10 Star 0 Fork 23

src-openEuler / unbound

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
unbound.spec 12.11 KB
一键复制 编辑 Web IDE 原始数据 按行查看 历史
eaglegai 提交于 2024-03-05 08:18 . change ExecReload to fix reload failure
%{!?delete_la: %global delete_la find $RPM_BUILD_ROOT -type f -name "*.la" -delete}
Name: unbound
Version: 1.13.2
Release: 11
Summary: Unbound is a validating, recursive, caching DNS resolver
License: BSD
Url: https://nlnetlabs.nl/projects/unbound/about/
Source: https://nlnetlabs.nl/downloads/unbound/%{name}-%{version}.tar.gz
Source1: unbound.service
Source2: unbound.conf
Source3: root.key
Source4: unbound-keygen.service
Source5: tmpfiles-unbound.conf
Source6: example.com.key
Source7: example.com.conf
Source8: block-example.com.conf
Source9: https://data.iana.org/root-anchors/icannbundle.pem
Source10: root.anchor
Source11: unbound.sysconfig
Source12: unbound-anchor.timer
Source13: unbound-anchor.service
Patch0: backport-fix-q-doesnt-work-when-use-with-unbound-control-stats_shm.patch
Patch1: unbound-remove-buildin-key.patch
Patch2: backport-CVE-2022-30698-and-CVE-2022-30699.patch
Patch3: backport-CVE-2022-3204.patch
Patch4: backport-Undefine-shift-in-sldns_str2wire_hip_buf.patch
Patch5: backport-Integer-overflow-in-sldns_wire2str_pkt_scan.patch
Patch6: backport-CVE-2023-50387_CVE-2023-50868.patch
BuildRequires: make flex swig pkgconfig systemd
BuildRequires: libevent-devel expat-devel openssl-devel python3-devel
BuildRequires: gcc
%{?systemd_requires}
Requires: %{name}-libs = %{version}-%{release}
%description
Unbound is a validating, recursive, caching DNS resolver. It is designed
to be fast and lean and incorporates modern features based on open standards.
To help increase online privacy, Unbound supports DNS-over-TLS which allows
clients to encrypt their communication. Unbound is available for most platforms
such as FreeBSD, OpenBSD, NetBSD, MacOS, Linux and Microsoft Windows.
Unbound is a totally free, open source software under the BSD license. It doesn't
make custom builds or provide specific features to paying customers only.
%package libs
Summary: Libraries for %{name}
Requires(pre): shadow-utils
%description libs
Libraries for %{name}.
%package devel
Summary: Libraries and header files
Requires: %{name}-libs = %{version}-%{release} openssl-devel pkgconfig
%description devel
Package devel includes libraries and header files for development with unbound.
%package -n python3-%{name}
Summary: The python3 module of unbound DNS resolver
Requires: %{name}-libs = %{version}-%{release}
%description -n python3-unbound
The python3 module of unbound DNS resolver.
%package help
Summary: Man pages for unbound
%description help
Package help includes includes man pages for unbound.
%prep
%setup -qcn %{name}-%{version}
pushd %{name}-%{version}
%autopatch -p1
cp -pr doc pythonmod libunbound ../
popd
%build
%global configure_args --with-libevent --with-pthreads --with-ssl \\\
--disable-rpath --disable-static \\\
--enable-relro-now --enable-pie \\\
--enable-subnet --enable-ipsecmod \\\
--with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \\\
--with-pidfile=%{_rundir}/%{name}/%{name}.pid \\\
--enable-sha2 --disable-gost --enable-ecdsa \\\
--with-rootkey-file=%{_sharedstatedir}/unbound/root.key \\\
--enable-linux-ip-local-port-range
pushd %{name}-%{version}
%configure --with-pythonmodule --with-pyunbound PYTHON=%{__python3} \%{configure_args}
%make_build
%make_build streamtcp
popd
%install
pushd %{name}-%{version}
%make_install unbound-event-install
install -m 0755 streamtcp $RPM_BUILD_ROOT%{_sbindir}/unbound-streamtcp
install -d -m 0755 $RPM_BUILD_ROOT%{_unitdir} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
install -m 0644 testcode/streamtcp.1 $RPM_BUILD_ROOT%{_mandir}/man1/unbound-streamtcp.1
install -D -m 0644 contrib/libunbound.pc $RPM_BUILD_ROOT%{_libdir}/pkgconfig/libunbound.pc
popd
install -d -m 0755 $RPM_BUILD_ROOT%{_tmpfilesdir} $RPM_BUILD_ROOT%{_sharedstatedir}/unbound
install -m 0644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/unbound/
install -m 0644 %{SOURCE5} $RPM_BUILD_ROOT%{_tmpfilesdir}/unbound.conf
%if %{?openEuler:1}0
install -m 0644 %{SOURCE10} $RPM_BUILD_ROOT%{_sharedstatedir}/unbound/root.key
%else
install -m 0600 %{SOURCE10} $RPM_BUILD_ROOT%{_sharedstatedir}/unbound/root.key
%endif
install -p -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/unbound.service
install -p -m 0755 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/unbound
install -p -m 0644 %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}/unbound-keygen.service
install -p -m 0644 %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/unbound
install -p -m 0644 %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/unbound
install -p -m 0644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/unbound-anchor.timer
install -p -m 0644 %{SOURCE13} $RPM_BUILD_ROOT%{_unitdir}/unbound-anchor.service
%delete_la
for mpage in ub_ctx ub_result ub_ctx_create ub_ctx_delete ub_ctx_set_option ub_ctx_get_option ub_ctx_config ub_ctx_set_fwd ub_ctx_resolvconf ub_ctx_hosts ub_ctx_add_ta ub_ctx_add_ta_file ub_ctx_trustedkeys ub_ctx_debugout ub_ctx_debuglevel ub_ctx_async ub_poll ub_wait ub_fd ub_process ub_resolve ub_resolve_async ub_cancel ub_resolve_free ub_strerror ub_ctx_print_local_zones ub_ctx_zone_add ub_ctx_zone_remove ub_ctx_data_add ub_ctx_data_remove;
do
echo ".so man3/libunbound.3" > $RPM_BUILD_ROOT%{_mandir}/man3/$mpage ;
done
install -d $RPM_BUILD_ROOT%{_rundir}/unbound
install -d $RPM_BUILD_ROOT%{_sysconfdir}/unbound/{keys.d,conf.d,local.d}
install -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/unbound/keys.d/
install -p %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/unbound/conf.d/
install -p %{SOURCE8} $RPM_BUILD_ROOT%{_sysconfdir}/unbound/local.d/
echo ".so man8/unbound-control.8" > $RPM_BUILD_ROOT/%{_mandir}/man8/unbound-control-setup.8
%pre libs
getent group unbound >/dev/null || groupadd -r unbound
getent passwd unbound >/dev/null || \
useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \
-c "Unbound DNS resolver" unbound
%post
%systemd_post unbound.service
%systemd_post unbound-keygen.service
%post libs
%{?ldconfig}
%systemd_post unbound-anchor.timer
if [ "$1" -eq 1 ]; then
/bin/systemctl start unbound-anchor.timer >/dev/null 2>&1 || :
fi
%preun
%systemd_preun unbound.service
%systemd_preun unbound-keygen.service
%preun libs
%systemd_preun unbound-anchor.timer
%postun
%systemd_postun_with_restart unbound.service
%systemd_postun unbound-keygen.service
%postun libs
%{?ldconfig}
%systemd_postun_with_restart unbound-anchor.timer
%triggerun -- unbound < 1.4.12-4
/usr/bin/systemd-sysv-convert --save unbound >/dev/null 2>&1 ||:
/sbin/chkconfig --del unbound >/dev/null 2>&1 || :
/bin/systemctl try-restart unbound.service >/dev/null 2>&1 || :
/bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
%check
pushd %{name}-%{version}
make check
popd
%files
%defattr(-,root,root)
%doc doc/CREDITS doc/FEATURES doc/README doc/LICENSE
%attr(0644,root,root) %{_tmpfilesdir}/unbound.conf
%attr(0755,unbound,unbound) %dir %{_rundir}/%{name}
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/keys.d
%attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/keys.d/*.key
%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/conf.d
%attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/conf.d/*.conf
%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/local.d
%attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/local.d/*.conf
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}-keygen.service
%ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_control.pem
%ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_control.key
%ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_server.pem
%ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_server.key
%{_sbindir}/*
%exclude %{_sbindir}/unbound-anchor
%files libs
%defattr(-,root,root)
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}
%if %{?openEuler:1}0
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
%attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
%{_sysconfdir}/%{name}/icannbundle.pem
%else
%attr(0600,root,root) %config %{_sysconfdir}/%{name}/root.key
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
%attr(0600,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
%attr(0600,root,root) %{_sysconfdir}/%{name}/icannbundle.pem
%endif
%{_sbindir}/unbound-anchor
%{_libdir}/libunbound.so.*
%{_unitdir}/unbound-anchor.timer
%{_unitdir}/unbound-anchor.service
%files -n python3-unbound
%defattr(-,root,root)
%doc pythonmod/examples/* libunbound/python/examples/* pythonmod/LICENSE
%{python3_sitearch}/*
%files devel
%defattr(-,root,root)
%{_libdir}/libunbound.so
%{_libdir}/pkgconfig/*.pc
%{_includedir}/*
%files help
%defattr(-,root,root)
%{_mandir}/man*
%changelog
* Tue Mar 05 2024 gaihuiying <eaglegai@163.com> - 1.13.2-11
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:change ExecReload to fix reload failure
* Tue Feb 27 2024 gaihuiying <eaglegai@163.com> - 1.13.2-10
- Type:cves
- CVE:CVE-2024-1488
- SUG:NA
- DESC:fix CVE-2024-1488
* Fri Feb 23 2024 gaihuiying <eaglegai@163.com> - 1.13.2-9
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix CVE-2023-50387 CVE-2023-50868
* Fri Mar 03 2023 gaihuiying <eaglegai@163.com> - 1.13.2-8
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:change run directory from /var/run to /run to fix "/usr/lib/tmpfiles.d/unbound.conf:1: xxxx"
* Wed Feb 22 2023 gaihuiying <eaglegai@163.com> - 1.13.2-7
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:backport to fix upstream issue #610 #611
* Thu Sep 22 2022 xingwei <xingwei14@h-partners.com> - 1.13.2-6
- Type:cves
- CVE:CVE-2022-3204
- SUG:NA
- DESC:fix CVE-2022-3204
* Wed Aug 03 2022 yanglu <yanglu72@h-partners.com> - 1.13.2-5
- Type:cves
- CVE:CVE-2022-30698 CVE-2022-30699
- SUG:NA
- DESC:fix CVE-2022-30698 and CVE-2022-30699
* Sat Jun 11 2022 gaihuiying <eaglegai@163.com> - 1.13.2-4
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:remove buildin key
add macros to control if key files permissons is 600 or 644
remove useless BuildRequires:unbound-libs
* Mon Mar 21 2022 gaihuiying <eaglegai@163.com> - 1.13.2-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix -q doesn't work when use with 'unbound-control stats_shm'
* Wed Jan 26 2021 quanhongfei <quanhongfei@h-partners.com> - 1.13.2-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:unbound-libs remove requires libpython3.8.so
* Mon Dec 06 2021 quanhongfei <quanhongfei@huawei.com> - 1.13.2-1
- Type:requirement
- ID:NA
- SUG:NA
- DESC:update unbound version to 1.13.2
* Tue Aug 31 2021 gaihuiying <gaihuiying1@huawei.com> - 1.10.1-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix error when install unbound-libs
* Thu Aug 26 2021 chenyanpanHW <chenyanpan@huawei.com> - 1.10.1-5
- Type: requirement
- ID: NA
- SUG: NA
- DESC: unbound-libs remove Requires systemd
* Thu May 27 2021 lijingyuan <lijingyuan3@huawei.com> - 1.10.1-4
- Type:bufix
- ID:NA
- SUG:NA
- DESC:Add the compilation dependency of gcc.
* Tue Feb 23 2021 zhouyihang <zhouyihang3@huawei.com> - 1.10.1-3
- Type:CVE
- ID:NA
- SUG:NA
- DESC:fix CVE-2020-28935
* Thu Oct 29 2020 gaihuiying <gaihuiying1@huawei.com> - 1.10.1-2
- Type:requirement
- ID:NA
- SUG:NA
- DESC:remove python-universioned-command provided by python2
* Tue Jul 28 2020 gaihuiying <gaihuiying1@huawei.com> - 1.10.1-1
- Type:requirement
- ID:NA
- SUG:NA
- DESC:update unbound version to 1.10.1
* Wed Feb 19 2020 hexiujun <hexiujun1@huawei.com> - 1.7.3-14
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:unpack libs subpackage
* Sat Jan 11 2020 zhangrui<zhangrui182@huawei.com> - 1.7.3-13
- Type:cves
- ID:CVE-2019-18934
- SUG:restart
- DESC:fix CVE-2019-18934
* Tue Dec 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.7.3-12
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:change the jurisdiction for some path of files
* Wed Nov 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.7.3-11
- Type: enhancement
- ID: NA
- SUG: NA
- DESC:modify the contents of help package
* Wed Sep 25 2019 Zaiwang Li <lizaiwang1@huawei.com> - 1.7.3-10
- Init Package
1
https://gitee.com/src-openeuler/unbound.git
git@gitee.com:src-openeuler/unbound.git
src-openeuler
unbound
unbound
openEuler-22.03-LTS

搜索帮助

14c37bed 8189591 565d56ea 8189591