%global TARBALL_FORMAT gz
%global UPSTREAM_VERSION 9.11.25
%global PACKAGE_VERSION 9.11.25
%global PACKAGE_RELEASE 1.2
%global MAJOR_VERSION 9
%global MINOR_VERSION 11
%global PATCH_VERSION 25
%bcond_without scl

%if %{with scl}
%global scl isc-bind
%endif

# Work around an SCL build issue on Fedora 33+
# (https://bugzilla.redhat.com/show_bug.cgi?id=1898587)
%if 0%{?fedora} >= 33
%global __python %{__python3}
%endif

%{?scl:%scl_package bind}
%{!?scl:%global pkg_name %{name}}

##### Macro and variable definitions

%define replace_tokens						\
	sed							\\\
		-e "s|@LOCALSTATEDIR@|%{_localstatedir}|g;"	\\\
		-e "s|@SCL_ROOT@|%{?_scl_root}|g;"		\\\
		-e "s|@SYSCONFDIR@|%{_sysconfdir}|g;"

# On some systems, %%scl_prefix is a macro rather than a %%global variable;
# thus, a helper variable is used to prevent "Too many levels of recursion in
# macro expansion" errors on such systems, caused by passing an argument
# containing %%{?scl_prefix} to a macro using the %%{?*} construct
%global service_name %{?scl_prefix}named

%if %{MINOR_VERSION} <= 16
%if 0%{?rhel} >= 8 || 0%{?fedora} >= 31
%global python_version		python3
%global python_version_sitelib	%{python3_sitelib}
%else
%global python_version		python
%global python_version_sitelib	%{python_sitelib}
%endif
%endif

##### Conditionally enabled features

%bcond_without	dnstap

%if %{MINOR_VERSION} <= 16
%if 0%{?rhel} >= 7 || 0%{?fedora} >= 14
%bcond_without	python
%else
%bcond_with	python
%endif
%endif

%if 0%{?rhel} >= 7 || 0%{?fedora} >= 15
%bcond_without	systemd
%else
%bcond_with	systemd
%endif

%bcond_with	tuninglarge

##### Package metadata

# 'bind' package

Name:		%{?scl:%scl_pkg_name}%{?!scl:isc-bind}
Version:	%{PACKAGE_VERSION}
Release:	%{PACKAGE_RELEASE}%{?dist}
Summary:	The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
License:	MPL 2.0
URL:		https://www.isc.org/downloads/BIND/
BuildRequires:	json-c-devel
BuildRequires:	krb5-devel
BuildRequires:	libxml2-devel
BuildRequires:	libxslt
BuildRequires:	openssl-devel
BuildRequires:	perl
%if %{MINOR_VERSION} <= 16 && %{with python}
BuildRequires:	%{python_version}
BuildRequires:	%{python_version}-rpm-macros
BuildRequires:	%{python_version}-ply
Requires:	%{python_version}-ply
%endif
%if %{MINOR_VERSION} >= 17
BuildRequires:	libtool
%endif
Requires:	%{name}-libs = %{PACKAGE_VERSION}
%{?!scl:Conflicts: bind}

%if %{MINOR_VERSION} >= 16
%if 0%{?rhel} >= 7 || 0%{?fedora} >= 14
BuildRequires:	python3
%else
BuildRequires:	python34
%endif
BuildRequires:	libcap-devel
BuildRequires:	%{?scl_prefix}libuv-devel
Requires:	%{?scl_prefix}libuv
%else
BuildRequires:	docbook-style-xsl
%endif

%if %{with dnstap}
BuildRequires:	%{?scl_prefix}fstrm-devel
BuildRequires:	%{?scl_prefix}protobuf-c-compiler
BuildRequires:	%{?scl_prefix}protobuf-c-devel
BuildRequires:	%{?scl_prefix}protobuf-compiler
BuildRequires:	%{?scl_prefix}protobuf-devel
Requires:	%{?scl_prefix}fstrm
Requires:	%{?scl_prefix}protobuf-c
%endif

%if %{with systemd}
BuildRequires:	systemd
%{?systemd_requires}
%endif

%{?scl:BuildRequires: %{scl}-build}
%{?scl:BuildRequires: %scl_runtime}
%{?scl:Requires: %scl_runtime}

Source0:	https://ftp.isc.org/isc/bind9/%{UPSTREAM_VERSION}/bind-%{UPSTREAM_VERSION}.tar.%{TARBALL_FORMAT}
Source1:	named.service.in
Source2:	named.init.in
Source3:	named.sysconfig
Source4:	named.conf.in

%description
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocol. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.

# 'bind-devel' package

%package devel
Summary:	Header files and libraries needed for BIND DNS development
Requires:	%{name}-libs = %{PACKAGE_VERSION}
%{?!scl:Conflicts: bind-devel}

%description devel
The isc-bind-devel package contains full version of the header files and libraries
required for development with ISC BIND 9.

# 'bind-libs' package

%package libs
Summary:	Libraries used by the BIND DNS packages
%{?!scl:Conflicts: bind-libs}

%description libs
Contains heavyweight version of BIND suite libraries used by both named DNS
server and utilities in isc-bind-utils package.

# 'bind-utils' package

%package utils
Summary:	Utilities for querying DNS name servers
Requires:	%{name}-libs = %{PACKAGE_VERSION}
%{?!scl:Conflicts: bind-utils}

%description utils
isc-bind-utils contains a collection of utilities for querying DNS (Domain
Name System) name servers to find out information about Internet
hosts. These tools will provide you with the IP addresses for given
host names, as well as other information about registered domains and
network addresses.

You should install isc-bind-utils if you need to get information from DNS name
servers.

##### Build instructions

# 'bind' package

%prep
%setup -q -n bind-%{UPSTREAM_VERSION}
%if %{MINOR_VERSION} <= 11
curl --silent https://ftp.isc.org/isc/bind9/%{UPSTREAM_VERSION}/bind-%{UPSTREAM_VERSION}-fixed-man-pages.tar.gz | tar --extract --gzip --strip-components=1
%endif

%build
%{?scl:scl enable %scl -- <<\EOF}
%set_build_flags
set -e -v
export LDFLAGS="${LDFLAGS} -L%{_libdir}"
# Some systems (e.g. Fedora 32+) set LT_SYS_LIBRARY_PATH to the value of the
# SCL's %%{_libdir}, which prevents RPATH for BIND binaries from being set to
# that path.  However, we need RPATH to be set for BIND binaries in SCL-based
# packages so that the isc-bind-named service can be started in the proper
# SELinux context (as using "scl enable" messes with SELinux contexts on
# systemd-based systems).  Hardcode LT_SYS_LIBRARY_PATH to an arbitrary path in
# order to prevent libtool from stripping BIND binaries from the SCL RPATH.
export LT_SYS_LIBRARY_PATH=/usr/lib64
%if %{MINOR_VERSION} >= 16
export SPHINX_BUILD=%{_builddir}/bind-%{UPSTREAM_VERSION}/sphinx/bin/sphinx-build
%endif
%if %{MINOR_VERSION} >= 17
export CPPFLAGS="${CPPFLAGS} -I%{_includedir}"
%else
export STD_CINCLUDES="-I%{_includedir}"
%endif
%configure \
	--disable-static \
%if %{MINOR_VERSION} <= 11
	--enable-threads \
	--enable-ipv6 \
%endif
%if %{with dnstap}
	--enable-dnstap \
%else
	--disable-dnstap \
%endif
	--with-pic \
	--with-gssapi \
%if %{MINOR_VERSION} >= 16
	--with-json-c \
%else
	--with-libjson \
%endif
%if %{MINOR_VERSION} <= 16
	--with-libtool \
%endif
	--with-libxml2 \
	--without-lmdb \
%if %{MINOR_VERSION} <= 11
	--with-docbook-xsl=%{?scl:%_root_datadir}%{?!scl:%_datadir}/sgml/docbook/xsl-stylesheets \
%endif
%if %{MINOR_VERSION} <= 16
%if %{with python}
	--with-python \
%else
	--without-python \
%endif
%endif
%if %{with tuninglarge}
	--with-tuning=large \
%endif
;

%if %{MINOR_VERSION} >= 16
python3 -m venv sphinx
source sphinx/bin/activate
pip install sphinx sphinx_rtd_theme
make %{?_smp_mflags}
make doc
%else
make %{?_smp_mflags}
# Do not generate Bv9ARM.pdf to avoid pulling LaTeX
make -C doc/arm Bv9ARM.html notes.html
%endif

%{?scl:EOF}

%install
make install DESTDIR=${RPM_BUILD_ROOT}

# Remove redundant files installed by "make install"
rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/bind.keys
rm -f ${RPM_BUILD_ROOT}%{_libdir}/*.la
rm -f ${RPM_BUILD_ROOT}%{_libdir}/*/*.la
rm -rf ${RPM_BUILD_ROOT}%{_builddir}/

# systemd unit file / init script
%if %{with systemd}
install -d ${RPM_BUILD_ROOT}%{_unitdir}
%replace_tokens %{SOURCE1} > ${RPM_BUILD_ROOT}%{_unitdir}/%{service_name}.service
%else
install -d ${RPM_BUILD_ROOT}%{?scl:%_root_initddir}%{!?scl:%_initddir}
%replace_tokens %{SOURCE2} > ${RPM_BUILD_ROOT}%{?scl:%_root_initddir}%{!?scl:%_initddir}/%{service_name}
%endif

# /etc files
install -d ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
install %{SOURCE3} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named
%replace_tokens %{SOURCE4} > ${RPM_BUILD_ROOT}%{_sysconfdir}/named.conf
touch ${RPM_BUILD_ROOT}%{_sysconfdir}/rndc.key

# /var directories
install -d ${RPM_BUILD_ROOT}%{_localstatedir}/named/data
install -d ${RPM_BUILD_ROOT}%{_localstatedir}/run/named

%if %{with systemd}
# tmpfiles.d entry required to recreate /run/named on reboot (/tmp is a tmpfs)
install -d ${RPM_BUILD_ROOT}%{_tmpfilesdir}
echo "d %{_localstatedir}/run/named 0770 named named -" > ${RPM_BUILD_ROOT}%{_tmpfilesdir}/%{service_name}.conf
%endif

%files
%defattr(-,root,root,-)

%doc CHANGES*
%doc README*

%if %{MINOR_VERSION} >= 16
%doc doc/arm/_build/html/*
%else
%doc doc/arm/*.html
%endif

%if %{MINOR_VERSION} >= 16
%{_libdir}/*/*.so
%endif

%if %{MINOR_VERSION} >= 17
%{_bindir}/dnssec-*
%{_bindir}/named-checkconf
%{_bindir}/named-checkzone
%{_bindir}/named-compilezone
%{_bindir}/named-journalprint
%{_bindir}/nsec3hash
%{_mandir}/man1/dnssec-*.1.*
%{_mandir}/man1/named-checkconf.1.*
%{_mandir}/man1/named-checkzone.1.*
%{_mandir}/man1/named-journalprint.1.*
%{_mandir}/man1/named-nzd2nzf.1.*
%{_mandir}/man1/nsec3hash.1.*
%endif

%{_mandir}/man5
%{_mandir}/man8
%{_sbindir}/*

%if %{MINOR_VERSION} <= 16 && %{with python}
%{?_scl_root}%{python_version_sitelib}/*
%endif

%if %{with systemd}
%attr(0644,root,root) %{_unitdir}/%{service_name}.service
%else
%attr(0755,root,root) %{?scl:%_root_initddir}%{!?scl:%_initddir}/%{service_name}
%endif

%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/named

%defattr(0640, root, named, 0750)
%config(noreplace) %{_sysconfdir}/named.conf
%ghost %config(noreplace) %{_sysconfdir}/rndc.key
%dir %{_localstatedir}/named
%defattr(0660, named, named, 0770)
%dir %{_localstatedir}/named/data

%if %{with systemd}
%defattr(-,root,root,-)
%{_tmpfilesdir}/%{service_name}.conf
%else
%defattr(0660, named, named, 0770)
%dir %{_localstatedir}/run/named
%endif

# 'bind-devel' package

%files devel
%defattr(-,root,root,-)
%{_includedir}/*
%if %{MINOR_VERSION} <= 11
%{_bindir}/bind9-config
%{_bindir}/isc-config.sh
%{_mandir}/man1/bind9-config.1.*
%{_mandir}/man1/isc-config.sh.1.*
%{_mandir}/man3
%endif

# 'bind-libs' package

%files libs
%defattr(-,root,root,-)
%{_libdir}/*.so*

# 'bind-utils' package

%files utils
%defattr(-,root,root,-)
%{_bindir}/arpaname
%{_bindir}/delv
%{_bindir}/dig
%{_bindir}/host
%{_bindir}/mdig
%{_bindir}/named-rrchecker
%{_bindir}/nslookup
%{_bindir}/nsupdate
%{_mandir}/man1/arpaname.1.*
%{_mandir}/man1/delv.1.*
%{_mandir}/man1/dig.1.*
%{_mandir}/man1/host.1.*
%{_mandir}/man1/mdig.1.*
%{_mandir}/man1/named-rrchecker.1.*
%{_mandir}/man1/nslookup.1.*
%{_mandir}/man1/nsupdate.1.*

%if %{with dnstap}
%{_bindir}/dnstap-read
%{_mandir}/man1/dnstap-read.1.*
%endif

##### Installation/upgrade/removal scriptlets

# 'bind' package

%pre
if [ "$1" -eq 1 ]; then
	# Initial installation, not upgrade
	groupadd -f -r named
	if ! cut -d: -f1 /etc/passwd | grep -F -x -q named; then
		useradd -c named -d %{_localstatedir}/named -g named -r -s /sbin/nologin named
	fi
fi

%post
%if %{with systemd}
%systemd_post %{service_name}.service
if [ "$1" -eq 1 ]; then
	# Initial installation, not upgrade
	%tmpfiles_create %{service_name}.conf
fi
%else
if [ "$1" -eq 1 ]; then
	# Initial installation, not upgrade
	chkconfig --add %{service_name}
fi
%endif

%if %{MINOR_VERSION} >= 16
%global RNDC_CONFGEN_CMD	%{_sbindir}/rndc-confgen -a
%else
%global RNDC_CONFGEN_CMD	%{_sbindir}/rndc-confgen -a -r /dev/urandom
%endif

if [ "$1" -eq 1 ]; then
	# Initial installation, not upgrade
	if [ ! -s %{_sysconfdir}/rndc.key ] && [ ! -s %{_sysconfdir}/rndc.conf ]; then
		if %{RNDC_CONFGEN_CMD} > /dev/null 2>&1; then
			chown root:named %{_sysconfdir}/rndc.key
			chmod 640 %{_sysconfdir}/rndc.key
			[ -x /sbin/restorecon ] && /sbin/restorecon %{_sysconfdir}/rndc.key
		fi
	fi
fi

%preun
%if %{with systemd}
%systemd_preun %{service_name}.service
%else
if [ "$1" -eq 0 ]; then
	# Package removal, not upgrade
	service %{service_name} stop > /dev/null 2>&1 || true
	chkconfig --del %{service_name} || true
fi
%endif

%postun
%if %{with systemd}
%if 0%{?rhel} >= 8 || 0%{?fedora} >= 24
systemctl daemon-reload >/dev/null 2>&1 || :
%endif
%systemd_postun_with_restart %{service_name}.service
%else
if [ "$1" -eq 1 ]; then
	# Upgrade, not removal
	if service %{service_name} status > /dev/null 2>&1; then
		service %{service_name} restart > /dev/null 2>&1 || true
	fi
fi
%endif

# 'bind-libs' package

%post libs
if [ "$1" -eq 1 ]; then
	# Initial installation, not upgrade
	ldconfig
fi
# ldconfig is intentionally not run in %%post during an upgrade; if the newer
# version of the 'bind-libs' package contains a library with the same interface
# number, but an older revision number than the library present in the
# currently installed version of this package, running ldconfig will reset the
# relevant symlink in /usr/lib64 so that it points to the library with highest
# revision number (i.e. the one installed by the version of the package which
# is about to be removed); this in turn will likely break restarting named upon
# upgrade (in %%postun for the 'bind' package), because it will attempt to
# dynamically load an incorrect version of the library

%postun libs
ldconfig