From e6bfbb9aba3f5f4283d80e78c9009b1afe72cc67 Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: Mar 13 2015 14:55:17 +0000 Subject: Fix typo in the dnssec-trigger-script (#1187371) - Use Python3 by default Signed-off-by: Tomas Hozza --- diff --git a/dnssec-trigger-0.12-script-fixes-python-key-length.patch b/dnssec-trigger-0.12-script-fixes-python-key-length.patch new file mode 100644 index 0000000..334c637 --- /dev/null +++ b/dnssec-trigger-0.12-script-fixes-python-key-length.patch @@ -0,0 +1,227 @@ +From 47323af3dfd5afe38ebd90f550ad5d7dc078e860 Mon Sep 17 00:00:00 2001 +From: wouter +Date: Thu, 12 Mar 2015 15:37:44 +0000 +Subject: [PATCH] - Patches from Tomas Hozza (7): dnssec-trigger-script: + Fix wrong default value in configuration dnssec-trigger-script: Fix + formatting errors dnssec-trigger-script: Remove unused class Allow + to select the default Python interpretter during build Fix + 01-dnssec-trigger NOT to hardcode shell path dnssec-trigger-script: Fix + typo when adding search domains dnssec-trigger-control-setup: Use 3072 + bit keys + +git-svn-id: http://www.nlnetlabs.nl/svn/dnssec-trigger/trunk@693 14dc9c71-5cc2-e011-b339-0019d10b89f4 +--- + 01-dnssec-trigger.in | 2 +- + Changelog | 10 ++++++++++ + Makefile.in | 3 +++ + config.h.in | 3 +++ + configure | 25 +++++++++++++++++++++++++ + configure.ac | 10 ++++++++++ + dnssec-trigger-control-setup.sh.in | 4 +++- + dnssec-trigger-script.in | 21 +++++---------------- + 8 files changed, 60 insertions(+), 18 deletions(-) + +diff --git a/01-dnssec-trigger.in b/01-dnssec-trigger.in +index f410723..8ece20e 100644 +--- a/01-dnssec-trigger.in ++++ b/01-dnssec-trigger.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!0SHELL0 + # + # Script to notify dnssec-trigger that the DNS configuration in NetworkManager + # may have changed. +diff --git a/Makefile.in b/Makefile.in +index 8d4de79..5b356fc 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -20,6 +20,7 @@ endif + + SHELL=@SHELL@ + VERSION=@PACKAGE_VERSION@ ++PYTHON=@PYTHON@ + srcdir=@srcdir@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ +@@ -223,6 +225,7 @@ networkmanager-hook: 01-dnssec-trigger dnssec-trigger-script + + dnssec-trigger-script: $(srcdir)/dnssec-trigger-script.in Makefile + cp $< $@ ++ sed -e 's?0PYTHON0?$(PYTHON)?' < $(srcdir)/dnssec-trigger-script.in > $@ + chmod +x $@ + + osx/RiggerStatusItem/log.c: $(srcdir)/riggerd/log.c osx/RiggerStatusItem +diff --git a/config.h.in b/config.h.in +index e79b245..022d056 100644 +--- a/config.h.in ++++ b/config.h.in +@@ -258,6 +258,9 @@ + /* default pidfile name for dnssec-trigger */ + #undef PIDFILE + ++/* default Python interpreter path for all Python scripts */ ++#undef PYTHON ++ + /* Define as the return type of signal handlers (`int' or `void'). */ + #undef RETSIGTYPE + +diff --git a/configure b/configure +index 2082a49..a53d6b2 100755 +--- a/configure ++++ b/configure +@@ -626,6 +626,7 @@ DATE + LDNSLIBS + ldnsdir + unbound_control_path ++PYTHON + pidfile + configfile + uidir +@@ -718,6 +719,7 @@ with_keydir + with_uidir + with_configfile + with_pidfile ++with_python + with_unbound_control + with_ldns + enable_rpath +@@ -1383,6 +1385,8 @@ Optional Packages: + keydir/dnssec-trigger.conf + --with-pidfile=path set the pidfile to use, default + /var/run/dnssec-trigger.pid ++ --with-python=path set the path to Python interpreter to use for Python ++ scripts, defaults /usr/bin/python + --with-unbound-control=path + set the unbound-control to use, default what + configure finds in its path +@@ -7336,6 +7340,27 @@ _ACEOF + + + ++# Check whether --with-python was given. ++if test "${with_python+set}" = set; then : ++ withval=$with_python; ++else ++ withval="" ++fi ++ ++PYTHON="/usr/bin/python" ++if test -n "$withval"; then ++ PYTHON="$withval" ++fi ++python_esc="`echo $PYTHON | sed -e 's/\\\\/\\\\\\\\/g'`" ++ ++ ++cat >>confdefs.h <<_ACEOF ++#define PYTHON "$python_esc" ++_ACEOF ++ ++ ++ ++ + # Check whether --with-unbound-control was given. + if test "${with_unbound_control+set}" = set; then : + withval=$with_unbound_control; +diff --git a/configure.ac b/configure.ac +index 1f9967b..4c1c716 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -504,6 +504,16 @@ ACX_ESCAPE_BACKSLASH($pidfile, pidfile_esc) + AC_DEFINE_UNQUOTED([PIDFILE], ["$pidfile_esc"], [default pidfile name for dnssec-trigger]) + AC_SUBST(pidfile) + ++AC_ARG_WITH([python], AC_HELP_STRING([--with-python=path], ++[set the path to Python interpreter to use for Python scripts, defaults /usr/bin/python]),, withval="") ++PYTHON="/usr/bin/python" ++if test -n "$withval"; then ++ PYTHON="$withval" ++fi ++ACX_ESCAPE_BACKSLASH($PYTHON, python_esc) ++AC_DEFINE_UNQUOTED([PYTHON], ["$python_esc"], [default Python interpreter path for all Python scripts]) ++AC_SUBST(PYTHON) ++ + AC_ARG_WITH([unbound-control], AC_HELP_STRING([--with-unbound-control=path], + [set the unbound-control to use, default what configure finds in its path]),, withval="") + AC_MSG_CHECKING([for unbound-control]) +diff --git a/dnssec-trigger-control-setup.sh.in b/dnssec-trigger-control-setup.sh.in +index 7d0387a..7cc305a 100644 +--- a/dnssec-trigger-control-setup.sh.in ++++ b/dnssec-trigger-control-setup.sh.in +@@ -48,7 +48,9 @@ CLIENTNAME=dnssec-trigger-control + DAYS=7200 + + # size of keys in bits +-BITS=1536 ++# recommendation for new systems is to use at least 3072 bits ++# http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report ++BITS=3072 + + # hash algorithm + HASH=sha256 +diff --git a/dnssec-trigger-script.in b/dnssec-trigger-script.in +index 830baa9..7bf6c2e 100644 +--- a/dnssec-trigger-script.in ++++ b/dnssec-trigger-script.in +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!0PYTHON0 + # -*- coding: utf-8 -*- + """ + @author: Tomas Hozza +@@ -57,7 +57,7 @@ class Config: + "use_vpn_global_forwarders": False, + "use_resolv_conf_symlink": False, + "use_resolv_secure_conf_symlink": False, +- "use_private_address_ranges": TRUE, ++ "use_private_address_ranges": True, + "set_search_domains": False, + "keep_positive_answers": False, + } +@@ -86,7 +86,7 @@ class Config: + + config = Config() + if config.debug: +- log.setLevel(logging.DEBUG); ++ log.setLevel(logging.DEBUG) + + class ConnectionList: + """List of NetworkManager active connections""" +@@ -186,7 +186,7 @@ class Connection: + pass + try: + self.servers += [self.ip6_to_str(connection.get_ip6_config().get_nameserver(i)) +- for i in range(connection.get_ip6_config().get_num_nameservers())] ++ for i in range(connection.get_ip6_config().get_num_nameservers())] + except AttributeError: + pass + +@@ -353,17 +353,6 @@ class Store: + zone_file.write("{}\n".format(zone)) + os.rename(self.path_tmp, self.path) + +-class GlobalForwarders: +- def __init__(self): +- self.cache = set() +- try: +- with open(self.path) as zone_file: +- for line in zone_file: +- line = line.strip() +- if line: +- self.cache.add(line) +- except IOError: +- pass + + class Application: + resolvconf = "/etc/resolv.conf" +@@ -490,7 +479,7 @@ class Application: + Called by dnssec-trigger. + """ + +- if config.add_search_domains: ++ if config.set_search_domains: + zones = set(sum((connection.zones for connection in ConnectionList(self.client)), [])) + log.info("Search domains: " + ' '.join(zones)) + self.resolvconf_localhost_contents = self.__class__.resolvconf_localhost_contents +-- +2.1.0 + diff --git a/dnssec-trigger.spec b/dnssec-trigger.spec index 8800034..81dcdc8 100644 --- a/dnssec-trigger.spec +++ b/dnssec-trigger.spec @@ -3,7 +3,7 @@ Summary: NetworkManager plugin to update/reconfigure DNSSEC resolving Name: dnssec-trigger Version: 0.12 -Release: 18%{?dist} +Release: 19%{?dist} License: BSD Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/ Source0: http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz @@ -43,6 +43,8 @@ Patch5: dnssec-trigger-0.12-probe.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1130502 # https://bugzilla.redhat.com/show_bug.cgi?id=1128310 Patch6: dnssec-trigger-0.12-dnssec-conf.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1187371 + other fixes +Patch7: dnssec-trigger-0.12-script-fixes-python-key-length.patch Requires(postun): initscripts Requires: ldns >= 1.6.10, NetworkManager-glib, unbound, xdg-utils @@ -59,7 +61,7 @@ Requires: NetworkManager >= 0.9.9.0-40 %endif %endif Requires(pre): shadow-utils -BuildRequires: desktop-file-utils systemd-units, openssl-devel, ldns-devel +BuildRequires: desktop-file-utils systemd-units, openssl-devel, ldns-devel, python3-devel BuildRequires: gtk2-devel, NetworkManager-devel BuildRequires: systemd @@ -85,14 +87,17 @@ sed -i "s/-panel//" panel/dnssec-trigger-panel.desktop.in %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 -# change default RSA key between deamon/control from 1536 to 3072 -sed -i "s/BITS=1536/BITS=3072/" dnssec-trigger-control-setup.sh.in # don't use DNSSEC for forward zones for now sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zones=no/" dnssec.conf %build -%configure --with-keydir=/etc/dnssec-trigger --with-hooks=networkmanager +%configure \ + --with-keydir=/etc/dnssec-trigger \ + --with-hooks=networkmanager \ + --with-python=%{__python3} + %{__make} %{?_smp_mflags} %install @@ -163,6 +168,10 @@ fi %systemd_postun_with_restart %{name}d.service %changelog +* Fri Mar 13 2015 Tomas Hozza - 0.12-19 +- Fix typo in the dnssec-trigger-script (#1187371) +- Use Python3 by default + * Mon Jan 26 2015 Pavel Šimerda - 0.12-18 - Resolves: #1185796, #1130502, #1105685, #1128310 – update