%define jail /CHROOT/named %define username named %define groupname named %define build_72 0 %define build_82 0 Summary: A DNS (Domain Name System) server. Name: bind-chroot Version: 8.3.4 Release: 2mdk License: distributable Group: System/Servers Source0: ftp://ftp.isc.org/isc/bind/src/%{version}/bind-src.tar.gz Source1: ftp://ftp.isc.org/isc/bind/src/%{version}/bind-src.tar.gz.asc Source2: bind-8.3.3-manpages.tar.bz2 Source3: named-chroot.init.bz2 Source5: ftp://ftp.obtuse.com/pub/utils/utils-1.0.tar.bz2 Source6: jail.tar.bz2 URL: http://www.isc.org/bind.html Patch0: bind-8.2.2-rh.patch.bz2 Patch1: bind-8.1.2-nonlist.patch.bz2 Patch2: bind-8.1.2-fds.patch.bz2 Patch4: bind-8.2-host.patch.bz2 Patch6: bind-chroot-8.3.1.static.xfer.patch.bz2 Patch7: bind-chroot-8.3.1.static.named.patch.bz2 Patch8: holelogd-linux.diff.bz2 Patch9: bind-chroot-8.2.3-ndc.patch.bz2 # Check: http://www.nic.ad.jp/en/idn/index.html Patch14: bind-8.3.1-MDN.patch.bz2 Prereq: /sbin/chkconfig shadow-utils grep BuildRequires: flex %if !%{build_72} %%if !%{build_82} BuildRequires: glibc-static-devel %%endif %endif Provides: bind %{name} = %{version}-%{release} Obsoletes: bind = %{version}-%{release} Buildroot: %{_tmppath}/%{name}-%{version}-root %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. The bind-chroot packages runs the DNS server daemon under the non-root user and group and in the chroot()ed directory. %package -n bind-chroot-utils Summary: DNS utilities: host, dig, dnsquery, and nslookup. Group: Networking/Other Provides: bind-utils = %{version}-%{release} Provides: bind-chroot-utils = %{version}-%{release} Obsoletes: bind-utils = %{version}-%{release} Obsoletes: bind-chroot-utils = %{version}-%{release} %description -n bind-chroot-utils Bind-utils contains a collection of utilities for querying DNS (Domain Name Service) name servers to find out information about Internet hosts. These tools will provide you with the IP addresses for given host names, as well as other information about registered domains and network addresses. You should install bind-chroot-utils if you need to get information from DNS name servers. %package -n bind-chroot-devel Summary: Include files and libraries needed for bind DNS development. Group: Development/C Provides: bind-devel = %{version}-%{release} Provides: bind-chroot-devel = %{version}-%{release} Obsoletes: bind-devel = %{version}-%{release} Obsoletes: bind-chroot-devel = %{version}-%{release} Conflicts: glibc-devel %description -n bind-chroot-devel The bind-devel package contains all the include files and the library required for DNS (Domain Name Service) development for BIND versions 8.x.x. You should install bind-devel if you want to develop bind DNS applications. If you install bind-devel, you'll also need to install bind. %prep %setup -q -c -a2 %patch0 -p1 %patch1 -p0 %patch2 -p1 %patch4 -p1 %ifarch ia64 for i in src/lib/bsd src/lib/dst src/lib/cylink src/lib/dnssafe src/lib/inet src/lib/irs src/lib/isc src/lib/nameser src/lib/resolv; do cat $i/Makefile |sed -e "s/^CFLAGS.*/& -fPIC/" >$i/Makefile.new mv -f $i/Makefile.new $i/Makefile done %endif # clean up cvs junk for i in `find . -type d -name CVS` `find . -type f -name .cvs\*` `find . -type f -name .#\*`; do if [ -e "$i" ]; then rm -r $i; fi >&/dev/null done find . -name Makefile | xargs perl -pi -e "s/^INSTALL_LIB.*//g" # Fix build as user rm -f compat/include/sys/cdefs.h # holelogd %setup -D -T -a 5 # jail %setup -D -T -a 6 # Patch to static link named-xfer %patch6 -p1 -b .static # Patch to static link named if we have libresolv %patch7 -p1 -b .static # Holelogd patch to use SOCK_DGRAM %patch8 -p1 -b .stream # Check: http://www.nic.ad.jp/en/idn/index.html #%patch14 -p0 %build # Oden Erikssons ugly, but dynamic hack instead of a static patch file... cat > src/port/linux/Makefile.set << EOF 'CC=gcc -D_GNU_SOURCE' 'CDEBUG=${RPM_OPT_FLAGS}' 'DESTBIN=%{_bindir}' 'DESTSBIN=%{_sbindir}' 'DESTEXEC=%{_sbindir}' 'DESTMAN=%{_mandir}' 'DESTHELP=%{_libdir}' 'DESTETC=%{_sysconfdir}' 'DESTLIB=%{_libdir}' 'DESTINC=%{_includedir}' 'DESTRUN=/var/run' 'LEX=flex -8 -I' 'YACC=yacc -d' 'SYSLIBS=' 'LIBL=-lfl' 'INSTALL=install' 'MANDIR=man' 'MANROFF=cat' 'CATEXT=\$\$N' 'PS=ps p' 'AR=ar crus' 'RANLIB=:' EOF # XXX hack around egcs -m486 bug (#3413, #3485) %ifarch i386 RPM_OPT_FLAGS="`echo $RPM_OPT_FLAGS | sed -e 's|-m486||'`" %endif # Work around a bind bug: SYSTYPE is always set to bsdos find src -name Makefile | xargs -n 1 perl -pi -e "s/^SYSTYPE=.*/SYSTYPE=linux/g" find src -name Makefile | xargs -n 1 perl -pi -e "s/^SYSTYPE =.*/SYSTYPE=linux/g" find src -name Makefile | xargs -n 1 perl -pi -e "s/^CDEBUG=.*/CDEBUG=$RPM_OPT_FLAGS/g" # we don't have the lex lib, remove it # this bug was fixed in #1272 but it didn't work... #find src -name Makefile | xargs -n 1 perl -pi -e "s/^LIBL=-ll -lfl/LIBL=-lfl/g" #find src -name Makefile | xargs -n 1 perl -pi -e "s/^LIBL = -ll -lfl/LIBL = -lfl/g" #find src -name Makefile | xargs -n 1 perl -pi -e "s/^SYSLIBS=-ll -lfl/SYSLIBS=-lfl/g" #find src -name Makefile | xargs -n 1 perl -pi -e "s/^SYSLIBS = -ll -lfl/SYSLIBS = -lfl/g" make -C src make clean all -C src SUBDIRS=../doc/man # This is _really_ not nice bzcat $RPM_SOURCE_DIR/bind-chroot-8.2.3-ndc.patch.bz2 | patch -p1 sed 's,/CHROOT/named,%jail,' < src/bin/ndc/pathnames.h > src/bin/ndc/pathnames.h.new mv src/bin/ndc/pathnames.h.new src/bin/ndc/pathnames.h # rebuild ndc rm -f src/bin/ndc/*.o make -C src # end of ugly code cp src/bin/named-xfer/named-xfer jail/usr/sbin/named-xfer # A little tool for logging from chroot cd utils-1.0 gcc -s ${RPM_OPT_FLAGS} -o holelogd holelogd.c cd - # Adjust for the jail bzcat %{SOURCE3} > named-chroot.init [ -z "%{jail}" ] || { sed '/^CHROOTDIR=/s%=%=%{jail}% /^USER=/s%=%="-u %{username}"% /^GROUP=/s%=%="-g %{groupname}"%' named-chroot.init > named-chroot } %install [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} install -d %{buildroot}%jail/etc install -d %{buildroot}%{_bindir} install -d %{buildroot}%{_sbindir} install -d %{buildroot}%{_libdir} install -d %{buildroot}%{_mandir}/man{1,3,5,7,8} install -d %{buildroot}%{_sysconfdir}/rc.d/init.d make DESTDIR=%{buildroot} install -C src make DESTDIR=%{buildroot} INSTALL=install install -C src SUBDIRS=../doc/man # This will be log daemon for our jail alone so we can easily start and # stop it if there are others for other jails. install -m 755 -s utils-1.0/holelogd %{buildroot}%{_sbindir}/holelogd.named install -m 755 named-chroot %{buildroot}%{_sysconfdir}/rc.d/init.d/named-chroot # make some links... #ln -snf ..%jail/var/named/named.conf %{buildroot}/etc/named.conf ln -snf ../var/named/named.conf %{buildroot}%jail/etc/named.conf ( cd jail && tar cf - . ) | ( cd %{buildroot}%jail && tar xvf - ) # gather holelogd docs rm -rf holelogd mkdir -p holelogd chmod 0755 holelogd cp -a utils-1.0/LICENSE utils-1.0/README holelogd ################################################################## # obeying new rpm policy, using the "rm" workaround # # these conflicts with glibc-devel rm -f %{buildroot}%{_mandir}/man5/resolv.conf.5* rm -f %{buildroot}%{_mandir}/man3/getaddrinfo.3* rm -f %{buildroot}%{_mandir}/man3/getnetent.3* rm -f %{buildroot}%{_mandir}/man3/resolver.3* # these conflicts with man-pages rm -f %{buildroot}%{_mandir}/man3/resolver.3* rm -f %{buildroot}%{_mandir}/man3/getaddrinfo.3* rm -f %{buildroot}%{_mandir}/man3/gethostbyname.3* rm -f %{buildroot}%{_mandir}/man3/getipnodebyname.3* rm -f %{buildroot}%{_mandir}/man3/getnameinfo.3* rm -f %{buildroot}%{_mandir}/man3/getnetent.3* rm -f %{buildroot}%{_mandir}/man7/mailaddr.7* ################################################################## %pre if grep -q ^%groupname: %{_sysconfdir}/group then : else echo "Adding group %groupname to the system." >&2 %{_sbindir}/groupadd -g 25 -r -f %groupname fi if grep -q ^%username: %{_sysconfdir}/passwd then : else echo "Adding user %username to the system." >&2 %{_sbindir}/useradd -M -g %groupname -o -c 'Domain name server' \ -u 25 -s /bin/false -d %jail -r %username fi %post /sbin/chkconfig --add named-chroot /sbin/chkconfig named-chroot on rm -f %{jail}/dev/null mknod -m a+rw %{jail}/dev/null c 1 3 # some systems seem to want %{_sysconfdir}/group, others don't care grep ^%{username}: %{_sysconfdir}/passwd >%{jail}/etc/passwd grep ^%{groupname}: %{_sysconfdir}/group >%{jail}/etc/group cp %{_sysconfdir}/localtime %{jail}/etc/localtime %preun if [ $1 = 0 ]; then /sbin/chkconfig --del named-chroot %{_sysconfdir}/rc.d/init.d/named-chroot stop fi %clean [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} %files %defattr(-,root,root) %doc src/README src/INSTALL src/Version src/CHANGES %doc src/TODO src/bin/named-bootconf %doc holelogd #%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/named.conf %config %attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/named-chroot %dir %attr(-,%{username},%{groupname}) %{jail} %dir %attr(-,%{username},%{groupname}) %{jail}/dev %verify() %{jail}/dev/log %verify(mode) %{jail}/dev/null %dir %attr(-,%{username},%{groupname}) %{jail}/etc %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/etc/named.conf %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/named/named.cache %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/named/named.cache.md5 %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/named/logging.conf %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/named/nologging.conf %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/named/named.conf %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/named/rev/0.0.127.in-addr.arpa.db %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/named/master/bind.db %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/named/master/localhost.db %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/log/debug %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/log/default %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/log/lamers %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/log/stderr %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/log/xfer %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/tmp/named.memstats %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/tmp/named.stats %config(noreplace) %attr(0644,%{username},%{groupname}) %{jail}/var/tmp/named_dump.db %verify(not md5 size mtime) %attr(-,%{username},%{groupname}) %{jail}/etc/passwd %verify(not md5 size mtime) %attr(-,%{username},%{groupname}) %{jail}/etc/group %verify(not md5 size mtime) %attr(-,%{username},%{groupname}) %{jail}/etc/localtime %dir %attr(-,%{username},%{groupname}) %{jail}/usr %dir %attr(-,%{username},%{groupname}) %{jail}/usr/bin %dir %attr(-,%{username},%{groupname}) %{jail}/usr/sbin %dir %attr(-,%{username},%{groupname}) %{jail}/usr/lib/zoneinfo %dir %attr(-,%{username},%{groupname}) %{jail}/var %dir %attr(-,%{username},%{groupname}) %{jail}/var/named %dir %attr(-,%{username},%{groupname}) %{jail}/var/named/master %dir %attr(-,%{username},%{groupname}) %{jail}/var/named/slave %dir %attr(-,%{username},%{groupname}) %{jail}/var/run %dir %attr(-,%{username},%{groupname}) %{jail}/var/tmp %dir %attr(-,%{username},%{groupname}) %{jail}/var/log %attr(-,%{username},%{groupname}) %{jail}/usr/lib/zoneinfo/localtime %attr(-,%{username},%{groupname}) %{jail}/usr/lib/zoneinfo/posixrules %attr(-,%{username},%{groupname}) %{jail}/usr/lib/zoneinfo/posixtime %attr(-,%{username},%{groupname}) %{jail}/usr/sbin/named-xfer %{_sbindir}/dnskeygen %{_sbindir}/irpd %{_sbindir}/named %{_sbindir}/named-bootconf %{_sbindir}/named-xfer %{_sbindir}/ndc %{_sbindir}/holelogd.named %{_mandir}/man1/dnskeygen.1* %{_mandir}/man5/named.conf.5* %{_mandir}/man7/hostname.7* %{_mandir}/man8/named.8* %{_mandir}/man8/ndc.8* %{_mandir}/man8/named-bootconf.8* %{_mandir}/man8/named-xfer.8* %files -n bind-chroot-utils %defattr(-,root,root) %{_bindir}/addr %{_bindir}/dig %{_bindir}/dnsquery %{_bindir}/host %{_bindir}/mkservdb %{_bindir}/nslookup %{_bindir}/nsupdate %{_libdir}/nslookup.help %{_mandir}/man1/dig.1* %{_mandir}/man1/dnsquery.1* %{_mandir}/man1/host.1* %{_mandir}/man5/irs.conf.5* %{_mandir}/man5/resolver.5* %{_mandir}/man8/nslookup.8* %{_mandir}/man8/nsupdate.8* %files -n bind-chroot-devel %defattr(-,root,root) %{_libdir}/*.a %{_includedir}/* %{_mandir}/man3/hesiod.3* %{_mandir}/man3/inet_cidr.3* %{_mandir}/man3/tsig.3* %changelog * Thu Jan 16 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.3.4-2mdk - build release * Mon Nov 18 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.3.4-1mdk - new version (includes fixes for CAN-2002-1219, CAN-2002-1220 and CAN-2002-1221) - obeying new rpm policy, using the "rm" workaround * Wed Nov 13 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.3.3-3mdk - security fix for multiple flaws in the code (P10) possible addresses; CAN-2002-1219, CAN-2002-1220 and CAN-2002-1221, this is something for mandrakesecurity to sort out on paid workingtime ;) - updated S6 to _show_ a fake version to fool the script kiddies even more, root should change this later to maybe 9.2.2? updated root cache file from internic - added debug to S3 (service named-chroot debug) to enable the debug channel * Sun Aug 4 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.3.3-2mdk - rebuilt with gcc-3.2 - added BuildRequires: glibc-static-devel for ML9.x - added Conflicts: glibc-devel for bind-chroot-devel * Sat Jun 29 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.3.3-1mdk - new version - ship gzipped source and its GnuPG signature - P13 is included upstream but with a twist. removed P13 from the package * Tue Jun 25 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.3.2-2mdk - fixed a glitch in the initscript * Tue Jun 25 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.3.2-1mdk - new version - de-activate P14 for now - fixed offending -ll stuff (thanks to Thierry Vignaud and J.A. Magallon for clarifying that.) * Mon May 20 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.3.1-6mdk - rebuilt with gcc3.1 * Fri May 6 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.3.1-5mdk - renamed subpackages to avoid name conflicts, thanks Warly. * Sat Apr 27 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.3.1-4mdk - remove legacy softlink to /etc/named.conf for caching-nameserver compliance, thanks Salane King for reporting this * Sat Apr 27 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.3.1-3mdk - fix obsoletes and provides, pointed out by Alexander Skwar, thanks! - also change sysv script name to named-chroot (yes, you probably can run both bind-chroot and bind-9.x at the same time, but that's another story...) * Sun Apr 21 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.3.1-2mdk - re-activated non-ascii domain names support (P14). Soon we'll probably be able to use domain names like www.gällivare.se, so we'll better provide :) - ripped the man pages to reduce overall size - misc spec file fixes (Mr. rpmlint) - initial cooker contrib * Sun Feb 3 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.3.1-1mdk - update to 8.3.1 - deactivate some patches - adjusted P6 & P7 * Tue Oct 2 2001 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.2.5-1mdk - update to 8.2.5 * Sun Feb 3 2001 Oden Eriksson <oden.eriksson@kvikkjokk.net> 8.2.3-1mdk - update to 8.2.3 - enhanced the jail package - inactivate obsolete? patches for now. - added non-ascii domain names support. (patch14) - removed logrotate stuff, bind handles that itself. - removed the "contrib" source. (it's pretty old and useless) - mandrakified the package... * Sat Dec 9 2000 Oden Eriksson <oden.eriksson@kvikkjokk.net> - update to 8.2.2-P7 - added the chaos1 patch. - added rh patches. - made the jaildir as %{jail} * Fri Jan 7 2000 Jan "Yenya" Kasprzak <kas@fi.muni.cz> - modified the official RedHat package to the chrooted environment (using pieces of John A. Martin <jam@jamux.com>'s bind-chroot-8.1.2 source RPM). - update to 8.2.2-P5 * Wed Nov 10 1999 Bill Nottingham <notting@redhat.com> - update to 8.2.2-P3 * Tue Oct 12 1999 Cristian Gafton <gafton@redhat.com> - add patch to stop a cache only server from complaining about lame servers on every request. * Fri Sep 24 1999 Preston Brown <pbrown@redhat.com> - use real stop and start in named.init for restart, not ndc restart, it has problems when named has changed during a package update... (# 4890) * Fri Sep 10 1999 Bill Nottingham <notting@redhat.com> - chkconfig --del in %preun, not %postun * Mon Aug 16 1999 Bill Nottingham <notting@redhat.com> - initscript munging * Mon Jul 26 1999 Bill Nottingham <notting@redhat.com> - fix installed chkconfig links to match init file * Sat Jul 3 1999 Jeff Johnson <jbj@redhat.com> - conflict with new (in man-1.24) man pages (#3876,#3877). * Tue Jun 29 1999 Bill Nottingham <notting@redhat.com> - fix named.logrotate (wrong %SOURCE) * Fri Jun 25 1999 Jeff Johnson <jbj@redhat.com> - update to 8.2.1. - add named.logrotate (#3571). - hack around egcs-1.1.2 -m486 bug (#3413, #3485). - vet file list. * Fri Jun 18 1999 Bill Nottingham <notting@redhat.com> - don't run by default * Sun May 30 1999 Jeff Johnson <jbj@redhat.com> - nslookup fixes (#2463). - missing files (#3152). * Sat May 1 1999 Stepan Kasal <kasal@math.cas.cz> - nslookup patched: to count numRecords properly to fix subsequent calls to ls -d to parse "view" and "finger" commands properly the view hack updated for bind-8 (using sed) * Wed Mar 31 1999 Bill Nottingham <notting@redhat.com> - add ISC patch - add quick hack to make host not crash - add more docs * Fri Mar 26 1999 Cristian Gafton <gafton@redhat.com> - add probing information in the init file to keep linuxconf happy - dont strip libbind * Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> - auto rebuild in the new build environment (release 3) * Wed Mar 17 1999 Preston Brown <pbrown@redhat.com> - removed 'done' output at named shutdown. * Tue Mar 16 1999 Cristian Gafton <gafton@redhat.com> - version 8.2 * Wed Dec 30 1998 Cristian Gafton <gafton@redhat.com> - patch to use the __FDS_BITS macro - build for glibc 2.1 * Wed Sep 23 1998 Jeff Johnson <jbj@redhat.com> - change named.restart to %{_sbindir}/ndc restart * Sat Sep 19 1998 Jeff Johnson <jbj@redhat.com> - install man pages correctly. - change K10named to K45named. * Wed Aug 12 1998 Jeff Johnson <jbj@redhat.com> - don't start if %{_sysconfdir}/named.conf doesn't exist. * Sat Aug 8 1998 Jeff Johnson <jbj@redhat.com> - autmagically create %{_sysconfdir}/named.conf from %{_sysconfdir}/named.boot in %post - remove echo in %post * Wed Jun 10 1998 Jeff Johnson <jbj@redhat.com> - merge in 5.1 mods * Sun Apr 12 1998 Manuel J. Galan <manolow@step.es> - Several essential modifications to build and install correctly. - Modified 'ndc' to avoid deprecated use of '-' * Mon Dec 22 1997 Scott Lampert <fortunato@heavymetal.org> - Used buildroot - patched bin/named/ns_udp.c to use <libelf/nlist.h> for include on Redhat 5.0 instead of <nlist.h>