# # # $Id: $ %undefine _missing_build_ids_terminate_build %global _unpackaged_files_terminate_build 1 %if %{defined nodebug} %global debug_package %{nil} %endif %if %{defined _project} # define if building on openSUSE build service %global build_on_obs 1 %global reconfigure_mode 0 %else %define _project local %global build_on_obs 0 %global reconfigure_mode 0 %global _hardened_build 1 %endif %global nodq 0 %global nocurvedns 0 %if %build_on_obs == 1 %global packager Manvendra Bhangui > %endif %global fedorareview 0 %if 0%{?suse_version} %global dist suse %global disttag suse %endif %if 0%{?fedora_version} %global dist %{?dist} %global disttag fedora %endif %global curvedns_version 0.88 # Packages which do not use autosetup or setup macro # in the prep section have a problem in enabling debuginfo. # This isn't documented clearly anywhere. A workaround is # to define buildsubdir %if %{undefined nodebug} %global buildsubdir "" %endif %global _prefix /usr %global libexecdir /usr/libexec/indimail %global _sysconfdir /etc/indimail %global servicedir /service Name: tinydnssec Version: 1.1.0 Release: 1.1%{?dist} Summary: DNS suite with djbdns, dqcache and curvedns %if %{undefined suse_version} && %{undefined sles_version} Group: System Environment/Base %else Group: Productivity/Networking/Email/Servers %endif %if %build_on_obs == 1 License: GPL-3.0+ %else License: GPLv3 %endif URL: http://cr.yp.to/djbdns.html Source0: http://downloads.sourceforge.net/indimail/%{name}-%{version}.tar.gz # ipv6 from http://www.fefe.de/dns/ BuildRequires: perl binutils coreutils BuildRequires: libev-devel libqmail-devel openssl-devel %if 0%{?suse_version} < 1120 BuildRequires: elfutils %endif %if %{undefined centos_version} && %{undefined rhel_version} && %{undefined sles_version} && %{undefined scientificlinux_version} BuildRequires: libsodium-devel BuildRequires: autoconf automake libtool %endif ##################################### OBS #################################### %if %build_on_obs == 1 %if 0%{?suse_version} BuildRequires: -post-build-checks #!BuildIgnore: post-build-checks %endif %endif ############################################################################## %if %build_on_obs == 0 Requires(pre): shadow-utils Requires(postun): shadow-utils %else Requires: /usr/sbin/useradd /usr/sbin/groupadd /usr/sbin/groupdel /usr/sbin/userdel %endif Requires: daemontools Requires: group(nofiles) Requires: user(qmaill) Provides: user(tinydns) > 999 Provides: user(dnscache) > 999 %description A collection of Domain Name System tools This package includes software for all the fundamental DNS operations: DNS cache: finding addresses of Internet hosts. When a browser wants to contact www.yahoo.com, it first asks a DNS cache, such as djbdns's dnscache, to find the IP address of www.yahoo.com. Internet service providers run dnscache to find IP addresses requested by their customers. If you're running a home computer or a workstation, you can run your own dnscache to speed up your web browsing. DNS server: publishing addresses of Internet hosts. The IP address of www.yahoo.com is published by Yahoo's DNS servers. djbdns includes a general-purpose DNS server, tinydns; network administrators run tinydns to publish the IP addresses of their computers. djbdns also includes special-purpose servers for publishing DNS walls and RBLs. DNS client: talking to a DNS cache. djbdns includes a DNS client C library and several command-line DNS client utilities. Programmers use these tools to send requests to DNS caches. djbdns also includes several DNS debugging tools, notably dnstrace, which administrators use to diagnose misconfigured remote servers. See http://cr.yp.to/djbdns.html %if %{nodq} == 0 DQ: A package with DNS/DNSCurve related software. It contains a recursive DNS server with DNSCurve support called dqcache and also a commandline tool to debug DNS/DNScurve called dq. See https://mojzis.com/software/dq/ %endif %if %{nocurvedns} == 0 CurveDNS: CurveDNS is the first publicly released forwarding implementation that implements the DNSCurve protocol. DNSCurve uses high-speed high-security elliptic-curve cryptography to drastically improve every dimension of DNS security. See http://dnscurve.org/ for protocol details. curvedns allows any authoritative DNS name server to act as a DNSCurve capable one, without changing anything on your current DNS environment. The only thing a DNS data manager (that is probably you) has to do is to install CurveDNS on a machine, generate a keypair, and update NS type records that were pointing towards your authoritative name server and let them point to this machine running CurveDNS. Indeed, it is that easy to become fully protected against almost any of the currently known DNS flaws, such as active and passive cache poisoning. CurveDNS supports: * Forwarding of regular (non-protected) DNS packets; * Unboxing of DNSCurve queries and forwarding the regular DNS packets * Boxing of regular DNS responses to DNSCurve responses; * Both DNSCurve''s streamlined- and TXT-format; * Caching of shared secrets; * Both UDP and TCP; * Both IPv4 and IPv6. See http://curvedns.on2it.net/ %endif %build ./default.configure %{__sed} -i 's{/usr{%{_prefix}{' conf-home %{__sed} -i 's{/usr{%{_prefix}{' conf-libexec %if 0%{?build_cflags:1} CFLAGS="%{build_cflags}" %else CFLAGS="%{optflags}" %endif %if 0%{?build_ldflags:1} LDFLAGS="%{build_ldflags} $LDFLAGS" %endif %{__make} -s %{?_smp_mflags} CC="%{__cc}" CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" pod2man -s 8 -c '' "tinydns-sign" >tinydns-sign.8 %if %{nodq} == 0 if [ -d dq-20161210 ] ; then cd dq-20161210 %{__make} -s %{?_smp_mflags} CC="%{__cc}" CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" cd .. fi %endif %if %{nocurvedns} == 0 if [ -d curvedns-%{curvedns_version} ] ; then echo "configuring curvedns" cd curvedns-%{curvedns_version} %if %{undefined centos_version} && %{undefined rhel_version} && %{undefined sles_version} && %{undefined scientificlinux_version} ./default.configure %else ./configure.nacl ./configure.curvedns %endif %{__make} -s %{?_smp_mflags} cd .. fi %endif ( echo "NAME=%{name}" echo "Description=\"A collection of Domain Name System tools\"" echo "tinydnssec="%{version}-%{release}"" echo "ID=%{name}" echo "HOME_URL=\"https://github.com/mbhangui/tinydnssec\"" echo "PACKAGE_BUGREPORT=\"'Manvendra Bhangui '\"" ) > %{name}-release %install %if %{defined nodebug} %{__make} -s %{?_smp_mflags} DESTDIR=%{buildroot} install-strip %else %{__make} -s %{?_smp_mflags} DESTDIR=%{buildroot} install %endif %if %{nodq} == 0 if [ -d dq-20161210 ] ; then cd dq-20161210 sh make-install.sh %{buildroot} cd .. fi %else %{__rm} -f %{buildroot}%{_prefix}/sbin/dqcache-conf %endif %{__mkdir_p} %{buildroot}%{_sysconfdir} %{__mv} %{name}-release %{buildroot}%{_sysconfdir} %if %{nocurvedns} == 0 if [ -d curvedns-%{curvedns_version} ] ; then cd curvedns-%{curvedns_version} %if %{defined nodebug} %{__make} -s %{?_smp_mflags} DESTDIR=%{buildroot} install-strip %else %{__make} -s %{?_smp_mflags} DESTDIR=%{buildroot} install %endif cd .. fi %else %{__rm} -f %{buildroot}%{_prefix}/sbin/curvedns-conf %endif %if %{undefined nodebug} /bin/chmod -R 755 %{buildroot}%{_prefix}/bin /bin/chmod -R 755 %{buildroot}%{_prefix}/sbin %endif %files %defattr(-, root, root,-) %dir %attr(0755,root,root) %{_sysconfdir}/perms.d %dir %attr(0755,root,root) %{_sysconfdir}/perms.d/%{name} %attr(755,root,root) %{_prefix}/bin/axfr-get %attr(755,root,root) %{_prefix}/bin/axfrdns %attr(755,root,root) %{_prefix}/bin/dnscache %attr(755,root,root) %{_prefix}/bin/dnsfilter %attr(755,root,root) %{_prefix}/bin/dnsgetroot %attr(755,root,root) %{_prefix}/bin/dnsip %attr(755,root,root) %{_prefix}/bin/dnsip6 %attr(755,root,root) %{_prefix}/bin/dnsip6q %attr(755,root,root) %{_prefix}/bin/dnsipq %attr(755,root,root) %{_prefix}/bin/dnsmx %attr(755,root,root) %{_prefix}/bin/dnsname %attr(755,root,root) %{_prefix}/bin/dnsnamex %attr(755,root,root) %{_prefix}/bin/dnsq %attr(755,root,root) %{_prefix}/bin/dnsqr %attr(755,root,root) %{_prefix}/bin/dnstrace %attr(755,root,root) %{_prefix}/bin/dnstracesort %attr(755,root,root) %{_prefix}/bin/dnstxt %attr(755,root,root) %{_prefix}/bin/pickdns %attr(755,root,root) %{_prefix}/bin/pickdns-data %attr(755,root,root) %{_prefix}/bin/random-ip %attr(755,root,root) %{_prefix}/bin/rbldns %attr(755,root,root) %{_prefix}/bin/rbldns-data %attr(755,root,root) %{_prefix}/bin/tinydns %attr(755,root,root) %{_prefix}/bin/tinydns-data %attr(755,root,root) %{_prefix}/bin/tinydns-edit %attr(755,root,root) %{_prefix}/bin/tinydns-get %attr(755,root,root) %{_prefix}/bin/tinydns-sign %attr(755,root,root) %{_prefix}/bin/walldns %attr(755,root,root) %{_prefix}/sbin/axfrdns-conf %attr(755,root,root) %{_prefix}/sbin/dnscache-conf %attr(755,root,root) %{_prefix}/sbin/pickdns-conf %attr(755,root,root) %{_prefix}/sbin/rbldns-conf %attr(755,root,root) %{_prefix}/sbin/tinydns-conf %attr(755,root,root) %{_prefix}/sbin/walldns-conf %attr(755,root,root) %{libexecdir}/instcheck.tinydnssec %if %{nodq} == 0 %attr(755,root,root) %{_prefix}/bin/dq %attr(755,root,root) %{_prefix}/bin/dqcache %attr(755,root,root) %{_prefix}/sbin/dqcache-makekey %attr(755,root,root) %{_prefix}/sbin/dqcache-start %attr(755,root,root) %{_prefix}/sbin/dqcache-conf %endif %if %{nocurvedns} == 0 %attr(755,root,root) %{_prefix}/bin/curvedns %attr(755,root,root) %{_prefix}/sbin/curvedns-conf %attr(755,root,root) %{_prefix}/sbin/curvedns-keygen %attr(644,root,root) %config(noreplace) %{_sysconfdir}/curvedns.private.key %endif %config(noreplace) %{_sysconfdir}/dnsroots.global %attr(444,root,root) %config(noreplace) %{_sysconfdir}/%{name}-release %attr(644,root,root) %config(noreplace) %{_sysconfdir}/perms.d/%{name}/* %doc README.md %doc doc/README-ipv6.tinydnssec doc/djbdnsFAQ.pdf doc/HOWTO %doc doc/README-tinydnssec.md doc/COPYING.tinydnssec %doc doc/LifeWithdjbdns.pdf doc/README.dnstransmit.bug doc/Thedjbway_djbdns.pdf %if %{nodq} == 0 %doc dq-20161210/README-dq.md dq-20161210/INSTALL-dq.md %doc dq-20161210/LICENCE-dq.md %endif %if %{nocurvedns} == 0 %doc curvedns-%{curvedns_version}/INSTALL-curvedns.md %doc curvedns-%{curvedns_version}/README-curvedns.md %doc curvedns-%{curvedns_version}/LICENSE.curvedns %endif %doc %{_mandir}/man1/* %doc %{_mandir}/man5/* %doc %{_mandir}/man7/* %doc %{_mandir}/man8/* %prep %setup -q %pretrans argv1=$1 ID=$(id -u) if [ $ID -ne 0 ] ; then echo "You are not root" 1>&2 exit 1 fi if [ -f %{_prefix}/bin/svstat ] ; then for i in tinydns tinydns/log dnscache dnscache/log curvedns curvedns/log dqcache dqcache/log do %{_prefix}/bin/svstat %{_sysconfdir}/$i >/dev/null 2>&1 if [ $? -eq 0 ] ; then touch %{_sysconfdir}/$i/.down %{_prefix}/bin/svc -d %{_sysconfdir}/$i >/dev/null 2>&1 fi done fi %pre argv1=$1 ID=$(id -u) if [ $ID -ne 0 ] ; then echo "You are not root" 1>&2 exit 1 fi if [ -z "$argv1" ] ; then argv1=0 fi # we are doing upgrade if [ $argv1 -eq 2 ] ; then exit 0 fi for i in dnscache tinydns do %{__rm} -f /var/spool/mail/$i /usr/bin/getent passwd $i > /dev/null || /usr/sbin/useradd -l -M -g nofiles -d %{_sysconfdir} -s /sbin/nologin $i || true done %preun argv1=$1 if [ -z "$argv1" ] ; then argv1=0 fi # we are doing upgrade if [ $argv1 -eq 1 ] ; then exit 0 fi %post argv1=$1 ID=$(id -u) if [ $ID -ne 0 ] ; then echo "You are not root" 1>&2 exit 1 fi if [ -z "$argv1" ] ; then argv1=0 fi configure_resolvconf() { dnscache_configured=0 if [ -d %{_sysconfdir}/dnscache ] ; then dnscache_configured=1 if [ -d %{servicedir} ] ; then if [ ! -h %{servicedir}/dnscache ] ; then ln -s %{_sysconfdir}/dnscache %{servicedir}/dnscache if [ $? -ne 0 ] ; then dnscache_configured=0 fi fi elif [ -h %{servicedir} ] ; then dir=`readlink %{servicedir}` if [ -d $dir ] ; then if [ ! -h $dir/dnscache ] ; then ln -s %{_sysconfdir}/dnscache $dir/dnscache if [ $? -ne 0 ] ; then dnscache_configured=0 fi fi fi fi fi if [ $dnscache_configured -eq 1 ] ; then if [ -d %{servicedir}/.svscan ] ; then mkdir -p %{servicedir}/.svscan/variables # make resolv.conf available only for svscan and descendants if [ ! -f %{servicedir}/.svscan/variables/UNSHARE ] ; then echo > %{servicedir}/.svscan/variables/UNSHARE # used by svscanboot fi if [ -x /usr/bin/unshare -a -x %{servicedir}/dnscache/run ] ; then if [ -f %{servicedir}/.svscan/run ] ; then /bin/chmod +x %{servicedir}/.svscan/run fi fi grep resolvconf %{servicedir}/.svscan/variables/.options > /dev/null 2>&1 if [ $? -ne 0 -a -f %{servicedir}/.svscan/variables/.options ] ; then options="`cat %{servicedir}/.svscan/variables/.options`" options="$options --resolvconf" %{__mv} %{servicedir}/.svscan/variables/.options \ %{servicedir}/.svscan/variables/.options.noresolvconf echo $options > %{servicedir}/.svscan/variables/.options if [ -d %{servicedir}/resolvconf/variables ] ; then echo $options > %{servicedir}/resolvconf/variables/.options fi if [ -x %{_prefix}/sbin/minisvc ] ; then %{_prefix}/sbin/minisvc --refreshsvc=/service/.svscan --force fi fi fi fi } if [ $argv1 -eq 2 ] ; then # upgrade configure_resolvconf if [ -f %{_prefix}/bin/svok ] ; then for i in tinydns tinydns/log dnscache dnscache/log curvedns curvedns/log dqcache dqcache/log do %{_prefix}/bin/svok %{_sysconfdir}/$i >/dev/null 2>&1 if [ $? -eq 0 -a -f %{_sysconfdir}/$i/.down ] ; then %{__rm} -f %{_sysconfdir}/$i/.down %{_prefix}/bin/svc -u %{_sysconfdir}/$i >/dev/null 2>&1 fi done fi exit 0 fi # created due to ghost definition in files section /bin/rmdir --ignore-fail-on-non-empty %{_sysconfdir}/dnscache 2>/dev/null /bin/rmdir --ignore-fail-on-non-empty %{_sysconfdir}/tinydns 2>/dev/null dnscache_configured=0 if [ ! -d %{_sysconfdir}/dnscache ] ; then %{_prefix}/sbin/dnscache-conf dnscache qmaill %{_sysconfdir}/dnscache 127.0.0.1 if [ $? -eq 0 ] ; then dnscache_configured=1 if [ -d %{servicedir} ] ; then if [ ! -h %{servicedir}/dnscache ] ; then ln -s %{_sysconfdir}/dnscache %{servicedir}/dnscache if [ $? -ne 0 ] ; then dnscache_configured=0 fi fi elif [ -h %{servicedir} ] ; then dir=`readlink %{servicedir}` if [ -d $dir ] ; then if [ ! -h %{servicedir}/dnscache ] ; then ln -s %{_sysconfdir}/dnscache %{servicedir}/dnscache if [ $? -ne 0 ] ; then dnscache_configured=0 fi fi fi fi else echo "%{_prefix}/sbin/dnscache-conf dnscache qmaill %{_sysconfdir}/dnscache 127.0.0.1: failed" fi else dnscache_configured=1 if [ ! -h /service/dnscache ] ; then ln -s ${_sysconfdir}/dnscache /service/dnscache fi fi configure_resolvconf for i in tinydns dqcache curvedns do if [ " $i" = " dqcache" ] ; then acct=dnscache else acct=tinydns fi if [ " $i" = " curvedns" ] ; then ip=x.x.x.x else ip=127.0.0.1 fi if [ ! -d %{_sysconfdir}/$i ] ; then %{_prefix}/sbin/$i-conf $acct qmaill %{_sysconfdir}/$i $ip if [ ! " $i" = " curvedns" ] ; then continue fi if [ -d %{_sysconfdir}/$i ] ; then mask=`umask` umask 077 # Generate private key %{__sed} -n \$p %{_sysconfdir}/curvedns.private.key > %{_sysconfdir}/$i/curvedns.keygen /bin/sh %{_sysconfdir}/$i/curvedns.keygen && %{__rm} -f %{_sysconfdir}/$i/curvedns.keygen umask $mask fi fi done %postun argv1=$1 ID=$(id -u) if [ $ID -ne 0 ] ; then echo "You are not root" 1>&2 exit 1 fi if [ -z "$argv1" ] ; then argv1=0 fi # we are doing upgrade if [ $argv1 -eq 1 ] ; then exit 0 fi for i in tinydns dnscache curvedns dqcache do if [ -L %{servicedir}/$i ] ; then echo "Removing service %{servicedir}/$i" %{__rm} -f %{servicedir}/$i fi if [ -d %{_sysconfdir}/$i ] ; then echo "Removing preinstalled %{_sysconfdir}/$i" %{__rm} -rf %{_sysconfdir}/$i fi done if [ -d %{servicedir}/.svscan -a -d %{servicedir}/.svscan/variables ] ; then if [ -s %{servicedir}/.svscan/variables/UNSHARE ] ; then /bin/rm -f %{servicedir}/.svscan/variables/UNSHARE fi if [ -x /usr/bin/unshare -a -x %{servicedir}/dnscache/run -a -f %{servicedir}/.svscan/run ] ; then /bin/chmod -x %{servicedir}/.svscan/run fi fi for i in tinydns dnscache do echo "Removing user $i" /usr/bin/getent passwd $i > /dev/null && /usr/sbin/userdel $i >/dev/null || true %{__rm} -f /var/spool/$i done %changelog * Sun Feb 11 2024 14:21:05 +0000 Manvendra Bhangui 1.1.0-1.1%{?dist} Release 1.1 Start 11/04/2017 - Added dnsgetroot - added str_diffn() - added comments for dempsky's patch djbdns<=1.05 lets AXFRed subdomains overwrite domains - fixed debian/prerm script - added selinux rules for tinydns - added Pre-Depends daemontools - remove tinydns, dnscache service on uninstall - shutdown tinydns, dnsccache service on uninstall - added compile time option to add dnssec support - tinydnssec - added SRV patch - added native SRV type to tinydns-data - makes axfr-get decompose SRV and PTR records and write them out in native format - added curvedns - fixed typo in debian/postrm.in - (rpm, debian) - create tinydnssec, dqcache, curvedns service config - added dqcache-conf, curvedns-conf programs - added compile time option to add dnssec, curvedns support - added djbdns.7 man page - Changed dns accounts to Gtinydns, Gdnslog, Gdnscache - added man page for random-ip, dnsgetroot - use qmaill for loguser - upgraded dnscurve to version 0.88 - added call to setgroups(0, 0) to drop supplementary groups - fixed tryshsgr.c - create/delete UNSHARE variable during installation/uninstallation - turn on/off executable bit on svscan run file on install/removal of tinydnssec - tinydnssec.spec, debian/preinst.in debian/postinst.in - fixes for service shutdown startup on upgrade - query.[c,h]: Increase QUERY_MAXLEVEL to 10 from 5 to fix dnscache CNAME chain lookup problem with gluelessness & improve short ttl cname resolution and glueless answer from akadnsk - query.c, dnscache.c: use env variable QUERY_MAXNS, QUERY_MAXALIAS, QUERY_MAXLOOP, QUERY_MAXLEVEL to set maxns, max alias, max iteration and max level - dnscaache-conf: create env/QUERY_MAXLOOP - use libqmail for common functions - Makefile: added iopause.h depdendency for dns.h - Makefile: use -lssl -lcrypto for programs using sha1.o - fixed warnings from -Warray-parameter - Use internal SHA1 functions and remove -lssl -lcrypto from linker command line - postinstall/postremove: update code to set/unset resolvconf in svscan if running under supervise - Makefile: made prefix, sysconfdir, servicedir configureable using Makevars - updated svscan resolvconf service if dnscache is configured - added dnssvc tool to configure dnscache setup for source installs - updated service/resolvconf/variables/.options when updating service/.svscan/variables/.options - postinst scripts: create /service/dnscache link if missing - dnscache.c: added SIGTERM handler to exit 0. Elminates crashed messages in supervise logs - replaced setup with installer to make installation more configurable - PKGBUILD: fixed variables - PKGBUILD: change sbin to bin in installer input file SBIN, DIRS.in - changed dns account names to dnscache, tinydns - PKGBUILD: fix permissions of installed files in destdir - PKGBUILD: replaced DESTDIR with pkgdir - installer.c: set default permissions when mode=-1 - added permission files for indimail-mta - autotoolize curvedns and build with libsodium - cache_hashtable.c: function cache_destroy fixed usage of variable 'table' after free - dnsip.c, dnsipq.c, dnsname.c, dnsmx.c, dnstxt.c, dnsqr.c, dnsq.c, dnstrace.c: exit 111 if unable to write to subfdout - dnssvc.in, tinydnssec.in, debian/postinst, debian/postrm: Fixed setting UNSHARE environment variable in /service/.svscan/variables - dnstxt.c: fixed infinite loop