|
 |
e977454 |
%global _hardened_build 1
|
|
|
e977454 |
|
|
 |
35ce4ae |
# comment out this define using #%% if it is not a pre-release version
|
|
|
1f4067a |
# %% define PRERELEASE rc3
|
|
|
e977454 |
Name: knot-resolver
|
|
|
f05d307 |
Version: 1.2.3
|
|
|
f05d307 |
Release: %{?PRERELEASE}%{?PRERELEASE:.}1%{?dist}
|
|
|
e977454 |
Summary: Caching full DNS Resolver
|
|
|
e977454 |
|
|
|
e977454 |
License: GPLv3
|
|
|
e977454 |
URL: https://www.knot-resolver.cz/
|
|
|
1c462e9 |
Source0: https://secure.nic.cz/files/%{name}/%{name}-%{version}%{?PRERELEASE:-}%{?PRERELEASE}.tar.xz
|
|
|
1c462e9 |
Source1: https://secure.nic.cz/files/%{name}/%{name}-%{version}%{?PRERELEASE:-}%{?PRERELEASE}.tar.xz.asc
|
|
|
fd4eae6 |
|
|
 |
1efd2a2 |
# LuaJIT only on these arches
|
|
|
1efd2a2 |
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64
|
|
|
1efd2a2 |
|
|
|
35ce4ae |
Source2: config
|
|
|
35ce4ae |
Source3: root.keys
|
|
|
fd4eae6 |
|
|
|
1c462e9 |
Source100: kresd.service
|
|
|
1c462e9 |
Source101: kresd.socket
|
|
|
1c462e9 |
Source102: kresd-control.socket
|
|
|
1c462e9 |
Source103: kresd-tls.socket
|
|
|
1c462e9 |
Source104: kresd.tmpfiles
|
|
|
fd4eae6 |
|
|
|
fd4eae6 |
BuildRequires: pkgconfig(libknot) >= 2.3
|
|
|
e977454 |
BuildRequires: pkgconfig(libzscanner)
|
|
|
e977454 |
BuildRequires: pkgconfig(libdnssec)
|
|
|
8c88fb4 |
BuildRequires: pkgconfig(libuv)
|
|
|
fd4eae6 |
BuildRequires: pkgconfig(luajit) >= 2.0
|
|
|
e977454 |
|
|
|
e977454 |
BuildRequires: pkgconfig(libmemcached) >= 1.0
|
|
|
e977454 |
BuildRequires: pkgconfig(hiredis)
|
|
|
fd4eae6 |
BuildRequires: pkgconfig(libsystemd)
|
|
|
e977454 |
|
|
|
e977454 |
BuildRequires: pkgconfig(cmocka)
|
|
|
e977454 |
BuildRequires: pkgconfig(socket_wrapper)
|
|
|
e977454 |
|
|
|
e977454 |
BuildRequires: systemd
|
|
|
71d1463 |
# FIXME: documentation fails to build on Fedora 25
|
|
|
71d1463 |
# https://bugzilla.redhat.com/show_bug.cgi?id=1333391
|
|
|
e977454 |
#BuildRequires: doxygen
|
|
|
e977454 |
#BuildRequires: breathe
|
|
|
e977454 |
#BuildRequires: python-sphinx
|
|
|
e977454 |
#BuildRequires: python-sphinx_rtd_theme
|
|
|
e977454 |
|
|
|
dac5294 |
# Lua 5.1 version of the libraries have different package names
|
|
|
dac5294 |
%if 0%{?rhel}
|
|
|
dac5294 |
Requires: lua-socket
|
|
|
dac5294 |
Requires: lua-sec
|
|
|
dac5294 |
%else
|
|
|
b26d73e |
Requires: lua-socket-compat
|
|
|
b26d73e |
Requires: lua-sec-compat
|
|
|
dac5294 |
%endif
|
|
|
fd4eae6 |
|
|
|
e977454 |
Requires(pre): shadow-utils
|
|
|
e977454 |
Requires(post): systemd
|
|
|
e977454 |
Requires(preun): systemd
|
|
|
e977454 |
Requires(postun): systemd
|
|
|
e977454 |
|
|
|
e977454 |
%description
|
|
|
e977454 |
The Knot DNS Resolver is a caching full resolver implementation written in C
|
|
|
e977454 |
and LuaJIT, including both a resolver library and a daemon. Modular
|
|
|
e977454 |
architecture of the library keeps the core tiny and efficient, and provides
|
|
|
e977454 |
a state-machine like API for extensions.
|
|
|
e977454 |
|
|
|
c235144 |
The package is pre-configured as local caching resolver.
|
|
|
c235144 |
To start using it, just start the local DNS socket:
|
|
|
c235144 |
# systemctl start kresd.socket
|
|
|
c235144 |
|
|
|
c235144 |
BEWARE:
|
|
|
c235144 |
Because of https://bugzilla.redhat.com/show_bug.cgi?id=1366968
|
|
|
1f4067a |
you need to switch your system to SELinux permissive mode.
|
|
|
c235144 |
|
|
|
e977454 |
%package devel
|
|
|
e977454 |
Summary: Development headers for Knot DNS Resolver
|
|
|
e977454 |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
e977454 |
|
|
|
e977454 |
%description devel
|
|
|
e977454 |
The package contains development headers for Knot DNS Resolver.
|
|
|
e977454 |
|
|
|
e977454 |
%prep
|
|
|
1f4067a |
%setup -n %{name}-%{version}%{?PRERELEASE:-}%{?PRERELEASE}
|
|
|
e977454 |
rm -v scripts/bootstrap-depends.sh
|
|
|
e977454 |
|
|
|
e977454 |
%build
|
|
|
e977454 |
%global build_paths PREFIX=%{_prefix} BINDIR=%{_bindir} LIBDIR=%{_libdir} INCLUDEDIR=%{_includedir} ETCDIR=%{_sysconfdir}/kresd
|
|
|
e977454 |
%global build_flags V=1 CFLAGS="%{optflags}" LDFLAGS="%{__global_ldflags}" %{build_paths} HAS_go=no
|
|
|
b2d48e4 |
%make_build %{build_flags}
|
|
|
e977454 |
|
|
|
e977454 |
%install
|
|
|
e977454 |
%make_install %{build_flags}
|
|
|
e977454 |
|
|
|
e977454 |
# move sample configuration files to documentation
|
|
|
e977454 |
install -m 0755 -d %{buildroot}%{_pkgdocdir}
|
|
|
e977454 |
mv %{buildroot}%{_sysconfdir}/kresd/config.* %{buildroot}%{_pkgdocdir}
|
|
|
e977454 |
chmod 0644 %{buildroot}%{_pkgdocdir}/config.*
|
|
|
fd4eae6 |
rm -vr %{buildroot}%{_sysconfdir}/kresd
|
|
|
e977454 |
|
|
|
fd4eae6 |
# install configuration files
|
|
|
fd4eae6 |
mkdir -p %{buildroot}%{_sysconfdir}
|
|
|
fd4eae6 |
install -m 0755 -d %{buildroot}%{_sysconfdir}/kresd
|
|
|
35ce4ae |
install -m 0644 -p %SOURCE2 %{buildroot}%{_sysconfdir}/kresd/config
|
|
|
35ce4ae |
install -m 0664 -p %SOURCE3 %{buildroot}%{_sysconfdir}/kresd/root.keys
|
|
|
e977454 |
|
|
|
fd4eae6 |
# install systemd units
|
|
|
fd4eae6 |
mkdir -p %{buildroot}%{_unitdir}
|
|
|
fd4eae6 |
install -m 0644 -p %SOURCE100 %{buildroot}%{_unitdir}/kresd.service
|
|
|
fd4eae6 |
install -m 0644 -p %SOURCE101 %{buildroot}%{_unitdir}/kresd.socket
|
|
|
fd4eae6 |
install -m 0644 -p %SOURCE102 %{buildroot}%{_unitdir}/kresd-control.socket
|
|
|
fd4eae6 |
install -m 0644 -p %SOURCE103 %{buildroot}%{_unitdir}/kresd-tls.socket
|
|
|
e977454 |
|
|
|
fd4eae6 |
# install tmpfiles.d
|
|
|
fd4eae6 |
mkdir -p %{buildroot}%{_tmpfilesdir}
|
|
|
fd4eae6 |
install -m 0644 -p %SOURCE104 %{buildroot}%{_tmpfilesdir}/kresd.conf
|
|
|
fd4eae6 |
mkdir -p %{buildroot}%{_rundir}
|
|
|
fd4eae6 |
install -m 0750 -d %{buildroot}%{_rundir}/kresd
|
|
|
e977454 |
|
|
|
fd4eae6 |
# remove module with unsatisfied dependencies
|
|
|
fd4eae6 |
rm -r %{buildroot}%{_libdir}/kdns_modules/{http,http.lua}
|
|
|
e977454 |
|
|
|
e977454 |
%check
|
|
|
e977454 |
LD_PRELOAD=lib/libkres.so make check %{build_flags} LDFLAGS="%{__global_ldflags} -ldl"
|
|
|
e977454 |
|
|
|
e977454 |
%pre
|
|
|
e977454 |
getent group kresd >/dev/null || groupadd -r kresd
|
|
|
e977454 |
getent passwd kresd >/dev/null || useradd -r -g kresd -d %{_sysconfdir}/kresd -s /sbin/nologin -c "Knot DNS Resolver" kresd
|
|
|
e977454 |
exit 0
|
|
|
e977454 |
|
|
|
e977454 |
%post
|
|
|
e977454 |
%systemd_post kresd.service
|
|
|
e977454 |
/sbin/ldconfig
|
|
|
e977454 |
|
|
|
e977454 |
%preun
|
|
|
e977454 |
%systemd_preun kresd.service
|
|
|
e977454 |
|
|
|
e977454 |
%postun
|
|
|
e977454 |
%systemd_postun_with_restart kresd.service
|
|
|
e977454 |
/sbin/ldconfig
|
|
|
e977454 |
|
|
|
e977454 |
%files
|
|
|
e977454 |
%license COPYING
|
|
|
e977454 |
%doc %{_pkgdocdir}
|
|
|
35ce4ae |
%attr(775,root,kresd) %dir %{_sysconfdir}/kresd
|
|
|
e977454 |
%attr(644,root,kresd) %config(noreplace) %{_sysconfdir}/kresd/config
|
|
|
35ce4ae |
%attr(664,root,kresd) %config(noreplace) %{_sysconfdir}/kresd/root.keys
|
|
|
fd4eae6 |
%attr(750,kresd,kresd) %dir %{_rundir}/kresd
|
|
|
e977454 |
%{_unitdir}/kresd.service
|
|
|
fd4eae6 |
%{_unitdir}/kresd*.socket
|
|
|
fd4eae6 |
%{_tmpfilesdir}/kresd.conf
|
|
|
fd4eae6 |
%{_sbindir}/kresd
|
|
|
e977454 |
%{_libdir}/libkres.so.*
|
|
|
e977454 |
%{_libdir}/kdns_modules
|
|
|
e977454 |
%{_mandir}/man8/kresd.*
|
|
|
e977454 |
|
|
|
e977454 |
%files devel
|
|
|
e977454 |
%{_includedir}/libkres
|
|
|
e977454 |
%{_libdir}/pkgconfig/libkres.pc
|
|
|
e977454 |
%{_libdir}/libkres.so
|
|
|
e977454 |
|
|
|
e977454 |
%changelog
|
|
|
f05d307 |
* Mon Feb 27 2017 Petr Spacek <petr.spacek@nic.cz> - 1.2.3-1
|
|
|
f05d307 |
- new upstream release
|
|
|
f05d307 |
+ security: a cached negative answer from a CD query would be reused
|
|
|
f05d307 |
to construct response for non-CD queries, resulting in Insecure status
|
|
|
f05d307 |
instead of Bogus.
|
|
|
f05d307 |
+ fix: lua: make the map command check its arguments
|
|
|
f05d307 |
+ fix: -k argument processing to avoid out-of-bounds memory accesses
|
|
|
f05d307 |
+ fix: lib/resolve: fix zonecut fetching for explicit DS queries
|
|
|
f05d307 |
+ fix: hints: more NULL checks
|
|
|
f05d307 |
+ fix: TA bootstrapping for multiple TAs in the IANA XML file
|
|
|
f05d307 |
+ fix: Disable storing GLUE records into the cache even in the
|
|
|
f05d307 |
+ fix: (non-default) QUERY_PERMISSIVE mode
|
|
|
f05d307 |
+ fix: iterate: skip answer RRs that don't match the query
|
|
|
f05d307 |
+ fix: layer/iterate: some additional processing for referrals
|
|
|
f05d307 |
+ fix: lib/resolve: zonecut fetching error was fixed
|
|
|
f05d307 |
|
|
 |
b8d5646 |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-2.1
|
|
|
b8d5646 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
b8d5646 |
|
|
|
3709d6c |
* Fri Jan 27 2017 Petr Spacek <petr.spacek@nic.cz> - 1.2.0-2
|
|
|
3709d6c |
- rebuild against knot-2.4.0
|
|
|
3709d6c |
|
|
|
1f4067a |
* Fri Jan 27 2017 Petr Spacek <petr.spacek@nic.cz> - 1.2.0
|
|
|
1f4067a |
- new upstream release:
|
|
|
1f4067a |
+ fix: reworked DNSSEC Validation, that fixes several know problems with less standard DNS configurations
|
|
|
1f4067a |
+ fix: the resolver was setting AD flag when running in a forwarding mode
|
|
|
1f4067a |
+ fix: correctly return RCODE=NOTIMPL on meta-queries and non IN class queries
|
|
|
1f4067a |
+ fix: crash in hints module when hints file was empty
|
|
|
1f4067a |
+ fix: non-lowercase hints
|
|
|
1f4067a |
+ features: optional EDNS(0) Padding support for DNS over TLS
|
|
|
1f4067a |
+ features: support for debugging DNSSEC with CD bit
|
|
|
1f4067a |
+ features: DNS over TLS is now able to create ephemeral certs on the runtime (Thanks Daniel Kahn Gilmore for contributing to DNS over TLS implementation in Knot Resolver.)
|
|
|
1f4067a |
+ features: configurable minimum and maximum TTL (default 6 days)
|
|
|
1f4067a |
+ features: configurable pseudo-random reordering of RR sets
|
|
|
1f4067a |
+ features: new module 'version' that can call home and report new versions and security vulnerabilities to the log file
|
|
|
1f4067a |
|
|
|
35ce4ae |
* Mon Jan 23 2017 Petr Spacek <petr.spacek@nic.cz> - 1.2.0-rc1
|
|
|
35ce4ae |
- Update to latest upstream version
|
|
|
35ce4ae |
- Fix packaging bug: depend on proper Lua library versions
|
|
|
35ce4ae |
- Allow automatic trust anchor management to work
|
|
|
35ce4ae |
|
|
|
1efd2a2 |
* Sat Nov 19 2016 Peter Robinson <pbrobinson@fedoraproject.org> 1.1.1-3
|
|
|
1efd2a2 |
- Add ExclusiveArch for architectures with LuaJIT
|
|
|
1efd2a2 |
|
|
Igor Gnatenko |
360be18 |
* Mon Aug 29 2016 Igor Gnatenko <ignatenko@redhat.com> - 1.1.1-2
|
|
Igor Gnatenko |
360be18 |
- Rebuild for LuaJIT 2.1.0
|
|
Igor Gnatenko |
360be18 |
|
|
|
b6eb3ba |
* Wed Aug 24 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 1.1.1-1
|
|
|
b6eb3ba |
- new upstream release:
|
|
|
b6eb3ba |
+ fix name server fallback in case some of the servers are unreachable
|
|
|
b6eb3ba |
|
|
|
fd4eae6 |
* Fri Aug 12 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 1.1.0-1
|
|
|
fd4eae6 |
- new upstream release:
|
|
|
fd4eae6 |
+ RFC7873 DNS Cookies
|
|
|
fd4eae6 |
+ RFC7858 DNS over TLS
|
|
|
fd4eae6 |
+ Metrics exported in Prometheus
|
|
|
fd4eae6 |
+ DNS firewall module
|
|
|
fd4eae6 |
+ Explicit CNAME target fetching in strict mode
|
|
|
fd4eae6 |
+ Query minimisation improvements
|
|
|
fd4eae6 |
+ Improved integration with systemd
|
|
|
fd4eae6 |
|
|
|
c865a09 |
* Tue May 31 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 1.0.0-1
|
|
|
c865a09 |
- final release
|
|
|
c865a09 |
|
|
|
e977454 |
* Thu May 05 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 1.0.0-0.3.4f463d7
|
|
|
e977454 |
- update to latest git version
|
|
|
e977454 |
- re-enable unit-test
|
|
|
e977454 |
|
|
|
e977454 |
* Sat Apr 09 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 1.0.0-0.2.79a8440
|
|
|
e977454 |
- update to latest git version
|
|
|
e977454 |
- fix package review issues
|
|
|
e977454 |
|
|
|
e977454 |
* Tue Feb 02 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 1.0.0-0.1.beta3
|
|
|
e977454 |
- initial package
|