diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-12 04:45:08 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-12 04:45:08 +0000 |
commit | 3ade2b375d3e928a06a39bb5ce48e59ea054f9c8 (patch) | |
tree | 23c9115f88363ed22bc4afbeb4901994d036f189 /distro/pkg/el-7 | |
parent | Releasing progress-linux version 3.3.9-1~progress7.99u1. (diff) | |
download | knot-3ade2b375d3e928a06a39bb5ce48e59ea054f9c8.tar.xz knot-3ade2b375d3e928a06a39bb5ce48e59ea054f9c8.zip |
Merging upstream version 3.4.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'distro/pkg/el-7')
-rw-r--r-- | distro/pkg/el-7/01-revert-AC_PROG_CC.patch | 18 | ||||
-rw-r--r-- | distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch | 67 | ||||
-rw-r--r-- | distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch | 25 | ||||
-rw-r--r-- | distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch | 160 | ||||
-rw-r--r-- | distro/pkg/el-7/05-revert-mod-dnstap-TCP-sink.patch | 160 | ||||
-rw-r--r-- | distro/pkg/el-7/knot.service | 25 | ||||
-rw-r--r-- | distro/pkg/el-7/knot.spec | 334 | ||||
-rw-r--r-- | distro/pkg/el-7/knot.tmpfiles | 3 |
8 files changed, 0 insertions, 792 deletions
diff --git a/distro/pkg/el-7/01-revert-AC_PROG_CC.patch b/distro/pkg/el-7/01-revert-AC_PROG_CC.patch deleted file mode 100644 index fb49c00..0000000 --- a/distro/pkg/el-7/01-revert-AC_PROG_CC.patch +++ /dev/null @@ -1,18 +0,0 @@ -From: Daniel Salzman <daniel.salzman@nic.cz> -Date: Sun, 20 Feb 2022 20:38:35 +0100 -Subject: [PATCH] Revert "configure: upgrade from AC_PROG_CC_C99 to AC_PROG_CC" - -diff --git a/configure.ac b/configure.ac -index 6506197ed..c7df7f815 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -38,7 +38,8 @@ release_date=$($SED -n 's/^Knot DNS .* (\(.*\))/\1/p;q;' ${srcdir}/NEWS) - AC_SUBST([RELEASE_DATE], $release_date) - - # Set compiler compatibility flags --AC_PROG_CC -+AC_PROG_CC_C99 # AC_PROG_CC not supported by CentOS 7 -+AM_PROG_CC_C_O # Needed by CentOS 7 - AC_PROG_CPP_WERROR - - # Set default CFLAGS diff --git a/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch deleted file mode 100644 index cbc5aa2..0000000 --- a/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch +++ /dev/null @@ -1,67 +0,0 @@ -From: Daniel Salzman <daniel.salzman@nic.cz> -Date: Mon, 20 Mar 2023 14:57:54 +0100 -Subject: [PATCH] distro/el-7: fix compilation by using SHA-1 for PIN computation - -diff --git a/src/libknot/quic/quic.c b/src/libknot/quic/quic.c -index 5610865f6..555c495d9 100644 ---- a/src/libknot/quic/quic.c -+++ b/src/libknot/quic/quic.c -@@ -460,7 +460,7 @@ void knot_quic_conn_pin(knot_quic_conn_t *conn, uint8_t *pin, size_t *pin_size, - goto error; - } - -- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, pin, pin_size); -+ ret = gnutls_x509_crt_get_key_id(cert, 0, pin, pin_size); - if (ret != GNUTLS_E_SUCCESS) { - gnutls_x509_crt_deinit(cert); - goto error; -diff --git a/src/utils/common/tls.c b/src/utils/common/tls.c -index 245dd3f96..6a2e7a986 100644 ---- a/src/utils/common/tls.c -+++ b/src/utils/common/tls.c -@@ -328,7 +328,7 @@ static int check_certificates(gnutls_session_t session, const list_t *pins) - - uint8_t cert_pin[CERT_PIN_LEN] = { 0 }; - size_t cert_pin_size = sizeof(cert_pin); -- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, -+ ret = gnutls_x509_crt_get_key_id(cert, 0, - cert_pin, &cert_pin_size); - if (ret != 0) { - gnutls_x509_crt_deinit(cert); -@@ -336,18 +336,18 @@ static int check_certificates(gnutls_session_t session, const list_t *pins) - } - - // Check if correspond to a specified PIN. -- bool match = check_pin(cert_pin, sizeof(cert_pin), pins); -+ bool match = check_pin(cert_pin, cert_pin_size, pins); - if (match) { - matches++; - } - - uint8_t *txt_pin; -- ret = knot_base64_encode_alloc(cert_pin, sizeof(cert_pin), &txt_pin); -+ ret = knot_base64_encode_alloc(cert_pin, cert_pin_size, &txt_pin); - if (ret < 0) { - gnutls_x509_crt_deinit(cert); - return ret; - } -- DBG(" SHA-256 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : ""); -+ DBG(" SHA-1 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : ""); - free(txt_pin); - - gnutls_x509_crt_deinit(cert); -diff --git a/src/utils/kdig/kdig_params.c b/src/utils/kdig/kdig_params.c -index 359b8b596..8fd33b011 100644 ---- a/src/utils/kdig/kdig_params.c -+++ b/src/utils/kdig/kdig_params.c -@@ -707,8 +707,8 @@ static int opt_tls_pin(const char *arg, void *query) - if (ret < 0) { - ERR("invalid +tls-pin=%s", arg); - return ret; -- } else if (ret != CERT_PIN_LEN) { // Check for 256-bit value. -- ERR("invalid sha256 hash length +tls-pin=%s", arg); -+ } else if (ret != 20) { // Check for 256-bit value. -+ ERR("invalid sha1 hash length +tls-pin=%s", arg); - return KNOT_EINVAL; - } - diff --git a/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch b/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch deleted file mode 100644 index 8ef7e7e..0000000 --- a/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch +++ /dev/null @@ -1,25 +0,0 @@ -From c05abb0401d3343b96ced4a6cdd724ee04adfe1b Mon Sep 17 00:00:00 2001 -From: Daniel Salzman <daniel.salzman@nic.cz> -Date: Mon, 21 Aug 2023 16:54:46 +0200 -Subject: [PATCH] doc: don't try to import sphinx_panels on CentOS 7 - - - 1 file changed, 3 deletions(-) - -diff --git a/doc/conf.py b/doc/conf.py -index fc2e94d96..515241051 100644 ---- a/doc/conf.py -+++ b/doc/conf.py -@@ -27,9 +27,6 @@ sys.path.insert(0, os.path.abspath('ext')) - - # Add any Sphinx extension module names here, as strings. They can be extensions - # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. --import importlib.util --if importlib.util.find_spec("sphinx_panels"): -- extensions = [ 'sphinx_panels' ] - - # Add any paths that contain templates here, relative to this directory. - templates_path = ['_templates'] --- -2.25.1 - diff --git a/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch b/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch deleted file mode 100644 index d360433..0000000 --- a/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch +++ /dev/null @@ -1,160 +0,0 @@ -From 1bad8f831a9fd506516549ac7461f97c689a0c46 Mon Sep 17 00:00:00 2001 -From: Daniel Salzman <daniel.salzman@nic.cz> -Date: Mon, 11 Dec 2023 17:08:23 +0100 -Subject: [PATCH] Revert "zone-sign: don't share PKCS 11 private keys by - multiple signing threads" - -This reverts commit 7d63e8e0825e03b8e0608e87b86968c452755c93. ---- - src/knot/dnssec/zone-keys.c | 38 +++---------------------------------- - src/libdnssec/key.h | 4 ++-- - src/libdnssec/key/key.c | 24 +---------------------- - tests/libdnssec/test_key.c | 4 ++-- - 4 files changed, 8 insertions(+), 62 deletions(-) - -diff --git a/src/knot/dnssec/zone-keys.c b/src/knot/dnssec/zone-keys.c -index cd6bf0bb3..d5cccc759 100644 ---- a/src/knot/dnssec/zone-keys.c -+++ b/src/knot/dnssec/zone-keys.c -@@ -642,21 +642,6 @@ int zone_key_calculate_ds(zone_key_t *for_key, dnssec_key_digest_t digesttype, - return ret; - } - --static int dup_zone_key(const zone_key_t *src, zone_key_t *dst) --{ -- assert(src); -- assert(dst); -- -- *dst = *src; -- -- dst->key = dnssec_key_dup(src->key); -- if (dst->key == NULL) { -- return KNOT_ENOMEM; -- } -- -- return KNOT_EOK; --} -- - zone_sign_ctx_t *zone_sign_ctx(const zone_keyset_t *keyset, const kdnssec_ctx_t *dnssec_ctx) - { - zone_sign_ctx_t *ctx = calloc(1, sizeof(*ctx) + keyset->count * sizeof(*ctx->sign_ctxs)); -@@ -665,24 +650,11 @@ zone_sign_ctx_t *zone_sign_ctx(const zone_keyset_t *keyset, const kdnssec_ctx_t - } - - ctx->sign_ctxs = (dnssec_sign_ctx_t **)(ctx + 1); -- -- ctx->keys = calloc(keyset->count, sizeof(*ctx->keys)); -- if (ctx->keys == NULL) { -- zone_sign_ctx_free(ctx); -- return NULL; -- } - ctx->count = keyset->count; -- -+ ctx->keys = keyset->keys; - ctx->dnssec_ctx = dnssec_ctx; - for (size_t i = 0; i < ctx->count; i++) { -- // Clone the key to avoid thread contention on the key mutex. -- int ret = dup_zone_key(&keyset->keys[i], &ctx->keys[i]); -- if (ret != KNOT_EOK) { -- zone_sign_ctx_free(ctx); -- return NULL; -- } -- -- ret = dnssec_sign_new(&ctx->sign_ctxs[i], ctx->keys[i].key); -+ int ret = dnssec_sign_new(&ctx->sign_ctxs[i], ctx->keys[i].key); - if (ret != DNSSEC_EOK) { - zone_sign_ctx_free(ctx); - return NULL; -@@ -719,12 +691,8 @@ void zone_sign_ctx_free(zone_sign_ctx_t *ctx) - { - if (ctx != NULL) { - for (size_t i = 0; i < ctx->count; i++) { -- if (ctx->keys != NULL) { -- dnssec_key_free(ctx->keys[i].key); -- } - dnssec_sign_free(ctx->sign_ctxs[i]); - } -- free(ctx->keys); - free(ctx); - } - } -diff --git a/src/libdnssec/key.h b/src/libdnssec/key.h -index aa8002b4a..2a69d377f 100644 ---- a/src/libdnssec/key.h -+++ b/src/libdnssec/key.h -@@ -1,4 +1,4 @@ --/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> -+/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -134,7 +134,7 @@ void dnssec_key_free(dnssec_key_t *key); - /*! - * Create a copy of a DNSSEC key. - * -- * Public key isn't duplicated. -+ * Only a public part of the key is copied. - */ - dnssec_key_t *dnssec_key_dup(const dnssec_key_t *key); - -diff --git a/src/libdnssec/key/key.c b/src/libdnssec/key/key.c -index 4574bbefb..f36316712 100644 ---- a/src/libdnssec/key/key.c -+++ b/src/libdnssec/key/key.c -@@ -1,4 +1,4 @@ --/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> -+/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -141,28 +141,6 @@ dnssec_key_t *dnssec_key_dup(const dnssec_key_t *key) - return NULL; - } - -- if (key->private_key != NULL) { -- gnutls_privkey_init(&dup->private_key); -- -- gnutls_privkey_type_t type = gnutls_privkey_get_type(key->private_key); -- if (type == GNUTLS_PRIVKEY_PKCS11) { --#ifdef ENABLE_PKCS11 -- gnutls_pkcs11_privkey_t tmp; -- gnutls_privkey_export_pkcs11(key->private_key, &tmp); -- gnutls_privkey_import_pkcs11(dup->private_key, tmp, -- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); --#else -- assert(0); --#endif // ENABLE_PKCS11 -- } else { -- assert(type == GNUTLS_PRIVKEY_X509); -- gnutls_x509_privkey_t tmp; -- gnutls_privkey_export_x509(key->private_key, &tmp); -- gnutls_privkey_import_x509(dup->private_key, tmp, -- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); -- } -- } -- - return dup; - } - -diff --git a/tests/libdnssec/test_key.c b/tests/libdnssec/test_key.c -index c3643f08c..cd0aaee0e 100644 ---- a/tests/libdnssec/test_key.c -+++ b/tests/libdnssec/test_key.c -@@ -1,4 +1,4 @@ --/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> -+/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -148,7 +148,7 @@ static void test_private_key(const key_parameters_t *params) - - check_key_tag(copy, params); - check_key_size(copy, params); -- check_usage(copy, true, true); -+ check_usage(copy, true, false); - - dnssec_key_free(copy); - dnssec_key_free(key); --- -2.34.1 - diff --git a/distro/pkg/el-7/05-revert-mod-dnstap-TCP-sink.patch b/distro/pkg/el-7/05-revert-mod-dnstap-TCP-sink.patch deleted file mode 100644 index dae0fac..0000000 --- a/distro/pkg/el-7/05-revert-mod-dnstap-TCP-sink.patch +++ /dev/null @@ -1,160 +0,0 @@ -From d236d2b7fcd5fa607f7bfd38044eb6f510fac7ce Mon Sep 17 00:00:00 2001 -From: Daniel Salzman <daniel.salzman@nic.cz> -Date: Wed, 12 Jun 2024 11:18:31 +0200 -Subject: [PATCH] Revert "mod-dnstap: add sink for TCP connection" - -This reverts commit 2ffd7dfa58ddcd1b860f0c9980fd082c3852d3e6. ---- - src/knot/modules/dnstap/dnstap.c | 74 +++++------------------------- - src/knot/modules/dnstap/dnstap.rst | 9 ++-- - 2 files changed, 15 insertions(+), 68 deletions(-) - -diff --git a/src/knot/modules/dnstap/dnstap.c b/src/knot/modules/dnstap/dnstap.c -index 612e48869..c8c82eaa4 100644 ---- a/src/knot/modules/dnstap/dnstap.c -+++ b/src/knot/modules/dnstap/dnstap.c -@@ -1,4 +1,4 @@ --/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> -+/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -185,33 +185,6 @@ finish: - return writer; - } - --static struct fstrm_writer* dnstap_tcp_writer(const char *address, const char *port) --{ -- struct fstrm_tcp_writer_options *opt = NULL; -- struct fstrm_writer_options *wopt = NULL; -- struct fstrm_writer *writer = NULL; -- -- opt = fstrm_tcp_writer_options_init(); -- if (opt == NULL) { -- goto finish; -- } -- -- fstrm_tcp_writer_options_set_socket_address(opt, address); -- fstrm_tcp_writer_options_set_socket_port(opt, port); -- -- wopt = fstrm_writer_options_init(); -- if (wopt == NULL) { -- goto finish; -- } -- fstrm_writer_options_add_content_type(wopt, DNSTAP_CONTENT_TYPE, -- strlen(DNSTAP_CONTENT_TYPE)); -- writer = fstrm_tcp_writer_init(opt, wopt); --finish: -- fstrm_tcp_writer_options_destroy(&opt); -- fstrm_writer_options_destroy(&wopt); -- return writer; --} -- - /*! \brief Create a basic file writer sink. */ - static struct fstrm_writer* dnstap_file_writer(const char *path) - { -@@ -240,42 +213,17 @@ finish: - } - - /*! \brief Create a log sink according to the path string. */ --static struct fstrm_writer* dnstap_writer(knotd_mod_t *mod, const char *path) -+static struct fstrm_writer* dnstap_writer(const char *path) - { -- const char *unix_prefix = "unix:"; -- const size_t unix_prefix_len = strlen(unix_prefix); -- -- const char *tcp_prefix = "tcp:"; -- const size_t tcp_prefix_len = strlen(tcp_prefix); -- -- const size_t path_len = strlen(path); -+ const char *prefix = "unix:"; -+ const size_t prefix_len = strlen(prefix); - - /* UNIX socket prefix. */ -- if (path_len > unix_prefix_len && -- strncmp(path, unix_prefix, unix_prefix_len) == 0) { -- knotd_mod_log(mod, LOG_DEBUG, "using sink UNIX socket '%s'", path); -- return dnstap_unix_writer(path + unix_prefix_len); -- /* TCP socket prefix. */ -- } else if (path_len > tcp_prefix_len && -- strncmp(path, tcp_prefix, tcp_prefix_len) == 0) { -- char addr[INET6_ADDRSTRLEN] = { 0 }; -- const char *delimiter = strchr(path + tcp_prefix_len, '@'); -- if (delimiter == NULL) { -- return NULL; -- } -- size_t addr_len = delimiter - path - tcp_prefix_len; -- if (addr_len >= sizeof(addr)) { -- return NULL; -- } -- memcpy(addr, path + tcp_prefix_len, addr_len); -- knotd_mod_log(mod, LOG_DEBUG, "using sink TCP address '%s' port '%s'", -- addr, delimiter + 1); -- return dnstap_tcp_writer(addr, delimiter + 1); -- /* File path. */ -- } else { -- knotd_mod_log(mod, LOG_DEBUG, "using sink file '%s'", path); -- return dnstap_file_writer(path); -+ if (strlen(path) > prefix_len && strncmp(path, prefix, prefix_len) == 0) { -+ return dnstap_unix_writer(path + prefix_len); - } -+ -+ return dnstap_file_writer(path); - } - - int dnstap_load(knotd_mod_t *mod) -@@ -325,7 +273,7 @@ int dnstap_load(knotd_mod_t *mod) - const bool log_responses = conf.single.boolean; - - /* Initialize the writer and the options. */ -- struct fstrm_writer *writer = dnstap_writer(mod, sink); -+ struct fstrm_writer *writer = dnstap_writer(sink); - if (writer == NULL) { - goto fail; - } -@@ -359,13 +307,13 @@ int dnstap_load(knotd_mod_t *mod) - - return KNOT_EOK; - fail: -- knotd_mod_log(mod, LOG_ERR, "failed to initialize sink '%s'", sink); -+ knotd_mod_log(mod, LOG_ERR, "failed to init sink '%s'", sink); - - free(ctx->identity); - free(ctx->version); - free(ctx); - -- return KNOT_EINVAL; -+ return KNOT_ENOMEM; - } - - void dnstap_unload(knotd_mod_t *mod) -diff --git a/src/knot/modules/dnstap/dnstap.rst b/src/knot/modules/dnstap/dnstap.rst -index 05eac09ab..358977da0 100644 ---- a/src/knot/modules/dnstap/dnstap.rst -+++ b/src/knot/modules/dnstap/dnstap.rst -@@ -11,7 +11,7 @@ Example - ------- - - The configuration comprises only a :ref:`mod-dnstap_sink` path parameter, --which can be either a file, a UNIX socket, or a TCP address:: -+which can be either a file or a UNIX socket:: - - mod-dnstap: - - id: capture_all -@@ -60,10 +60,9 @@ A module identifier. - sink - .... - --A sink path, which can be either a file, a UNIX socket when prefixed with --``unix:``, or a TCP `address@port` when prefixed with ``tcp:``. The file may --be specified as an absolute path or a path relative to --the :doc:`knotd<man_knotd>` startup directory. -+A sink path, which can be either a file or a UNIX socket when prefixed with -+``unix:``. The file may be specified as an absolute path or a path relative -+to the :doc:`knotd<man_knotd>` startup directory. - - *Required* - --- -2.34.1 - diff --git a/distro/pkg/el-7/knot.service b/distro/pkg/el-7/knot.service deleted file mode 100644 index a872929..0000000 --- a/distro/pkg/el-7/knot.service +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Knot DNS server -Wants=network-online.target -After=network-online.target -Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8) - -[Service] -Type=notify -User=knot -Group=knot -CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP -AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP -ExecStartPre=/usr/sbin/knotc conf-check -ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE" -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-abort -LimitNOFILE=1048576 -TimeoutStopSec=300 -# Extend the systemd startup timeout by this value (seconds) for each zone -Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180" -# Maximum size (MiB) of a configuration database -Environment="KNOT_CONF_MAX_SIZE=512" - -[Install] -WantedBy=multi-user.target diff --git a/distro/pkg/el-7/knot.spec b/distro/pkg/el-7/knot.spec deleted file mode 100644 index 887f988..0000000 --- a/distro/pkg/el-7/knot.spec +++ /dev/null @@ -1,334 +0,0 @@ -%global _hardened_build 1 -%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}} - -%define GPG_CHECK 0 -%define BASE_VERSION %(echo "%{version}" | sed 's/^\\([^.]\\+\\.[^.]\\+\\).*/\\1/') -%define repodir %{_builddir}/%{name}-%{version} - -Summary: High-performance authoritative DNS server -Name: knot -Version: {{ version }} -Release: cznic.{{ release }}%{?dist} -License: GPL-3.0-or-later -URL: https://www.knot-dns.cz -Source0: %{name}-%{version}.tar.xz - -%if 0%{?GPG_CHECK} -Source1: https://secure.nic.cz/files/knot-dns/%{name}-%{version}.tar.xz.asc -# PGP keys used to sign upstream releases -# Export with --armor using command from https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures -# Don't forget to update %%prep section when adding/removing keys -Source100: gpgkey-742FA4E95829B6C5EAC6B85710BB7AF6FEBBD6AB.gpg.asc -BuildRequires: gnupg2 -%endif - -Patch1: 01-revert-AC_PROG_CC.patch -Patch2: 02-fix-compilation-by-using-SHA-1.patch -Patch3: 03-doc-don-t-try-to-import-sphinx_panels.patch -Patch4: 04-revert-don-t-share-PKCS-11-private-keys.patch -Patch5: 05-revert-mod-dnstap-TCP-sink.patch - -# Required dependencies -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: libtool -BuildRequires: devtoolset-11-make -BuildRequires: devtoolset-11-gcc -BuildRequires: pkgconfig(liburcu) -BuildRequires: pkgconfig(gnutls) >= 3.3 -BuildRequires: pkgconfig(libedit) - -# Optional dependencies -BuildRequires: pkgconfig(libcap-ng) -BuildRequires: pkgconfig(libidn2) -BuildRequires: pkgconfig(libmnl) -BuildRequires: pkgconfig(libnghttp2) -BuildRequires: pkgconfig(libsystemd) -BuildRequires: pkgconfig(systemd) -# dnstap dependencies -BuildRequires: pkgconfig(libfstrm) -BuildRequires: pkgconfig(libprotobuf-c) -# geoip dependencies -BuildRequires: pkgconfig(libmaxminddb) - -# Distro-dependent dependencies -%if 0%{?suse_version} -BuildRequires: python3-Sphinx -BuildRequires: lmdb-devel -BuildRequires: protobuf-c -Requires(pre): pwdutils -%endif -%if 0%{?rhel} && 0%{?rhel} <= 7 -BuildRequires: python-sphinx -BuildRequires: lmdb-devel -%endif -%if 0%{?fedora} || 0%{?rhel} > 7 -BuildRequires: python3-sphinx -BuildRequires: pkgconfig(lmdb) -%endif - -# disable XDP on old EL -%define configure_xdp --enable-xdp=no - -Requires(post): systemd %{_sbindir}/runuser -Requires(preun): systemd -Requires(postun): systemd - -Conflicts: knot-resolver < 5.7.0 - -Requires: %{name}-libs%{?_isa} = %{version}-%{release} - -%description -Knot DNS is a high-performance authoritative DNS server implementation. - -%package libs -Summary: Libraries used by the Knot DNS server and client applications - -%description libs -The package contains shared libraries used by the Knot DNS server and -utilities. - -%package devel -Summary: Development header files for the Knot DNS libraries -Requires: %{name}-libs%{?_isa} = %{version}-%{release} - -%description devel -The package contains development header files for the Knot DNS libraries -included in knot-libs package. - -%package utils -Summary: DNS client utilities shipped with the Knot DNS server -Requires: %{name}-libs%{?_isa} = %{version}-%{release} -# Debian package compat -Provides: %{name}-dnsutils = %{version}-%{release} - -%description utils -The package contains DNS client utilities shipped with the Knot DNS server. - -%package dnssecutils -Summary: DNSSEC tools shipped with the Knot DNS server -Requires: %{name}-libs%{?_isa} = %{version}-%{release} - -%description dnssecutils -The package contains DNSSEC tools shipped with the Knot DNS server. - -%package module-dnstap -Summary: dnstap module for Knot DNS -Requires: %{name} = %{version}-%{release} - -%description module-dnstap -The package contains dnstap Knot DNS module for logging DNS traffic. - -%package module-geoip -Summary: geoip module for Knot DNS -Requires: %{name} = %{version}-%{release} - -%description module-geoip -The package contains geoip Knot DNS module for geography-based responses. - -%package doc -Summary: Documentation for the Knot DNS server -BuildArch: noarch -Provides: bundled(jquery) - -%description doc -The package contains documentation for the Knot DNS server. -On-line version is available on https://www.knot-dns.cz/documentation/ - -%prep -%if 0%{?GPG_CHECK} -export GNUPGHOME=./gpg-keyring -[ -d ${GNUPGHOME} ] && rm -r ${GNUPGHOME} -mkdir --mode=700 ${GNUPGHOME} -gpg2 --import %{SOURCE100} -gpg2 --verify %{SOURCE1} %{SOURCE0} -%endif -%autosetup -p1 - -%build -# disable debug code (causes unused warnings) -CFLAGS="%{optflags} -DNDEBUG -Wno-unused" - -%ifarch armv7hl i686 -# 32-bit architectures sometimes do not have sufficient amount of -# contiguous address space to handle default values -%define configure_db_sizes --with-conf-mapsize=64 -%endif - -autoreconf -if - -export CC="/opt/rh/devtoolset-11/root/usr/bin/gcc" -%configure \ - --sysconfdir=/etc \ - --localstatedir=/var/lib \ - --libexecdir=/usr/lib/knot \ - --with-rundir=/run/knot \ - --with-moduledir=%{_libdir}/knot/modules-%{BASE_VERSION} \ - --with-storage=/var/lib/knot \ - %{?configure_db_sizes} \ - %{?configure_xdp} \ - --disable-static \ - --enable-dnstap=yes \ - --with-module-dnstap=shared \ - --with-module-geoip=shared -make %{?_smp_mflags} -make html - -%install -make install DESTDIR=%{buildroot} - -# install documentation -install -d -m 0755 %{buildroot}%{_pkgdocdir}/samples -install -p -m 0644 -t %{buildroot}%{_pkgdocdir}/samples samples/*.zone* -install -p -m 0644 NEWS README.md %{buildroot}%{_pkgdocdir} -cp -av doc/_build/html %{buildroot}%{_pkgdocdir} -[ -r %{buildroot}%{_pkgdocdir}/html/index.html ] || exit 1 -rm -f %{buildroot}%{_pkgdocdir}/html/.buildinfo - -# install daemon and dbus configuration files -rm %{buildroot}%{_sysconfdir}/%{name}/* -install -p -m 0644 -D %{repodir}/samples/%{name}.sample.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf -%if 0%{?fedora} || 0%{?rhel} > 7 -install -p -m 0644 -D %{repodir}/distro/common/cz.nic.knotd.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/cz.nic.knotd.conf -%endif - -# install systemd files -install -p -m 0644 -D %{repodir}/distro/pkg/el-7/%{name}.service %{buildroot}%{_unitdir}/%{name}.service -install -p -m 0644 -D %{repodir}/distro/pkg/el-7/%{name}.tmpfiles %{buildroot}%{_tmpfilesdir}/%{name}.conf -%if 0%{?suse_version} -ln -s service %{buildroot}/%{_sbindir}/rcknot -%endif - -# create storage dir -install -d %{buildroot}%{_sharedstatedir} -install -d -m 0770 -D %{buildroot}%{_sharedstatedir}/knot - -# remove libarchive files -find %{buildroot} -type f -name "*.la" -delete -print - -%check -V=1 make check - -%pre -getent group knot >/dev/null || groupadd -r knot -getent passwd knot >/dev/null || \ - useradd -r -g knot -d %{_sharedstatedir}/knot -s /sbin/nologin \ - -c "Knot DNS server" knot -%if 0%{?suse_version} -%service_add_pre knot.service -%endif - -%post -systemd-tmpfiles --create %{_tmpfilesdir}/knot.conf &>/dev/null || : -%if 0%{?suse_version} -%service_add_post knot.service -%else -%systemd_post knot.service -%endif - -%preun -%if 0%{?suse_version} -%service_del_preun knot.service -%else -%systemd_preun knot.service -%endif - -%postun -%if 0%{?suse_version} -%service_del_postun knot.service -%else -%systemd_postun_with_restart knot.service -%endif - -%if 0%{?fedora} || 0%{?rhel} > 7 -# https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets -%else -%post libs -p /sbin/ldconfig -%postun libs -p /sbin/ldconfig -%endif - -%files -%license COPYING -%doc %{_pkgdocdir} -%exclude %{_pkgdocdir}/html -%attr(770,root,knot) %dir %{_sysconfdir}/knot -%config(noreplace) %attr(640,root,knot) %{_sysconfdir}/knot/knot.conf -%if 0%{?fedora} || 0%{?rhel} > 7 -%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/cz.nic.knotd.conf -%endif -%attr(770,root,knot) %dir %{_sharedstatedir}/knot -%dir %{_libdir}/knot -%dir %{_libdir}/knot/modules-* -%{_unitdir}/knot.service -%{_tmpfilesdir}/knot.conf -%{_sbindir}/kcatalogprint -%{_sbindir}/kjournalprint -%{_sbindir}/keymgr -%{_sbindir}/knotc -%{_sbindir}/knotd -%if 0%{?suse_version} -%{_sbindir}/rcknot -%endif -%{_mandir}/man5/knot.conf.* -%{_mandir}/man8/kcatalogprint.* -%{_mandir}/man8/kjournalprint.* -%{_mandir}/man8/keymgr.* -%{_mandir}/man8/knotc.* -%{_mandir}/man8/knotd.* -%ghost %attr(770,root,knot) %dir %{_rundir}/knot - -%files utils -%{_bindir}/kdig -%{_bindir}/khost -%{_bindir}/knsupdate -%if 0%{?use_xdp} -%{_sbindir}/kxdpgun -%{_mandir}/man8/kxdpgun.* -%endif -%{_mandir}/man1/kdig.* -%{_mandir}/man1/khost.* -%{_mandir}/man1/knsupdate.* - -%files dnssecutils -%{_bindir}/knsec3hash -%{_bindir}/kzonecheck -%{_bindir}/kzonesign -%{_mandir}/man1/knsec3hash.* -%{_mandir}/man1/kzonecheck.* -%{_mandir}/man1/kzonesign.* - -%files module-dnstap -%{_libdir}/knot/modules-*/dnstap.so - -%files module-geoip -%{_libdir}/knot/modules-*/geoip.so - -%files libs -%license COPYING -%doc NEWS -%doc README.md -%{_libdir}/libdnssec.so.* -%{_libdir}/libknot.so.* -%{_libdir}/libzscanner.so.* - -%files devel -%{_includedir}/libdnssec -%{_includedir}/knot -%{_includedir}/libknot -%{_includedir}/libzscanner -%{_libdir}/libdnssec.so -%{_libdir}/libknot.so -%{_libdir}/libzscanner.so -%{_libdir}/pkgconfig/knotd.pc -%{_libdir}/pkgconfig/libdnssec.pc -%{_libdir}/pkgconfig/libknot.pc -%{_libdir}/pkgconfig/libzscanner.pc - -%files doc -%dir %{_pkgdocdir} -%doc %{_pkgdocdir}/html - -%changelog -* {{ now }} Jakub Ružička <jakub.ruzicka@nic.cz> - {{ version }}-{{ release }} -- upstream package -- see https://www.knot-dns.cz diff --git a/distro/pkg/el-7/knot.tmpfiles b/distro/pkg/el-7/knot.tmpfiles deleted file mode 100644 index edec729..0000000 --- a/distro/pkg/el-7/knot.tmpfiles +++ /dev/null @@ -1,3 +0,0 @@ -# tmpfiles.d(5) runtime directory for knot -#Type Path Mode UID GID Age Argument - d /run/knot 0755 knot knot - - |