Adding upstream version 3.3.4.upstream/3.3.4

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-10 19:05:44 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-10 19:05:44 +0000
commit: b045529c40c83601909dca7b76a53498e9a70f33 (patch)
tree: 88371572105933fd950676c07b3a12163a0c9de0 /distro/pkg/el-7
parent: Initial commit. (diff)
download: knot-b045529c40c83601909dca7b76a53498e9a70f33.tar.xz
knot-b045529c40c83601909dca7b76a53498e9a70f33.zip
7 files changed, 637 insertions, 0 deletions
diff --git a/distro/pkg/el-7/01-revert-AC_PROG_CC.patch b/distro/pkg/el-7/01-revert-AC_PROG_CC.patch
new file mode 100644
index 0000000..fb49c00
--- /dev/null
+++ b/distro/pkg/el-7/01-revert-AC_PROG_CC.patch
@@ -0,0 +1,18 @@
+From: Daniel Salzman <daniel.salzman@nic.cz>
+Date: Sun, 20 Feb 2022 20:38:35 +0100
+Subject: [PATCH] Revert "configure: upgrade from AC_PROG_CC_C99 to AC_PROG_CC"
+
+diff --git a/configure.ac b/configure.ac
+index 6506197ed..c7df7f815 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -38,7 +38,8 @@ release_date=$($SED -n 's/^Knot DNS .* (\(.*\))/\1/p;q;' ${srcdir}/NEWS)
+ AC_SUBST([RELEASE_DATE], $release_date)
+ 
+ # Set compiler compatibility flags
+-AC_PROG_CC
++AC_PROG_CC_C99 # AC_PROG_CC not supported by CentOS 7
++AM_PROG_CC_C_O # Needed by CentOS 7
+ AC_PROG_CPP_WERROR
+ 
+ # Set default CFLAGS
diff --git a/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch
new file mode 100644
index 0000000..cbc5aa2
--- /dev/null
+++ b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch
@@ -0,0 +1,67 @@
+From: Daniel Salzman <daniel.salzman@nic.cz>
+Date: Mon, 20 Mar 2023 14:57:54 +0100
+Subject: [PATCH] distro/el-7: fix compilation by using SHA-1 for PIN computation
+
+diff --git a/src/libknot/quic/quic.c b/src/libknot/quic/quic.c
+index 5610865f6..555c495d9 100644
+--- a/src/libknot/quic/quic.c
++++ b/src/libknot/quic/quic.c
+@@ -460,7 +460,7 @@ void knot_quic_conn_pin(knot_quic_conn_t *conn, uint8_t *pin, size_t *pin_size,
+ 		goto error;
+ 	}
+ 
+-	ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, pin, pin_size);
++	ret = gnutls_x509_crt_get_key_id(cert, 0, pin, pin_size);
+ 	if (ret != GNUTLS_E_SUCCESS) {
+ 		gnutls_x509_crt_deinit(cert);
+ 		goto error;
+diff --git a/src/utils/common/tls.c b/src/utils/common/tls.c
+index 245dd3f96..6a2e7a986 100644
+--- a/src/utils/common/tls.c
++++ b/src/utils/common/tls.c
+@@ -328,7 +328,7 @@ static int check_certificates(gnutls_session_t session, const list_t *pins)
+ 
+ 		uint8_t cert_pin[CERT_PIN_LEN] = { 0 };
+ 		size_t cert_pin_size = sizeof(cert_pin);
+-		ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256,
++		ret = gnutls_x509_crt_get_key_id(cert, 0,
+ 		                                 cert_pin, &cert_pin_size);
+ 		if (ret != 0) {
+ 			gnutls_x509_crt_deinit(cert);
+@@ -336,18 +336,18 @@ static int check_certificates(gnutls_session_t session, const list_t *pins)
+ 		}
+ 
+ 		// Check if correspond to a specified PIN.
+-		bool match = check_pin(cert_pin, sizeof(cert_pin), pins);
++		bool match = check_pin(cert_pin, cert_pin_size, pins);
+ 		if (match) {
+ 			matches++;
+ 		}
+ 
+ 		uint8_t *txt_pin;
+-		ret = knot_base64_encode_alloc(cert_pin, sizeof(cert_pin), &txt_pin);
++		ret = knot_base64_encode_alloc(cert_pin, cert_pin_size, &txt_pin);
+ 		if (ret < 0) {
+ 			gnutls_x509_crt_deinit(cert);
+ 			return ret;
+ 		}
+-		DBG("     SHA-256 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : "");
++		DBG("     SHA-1 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : "");
+ 		free(txt_pin);
+ 
+ 		gnutls_x509_crt_deinit(cert);
+diff --git a/src/utils/kdig/kdig_params.c b/src/utils/kdig/kdig_params.c
+index 359b8b596..8fd33b011 100644
+--- a/src/utils/kdig/kdig_params.c
++++ b/src/utils/kdig/kdig_params.c
+@@ -707,8 +707,8 @@ static int opt_tls_pin(const char *arg, void *query)
+ 	if (ret < 0) {
+ 		ERR("invalid +tls-pin=%s", arg);
+ 		return ret;
+-	} else if (ret != CERT_PIN_LEN) { // Check for 256-bit value.
+-		ERR("invalid sha256 hash length +tls-pin=%s", arg);
++	} else if (ret != 20) { // Check for 256-bit value.
++		ERR("invalid sha1 hash length +tls-pin=%s", arg);
+ 		return KNOT_EINVAL;
+ 	}
+
diff --git a/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch b/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch
new file mode 100644
index 0000000..8ef7e7e
--- /dev/null
+++ b/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch
@@ -0,0 +1,25 @@
+From c05abb0401d3343b96ced4a6cdd724ee04adfe1b Mon Sep 17 00:00:00 2001
+From: Daniel Salzman <daniel.salzman@nic.cz>
+Date: Mon, 21 Aug 2023 16:54:46 +0200
+Subject: [PATCH] doc: don't try to import sphinx_panels on CentOS 7
+
+
+ 1 file changed, 3 deletions(-)
+
+diff --git a/doc/conf.py b/doc/conf.py
+index fc2e94d96..515241051 100644
+--- a/doc/conf.py
++++ b/doc/conf.py
+@@ -27,9 +27,6 @@ sys.path.insert(0, os.path.abspath('ext'))
+ 
+ # Add any Sphinx extension module names here, as strings. They can be extensions
+ # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
+-import importlib.util
+-if importlib.util.find_spec("sphinx_panels"):
+-    extensions = [ 'sphinx_panels' ]
+ 
+ # Add any paths that contain templates here, relative to this directory.
+ templates_path = ['_templates']
+-- 
+2.25.1
+
diff --git a/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch b/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch
new file mode 100644
index 0000000..a13be90
--- /dev/null
+++ b/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch
@@ -0,0 +1,166 @@
+From 1bad8f831a9fd506516549ac7461f97c689a0c46 Mon Sep 17 00:00:00 2001
+From: Daniel Salzman <daniel.salzman@nic.cz>
+Date: Mon, 11 Dec 2023 17:08:23 +0100
+Subject: [PATCH] Revert "zone-sign: don't share PKCS 11 private keys by
+ multiple signing threads"
+
+This reverts commit 7d63e8e0825e03b8e0608e87b86968c452755c93.
+---
+ src/knot/dnssec/zone-keys.c | 38 +++----------------------------------
+ src/libdnssec/key.h         |  4 ++--
+ src/libdnssec/key/key.c     | 24 +----------------------
+ tests/libdnssec/test_key.c  |  4 ++--
+ 4 files changed, 8 insertions(+), 62 deletions(-)
+
+diff --git a/src/knot/dnssec/zone-keys.c b/src/knot/dnssec/zone-keys.c
+index cd6bf0bb3..d5cccc759 100644
+--- a/src/knot/dnssec/zone-keys.c
++++ b/src/knot/dnssec/zone-keys.c
+@@ -1,4 +1,4 @@
+-/*  Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
++/*  Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 
+     This program is free software: you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+@@ -642,21 +642,6 @@ int zone_key_calculate_ds(zone_key_t *for_key, dnssec_key_digest_t digesttype,
+ 	return ret;
+ }
+ 
+-static int dup_zone_key(const zone_key_t *src, zone_key_t *dst)
+-{
+-	assert(src);
+-	assert(dst);
+-
+-	*dst = *src;
+-
+-	dst->key = dnssec_key_dup(src->key);
+-	if (dst->key == NULL) {
+-		return KNOT_ENOMEM;
+-	}
+-
+-	return KNOT_EOK;
+-}
+-
+ zone_sign_ctx_t *zone_sign_ctx(const zone_keyset_t *keyset, const kdnssec_ctx_t *dnssec_ctx)
+ {
+ 	zone_sign_ctx_t *ctx = calloc(1, sizeof(*ctx) + keyset->count * sizeof(*ctx->sign_ctxs));
+@@ -665,24 +650,11 @@ zone_sign_ctx_t *zone_sign_ctx(const zone_keyset_t *keyset, const kdnssec_ctx_t
+ 	}
+ 
+ 	ctx->sign_ctxs = (dnssec_sign_ctx_t **)(ctx + 1);
+-
+-	ctx->keys = calloc(keyset->count, sizeof(*ctx->keys));
+-	if (ctx->keys == NULL) {
+-		zone_sign_ctx_free(ctx);
+-		return NULL;
+-	}
+ 	ctx->count = keyset->count;
+-
++	ctx->keys = keyset->keys;
+ 	ctx->dnssec_ctx = dnssec_ctx;
+ 	for (size_t i = 0; i < ctx->count; i++) {
+-		// Clone the key to avoid thread contention on the key mutex.
+-		int ret = dup_zone_key(&keyset->keys[i], &ctx->keys[i]);
+-		if (ret != KNOT_EOK) {
+-			zone_sign_ctx_free(ctx);
+-			return NULL;
+-		}
+-
+-		ret = dnssec_sign_new(&ctx->sign_ctxs[i], ctx->keys[i].key);
++		int ret = dnssec_sign_new(&ctx->sign_ctxs[i], ctx->keys[i].key);
+ 		if (ret != DNSSEC_EOK) {
+ 			zone_sign_ctx_free(ctx);
+ 			return NULL;
+@@ -719,12 +691,8 @@ void zone_sign_ctx_free(zone_sign_ctx_t *ctx)
+ {
+ 	if (ctx != NULL) {
+ 		for (size_t i = 0; i < ctx->count; i++) {
+-			if (ctx->keys != NULL) {
+-				dnssec_key_free(ctx->keys[i].key);
+-			}
+ 			dnssec_sign_free(ctx->sign_ctxs[i]);
+ 		}
+-		free(ctx->keys);
+ 		free(ctx);
+ 	}
+ }
+diff --git a/src/libdnssec/key.h b/src/libdnssec/key.h
+index aa8002b4a..2a69d377f 100644
+--- a/src/libdnssec/key.h
++++ b/src/libdnssec/key.h
+@@ -1,4 +1,4 @@
+-/*  Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
++/*  Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 
+     This program is free software: you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+@@ -134,7 +134,7 @@ void dnssec_key_free(dnssec_key_t *key);
+ /*!
+  * Create a copy of a DNSSEC key.
+  *
+- * Public key isn't duplicated.
++ * Only a public part of the key is copied.
+  */
+ dnssec_key_t *dnssec_key_dup(const dnssec_key_t *key);
+ 
+diff --git a/src/libdnssec/key/key.c b/src/libdnssec/key/key.c
+index 4574bbefb..f36316712 100644
+--- a/src/libdnssec/key/key.c
++++ b/src/libdnssec/key/key.c
+@@ -1,4 +1,4 @@
+-/*  Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
++/*  Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 
+     This program is free software: you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+@@ -141,28 +141,6 @@ dnssec_key_t *dnssec_key_dup(const dnssec_key_t *key)
+ 		return NULL;
+ 	}
+ 
+-	if (key->private_key != NULL) {
+-		gnutls_privkey_init(&dup->private_key);
+-
+-		gnutls_privkey_type_t type = gnutls_privkey_get_type(key->private_key);
+-		if (type == GNUTLS_PRIVKEY_PKCS11) {
+-#ifdef ENABLE_PKCS11
+-			gnutls_pkcs11_privkey_t tmp;
+-			gnutls_privkey_export_pkcs11(key->private_key, &tmp);
+-			gnutls_privkey_import_pkcs11(dup->private_key, tmp,
+-			                             GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+-#else
+-			assert(0);
+-#endif // ENABLE_PKCS11
+-		} else {
+-			assert(type == GNUTLS_PRIVKEY_X509);
+-			gnutls_x509_privkey_t tmp;
+-			gnutls_privkey_export_x509(key->private_key, &tmp);
+-			gnutls_privkey_import_x509(dup->private_key, tmp,
+-			                           GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+-		}
+-	}
+-
+ 	return dup;
+ }
+ 
+diff --git a/tests/libdnssec/test_key.c b/tests/libdnssec/test_key.c
+index c3643f08c..cd0aaee0e 100644
+--- a/tests/libdnssec/test_key.c
++++ b/tests/libdnssec/test_key.c
+@@ -1,4 +1,4 @@
+-/*  Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
++/*  Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 
+     This program is free software: you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+@@ -148,7 +148,7 @@ static void test_private_key(const key_parameters_t *params)
+ 
+ 	check_key_tag(copy, params);
+ 	check_key_size(copy, params);
+-	check_usage(copy, true, true);
++	check_usage(copy, true, false);
+ 
+ 	dnssec_key_free(copy);
+ 	dnssec_key_free(key);
+-- 
+2.34.1
+
diff --git a/distro/pkg/el-7/knot.service b/distro/pkg/el-7/knot.service
new file mode 100644
index 0000000..a872929
--- /dev/null
+++ b/distro/pkg/el-7/knot.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=Knot DNS server
+Wants=network-online.target
+After=network-online.target
+Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8)
+
+[Service]
+Type=notify
+User=knot
+Group=knot
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP
+ExecStartPre=/usr/sbin/knotc conf-check
+ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE"
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-abort
+LimitNOFILE=1048576
+TimeoutStopSec=300
+# Extend the systemd startup timeout by this value (seconds) for each zone
+Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180"
+# Maximum size (MiB) of a configuration database
+Environment="KNOT_CONF_MAX_SIZE=512"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/distro/pkg/el-7/knot.spec b/distro/pkg/el-7/knot.spec
new file mode 100644
index 0000000..93d05bb
--- /dev/null
+++ b/distro/pkg/el-7/knot.spec
@@ -0,0 +1,333 @@
+%global _hardened_build 1
+%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}}
+
+%define GPG_CHECK 0
+%define BASE_VERSION %(echo "%{version}" | sed 's/^\\([^.]\\+\\.[^.]\\+\\).*/\\1/')
+%define repodir %{_builddir}/%{name}-%{version}
+
+Summary:	High-performance authoritative DNS server
+Name:		knot
+Version:	{{ version }}
+Release:	cznic.{{ release }}%{?dist}
+License:	GPL-3.0-or-later
+URL:		https://www.knot-dns.cz
+Source0:	%{name}-%{version}.tar.xz
+
+%if 0%{?GPG_CHECK}
+Source1:	https://secure.nic.cz/files/knot-dns/%{name}-%{version}.tar.xz.asc
+# PGP keys used to sign upstream releases
+# Export with --armor using command from https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures
+# Don't forget to update %%prep section when adding/removing keys
+Source100:	gpgkey-742FA4E95829B6C5EAC6B85710BB7AF6FEBBD6AB.gpg.asc
+BuildRequires:	gnupg2
+%endif
+
+Patch1:		01-revert-AC_PROG_CC.patch
+Patch2:		02-fix-compilation-by-using-SHA-1.patch
+Patch3:		03-doc-don-t-try-to-import-sphinx_panels.patch
+Patch4:		04-revert-don-t-share-PKCS-11-private-keys.patch
+
+# Required dependencies
+BuildRequires:	autoconf
+BuildRequires:	automake
+BuildRequires:	libtool
+BuildRequires:	devtoolset-11-make
+BuildRequires:	devtoolset-11-gcc
+BuildRequires:	pkgconfig(liburcu)
+BuildRequires:	pkgconfig(gnutls) >= 3.3
+BuildRequires:	pkgconfig(libedit)
+
+# Optional dependencies
+BuildRequires:	pkgconfig(libcap-ng)
+BuildRequires:	pkgconfig(libidn2)
+BuildRequires:	pkgconfig(libmnl)
+BuildRequires:	pkgconfig(libnghttp2)
+BuildRequires:	pkgconfig(libsystemd)
+BuildRequires:	pkgconfig(systemd)
+# dnstap dependencies
+BuildRequires:	pkgconfig(libfstrm)
+BuildRequires:	pkgconfig(libprotobuf-c)
+# geoip dependencies
+BuildRequires:	pkgconfig(libmaxminddb)
+
+# Distro-dependent dependencies
+%if 0%{?suse_version}
+BuildRequires:	python3-Sphinx
+BuildRequires:	lmdb-devel
+BuildRequires:	protobuf-c
+Requires(pre):	pwdutils
+%endif
+%if 0%{?rhel} && 0%{?rhel} <= 7
+BuildRequires:	python-sphinx
+BuildRequires:	lmdb-devel
+%endif
+%if 0%{?fedora} || 0%{?rhel} > 7
+BuildRequires:	python3-sphinx
+BuildRequires:	pkgconfig(lmdb)
+%endif
+
+# disable XDP on old EL
+%define configure_xdp --enable-xdp=no
+
+Requires(post):		systemd %{_sbindir}/runuser
+Requires(preun):	systemd
+Requires(postun):	systemd
+
+Conflicts:	knot-resolver < 5.7.0
+
+Requires:	%{name}-libs%{?_isa} = %{version}-%{release}
+
+%description
+Knot DNS is a high-performance authoritative DNS server implementation.
+
+%package libs
+Summary:	Libraries used by the Knot DNS server and client applications
+
+%description libs
+The package contains shared libraries used by the Knot DNS server and
+utilities.
+
+%package devel
+Summary:	Development header files for the Knot DNS libraries
+Requires:	%{name}-libs%{?_isa} = %{version}-%{release}
+
+%description devel
+The package contains development header files for the Knot DNS libraries
+included in knot-libs package.
+
+%package utils
+Summary:	DNS client utilities shipped with the Knot DNS server
+Requires:	%{name}-libs%{?_isa} = %{version}-%{release}
+# Debian package compat
+Provides:	%{name}-dnsutils = %{version}-%{release}
+
+%description utils
+The package contains DNS client utilities shipped with the Knot DNS server.
+
+%package dnssecutils
+Summary:	DNSSEC tools shipped with the Knot DNS server
+Requires:	%{name}-libs%{?_isa} = %{version}-%{release}
+
+%description dnssecutils
+The package contains DNSSEC tools shipped with the Knot DNS server.
+
+%package module-dnstap
+Summary:	dnstap module for Knot DNS
+Requires:	%{name} = %{version}-%{release}
+
+%description module-dnstap
+The package contains dnstap Knot DNS module for logging DNS traffic.
+
+%package module-geoip
+Summary:	geoip module for Knot DNS
+Requires:	%{name} = %{version}-%{release}
+
+%description module-geoip
+The package contains geoip Knot DNS module for geography-based responses.
+
+%package doc
+Summary:	Documentation for the Knot DNS server
+BuildArch:	noarch
+Provides:	bundled(jquery)
+
+%description doc
+The package contains documentation for the Knot DNS server.
+On-line version is available on https://www.knot-dns.cz/documentation/
+
+%prep
+%if 0%{?GPG_CHECK}
+export GNUPGHOME=./gpg-keyring
+[ -d ${GNUPGHOME} ] && rm -r ${GNUPGHOME}
+mkdir --mode=700 ${GNUPGHOME}
+gpg2 --import %{SOURCE100}
+gpg2 --verify %{SOURCE1} %{SOURCE0}
+%endif
+%autosetup -p1
+
+%build
+# disable debug code (causes unused warnings)
+CFLAGS="%{optflags} -DNDEBUG -Wno-unused"
+
+%ifarch armv7hl i686
+# 32-bit architectures sometimes do not have sufficient amount of
+# contiguous address space to handle default values
+%define configure_db_sizes --with-conf-mapsize=64
+%endif
+
+autoreconf -if
+
+export CC="/opt/rh/devtoolset-11/root/usr/bin/gcc"
+%configure \
+  --sysconfdir=/etc \
+  --localstatedir=/var/lib \
+  --libexecdir=/usr/lib/knot \
+  --with-rundir=/run/knot \
+  --with-moduledir=%{_libdir}/knot/modules-%{BASE_VERSION} \
+  --with-storage=/var/lib/knot \
+  %{?configure_db_sizes} \
+  %{?configure_xdp} \
+  --disable-static \
+  --enable-dnstap=yes \
+  --with-module-dnstap=shared \
+  --with-module-geoip=shared
+make %{?_smp_mflags}
+make html
+
+%install
+make install DESTDIR=%{buildroot}
+
+# install documentation
+install -d -m 0755 %{buildroot}%{_pkgdocdir}/samples
+install -p -m 0644 -t %{buildroot}%{_pkgdocdir}/samples samples/*.zone*
+install -p -m 0644 NEWS README.md %{buildroot}%{_pkgdocdir}
+cp -av doc/_build/html %{buildroot}%{_pkgdocdir}
+[ -r %{buildroot}%{_pkgdocdir}/html/index.html ] || exit 1
+rm -f %{buildroot}%{_pkgdocdir}/html/.buildinfo
+
+# install daemon and dbus configuration files
+rm %{buildroot}%{_sysconfdir}/%{name}/*
+install -p -m 0644 -D %{repodir}/samples/%{name}.sample.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
+%if 0%{?fedora} || 0%{?rhel} > 7
+install -p -m 0644 -D %{repodir}/distro/common/cz.nic.knotd.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/cz.nic.knotd.conf
+%endif
+
+# install systemd files
+install -p -m 0644 -D %{repodir}/distro/pkg/el-7/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
+install -p -m 0644 -D %{repodir}/distro/pkg/el-7/%{name}.tmpfiles %{buildroot}%{_tmpfilesdir}/%{name}.conf
+%if 0%{?suse_version}
+ln -s service %{buildroot}/%{_sbindir}/rcknot
+%endif
+
+# create storage dir
+install -d %{buildroot}%{_sharedstatedir}
+install -d -m 0770 -D %{buildroot}%{_sharedstatedir}/knot
+
+# remove libarchive files
+find %{buildroot} -type f -name "*.la" -delete -print
+
+%check
+V=1 make check
+
+%pre
+getent group knot >/dev/null || groupadd -r knot
+getent passwd knot >/dev/null || \
+  useradd -r -g knot -d %{_sharedstatedir}/knot -s /sbin/nologin \
+  -c "Knot DNS server" knot
+%if 0%{?suse_version}
+%service_add_pre knot.service
+%endif
+
+%post
+systemd-tmpfiles --create %{_tmpfilesdir}/knot.conf &>/dev/null || :
+%if 0%{?suse_version}
+%service_add_post knot.service
+%else
+%systemd_post knot.service
+%endif
+
+%preun
+%if 0%{?suse_version}
+%service_del_preun knot.service
+%else
+%systemd_preun knot.service
+%endif
+
+%postun
+%if 0%{?suse_version}
+%service_del_postun knot.service
+%else
+%systemd_postun_with_restart knot.service
+%endif
+
+%if 0%{?fedora} || 0%{?rhel} > 7
+# https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets
+%else
+%post libs -p /sbin/ldconfig
+%postun libs -p /sbin/ldconfig
+%endif
+
+%files
+%license COPYING
+%doc %{_pkgdocdir}
+%exclude %{_pkgdocdir}/html
+%attr(770,root,knot) %dir %{_sysconfdir}/knot
+%config(noreplace) %attr(640,root,knot) %{_sysconfdir}/knot/knot.conf
+%if 0%{?fedora} || 0%{?rhel} > 7
+%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/cz.nic.knotd.conf
+%endif
+%attr(770,root,knot) %dir %{_sharedstatedir}/knot
+%dir %{_libdir}/knot
+%dir %{_libdir}/knot/modules-*
+%{_unitdir}/knot.service
+%{_tmpfilesdir}/knot.conf
+%{_sbindir}/kcatalogprint
+%{_sbindir}/kjournalprint
+%{_sbindir}/keymgr
+%{_sbindir}/knotc
+%{_sbindir}/knotd
+%if 0%{?suse_version}
+%{_sbindir}/rcknot
+%endif
+%{_mandir}/man5/knot.conf.*
+%{_mandir}/man8/kcatalogprint.*
+%{_mandir}/man8/kjournalprint.*
+%{_mandir}/man8/keymgr.*
+%{_mandir}/man8/knotc.*
+%{_mandir}/man8/knotd.*
+%ghost %attr(770,root,knot) %dir %{_rundir}/knot
+
+%files utils
+%{_bindir}/kdig
+%{_bindir}/khost
+%{_bindir}/knsupdate
+%if 0%{?use_xdp}
+%{_sbindir}/kxdpgun
+%{_mandir}/man8/kxdpgun.*
+%endif
+%{_mandir}/man1/kdig.*
+%{_mandir}/man1/khost.*
+%{_mandir}/man1/knsupdate.*
+
+%files dnssecutils
+%{_bindir}/knsec3hash
+%{_bindir}/kzonecheck
+%{_bindir}/kzonesign
+%{_mandir}/man1/knsec3hash.*
+%{_mandir}/man1/kzonecheck.*
+%{_mandir}/man1/kzonesign.*
+
+%files module-dnstap
+%{_libdir}/knot/modules-*/dnstap.so
+
+%files module-geoip
+%{_libdir}/knot/modules-*/geoip.so
+
+%files libs
+%license COPYING
+%doc NEWS
+%doc README.md
+%{_libdir}/libdnssec.so.*
+%{_libdir}/libknot.so.*
+%{_libdir}/libzscanner.so.*
+
+%files devel
+%{_includedir}/libdnssec
+%{_includedir}/knot
+%{_includedir}/libknot
+%{_includedir}/libzscanner
+%{_libdir}/libdnssec.so
+%{_libdir}/libknot.so
+%{_libdir}/libzscanner.so
+%{_libdir}/pkgconfig/knotd.pc
+%{_libdir}/pkgconfig/libdnssec.pc
+%{_libdir}/pkgconfig/libknot.pc
+%{_libdir}/pkgconfig/libzscanner.pc
+
+%files doc
+%dir %{_pkgdocdir}
+%doc %{_pkgdocdir}/html
+
+%changelog
+* {{ now }} Jakub Ružička <jakub.ruzicka@nic.cz> - {{ version }}-{{ release }}
+- upstream package
+- see https://www.knot-dns.cz
diff --git a/distro/pkg/el-7/knot.tmpfiles b/distro/pkg/el-7/knot.tmpfiles
new file mode 100644
index 0000000..edec729
--- /dev/null
+++ b/distro/pkg/el-7/knot.tmpfiles
@@ -0,0 +1,3 @@
+# tmpfiles.d(5) runtime directory for knot
+#Type Path        Mode UID      GID      Age Argument
+    d /run/knot   0755 knot     knot     -   -
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-10 19:05:44 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-10 19:05:44 +0000
commit	b045529c40c83601909dca7b76a53498e9a70f33 (patch)
tree	88371572105933fd950676c07b3a12163a0c9de0 /distro/pkg/el-7
parent	Initial commit. (diff)
download	knot-b045529c40c83601909dca7b76a53498e9a70f33.tar.xz knot-b045529c40c83601909dca7b76a53498e9a70f33.zip