rpms/unbound
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Use static dnssec-root.key with link from lib

Browse Source 
Points to static data, which would be overwritten by
unbound-anchor.service. Makes default key kept intact and dynamic data
put instead of symlink.

Ignore most of file properties of %_localstatedir/unbound/root.key,
default symlink is replaced with anchor maintained regular file.

Resolves: rhbz#2132103
This commit is contained in:
Petr Menšík 2022-12-01 18:09:12 +01:00
parent 0953d81204
commit 00b1b0c570
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
unbound.spec
View File

@ -317,7 +317,12 @@ install -m 0644 %{SOURCE8} %{buildroot}%{_tmpfilesdir}/unbound.conf
# install root - we keep a copy of the root key in old location, # install root - we keep a copy of the root key in old location,
# in case user has changed the configuration and we wouldn't update it there # in case user has changed the configuration and we wouldn't update it there
install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/unbound/ install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/unbound/
install -m 0644 %{SOURCE13} %{buildroot}%{_sharedstatedir}/unbound/root.key install -m 0644 %{SOURCE13} %{buildroot}%{_sysconfdir}/unbound/dnssec-root.key
# make initial key static
pushd %{buildroot}%{_sharedstatedir}/unbound
KEYPATH=$(realpath --relative-to="%{buildroot}%{_sharedstatedir}/unbound" "%{buildroot}%{_sysconfdir}/unbound/dnssec-root.key")
ln -s "$KEYPATH" root.key
popd
# remove static library from install (fedora packaging guidelines) # remove static library from install (fedora packaging guidelines)
rm %{buildroot}%{_libdir}/*.la rm %{buildroot}%{_libdir}/*.la
@ -455,9 +460,10 @@ popd
%{_sysusersdir}/%{name}.sysusers %{_sysusersdir}/%{name}.sysusers
%{_libdir}/libunbound.so.8* %{_libdir}/libunbound.so.8*
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name} %dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
%attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key %verify(not size mtime filedigest link mode user group) %{_sharedstatedir}/%{name}/root.key
# just left for backwards compat with user changed unbound.conf files - format is different! # just left for backwards compat with user changed unbound.conf files - format is different!
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/dnssec-root.key
%files anchor %files anchor
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
@ -478,6 +484,7 @@ popd
* Thu Dec 01 2022 Petr Menšík <pemensik@redhat.com> - 1.17.0-2 * Thu Dec 01 2022 Petr Menšík <pemensik@redhat.com> - 1.17.0-2
- Move unbound user creation to libs (#2149036) - Move unbound user creation to libs (#2149036)
- Use systemd-sysusers for user creation (#2105416) - Use systemd-sysusers for user creation (#2105416)
- Keep original DNSSEC root key as config (#2132103)
* Tue Nov 01 2022 Petr Menšík <pemensik@redhat.com> - 1.17.0-1 * Tue Nov 01 2022 Petr Menšík <pemensik@redhat.com> - 1.17.0-1
- Update to 1.17.0 (#2134348) - Update to 1.17.0 (#2134348)