powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

unbound package update 1.8.1 

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 6 years ago
parent
d106da5464
commit
310edfb9c3
5 changed files with 92 additions and 24 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      SOURCES/unbound-anchor.service
  2. 6
      SOURCES/unbound-keygen.service
  3. 30
      SOURCES/unbound.conf
  4. 2
      SOURCES/unbound.service
  5. 76
      SPECS/unbound.spec

2
SOURCES/unbound-anchor.service
Unescape View File

@ -5,5 +5,5 @@ Documentation=man:unbound-anchor(8)
[Service] [Service]
Type=oneshot Type=oneshot
User=unbound User=unbound
ExecStart=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem ExecStart=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem -f /etc/resolv.conf -R
SuccessExitStatus=1 SuccessExitStatus=1

6
SOURCES/unbound-keygen.service
Unescape View File

@ -2,7 +2,11 @@
Description=Unbound Control Key And Certificate Generator Description=Unbound Control Key And Certificate Generator
After=syslog.target After=syslog.target
Before=unbound.service Before=unbound.service
ConditionPathExists=!/etc/unbound/unbound_control.key ConditionPathExists=|!/etc/unbound/unbound_control.pem
ConditionPathExists=|!/etc/unbound/unbound_control.key
ConditionPathExists=|!/etc/unbound/unbound_server.pem
ConditionPathExists=|!/etc/unbound/unbound_server.key
PartOf=unbound.service


[Service] [Service]
Type=oneshot Type=oneshot

30
SOURCES/unbound.conf
Unescape View File

@ -246,7 +246,8 @@ server:
# to this server. Specify classless netblocks with /size and action. # to this server. Specify classless netblocks with /size and action.
# By default everything is refused, except for localhost. # By default everything is refused, except for localhost.
# Choose deny (drop message), refuse (polite error reply), # Choose deny (drop message), refuse (polite error reply),
# allow (recursive ok), allow_snoop (recursive and nonrecursive ok) # allow (recursive ok), allow_setrd (recursive ok, rd bit is forced on),
# allow_snoop (recursive and nonrecursive ok)
# deny_non_local (drop queries unless can be answered from local-data) # deny_non_local (drop queries unless can be answered from local-data)
# refuse_non_local (like deny_non_local but polite error reply). # refuse_non_local (like deny_non_local but polite error reply).
# access-control: 0.0.0.0/0 refuse # access-control: 0.0.0.0/0 refuse
@ -483,6 +484,9 @@ server:
# trust anchor signaling sends a RFC8145 key tag query after priming. # trust anchor signaling sends a RFC8145 key tag query after priming.
trust-anchor-signaling: yes trust-anchor-signaling: yes


# Root key trust anchor sentinel (draft-ietf-dnsop-kskroll-sentinel)
root-key-sentinel: yes

# File with DLV trusted keys. Same format as trust-anchor-file. # File with DLV trusted keys. Same format as trust-anchor-file.
# There can be only one DLV configured, it is trusted from root down. # There can be only one DLV configured, it is trusted from root down.
# DLV is going to be decommissioned. Please do not use it any more. # DLV is going to be decommissioned. Please do not use it any more.
@ -658,7 +662,7 @@ server:
# o inform acts like transparent, but logs client IP address # o inform acts like transparent, but logs client IP address
# o inform_deny drops queries and logs client IP address # o inform_deny drops queries and logs client IP address
# o always_transparent, always_refuse, always_nxdomain, resolve in # o always_transparent, always_refuse, always_nxdomain, resolve in
# that way but ignore local data for that name. # that way but ignore local data for that name
# o noview breaks out of that view towards global local-zones. # o noview breaks out of that view towards global local-zones.
# #
# defaults are localhost address, reverse for 127.0.0.1 and ::1 # defaults are localhost address, reverse for 127.0.0.1 and ::1
@ -705,6 +709,15 @@ server:
# Default is no. Can be turned on and off with unbound-control. # Default is no. Can be turned on and off with unbound-control.
# tls-upstream: no # tls-upstream: no


# Certificates used to authenticate connections made upstream.
# tls-cert-bundle: ""

# Add system certs to the cert bundle, from the Windows Cert Store
# tls-win-cert: no

# Also serve tls on these port numbers (eg. 443, ...), by listing
# tls-additional-ports: portno for each of the port numbers.

# DNS64 prefix. Must be specified when DNS64 is use. # DNS64 prefix. Must be specified when DNS64 is use.
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
# dns64-prefix: 64:ff9b::0/96 # dns64-prefix: 64:ff9b::0/96
@ -722,6 +735,12 @@ server:
# 0 blocks when ratelimited, otherwise let 1/xth traffic through # 0 blocks when ratelimited, otherwise let 1/xth traffic through
# ratelimit-factor: 10 # ratelimit-factor: 10


# what is considered a low rtt (ping time for upstream server), in msec
# low-rtt: 45
# select low rtt this many times out of 1000. 0 means the fast server
# select is disabled. prefetches are not sped up.
# low-rtt-permil: 0

# override the ratelimit for a specific domain name. # override the ratelimit for a specific domain name.
# give this setting multiple times to have multiple overrides. # give this setting multiple times to have multiple overrides.
# ratelimit-for-domain: example.com 1000 # ratelimit-for-domain: example.com 1000
@ -929,3 +948,10 @@ auth-zone:
# backend: "testframe" # backend: "testframe"
# # secret seed string to calculate hashed keys # # secret seed string to calculate hashed keys
# secret-seed: "default" # secret-seed: "default"
# # For "redis" backend:
# # redis server's IP address or host name
# redis-server-host: 127.0.0.1
# # redis server's TCP port
# redis-server-port: 6379
# # timeout (in ms) for communication with the redis server
# redis-timeout: 100

2
SOURCES/unbound.service
Unescape View File

@ -11,7 +11,7 @@ Wants=nss-lookup.target
Type=simple Type=simple
EnvironmentFile=-/etc/sysconfig/unbound EnvironmentFile=-/etc/sysconfig/unbound
ExecStartPre=/usr/sbin/unbound-checkconf ExecStartPre=/usr/sbin/unbound-checkconf
ExecStartPre=-/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem ExecStartPre=-/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem -f /etc/resolv.conf -R
ExecStart=/usr/sbin/unbound -d $UNBOUND_OPTIONS ExecStart=/usr/sbin/unbound -d $UNBOUND_OPTIONS
ExecReload=/usr/sbin/unbound-control reload ExecReload=/usr/sbin/unbound-control reload



76
SPECS/unbound.spec
Unescape View File

@ -4,7 +4,7 @@


%global _hardened_build 1 %global _hardened_build 1


#global extra_version rc1 #%%global extra_version rc1


%if 0%{with_python2} %if 0%{with_python2}
%global python_primary %{__python2} %global python_primary %{__python2}
@ -14,7 +14,6 @@
%global python_primary %{__python3} %global python_primary %{__python3}
%endif # with_python3 %endif # with_python3


%if 0%{?rhel}
%global with_munin 0 %global with_munin 0


%if 0%{?with_python2} && 0%{?rhel} <= 6 %if 0%{?with_python2} && 0%{?rhel} <= 6
@ -24,16 +23,12 @@
%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} %{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
%endif # with_python2 && rhel <= 6 %endif # with_python2 && rhel <= 6


%if 0%{?rhel} <= 7
%global with_python3 1 %global with_python3 1
%else
%global with_python2 1 %global with_python2 1
%endif # rhel <= 7
%endif # rhel


Summary: Validating, recursive, and caching DNS(SEC) resolver Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound Name: unbound
Version: 1.7.3 Version: 1.8.1
Release: 1%{?extra_version:.%{extra_version}}%{?dist} Release: 1%{?extra_version:.%{extra_version}}%{?dist}
License: BSD License: BSD
Url: https://www.unbound.net/ Url: https://www.unbound.net/
@ -88,7 +83,6 @@ as a server, but are linked into an application) are easily possible.
%if %{with_munin} %if %{with_munin}
%package munin %package munin
Summary: Plugin for the munin / munin-node monitoring package Summary: Plugin for the munin / munin-node monitoring package
Group: System Environment/Daemons
Requires: munin-node Requires: munin-node
Requires: %{name} = %{version}-%{release}, bc Requires: %{name} = %{version}-%{release}, bc
BuildArch: noarch BuildArch: noarch
@ -99,7 +93,6 @@ Plugin for the munin / munin-node monitoring package


%package devel %package devel
Summary: Development package that includes the unbound header files Summary: Development package that includes the unbound header files
Group: Development/Libraries
Requires: %{name}-libs%{?_isa} = %{version}-%{release}, openssl-devel Requires: %{name}-libs%{?_isa} = %{version}-%{release}, openssl-devel
Requires: pkgconfig Requires: pkgconfig


@ -108,12 +101,7 @@ The devel package contains the unbound library and the include files


%package libs %package libs
Summary: Libraries used by the unbound server and client applications Summary: Libraries used by the unbound server and client applications
Group: Applications/System %{?systemd_requires}
Requires(post): /sbin/ldconfig
Requires(post): systemd
Requires(postun): /sbin/ldconfig
Requires(postun): systemd
Requires(preun): systemd
Requires(pre): shadow-utils Requires(pre): shadow-utils


%description libs %description libs
@ -123,7 +111,6 @@ Contains libraries used by the unbound server and client applications
%package -n python2-unbound %package -n python2-unbound
%{?python_provide:%python_provide python2-unbound} %{?python_provide:%python_provide python2-unbound}
Summary: Python 2 modules and extensions for unbound Summary: Python 2 modules and extensions for unbound
Group: Applications/System
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Provides: unbound-python = %{version}-%{release} Provides: unbound-python = %{version}-%{release}
Obsoletes: unbound-python < %{version}-%{release} Obsoletes: unbound-python < %{version}-%{release}
@ -135,7 +122,6 @@ Python 2 modules and extensions for unbound
%if 0%{with_python3} %if 0%{with_python3}
%package -n python3-unbound %package -n python3-unbound
Summary: Python 3 modules and extensions for unbound Summary: Python 3 modules and extensions for unbound
Group: Applications/System
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}


%description -n python3-unbound %description -n python3-unbound
@ -158,6 +144,7 @@ Python 3 modules and extensions for unbound
%setup -qcn %{pkgname} %setup -qcn %{pkgname}


pushd %{pkgname} pushd %{pkgname}

# only for snapshots # only for snapshots
# autoreconf -iv # autoreconf -iv


@ -299,7 +286,7 @@ useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \
%systemd_post unbound-keygen.service %systemd_post unbound-keygen.service


%post libs %post libs
/sbin/ldconfig %{?ldconfig}
%systemd_post unbound-anchor.timer %systemd_post unbound-anchor.timer
# start the timer only if installing the package to prevent starting it, if it was stopped on purpose # start the timer only if installing the package to prevent starting it, if it was stopped on purpose
if [ "$1" -eq 1 ]; then if [ "$1" -eq 1 ]; then
@ -319,7 +306,7 @@ fi
%systemd_postun unbound-keygen.service %systemd_postun unbound-keygen.service


%postun libs %postun libs
/sbin/ldconfig %{?ldconfig}
%systemd_postun_with_restart unbound-anchor.timer %systemd_postun_with_restart unbound-anchor.timer


%triggerun -- unbound < 1.4.12-4 %triggerun -- unbound < 1.4.12-4
@ -367,6 +354,10 @@ popd
%attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/conf.d/*.conf %attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/conf.d/*.conf
%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/local.d %dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/local.d
%attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/local.d/*.conf %attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/local.d/*.conf
%ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_control.pem
%ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_control.key
%ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_server.pem
%ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_server.key
%{_sbindir}/unbound %{_sbindir}/unbound
%{_sbindir}/unbound-checkconf %{_sbindir}/unbound-checkconf
%{_sbindir}/unbound-control %{_sbindir}/unbound-control
@ -424,6 +415,53 @@ popd
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key


%changelog %changelog
* Mon Oct 08 2018 Petr Menšík <pemensik@redhat.com> - 1.8.1-1
- Update to 1.8.1

* Mon Oct 01 2018 Petr Menšík <pemensik@redhat.com> - 1.8.0-2
- Skip ipv6 forwarders without ipv6 support (#1633874)

* Wed Sep 19 2018 Petr Menšík <pemensik@redhat.com> - 1.8.0-1
- Rebase to 1.8.0

* Tue Aug 14 2018 Paul Wouters <pwouters@redhat.com> - 1.7.3-9
- Fix for restarting unbound service after deleting key/pem files for remote control

* Tue Jul 31 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-8
- Release memory in unbound-host

* Mon Jul 23 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-7
- Remove unused Group tag

* Wed Jul 18 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-6
- Cleanup generated client and server keys (#1601773)

* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Mon Jul 09 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-4
- Do not call ldconfig if possible

* Wed Jul 04 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-3
- Update trust anchors also behind firewall (#1598078)

* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 1.7.3-2
- Rebuilt for Python 3.7

* Wed Jun 27 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-1
- Update to 1.7.3 (#1593708)

* Wed Jun 27 2018 Petr Menšík <pemensik@redhat.com> - 1.7.2-3
- Remove last python2 dependency from python3 build

* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1.7.2-2
- Rebuilt for Python 3.7

* Mon Jun 11 2018 Paul Wouters <pwouters@redhat.com> - 1.7.2-1
- Resolves rhbz#1589807 unbound-1.7.2 is available
- Add patch to fix stub/forward zone not returning ServFail when TTL expires
- Enabled the new root-key-sentinel option

* Wed May 30 2018 Petr Menšík <pemensik@redhat.com> - 1.7.1-1 * Wed May 30 2018 Petr Menšík <pemensik@redhat.com> - 1.7.1-1
- Update to 1.7.1 (#1574495) - Update to 1.7.1 (#1574495)



Write Preview
Loading…
Cancel
Save