# HG changeset patch # User Michael Schloh von Bennewitz # Date 1346171595 -7200 # Node ID d927b76d07e34892cc4ed31865fe551977233cff # Parent 434e5cc73d47f89ec2cda440176fd7bb76d9fd90 Import package vendor original specs for necessary manipulations. diff -r 434e5cc73d47 -r d927b76d07e3 bind/bind.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bind/bind.patch Tue Aug 28 18:33:15 2012 +0200 @@ -0,0 +1,56 @@ +Index: bin/named/unix/os.c +--- bin/named/unix/os.c.orig 2008-05-06 03:32:51 +0200 ++++ bin/named/unix/os.c 2008-07-25 07:47:14 +0200 +@@ -261,6 +261,13 @@ + SET_CAP(CAP_SETGID); + + /* ++ * Since we call chown, we need this. ++ */ ++#if defined(CAP_CHOWN) ++ SET_CAP(CAP_CHOWN); ++#endif ++ ++ /* + * Without this, we run into problems reading a configuration file + * owned by a non-root user and non-world-readable on startup. + */ + +----------------------------------------------------------------------------- + +As mentionned in http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/5a6cb9a54b56b199 +"Assertion debug information" without this patch BIND+dlz crashes when +doing zone transfer request ("host -la domain server") + +Index: bin/named/xfrout.c +--- bin/named/xfrout.c.orig 2008-04-03 08:20:33.000000000 +0200 ++++ bin/named/xfrout.c 2008-11-27 08:58:20.000000000 +0100 +@@ -1744,6 +1745,7 @@ xfrout_senddone(isc_task_t *task, isc_ev + sendstream(xfr); + } else { + /* End of zone transfer stream. */ ++ if (xfr->zone != NULL) + inc_stats(xfr->zone, dns_nsstatscounter_xfrdone); + xfrout_log(xfr, ISC_LOG_INFO, "%s ended", xfr->mnemonic); + ns_client_next(xfr->client, ISC_R_SUCCESS); + +----------------------------------------------------------------------------- + +OpenPKG intentionally uses a reused "rdnc.key" and a "rdnc.conf" +and hence we don't want to see those warning messages. + +Index: bin/rndc/rndc.c +--- bin/rndc/rndc.c.orig 2010-07-11 02:12:18.000000000 +0200 ++++ bin/rndc/rndc.c 2011-02-06 17:08:38.000000000 +0100 +@@ -468,9 +468,11 @@ + admin_conffile, admin_keyfile); + key_only = ISC_TRUE; + } else if (! c_flag && isc_file_exists(admin_keyfile)) { ++ /* + fprintf(stderr, "WARNING: key file (%s) exists, but using " + "default configuration file (%s)\n", + admin_keyfile, admin_conffile); ++ */ + } + + DO("create parser", cfg_parser_create(mctx, log, pctxp)); diff -r 434e5cc73d47 -r d927b76d07e3 bind/bind.spec --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bind/bind.spec Tue Aug 28 18:33:15 2012 +0200 @@ -0,0 +1,244 @@ +## +## bind.spec -- OpenPKG RPM Package Specification +## Copyright (c) 2000-2012 OpenPKG Foundation e.V. +## +## Permission to use, copy, modify, and distribute this software for +## any purpose with or without fee is hereby granted, provided that +## the above copyright notice and this permission notice appear in all +## copies. +## +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +## SUCH DAMAGE. +## + +# package version +%define V_opkg 9.9.1p1 +%define V_dist 9.9.1-P1 + +# package information +Name: bind +Summary: Berkeley Internet Name Domain (BIND) +URL: https://www.isc.org/software/bind +Vendor: Internet Software Foundation +Packager: OpenPKG Foundation e.V. +Distribution: OpenPKG Community +Class: BASE +Group: DNS +License: ISC +Version: %{V_opkg} +Release: 20120707 + +# package options +%option with_dnssec yes +%option with_threads no +%option with_pgsql no +%option with_mysql no +%option with_odbc no +%option with_bdb no +%option with_fs no +%option with_ldap no + +# list of sources +Source0: ftp://ftp.isc.org/isc/bind9/%{V_dist}/bind-%{V_dist}.tar.gz +Source1: bind.txt +Source2: rc.bind +Patch0: bind.patch + +# build information +BuildPreReq: OpenPKG, openpkg >= 20100101, make, pkgconfig +PreReq: OpenPKG, openpkg >= 20100101 +%if "%{with_dnssec}" == "yes" +BuildPreReq: openssl +PreReq: openssl +%endif +%if "%{with_pgsql}" == "yes" +BuildPreReq: postgresql, openssl +PreReq: postgresql, openssl +%endif +%if "%{with_mysql}" == "yes" +BuildPreReq: mysql +PreReq: mysql +%endif +%if "%{with_odbc}" == "yes" +BuildPreReq: ODBC +PreReq: ODBC +%endif +%if "%{with_bdb}" == "yes" +BuildPreReq: db +PreReq: db +%endif +%if "%{with_ldap}" == "yes" +BuildPreReq: openldap, openssl +PreReq: openldap, openssl +%endif +Conflicts: powerdns + +%description + Berkeley Internet Name Domain (BIND) is an implementation of + the Domain Name System (DNS) protocols and provides an openly + redistributable reference implementation of the major components + of the Domain Name System, including a Domain Name System server + (named) + +%track + prog bind = { + version = %{V_dist} + url = ftp://ftp.isc.org/isc/bind9/ + regex = (\d+\.\d+\.\d+(?:-P\d+)?) + url = ftp://ftp.isc.org/isc/bind9/__NEWVER__/ + regex = bind-(\d+\.\d+\.\d+(?:-P\d+)?)\.tar\.gz + } + +%prep + %setup -q -n bind-%{V_dist} + %patch -p0 + +%build + # configure program + %{l_shtool} subst \ + -e '/LINENO: error: C[+]* preprocessor/{N;N;N;N;s/.*/:/;}' \ + configure + export CC="%{l_cc}" + export CFLAGS="%{l_cflags -O} %{l_cppflags}" + export LDFLAGS="%{l_ldflags}" + export LIBS="" +%if "%{with_pgsql}" == "yes" + CFLAGS="$CFLAGS %{l_cppflags postgresql .}" +%endif +%if "%{with_dnssec}" == "yes" + LIBS="$LIBS `pkg-config openssl --libs`" +%endif + GREP="grep" \ + ./configure \ + --prefix=%{l_prefix} \ + --mandir=%{l_prefix}/man \ + --sysconfdir=%{l_prefix}/etc/bind \ + --localstatedir=%{l_prefix}/var/bind \ +%if "%{with_dnssec}" == "yes" + --with-openssl=%{l_prefix} \ +%else + --without-openssl \ +%endif +%if "%{with_threads}" == "yes" + --enable-threads \ +%else + --disable-threads \ +%endif +%if "%{with_pgsql}" == "yes" + --with-dlz-postgres=%{l_prefix} \ +%endif +%if "%{with_mysql}" == "yes" + --with-dlz-mysql=%{l_prefix} \ +%endif +%if "%{with_odbc}" == "yes" + --with-dlz-odbc=%{l_prefix} \ +%endif +%if "%{with_bdb}" == "yes" + --with-dlz-bdb=%{l_prefix} \ +%endif +%if "%{with_fs}" == "yes" + --with-dlz-filesystem \ +%endif +%if "%{with_ldap}" == "yes" + --with-dlz-ldap=%{l_prefix} \ +%endif + --without-libbind \ + --without-libxml2 \ + --without-gssapi \ + --with-libtool \ + --disable-shared \ + --disable-nls + + # build program + %{l_make} %{l_mflags} + +%install + + # perform standard install procedure + %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT + + # strip down installation + strip $RPM_BUILD_ROOT%{l_prefix}/sbin/* >/dev/null 2>&1 || true + strip $RPM_BUILD_ROOT%{l_prefix}/bin/* >/dev/null 2>&1 || true + rm -f $RPM_BUILD_ROOT%{l_prefix}/bin/isc-config.sh + rm -rf $RPM_BUILD_ROOT%{l_prefix}/include + rm -rf $RPM_BUILD_ROOT%{l_prefix}/lib + rm -rf $RPM_BUILD_ROOT%{l_prefix}/man/man3 + rm -rf $RPM_BUILD_ROOT%{l_prefix}/var/bind/run + + # install BIND9 ARM + %{l_shtool} mkdir -f -p -m 755 \ + $RPM_BUILD_ROOT%{l_prefix}/share/bind + %{l_shtool} install -c -m 644 \ + doc/arm/*ARM*.html $RPM_BUILD_ROOT%{l_prefix}/share/bind/ + + # install run-command script + %{l_shtool} mkdir -f -p -m 755 \ + $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d + %{l_shtool} install -c -m 755 %{l_value -s -a} \ + %{SOURCE rc.bind} \ + $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/ + + # install default configuration + %{l_shtool} mkdir -f -p -m 755 \ + $RPM_BUILD_ROOT%{l_prefix}/etc/bind \ + $RPM_BUILD_ROOT%{l_prefix}/etc/bind/named.db + for name in `grep "^/d" -e "/<\/file>/,\$d" >tmp.txt + %{l_shtool} install -c -m 644 %{l_value -s -a} \ + tmp.txt $RPM_BUILD_ROOT%{l_prefix}/etc/bind/$name + done + + # create an empty var directory + %{l_shtool} mkdir -f -p -m 755 \ + $RPM_BUILD_ROOT%{l_prefix}/var/bind + + # determine the installed files + %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ + %{l_files_std} \ + '%config %attr(640,%{l_musr},%{l_rgrp}) %{l_prefix}/etc/bind/*.conf' \ + '%config %attr(775,%{l_musr},%{l_rgrp}) %{l_prefix}/etc/bind/named.db' \ + '%config %attr(644,%{l_musr},%{l_rgrp}) %{l_prefix}/etc/bind/named.db/*' \ + '%dir %attr(775,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/bind' + +%files -f files + +%clean + +%post + if [ ! -f $RPM_INSTALL_PREFIX/etc/bind/rndc.key ]; then + # generate local rndc(8) key + ( echo "Generating RSA key for RNDC operation in $RPM_INSTALL_PREFIX/etc/bind/rndc.key." + echo "Please be patient, this takes a non-deterministic amount of time." + ) | %{l_rpmtool} msg -b -t notice + $RPM_INSTALL_PREFIX/sbin/rndc-confgen -a + chown %{l_musr}:%{l_rgrp} $RPM_INSTALL_PREFIX/etc/bind/rndc.key + chmod 640 $RPM_INSTALL_PREFIX/etc/bind/rndc.key + fi + + # after upgrade, restart service + [ $1 -eq 2 ] || exit 0 + eval `%{l_rc} bind status 2>/dev/null` + [ ".$bind_active" = .yes ] && %{l_rc} bind restart + exit 0 + +%preun + # before erase, stop service and remove log files + [ $1 -eq 0 ] || exit 0 + %{l_rc} bind stop 2>/dev/null + rm -f $RPM_INSTALL_PREFIX/etc/bind/rndc.key + rm -f $RPM_INSTALL_PREFIX/var/bind/* + exit 0 + diff -r 434e5cc73d47 -r d927b76d07e3 bind/bind.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bind/bind.txt Tue Aug 28 18:33:15 2012 +0200 @@ -0,0 +1,255 @@ + +## +## @l_prefix@/etc/bind/named.conf -- BIND configuration +## + +controls { + unix "@l_prefix@/var/bind/named.ctl" + perm 0600 owner @l_ruid@ group @l_rgid@ + keys { "rndc-key"; }; + #inet 127.0.0.1 port 953 + #allow { 127.0.0.1; } + #keys { "rndc-key"; }; +}; + +include "@l_prefix@/etc/bind/rndc.key"; + +logging { + channel logfile { + file "@l_prefix@/var/bind/named.log"; + severity info; + print-category yes; + print-severity no; + print-time yes; + }; + category "default" { "logfile"; }; + category "client" { "logfile"; }; + category "config" { "logfile"; }; + category "database" { "logfile"; }; + category "delegation-only" { "logfile"; }; + category "dispatch" { "logfile"; }; + category "dnssec" { "logfile"; }; + category "general" { "logfile"; }; + category "lame-servers" { "logfile"; }; + category "network" { "logfile"; }; + category "notify" { "logfile"; }; + category "queries" { "logfile"; }; + category "resolver" { "logfile"; }; + category "security" { "logfile"; }; + category "update" { "logfile"; }; + category "xfer-in" { "logfile"; }; + category "xfer-out" { "logfile"; }; + category "unmatched" { "null"; }; +}; + +options { + pid-file "@l_prefix@/var/bind/named.pid"; + directory "@l_prefix@/etc/bind/named.db"; + statistics-file "@l_prefix@/var/bind/named.stats"; + allow-query { any; }; + allow-transfer { any; }; + allow-recursion { 127.0.0.0/8; }; + recursion yes; + transfers-in 10; + transfers-per-ns 2; + max-transfer-time-in 120; + transfer-format one-answer; + cleaning-interval 60; + interface-interval 60; + listen-on port 53 { 127.0.0.1; }; + #query-source address 127.0.0.1 port *; + #transfer-source 127.0.0.1; + #notify-source 127.0.0.1; +}; + +zone "." IN { + type hint; + file "db.root"; +}; + +zone "localhost" IN { + type master; + file "db.localhost"; + notify no; + allow-update { none; }; + allow-transfer { any; }; +}; + +zone "0.0.127.in-addr.arpa" IN { + type master; + file "db.localhost.ipv4"; + notify no; + allow-update { none; }; + allow-transfer { any; }; +}; + +zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { + type master; + file "db.localhost.ipv6"; + notify no; + allow-update { none; }; + allow-transfer { any; }; +}; + + + +## +## @l_prefix@/etc/bind/rndc.conf -- BIND rndc configuration +## + +options { + default-server localhost-unix; +}; + +server localhost-unix { + addresses { "@l_prefix@/var/bind/named.ctl"; }; + key "rndc-key"; +}; + +server localhost-inet { + addresses { 127.0.0.1; }; + port 953; + key "rndc-key"; +}; + +include "@l_prefix@/etc/bind/rndc.key"; + + + +;; +;; db.root -- Internet Root Nameservers +;; DO NOT EDIT, IT WAS AUTOMATICALLY CREATED ON 2011-02-06 BY db.root.sh! +;; + +. 99999999 IN NS A.ROOT-SERVERS.NET. +. 99999999 IN NS B.ROOT-SERVERS.NET. +. 99999999 IN NS C.ROOT-SERVERS.NET. +. 99999999 IN NS D.ROOT-SERVERS.NET. +. 99999999 IN NS E.ROOT-SERVERS.NET. +. 99999999 IN NS F.ROOT-SERVERS.NET. +. 99999999 IN NS G.ROOT-SERVERS.NET. +. 99999999 IN NS H.ROOT-SERVERS.NET. +. 99999999 IN NS I.ROOT-SERVERS.NET. +. 99999999 IN NS J.ROOT-SERVERS.NET. +. 99999999 IN NS K.ROOT-SERVERS.NET. +. 99999999 IN NS L.ROOT-SERVERS.NET. +. 99999999 IN NS M.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 99999999 IN A 198.41.0.4 +A.ROOT-SERVERS.NET. 99999999 IN AAAA 2001:503:ba3e::2:30 +B.ROOT-SERVERS.NET. 99999999 IN A 192.228.79.201 +C.ROOT-SERVERS.NET. 99999999 IN A 192.33.4.12 +D.ROOT-SERVERS.NET. 99999999 IN A 128.8.10.90 +E.ROOT-SERVERS.NET. 99999999 IN A 192.203.230.10 +F.ROOT-SERVERS.NET. 99999999 IN A 192.5.5.241 +F.ROOT-SERVERS.NET. 99999999 IN AAAA 2001:500:2f::f +G.ROOT-SERVERS.NET. 99999999 IN A 192.112.36.4 +H.ROOT-SERVERS.NET. 99999999 IN A 128.63.2.53 +H.ROOT-SERVERS.NET. 99999999 IN AAAA 2001:500:1::803f:235 +I.ROOT-SERVERS.NET. 99999999 IN A 192.36.148.17 +I.ROOT-SERVERS.NET. 99999999 IN AAAA 2001:7fe::53 +J.ROOT-SERVERS.NET. 99999999 IN A 192.58.128.30 +J.ROOT-SERVERS.NET. 99999999 IN AAAA 2001:503:c27::2:30 +K.ROOT-SERVERS.NET. 99999999 IN A 193.0.14.129 +K.ROOT-SERVERS.NET. 99999999 IN AAAA 2001:7fd::1 +L.ROOT-SERVERS.NET. 99999999 IN A 199.7.83.42 +L.ROOT-SERVERS.NET. 99999999 IN AAAA 2001:500:3::42 +M.ROOT-SERVERS.NET. 99999999 IN A 202.12.27.33 +M.ROOT-SERVERS.NET. 99999999 IN AAAA 2001:dc3::35 + + + +#!/bin/sh + +ROOTFILE=./db.root + +echo '@l_prefix@' | egrep '^@l_' | egrep 'prefix@$' >/dev/null +if [ $? -eq 0 ]; then + CURL='curl' + DIG='dig' +else + CURL='@l_prefix@/bin/openpkg curl' + DIG='@l_prefix@/bin/dig' +fi + +date=`date '+%Y-%m-%d'` +cat >$ROOTFILE <$ROOTFILE.raw +for i in A B C D E F G H I J K L M; do + ${DIG} @$i.ROOT-SERVERS.NET . NS >>$ROOTFILE.raw +done +[ -f $ROOTFILE.raw ] || exit 1 +awk <$ROOTFILE.raw ' + /[ ]NS[ ]/ { printf("%-20s 99999999 IN NS %s\n", $1, toupper($NF)); } + /[ ]AAAA[ ]/ { printf("%-20s 99999999 IN AAAA %s\n", toupper($1), tolower($NF)); } + /[ ]A[ ]/ { printf("%-20s 99999999 IN A %s\n", toupper($1), tolower($NF)); } +' |\ +egrep -v '^;' |\ +sort -u >>$ROOTFILE +echo "" >>$ROOTFILE +rm $ROOTFILE.raw + + + +;; +;; db.localhost -- zonefile for the forward mapping of the loopback network +;; + +$TTL 86400 + +@ IN SOA localhost. root.localhost. ( + 2001010101 ; SERIAL + 6H ; REFRESH: Secondaries refresh + 60M ; RETRY: Secondaries retry + 1W ; EXPIRE: Maximum TTL of data (expiry) + 1D ; MINTTL: Minimum TTL of data (expiry) + ) + + IN NS @ + IN A 127.0.0.1 + + + +;; +;; db.localhost.ipv4 -- zonefile for the IPv4 reverse mapping of the loopback network +;; + +$TTL 86400 + +@ IN SOA localhost. root.localhost. ( + 2001010101 ; SERIAL + 6H ; REFRESH: Secondaries refresh + 60M ; RETRY: Secondaries retry + 1W ; EXPIRE: Maximum TTL of data (expiry) + 1D ; MINTTL: Minimum TTL of data (expiry) + ) + + IN NS @ +1 IN PTR localhost. + + + +;; +;; db.localhost.ipv6 -- zonefile for the IPv6 reverse mapping of the loopback network +;; + +$TTL 86400 + +@ IN SOA localhost. root.localhost. ( + 2001010101 ; SERIAL + 6H ; REFRESH: Secondaries refresh + 60M ; RETRY: Secondaries retry + 1W ; EXPIRE: Maximum TTL of data (expiry) + 1D ; MINTTL: Minimum TTL of data (expiry) + ) + + IN NS @ + IN PTR localhost. + + diff -r 434e5cc73d47 -r d927b76d07e3 bind/rc.bind --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bind/rc.bind Tue Aug 28 18:33:15 2012 +0200 @@ -0,0 +1,64 @@ +#!@l_prefix@/bin/openpkg rc +## +## rc.bind -- Run-Commands +## + +%config + bind_enable="$openpkg_rc_def" + bind_flags="" + bind_log_prolog="true" + bind_log_epilog="true" + bind_log_numfiles="10" + bind_log_minsize="1M" + bind_log_complevel="9" + bind_stats_prolog="true" + bind_stats_epilog="true" + bind_stats_numfiles="10" + bind_stats_minsize="1M" + bind_stats_complevel="9" + +%status -u @l_susr@ -o + bind_usable="no" + bind_active="no" + @l_prefix@/sbin/named-checkconf >/dev/null && bind_usable="yes" + @l_prefix@/sbin/rndc status >/dev/null 2>&1 && bind_active="yes" + echo "bind_enable=\"$bind_enable\"" + echo "bind_usable=\"$bind_usable\"" + echo "bind_active=\"$bind_active\"" + +%start -p 100 -u @l_susr@ + rcService bind enable yes || exit 0 + rcService bind active yes && exit 0 + @l_prefix@/sbin/named -u @l_rusr@ ${bind_flags} + +%stop -p 900 -u @l_susr@ + rcService bind enable yes || exit 0 + rcService bind active no && exit 0 + @l_prefix@/sbin/rndc stop + sleep 2 + +%restart -p 100 -u @l_susr@ + rcService bind enable yes || exit 0 + rcService bind active no && exit 0 + rc bind stop start + +%reload -p 100 -u @l_susr@ + rcService bind enable yes || exit 0 + rcService bind active no && exit 0 + @l_prefix@/sbin/rndc reload + +%daily -u @l_susr@ + rcService bind enable yes || exit 0 + shtool rotate -f \ + -n $bind_stats_numfiles -s $bind_stats_minsize -d \ + -z $bind_stats_complevel -m 644 -o @l_rusr@ -g @l_rgrp@ \ + -P "$bind_stats_prolog" \ + -E "$bind_stats_epilog" \ + @l_prefix@/var/bind/named.stats + shtool rotate -f \ + -n $bind_log_numfiles -s $bind_log_minsize -d \ + -z $bind_log_complevel -m 644 -o @l_rusr@ -g @l_rgrp@ \ + -P "$bind_log_prolog" \ + -E "$bind_log_epilog; rc bind reload" \ + @l_prefix@/var/bind/named.log +