# BIND9-CURRENT.SPEC %global _bind_scm_host https://gitlab.isc.org %global _bind_scm_repo isc-projects/bind9 # https://gitlab.isc.org/isc-projects/bind9/-/tags # %%global _bind_scm_branch main %global _bind_scm_branch v9.21.14 %global _owner pgnd %global _build_timestamp %( date +%%Y%%m%%d_%%H%%M%%S --utc ) %global _dist .%{_build_timestamp}.%{_owner}.fc%{fedora} # https://stackoverflow.com/questions/47838041/rpmbuild-how-to-disable-check-buildroot # https://rpm-software-management.github.io/rpm/manual/dependency_generators.html # %%global __spec_install_pre /bin/true # %%global __arch_install_post %%{nil} # %%global __os_install_post %%{nil} %global _disable_source_fetch 0 %global debug_package %{nil} # %%undefine _auto_set_build_flags %global _hardened_build 1 %global __brp_check_rpaths %{nil} # %%global __brp_mangle_shebangs %%{nil} # %%global __brp_strip %%{nil} # %%global __requires_exclude ^.*/xxx/bin/python.*$ # %%global __requires_exclude_from ^.*/xxx/bin/python.*$ # %%global _build_id_links none # %%bcond_with XXX : opt build with XXX; default, without # %%bcond_without XXX : opt build without XXX; default, with %global _bind_name named %global _bind_execnm named %global _bind_pkgnm bind9-current %global _bind_unitnm bind9-current %global _bind_comment BIND9 DNS server %global _bind_descrip %{expand: %{_bind_comment}.} # https://spdx.org/licenses/MPL-2.0.html # https://spdx.org/licenses/BSD-3-Clause.html # https://spdx.org/licenses/MIT.html # https://spdx.org/licenses/BSD-2-Clause.html %global _bind_license MPL-2.0 AND ISC AND BSD-3-Clause AND MIT AND BSD-2-Clause %global _bind_usr_daemon named %global _bind_grp_daemon named %global _bind_install_dir /usr/local/bind9-pgnd %global _bind_bin_dir_r bin %global _bind_conf_dir /usr/local/etc/named %global _bind_conf_dir_ORIG %{_bind_install_dir}/etc %global _bind_data_dir_r share %global _bind_include_dir_r include %global _bind_lib_dir_r lib64 %global _bind_libexec_dir_r libexec %global _bind_localstate_dir /var %global _bind_log_dir /var/log/%{_bind_name} %global _bind_sbin_dir_r %{_bind_bin_dir_r} %global _bind_sharedstate_dir /var/lib %global _bind_scripts_dir /usr/local/scripts/%{_bind_pkgnm} %global _bind_unit_dir /etc/systemd/system %global _bind_run_dir /run/%{_bind_execnm} %global _bind_build_dir bind9-build #!!! https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin %global _bind_exec_dir_r %{_bind_bin_dir_r} %global _bind_exec_dir %{_bind_install_dir}/%{_bind_exec_dir_r} %global _bind_exec %{_bind_exec_dir}/%{_bind_execnm} %global _bind_scm_type git %global _bind_scm_repo_base %( basename %{_bind_scm_repo} ) %global _bind_scm_url %{_bind_scm_host}/%{_bind_scm_repo} %global _bind_commit %(GIT_TERMINAL_PROMPT=0 git -c credential.helper= -c credential.interactive=never -c core.askPass= ls-remote %{_bind_scm_url}.git | grep -E "/%{_bind_scm_branch}\\^\\{\\}$" | cut -f1) %global _bind_shortcommit %(c=%{_bind_commit}; echo -n ${c} | head -c 7) # DL by: branch name, tag, shortcommit -- NOT full commit (requires signin) # https://gitlab.isc.org/isc-projects/bind9/-/archive/main/bind9-main.tar.gz # https://gitlab.isc.org/isc-projects/bind9/-/archive/v9.21.14/bind9-v9.21.14.tar.gz # https://gitlab.isc.org/isc-projects/bind9/-/archive/537824f/bind9-537824f.tar.gz %global _bind_scm_tarball %{_bind_scm_host}/%{_bind_scm_repo}/-/archive/%{_bind_shortcommit}/%{_bind_scm_repo_base}-%{_bind_shortcommit}.tar.gz %global _bind_scm_extract_dir %{_bind_scm_repo_base}-%{_bind_shortcommit} %global dist %{_dist} Vendor: %{_owner} # NEVRA (n-e:v-r.a) : https://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ Name: %{_bind_pkgnm} Epoch: 3 Version: %{_bind_scm_type}_%( echo %{_bind_scm_branch} | sed 's|-|_|g' ) Release: 0%{?dist} %global _same_evr %{epoch}:%{version}-%{release} Summary: %{_bind_comment} License: %{_bind_license} URL: %{_bind_scm_url} Source100: %{_bind_pkgnm}.service Source101: %{_bind_pkgnm}.target Source102: %{_bind_pkgnm}.logrotate Source103: %{_bind_pkgnm}.rsyslog Source200: compile-rpz-text-to-raw.sh Source900: stub.service Source901: stub.target Source300: named.conf.SAMPLE BuildRequires: coreutils BuildRequires: docbook-style-xsl BuildRequires: doxygen BuildRequires: findutils BuildRequires: fstrm-utils BuildRequires: gcc BuildRequires: git BuildRequires: gnupg2 BuildRequires: gzip BuildRequires: libcap BuildRequires: make BuildRequires: meson BuildRequires: ninja-build BuildRequires: nmap BuildRequires: pkgconf BuildRequires: pkgconfig(cmocka) BuildRequires: pkgconfig(jemalloc) BuildRequires: pkgconfig(json-c) BuildRequires: pkgconfig(libcap) BuildRequires: pkgconfig(libedit) BuildRequires: pkgconfig(libidn2) BuildRequires: pkgconfig(libfstrm) BuildRequires: pkgconfig(libmaxminddb) BuildRequires: pkgconfig(libnghttp2) BuildRequires: pkgconfig(libprotobuf-c) BuildRequires: pkgconfig(liburcu-cds) BuildRequires: pkgconfig(libuv) BuildRequires: pkgconfig(libxslt) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(lmdb) BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(protobuf) BuildRequires: pkgconfig(zlib) BuildRequires: python3-pytest BuildRequires: python3-sphinx BuildRequires: python3-sphinx_rtd_theme BuildRequires: sed BuildRequires: sudo BuildRequires: systemtap BuildRequires: systemtap-sdt-devel BuildRequires: systemtap-sdt-dtrace BuildRequires: tar BuildRequires: wget BuildRequires: xz BuildRequires: systemd BuildRequires: systemd-rpm-macros %{?systemd_ordering} %{?systemd_requires} # dnf repoquery --list > # Packaging:Conflicts # https://fedoraproject.org/wiki/Packaging:Conflicts # --- virtuals for bind9-current stream (keep your existing ones) --- Provides: %{_bind_pkgnm} = %{_same_evr} Provides: %{_bind_pkgnm}-chroot = %{_same_evr} Provides: %{_bind_pkgnm}-dnssec-utils = %{_same_evr} Provides: %{_bind_pkgnm}-libs = %{_same_evr} Provides: %{_bind_pkgnm}-libs-lite = %{_same_evr} Provides: %{_bind_pkgnm}-license = %{_same_evr} Provides: %{_bind_pkgnm}-lite-devel = %{_same_evr} Provides: %{_bind_pkgnm}-pkcs11 = %{_same_evr} Provides: %{_bind_pkgnm}-utils = %{_same_evr} Provides: dnsutils = %{_same_evr} # --- replace legacy bind-* packages (auto-upgrade path) --- Provides: bind = %{_same_evr} Provides: bind-chroot = %{_same_evr} Provides: bind-dnssec-utils = %{_same_evr} Provides: bind-libs = %{_same_evr} Provides: bind-libs-lite = %{_same_evr} Provides: bind-license = %{_same_evr} Provides: bind-lite-devel = %{_same_evr} Provides: bind-pkcs11 = %{_same_evr} Provides: bind-utils = %{_same_evr} Obsoletes: bind <= %{_same_evr} Obsoletes: bind-chroot <= %{_same_evr} Obsoletes: bind-dnssec-utils <= %{_same_evr} Obsoletes: bind-libs <= %{_same_evr} Obsoletes: bind-libs-lite <= %{_same_evr} Obsoletes: bind-license <= %{_same_evr} Obsoletes: bind-lite-devel <= %{_same_evr} Obsoletes: bind-pkcs11 <= %{_same_evr} Obsoletes: bind-utils <= %{_same_evr} # prefer uninstall of bind9-next*; else fail install --- # if v(bind9-next*) < _same_evr. DNF:Obsoletes -> removes # if v(bind9-next*) > _same_evr, or not matched by Obsoletes, DNF:Conflicts FAILs Obsoletes: bind9-next <= %{_same_evr} Obsoletes: bind9-next-chroot <= %{_same_evr} Obsoletes: bind9-next-dnssec-utils <= %{_same_evr} Obsoletes: bind9-next-libs <= %{_same_evr} Obsoletes: bind9-next-libs-lite <= %{_same_evr} Obsoletes: bind9-next-license <= %{_same_evr} Obsoletes: bind9-next-lite-devel <= %{_same_evr} Obsoletes: bind9-next-pkcs11 <= %{_same_evr} Obsoletes: bind9-next-utils <= %{_same_evr} Conflicts: bind9-next Conflicts: bind9-next-chroot Conflicts: bind9-next-dnssec-utils Conflicts: bind9-next-libs Conflicts: bind9-next-libs-lite Conflicts: bind9-next-license Conflicts: bind9-next-lite-devel Conflicts: bind9-next-pkcs11 Conflicts: bind9-next-utils Conflicts: bind-dyndb-ldap Requires: coreutils Requires: xz Requires(pre): user(%{_bind_usr_daemon}) Requires(pre): group(%{_bind_grp_daemon}) Recommends: inxi Recommends: testssl %description %{_bind_descrip} %prep echo '##### STARTING PREP #####' cd %{_builddir} wget %{_bind_scm_tarball} tar zxvf $( basename %{_bind_scm_tarball} ) cd %{_builddir}/%{_bind_scm_extract_dir} %build echo '##### STARTING BUILD #####' cd %{_builddir}/%{_bind_scm_extract_dir} CPPFLAGS+=" -DOPENSSL_NO_ENGINE=1" _rpath_ldflags="" # use DT_RUNPATH instead DT_RPATH in ELF headers. Enable overridable runtime paths _rpath_ldflags+="-Wl,--enable-new-dtags" # enable using $ORIGIN substitution in RPATH/RUNPATH _rpath_ldflags+=" -Wl,-z,origin" # Single RUNPATH for bins/mods that locates libs in # /usr/local/bind9-pgnd/{,lib64,lib64/bind9/} _rpath_ldflags+=" -Wl,-rpath,\$ORIGIN:\$ORIGIN/..:\$ORIGIN/../%{_bind_lib_dir_r}" LDFLAGS="${_rpath_ldflags} %{?__global_ldflags}" # TEST AFTER INSTALL # readelf -d /usr/local/bind9-pgnd/bin/dig | grep RUNPATH # 0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN:$ORIGIN/..:$ORIGIN/../lib64] STD_CDEFINES="$CPPFLAGS" LIBDIR_SUFFIX= export CFLAGS CXXFLAGS CPPFLAGS LDFLAGS STD_CDEFINES LIBDIR_SUFFIX # prevent `git rev-parse` exec in meson.build printf '%s\n' 'noscm' > srcid _build_dir_paths=() _build_dir_paths+=("--prefix=%{_bind_install_dir}") _build_dir_paths+=("--bindir=%{_bind_install_dir}/%{_bind_bin_dir_r}") _build_dir_paths+=("--sbindir=%{_bind_install_dir}/%{_bind_sbin_dir_r}") _build_dir_paths+=("--libexecdir=%{_bind_install_dir}/%{_bind_libexec_dir_r}") _build_dir_paths+=("--libdir=%{_bind_install_dir}/%{_bind_lib_dir_r}") _build_dir_paths+=("--includedir=%{_bind_install_dir}/%{_bind_include_dir_r}") _build_dir_paths+=("--datadir=%{_bind_install_dir}/%{_bind_data_dir_r}") _build_dir_paths+=("--infodir=%{_bind_install_dir}/%{_bind_data_dir_r}/info") _build_dir_paths+=("--localedir=%{_bind_install_dir}/%{_bind_data_dir_r}/locale") _build_dir_paths+=("--mandir=%{_bind_install_dir}/%{_bind_data_dir_r}/man") _build_dir_paths+=("--sharedstatedir=%{_bind_sharedstate_dir}") _build_dir_paths+=("--localstatedir=%{_bind_localstate_dir}") _build_dir_paths+=("--sysconfdir=%{_bind_conf_dir}") _build_rpath_flags=() _build_rpath_flags+=("-Dc_link_args=${_rpath_ldflags} %{?__global_ldflags}") _build_rpath_flags+=("-Dcpp_link_args=${_rpath_ldflags} %{?__global_ldflags}") echo '## BUILD:meson setup ##' # https://mesonbuild.com/Builtin-options.html#compiler-options # NOTE: # disable fuzzing # Bring back fuzzing in meson # https://gitlab.isc.org/isc-projects/bind9/-/issues/5551 _this_builddir="%{_bind_build_dir}" _this_sourcedir="%{_builddir}/%{_bind_scm_extract_dir}" meson setup \ "${_build_dir_paths[@]}" \ "${_build_rpath_flags[@]}" \ --buildtype plain \ --backend ninja \ --default-library shared \ --wrap-mode=nodownload \ --auto-features=enabled \ -Dcmocka=enabled \ -Ddnstap=enabled \ -Ddoc=enabled \ -Dfuzzing=disabled \ -Dgeoip=enabled \ -Dgssapi=disabled \ -Didn=enabled \ -Dlmdb=enabled \ -Dstats-json=enabled \ -Dtracing=enabled \ ${_this_builddir} ${_this_sourcedir} echo '## BUILD:meson compile ##' #_build_verbosity="" _build_verbosity="verbose" if [[ ${_build_verbosity} == "verbose" ]] then meson compile --verbose \ -C %{_bind_build_dir} \ --jobs ${RPM_BUILD_NCPUS} else _NINJA_ARGS="--quiet" meson compile \ --ninja-args="${_NINJA_ARGS}" \ -C %{_bind_build_dir} \ --jobs ${RPM_BUILD_NCPUS} fi %install echo '##### STARTING INSTALL #####' cd %{_builddir}/%{_bind_scm_extract_dir} ## modify rpmbuild rpath check criteria # cref: /usr/lib/rpm/check-rpaths-worker # QA_RPATHS=$(( 0x0001|0x0002|0x0004|0x0008|0x0010|0x0020 )) # allow 'invalid' RPATHs export QA_RPATHS="$(( 0x0002 ))" # DIRS mkdir -p ${RPM_BUILD_ROOT}/%{_bind_unit_dir} mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir} mkdir -p ${RPM_BUILD_ROOT}/%{_bind_install_dir}/%{_bind_data_dir_r}/doc/changelog mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/logrotate.d mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/rsyslog.d mkdir -p ${RPM_BUILD_ROOT}/%{_bind_scripts_dir} # GENERATE .service FILES, scripts sed -i \ -e 's|__BIND_CONFDIR__|%{_bind_conf_dir}|g' \ -e 's|__BIND_EXEC__|%{_bind_exec}|g' \ -e 's|__BIND_EXECDIR__|%{_bind_exec_dir}|g' \ -e 's|__BIND_EXEC_NAME__|%{_bind_execnm}|g' \ -e 's|__BIND_INSTALLDIR__|%{_bind_install_dir}|g' \ -e 's|__BIND_GRP__|%{_bind_grp_daemon}|g' \ -e 's|__BIND_LOGDIR__|%{_bind_log_dir}|g' \ -e 's|__BIND_RUNDIR__|%{_bind_run_dir}|g' \ -e 's|__BIND_SCRIPTSDIR__|%{_bind_scripts_dir}|g' \ -e 's|__BIND_UNIT_NAME__|%{_bind_unitnm}|g' \ -e 's|__BIND_USR__|%{_bind_usr_daemon}|g' \ %{SOURCE100} %{SOURCE101} %{SOURCE102} %{SOURCE103} %{SOURCE200} %{SOURCE300} echo '## INSTALL:meson install ##' DESTDIR="${RPM_BUILD_ROOT}" \ meson install \ -C %{_bind_build_dir} \ --no-rebuild # NEVER ship /usr/local/etc/named/*; COMPILED-IN default only if [ -d "${RPM_BUILD_ROOT}/usr/local/etc/named" ] then find "${RPM_BUILD_ROOT}/usr/local/etc/named" -mindepth 1 -depth -delete find "${RPM_BUILD_ROOT}/usr/local/etc/named" -maxdepth 0 -type d -delete fi if [[ -n "$(find "${RPM_BUILD_ROOT}/usr/local/etc/named" -mindepth 1 2>/dev/null)" ]] then echo "!! ERROR: SYSTEM CONFIG leaked into package payload !!" exit 1 fi ## SERVICES install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE100} \ ${RPM_BUILD_ROOT}/%{_bind_unit_dir}/%{_bind_unitnm}.service install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE101} \ ${RPM_BUILD_ROOT}/%{_bind_unit_dir}/%{_bind_unitnm}.target # vendor stubs to keep systemd behavior predictable install -D --mode=0644 %{SOURCE900} ${RPM_BUILD_ROOT}%{_unitdir}/%{_bind_unitnm}.service install -D --mode=0644 %{SOURCE901} ${RPM_BUILD_ROOT}%{_unitdir}/%{_bind_unitnm}.target ## SCRIPTS install -D --preserve-timestamps --mode=750 --verbose \ %{SOURCE200} \ "${RPM_BUILD_ROOT}%{_bind_scripts_dir}/compile-rpz-text-to-raw.sh" mkdir -p ${RPM_BUILD_ROOT}/ ## DOCS install -D --preserve-timestamps --mode=640 --verbose \ doc/changelog/changelog-*.rst \ -t "${RPM_BUILD_ROOT}%{_bind_install_dir}/%{_bind_data_dir_r}/doc/changelog/" install -D --preserve-timestamps --mode=640 --verbose \ %{SOURCE300} \ ${RPM_BUILD_ROOT}/%{_bind_conf_dir_ORIG}/named.conf.SAMPLE ## ADMIN install -D -p -m 644 \ %{SOURCE102} \ ${RPM_BUILD_ROOT}/%{_sysconfdir}/logrotate.d/%{_bind_pkgnm} install -D -p -m 644 \ %{SOURCE103} \ ${RPM_BUILD_ROOT}/%{_sysconfdir}/rsyslog.d/%{_bind_pkgnm}.conf %check # verify payload sanity after staging if [[ $(find "${RPM_BUILD_ROOT}/%{_bind_conf_dir}" -type f -print -quit 2>/dev/null) ]] then echo "!! ERROR: SYSTEM CONFIG leaked into package payload !!" exit 1 else echo "no system config leakage detected" fi if [[ ! -d "${RPM_BUILD_ROOT}%{_bind_install_dir}" ]] then echo "!! ERROR: install dir missing in payload !!" exit 1 else echo "install dir verified present" fi %post %systemd_post %{_bind_unitnm}.service %preun %systemd_preun %{_bind_unitnm}.service %postun %systemd_postun_with_restart %{_bind_unitnm}.service %files # http://ftp.rpm.org/max-rpm/s1-rpm-inside-files-list-directives.html %{_bind_install_dir} %{_bind_unit_dir}/%{_bind_unitnm}* %{_unitdir}/%{_bind_unitnm}.service %{_unitdir}/%{_bind_unitnm}.target %attr(0750, root, %{_bind_grp_daemon}) %{_bind_scripts_dir}/compile-rpz-text-to-raw.sh %{_sysconfdir}/logrotate.d/%{_bind_pkgnm} %{_sysconfdir}/rsyslog.d/%{_bind_pkgnm}.conf %changelog * Sun Nov 2 2025 pgnd _ - bump 1762114724