diff --git a/freeipa.spec b/freeipa.spec index f6431fe..843a547 100644 --- a/freeipa.spec +++ b/freeipa.spec @@ -85,8 +85,6 @@ # Fix for TLS 1.3 PHA, RHBZ#1775158 %global httpd_version 2.4.37-21 -%global bind_name bind9.18 -%global bind_version 9.18.29-2 # support for passkey %global sssd_version 2.9.5 @@ -136,12 +134,6 @@ %global httpd_version 2.4.41-9 # Fix for RHBZ#2117342 -%global bind_name bind -%if 0%{?fedora} < 37 -%global bind_version 9.11.24-1 -%else -%global bind_version 32:9.18.7-1 -%endif # Don't use Fedora's Python dependency generator on Fedora 30/rawhide yet. # Some packages don't provide new dist aliases. # https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/ @@ -226,7 +218,7 @@ Name: %{package_name} Version: %{IPA_VERSION} -Release: 13%{?rc_version:.%rc_version}%{?dist} +Release: 14%{?rc_version:.%rc_version}%{?dist} Summary: The Identity, Policy and Audit system License: GPL-3.0-or-later @@ -654,14 +646,14 @@ If you are installing an IPA server, you need to install this package. Summary: IPA integrated DNS server with support for automatic DNSSEC signing BuildArch: noarch Requires: %{name}-server = %{version}-%{release} -Requires: bind-dyndb-ldap >= 11.11-1 -Requires: %{bind_name} >= %{bind_version} -Requires: %{bind_name}-utils >= %{bind_version} +Requires: bind-dyndb-ldap +Requires: bind +Requires: bind-utils # bind-dnssec-utils is required by the OpenDNSSec integration # https://pagure.io/freeipa/issue/9026 -Requires: %{bind_name}-dnssec-utils >= %{bind_version} +Requires: bind-dnssec-utils %if %{with bind_pkcs11} -Requires: %{bind_name}-pkcs11 >= %{bind_version} +Requires: bind-pkcs11 %else Requires: softhsm >= %{softhsm_version} Requires: openssl-pkcs11 >= %{openssl_pkcs11_version} @@ -669,7 +661,6 @@ Requires: openssl-pkcs11 >= %{openssl_pkcs11_version} # See https://bugzilla.redhat.com/show_bug.cgi?id=1825812 # RHEL 8.3+ and Fedora 32+ have 2.1 Requires: opendnssec >= 2.1.6-5 -Recommends: %{name}-server-encrypted-dns %{?systemd_requires} Provides: %{alt_name}-server-dns = %{version} @@ -687,6 +678,11 @@ Integrated DNS server is BIND 9. OpenDNSSEC provides key management. %package server-encrypted-dns Summary: support for encrypted DNS in IPA integrated DNS server Requires: %{name}-client-encrypted-dns +Requires: %{name}-server-dns +Requires: bind9.18 +Requires: bind9.18-utils +Requires: bind9.18-dnssec-utils +Requires: bind9.18-dyndb-ldap %description server-encrypted-dns Provides support for enabling DNS over TLS in the IPA integrated DNS @@ -765,7 +761,7 @@ Requires: sssd-idp >= %{sssd_version} Requires: sssd-krb5 >= %{sssd_version} Requires: certmonger >= %{certmonger_version} Requires: nss-tools >= %{nss_version} -Requires: %{bind_name}-utils +Requires: bind-utils Requires: oddjob-mkhomedir Requires: libsss_autofs Requires: autofs @@ -773,7 +769,6 @@ Requires: libnfsidmap Requires: (nfs-utils or nfsv4-client-utils) Requires: sssd-tools >= %{sssd_version} Requires(post): policycoreutils -Recommends: %{name}-client-encrypted-dns # https://pagure.io/freeipa/issue/8530 Recommends: libsss_sudo @@ -817,6 +812,7 @@ This package provides command-line tools for IPA administrators. %package client-encrypted-dns Summary: Enable encrypted DNS support for clients +Requires: %{name}-client Requires: unbound %description client-encrypted-dns @@ -1947,6 +1943,9 @@ fi %endif %changelog +* Thu Mar 20 2025 Thomas Woerner - 4.12.2-14 +- Resolves: RHEL-80345 Use new bind9.18-dyndb-ldap and bind9.18 only for DNS over TLS with the ipa-server-encrypted-dns package + * Wed Feb 12 2025 Florence Blanc-Renaud - 4.12.2-13 - Resolves: RHEL-67913 Add DNS over TLS Support