unbound.spec

   1 # FIXME:
   2 # - stop using nobody group
   3 #
   4 # Conditional build:
   5 %bcond_without  python          # Python binding
   6 %bcond_with     dnscrypt        # dnscrypt support
   7 %bcond_with     dnstap          # dnstap replication support
   8 %bcond_with     redis           # cachedb support for redis (using hiredis)
   9 %bcond_with     systemd         # systemd support
  10 %bcond_without  tests           # unit tests
  11 #
  12 Summary:        Recursive, validating DNS resolver
  13 Summary(pl.UTF-8):      Rekurencyjny, weryfikujący resolver DNS
  14 Name:           unbound
  15 Version:        1.19.1
  16 Release:        1
  17 License:        BSD
  18 Group:          Applications/Network
  19 Source0:        https://www.unbound.net/downloads/%{name}-%{version}.tar.gz
  20 # Source0-md5:  73ca28029afc478639506b7d86076944
  21 Source1:        %{name}.init
  22 Source2:        %{name}.service
  23 Source3:        https://data.iana.org/root-anchors/icannbundle.pem
  24 # Source3-md5:  d00ef4e253e99e93ee020da5ad5e7d9a
  25 Source4:        ftp://ftp.internic.net/domain/named.cache
  26 # Source4-md5:  fa5ffa04c78f8d3fc170c978e9ff55d4
  27 Patch0:         %{name}-default_trust_anchor.patch
  28 Patch1:         %{name}-sh.patch
  29 URL:            http://unbound.net/
  30 BuildRequires:  autoconf >= 2.56
  31 BuildRequires:  automake
  32 BuildRequires:  bison
  33 BuildRequires:  expat-devel >= 1.95
  34 BuildRequires:  flex
  35 %{?with_dnstap:BuildRequires:   fstrm-devel}
  36 %{?with_redis:BuildRequires:    hiredis-devel}
  37 BuildRequires:  libevent-devel
  38 %{?with_dnscrypt:BuildRequires: libsodium-devel}
  39 BuildRequires:  libtool
  40 BuildRequires:  linux-libc-headers >= 7:2.6.30
  41 BuildRequires:  openssl-devel >= 1.0.0
  42 %{?with_dnstap:BuildRequires:   protobuf-c-devel}
  43 BuildRequires:  rpmbuild(macros) >= 1.671
  44 %{?with_systemd:BuildRequires:  systemd-devel}
  45 %if %{with python}
  46 BuildRequires:  python3-devel
  47 BuildRequires:  python3-modules
  48 BuildRequires:  swig-python >= 2.0.1
  49 %endif
  50 Provides:       user(unbound)
  51 Requires(post,preun):   /sbin/chkconfig
  52 Requires(postun):       /usr/sbin/userdel
  53 Requires(pre):  /bin/id
  54 Requires(pre):  /usr/sbin/useradd
  55 Requires:       systemd-units >= 38
  56 Requires:       %{name}-libs = %{version}-%{release}
  57 Suggests:       openssl-tools
  58 BuildRoot:      %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
  59
  60 %description
  61 Unbound is a validating, recursive, and caching DNS resolver.
  62
  63 The C implementation of Unbound is developed and maintained by NLnet
  64 Labs. It is based on ideas and algorithms taken from a Java prototype
  65 developed by Verisign labs, Nominet, Kirei and ep.net.
  66
  67 Unbound is designed as a set of modular components, so that also
  68 DNSSEC (secure DNS) validation and stub-resolvers (that do not run as
  69 a server, but are linked into an application) are easily possible.
  70
  71 %description -l pl.UTF-8
  72 Unbound to weryfikujący, rekurencyjny i cache'ujący resolver (kod
  73 rozwiązujący nazwy) DNS.
  74
  75 Implementacja Unbound w C jest tworzona i utrzymywana przez NLnet
  76 Labs. Jest oparta na pomysłach i algorytmach zaczerpniętych z
  77 prototypu w Javie stworzonego przez Verisign Labs, Nominet, Kirei oraz
  78 ep.net.
  79
  80 Unbound został zaprojektowany jako zbiór modularnych komponentów, więc
  81 możliwe są także weryfikacja DNSSEC (bezpieczny DNS) oraz
  82 resolvery-zaślepki (nie działające jako serwer, ale wbudowane w
  83 aplikację).
  84
  85 %package libs
  86 Summary:        Unbound shared library
  87 Summary(pl.UTF-8):      Biblioteka współdzielona Unbound
  88 Group:          Libraries
  89 Conflicts:      unbound < 1.4.18-1
  90
  91 %description libs
  92 Unbound shared library.
  93
  94 %description libs -l pl.UTF-8
  95 Biblioteka współdzielona Unbound.
  96
  97 %package devel
  98 Summary:        Header files for unbound library
  99 Summary(pl.UTF-8):      Pliki nagłówkowe biblioteki unbound
 100 Group:          Development/Libraries
 101 Requires:       %{name}-libs = %{version}-%{release}
 102 Requires:       openssl-devel >= 1.0.0
 103
 104 %description devel
 105 Header files for unbound library.
 106
 107 %description devel -l pl.UTF-8
 108 Pliki nagłówkowe biblioteki unbound.
 109
 110 %package static
 111 Summary:        Static unbound library
 112 Summary(pl.UTF-8):      Statyczna biblioteka unbound
 113 Group:          Development/Libraries
 114 Requires:       %{name}-devel = %{version}-%{release}
 115
 116 %description static
 117 Static unbound library.
 118
 119 %description static -l pl.UTF-8
 120 Statyczna biblioteka unbound.
 121
 122 %package -n python3-unbound
 123 Summary:        Python interface to unbound library
 124 Summary(pl.UTF-8):      Pythonowy interfejs do biblioteki unbound
 125 Group:          Libraries/Python
 126 Requires:       %{name}-libs = %{version}-%{release}
 127 Obsoletes:      python-unbound < 1.13.1-2
 128
 129 %description -n python3-unbound
 130 Python interface to unbound library.
 131
 132 %description -n python3-unbound -l pl.UTF-8
 133 Pythonowy interfejs do biblioteki unbound.
 134
 135 %prep
 136 %setup -q
 137 %patch0 -p1
 138 %patch1 -p1
 139
 140 %build
 141 %{__libtoolize}
 142 %{__aclocal}
 143 %{__autoconf}
 144 %{__autoheader}
 145 %configure \
 146         PYTHON=%{__python3} \
 147         %{?with_dnscrypt:--enable-dnscrypt} \
 148         %{?with_dnstap:--enable-dnstap} \
 149         %{?with_systemd:--enable-systemd} \
 150         --with-chroot-dir="" \
 151         --with-conf-file=%{_sysconfdir}/%{name}/%{name}.conf \
 152         --with-libevent=/usr \
 153         --with-libexpat=/usr \
 154         %{?with_redis:--with-libhiredis=/usr} \
 155         --with-pidfile=/run/%{name}.pid \
 156         %{__with_without python pyunbound} \
 157         %{__with_without python pythonmodule} \
 158         --with-rootkey-file=/var/lib/%{name}/root.key \
 159         --with-rootcert-file=%{_sysconfdir}/%{name}/icannbundle.pem
 160
 161 %{__make}
 162
 163 %if %{with tests}
 164 %{__make} check
 165 %endif
 166
 167 %install
 168 rm -rf $RPM_BUILD_ROOT
 169 install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{systemdunitdir},/var/lib/%{name}}
 170
 171 %{__make} install \
 172         DESTDIR=$RPM_BUILD_ROOT
 173
 174 cp -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
 175 cp -p %{SOURCE2} $RPM_BUILD_ROOT%{systemdunitdir}/%{name}.service
 176 cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/icannbundle.pem
 177 cp -p %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/named.cache
 178
 179 touch $RPM_BUILD_ROOT/var/lib/%{name}/root.key
 180
 181 # obsoleted by pkg-config
 182 %{__rm} $RPM_BUILD_ROOT%{_libdir}/libunbound.la
 183
 184 %if %{with python}
 185 %{__rm} $RPM_BUILD_ROOT%{py3_sitedir}/_unbound.la
 186 %py3_comp $RPM_BUILD_ROOT%{py3_sitedir}
 187 %py3_ocomp $RPM_BUILD_ROOT%{py3_sitedir}
 188 %endif
 189
 190 %clean
 191 rm -rf $RPM_BUILD_ROOT
 192
 193 %post
 194 /sbin/chkconfig --add %{name}
 195 %systemd_post %{name}.service
 196 %service %{name} restart
 197
 198 %pre
 199 %useradd -u 196 -g 99 -d /tmp -s /bin/false -c "unbound user" unbound
 200
 201 %preun
 202 if [ "$1" = "0" ]; then
 203         %service -q %{name} stop
 204         /sbin/chkconfig --del %{name}
 205 fi
 206 %systemd_preun %{name}.service
 207
 208 %postun
 209 if [ "$1" = "0" ]; then
 210         %userremove unbound
 211 fi
 212 %systemd_reload
 213
 214 %triggerpostun -- %{name} < 1.4.22-1
 215 %systemd_trigger %{name}.service
 216
 217 %post   libs -p /sbin/ldconfig
 218 %postun libs -p /sbin/ldconfig
 219
 220 %files
 221 %defattr(644,root,root,755)
 222 %doc doc/{CREDITS,Changelog,FEATURES,LICENSE,README,TODO,control_proto_spec.txt,example.conf,ietf67-design-02.pdf,requirements.txt}
 223 %attr(754,root,root) /etc/rc.d/init.d/unbound
 224 %{systemdunitdir}/%{name}.service
 225 %attr(751,unbound,root) %dir %{_sysconfdir}/%{name}
 226 %attr(640,unbound,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/unbound.conf
 227 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/named.cache
 228 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/icannbundle.pem
 229 %attr(755,root,root) %{_sbindir}/unbound
 230 %attr(755,root,root) %{_sbindir}/unbound-anchor
 231 %attr(755,root,root) %{_sbindir}/unbound-checkconf
 232 %attr(755,root,root) %{_sbindir}/unbound-control*
 233 %attr(755,root,root) %{_sbindir}/unbound-host
 234 %{_mandir}/man1/unbound-host.1*
 235 %{_mandir}/man5/unbound.conf.5*
 236 %{_mandir}/man8/unbound-checkconf.8*
 237 %{_mandir}/man8/unbound.8*
 238 %{_mandir}/man8/unbound-anchor.8*
 239 %{_mandir}/man8/unbound-control*.8*
 240 %dir %attr(755,unbound,nobody) /var/lib/%{name}
 241 %ghost /var/lib/%{name}/root.key
 242
 243 %files libs
 244 %defattr(644,root,root,755)
 245 %attr(755,root,root) %{_libdir}/libunbound.so.*.*.*
 246 %attr(755,root,root) %ghost %{_libdir}/libunbound.so.8
 247
 248 %files devel
 249 %defattr(644,root,root,755)
 250 %attr(755,root,root) %{_libdir}/libunbound.so
 251 %{_pkgconfigdir}/libunbound.pc
 252 %{_includedir}/unbound.h
 253 %{_mandir}/man3/libunbound.3*
 254 %{_mandir}/man3/ub_*.3*
 255
 256 %files static
 257 %defattr(644,root,root,755)
 258 %{_libdir}/libunbound.a
 259
 260 %if %{with python}
 261 %files -n python3-unbound
 262 %defattr(644,root,root,755)
 263 %attr(755,root,root) %{py3_sitedir}/_unbound.so*
 264 %{py3_sitedir}/__pycache__/unbound*.pyc
 265 %{py3_sitedir}/unbound.py
 266 %{py3_sitedir}/unboundmodule.py
 267 %endif