* Wed Feb 19 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-2

- Update to 2.1.6 (major upgrade, supports migration from 1.4.x) - gcc10 compile fixups - Fix trying to use unversioned libsqlite3.so file
2020-02-19 23:09:43 -05:00 · 2020-02-19 23:09:43 -05:00 · 3b082a60ff
commit 3b082a60ff
parent cbc7fca9d1
3 changed files with 41 additions and 9 deletions
--- a/conf.xml
+++ b/conf.xml
@ -48,7 +48,6 @@
 		</Privileges>

 		<Datastore><SQLite>/var/opendnssec/kasp.db</SQLite></Datastore>
-		<Interval>PT3600S</Interval>
 		<!-- <ManualKeyGeneration/> -->
 		<!-- <RolloverNotification>P14D</RolloverNotification> -->
 		
--- a/opendnssec-2.1.6-sqlite.patch
+++ b/opendnssec-2.1.6-sqlite.patch
@ -0,0 +1,21 @@
+diff --git a/enforcer/src/ods-migrate.c b/enforcer/src/ods-migrate.c
+index aece5058a..c440a36af 100644
+--- a/enforcer/src/ods-migrate.c
+++ b/enforcer/src/ods-migrate.c
+@@ -97,10 +97,13 @@ dblayer_sqlite3_initialize(void)
+     char const *error;
+ 
+     dlerror();
+-    handle = dlopen("libsqlite3.so", RTLD_NOW);
+    handle = dlopen("libsqlite3.so.0", RTLD_NOW);
+     if ((error = dlerror()) != NULL) {
+-	    printf("Failed to load sqlite3 library. dlerror(): %s\n", error);
+-	    exit(1);
+          handle = dlopen("libsqlite3.so", RTLD_NOW); /* unversioned is a -devel package file on some distros */
+          if ((error = dlerror()) != NULL) {
+             printf("Failed to load sqlite3 library. dlerror(): %s\n", error);
+             exit(1);
+          }
+     }
+ 
+     dblayer_sqlite3.sqlite3_prepare_v2 = (int(*)(sqlite3*, const char*, int, sqlite3_stmt**, const char **))functioncast(dlsym(handle, "sqlite3_prepare_v2"));
--- a/opendnssec.spec
+++ b/opendnssec.spec
@ -3,8 +3,8 @@

 Summary: DNSSEC key and zone management software
 Name: opendnssec
-Version: 2.1.5
-Release: 1%{?prever}%{?dist}
+Version: 2.1.6
+Release: 2%{?prever}%{?dist}
 License: BSD
 Url: http://www.opendnssec.org/
 Source0: http://www.opendnssec.org/files/source/%{?prever:testing/}%{name}-%{version}%{?prever}.tar.gz
@ -16,14 +16,18 @@ Source5: tmpfiles-opendnssec.conf
 Source6: opendnssec.cron
 Source7: opendnssec-2.1.sqlite_convert.sql

+Patch1: opendnssec-2.1.6-gcc10-fixups.patch
+Patch2: opendnssec-2.1.6-sqlite.patch
+
 Requires: opencryptoki, softhsm >= 2.5.0 , systemd-units
 Requires: libxml2, libxslt sqlite
 BuildRequires:  gcc
-BuildRequires: ldns-devel >= 1.6.12, sqlite-devel , openssl-devel
+BuildRequires: ldns-devel >= 1.6.12, sqlite-devel >= 3.0.0, openssl-devel
 BuildRequires: libxml2-devel CUnit-devel, doxygen
 # It tests for pkill/killall and would use /bin/false if not found
 BuildRequires: procps-ng
 BuildRequires: perl-interpreter
+BuildRequires: libmicrohttpd-devel jansson-devel libyaml-devel

 BuildRequires: systemd-units
 Requires(pre): shadow-utils
@ -31,7 +35,7 @@ Requires(post): systemd-units
 Requires(preun): systemd-units
 Requires(postun): systemd-units
 %if 0%{?prever:1}
-#For building snapshots
+# For building development snapshots
 Buildrequires: autoconf, automake, libtool, java
 %endif

@ -44,11 +48,17 @@ name server. It requires a PKCS#11 crypto module library, such as softhsm
 %setup -q -n %{name}-%{version}%{?prever}
 # bump default policy ZSK keysize to 2048
 sed -i "s/1024/2048/" conf/kasp.xml.in
+%patch1 -p1
+%patch2 -p1

 %build
 export LDFLAGS="-Wl,-z,relro,-z,now -pie -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
 export CFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wextra -Wformat -Wformat-nonliteral -Wformat-security"
 export CXXFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wformat-nonliteral -Wformat-security"
+%if 0%{?prever:1}
+# for development snapshots
+sh ./autogen.sh
+%endif
 %configure --with-ldns=%{_libdir}
 make %{?_smp_mflags}

@ -116,9 +126,9 @@ exit 0
 # Initialise a slot on the softhsm on first install
 if [ "$1" -eq 1 ]; then
   %{_sbindir}/runuser -u ods -- %{_bindir}/softhsm2-util --init-token \
-                --slot 0 --label "OpenDNSSEC" --pin 1234 --so-pin 1234
+                --free --label "OpenDNSSEC" --pin 1234 --so-pin 1234
   if [ ! -s %{_localstatedir}opendnssec/kasp.db ]; then
-      echo y | %{_bindir}/ods-ksmutil setup
+      echo y | %{_sbindir}/ods-enforcer-db-setup
   fi
 fi

@ -168,8 +178,10 @@ ods-enforcer update all >/dev/null 2>/dev/null ||:
 %systemd_postun_with_restart ods-signerd.service

 %changelog
-* Fri Jan 03 2020 Paul Wouters <pwouters@redhat.com> - 2.1.5-1
- Update to 2.1.5 (major upgrade, supports migration from 1.4.x)
+* Wed Feb 19 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-2
+- Update to 2.1.6 (major upgrade, supports migration from 1.4.x)
+- gcc10 compile fixups
+- Fix trying to use unversioned libsqlite3.so file

 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.14-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild