Summary: DNSSEC key and zone management software Name: opendnssec Version: 1.4.0 Release: 0.a1%{?dist}.2 License: BSD Url: http://www.opendnssec.org/ #Source: http://www.opendnssec.org/files/source/% {name}-% {version}a1.tar.gz Source: http://www.opendnssec.org/files/source/testing/%{name}-%{version}a1.tar.gz Source1: ods-enforcerd.service Source2: ods-signerd.service Source3: ods.sysconfig Source4: conf.xml Source5: tmpfiles-opendnssec.conf Source6: opendnssec-LICENSE Group: Applications/System BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: opencryptoki, softhsm, systemd-units BuildRequires: ldns-devel >= 1.6.12, sqlite-devel , openssl-devel BuildRequires: libxml2-devel CUnit-devel, doxygen Requires(pre): shadow-utils Requires(post): systemd-sysv Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units %description OpenDNSSEC was created as an open-source turn-key solution for DNSSEC. It secures zone data just before it is published in an authoritative name server. It requires a PKCS#11 crypto module library, such as softhsm %prep %setup -q -n %{name}-%{version}a1 %build %configure --with-ldns=%{_libdir} make %{?_smp_mflags} %check # Requires sample db not shipped with upstream # make check %install rm -rf %{buildroot} make DESTDIR=%{buildroot} install mkdir -p %{buildroot}/var/opendnssec/{tmp,signed,signconf} # cleanup sample files rm -f %{buildroot}/%{_sysconfdir}/opendnssec/*.sample install -d -m 0755 %{buildroot}/%{_sysconfdir}/sysconfig install -d -m 0755 %{buildroot}%{_unitdir} install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/ install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/ install -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ods install -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/opendnssec/ # Install tmpfiles.d config mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/tmpfiles.d/opendnssec.conf mkdir -p %{buildroot}%{_localstatedir}/run/opendnssec %clean rm -rf %{buildroot} %files %defattr(-,root,root) %{_unitdir}/ods-enforcerd.service %{_unitdir}/ods-signerd.service %config(noreplace) %{_sysconfdir}/tmpfiles.d/opendnssec.conf %attr(0750,root,ods) %dir %{_sysconfdir}/opendnssec %attr(0770,root,ods) %dir %{_localstatedir}/opendnssec %attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/tmp %attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/signed %attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/signconf %attr(0660,root,ods) %config(noreplace) %{_sysconfdir}/opendnssec/*.xml %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ods %attr(0770,root,ods) %dir %{_localstatedir}/run/opendnssec %doc NEWS README %{SOURCE6} %{_mandir}/*/* %{_sbindir}/* %{_bindir}/* %attr(0755,root,root) %dir %{_prefix}/share/%{name} %{_prefix}/share/%{name}/* %pre getent group ods >/dev/null || groupadd -r ods getent passwd ods >/dev/null || \ useradd -r -g ods -d /etc/opendnssec -s /sbin/nologin \ -c "opendnssec daemon account" ods exit 0 %post if [ $1 -eq 1 ] ; then # Initial installation /bin/systemctl daemon-reload >/dev/null 2>&1 || : fi # Initialise a slot on the softhsm on first install if [ "$1" -eq 1 ]; then softhsm --init-token --slot 0 --label "OpenDNSSEC" --pin 1234 --so-pin 1234 fi %preun if [ $1 -eq 0 ]; then # Package removal, not upgrade /bin/systemctl --no-reload disable ods-signerd.service > /dev/null 2>&1 || : /bin/systemctl stop ods-signerd.service > /dev/null 2>&1 || : /bin/systemctl --no-reload disable ods-enforcerd.service > /dev/null 2>&1 || : /bin/systemctl stop ods-enforcerd.service > /dev/null 2>&1 || : fi %postun /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall /bin/systemctl try-restart ods-enforcerd.service >/dev/null 2>&1 || : /bin/systemctl try-restart ods-signerd.service >/dev/null 2>&1 || : fi %changelog * Mon Mar 26 2012 Paul Wouters - 1.4.0-0.a1.2 - Added opendnssec LICENSE file from trunk (Thanks Jakob!) * Mon Mar 26 2012 Paul Wouters - 1.4.0-0.a1.1 - Fix macros in comment - Added missing -m to install target * Sun Mar 25 2012 Paul Wouters - 1.4.0-0.a1 - The 1.4.x branch no longer needs ruby, as the auditor has been removed - Added missing openssl-devel BuildRequire - Comment out so keys generated by ods can be used by bind * Fri Feb 24 2012 Paul Wouters - 1.3.6-3 - Requires rubygem-soap4r when using ruby-1.9 - Don't ghost /var/run/opendnssec - Converted initd to systemd * Thu Nov 24 2011 root - 1.3.2-6 - Added rubygem-dnsruby requires as rpm does not pick it up automatically * Tue Nov 22 2011 root - 1.3.2-5 - Added /var/opendnssec/signconf/ /as this temp dir is needed * Mon Nov 21 2011 Paul Wouters - 1.3.2-4 - Added /var/opendnssec/signed/ as this is the default output dir * Sun Nov 20 2011 Paul Wouters - 1.3.2-3 - Add ods user for opendnssec tasks - Added initscripts and services for ods-signerd and ods-enforcerd - Initialise OpenDNSSEC softhsm token on first install * Wed Oct 05 2011 Paul Wouters - 1.3.2-1 - Updated to 1.3.2 - Added dependancies on opencryptoki and softhsm - Don't install duplicate unreadable .sample files - Fix upstream conf.xml to point to actually used library paths * Thu Mar 3 2011 Paul Wouters - 1.2.0-1 - Initial package for Fedora