bind.spec.in 11 KB
Newer Older
1
%bcond_without scl
2
3
4
5
6

%if %{with scl}
%global scl isc-bind
%endif

7
8
9
10
11
12
# Work around an SCL build issue on Fedora 33+
# (https://bugzilla.redhat.com/show_bug.cgi?id=1898587)
%if 0%{?fedora} >= 33
%global __python %{__python3}
%endif

13
14
15
16
17
%{?scl:%scl_package bind}
%{!?scl:%global pkg_name %{name}}

##### Macro and variable definitions

18
19
20
21
%define replace_tokens						\
	sed							\\\
		-e "s|@LOCALSTATEDIR@|%{_localstatedir}|g;"	\\\
		-e "s|@SCL_ROOT@|%{?_scl_root}|g;"		\\\
22
23
24
25
26
27
28
		-e "s|@SYSCONFDIR@|%{_sysconfdir}|g;"

# On some systems, %%scl_prefix is a macro rather than a %%global variable;
# thus, a helper variable is used to prevent "Too many levels of recursion in
# macro expansion" errors on such systems, caused by passing an argument
# containing %%{?scl_prefix} to a macro using the %%{?*} construct
%global service_name %{?scl_prefix}named
29

30
%if %{MINOR_VERSION} <= 16
Michał Kępień's avatar
Michał Kępień committed
31
%if 0%{?rhel} >= 8 || 0%{?fedora} >= 31
32
33
34
35
36
37
%global python_version		python3
%global python_version_sitelib	%{python3_sitelib}
%else
%global python_version		python
%global python_version_sitelib	%{python_sitelib}
%endif
38
%endif
39

40
41
##### Conditionally enabled features

42
%bcond_without	dnstap
Michał Kępień's avatar
Michał Kępień committed
43
%bcond_with	tuninglarge
44

45
%if %{MINOR_VERSION} <= 16
46
%bcond_without	python
47
48
49
50
%endif

##### Package metadata

51
# 'bind' package
52

53
Name:		%{?scl:%scl_pkg_name}%{?!scl:isc-bind}
54
55
Version:	%{PACKAGE_VERSION}
Release:	%{PACKAGE_RELEASE}%{?dist}
56
57
58
Summary:	The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
License:	MPL 2.0
URL:		https://www.isc.org/downloads/BIND/
59
60
61
62
63
BuildRequires:	json-c-devel
BuildRequires:	krb5-devel
BuildRequires:	libxml2-devel
BuildRequires:	libxslt
BuildRequires:	openssl-devel
64
BuildRequires:	perl
Michał Kępień's avatar
Michał Kępień committed
65
66
67
BuildRequires:	systemd
%{?systemd_requires}

68
%if %{MINOR_VERSION} <= 16 && %{with python}
69
BuildRequires:	%{python_version}
Michał Kępień's avatar
Michał Kępień committed
70
BuildRequires:	%{python_version}-rpm-macros
Michał Kępień's avatar
Michał Kępień committed
71
72
73
74
BuildRequires:	%{python_version}-ply
Requires:	%{python_version}-ply
%endif
%if %{MINOR_VERSION} >= 17
75
BuildRequires:	jemalloc-devel
76
BuildRequires:	libnghttp2-devel
Michał Kępień's avatar
Michał Kępień committed
77
%endif
78
79
Requires:	%{name}-libs = %{PACKAGE_VERSION}
%{?!scl:Conflicts: bind}
80

81
82
%if %{MINOR_VERSION} >= 16
BuildRequires:	python3
Michał Kępień's avatar
Michał Kępień committed
83
84
85
BuildRequires:	libcap-devel
BuildRequires:	%{?scl_prefix}libuv-devel
Requires:	%{?scl_prefix}libuv
86
87
%endif

88
%if %{with dnstap}
89
90
91
92
93
BuildRequires:	%{?scl_prefix}fstrm-devel
BuildRequires:	%{?scl_prefix}protobuf-c-compiler
BuildRequires:	%{?scl_prefix}protobuf-c-devel
BuildRequires:	%{?scl_prefix}protobuf-compiler
BuildRequires:	%{?scl_prefix}protobuf-devel
94
95
Requires:	%{?scl_prefix}fstrm
Requires:	%{?scl_prefix}protobuf-c
96
97
%endif

98
99
100
101
%{?scl:BuildRequires: %{scl}-build}
%{?scl:BuildRequires: %scl_runtime}
%{?scl:Requires: %scl_runtime}

102
Source0:	https://ftp.isc.org/isc/bind9/%{UPSTREAM_VERSION}/bind-%{UPSTREAM_VERSION}.tar.%{TARBALL_FORMAT}
103
Source1:	named.service.in
Michał Kępień's avatar
Michał Kępień committed
104
105
Source2:	named.sysconfig
Source3:	named.conf.in
106
107
108
109
110
111
112
113

%description
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocol. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.

114
# 'bind-devel' package
115
116
117

%package devel
Summary:	Header files and libraries needed for BIND DNS development
118
119
Requires:	%{name}-libs = %{PACKAGE_VERSION}
%{?!scl:Conflicts: bind-devel}
120
121
122
123
124

%description devel
The isc-bind-devel package contains full version of the header files and libraries
required for development with ISC BIND 9.

125
# 'bind-libs' package
126
127
128

%package libs
Summary:	Libraries used by the BIND DNS packages
129
%{?!scl:Conflicts: bind-libs}
130
131
132
133
134

%description libs
Contains heavyweight version of BIND suite libraries used by both named DNS
server and utilities in isc-bind-utils package.

135
# 'bind-utils' package
136
137
138

%package utils
Summary:	Utilities for querying DNS name servers
139
140
Requires:	%{name}-libs = %{PACKAGE_VERSION}
%{?!scl:Conflicts: bind-utils}
141
142
143
144
145
146
147
148
149
150
151
152
153

%description utils
isc-bind-utils contains a collection of utilities for querying DNS (Domain
Name System) name servers to find out information about Internet
hosts. These tools will provide you with the IP addresses for given
host names, as well as other information about registered domains and
network addresses.

You should install isc-bind-utils if you need to get information from DNS name
servers.

##### Build instructions

154
# 'bind' package
155
156

%prep
157
%setup -q -n bind-%{UPSTREAM_VERSION}
158
159

%build
160
%{?scl:scl enable %scl -- <<\EOF}
161
%set_build_flags
162
set -e -v
163
164
165
export CPPFLAGS="${CPPFLAGS}%{?extra_cppflags: %{extra_cppflags}}"
export CFLAGS="${CFLAGS}%{?extra_cflags: %{extra_cflags}}"
export LDFLAGS="${LDFLAGS} -L%{_libdir}%{?extra_ldflags: %{extra_ldflags}}"
166
167
168
169
170
171
172
173
# Some systems (e.g. Fedora 32+) set LT_SYS_LIBRARY_PATH to the value of the
# SCL's %%{_libdir}, which prevents RPATH for BIND binaries from being set to
# that path.  However, we need RPATH to be set for BIND binaries in SCL-based
# packages so that the isc-bind-named service can be started in the proper
# SELinux context (as using "scl enable" messes with SELinux contexts on
# systemd-based systems).  Hardcode LT_SYS_LIBRARY_PATH to an arbitrary path in
# order to prevent libtool from stripping BIND binaries from the SCL RPATH.
export LT_SYS_LIBRARY_PATH=/usr/lib64
174
175
176
%if %{MINOR_VERSION} >= 16
export SPHINX_BUILD=%{_builddir}/bind-%{UPSTREAM_VERSION}/sphinx/bin/sphinx-build
%endif
177
178
179
180
181
%if %{MINOR_VERSION} >= 17
export CPPFLAGS="${CPPFLAGS} -I%{_includedir}"
%else
export STD_CINCLUDES="-I%{_includedir}"
%endif
182
183
%configure \
	--disable-static \
184
%if %{MINOR_VERSION} <= 11
185
186
	--enable-threads \
	--enable-ipv6 \
187
%endif
188
189
190
191
192
%if %{with dnstap}
	--enable-dnstap \
%else
	--disable-dnstap \
%endif
193
194
	--with-pic \
	--with-gssapi \
Michał Kępień's avatar
Michał Kępień committed
195
%if %{MINOR_VERSION} >= 16
196
197
	--with-json-c \
%else
198
	--with-libjson \
199
%endif
200
%if %{MINOR_VERSION} <= 16
201
	--with-libtool \
202
%endif
203
204
	--with-libxml2 \
	--without-lmdb \
205
%if %{MINOR_VERSION} <= 16
206
%if %{with python}
207
	--with-python \
208
209
210
%else
	--without-python \
%endif
211
%endif
212
213
214
%if %{with tuninglarge}
	--with-tuning=large \
%endif
215
;
216
217
218
219

%if %{MINOR_VERSION} >= 16
python3 -m venv sphinx
source sphinx/bin/activate
220
pip install sphinx_rtd_theme
221
make %{?_smp_mflags}
222
223
make doc
%else
224
make %{?_smp_mflags}
225
226
%endif

227
%{?scl:EOF}
228
229
230
231
232

%install
make install DESTDIR=${RPM_BUILD_ROOT}

# Remove redundant files installed by "make install"
233
234
rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/bind.keys
rm -f ${RPM_BUILD_ROOT}%{_libdir}/*.la
235
236
rm -f ${RPM_BUILD_ROOT}%{_libdir}/*/*.la
rm -rf ${RPM_BUILD_ROOT}%{_builddir}/
237

Michał Kępień's avatar
Michał Kępień committed
238
# systemd unit file
239
install -d ${RPM_BUILD_ROOT}%{_unitdir}
240
%replace_tokens %{SOURCE1} > ${RPM_BUILD_ROOT}%{_unitdir}/%{service_name}.service
241
242
243

# /etc files
install -d ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
Michał Kępień's avatar
Michał Kępień committed
244
245
install %{SOURCE2} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named
%replace_tokens %{SOURCE3} > ${RPM_BUILD_ROOT}%{_sysconfdir}/named.conf
246
247
248
249
250
251
252
253
touch ${RPM_BUILD_ROOT}%{_sysconfdir}/rndc.key

# /var directories
install -d ${RPM_BUILD_ROOT}%{_localstatedir}/named/data
install -d ${RPM_BUILD_ROOT}%{_localstatedir}/run/named

# tmpfiles.d entry required to recreate /run/named on reboot (/tmp is a tmpfs)
install -d ${RPM_BUILD_ROOT}%{_tmpfilesdir}
Michał Kępień's avatar
Michał Kępień committed
254
echo "d %{_localstatedir}/run/named 0770 named named -" > ${RPM_BUILD_ROOT}%{_tmpfilesdir}/%{service_name}.conf
255
256
257

%files
%defattr(-,root,root,-)
258

Michał Kępień's avatar
Michał Kępień committed
259
%doc CHANGES*
260
%doc README*
261
262
263
264
265
266
267

%if %{MINOR_VERSION} >= 16
%doc doc/arm/_build/html/*
%else
%doc doc/arm/*.html
%endif

Michał Kępień's avatar
Michał Kępień committed
268
%if %{MINOR_VERSION} >= 16
269
%{_libdir}/*/*.so
270
%endif
271
272
273
274
275
276
277
278
279
280
281

%if %{MINOR_VERSION} >= 17
%{_bindir}/dnssec-*
%{_bindir}/named-checkconf
%{_bindir}/named-checkzone
%{_bindir}/named-compilezone
%{_bindir}/named-journalprint
%{_bindir}/nsec3hash
%{_mandir}/man1/dnssec-*.1.*
%{_mandir}/man1/named-checkconf.1.*
%{_mandir}/man1/named-checkzone.1.*
282
%{_mandir}/man1/named-compilezone.1.*
283
284
285
286
%{_mandir}/man1/named-journalprint.1.*
%{_mandir}/man1/nsec3hash.1.*
%endif

287
288
289
290
%{_mandir}/man5
%{_mandir}/man8
%{_sbindir}/*

291
%if %{MINOR_VERSION} <= 16 && %{with python}
292
%{?_scl_root}%{python_version_sitelib}/*
293
294
%endif

295
%attr(0644,root,root) %{_unitdir}/%{service_name}.service
296
297
298
299
300
301
302
303
304
305
306

%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/named

%defattr(0640, root, named, 0750)
%config(noreplace) %{_sysconfdir}/named.conf
%ghost %config(noreplace) %{_sysconfdir}/rndc.key
%dir %{_localstatedir}/named
%defattr(0660, named, named, 0770)
%dir %{_localstatedir}/named/data

%defattr(-,root,root,-)
307
%{_tmpfilesdir}/%{service_name}.conf
308

309
# 'bind-devel' package
310
311
312

%files devel
%defattr(-,root,root,-)
313
%{_includedir}/*
Michał Kępień's avatar
Michał Kępień committed
314
%if %{MINOR_VERSION} <= 11
315
316
317
318
%{_bindir}/bind9-config
%{_bindir}/isc-config.sh
%{_mandir}/man1/bind9-config.1.*
%{_mandir}/man1/isc-config.sh.1.*
319
320
%{_mandir}/man3
%endif
321

322
# 'bind-libs' package
323
324
325

%files libs
%defattr(-,root,root,-)
326
%{_libdir}/*.so*
327

328
# 'bind-utils' package
329
330
331
332

%files utils
%defattr(-,root,root,-)
%{_bindir}/arpaname
333
%{_bindir}/delv
334
335
%{_bindir}/dig
%{_bindir}/host
336
337
%{_bindir}/mdig
%{_bindir}/named-rrchecker
338
339
340
%{_bindir}/nslookup
%{_bindir}/nsupdate
%{_mandir}/man1/arpaname.1.*
341
%{_mandir}/man1/delv.1.*
342
343
%{_mandir}/man1/dig.1.*
%{_mandir}/man1/host.1.*
344
345
%{_mandir}/man1/mdig.1.*
%{_mandir}/man1/named-rrchecker.1.*
346
347
%{_mandir}/man1/nslookup.1.*
%{_mandir}/man1/nsupdate.1.*
348

349
%if %{with dnstap}
350
%{_bindir}/dnstap-read
351
352
353
354
355
%{_mandir}/man1/dnstap-read.1.*
%endif

##### Installation/upgrade/removal scriptlets

356
# 'bind' package
357
358
359
360

%pre
if [ "$1" -eq 1 ]; then
	# Initial installation, not upgrade
361
362
	getent group named >/dev/null 2>&1 || groupadd -f -r named
	getent passwd named >/dev/null 2>&1 || useradd -c named -d %{_localstatedir}/named -g named -r -s /sbin/nologin named
363
364
365
fi

%post
366
%systemd_post %{service_name}.service
367
368
if [ "$1" -eq 1 ]; then
	# Initial installation, not upgrade
369
	%tmpfiles_create %{service_name}.conf
370
fi
371

Michał Kępień's avatar
Michał Kępień committed
372
%if %{MINOR_VERSION} >= 16
373
%global RNDC_CONFGEN_CMD	%{_sbindir}/rndc-confgen -a
374
%else
375
%global RNDC_CONFGEN_CMD	%{_sbindir}/rndc-confgen -a -r /dev/urandom
376
377
%endif

378
379
if [ "$1" -eq 1 ]; then
	# Initial installation, not upgrade
380
	if [ ! -s %{_sysconfdir}/rndc.key ] && [ ! -s %{_sysconfdir}/rndc.conf ]; then
381
		if %{RNDC_CONFGEN_CMD} > /dev/null 2>&1; then
382
383
384
			chown root:named %{_sysconfdir}/rndc.key
			chmod 640 %{_sysconfdir}/rndc.key
			[ -x /sbin/restorecon ] && /sbin/restorecon %{_sysconfdir}/rndc.key
385
386
387
388
389
		fi
	fi
fi

%preun
390
%systemd_preun %{service_name}.service
391
392

%postun
393
394
395
%if 0%{?rhel} >= 8 || 0%{?fedora} >= 24
systemctl daemon-reload >/dev/null 2>&1 || :
%endif
396
%systemd_postun_with_restart %{service_name}.service
397

398
# 'bind-libs' package
399
400
401
402
403
404
405

%post libs
if [ "$1" -eq 1 ]; then
	# Initial installation, not upgrade
	ldconfig
fi
# ldconfig is intentionally not run in %%post during an upgrade; if the newer
406
407
408
409
410
411
412
413
# version of the 'bind-libs' package contains a library with the same interface
# number, but an older revision number than the library present in the
# currently installed version of this package, running ldconfig will reset the
# relevant symlink in /usr/lib64 so that it points to the library with highest
# revision number (i.e. the one installed by the version of the package which
# is about to be removed); this in turn will likely break restarting named upon
# upgrade (in %%postun for the 'bind' package), because it will attempt to
# dynamically load an incorrect version of the library
414
415
416

%postun libs
ldconfig