diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:05:44 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:05:44 +0000 |
commit | b045529c40c83601909dca7b76a53498e9a70f33 (patch) | |
tree | 88371572105933fd950676c07b3a12163a0c9de0 /distro/pkg/el-7 | |
parent | Initial commit. (diff) | |
download | knot-b045529c40c83601909dca7b76a53498e9a70f33.tar.xz knot-b045529c40c83601909dca7b76a53498e9a70f33.zip |
Adding upstream version 3.3.4.upstream/3.3.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'distro/pkg/el-7')
-rw-r--r-- | distro/pkg/el-7/01-revert-AC_PROG_CC.patch | 18 | ||||
-rw-r--r-- | distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch | 67 | ||||
-rw-r--r-- | distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch | 25 | ||||
-rw-r--r-- | distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch | 166 | ||||
-rw-r--r-- | distro/pkg/el-7/knot.service | 25 | ||||
-rw-r--r-- | distro/pkg/el-7/knot.spec | 333 | ||||
-rw-r--r-- | distro/pkg/el-7/knot.tmpfiles | 3 |
7 files changed, 637 insertions, 0 deletions
diff --git a/distro/pkg/el-7/01-revert-AC_PROG_CC.patch b/distro/pkg/el-7/01-revert-AC_PROG_CC.patch new file mode 100644 index 0000000..fb49c00 --- /dev/null +++ b/distro/pkg/el-7/01-revert-AC_PROG_CC.patch @@ -0,0 +1,18 @@ +From: Daniel Salzman <daniel.salzman@nic.cz> +Date: Sun, 20 Feb 2022 20:38:35 +0100 +Subject: [PATCH] Revert "configure: upgrade from AC_PROG_CC_C99 to AC_PROG_CC" + +diff --git a/configure.ac b/configure.ac +index 6506197ed..c7df7f815 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -38,7 +38,8 @@ release_date=$($SED -n 's/^Knot DNS .* (\(.*\))/\1/p;q;' ${srcdir}/NEWS) + AC_SUBST([RELEASE_DATE], $release_date) + + # Set compiler compatibility flags +-AC_PROG_CC ++AC_PROG_CC_C99 # AC_PROG_CC not supported by CentOS 7 ++AM_PROG_CC_C_O # Needed by CentOS 7 + AC_PROG_CPP_WERROR + + # Set default CFLAGS diff --git a/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch new file mode 100644 index 0000000..cbc5aa2 --- /dev/null +++ b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch @@ -0,0 +1,67 @@ +From: Daniel Salzman <daniel.salzman@nic.cz> +Date: Mon, 20 Mar 2023 14:57:54 +0100 +Subject: [PATCH] distro/el-7: fix compilation by using SHA-1 for PIN computation + +diff --git a/src/libknot/quic/quic.c b/src/libknot/quic/quic.c +index 5610865f6..555c495d9 100644 +--- a/src/libknot/quic/quic.c ++++ b/src/libknot/quic/quic.c +@@ -460,7 +460,7 @@ void knot_quic_conn_pin(knot_quic_conn_t *conn, uint8_t *pin, size_t *pin_size, + goto error; + } + +- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, pin, pin_size); ++ ret = gnutls_x509_crt_get_key_id(cert, 0, pin, pin_size); + if (ret != GNUTLS_E_SUCCESS) { + gnutls_x509_crt_deinit(cert); + goto error; +diff --git a/src/utils/common/tls.c b/src/utils/common/tls.c +index 245dd3f96..6a2e7a986 100644 +--- a/src/utils/common/tls.c ++++ b/src/utils/common/tls.c +@@ -328,7 +328,7 @@ static int check_certificates(gnutls_session_t session, const list_t *pins) + + uint8_t cert_pin[CERT_PIN_LEN] = { 0 }; + size_t cert_pin_size = sizeof(cert_pin); +- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, ++ ret = gnutls_x509_crt_get_key_id(cert, 0, + cert_pin, &cert_pin_size); + if (ret != 0) { + gnutls_x509_crt_deinit(cert); +@@ -336,18 +336,18 @@ static int check_certificates(gnutls_session_t session, const list_t *pins) + } + + // Check if correspond to a specified PIN. +- bool match = check_pin(cert_pin, sizeof(cert_pin), pins); ++ bool match = check_pin(cert_pin, cert_pin_size, pins); + if (match) { + matches++; + } + + uint8_t *txt_pin; +- ret = knot_base64_encode_alloc(cert_pin, sizeof(cert_pin), &txt_pin); ++ ret = knot_base64_encode_alloc(cert_pin, cert_pin_size, &txt_pin); + if (ret < 0) { + gnutls_x509_crt_deinit(cert); + return ret; + } +- DBG(" SHA-256 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : ""); ++ DBG(" SHA-1 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : ""); + free(txt_pin); + + gnutls_x509_crt_deinit(cert); +diff --git a/src/utils/kdig/kdig_params.c b/src/utils/kdig/kdig_params.c +index 359b8b596..8fd33b011 100644 +--- a/src/utils/kdig/kdig_params.c ++++ b/src/utils/kdig/kdig_params.c +@@ -707,8 +707,8 @@ static int opt_tls_pin(const char *arg, void *query) + if (ret < 0) { + ERR("invalid +tls-pin=%s", arg); + return ret; +- } else if (ret != CERT_PIN_LEN) { // Check for 256-bit value. +- ERR("invalid sha256 hash length +tls-pin=%s", arg); ++ } else if (ret != 20) { // Check for 256-bit value. ++ ERR("invalid sha1 hash length +tls-pin=%s", arg); + return KNOT_EINVAL; + } + diff --git a/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch b/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch new file mode 100644 index 0000000..8ef7e7e --- /dev/null +++ b/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch @@ -0,0 +1,25 @@ +From c05abb0401d3343b96ced4a6cdd724ee04adfe1b Mon Sep 17 00:00:00 2001 +From: Daniel Salzman <daniel.salzman@nic.cz> +Date: Mon, 21 Aug 2023 16:54:46 +0200 +Subject: [PATCH] doc: don't try to import sphinx_panels on CentOS 7 + + + 1 file changed, 3 deletions(-) + +diff --git a/doc/conf.py b/doc/conf.py +index fc2e94d96..515241051 100644 +--- a/doc/conf.py ++++ b/doc/conf.py +@@ -27,9 +27,6 @@ sys.path.insert(0, os.path.abspath('ext')) + + # Add any Sphinx extension module names here, as strings. They can be extensions + # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +-import importlib.util +-if importlib.util.find_spec("sphinx_panels"): +- extensions = [ 'sphinx_panels' ] + + # Add any paths that contain templates here, relative to this directory. + templates_path = ['_templates'] +-- +2.25.1 + diff --git a/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch b/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch new file mode 100644 index 0000000..a13be90 --- /dev/null +++ b/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch @@ -0,0 +1,166 @@ +From 1bad8f831a9fd506516549ac7461f97c689a0c46 Mon Sep 17 00:00:00 2001 +From: Daniel Salzman <daniel.salzman@nic.cz> +Date: Mon, 11 Dec 2023 17:08:23 +0100 +Subject: [PATCH] Revert "zone-sign: don't share PKCS 11 private keys by + multiple signing threads" + +This reverts commit 7d63e8e0825e03b8e0608e87b86968c452755c93. +--- + src/knot/dnssec/zone-keys.c | 38 +++---------------------------------- + src/libdnssec/key.h | 4 ++-- + src/libdnssec/key/key.c | 24 +---------------------- + tests/libdnssec/test_key.c | 4 ++-- + 4 files changed, 8 insertions(+), 62 deletions(-) + +diff --git a/src/knot/dnssec/zone-keys.c b/src/knot/dnssec/zone-keys.c +index cd6bf0bb3..d5cccc759 100644 +--- a/src/knot/dnssec/zone-keys.c ++++ b/src/knot/dnssec/zone-keys.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> ++/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -642,21 +642,6 @@ int zone_key_calculate_ds(zone_key_t *for_key, dnssec_key_digest_t digesttype, + return ret; + } + +-static int dup_zone_key(const zone_key_t *src, zone_key_t *dst) +-{ +- assert(src); +- assert(dst); +- +- *dst = *src; +- +- dst->key = dnssec_key_dup(src->key); +- if (dst->key == NULL) { +- return KNOT_ENOMEM; +- } +- +- return KNOT_EOK; +-} +- + zone_sign_ctx_t *zone_sign_ctx(const zone_keyset_t *keyset, const kdnssec_ctx_t *dnssec_ctx) + { + zone_sign_ctx_t *ctx = calloc(1, sizeof(*ctx) + keyset->count * sizeof(*ctx->sign_ctxs)); +@@ -665,24 +650,11 @@ zone_sign_ctx_t *zone_sign_ctx(const zone_keyset_t *keyset, const kdnssec_ctx_t + } + + ctx->sign_ctxs = (dnssec_sign_ctx_t **)(ctx + 1); +- +- ctx->keys = calloc(keyset->count, sizeof(*ctx->keys)); +- if (ctx->keys == NULL) { +- zone_sign_ctx_free(ctx); +- return NULL; +- } + ctx->count = keyset->count; +- ++ ctx->keys = keyset->keys; + ctx->dnssec_ctx = dnssec_ctx; + for (size_t i = 0; i < ctx->count; i++) { +- // Clone the key to avoid thread contention on the key mutex. +- int ret = dup_zone_key(&keyset->keys[i], &ctx->keys[i]); +- if (ret != KNOT_EOK) { +- zone_sign_ctx_free(ctx); +- return NULL; +- } +- +- ret = dnssec_sign_new(&ctx->sign_ctxs[i], ctx->keys[i].key); ++ int ret = dnssec_sign_new(&ctx->sign_ctxs[i], ctx->keys[i].key); + if (ret != DNSSEC_EOK) { + zone_sign_ctx_free(ctx); + return NULL; +@@ -719,12 +691,8 @@ void zone_sign_ctx_free(zone_sign_ctx_t *ctx) + { + if (ctx != NULL) { + for (size_t i = 0; i < ctx->count; i++) { +- if (ctx->keys != NULL) { +- dnssec_key_free(ctx->keys[i].key); +- } + dnssec_sign_free(ctx->sign_ctxs[i]); + } +- free(ctx->keys); + free(ctx); + } + } +diff --git a/src/libdnssec/key.h b/src/libdnssec/key.h +index aa8002b4a..2a69d377f 100644 +--- a/src/libdnssec/key.h ++++ b/src/libdnssec/key.h +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> ++/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -134,7 +134,7 @@ void dnssec_key_free(dnssec_key_t *key); + /*! + * Create a copy of a DNSSEC key. + * +- * Public key isn't duplicated. ++ * Only a public part of the key is copied. + */ + dnssec_key_t *dnssec_key_dup(const dnssec_key_t *key); + +diff --git a/src/libdnssec/key/key.c b/src/libdnssec/key/key.c +index 4574bbefb..f36316712 100644 +--- a/src/libdnssec/key/key.c ++++ b/src/libdnssec/key/key.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> ++/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -141,28 +141,6 @@ dnssec_key_t *dnssec_key_dup(const dnssec_key_t *key) + return NULL; + } + +- if (key->private_key != NULL) { +- gnutls_privkey_init(&dup->private_key); +- +- gnutls_privkey_type_t type = gnutls_privkey_get_type(key->private_key); +- if (type == GNUTLS_PRIVKEY_PKCS11) { +-#ifdef ENABLE_PKCS11 +- gnutls_pkcs11_privkey_t tmp; +- gnutls_privkey_export_pkcs11(key->private_key, &tmp); +- gnutls_privkey_import_pkcs11(dup->private_key, tmp, +- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); +-#else +- assert(0); +-#endif // ENABLE_PKCS11 +- } else { +- assert(type == GNUTLS_PRIVKEY_X509); +- gnutls_x509_privkey_t tmp; +- gnutls_privkey_export_x509(key->private_key, &tmp); +- gnutls_privkey_import_x509(dup->private_key, tmp, +- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); +- } +- } +- + return dup; + } + +diff --git a/tests/libdnssec/test_key.c b/tests/libdnssec/test_key.c +index c3643f08c..cd0aaee0e 100644 +--- a/tests/libdnssec/test_key.c ++++ b/tests/libdnssec/test_key.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> ++/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -148,7 +148,7 @@ static void test_private_key(const key_parameters_t *params) + + check_key_tag(copy, params); + check_key_size(copy, params); +- check_usage(copy, true, true); ++ check_usage(copy, true, false); + + dnssec_key_free(copy); + dnssec_key_free(key); +-- +2.34.1 + diff --git a/distro/pkg/el-7/knot.service b/distro/pkg/el-7/knot.service new file mode 100644 index 0000000..a872929 --- /dev/null +++ b/distro/pkg/el-7/knot.service @@ -0,0 +1,25 @@ +[Unit] +Description=Knot DNS server +Wants=network-online.target +After=network-online.target +Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8) + +[Service] +Type=notify +User=knot +Group=knot +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP +ExecStartPre=/usr/sbin/knotc conf-check +ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE" +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-abort +LimitNOFILE=1048576 +TimeoutStopSec=300 +# Extend the systemd startup timeout by this value (seconds) for each zone +Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180" +# Maximum size (MiB) of a configuration database +Environment="KNOT_CONF_MAX_SIZE=512" + +[Install] +WantedBy=multi-user.target diff --git a/distro/pkg/el-7/knot.spec b/distro/pkg/el-7/knot.spec new file mode 100644 index 0000000..93d05bb --- /dev/null +++ b/distro/pkg/el-7/knot.spec @@ -0,0 +1,333 @@ +%global _hardened_build 1 +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}} + +%define GPG_CHECK 0 +%define BASE_VERSION %(echo "%{version}" | sed 's/^\\([^.]\\+\\.[^.]\\+\\).*/\\1/') +%define repodir %{_builddir}/%{name}-%{version} + +Summary: High-performance authoritative DNS server +Name: knot +Version: {{ version }} +Release: cznic.{{ release }}%{?dist} +License: GPL-3.0-or-later +URL: https://www.knot-dns.cz +Source0: %{name}-%{version}.tar.xz + +%if 0%{?GPG_CHECK} +Source1: https://secure.nic.cz/files/knot-dns/%{name}-%{version}.tar.xz.asc +# PGP keys used to sign upstream releases +# Export with --armor using command from https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures +# Don't forget to update %%prep section when adding/removing keys +Source100: gpgkey-742FA4E95829B6C5EAC6B85710BB7AF6FEBBD6AB.gpg.asc +BuildRequires: gnupg2 +%endif + +Patch1: 01-revert-AC_PROG_CC.patch +Patch2: 02-fix-compilation-by-using-SHA-1.patch +Patch3: 03-doc-don-t-try-to-import-sphinx_panels.patch +Patch4: 04-revert-don-t-share-PKCS-11-private-keys.patch + +# Required dependencies +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: devtoolset-11-make +BuildRequires: devtoolset-11-gcc +BuildRequires: pkgconfig(liburcu) +BuildRequires: pkgconfig(gnutls) >= 3.3 +BuildRequires: pkgconfig(libedit) + +# Optional dependencies +BuildRequires: pkgconfig(libcap-ng) +BuildRequires: pkgconfig(libidn2) +BuildRequires: pkgconfig(libmnl) +BuildRequires: pkgconfig(libnghttp2) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(systemd) +# dnstap dependencies +BuildRequires: pkgconfig(libfstrm) +BuildRequires: pkgconfig(libprotobuf-c) +# geoip dependencies +BuildRequires: pkgconfig(libmaxminddb) + +# Distro-dependent dependencies +%if 0%{?suse_version} +BuildRequires: python3-Sphinx +BuildRequires: lmdb-devel +BuildRequires: protobuf-c +Requires(pre): pwdutils +%endif +%if 0%{?rhel} && 0%{?rhel} <= 7 +BuildRequires: python-sphinx +BuildRequires: lmdb-devel +%endif +%if 0%{?fedora} || 0%{?rhel} > 7 +BuildRequires: python3-sphinx +BuildRequires: pkgconfig(lmdb) +%endif + +# disable XDP on old EL +%define configure_xdp --enable-xdp=no + +Requires(post): systemd %{_sbindir}/runuser +Requires(preun): systemd +Requires(postun): systemd + +Conflicts: knot-resolver < 5.7.0 + +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description +Knot DNS is a high-performance authoritative DNS server implementation. + +%package libs +Summary: Libraries used by the Knot DNS server and client applications + +%description libs +The package contains shared libraries used by the Knot DNS server and +utilities. + +%package devel +Summary: Development header files for the Knot DNS libraries +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description devel +The package contains development header files for the Knot DNS libraries +included in knot-libs package. + +%package utils +Summary: DNS client utilities shipped with the Knot DNS server +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +# Debian package compat +Provides: %{name}-dnsutils = %{version}-%{release} + +%description utils +The package contains DNS client utilities shipped with the Knot DNS server. + +%package dnssecutils +Summary: DNSSEC tools shipped with the Knot DNS server +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description dnssecutils +The package contains DNSSEC tools shipped with the Knot DNS server. + +%package module-dnstap +Summary: dnstap module for Knot DNS +Requires: %{name} = %{version}-%{release} + +%description module-dnstap +The package contains dnstap Knot DNS module for logging DNS traffic. + +%package module-geoip +Summary: geoip module for Knot DNS +Requires: %{name} = %{version}-%{release} + +%description module-geoip +The package contains geoip Knot DNS module for geography-based responses. + +%package doc +Summary: Documentation for the Knot DNS server +BuildArch: noarch +Provides: bundled(jquery) + +%description doc +The package contains documentation for the Knot DNS server. +On-line version is available on https://www.knot-dns.cz/documentation/ + +%prep +%if 0%{?GPG_CHECK} +export GNUPGHOME=./gpg-keyring +[ -d ${GNUPGHOME} ] && rm -r ${GNUPGHOME} +mkdir --mode=700 ${GNUPGHOME} +gpg2 --import %{SOURCE100} +gpg2 --verify %{SOURCE1} %{SOURCE0} +%endif +%autosetup -p1 + +%build +# disable debug code (causes unused warnings) +CFLAGS="%{optflags} -DNDEBUG -Wno-unused" + +%ifarch armv7hl i686 +# 32-bit architectures sometimes do not have sufficient amount of +# contiguous address space to handle default values +%define configure_db_sizes --with-conf-mapsize=64 +%endif + +autoreconf -if + +export CC="/opt/rh/devtoolset-11/root/usr/bin/gcc" +%configure \ + --sysconfdir=/etc \ + --localstatedir=/var/lib \ + --libexecdir=/usr/lib/knot \ + --with-rundir=/run/knot \ + --with-moduledir=%{_libdir}/knot/modules-%{BASE_VERSION} \ + --with-storage=/var/lib/knot \ + %{?configure_db_sizes} \ + %{?configure_xdp} \ + --disable-static \ + --enable-dnstap=yes \ + --with-module-dnstap=shared \ + --with-module-geoip=shared +make %{?_smp_mflags} +make html + +%install +make install DESTDIR=%{buildroot} + +# install documentation +install -d -m 0755 %{buildroot}%{_pkgdocdir}/samples +install -p -m 0644 -t %{buildroot}%{_pkgdocdir}/samples samples/*.zone* +install -p -m 0644 NEWS README.md %{buildroot}%{_pkgdocdir} +cp -av doc/_build/html %{buildroot}%{_pkgdocdir} +[ -r %{buildroot}%{_pkgdocdir}/html/index.html ] || exit 1 +rm -f %{buildroot}%{_pkgdocdir}/html/.buildinfo + +# install daemon and dbus configuration files +rm %{buildroot}%{_sysconfdir}/%{name}/* +install -p -m 0644 -D %{repodir}/samples/%{name}.sample.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf +%if 0%{?fedora} || 0%{?rhel} > 7 +install -p -m 0644 -D %{repodir}/distro/common/cz.nic.knotd.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/cz.nic.knotd.conf +%endif + +# install systemd files +install -p -m 0644 -D %{repodir}/distro/pkg/el-7/%{name}.service %{buildroot}%{_unitdir}/%{name}.service +install -p -m 0644 -D %{repodir}/distro/pkg/el-7/%{name}.tmpfiles %{buildroot}%{_tmpfilesdir}/%{name}.conf +%if 0%{?suse_version} +ln -s service %{buildroot}/%{_sbindir}/rcknot +%endif + +# create storage dir +install -d %{buildroot}%{_sharedstatedir} +install -d -m 0770 -D %{buildroot}%{_sharedstatedir}/knot + +# remove libarchive files +find %{buildroot} -type f -name "*.la" -delete -print + +%check +V=1 make check + +%pre +getent group knot >/dev/null || groupadd -r knot +getent passwd knot >/dev/null || \ + useradd -r -g knot -d %{_sharedstatedir}/knot -s /sbin/nologin \ + -c "Knot DNS server" knot +%if 0%{?suse_version} +%service_add_pre knot.service +%endif + +%post +systemd-tmpfiles --create %{_tmpfilesdir}/knot.conf &>/dev/null || : +%if 0%{?suse_version} +%service_add_post knot.service +%else +%systemd_post knot.service +%endif + +%preun +%if 0%{?suse_version} +%service_del_preun knot.service +%else +%systemd_preun knot.service +%endif + +%postun +%if 0%{?suse_version} +%service_del_postun knot.service +%else +%systemd_postun_with_restart knot.service +%endif + +%if 0%{?fedora} || 0%{?rhel} > 7 +# https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets +%else +%post libs -p /sbin/ldconfig +%postun libs -p /sbin/ldconfig +%endif + +%files +%license COPYING +%doc %{_pkgdocdir} +%exclude %{_pkgdocdir}/html +%attr(770,root,knot) %dir %{_sysconfdir}/knot +%config(noreplace) %attr(640,root,knot) %{_sysconfdir}/knot/knot.conf +%if 0%{?fedora} || 0%{?rhel} > 7 +%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/cz.nic.knotd.conf +%endif +%attr(770,root,knot) %dir %{_sharedstatedir}/knot +%dir %{_libdir}/knot +%dir %{_libdir}/knot/modules-* +%{_unitdir}/knot.service +%{_tmpfilesdir}/knot.conf +%{_sbindir}/kcatalogprint +%{_sbindir}/kjournalprint +%{_sbindir}/keymgr +%{_sbindir}/knotc +%{_sbindir}/knotd +%if 0%{?suse_version} +%{_sbindir}/rcknot +%endif +%{_mandir}/man5/knot.conf.* +%{_mandir}/man8/kcatalogprint.* +%{_mandir}/man8/kjournalprint.* +%{_mandir}/man8/keymgr.* +%{_mandir}/man8/knotc.* +%{_mandir}/man8/knotd.* +%ghost %attr(770,root,knot) %dir %{_rundir}/knot + +%files utils +%{_bindir}/kdig +%{_bindir}/khost +%{_bindir}/knsupdate +%if 0%{?use_xdp} +%{_sbindir}/kxdpgun +%{_mandir}/man8/kxdpgun.* +%endif +%{_mandir}/man1/kdig.* +%{_mandir}/man1/khost.* +%{_mandir}/man1/knsupdate.* + +%files dnssecutils +%{_bindir}/knsec3hash +%{_bindir}/kzonecheck +%{_bindir}/kzonesign +%{_mandir}/man1/knsec3hash.* +%{_mandir}/man1/kzonecheck.* +%{_mandir}/man1/kzonesign.* + +%files module-dnstap +%{_libdir}/knot/modules-*/dnstap.so + +%files module-geoip +%{_libdir}/knot/modules-*/geoip.so + +%files libs +%license COPYING +%doc NEWS +%doc README.md +%{_libdir}/libdnssec.so.* +%{_libdir}/libknot.so.* +%{_libdir}/libzscanner.so.* + +%files devel +%{_includedir}/libdnssec +%{_includedir}/knot +%{_includedir}/libknot +%{_includedir}/libzscanner +%{_libdir}/libdnssec.so +%{_libdir}/libknot.so +%{_libdir}/libzscanner.so +%{_libdir}/pkgconfig/knotd.pc +%{_libdir}/pkgconfig/libdnssec.pc +%{_libdir}/pkgconfig/libknot.pc +%{_libdir}/pkgconfig/libzscanner.pc + +%files doc +%dir %{_pkgdocdir} +%doc %{_pkgdocdir}/html + +%changelog +* {{ now }} Jakub Ružička <jakub.ruzicka@nic.cz> - {{ version }}-{{ release }} +- upstream package +- see https://www.knot-dns.cz diff --git a/distro/pkg/el-7/knot.tmpfiles b/distro/pkg/el-7/knot.tmpfiles new file mode 100644 index 0000000..edec729 --- /dev/null +++ b/distro/pkg/el-7/knot.tmpfiles @@ -0,0 +1,3 @@ +# tmpfiles.d(5) runtime directory for knot +#Type Path Mode UID GID Age Argument + d /run/knot 0755 knot knot - - |