[packages/unbound.git] / unbound.spec

# FIXME:
# - stop using nobody group
#
# Conditional build:
%bcond_without	python		# Python binding
%bcond_with	dnscrypt	# dnscrypt support
%bcond_with	dnstap		# dnstap replication support
%bcond_with	redis		# cachedb support for redis (using hiredis)
%bcond_with	systemd		# systemd support
%bcond_without	tests		# unit tests
#
Summary:	Recursive, validating DNS resolver
Summary(pl.UTF-8):	Rekurencyjny, weryfikujący resolver DNS
Name:		unbound
Version:	1.19.3
Release:	1
License:	BSD
Group:		Applications/Network
Source0:	https://www.unbound.net/downloads/%{name}-%{version}.tar.gz
# Source0-md5:	00bf61460c87c2542bcb68d52a2e5195
Source1:	%{name}.init
Source2:	%{name}.service
Source3:	https://data.iana.org/root-anchors/icannbundle.pem
# Source3-md5:	d00ef4e253e99e93ee020da5ad5e7d9a
Source4:	ftp://ftp.internic.net/domain/named.cache
# Source4-md5:	a551fabe906ec055e7f563276dad9c35
Patch0:		%{name}-default_trust_anchor.patch
Patch1:		%{name}-sh.patch
URL:		http://unbound.net/
BuildRequires:	autoconf >= 2.56
BuildRequires:	automake
BuildRequires:	bison
BuildRequires:	expat-devel >= 1.95
BuildRequires:	flex
%{?with_dnstap:BuildRequires:	fstrm-devel}
%{?with_redis:BuildRequires:	hiredis-devel}
BuildRequires:	libevent-devel
%{?with_dnscrypt:BuildRequires:	libsodium-devel}
BuildRequires:	libtool
BuildRequires:	linux-libc-headers >= 7:2.6.30
BuildRequires:	openssl-devel >= 1.0.0
%{?with_dnstap:BuildRequires:	protobuf-c-devel}
BuildRequires:	rpmbuild(macros) >= 1.671
%{?with_systemd:BuildRequires:	systemd-devel}
%if %{with python}
BuildRequires:	python3-devel
BuildRequires:	python3-modules
BuildRequires:	swig-python >= 2.0.1
%endif
Provides:	user(unbound)
Requires(post,preun):	/sbin/chkconfig
Requires(postun):	/usr/sbin/userdel
Requires(pre):	/bin/id
Requires(pre):	/usr/sbin/useradd
Requires:	systemd-units >= 38
Requires:	%{name}-libs = %{version}-%{release}
Suggests:	openssl-tools
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
Unbound is a validating, recursive, and caching DNS resolver.

The C implementation of Unbound is developed and maintained by NLnet
Labs. It is based on ideas and algorithms taken from a Java prototype
developed by Verisign labs, Nominet, Kirei and ep.net.

Unbound is designed as a set of modular components, so that also
DNSSEC (secure DNS) validation and stub-resolvers (that do not run as
a server, but are linked into an application) are easily possible.

%description -l pl.UTF-8
Unbound to weryfikujący, rekurencyjny i cache'ujący resolver (kod
rozwiązujący nazwy) DNS.

Implementacja Unbound w C jest tworzona i utrzymywana przez NLnet
Labs. Jest oparta na pomysłach i algorytmach zaczerpniętych z
prototypu w Javie stworzonego przez Verisign Labs, Nominet, Kirei oraz
ep.net.

Unbound został zaprojektowany jako zbiór modularnych komponentów, więc
możliwe są także weryfikacja DNSSEC (bezpieczny DNS) oraz
resolvery-zaślepki (nie działające jako serwer, ale wbudowane w
aplikację).

%package libs
Summary:	Unbound shared library
Summary(pl.UTF-8):	Biblioteka współdzielona Unbound
Group:		Libraries
Conflicts:	unbound < 1.4.18-1

%description libs
Unbound shared library.

%description libs -l pl.UTF-8
Biblioteka współdzielona Unbound.

%package devel
Summary:	Header files for unbound library
Summary(pl.UTF-8):	Pliki nagłówkowe biblioteki unbound
Group:		Development/Libraries
Requires:	%{name}-libs = %{version}-%{release}
Requires:	openssl-devel >= 1.0.0

%description devel
Header files for unbound library.

%description devel -l pl.UTF-8
Pliki nagłówkowe biblioteki unbound.

%package static
Summary:	Static unbound library
Summary(pl.UTF-8):	Statyczna biblioteka unbound
Group:		Development/Libraries
Requires:	%{name}-devel = %{version}-%{release}

%description static
Static unbound library.

%description static -l pl.UTF-8
Statyczna biblioteka unbound.

%package -n python3-unbound
Summary:	Python interface to unbound library
Summary(pl.UTF-8):	Pythonowy interfejs do biblioteki unbound
Group:		Libraries/Python
Requires:	%{name}-libs = %{version}-%{release}
Obsoletes:	python-unbound < 1.13.1-2

%description -n python3-unbound
Python interface to unbound library.

%description -n python3-unbound -l pl.UTF-8
Pythonowy interfejs do biblioteki unbound.

%prep
%setup -q
%patch0 -p1
%patch1 -p1

%build
%{__libtoolize}
%{__aclocal}
%{__autoconf}
%{__autoheader}
%configure \
	PYTHON=%{__python3} \
	%{?with_dnscrypt:--enable-dnscrypt} \
	%{?with_dnstap:--enable-dnstap} \
	%{?with_systemd:--enable-systemd} \
	--with-chroot-dir="" \
	--with-conf-file=%{_sysconfdir}/%{name}/%{name}.conf \
	--with-libevent=/usr \
	--with-libexpat=/usr \
	%{?with_redis:--with-libhiredis=/usr} \
	--with-pidfile=/run/%{name}.pid \
	%{__with_without python pyunbound} \
	%{__with_without python pythonmodule} \
	--with-rootkey-file=/var/lib/%{name}/root.key \
	--with-rootcert-file=%{_sysconfdir}/%{name}/icannbundle.pem

%{__make}

%if %{with tests}
%{__make} check
%endif

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{systemdunitdir},/var/lib/%{name}}

%{__make} install \
	DESTDIR=$RPM_BUILD_ROOT

cp -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
cp -p %{SOURCE2} $RPM_BUILD_ROOT%{systemdunitdir}/%{name}.service
cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/icannbundle.pem
cp -p %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/named.cache

touch $RPM_BUILD_ROOT/var/lib/%{name}/root.key

# obsoleted by pkg-config
%{__rm} $RPM_BUILD_ROOT%{_libdir}/libunbound.la

%if %{with python}
%{__rm} $RPM_BUILD_ROOT%{py3_sitedir}/_unbound.la
%py3_comp $RPM_BUILD_ROOT%{py3_sitedir}
%py3_ocomp $RPM_BUILD_ROOT%{py3_sitedir}
%endif

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/chkconfig --add %{name}
%systemd_post %{name}.service
%service %{name} restart

%pre
%useradd -u 196 -g 99 -d /tmp -s /bin/false -c "unbound user" unbound

%preun
if [ "$1" = "0" ]; then
	%service -q %{name} stop
	/sbin/chkconfig --del %{name}
fi
%systemd_preun %{name}.service

%postun
if [ "$1" = "0" ]; then
	%userremove unbound
fi
%systemd_reload

%triggerpostun -- %{name} < 1.4.22-1
%systemd_trigger %{name}.service

%post	libs -p /sbin/ldconfig
%postun	libs -p /sbin/ldconfig

%files
%defattr(644,root,root,755)
%doc doc/{CREDITS,Changelog,FEATURES,LICENSE,README,TODO,control_proto_spec.txt,example.conf,ietf67-design-02.pdf,requirements.txt}
%attr(754,root,root) /etc/rc.d/init.d/unbound
%{systemdunitdir}/%{name}.service
%attr(751,unbound,root) %dir %{_sysconfdir}/%{name}
%attr(640,unbound,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/unbound.conf
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/named.cache
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/icannbundle.pem
%attr(755,root,root) %{_sbindir}/unbound
%attr(755,root,root) %{_sbindir}/unbound-anchor
%attr(755,root,root) %{_sbindir}/unbound-checkconf
%attr(755,root,root) %{_sbindir}/unbound-control*
%attr(755,root,root) %{_sbindir}/unbound-host
%{_mandir}/man1/unbound-host.1*
%{_mandir}/man5/unbound.conf.5*
%{_mandir}/man8/unbound-checkconf.8*
%{_mandir}/man8/unbound.8*
%{_mandir}/man8/unbound-anchor.8*
%{_mandir}/man8/unbound-control*.8*
%dir %attr(755,unbound,nobody) /var/lib/%{name}
%ghost /var/lib/%{name}/root.key

%files libs
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libunbound.so.*.*.*
%attr(755,root,root) %ghost %{_libdir}/libunbound.so.8

%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libunbound.so
%{_pkgconfigdir}/libunbound.pc
%{_includedir}/unbound.h
%{_mandir}/man3/libunbound.3*
%{_mandir}/man3/ub_*.3*

%files static
%defattr(644,root,root,755)
%{_libdir}/libunbound.a

%if %{with python}
%files -n python3-unbound
%defattr(644,root,root,755)
%attr(755,root,root) %{py3_sitedir}/_unbound.so*
%{py3_sitedir}/__pycache__/unbound*.pyc
%{py3_sitedir}/unbound.py
%{py3_sitedir}/unboundmodule.py
%endif
Commit	Line	Data
2731c2c0 AM	1	# FIXME:
2731c2c0 AM	2	# - stop using nobody group
ca75cd40	3	#
89d05c6c	4	# Conditional build:
ae58863f JB	5	%bcond_without python # Python binding
	6	%bcond_with dnscrypt # dnscrypt support
	7	%bcond_with dnstap # dnstap replication support
	8	%bcond_with redis # cachedb support for redis (using hiredis)
	9	%bcond_with systemd # systemd support
	10	%bcond_without tests # unit tests
89d05c6c JB	11	#
	12	Summary: Recursive, validating DNS resolver
	13	Summary(pl.UTF-8): Rekurencyjny, weryfikujący resolver DNS
ca75cd40	14	Name: unbound
741a4b50	15	Version: 1.19.3
59589f31	16	Release: 1
ca75cd40	17	License: BSD
89d05c6c	18	Group: Applications/Network
f1d3bb60	19	Source0: https://www.unbound.net/downloads/%{name}-%{version}.tar.gz
741a4b50	20	# Source0-md5: 00bf61460c87c2542bcb68d52a2e5195
cda91157	21	Source1: %{name}.init
0ddfe461 JK	22	Source2: %{name}.service
0ddfe461 JK	23	Source3: https://data.iana.org/root-anchors/icannbundle.pem
ccf5b7e8	24	# Source3-md5: d00ef4e253e99e93ee020da5ad5e7d9a
0ddfe461	25	Source4: ftp://ftp.internic.net/domain/named.cache
741a4b50	26	# Source4-md5: a551fabe906ec055e7f563276dad9c35
b53232e5	27	Patch0: %{name}-default_trust_anchor.patch
f33b27d4	28	Patch1: %{name}-sh.patch
ca75cd40	29	URL: http://unbound.net/
f33b27d4 JB	30	BuildRequires: autoconf >= 2.56
f33b27d4 JB	31	BuildRequires: automake
2b3ec506	32	BuildRequires: bison
bbf1b17b	33	BuildRequires: expat-devel >= 1.95
2b3ec506	34	BuildRequires: flex
60c650ce	35	%{?with_dnstap:BuildRequires: fstrm-devel}
bbf1b17b	36	%{?with_redis:BuildRequires: hiredis-devel}
5ec53429	37	BuildRequires: libevent-devel
ae58863f	38	%{?with_dnscrypt:BuildRequires: libsodium-devel}
f33b27d4	39	BuildRequires: libtool
beb1c095	40	BuildRequires: linux-libc-headers >= 7:2.6.30
bbf1b17b	41	BuildRequires: openssl-devel >= 1.0.0
60c650ce	42	%{?with_dnstap:BuildRequires: protobuf-c-devel}
2b3ec506 JB	43	BuildRequires: rpmbuild(macros) >= 1.671
2b3ec506 JB	44	%{?with_systemd:BuildRequires: systemd-devel}
89d05c6c	45	%if %{with python}
fe6b3abb	46	BuildRequires: python3-devel
6a38cf36	47	BuildRequires: python3-modules
bbf1b17b	48	BuildRequires: swig-python >= 2.0.1
89d05c6c	49	%endif
5946fd51	50	Provides: user(unbound)
2b3ec506	51	Requires(post,preun): /sbin/chkconfig
5946fd51 AM	52	Requires(postun): /usr/sbin/userdel
	53	Requires(pre): /bin/id
	54	Requires(pre): /usr/sbin/useradd
0ddfe461	55	Requires: systemd-units >= 38
89d05c6c	56	Requires: %{name}-libs = %{version}-%{release}
aa7a2649	57	Suggests: openssl-tools
ca75cd40	58	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	59
	60	%description
	61	Unbound is a validating, recursive, and caching DNS resolver.
	62
	63	The C implementation of Unbound is developed and maintained by NLnet
89d05c6c	64	Labs. It is based on ideas and algorithms taken from a Java prototype
ca75cd40	65	developed by Verisign labs, Nominet, Kirei and ep.net.
	66
	67	Unbound is designed as a set of modular components, so that also
	68	DNSSEC (secure DNS) validation and stub-resolvers (that do not run as
	69	a server, but are linked into an application) are easily possible.
	70
89d05c6c JB	71	%description -l pl.UTF-8
	72	Unbound to weryfikujący, rekurencyjny i cache'ujący resolver (kod
	73	rozwiązujący nazwy) DNS.
	74
	75	Implementacja Unbound w C jest tworzona i utrzymywana przez NLnet
	76	Labs. Jest oparta na pomysłach i algorytmach zaczerpniętych z
	77	prototypu w Javie stworzonego przez Verisign Labs, Nominet, Kirei oraz
	78	ep.net.
	79
	80	Unbound został zaprojektowany jako zbiór modularnych komponentów, więc
	81	możliwe są także weryfikacja DNSSEC (bezpieczny DNS) oraz
	82	resolvery-zaślepki (nie działające jako serwer, ale wbudowane w
	83	aplikację).
	84
	85	%package libs
	86	Summary: Unbound shared library
	87	Summary(pl.UTF-8): Biblioteka współdzielona Unbound
	88	Group: Libraries
	89	Conflicts: unbound < 1.4.18-1
	90
	91	%description libs
	92	Unbound shared library.
	93
	94	%description libs -l pl.UTF-8
	95	Biblioteka współdzielona Unbound.
	96
ca75cd40	97	%package devel
	98	Summary: Header files for unbound library
	99	Summary(pl.UTF-8): Pliki nagłówkowe biblioteki unbound
	100	Group: Development/Libraries
89d05c6c	101	Requires: %{name}-libs = %{version}-%{release}
bbf1b17b	102	Requires: openssl-devel >= 1.0.0
ca75cd40	103
	104	%description devel
	105	Header files for unbound library.
	106
	107	%description devel -l pl.UTF-8
	108	Pliki nagłówkowe biblioteki unbound.
	109
	110	%package static
	111	Summary: Static unbound library
	112	Summary(pl.UTF-8): Statyczna biblioteka unbound
	113	Group: Development/Libraries
	114	Requires: %{name}-devel = %{version}-%{release}
	115
	116	%description static
	117	Static unbound library.
	118
	119	%description static -l pl.UTF-8
	120	Statyczna biblioteka unbound.
	121
fe6b3abb	122	%package -n python3-unbound
89d05c6c JB	123	Summary: Python interface to unbound library
89d05c6c JB	124	Summary(pl.UTF-8): Pythonowy interfejs do biblioteki unbound
2731c2c0	125	Group: Libraries/Python
89d05c6c	126	Requires: %{name}-libs = %{version}-%{release}
fe6b3abb	127	Obsoletes: python-unbound < 1.13.1-2
89d05c6c	128
fe6b3abb	129	%description -n python3-unbound
89d05c6c JB	130	Python interface to unbound library.
89d05c6c JB	131
fe6b3abb	132	%description -n python3-unbound -l pl.UTF-8
89d05c6c JB	133	Pythonowy interfejs do biblioteki unbound.
89d05c6c JB	134
ca75cd40	135	%prep
ca75cd40	136	%setup -q
b53232e5	137	%patch0 -p1
f33b27d4	138	%patch1 -p1
ca75cd40	139
ca75cd40	140	%build
f33b27d4 JB	141	%{__libtoolize}
	142	%{__aclocal}
	143	%{__autoconf}
	144	%{__autoheader}
89d05c6c	145	%configure \
fe6b3abb	146	PYTHON=%{__python3} \
ae58863f	147	%{?with_dnscrypt:--enable-dnscrypt} \
60c650ce	148	%{?with_dnstap:--enable-dnstap} \
2b3ec506	149	%{?with_systemd:--enable-systemd} \
267353b4	150	--with-chroot-dir="" \
0ddfe461	151	--with-conf-file=%{_sysconfdir}/%{name}/%{name}.conf \
bbf1b17b JB	152	--with-libevent=/usr \
	153	--with-libexpat=/usr \
	154	%{?with_redis:--with-libhiredis=/usr} \
	155	--with-pidfile=/run/%{name}.pid \
	156	%{__with_without python pyunbound} \
	157	%{__with_without python pythonmodule} \
0ddfe461 JK	158	--with-rootkey-file=/var/lib/%{name}/root.key \
	159	--with-rootcert-file=%{_sysconfdir}/%{name}/icannbundle.pem
	160
ca75cd40	161	%{__make}
ca75cd40	162
2731c2c0 AM	163	%if %{with tests}
	164	%{__make} check
	165	%endif
	166
ca75cd40	167	%install
ca75cd40	168	rm -rf $RPM_BUILD_ROOT
0ddfe461	169	install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{systemdunitdir},/var/lib/%{name}}
ca75cd40	170
	171	%{__make} install \
	172	DESTDIR=$RPM_BUILD_ROOT
	173
2731c2c0 AM	174	cp -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
	175	cp -p %{SOURCE2} $RPM_BUILD_ROOT%{systemdunitdir}/%{name}.service
	176	cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/icannbundle.pem
	177	cp -p %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/named.cache
0ddfe461 JK	178
	179	touch $RPM_BUILD_ROOT/var/lib/%{name}/root.key
	180
ae58863f JB	181	# obsoleted by pkg-config
	182	%{__rm} $RPM_BUILD_ROOT%{_libdir}/libunbound.la
	183
89d05c6c	184	%if %{with python}
fe6b3abb JP	185	%{__rm} $RPM_BUILD_ROOT%{py3_sitedir}/_unbound.la
	186	%py3_comp $RPM_BUILD_ROOT%{py3_sitedir}
	187	%py3_ocomp $RPM_BUILD_ROOT%{py3_sitedir}
89d05c6c JB	188	%endif
89d05c6c JB	189
ca75cd40	190	%clean
	191	rm -rf $RPM_BUILD_ROOT
	192
ca75cd40	193	%post
ca75cd40	194	/sbin/chkconfig --add %{name}
0ddfe461	195	%systemd_post %{name}.service
ca75cd40	196	%service %{name} restart
ca75cd40	197
5c77fe31 AM	198	%pre
	199	%useradd -u 196 -g 99 -d /tmp -s /bin/false -c "unbound user" unbound
	200
ca75cd40	201	%preun
	202	if [ "$1" = "0" ]; then
	203	%service -q %{name} stop
	204	/sbin/chkconfig --del %{name}
	205	fi
0ddfe461	206	%systemd_preun %{name}.service
ca75cd40	207
5c77fe31 AM	208	%postun
	209	if [ "$1" = "0" ]; then
	210	%userremove unbound
	211	fi
0ddfe461 JK	212	%systemd_reload
	213
	214	%triggerpostun -- %{name} < 1.4.22-1
	215	%systemd_trigger %{name}.service
5c77fe31	216
89d05c6c JB	217	%post libs -p /sbin/ldconfig
	218	%postun libs -p /sbin/ldconfig
	219
ca75cd40	220	%files
ca75cd40	221	%defattr(644,root,root,755)
89d05c6c	222	%doc doc/{CREDITS,Changelog,FEATURES,LICENSE,README,TODO,control_proto_spec.txt,example.conf,ietf67-design-02.pdf,requirements.txt}
cda91157	223	%attr(754,root,root) /etc/rc.d/init.d/unbound
0ddfe461	224	%{systemdunitdir}/%{name}.service
01400ded JP	225	%attr(751,unbound,root) %dir %{_sysconfdir}/%{name}
01400ded JP	226	%attr(640,unbound,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/unbound.conf
0ddfe461 JK	227	%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/named.cache
0ddfe461 JK	228	%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/icannbundle.pem
ca75cd40	229	%attr(755,root,root) %{_sbindir}/unbound
511c7cae	230	%attr(755,root,root) %{_sbindir}/unbound-anchor
ca75cd40	231	%attr(755,root,root) %{_sbindir}/unbound-checkconf
5ec53429	232	%attr(755,root,root) %{_sbindir}/unbound-control*
ca75cd40	233	%attr(755,root,root) %{_sbindir}/unbound-host
	234	%{_mandir}/man1/unbound-host.1*
	235	%{_mandir}/man5/unbound.conf.5*
	236	%{_mandir}/man8/unbound-checkconf.8*
	237	%{_mandir}/man8/unbound.8*
511c7cae	238	%{_mandir}/man8/unbound-anchor.8*
379d3e5e	239	%{_mandir}/man8/unbound-control.8
0ddfe461 JK	240	%dir %attr(755,unbound,nobody) /var/lib/%{name}
0ddfe461 JK	241	%ghost /var/lib/%{name}/root.key
ca75cd40	242
89d05c6c JB	243	%files libs
	244	%defattr(644,root,root,755)
	245	%attr(755,root,root) %{_libdir}/libunbound.so...*
4715445e	246	%attr(755,root,root) %ghost %{_libdir}/libunbound.so.8
89d05c6c	247
ca75cd40	248	%files devel
cda91157	249	%defattr(644,root,root,755)
89d05c6c	250	%attr(755,root,root) %{_libdir}/libunbound.so
2731c2c0	251	%{_pkgconfigdir}/libunbound.pc
89d05c6c	252	%{_includedir}/unbound.h
ca75cd40	253	%{_mandir}/man3/libunbound.3*
44b158d7	254	%{_mandir}/man3/ub_.3
ca75cd40	255
ca75cd40	256	%files static
cda91157	257	%defattr(644,root,root,755)
ca75cd40	258	%{_libdir}/libunbound.a
89d05c6c JB	259
89d05c6c JB	260	%if %{with python}
fe6b3abb	261	%files -n python3-unbound
89d05c6c	262	%defattr(644,root,root,755)
fe6b3abb JP	263	%attr(755,root,root) %{py3_sitedir}/_unbound.so*
	264	%{py3_sitedir}/__pycache__/unbound*.pyc
	265	%{py3_sitedir}/unbound.py
	266	%{py3_sitedir}/unboundmodule.py
89d05c6c	267	%endif