
||||
match-clients { localnets; };
|
||||
recursion yes;
|
||||
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "/var/named/named.ca";
|
||||
};
|
||||
|
||||
/* these are zones that contain definitions for all the localhost
|
||||
* names and addresses, as recommended in RFC1912 - these names should
|
||||
* not leak to the other nameservers:
|
||||
*/
|
||||
include "/etc/named.rfc1912.zones";
|
||||
|
||||
// These are your "authoritative" internal zones, and would probably
|
||||
// also be included in the "localhost_resolver" view above :
|
||||
|
||||
/*
|
||||
NOTE for dynamic DNS zones and secondary zones:
|
||||
|
||||
DO NOT USE SAME FILES IN MULTIPLE VIEWS!
|
||||
|
||||
If you are using views and DDNS/secondary zones it is strongly
|
||||
recommended to read FAQ on ISC site (www.isc.org), section
|
||||
"Configuration and Setup Questions", questions
|
||||
"How do I share a dynamic zone between multiple views?" and
|
||||
"How can I make a server a slave for both an internal and an external
|
||||
view at the same time?"
|
||||
*/
|
||||
|
||||
zone "my.internal.zone" {
|
||||
type primary;
|
||||
file "my.internal.zone.db";
|
||||
};
|
||||
zone "my.slave.internal.zone" {
|
||||
type secondary;
|
||||
file "slaves/my.slave.internal.zone.db";
|
||||
masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
|
||||
// put slave zones in the slaves/ directory so named can update them
|
||||
};
|
||||
zone "my.ddns.internal.zone" {
|
||||
type primary;
|
||||
allow-update { key ddns_key; };
|
||||
file "dynamic/my.ddns.internal.zone.db";
|
||||
// put dynamically updateable zones in the slaves/ directory so named can update them
|
||||
};
|
||||
};
|
||||
|
||||
key ddns_key
|
||||
{
|
||||
algorithm hmac-sha256;
|
||||
secret "use /usr/sbin/ddns-confgen to generate TSIG keys";
|
||||
};
|
||||
|
||||
view "external"
|
||||
{
|
||||
/* This view will contain zones you want to serve only to "external" clients
|
||||
* that have addresses that are not match any above view:
|
||||
*/
|
||||
match-clients { any; };
|
||||
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "/var/named/named.ca";
|
||||
};
|
||||
|
||||
recursion no;
|
||||
// you'd probably want to deny recursion to external clients, so you don't
|
||||
// end up providing free DNS service to all takers
|
||||
|
||||
// These are your "authoritative" external zones, and would probably
|
||||
// contain entries for just your web and mail servers:
|
||||
|
||||
zone "my.external.zone" {
|
||||
type primary;
|
||||
file "my.external.zone.db";
|
||||
};
|
||||
};
|
||||
|
||||
/* Trusted keys
|
||||
|
||||
This statement contains DNSSEC keys. If you want DNSSEC aware resolver you
|
||||
should configure at least one trusted key.
|
||||
|
||||
Note that no key written below is valid. Especially root key because root zone
|
||||
is not signed yet.
|
||||
*/
|
||||
/*
|
||||
trust-anchors {
|
||||
// Root Key
|
||||
. initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
|
||||
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
|
||||
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
|
||||
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
|
||||
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
|
||||
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
|
||||
R1AkUTV74bU=";
|
||||
|
||||
// Key for forward zone
|
||||
example.com. static-key 257 3 8 "AwEAAZ0aqu1rJ6orJynrRfNpPmayJZoAx9Ic2/Rl9VQW
|
||||
LMHyjxxem3VUSoNUIFXERQbj0A9Ogp0zDM9YIccKLRd6
|
||||
LmWiDCt7UJQxVdD+heb5Ec4qlqGmyX9MDabkvX2NvMws
|
||||
UecbYBq8oXeTT9LRmCUt9KUt/WOi6DKECxoG/bWTykrX
|
||||
yBR8elD+SQY43OAVjlWrVltHxgp4/rhBCvRbmdflunaP
|
||||
Igu27eE2U4myDSLT8a4A0rB5uHG4PkOa9dIRs9y00M2m
|
||||
Wf4lyPee7vi5few2dbayHXmieGcaAHrx76NGAABeY393
|
||||
xjlmDNcUkF1gpNWUla4fWZbbaYQzA93mLdrng+M=";
|
||||
|
||||
|
||||
// Key for reverse zone.
|
||||
2.0.192.IN-ADDRPA.NET. initial-ds 31406 8 2 "F78CF3344F72137235098ECBBD08947C2C9001C7F6A085A17F518B5D8F6B916D";
|
||||
};
|
||||
*/
|
10
named.empty
Normal file
10
named.empty
Normal file
@ -0,0 +1,10 @@
|
||||
$TTL 3H
|
||||
@ IN SOA @ rname.invalid. (
|
||||
0 ; serial
|
||||
1D ; refresh
|
||||
1H ; retry
|
||||
1W ; expire
|
||||
3H ) ; minimum
|
||||
NS @
|
||||
A 127.0.0.1
|
||||
AAAA ::1
|
10
named.localhost
Normal file
10
named.localhost
Normal file
@ -0,0 +1,10 @@
|
||||
$TTL 1D
|
||||
@ IN SOA @ rname.invalid. (
|
||||
0 ; serial
|
||||
1D ; refresh
|
||||
1H ; retry
|
||||
1W ; expire
|
||||
3H ) ; minimum
|
||||
NS @
|
||||
A 127.0.0.1
|
||||
AAAA ::1
|
12
named.logrotate
Normal file
12
named.logrotate
Normal file
@ -0,0 +1,12 @@
|
||||
/var/named/data/named.run {
|
||||
missingok
|
||||
su named named
|
||||
create 0644 named named
|
||||
postrotate
|
||||
/usr/bin/systemctl reload named.service > /dev/null 2>&1 || true
|
||||
/usr/bin/systemctl reload named-chroot.service > /dev/null 2>&1 || true
|
||||
/usr/bin/systemctl reload named-sdb.service > /dev/null 2>&1 || true
|
||||
/usr/bin/systemctl reload named-sdb-chroot.service > /dev/null 2>&1 || true
|
||||
/usr/bin/systemctl reload named-pkcs11.service > /dev/null 2>&1 || true
|
||||
endscript
|
||||
}
|
11
named.loopback
Normal file
11
named.loopback
Normal file
@ -0,0 +1,11 @@
|
||||
$TTL 1D
|
||||
@ IN SOA @ rname.invalid. (
|
||||
0 ; serial
|
||||
1D ; refresh
|
||||
1H ; retry
|
||||
1W ; expire
|
||||
3H ) ; minimum
|
||||
NS @
|
||||
A 127.0.0.1
|
||||
AAAA ::1
|
||||
PTR localhost.
|
45
named.rfc1912.zones
Normal file
45
named.rfc1912.zones
Normal file
@ -0,0 +1,45 @@
|
||||
// named.rfc1912.zones:
|
||||
//
|
||||
// Provided by Red Hat caching-nameserver package
|
||||
//
|
||||
// ISC BIND named zone configuration for zones recommended by
|
||||
// RFC 1912 section 4.1 : localhost TLDs and address zones
|
||||
// and https://tools.ietf.org/html/rfc6303
|
||||
// (c)2007 R W Franks
|
||||
//
|
||||
// See /usr/share/doc/bind*/sample/ for example named configuration files.
|
||||
//
|
||||
// Note: empty-zones-enable yes; option is default.
|
||||
// If private ranges should be forwarded, add
|
||||
// disable-empty-zone "."; into options
|
||||
//
|
||||
|
||||
zone "localhost.localdomain" IN {
|
||||
type primary;
|
||||
file "named.localhost";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
||||
zone "localhost" IN {
|
||||
type primary;
|
||||
file "named.localhost";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
||||
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
|
||||
type primary;
|
||||
file "named.loopback";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
||||
zone "1.0.0.127.in-addr.arpa" IN {
|
||||
type primary;
|
||||
file "named.loopback";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
||||
zone "0.in-addr.arpa" IN {
|
||||
type primary;
|
||||
file "named.empty";
|
||||
allow-update { none; };
|
||||
};
|
92
named.root
Normal file
92
named.root
Normal file
@ -0,0 +1,92 @@
|
||||
; This file holds the information on root name servers needed to
|
||||
; initialize cache of Internet domain name servers
|
||||
; (e.g. reference this file in the "cache . <file>"
|
||||
; configuration file of BIND domain name servers).
|
||||
;
|
||||
; This file is made available by InterNIC
|
||||
; under anonymous FTP as
|
||||
; file /domain/named.cache
|
||||
; on server FTP.INTERNIC.NET
|
||||
; -OR- RS.INTERNIC.NET
|
||||
;
|
||||
; last update: December 20, 2023
|
||||
; related version of root zone: 2023122001
|
||||
;
|
||||
; FORMERLY NS.INTERNIC.NET
|
||||
;
|
||||
. 3600000 NS A.ROOT-SERVERS.NET.
|
||||
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
|
||||
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
|
||||
;
|
||||
; FORMERLY NS1.ISI.EDU
|
||||
;
|
||||
. 3600000 NS B.ROOT-SERVERS.NET.
|
||||
B.ROOT-SERVERS.NET. 3600000 A 170.247.170.2
|
||||
B.ROOT-SERVERS.NET. 3600000 AAAA 2801:1b8:10::b
|
||||
;
|
||||
; FORMERLY C.PSI.NET
|
||||
;
|
||||
. 3600000 NS C.ROOT-SERVERS.NET.
|
||||
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
|
||||
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
|
||||
;
|
||||
; FORMERLY TERP.UMD.EDU
|
||||
;
|
||||
. 3600000 NS D.ROOT-SERVERS.NET.
|
||||
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
|
||||
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
|
||||
;
|
||||
; FORMERLY NS.NASA.GOV
|
||||
;
|
||||
. 3600000 NS E.ROOT-SERVERS.NET.
|
||||
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
|
||||
E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
|
||||
;
|
||||
; FORMERLY NS.ISC.ORG
|
||||
;
|
||||
. 3600000 NS F.ROOT-SERVERS.NET.
|
||||
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
|
||||
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
|
||||
;
|
||||
; FORMERLY NS.NIC.DDN.MIL
|
||||
;
|
||||
. 3600000 NS G.ROOT-SERVERS.NET.
|
||||
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
|
||||
G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
|
||||
;
|
||||
; FORMERLY AOS.ARL.ARMY.MIL
|
||||
;
|
||||
. 3600000 NS H.ROOT-SERVERS.NET.
|
||||
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
|
||||
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
|
||||
;
|
||||
; FORMERLY NIC.NORDU.NET
|
||||
;
|
||||
. 3600000 NS I.ROOT-SERVERS.NET.
|
||||
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
|
||||
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
|
||||
;
|
||||
; OPERATED BY VERISIGN, INC.
|
||||
;
|
||||
. 3600000 NS J.ROOT-SERVERS.NET.
|
||||
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
|
||||
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
|
||||
;
|
||||
; OPERATED BY RIPE NCC
|
||||
;
|
||||
. 3600000 NS K.ROOT-SERVERS.NET.
|
||||
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
|
||||
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
|
||||
;
|
||||
; OPERATED BY ICANN
|
||||
;
|
||||
. 3600000 NS L.ROOT-SERVERS.NET.
|
||||
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
|
||||
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
|
||||
;
|
||||
; OPERATED BY WIDE
|
||||
;
|
||||
. 3600000 NS M.ROOT-SERVERS.NET.
|
||||
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
|
||||
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
|
||||
; End of file
|
13
named.root.key
Normal file
13
named.root.key
Normal file
@ -0,0 +1,13 @@
|
||||
trust-anchors {
|
||||
# ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
|
||||
# for current trust anchor information.
|
||||
#
|
||||
# This key (20326) was published in the root zone in 2017.
|
||||
# Servers which were already using the old key (19036) should
|
||||
# roll seamlessly to this new one via RFC 5011 rollover. Servers
|
||||
# being set up for the first time can use the contents of this
|
||||
# file as initializing keys; thereafter, the keys in the
|
||||
# managed key database will be trusted and maintained
|
||||
# automatically.
|
||||
. initial-ds 20326 8 2 "E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D";
|
||||
};
|
6
named.rwtab
Normal file
6
named.rwtab
Normal file
@ -0,0 +1,6 @@
|
||||
dirs /var/named
|
||||
|
||||
files /var/named/named.ca
|
||||
files /var/named/named.empty
|
||||
files /var/named/named.localhost
|
||||
files /var/named/named.loopback
|
26
named.service
Normal file
26
named.service
Normal file
@ -0,0 +1,26 @@
|
||||
[Unit]
|
||||
Description=Berkeley Internet Name Domain (DNS)
|
||||
Wants=nss-lookup.target
|
||||
Wants=named-setup-rndc.service
|
||||
Before=nss-lookup.target
|
||||
After=named-setup-rndc.service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
Environment=NAMEDCONF=/etc/named.conf
|
||||
EnvironmentFile=-/etc/sysconfig/named
|
||||
Environment=KRB5_KTNAME=/etc/named.keytab
|
||||
PIDFile=/run/named/named.pid
|
||||
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/bin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS
|
||||
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
|
||||
|
||||
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
|
||||
|
||||
PrivateTmp=true
|
||||
Restart=on-abnormal
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
17
named.sysconfig
Normal file
17
named.sysconfig
Normal file
@ -0,0 +1,17 @@
|
||||
# BIND named process options
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# OPTIONS="whatever" -- These additional options will be passed to named
|
||||
# at startup. Don't add -t here, enable proper
|
||||
# -chroot.service unit file.
|
||||
#
|
||||
# NAMEDCONF=/etc/named/alternate.conf
|
||||
# -- Don't use -c to change configuration file.
|
||||
# Extend systemd named.service instead or use this
|
||||
# variable.
|
||||
#
|
||||
# DISABLE_ZONE_CHECKING -- By default, service file calls named-checkzone
|
||||
# utility for every zone to ensure all zones are
|
||||
# valid before named starts. If you set this option
|
||||
# to 'yes' then service file doesn't perform those
|
||||
# checks.
|
10
plans/all.fmf
Normal file
10
plans/all.fmf
Normal file
@ -0,0 +1,10 @@
|
||||
summary: Test plan with all beakerlib tests
|
||||
environment+:
|
||||
PACKAGE: bind
|
||||
discover:
|
||||
how: fmf
|
||||
url: https://src.fedoraproject.org/tests/bind.git
|
||||
execute:
|
||||
how: tmt
|
||||
context:
|
||||
component: bind
|
11
plans/tier1-public.fmf
Normal file
11
plans/tier1-public.fmf
Normal file
@ -0,0 +1,11 @@
|
||||
summary: Public (Fedora) Tier1 beakerlib tests
|
||||
environment+:
|
||||
PACKAGE: bind
|
||||
discover:
|
||||
how: fmf
|
||||
url: https://src.fedoraproject.org/tests/bind.git
|
||||
filter: 'tier: 1'
|
||||
execute:
|
||||
how: tmt
|
||||
context:
|
||||
component: bind
|
117
setup-named-chroot.sh
Executable file
117
setup-named-chroot.sh
Executable file
@ -0,0 +1,117 @@
|
||||
#!/bin/bash
|
||||
|
||||
ROOTDIR="$1"
|
||||
CONFIG_FILES="${3:-/etc/named-chroot.files}"
|
||||
|
||||
usage()
|
||||
{
|
||||
echo
|
||||
echo 'This script setups chroot environment for BIND'
|
||||
echo 'Usage: setup-named-chroot.sh ROOTDIR <on|off> [chroot.files]'
|
||||
}
|
||||
|
||||
if ! [ "$#" -ge 2 -a "$#" -le 3 ]; then
|
||||
echo 'Wrong number of arguments'
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Exit if ROOTDIR doesn't exist
|
||||
if ! [ -d "$ROOTDIR" ]; then
|
||||
echo "Root directory $ROOTDIR doesn't exist"
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! [ -r "$CONFIG_FILES" ]; then
|
||||
echo "Files list $CONFIG_FILES doesn't exist" 2>&1
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
dev_create()
|
||||
{
|
||||
DEVNAME="$ROOTDIR/dev/$1"
|
||||
shift
|
||||
if ! [ -e "$DEVNAME" ]; then
|
||||
/bin/mknod -m 0664 "$DEVNAME" $@
|
||||
/bin/chgrp named "$DEVNAME"
|
||||
if [ -x /usr/sbin/selinuxenabled -a -x /sbin/restorecon ]; then
|
||||
/usr/sbin/selinuxenabled && /sbin/restorecon "$DEVNAME" > /dev/null || :
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
dev_chroot_prep()
|
||||
{
|
||||
dev_create random c 1 8
|
||||
dev_create urandom c 1 9
|
||||
dev_create zero c 1 5
|
||||
dev_create null c 1 3
|
||||
}
|
||||
|
||||
files_comment_filter()
|
||||
{
|
||||
if [ -d "$1" ]; then
|
||||
grep -v '^[[:space:]]*#' "$1"/*.files
|
||||
else
|
||||
grep -v '^[[:space:]]*#' "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
mount_chroot_conf()
|
||||
{
|
||||
if [ -n "$ROOTDIR" ]; then
|
||||
# Check devices are prepared
|
||||
dev_chroot_prep
|
||||
files_comment_filter "$CONFIG_FILES" | while read -r all; do
|
||||
# Skip nonexistant files
|
||||
[ -e "$all" ] || continue
|
||||
|
||||
# If mount source is a file
|
||||
if ! [ -d "$all" ]; then
|
||||
# mount it only if it is not present in chroot or it is empty
|
||||
if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then
|
||||
touch "$ROOTDIR$all"
|
||||
mount --bind "$all" "$ROOTDIR$all"
|
||||
fi
|
||||
else
|
||||
# Mount source is a directory. Mount it only if directory in chroot is
|
||||
# empty.
|
||||
if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
|
||||
mount --bind --make-private "$all" "$ROOTDIR$all"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
umount_chroot_conf()
|
||||
{
|
||||
if [ -n "$ROOTDIR" ]; then
|
||||
files_comment_filter "$CONFIG_FILES" | while read -r all; do
|
||||
# Check if file is mount target. Do not use /proc/mounts because detecting
|
||||
# of modified mounted files can fail.
|
||||
if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
|
||||
umount "$ROOTDIR$all"
|
||||
# Remove temporary created files
|
||||
[ -f "$all" ] && rm -f "$ROOTDIR$all"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
case "$2" in
|
||||
on)
|
||||
mount_chroot_conf
|
||||
;;
|
||||
off)
|
||||
umount_chroot_conf
|
||||
;;
|
||||
*)
|
||||
echo 'Second argument has to be "on" or "off"'
|
||||
usage
|
||||
exit 1
|
||||
esac
|
||||
|
||||
exit 0
|
124
setup-named-softhsm.sh
Executable file
124
setup-named-softhsm.sh
Executable file
@ -0,0 +1,124 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# This script will initialise token storage of softhsm PKCS11 provider
|
||||
# in custom location. Is useful to store tokens in non-standard location.
|
||||
#
|
||||
# Output can be evaluated from bash, it will prepare it for usage of temporary tokens.
|
||||
# Quotes around eval are mandatory!
|
||||
# Recommended use:
|
||||
# eval "$(bash setup-named-softhsm.sh -A)"
|
||||
#
|
||||
|
||||
SOFTHSM2_CONF="$1"
|
||||
TOKENPATH="$2"
|
||||
GROUPNAME="$3"
|
||||
# Do not use this script for real keys worth protection
|
||||
# This is intended for crypto accelerators using PKCS11 interface.
|
||||
# Uninitialized token would fail any crypto operation.
|
||||
PIN=1234
|
||||
SO_PIN=1234
|
||||
LABEL=rpm
|
||||
|
||||
set -e
|
||||
|
||||
echo_i()
|
||||
{
|
||||
echo "#" $@
|
||||
}
|
||||
|
||||
random()
|
||||
{
|
||||
if [ -x "$(which openssl 2>/dev/null)" ]; then
|
||||
openssl rand -base64 $1
|
||||
else
|
||||
dd if=/dev/urandom bs=1c count=$1 | base64
|
||||
fi
|
||||
}
|
||||
|
||||
usage()
|
||||
{
|
||||
echo "Usage: $0 -A [token directory] [group]"
|
||||
echo " or: $0 <config file> <token directory> [group]"
|
||||
}
|
||||
|
||||
if [ "$SOFTHSM2_CONF" = "-A" -a -z "$TOKENPATH" ]; then
|
||||
TOKENPATH=$(mktemp -d /var/tmp/softhsm-XXXXXX)
|
||||
fi
|
||||
|
||||
if [ -z "$SOFTHSM2_CONF" -o -z "$TOKENPATH" ]; then
|
||||
usage >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$SOFTHSM2_CONF" = "-A" ]; then
|
||||
# Automagic mode instead
|
||||
MODE=secure
|
||||
SOFTHSM2_CONF="$TOKENPATH/softhsm2.conf"
|
||||
PIN_SOURCE="$TOKENPATH/pin"
|
||||
SOPIN_SOURCE="$TOKENPATH/so-pin"
|
||||
TOKENPATH="$TOKENPATH/tokens"
|
||||
else
|
||||
MODE=legacy
|
||||
fi
|
||||
|
||||
[ -d "$TOKENPATH" ] || mkdir -p "$TOKENPATH"
|
||||
|
||||
umask 0022
|
||||
|
||||
if ! [ -f "$SOFTHSM2_CONF" ]; then
|
||||
cat << SED > "$SOFTHSM2_CONF"
|
||||
# SoftHSM v2 configuration file
|
||||
|
||||
directories.tokendir = ${TOKENPATH}
|
||||
objectstore.backend = file
|
||||
|
||||
# ERROR, WARNING, INFO, DEBUG
|
||||
log.level = ERROR
|
||||
|
||||
# If CKF_REMOVABLE_DEVICE flag should be set
|
||||
slots.removable = false
|
||||
SED
|
||||
else
|
||||
echo_i "Config file $SOFTHSM2_CONF already exists" >&2
|
||||
fi
|
||||
|
||||
if [ -n "$PIN_SOURCE" ]; then
|
||||
touch "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
chmod 0600 "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
if [ -n "$GROUPNAME" ]; then
|
||||
chgrp "$GROUPNAME" "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
chmod g+r "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
fi
|
||||
fi
|
||||
|
||||
export SOFTHSM2_CONF
|
||||
|
||||
if softhsm2-util --show-slots | grep 'Initialized:[[:space:]]*yes' > /dev/null
|
||||
then
|
||||
echo_i "Token in ${TOKENPATH} is already initialized" >&2
|
||||
|
||||
[ -f "$PIN_SOURCE" ] && PIN=$(cat "$PIN_SOURCE")
|
||||
[ -f "$SOPIN_SOURCE" ] && SO_PIN=$(cat "$SOPIN_SOURCE")
|
||||
else
|
||||
PIN=$(random 6)
|
||||
SO_PIN=$(random 18)
|
||||
if [ -n "$PIN_SOURCE" ]; then
|
||||
echo -n "$PIN" > "$PIN_SOURCE"
|
||||
echo -n "$SO_PIN" > "$SOPIN_SOURCE"
|
||||
fi
|
||||
|
||||
echo_i "Initializing tokens to ${TOKENPATH}..."
|
||||
softhsm2-util --init-token --free --label "$LABEL" --pin "$PIN" --so-pin "$SO_PIN" | sed -e 's/^/# /'
|
||||
|
||||
if [ -n "$GROUPNAME" ]; then
|
||||
chgrp -R -- "$GROUPNAME" "$TOKENPATH"
|
||||
chmod -R -- g=rX,o= "$TOKENPATH"
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "export SOFTHSM2_CONF=\"$SOFTHSM2_CONF\""
|
||||
echo "export PIN_SOURCE=\"$PIN_SOURCE\""
|
||||
echo "export SOPIN_SOURCE=\"$SOPIN_SOURCE\""
|
||||
# These are intentionaly not exported
|
||||
echo "PIN=\"$PIN\""
|
||||
echo "SO_PIN=\"$SO_PIN\""
|
10
softhsm2.conf.in
Normal file
10
softhsm2.conf.in
Normal file
@ -0,0 +1,10 @@
|
||||
# SoftHSM v2 configuration file
|
||||
|
||||
directories.tokendir = @TOKENPATH@
|
||||
objectstore.backend = file
|
||||
|
||||
# ERROR, WARNING, INFO, DEBUG
|
||||
log.level = ERROR
|
||||
|
||||
# If CKF_REMOVABLE_DEVICE flag should be set
|
||||
slots.removable = false
|
2
sources
Normal file
2
sources
Normal file
@ -0,0 +1,2 @@
|
||||
SHA512 (bind-9.18.24.tar.xz) = 465f5b01570fdde5c95adfb780f54e0585814bd25baf914bb95bf5972f15a672e3e7b743a55f1804e69e17609d5a0cd66cc2bbab9174238b3c89e5ad732dc085
|
||||
SHA512 (bind-9.18.24.tar.xz.asc) = ee16356b2f523bea1a98fb74216aafa134af3dca42e64438f1c89d8a971919614274af316a170ff9d6f952a5101f44ec1f9fe2c460de42797b06a361c994fb6d
|
1
trusted-key.key
Normal file
1
trusted-key.key
Normal file
@ -0,0 +1 @@
|
||||
. 3600 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
|
Loading…
Reference in New Issue
Block a user