%global _hardened_build 1 Name: unbound Version: 1.9.2 Release: 1%{?extra_version:.%{extra_version}}%{?dist} License: BSD Summary: Validating, recursive, and caching DNS(SEC) resolver Url: https://www.unbound.net/ Source0: https://www.unbound.net/downloads/%{name}-%{version}.tar.gz Source1: unbound.service Source2: unbound.conf Source3: unbound.munin Source4: unbound_munin_ Source5: root.key Source7: unbound-keygen.service Source8: tmpfiles-unbound.conf Source9: example.com.key Source10: example.com.conf Source11: block-example.com.conf Source12: https://data.iana.org/root-anchors/icannbundle.pem Source13: root.anchor Source14: unbound.sysconfig Source15: unbound-anchor.timer Source16: unbound-munin.README Source17: unbound-anchor.service BuildRequires: gcc, make BuildRequires: flex, openssl-devel BuildRequires: libevent-devel expat-devel BuildRequires: pkgconfig BuildRequires: python2-devel swig BuildRequires: python3-devel swig BuildRequires: systemd %{?systemd_requires} # Needed because /usr/sbin/unbound links unbound libs staticly Requires: %{name}-libs%{?_isa} = %{version}-%{release} %description Unbound is a validating, recursive, and caching DNS(SEC) resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible. %package devel Summary: Development package that includes the unbound header files Requires: %{name}-libs%{?_isa} = %{version}-%{release}, openssl-devel Requires: pkgconfig %description devel The devel package contains the unbound library and the include files %package libs Summary: Libraries used by the unbound server and client applications %{?systemd_requires} Requires(pre): shadow-utils %description libs Contains libraries used by the unbound server and client applications %package -n python2-unbound %{?python_provide:%python_provide python2-unbound} Summary: Python 2 modules and extensions for unbound Requires: %{name}-libs%{?_isa} = %{version}-%{release} Provides: unbound-python = %{version}-%{release} Obsoletes: unbound-python < %{version}-%{release} %description -n python2-unbound Python 2 modules and extensions for unbound %package -n python3-unbound Summary: Python 3 modules and extensions for unbound Requires: %{name}-libs%{?_isa} = %{version}-%{release} %description -n python3-unbound Python 3 modules and extensions for unbound %prep %setup -q -n %{name}-%{version} %build %configure \ --with-libevent --with-pthreads --with-ssl \ --disable-rpath --disable-static \ --enable-relro-now --enable-pie \ --enable-subnet --enable-ipsecmod \ --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \ --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \ --enable-sha2 --disable-gost --enable-ecdsa \ --with-rootkey-file=%{_sharedstatedir}/unbound/root.key \ --with-pythonmodule --with-pyunbound PYTHON=/usr/bin/python2 %{__make} %{?_smp_mflags} %{__make} %{?_smp_mflags} streamtcp %install install -p -m 0644 %{SOURCE16} . %{__make} DESTDIR=%{buildroot} unbound-event-install install install -m 0755 streamtcp %{buildroot}%{_sbindir}/unbound-streamtcp install -d -m 0755 %{buildroot}%{_unitdir} %{buildroot}%{_sysconfdir}/sysconfig install -p -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/unbound.service install -p -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/unbound-keygen.service install -p -m 0644 %{SOURCE15} %{buildroot}%{_unitdir}/unbound-anchor.timer install -p -m 0644 %{SOURCE17} %{buildroot}%{_unitdir}/unbound-anchor.service install -p -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound install -p -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/unbound install -p -m 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/sysconfig/unbound # install streamtcp man page install -m 0644 testcode/streamtcp.1 %{buildroot}/%{_mandir}/man1/unbound-streamtcp.1 install -D -m 0644 contrib/libunbound.pc %{buildroot}/%{_libdir}/pkgconfig/libunbound.pc # Install tmpfiles.d config install -d -m 0755 %{buildroot}%{_tmpfilesdir} %{buildroot}%{_sharedstatedir}/unbound install -m 0644 %{SOURCE8} %{buildroot}%{_tmpfilesdir}/unbound.conf # install root - we keep a copy of the root key in old location, # in case user has changed the configuration and we wouldn't update it there install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/unbound/ install -m 0644 %{SOURCE13} %{buildroot}%{_sharedstatedir}/unbound/root.key # remove static library from install (fedora packaging guidelines) rm -rf %{buildroot}%{_libdir}/*.a rm -rf %{buildroot}%{_libdir}/*.la rm -rf %{buildroot}%{python2_sitearch}/*.la rm -rf %{buildroot}%{python3_sitearch}/*.la # create softlink for all functions of libunbound man pages for mpage in ub_ctx ub_result ub_ctx_create ub_ctx_delete ub_ctx_set_option ub_ctx_get_option ub_ctx_config ub_ctx_set_fwd ub_ctx_resolvconf ub_ctx_hosts ub_ctx_add_ta ub_ctx_add_ta_file ub_ctx_trustedkeys ub_ctx_debugout ub_ctx_debuglevel ub_ctx_async ub_poll ub_wait ub_fd ub_process ub_resolve ub_resolve_async ub_cancel ub_resolve_free ub_strerror ub_ctx_print_local_zones ub_ctx_zone_add ub_ctx_zone_remove ub_ctx_data_add ub_ctx_data_remove; do echo ".so man3/libunbound.3" > %{buildroot}%{_mandir}/man3/$mpage ; done mkdir -p %{buildroot}%{_localstatedir}/run/unbound # Install directories for easier config file drop in mkdir -p %{buildroot}%{_sysconfdir}/unbound/{keys.d,conf.d,local.d} install -p %{SOURCE9} %{buildroot}%{_sysconfdir}/unbound/keys.d/ install -p %{SOURCE10} %{buildroot}%{_sysconfdir}/unbound/conf.d/ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/unbound/local.d/ # Link unbound-control-setup.8 manpage to unbound-control.8 echo ".so man8/unbound-control.8" > %{buildroot}/%{_mandir}/man8/unbound-control-setup.8 %pre libs getent group unbound >/dev/null || groupadd -r unbound getent passwd unbound >/dev/null || \ useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \ -c "Unbound DNS resolver" unbound %post %systemd_post unbound.service %systemd_post unbound-keygen.service %post libs %{?ldconfig} %systemd_post unbound-anchor.timer # start the timer only if installing the package to prevent starting it, if it was stopped on purpose if [ "$1" -eq 1 ]; then # the Unit is in presets, but would be started after reboot /bin/systemctl start unbound-anchor.timer >/dev/null 2>&1 || : fi %preun %systemd_preun unbound.service %systemd_preun unbound-keygen.service %preun libs %systemd_preun unbound-anchor.timer %postun %systemd_postun_with_restart unbound.service %systemd_postun unbound-keygen.service %postun libs %{?ldconfig} %systemd_postun_with_restart unbound-anchor.timer %triggerun -- unbound < 1.4.12-4 # Save the current service runlevel info # User must manually run systemd-sysv-convert --apply unbound # to migrate them to systemd targets /usr/bin/systemd-sysv-convert --save unbound >/dev/null 2>&1 ||: # Run these because the SysV package being removed won't do them /sbin/chkconfig --del unbound >/dev/null 2>&1 || : /bin/systemctl try-restart unbound.service >/dev/null 2>&1 || : /bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || : %check make check %files %doc doc/CREDITS doc/FEATURES %{_unitdir}/%{name}.service %{_unitdir}/%{name}-keygen.service %attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name} %attr(0644,root,root) %{_tmpfilesdir}/unbound.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/keys.d %attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/keys.d/*.key %dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/conf.d %attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/conf.d/*.conf %dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/local.d %attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/local.d/*.conf %ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_control.pem %ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_control.key %ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_server.pem %ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_server.key %{_sbindir}/unbound %{_sbindir}/unbound-checkconf %{_sbindir}/unbound-control %{_sbindir}/unbound-control-setup %{_sbindir}/unbound-host %{_sbindir}/unbound-streamtcp %{_mandir}/man1/* %{_mandir}/man5/* %exclude %{_mandir}/man8/unbound-anchor* %{_mandir}/man8/* %files -n python2-unbound %license pythonmod/LICENSE %{python2_sitearch}/* %doc libunbound/python/examples/* %doc pythonmod/examples/* %files -n python3-unbound %license pythonmod/LICENSE #%{python3_sitearch}/* %doc libunbound/python/examples/* %doc pythonmod/examples/* %files devel %{_libdir}/libunbound.so %{_includedir}/unbound.h %{_includedir}/unbound-event.h %{_mandir}/man3/* %{_libdir}/pkgconfig/*.pc %files libs %doc doc/README %license doc/LICENSE %attr(0755,root,root) %dir %{_sysconfdir}/%{name} %{_sbindir}/unbound-anchor %{_libdir}/libunbound.so.* %{_mandir}/man8/unbound-anchor* %{_sysconfdir}/%{name}/icannbundle.pem %{_unitdir}/unbound-anchor.timer %{_unitdir}/unbound-anchor.service %dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name} %attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key # just left for backwards compat with user changed unbound.conf files - format is different! %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key %changelog