summaryrefslogtreecommitdiffstats
path: root/distro/pkg/el-7
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--distro/pkg/el-7/01-revert-AC_PROG_CC.patch18
-rw-r--r--distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch67
-rw-r--r--distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch25
-rw-r--r--distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch160
-rw-r--r--distro/pkg/el-7/05-revert-mod-dnstap-TCP-sink.patch160
-rw-r--r--distro/pkg/el-7/knot.service25
-rw-r--r--distro/pkg/el-7/knot.spec334
-rw-r--r--distro/pkg/el-7/knot.tmpfiles3
8 files changed, 0 insertions, 792 deletions
diff --git a/distro/pkg/el-7/01-revert-AC_PROG_CC.patch b/distro/pkg/el-7/01-revert-AC_PROG_CC.patch
deleted file mode 100644
index fb49c00..0000000
--- a/distro/pkg/el-7/01-revert-AC_PROG_CC.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-From: Daniel Salzman <daniel.salzman@nic.cz>
-Date: Sun, 20 Feb 2022 20:38:35 +0100
-Subject: [PATCH] Revert "configure: upgrade from AC_PROG_CC_C99 to AC_PROG_CC"
-
-diff --git a/configure.ac b/configure.ac
-index 6506197ed..c7df7f815 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -38,7 +38,8 @@ release_date=$($SED -n 's/^Knot DNS .* (\(.*\))/\1/p;q;' ${srcdir}/NEWS)
- AC_SUBST([RELEASE_DATE], $release_date)
-
- # Set compiler compatibility flags
--AC_PROG_CC
-+AC_PROG_CC_C99 # AC_PROG_CC not supported by CentOS 7
-+AM_PROG_CC_C_O # Needed by CentOS 7
- AC_PROG_CPP_WERROR
-
- # Set default CFLAGS
diff --git a/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch
deleted file mode 100644
index cbc5aa2..0000000
--- a/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From: Daniel Salzman <daniel.salzman@nic.cz>
-Date: Mon, 20 Mar 2023 14:57:54 +0100
-Subject: [PATCH] distro/el-7: fix compilation by using SHA-1 for PIN computation
-
-diff --git a/src/libknot/quic/quic.c b/src/libknot/quic/quic.c
-index 5610865f6..555c495d9 100644
---- a/src/libknot/quic/quic.c
-+++ b/src/libknot/quic/quic.c
-@@ -460,7 +460,7 @@ void knot_quic_conn_pin(knot_quic_conn_t *conn, uint8_t *pin, size_t *pin_size,
- goto error;
- }
-
-- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, pin, pin_size);
-+ ret = gnutls_x509_crt_get_key_id(cert, 0, pin, pin_size);
- if (ret != GNUTLS_E_SUCCESS) {
- gnutls_x509_crt_deinit(cert);
- goto error;
-diff --git a/src/utils/common/tls.c b/src/utils/common/tls.c
-index 245dd3f96..6a2e7a986 100644
---- a/src/utils/common/tls.c
-+++ b/src/utils/common/tls.c
-@@ -328,7 +328,7 @@ static int check_certificates(gnutls_session_t session, const list_t *pins)
-
- uint8_t cert_pin[CERT_PIN_LEN] = { 0 };
- size_t cert_pin_size = sizeof(cert_pin);
-- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256,
-+ ret = gnutls_x509_crt_get_key_id(cert, 0,
- cert_pin, &cert_pin_size);
- if (ret != 0) {
- gnutls_x509_crt_deinit(cert);
-@@ -336,18 +336,18 @@ static int check_certificates(gnutls_session_t session, const list_t *pins)
- }
-
- // Check if correspond to a specified PIN.
-- bool match = check_pin(cert_pin, sizeof(cert_pin), pins);
-+ bool match = check_pin(cert_pin, cert_pin_size, pins);
- if (match) {
- matches++;
- }
-
- uint8_t *txt_pin;
-- ret = knot_base64_encode_alloc(cert_pin, sizeof(cert_pin), &txt_pin);
-+ ret = knot_base64_encode_alloc(cert_pin, cert_pin_size, &txt_pin);
- if (ret < 0) {
- gnutls_x509_crt_deinit(cert);
- return ret;
- }
-- DBG(" SHA-256 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : "");
-+ DBG(" SHA-1 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : "");
- free(txt_pin);
-
- gnutls_x509_crt_deinit(cert);
-diff --git a/src/utils/kdig/kdig_params.c b/src/utils/kdig/kdig_params.c
-index 359b8b596..8fd33b011 100644
---- a/src/utils/kdig/kdig_params.c
-+++ b/src/utils/kdig/kdig_params.c
-@@ -707,8 +707,8 @@ static int opt_tls_pin(const char *arg, void *query)
- if (ret < 0) {
- ERR("invalid +tls-pin=%s", arg);
- return ret;
-- } else if (ret != CERT_PIN_LEN) { // Check for 256-bit value.
-- ERR("invalid sha256 hash length +tls-pin=%s", arg);
-+ } else if (ret != 20) { // Check for 256-bit value.
-+ ERR("invalid sha1 hash length +tls-pin=%s", arg);
- return KNOT_EINVAL;
- }
-
diff --git a/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch b/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch
deleted file mode 100644
index 8ef7e7e..0000000
--- a/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From c05abb0401d3343b96ced4a6cdd724ee04adfe1b Mon Sep 17 00:00:00 2001
-From: Daniel Salzman <daniel.salzman@nic.cz>
-Date: Mon, 21 Aug 2023 16:54:46 +0200
-Subject: [PATCH] doc: don't try to import sphinx_panels on CentOS 7
-
-
- 1 file changed, 3 deletions(-)
-
-diff --git a/doc/conf.py b/doc/conf.py
-index fc2e94d96..515241051 100644
---- a/doc/conf.py
-+++ b/doc/conf.py
-@@ -27,9 +27,6 @@ sys.path.insert(0, os.path.abspath('ext'))
-
- # Add any Sphinx extension module names here, as strings. They can be extensions
- # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
--import importlib.util
--if importlib.util.find_spec("sphinx_panels"):
-- extensions = [ 'sphinx_panels' ]
-
- # Add any paths that contain templates here, relative to this directory.
- templates_path = ['_templates']
---
-2.25.1
-
diff --git a/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch b/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch
deleted file mode 100644
index d360433..0000000
--- a/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch
+++ /dev/null
@@ -1,160 +0,0 @@
-From 1bad8f831a9fd506516549ac7461f97c689a0c46 Mon Sep 17 00:00:00 2001
-From: Daniel Salzman <daniel.salzman@nic.cz>
-Date: Mon, 11 Dec 2023 17:08:23 +0100
-Subject: [PATCH] Revert "zone-sign: don't share PKCS 11 private keys by
- multiple signing threads"
-
-This reverts commit 7d63e8e0825e03b8e0608e87b86968c452755c93.
----
- src/knot/dnssec/zone-keys.c | 38 +++----------------------------------
- src/libdnssec/key.h | 4 ++--
- src/libdnssec/key/key.c | 24 +----------------------
- tests/libdnssec/test_key.c | 4 ++--
- 4 files changed, 8 insertions(+), 62 deletions(-)
-
-diff --git a/src/knot/dnssec/zone-keys.c b/src/knot/dnssec/zone-keys.c
-index cd6bf0bb3..d5cccc759 100644
---- a/src/knot/dnssec/zone-keys.c
-+++ b/src/knot/dnssec/zone-keys.c
-@@ -642,21 +642,6 @@ int zone_key_calculate_ds(zone_key_t *for_key, dnssec_key_digest_t digesttype,
- return ret;
- }
-
--static int dup_zone_key(const zone_key_t *src, zone_key_t *dst)
--{
-- assert(src);
-- assert(dst);
--
-- *dst = *src;
--
-- dst->key = dnssec_key_dup(src->key);
-- if (dst->key == NULL) {
-- return KNOT_ENOMEM;
-- }
--
-- return KNOT_EOK;
--}
--
- zone_sign_ctx_t *zone_sign_ctx(const zone_keyset_t *keyset, const kdnssec_ctx_t *dnssec_ctx)
- {
- zone_sign_ctx_t *ctx = calloc(1, sizeof(*ctx) + keyset->count * sizeof(*ctx->sign_ctxs));
-@@ -665,24 +650,11 @@ zone_sign_ctx_t *zone_sign_ctx(const zone_keyset_t *keyset, const kdnssec_ctx_t
- }
-
- ctx->sign_ctxs = (dnssec_sign_ctx_t **)(ctx + 1);
--
-- ctx->keys = calloc(keyset->count, sizeof(*ctx->keys));
-- if (ctx->keys == NULL) {
-- zone_sign_ctx_free(ctx);
-- return NULL;
-- }
- ctx->count = keyset->count;
--
-+ ctx->keys = keyset->keys;
- ctx->dnssec_ctx = dnssec_ctx;
- for (size_t i = 0; i < ctx->count; i++) {
-- // Clone the key to avoid thread contention on the key mutex.
-- int ret = dup_zone_key(&keyset->keys[i], &ctx->keys[i]);
-- if (ret != KNOT_EOK) {
-- zone_sign_ctx_free(ctx);
-- return NULL;
-- }
--
-- ret = dnssec_sign_new(&ctx->sign_ctxs[i], ctx->keys[i].key);
-+ int ret = dnssec_sign_new(&ctx->sign_ctxs[i], ctx->keys[i].key);
- if (ret != DNSSEC_EOK) {
- zone_sign_ctx_free(ctx);
- return NULL;
-@@ -719,12 +691,8 @@ void zone_sign_ctx_free(zone_sign_ctx_t *ctx)
- {
- if (ctx != NULL) {
- for (size_t i = 0; i < ctx->count; i++) {
-- if (ctx->keys != NULL) {
-- dnssec_key_free(ctx->keys[i].key);
-- }
- dnssec_sign_free(ctx->sign_ctxs[i]);
- }
-- free(ctx->keys);
- free(ctx);
- }
- }
-diff --git a/src/libdnssec/key.h b/src/libdnssec/key.h
-index aa8002b4a..2a69d377f 100644
---- a/src/libdnssec/key.h
-+++ b/src/libdnssec/key.h
-@@ -1,4 +1,4 @@
--/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-+/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
-@@ -134,7 +134,7 @@ void dnssec_key_free(dnssec_key_t *key);
- /*!
- * Create a copy of a DNSSEC key.
- *
-- * Public key isn't duplicated.
-+ * Only a public part of the key is copied.
- */
- dnssec_key_t *dnssec_key_dup(const dnssec_key_t *key);
-
-diff --git a/src/libdnssec/key/key.c b/src/libdnssec/key/key.c
-index 4574bbefb..f36316712 100644
---- a/src/libdnssec/key/key.c
-+++ b/src/libdnssec/key/key.c
-@@ -1,4 +1,4 @@
--/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-+/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
-@@ -141,28 +141,6 @@ dnssec_key_t *dnssec_key_dup(const dnssec_key_t *key)
- return NULL;
- }
-
-- if (key->private_key != NULL) {
-- gnutls_privkey_init(&dup->private_key);
--
-- gnutls_privkey_type_t type = gnutls_privkey_get_type(key->private_key);
-- if (type == GNUTLS_PRIVKEY_PKCS11) {
--#ifdef ENABLE_PKCS11
-- gnutls_pkcs11_privkey_t tmp;
-- gnutls_privkey_export_pkcs11(key->private_key, &tmp);
-- gnutls_privkey_import_pkcs11(dup->private_key, tmp,
-- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
--#else
-- assert(0);
--#endif // ENABLE_PKCS11
-- } else {
-- assert(type == GNUTLS_PRIVKEY_X509);
-- gnutls_x509_privkey_t tmp;
-- gnutls_privkey_export_x509(key->private_key, &tmp);
-- gnutls_privkey_import_x509(dup->private_key, tmp,
-- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
-- }
-- }
--
- return dup;
- }
-
-diff --git a/tests/libdnssec/test_key.c b/tests/libdnssec/test_key.c
-index c3643f08c..cd0aaee0e 100644
---- a/tests/libdnssec/test_key.c
-+++ b/tests/libdnssec/test_key.c
-@@ -1,4 +1,4 @@
--/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-+/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
-@@ -148,7 +148,7 @@ static void test_private_key(const key_parameters_t *params)
-
- check_key_tag(copy, params);
- check_key_size(copy, params);
-- check_usage(copy, true, true);
-+ check_usage(copy, true, false);
-
- dnssec_key_free(copy);
- dnssec_key_free(key);
---
-2.34.1
-
diff --git a/distro/pkg/el-7/05-revert-mod-dnstap-TCP-sink.patch b/distro/pkg/el-7/05-revert-mod-dnstap-TCP-sink.patch
deleted file mode 100644
index dae0fac..0000000
--- a/distro/pkg/el-7/05-revert-mod-dnstap-TCP-sink.patch
+++ /dev/null
@@ -1,160 +0,0 @@
-From d236d2b7fcd5fa607f7bfd38044eb6f510fac7ce Mon Sep 17 00:00:00 2001
-From: Daniel Salzman <daniel.salzman@nic.cz>
-Date: Wed, 12 Jun 2024 11:18:31 +0200
-Subject: [PATCH] Revert "mod-dnstap: add sink for TCP connection"
-
-This reverts commit 2ffd7dfa58ddcd1b860f0c9980fd082c3852d3e6.
----
- src/knot/modules/dnstap/dnstap.c | 74 +++++-------------------------
- src/knot/modules/dnstap/dnstap.rst | 9 ++--
- 2 files changed, 15 insertions(+), 68 deletions(-)
-
-diff --git a/src/knot/modules/dnstap/dnstap.c b/src/knot/modules/dnstap/dnstap.c
-index 612e48869..c8c82eaa4 100644
---- a/src/knot/modules/dnstap/dnstap.c
-+++ b/src/knot/modules/dnstap/dnstap.c
-@@ -1,4 +1,4 @@
--/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-+/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
-@@ -185,33 +185,6 @@ finish:
- return writer;
- }
-
--static struct fstrm_writer* dnstap_tcp_writer(const char *address, const char *port)
--{
-- struct fstrm_tcp_writer_options *opt = NULL;
-- struct fstrm_writer_options *wopt = NULL;
-- struct fstrm_writer *writer = NULL;
--
-- opt = fstrm_tcp_writer_options_init();
-- if (opt == NULL) {
-- goto finish;
-- }
--
-- fstrm_tcp_writer_options_set_socket_address(opt, address);
-- fstrm_tcp_writer_options_set_socket_port(opt, port);
--
-- wopt = fstrm_writer_options_init();
-- if (wopt == NULL) {
-- goto finish;
-- }
-- fstrm_writer_options_add_content_type(wopt, DNSTAP_CONTENT_TYPE,
-- strlen(DNSTAP_CONTENT_TYPE));
-- writer = fstrm_tcp_writer_init(opt, wopt);
--finish:
-- fstrm_tcp_writer_options_destroy(&opt);
-- fstrm_writer_options_destroy(&wopt);
-- return writer;
--}
--
- /*! \brief Create a basic file writer sink. */
- static struct fstrm_writer* dnstap_file_writer(const char *path)
- {
-@@ -240,42 +213,17 @@ finish:
- }
-
- /*! \brief Create a log sink according to the path string. */
--static struct fstrm_writer* dnstap_writer(knotd_mod_t *mod, const char *path)
-+static struct fstrm_writer* dnstap_writer(const char *path)
- {
-- const char *unix_prefix = "unix:";
-- const size_t unix_prefix_len = strlen(unix_prefix);
--
-- const char *tcp_prefix = "tcp:";
-- const size_t tcp_prefix_len = strlen(tcp_prefix);
--
-- const size_t path_len = strlen(path);
-+ const char *prefix = "unix:";
-+ const size_t prefix_len = strlen(prefix);
-
- /* UNIX socket prefix. */
-- if (path_len > unix_prefix_len &&
-- strncmp(path, unix_prefix, unix_prefix_len) == 0) {
-- knotd_mod_log(mod, LOG_DEBUG, "using sink UNIX socket '%s'", path);
-- return dnstap_unix_writer(path + unix_prefix_len);
-- /* TCP socket prefix. */
-- } else if (path_len > tcp_prefix_len &&
-- strncmp(path, tcp_prefix, tcp_prefix_len) == 0) {
-- char addr[INET6_ADDRSTRLEN] = { 0 };
-- const char *delimiter = strchr(path + tcp_prefix_len, '@');
-- if (delimiter == NULL) {
-- return NULL;
-- }
-- size_t addr_len = delimiter - path - tcp_prefix_len;
-- if (addr_len >= sizeof(addr)) {
-- return NULL;
-- }
-- memcpy(addr, path + tcp_prefix_len, addr_len);
-- knotd_mod_log(mod, LOG_DEBUG, "using sink TCP address '%s' port '%s'",
-- addr, delimiter + 1);
-- return dnstap_tcp_writer(addr, delimiter + 1);
-- /* File path. */
-- } else {
-- knotd_mod_log(mod, LOG_DEBUG, "using sink file '%s'", path);
-- return dnstap_file_writer(path);
-+ if (strlen(path) > prefix_len && strncmp(path, prefix, prefix_len) == 0) {
-+ return dnstap_unix_writer(path + prefix_len);
- }
-+
-+ return dnstap_file_writer(path);
- }
-
- int dnstap_load(knotd_mod_t *mod)
-@@ -325,7 +273,7 @@ int dnstap_load(knotd_mod_t *mod)
- const bool log_responses = conf.single.boolean;
-
- /* Initialize the writer and the options. */
-- struct fstrm_writer *writer = dnstap_writer(mod, sink);
-+ struct fstrm_writer *writer = dnstap_writer(sink);
- if (writer == NULL) {
- goto fail;
- }
-@@ -359,13 +307,13 @@ int dnstap_load(knotd_mod_t *mod)
-
- return KNOT_EOK;
- fail:
-- knotd_mod_log(mod, LOG_ERR, "failed to initialize sink '%s'", sink);
-+ knotd_mod_log(mod, LOG_ERR, "failed to init sink '%s'", sink);
-
- free(ctx->identity);
- free(ctx->version);
- free(ctx);
-
-- return KNOT_EINVAL;
-+ return KNOT_ENOMEM;
- }
-
- void dnstap_unload(knotd_mod_t *mod)
-diff --git a/src/knot/modules/dnstap/dnstap.rst b/src/knot/modules/dnstap/dnstap.rst
-index 05eac09ab..358977da0 100644
---- a/src/knot/modules/dnstap/dnstap.rst
-+++ b/src/knot/modules/dnstap/dnstap.rst
-@@ -11,7 +11,7 @@ Example
- -------
-
- The configuration comprises only a :ref:`mod-dnstap_sink` path parameter,
--which can be either a file, a UNIX socket, or a TCP address::
-+which can be either a file or a UNIX socket::
-
- mod-dnstap:
- - id: capture_all
-@@ -60,10 +60,9 @@ A module identifier.
- sink
- ....
-
--A sink path, which can be either a file, a UNIX socket when prefixed with
--``unix:``, or a TCP `address@port` when prefixed with ``tcp:``. The file may
--be specified as an absolute path or a path relative to
--the :doc:`knotd<man_knotd>` startup directory.
-+A sink path, which can be either a file or a UNIX socket when prefixed with
-+``unix:``. The file may be specified as an absolute path or a path relative
-+to the :doc:`knotd<man_knotd>` startup directory.
-
- *Required*
-
---
-2.34.1
-
diff --git a/distro/pkg/el-7/knot.service b/distro/pkg/el-7/knot.service
deleted file mode 100644
index a872929..0000000
--- a/distro/pkg/el-7/knot.service
+++ /dev/null
@@ -1,25 +0,0 @@
-[Unit]
-Description=Knot DNS server
-Wants=network-online.target
-After=network-online.target
-Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8)
-
-[Service]
-Type=notify
-User=knot
-Group=knot
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP
-AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP
-ExecStartPre=/usr/sbin/knotc conf-check
-ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE"
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-abort
-LimitNOFILE=1048576
-TimeoutStopSec=300
-# Extend the systemd startup timeout by this value (seconds) for each zone
-Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180"
-# Maximum size (MiB) of a configuration database
-Environment="KNOT_CONF_MAX_SIZE=512"
-
-[Install]
-WantedBy=multi-user.target
diff --git a/distro/pkg/el-7/knot.spec b/distro/pkg/el-7/knot.spec
deleted file mode 100644
index 887f988..0000000
--- a/distro/pkg/el-7/knot.spec
+++ /dev/null
@@ -1,334 +0,0 @@
-%global _hardened_build 1
-%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}}
-
-%define GPG_CHECK 0
-%define BASE_VERSION %(echo "%{version}" | sed 's/^\\([^.]\\+\\.[^.]\\+\\).*/\\1/')
-%define repodir %{_builddir}/%{name}-%{version}
-
-Summary: High-performance authoritative DNS server
-Name: knot
-Version: {{ version }}
-Release: cznic.{{ release }}%{?dist}
-License: GPL-3.0-or-later
-URL: https://www.knot-dns.cz
-Source0: %{name}-%{version}.tar.xz
-
-%if 0%{?GPG_CHECK}
-Source1: https://secure.nic.cz/files/knot-dns/%{name}-%{version}.tar.xz.asc
-# PGP keys used to sign upstream releases
-# Export with --armor using command from https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures
-# Don't forget to update %%prep section when adding/removing keys
-Source100: gpgkey-742FA4E95829B6C5EAC6B85710BB7AF6FEBBD6AB.gpg.asc
-BuildRequires: gnupg2
-%endif
-
-Patch1: 01-revert-AC_PROG_CC.patch
-Patch2: 02-fix-compilation-by-using-SHA-1.patch
-Patch3: 03-doc-don-t-try-to-import-sphinx_panels.patch
-Patch4: 04-revert-don-t-share-PKCS-11-private-keys.patch
-Patch5: 05-revert-mod-dnstap-TCP-sink.patch
-
-# Required dependencies
-BuildRequires: autoconf
-BuildRequires: automake
-BuildRequires: libtool
-BuildRequires: devtoolset-11-make
-BuildRequires: devtoolset-11-gcc
-BuildRequires: pkgconfig(liburcu)
-BuildRequires: pkgconfig(gnutls) >= 3.3
-BuildRequires: pkgconfig(libedit)
-
-# Optional dependencies
-BuildRequires: pkgconfig(libcap-ng)
-BuildRequires: pkgconfig(libidn2)
-BuildRequires: pkgconfig(libmnl)
-BuildRequires: pkgconfig(libnghttp2)
-BuildRequires: pkgconfig(libsystemd)
-BuildRequires: pkgconfig(systemd)
-# dnstap dependencies
-BuildRequires: pkgconfig(libfstrm)
-BuildRequires: pkgconfig(libprotobuf-c)
-# geoip dependencies
-BuildRequires: pkgconfig(libmaxminddb)
-
-# Distro-dependent dependencies
-%if 0%{?suse_version}
-BuildRequires: python3-Sphinx
-BuildRequires: lmdb-devel
-BuildRequires: protobuf-c
-Requires(pre): pwdutils
-%endif
-%if 0%{?rhel} && 0%{?rhel} <= 7
-BuildRequires: python-sphinx
-BuildRequires: lmdb-devel
-%endif
-%if 0%{?fedora} || 0%{?rhel} > 7
-BuildRequires: python3-sphinx
-BuildRequires: pkgconfig(lmdb)
-%endif
-
-# disable XDP on old EL
-%define configure_xdp --enable-xdp=no
-
-Requires(post): systemd %{_sbindir}/runuser
-Requires(preun): systemd
-Requires(postun): systemd
-
-Conflicts: knot-resolver < 5.7.0
-
-Requires: %{name}-libs%{?_isa} = %{version}-%{release}
-
-%description
-Knot DNS is a high-performance authoritative DNS server implementation.
-
-%package libs
-Summary: Libraries used by the Knot DNS server and client applications
-
-%description libs
-The package contains shared libraries used by the Knot DNS server and
-utilities.
-
-%package devel
-Summary: Development header files for the Knot DNS libraries
-Requires: %{name}-libs%{?_isa} = %{version}-%{release}
-
-%description devel
-The package contains development header files for the Knot DNS libraries
-included in knot-libs package.
-
-%package utils
-Summary: DNS client utilities shipped with the Knot DNS server
-Requires: %{name}-libs%{?_isa} = %{version}-%{release}
-# Debian package compat
-Provides: %{name}-dnsutils = %{version}-%{release}
-
-%description utils
-The package contains DNS client utilities shipped with the Knot DNS server.
-
-%package dnssecutils
-Summary: DNSSEC tools shipped with the Knot DNS server
-Requires: %{name}-libs%{?_isa} = %{version}-%{release}
-
-%description dnssecutils
-The package contains DNSSEC tools shipped with the Knot DNS server.
-
-%package module-dnstap
-Summary: dnstap module for Knot DNS
-Requires: %{name} = %{version}-%{release}
-
-%description module-dnstap
-The package contains dnstap Knot DNS module for logging DNS traffic.
-
-%package module-geoip
-Summary: geoip module for Knot DNS
-Requires: %{name} = %{version}-%{release}
-
-%description module-geoip
-The package contains geoip Knot DNS module for geography-based responses.
-
-%package doc
-Summary: Documentation for the Knot DNS server
-BuildArch: noarch
-Provides: bundled(jquery)
-
-%description doc
-The package contains documentation for the Knot DNS server.
-On-line version is available on https://www.knot-dns.cz/documentation/
-
-%prep
-%if 0%{?GPG_CHECK}
-export GNUPGHOME=./gpg-keyring
-[ -d ${GNUPGHOME} ] && rm -r ${GNUPGHOME}
-mkdir --mode=700 ${GNUPGHOME}
-gpg2 --import %{SOURCE100}
-gpg2 --verify %{SOURCE1} %{SOURCE0}
-%endif
-%autosetup -p1
-
-%build
-# disable debug code (causes unused warnings)
-CFLAGS="%{optflags} -DNDEBUG -Wno-unused"
-
-%ifarch armv7hl i686
-# 32-bit architectures sometimes do not have sufficient amount of
-# contiguous address space to handle default values
-%define configure_db_sizes --with-conf-mapsize=64
-%endif
-
-autoreconf -if
-
-export CC="/opt/rh/devtoolset-11/root/usr/bin/gcc"
-%configure \
- --sysconfdir=/etc \
- --localstatedir=/var/lib \
- --libexecdir=/usr/lib/knot \
- --with-rundir=/run/knot \
- --with-moduledir=%{_libdir}/knot/modules-%{BASE_VERSION} \
- --with-storage=/var/lib/knot \
- %{?configure_db_sizes} \
- %{?configure_xdp} \
- --disable-static \
- --enable-dnstap=yes \
- --with-module-dnstap=shared \
- --with-module-geoip=shared
-make %{?_smp_mflags}
-make html
-
-%install
-make install DESTDIR=%{buildroot}
-
-# install documentation
-install -d -m 0755 %{buildroot}%{_pkgdocdir}/samples
-install -p -m 0644 -t %{buildroot}%{_pkgdocdir}/samples samples/*.zone*
-install -p -m 0644 NEWS README.md %{buildroot}%{_pkgdocdir}
-cp -av doc/_build/html %{buildroot}%{_pkgdocdir}
-[ -r %{buildroot}%{_pkgdocdir}/html/index.html ] || exit 1
-rm -f %{buildroot}%{_pkgdocdir}/html/.buildinfo
-
-# install daemon and dbus configuration files
-rm %{buildroot}%{_sysconfdir}/%{name}/*
-install -p -m 0644 -D %{repodir}/samples/%{name}.sample.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
-%if 0%{?fedora} || 0%{?rhel} > 7
-install -p -m 0644 -D %{repodir}/distro/common/cz.nic.knotd.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/cz.nic.knotd.conf
-%endif
-
-# install systemd files
-install -p -m 0644 -D %{repodir}/distro/pkg/el-7/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
-install -p -m 0644 -D %{repodir}/distro/pkg/el-7/%{name}.tmpfiles %{buildroot}%{_tmpfilesdir}/%{name}.conf
-%if 0%{?suse_version}
-ln -s service %{buildroot}/%{_sbindir}/rcknot
-%endif
-
-# create storage dir
-install -d %{buildroot}%{_sharedstatedir}
-install -d -m 0770 -D %{buildroot}%{_sharedstatedir}/knot
-
-# remove libarchive files
-find %{buildroot} -type f -name "*.la" -delete -print
-
-%check
-V=1 make check
-
-%pre
-getent group knot >/dev/null || groupadd -r knot
-getent passwd knot >/dev/null || \
- useradd -r -g knot -d %{_sharedstatedir}/knot -s /sbin/nologin \
- -c "Knot DNS server" knot
-%if 0%{?suse_version}
-%service_add_pre knot.service
-%endif
-
-%post
-systemd-tmpfiles --create %{_tmpfilesdir}/knot.conf &>/dev/null || :
-%if 0%{?suse_version}
-%service_add_post knot.service
-%else
-%systemd_post knot.service
-%endif
-
-%preun
-%if 0%{?suse_version}
-%service_del_preun knot.service
-%else
-%systemd_preun knot.service
-%endif
-
-%postun
-%if 0%{?suse_version}
-%service_del_postun knot.service
-%else
-%systemd_postun_with_restart knot.service
-%endif
-
-%if 0%{?fedora} || 0%{?rhel} > 7
-# https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets
-%else
-%post libs -p /sbin/ldconfig
-%postun libs -p /sbin/ldconfig
-%endif
-
-%files
-%license COPYING
-%doc %{_pkgdocdir}
-%exclude %{_pkgdocdir}/html
-%attr(770,root,knot) %dir %{_sysconfdir}/knot
-%config(noreplace) %attr(640,root,knot) %{_sysconfdir}/knot/knot.conf
-%if 0%{?fedora} || 0%{?rhel} > 7
-%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/cz.nic.knotd.conf
-%endif
-%attr(770,root,knot) %dir %{_sharedstatedir}/knot
-%dir %{_libdir}/knot
-%dir %{_libdir}/knot/modules-*
-%{_unitdir}/knot.service
-%{_tmpfilesdir}/knot.conf
-%{_sbindir}/kcatalogprint
-%{_sbindir}/kjournalprint
-%{_sbindir}/keymgr
-%{_sbindir}/knotc
-%{_sbindir}/knotd
-%if 0%{?suse_version}
-%{_sbindir}/rcknot
-%endif
-%{_mandir}/man5/knot.conf.*
-%{_mandir}/man8/kcatalogprint.*
-%{_mandir}/man8/kjournalprint.*
-%{_mandir}/man8/keymgr.*
-%{_mandir}/man8/knotc.*
-%{_mandir}/man8/knotd.*
-%ghost %attr(770,root,knot) %dir %{_rundir}/knot
-
-%files utils
-%{_bindir}/kdig
-%{_bindir}/khost
-%{_bindir}/knsupdate
-%if 0%{?use_xdp}
-%{_sbindir}/kxdpgun
-%{_mandir}/man8/kxdpgun.*
-%endif
-%{_mandir}/man1/kdig.*
-%{_mandir}/man1/khost.*
-%{_mandir}/man1/knsupdate.*
-
-%files dnssecutils
-%{_bindir}/knsec3hash
-%{_bindir}/kzonecheck
-%{_bindir}/kzonesign
-%{_mandir}/man1/knsec3hash.*
-%{_mandir}/man1/kzonecheck.*
-%{_mandir}/man1/kzonesign.*
-
-%files module-dnstap
-%{_libdir}/knot/modules-*/dnstap.so
-
-%files module-geoip
-%{_libdir}/knot/modules-*/geoip.so
-
-%files libs
-%license COPYING
-%doc NEWS
-%doc README.md
-%{_libdir}/libdnssec.so.*
-%{_libdir}/libknot.so.*
-%{_libdir}/libzscanner.so.*
-
-%files devel
-%{_includedir}/libdnssec
-%{_includedir}/knot
-%{_includedir}/libknot
-%{_includedir}/libzscanner
-%{_libdir}/libdnssec.so
-%{_libdir}/libknot.so
-%{_libdir}/libzscanner.so
-%{_libdir}/pkgconfig/knotd.pc
-%{_libdir}/pkgconfig/libdnssec.pc
-%{_libdir}/pkgconfig/libknot.pc
-%{_libdir}/pkgconfig/libzscanner.pc
-
-%files doc
-%dir %{_pkgdocdir}
-%doc %{_pkgdocdir}/html
-
-%changelog
-* {{ now }} Jakub Ružička <jakub.ruzicka@nic.cz> - {{ version }}-{{ release }}
-- upstream package
-- see https://www.knot-dns.cz
diff --git a/distro/pkg/el-7/knot.tmpfiles b/distro/pkg/el-7/knot.tmpfiles
deleted file mode 100644
index edec729..0000000
--- a/distro/pkg/el-7/knot.tmpfiles
+++ /dev/null
@@ -1,3 +0,0 @@
-# tmpfiles.d(5) runtime directory for knot
-#Type Path Mode UID GID Age Argument
- d /run/knot 0755 knot knot - -