diff --git a/.fmf/version b/.fmf/version deleted file mode 100644 index d00491f..0000000 --- a/.fmf/version +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/changelog b/changelog deleted file mode 100644 index ca93ebf..0000000 --- a/changelog +++ /dev/null @@ -1,313 +0,0 @@ -* Wed Jul 19 2023 Fedora Release Engineering - 0.17-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Thu Jun 15 2023 Todd Zullinger - 0.17-11 -- Remove execute bit on ssh_config.d snippet - -* Thu Jan 19 2023 Fedora Release Engineering - 0.17-10 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Fri Dec 16 2022 Florian Weimer - 0.17-9 -- Port configure script to C99 - -* Thu Jul 21 2022 Fedora Release Engineering - 0.17-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Thu Jan 20 2022 Fedora Release Engineering - 0.17-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Tue Sep 14 2021 Sahana Prasad - 0.17-6 -- Rebuilt with OpenSSL 3.0.0 - -* Wed Jul 21 2021 Fedora Release Engineering - 0.17-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 0.17-4 -- Rebuilt for updated systemd-rpm-macros - See https://pagure.io/fesco/issue/2583. - -* Tue Jan 26 2021 Fedora Release Engineering - 0.17-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Sat Dec 19 2020 Adam Williamson - 0.17-2 -- Rebuild for libldns soname bump - -* Tue Oct 13 2020 Petr Menšík - 0.17-1 -- Update to 0.17 - -* Mon Oct 12 2020 Petr Menšík - 0.15-14 -- Add edns0 option to resolv.conf -- Add VerifyHostKeyDNS to ssh config - -* Mon Jul 27 2020 Fedora Release Engineering - 0.15-13 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Tue Jan 28 2020 Fedora Release Engineering - 0.15-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Mon Jan 06 2020 Jeff Law - 0.15-11 -- Fix typo in last change - -* Thu Aug 22 2019 Lubomir Rintel - 0.15-10 -- Move the NetworkManager dispatcher script out of /etc - -* Wed Jul 24 2019 Fedora Release Engineering - 0.15-9 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Thu Jan 31 2019 Fedora Release Engineering - 0.15-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Thu Jul 12 2018 Fedora Release Engineering - 0.15-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Tue Jun 19 2018 Miro Hrončok - 0.15-6 -- Rebuilt for Python 3.7 - -* Wed Mar 14 2018 Petr Menšík - 0.15-5 -- Accept NXDOMAIN for NSEC probe (#1555355) - -* Mon Feb 19 2018 Tomas Hozza - 0.15-4 -- Added explicit BuildRequires on gcc as required by packaging guidelines -- Added explicit Requires on e2fsprogs, so that /usr/bin/chattr is available -- Remove redundant removal of immutable bit in %%preun scriptlet (#1542400) - -* Mon Feb 19 2018 Tomas Hozza - 0.15-3 -- use NetworkManager-libnm instead of NetworkManager-glib - -* Wed Feb 07 2018 Fedora Release Engineering - 0.15-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Mon Dec 11 2017 Tomas Hozza - 0.15-1 -- Update to stable 0.15 upstream release - -* Fri Aug 18 2017 Petr Menšík - 0.13-6 -- Skip always failing kr.com, update root IPs (#1482939) - -* Wed Aug 02 2017 Fedora Release Engineering - 0.13-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 0.13-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Wed Mar 08 2017 Tomas Hozza - 0.13-3 -- Rebuild against new ldns - -* Wed Mar 01 2017 Tomas Hozza - 0.13-2 -- Include fix for runtime issues with OpenSSL 1.1.0 (#1427561) - -* Fri Feb 17 2017 Tomas Hozza - 0.13-1 -- Update to stable 0.13 upstream release -- Dropped merged patches - -* Fri Feb 10 2017 Fedora Release Engineering - 0.13-0.6.20150714svn -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Mon Dec 19 2016 Miro Hrončok - 0.13-0.5.20150714svn -- Rebuild for Python 3.6 - -* Wed Feb 03 2016 Fedora Release Engineering - 0.13-0.4.20150714svn -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Tue Nov 10 2015 Fedora Release Engineering -- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 - -* Mon Jul 20 2015 Tomas Hozza - 0.13-0.2.20150714svn -- Provide Workstation specific configuration - -* Wed Jul 15 2015 Tomas Hozza - 0.13-0.1.20150714svn -- split dnssec-trigger panel into separate subpackage (#1236363) -- SPEC file cleanup based on rpmlint and fedora-review issues -- implement some suggestions (#1236363) -- rebase to the latest svn trunk snapshot 0.13_20150714 -- Script is not searching local user directories any more (#1213062) -- Script now doesn't restart NM if version is >= 1.0.3, but sends just signal -- Script now specifies the NMClient version for GI (#1242430) -- Script now sets negative-cache-ttl in unbound to 5 seconds (#1229596) - -* Wed Jun 17 2015 Fedora Release Engineering - 0.12-21 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Wed Apr 08 2015 Tomas Hozza - 0.12-20 -- Fix issue when installing private address range zone without global forwarders (#1205864) -- Fix configuration of private address range zones (#1128310#c20) - -* Fri Mar 13 2015 Tomas Hozza - 0.12-19 -- Fix typo in the dnssec-trigger-script (#1187371) -- Use Python3 by default - -* Mon Jan 26 2015 Pavel Šimerda - 0.12-18 -- Resolves: #1185796, #1130502, #1105685, #1128310 – update - -* Tue Jan 20 2015 Pavel Šimerda - 0.12-17 -- Resolves: #1183975 - systemd cgroup check fails - -* Tue Jan 20 2015 Pavel Šimerda - 0.12-16 -- Resolves: #1165126, #1125267, #1089766, #1112248, #824219 - update - -* Sat Aug 16 2014 Fedora Release Engineering - 0.12-15 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Thu Aug 14 2014 Pavel Šimerda - 0.12-14 -- Resolves: #1125261 - dnssec-trigger-script: use fcntl.flock instead of - lockfile - -* Mon Aug 11 2014 Tomas Hozza - 0.12-13 -- One Fedora fallback server changed IP address (#1125440) - -* Mon Jun 30 2014 Pavel Šimerda - 0.12-12 -- Resolves: #1112248 - require a version of NetworkManager with #1113122 fixed - -* Tue Jun 24 2014 Pavel Šimerda - 0.12-11 -- Resolves: #1112248 - serialize the script instances - -* Tue Jun 24 2014 Pavel Šimerda - 0.12-10 -- Resolves: #1112248 - fix a typo - -* Tue Jun 24 2014 Pavel Šimerda - 0.12-9 -- Resolves: #1112248 - fix systemd race condition - -* Mon Jun 23 2014 Pavel Šimerda - 0.12-8 -- Resolves: #1112248 - don't block on systemctl restart NetworkManager - -* Mon Jun 23 2014 Pavel Šimerda - 0.12-7 -- Resolves: #1112248, #1111143 - update dnssec-trigger-script and dnssec-triggerd.service - -* Fri Jun 20 2014 Pavel Šimerda - 0.12-6 -- Resolves: #1111143 - fix for python2 - -* Fri Jun 20 2014 Pavel Šimerda - 0.12-5 -- Related: #842455 - remove a patch that is now redundant - -* Fri Jun 20 2014 Pavel Šimerda - 0.12-4 -- update dnssec-trigger-script to current development submitted upstream - -* Wed Jun 18 2014 Pavel Šimerda - 0.12-3 -- Resolves: #1105896 - the new script doesn't call dnssec-trigger-control submit - -* Fri Jun 06 2014 Pavel Šimerda - 0.12-2 -- fix various dnssec-trigger-script issues - -* Fri May 23 2014 Tomas Hozza - 0.12-1 -- Update to 0.12 version -- Drop merged patches -- Drop downstream files (systemd, dispatcher scripts) - -* Tue May 13 2014 Paul Wouters - 0.11-21 -- Enable full hardening (includig PIE) -- Resolves: rhbz#1045689 dnssec-trigger creates long-time RSA key with inappropriate size - -* Wed Feb 19 2014 Tomas Hozza - 0.11-20 -- Restart NM on dnssec-trigger shutdown (let NM handle the resolv.conf content) -- HN-hook: Handle situation when connection does not have a device - -* Wed Jan 29 2014 Tomas Hozza - 0.11-19 -- Use new Python dispatcher script and ship /etc/dnssec.conf - -* Tue Jan 28 2014 Tomas Hozza - 0.11-18 -- Use systemd macros instead of directly calling systemctl -- simplify the systemd unit file for generating keys - -* Thu Nov 21 2013 Tomas Hozza - 0.11-17 -- Add script to backup and restore resolv.conf on dnssec-trigger start/stop - -* Mon Nov 18 2013 Tomas Hozza - 0.11-16 -- Improve GUI dialogs texts - -* Tue Nov 12 2013 Tomas Hozza - 0.11-15 -- Fix NM dispatcher script to work with NM >= 0.9.9.0 (#1029571) - -* Mon Aug 26 2013 Tomas Hozza - 0.11-14 -- Fix errors found by static analysis of source - -* Fri Aug 09 2013 Tomas Hozza - 0.11-13 -- Use improved NM dispatcher script from upstream -- Added tmpfiles.d config due to improved NM dispatcher script - -* Sat Aug 03 2013 Fedora Release Engineering - 0.11-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Mon Mar 04 2013 Adam Tkac - 0.11-11 -- link dnssec-trigger.conf.8 to dnssec-trigger.8 -- build dnssec-triggerd with full RELRO - -* Mon Mar 04 2013 Adam Tkac - 0.11-10 -- remove deprecated "Application" keyword from desktop file - -* Mon Mar 04 2013 Adam Tkac - 0.11-9 -- install various dnssec-trigger-* symlinks to dnssec-trigger.8 manpage - -* Wed Feb 13 2013 Fedora Release Engineering - 0.11-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Tue Jan 08 2013 Paul Wouters - 0.11-7 -- Use full path for systemd (rhbz#842455) - -* Tue Jul 24 2012 Paul Wouters - 0.11-6 -- Patched daemon to remove immutable attr (rhbz#842455) as the - systemd ExecStopPost= target does not seem to work - -* Tue Jul 24 2012 Paul Wouters - 0.11-5 -- On service stop, remove immutable attr from resolv.conf (rhbz#842455) - -* Wed Jul 18 2012 Fedora Release Engineering - 0.11-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Thu Jun 28 2012 Paul Wouters - 0.11-3 -- Fix DHCP hook for f17+ version of nmcli (rhbz#835298) - -* Sun Jun 17 2012 Paul Wouters - 0.11-2 -- Small textual changes to some popup windows - -* Fri Jun 15 2012 Paul Wouters - 0.11-1 -- Updated to 0.11 -- http Hotspot detection via fedoraproject.org/static/hotspot.html -- http Hotspot Login page via uses hotspot-nocache.fedoraproject.org - -* Thu Feb 23 2012 Paul Wouters - 0.10-4 -- Require: unbound - -* Wed Feb 22 2012 Paul Wouters - 0.10-3 -- Fix the systemd startup to require unbound -- dnssec-triggerd no longer forks, giving systemd more control -- Fire NM dispatcher in ExecStartPost of dnssec-triggerd.service -- Fix tcp80 entries in dnssec-triggerd.conf -- symlink dnssec-trigger-panel to dnssec-trigger to supress the - "-panel" in the applet name shown in gnome3 - - -* Wed Feb 22 2012 Paul Wouters - 0.10-2 -- The NM hook was not modified at the right time during build - -* Wed Feb 22 2012 Paul Wouters - 0.10-1 -- Updated to 0.10 -- The NM hook lacks /usr/sbin in path, resulting in empty resolv.conf on hotspot - -* Wed Feb 08 2012 Paul Wouters - 0.9-4 -- Updated tls443 / tls80 resolver instances supplied by Fedora Hosted - -* Mon Feb 06 2012 Paul Wouters - 0.9-3 -- Convert from SysV to systemd for initial Fedora release -- Moved configs and pem files to /etc/dnssec-trigger/ -- No more /var/run/dnssec-triggerd/ -- Fix Build-requires -- Added commented tls443 port80 entries of pwouters resolvers -- On uninstall ensure there is no immutable bit on /etc/resolv.conf - -* Sat Jan 07 2012 Paul Wouters - 0.9-2 -- Added LICENCE to doc section - -* Mon Dec 19 2011 Paul Wouters - 0.9-1 -- Upgraded to 0.9 - -* Fri Oct 28 2011 Paul Wouters - 0.7-1 -- Upgraded to 0.7 - -* Fri Sep 23 2011 Paul Wouters - 0.4-1 -- Upgraded to 0.4 - -* Sat Sep 17 2011 Paul Wouters - 0.3-5 -- Start 01-dnssec-trigger-hook in daemon start -- Ensure dnssec-triggerd starts after NetworkManager - -* Fri Sep 16 2011 Paul Wouters - 0.3-4 -- Initial package diff --git a/dnssec-trigger-0.17-allowed-characters.patch b/dnssec-trigger-0.17-allowed-characters.patch deleted file mode 100644 index e9cb86d..0000000 --- a/dnssec-trigger-0.17-allowed-characters.patch +++ /dev/null @@ -1,30 +0,0 @@ -From f410871470773c0767f97f86c1bd05074db63081 Mon Sep 17 00:00:00 2001 -From: "W.C.A. Wijngaards" -Date: Mon, 3 Feb 2020 10:37:26 +0100 -Subject: [PATCH] - Fix for #3: Allow @ character to make scripts work, which - may fix resolv.conf lost in some situation bug. - -Changelog: -3 February 2020: Wouter - - Fix for #3: Allow @ character to make scripts work, which may - fix resolv.conf lost in some situation bug. ---- - riggerd/ubhook.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/riggerd/ubhook.c b/riggerd/ubhook.c -index 382eee3..f1ce73c 100644 ---- a/riggerd/ubhook.c -+++ b/riggerd/ubhook.c -@@ -80,7 +80,7 @@ allowed_arg(const char* arg) - } - if( isalnum((unsigned char)*s) || *s == ' ' || *s == ':' || - *s == '.' || *s == '_' || *s == '-' || *s == '+' || -- *s == '\t') { -+ *s == '\t' || *s == '@') { - continue; - } else { - log_err("command line string argument '%s' fails check on allowed characters", arg); --- -2.41.0 - diff --git a/dnssec-trigger-0.17-openssl-3.2.patch b/dnssec-trigger-0.17-openssl-3.2.patch deleted file mode 100644 index d1b9474..0000000 --- a/dnssec-trigger-0.17-openssl-3.2.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 7c3ff5b59952bc6bf11f988c9dbd961ae3c626ea Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Tue, 10 Sep 2024 16:22:07 +0200 -Subject: [PATCH] Mark explicitly server cert with CA flag - -Since OpenSSL 3.2 it did not connect from control to server cert. Create -server with indication is it CA. - -Also use clientAuth trust for CA cert. That allows control cert to be -used for client authentication. ---- - dnssec-trigger-control-setup.sh.in | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/dnssec-trigger-control-setup.sh.in b/dnssec-trigger-control-setup.sh.in -index 7cc305a..eede665 100644 ---- a/dnssec-trigger-control-setup.sh.in -+++ b/dnssec-trigger-control-setup.sh.in -@@ -200,9 +200,9 @@ EOF - test -f request.cfg || error "could not create request.cfg" - - echo "create $SVR_BASE.pem (self signed certificate)" --openssl req -key $SVR_BASE.key -config request.cfg -new -x509 -days $DAYS -out $SVR_BASE.pem || error "could not create $SVR_BASE.pem" --# create trusted usage pem --openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem" -+openssl req -key $SVR_BASE.key -config request.cfg -new -x509 -days $DAYS -addext "basicConstraints=critical,CA:TRUE,pathlen:0" -out $SVR_BASE.pem || error "could not create $SVR_BASE.pem" -+# create trusted usage pem for CA, what are signed certs allowed to do? -+openssl x509 -in "$SVR_BASE.pem" -addtrust clientAuth -out "${SVR_BASE}_trust.pem" - - # create client request and sign it, piped - cat >request.cfg < -Date: Wed, 20 Nov 2024 16:58:48 +0100 -Subject: [PATCH] Add recipe for adding own server - -Until someone adds nice support for using just CA bundle and server -name, allow specification by fingerprint obtained manually. Do not rely -only on server provided by upstream. ---- - dnssec.conf | 4 ++-- - example.conf.in | 6 +++++- - 2 files changed, 7 insertions(+), 3 deletions(-) - -diff --git a/dnssec.conf b/dnssec.conf -index bf896d3..4726ca1 100644 ---- a/dnssec.conf -+++ b/dnssec.conf -@@ -38,7 +38,7 @@ - # - # - See also security notes on the `add_wifi_provided_zones` option. - # --# validate_connection_provided_zones=yes -+# validate_connection_provided_zones=no - # - # - Connection provided zones will be configured in Unbound as secure forward - # zones, validated using DNSSEC. -@@ -63,7 +63,7 @@ - # Turning this option off has security implications, See the security - # notice above. - # --validate_connection_provided_zones=yes -+validate_connection_provided_zones=no - - # add_wifi_provided_zones: - # ------------------------ -diff --git a/example.conf.in b/example.conf.in -index dafd35d..f7e8a54 100644 ---- a/example.conf.in -+++ b/example.conf.in -@@ -79,6 +79,11 @@ tcp80: 2a04:b900::10:0:0:67 - ssl443: 185.49.140.67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF - ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF - -+# How to add your own record: -+# openssl s_client -connect example.com:443 -showcerts /tmp/dns.crt -+# openssl x509 -noout -in /tmp/dns.crt -fingerprint -sha256 -+# Append returned sha256 Fingerprint after ssl443: IP-address section. -+ - # Use VPN servers for all traffic - # use-vpn-forwarders: no - -@@ -87,4 +92,3 @@ ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD: - - # Add domains provided by VPN connections into Unbound forward zones - # add-wifi-provided-zones: no -- --- -2.47.0 - diff --git a/dnssec-trigger-config-default.patch b/dnssec-trigger-config-default.patch deleted file mode 100644 index a3ca483..0000000 --- a/dnssec-trigger-config-default.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 27bb1f49fe69055e2a5f02e5fe54e71e79d98fdc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Tue, 25 Jul 2023 15:39:15 +0200 -Subject: [PATCH] Make fedora default config changes - -Customize upstream example configuration for Fedora. ---- - example.conf | 11 +++++------ - 1 file changed, 5 insertions(+), 6 deletions(-) - -diff --git a/example.conf b/example.conf -index 6031c0d..6251c98 100644 ---- a/example.conf -+++ b/example.conf -@@ -1,5 +1,4 @@ --# config for dnssec-trigger 0.17. --# this is a comment. there must be one statement per line. -+# Fedora/EPEL version of dnssec-trigger.conf - - # logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail. - # verbosity: 1 -@@ -43,8 +42,8 @@ - # port number to use for probe daemon. - # port: 8955 - --# these keys and certificates can be generated with the script --# dnssec-trigger-control-setup -+# keys and certificates generated by the dnssec-trigger-keygen systemd service -+# (which called dnssec-trigger-control-setup) - # server-key-file: "/etc/dnssec-trigger/dnssec_trigger_server.key" - # server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem" - # control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key" -@@ -60,7 +59,7 @@ - - # provided by NLnetLabs - # It is provided on a best effort basis, with no service guarantee. --url: "http://ster.nlnetlabs.nl/hotspot.txt OK" -+# url: "http://ster.nlnetlabs.nl/hotspot.txt OK" - - # provided by FedoraProject - url: "http://fedoraproject.org/static/hotspot.txt OK" -@@ -72,7 +71,7 @@ url: "http://fedoraproject.org/static/hotspot.txt OK" - # hash is output of openssl x509 -sha256 -fingerprint -in server.pem - # You can add more with extra config lines. - --# provided by NLnetLabs -+# provided by NLnetLabs (www.nlnetlabs.nl) - # It is provided on a best effort basis, with no service guarantee. - tcp80: 185.49.140.67 - tcp80: 2a04:b900::10:0:0:67 --- -2.41.0 - diff --git a/dnssec-trigger-config-workstation.patch b/dnssec-trigger-config-workstation.patch deleted file mode 100644 index 6458a92..0000000 --- a/dnssec-trigger-config-workstation.patch +++ /dev/null @@ -1,34 +0,0 @@ -From d4b08251d816038950b522fc1b003c8d4f1bcc6d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Tue, 25 Jul 2023 15:42:50 +0200 -Subject: [PATCH] Customize workstation only - ---- - dnssec-trigger-workstation.conf | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/dnssec-trigger-workstation.conf b/dnssec-trigger-workstation.conf -index 6251c98..bb2b5db 100644 ---- a/dnssec-trigger-workstation.conf -+++ b/dnssec-trigger-workstation.conf -@@ -32,6 +32,7 @@ - # the command to run to open login pages on hot spots, a web browser. - # empty string runs no command. - # login-command: "/usr/bin/xdg-open" -+login-command: "" - - # the url to open to get hot spot login, it gets overridden by the hotspot. - # login-location: "http://hotspot-nocache.fedoraproject.org/" -@@ -62,7 +63,8 @@ - # url: "http://ster.nlnetlabs.nl/hotspot.txt OK" - - # provided by FedoraProject --url: "http://fedoraproject.org/static/hotspot.txt OK" -+# on Workstation, the detection is turned off -+# url: "http://fedoraproject.org/static/hotspot.txt OK" - - # fallback open DNSSEC resolvers that run on TCP port 80 and TCP port 443. - # These relay incoming DNS traffic on the other port numbers to the usual DNS --- -2.41.0 - diff --git a/dnssec-trigger-configure-c99.patch b/dnssec-trigger-configure-c99.patch deleted file mode 100644 index cccecad..0000000 --- a/dnssec-trigger-configure-c99.patch +++ /dev/null @@ -1,30 +0,0 @@ -Do not rely on an implicit function declaration for detecting -the daemon function. Future compilers may not accept such -declarations by default, causing the detection result to change. - -Submitted upstream: - -diff --git a/configure b/configure -index 079ea641e2940515..22c9487fb0d311f8 100755 ---- a/configure -+++ b/configure -@@ -6757,6 +6757,7 @@ else - - echo ' - #include -+#include - ' >conftest.c - echo 'void f(){ (void)daemon(0, 0); }' >>conftest.c - if test -z "`$CC -c conftest.c 2>&1 | grep deprecated`"; then -diff --git a/configure.ac b/configure.ac -index c809367d307f108e..e8095fe7288ba68a 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -225,6 +225,7 @@ AC_CHECK_FUNCS([daemon]) - if test $ac_cv_func_daemon = yes; then - ACX_FUNC_DEPRECATED([daemon], [(void)daemon(0, 0);], [ - #include -+#include - ]) - fi - diff --git a/dnssec-trigger-default.conf b/dnssec-trigger-default.conf new file mode 100644 index 0000000..337ee34 --- /dev/null +++ b/dnssec-trigger-default.conf @@ -0,0 +1,99 @@ +# Fedora/EPEL version of dnssec-trigger.conf + +# logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail. +# verbosity: 1 + +# pidfile location +pidfile: "/var/run/dnssec-triggerd.pid" + +# log to a file instead of syslog, default is to syslog +# logfile: "/var/log/dnssec-trigger.log" + +# log to syslog, or (log to to stderr or a logfile if specified). yes or no. +# use-syslog: yes + +# chroot to this directory +# chroot: "" + +# the unbound-control binary if not found in PATH. +# commandline options can be appended "unbound-control -c my.conf" if you wish. +# unbound-control: "/usr/sbin/unbound-control" + +# where is resolv.conf to edit. +# resolvconf: "/etc/resolv.conf" + +# the domain example.com line (if any) to add to resolv.conf(5). default none. +# domain: "" + +# domain name search path to add to resolv.conf(5). default none. +# the search path from DHCP is not picked up, it could be used to misdirect. +# search: "" + +# the command to run to open login pages on hot spots, a web browser. +# empty string runs no command. +# login-command: "xdg-open" + +# the url to open to get hot spot login, it gets overridden by the hotspot. +# login-location: "http://www.nlnetlabs.nl/projects/dnssec-trigger" +# should to be a ttl=0 entry +login-location: "http://hotspot-nocache.fedoraproject.org/" + +# do not perform actions (unbound-control or resolv.conf), for a dry-run. +# noaction: no + +# port number to use for probe daemon. +# port: 8955 + +# keys and certificates generated by the dnssec-trigger-keygen systemd service +# (which called dnssec-trigger-control-setup) +server-key-file: "/etc/dnssec-trigger/dnssec_trigger_server.key" +server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem" +control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key" +control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem" + +# check for updates, download and ask to install them (for Windows, OSX). +# check-updates: no + +# webservers that are probed to see if internet access is possible. +# They serve a simple static page over HTTP port 80. It probes a random url: +# after a space is the content expected on the page, (the page can contain +# whitespace before and after this code). Without urls it skips http probes. + +# provided by NLnetLabs +# It is provided on a best effort basis, with no service guarantee. +# url: "http://ster.nlnetlabs.nl/hotspot.txt OK" + +# provided by FedoraProject +url: "http://fedoraproject.org/static/hotspot.txt OK" + +# fallback open DNSSEC resolvers that run on TCP port 80 and TCP port 443. +# the ssl443 adds an ssl server IP, if you specify a hash it is checked, put +# the following on one line: ssl443: +# hash is output of openssl x509 -sha256 -fingerprint -in server.pem +# You can add more with extra config lines. + +# Provided by fedoraproject.org, #fedora-admin +# It is provided on a best effort basis, with no service guarantee. +ssl443: 140.211.169.201 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 140.211.169.201 +ssl443: 8.43.85.74 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 8.43.85.74 +ssl443: 152.19.134.150 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 152.19.134.150 +ssl443: 2610:28:3090:3001:dead:beef:cafe:fed9 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 2610:28:3090:3001:dead:beef:cafe:fed9 + +# provided by Paul Wouters (pwouters@redhat.com) +# It is provided on a best effort basis, with no service guarantee. +# tcp80: 193.110.157.123 +# tcp80: 2001:888:2003:1004::123 +# ssl443: 193.110.157.123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 +# ssl443: 2001:888:2003:1004::123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 + +# provided by NLnetLabs (www.nlnetlabs.nl) +# It is provided on a best effort basis, with no service guarantee. +# tcp80: 213.154.224.3 +# tcp80: 2001:7b8:206:1:bb:: +# ssl443: 213.154.224.3 DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F +# ssl443: 2001:7b8:206:1:bb:: DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F + diff --git a/dnssec-trigger-workstation.conf b/dnssec-trigger-workstation.conf new file mode 100644 index 0000000..2ffe0ca --- /dev/null +++ b/dnssec-trigger-workstation.conf @@ -0,0 +1,101 @@ +# Fedora/EPEL version of dnssec-trigger.conf + +# logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail. +# verbosity: 1 + +# pidfile location +pidfile: "/var/run/dnssec-triggerd.pid" + +# log to a file instead of syslog, default is to syslog +# logfile: "/var/log/dnssec-trigger.log" + +# log to syslog, or (log to to stderr or a logfile if specified). yes or no. +# use-syslog: yes + +# chroot to this directory +# chroot: "" + +# the unbound-control binary if not found in PATH. +# commandline options can be appended "unbound-control -c my.conf" if you wish. +# unbound-control: "/usr/sbin/unbound-control" + +# where is resolv.conf to edit. +# resolvconf: "/etc/resolv.conf" + +# the domain example.com line (if any) to add to resolv.conf(5). default none. +# domain: "" + +# domain name search path to add to resolv.conf(5). default none. +# the search path from DHCP is not picked up, it could be used to misdirect. +# search: "" + +# the command to run to open login pages on hot spots, a web browser. +# empty string runs no command. +# login-command: "xdg-open" +login-command: "" + +# the url to open to get hot spot login, it gets overridden by the hotspot. +# login-location: "http://www.nlnetlabs.nl/projects/dnssec-trigger" +# should to be a ttl=0 entry +# login-location: "http://hotspot-nocache.fedoraproject.org/" + +# do not perform actions (unbound-control or resolv.conf), for a dry-run. +# noaction: no + +# port number to use for probe daemon. +# port: 8955 + +# keys and certificates generated by the dnssec-trigger-keygen systemd service +# (which called dnssec-trigger-control-setup) +server-key-file: "/etc/dnssec-trigger/dnssec_trigger_server.key" +server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem" +control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key" +control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem" + +# check for updates, download and ask to install them (for Windows, OSX). +# check-updates: no + +# webservers that are probed to see if internet access is possible. +# They serve a simple static page over HTTP port 80. It probes a random url: +# after a space is the content expected on the page, (the page can contain +# whitespace before and after this code). Without urls it skips http probes. + +# provided by NLnetLabs +# It is provided on a best effort basis, with no service guarantee. +# url: "http://ster.nlnetlabs.nl/hotspot.txt OK" + +# provided by FedoraProject +# on Workstation, the detection is turned off +# url: "http://fedoraproject.org/static/hotspot.txt OK" + +# fallback open DNSSEC resolvers that run on TCP port 80 and TCP port 443. +# the ssl443 adds an ssl server IP, if you specify a hash it is checked, put +# the following on one line: ssl443: +# hash is output of openssl x509 -sha256 -fingerprint -in server.pem +# You can add more with extra config lines. + +# Provided by fedoraproject.org, #fedora-admin +# It is provided on a best effort basis, with no service guarantee. +ssl443: 140.211.169.201 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 140.211.169.201 +ssl443: 8.43.85.74 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 8.43.85.74 +ssl443: 152.19.134.150 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 152.19.134.150 +ssl443: 2610:28:3090:3001:dead:beef:cafe:fed9 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 2610:28:3090:3001:dead:beef:cafe:fed9 + +# provided by Paul Wouters (pwouters@redhat.com) +# It is provided on a best effort basis, with no service guarantee. +# tcp80: 193.110.157.123 +# tcp80: 2001:888:2003:1004::123 +# ssl443: 193.110.157.123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 +# ssl443: 2001:888:2003:1004::123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 + +# provided by NLnetLabs (www.nlnetlabs.nl) +# It is provided on a best effort basis, with no service guarantee. +# tcp80: 213.154.224.3 +# tcp80: 2001:7b8:206:1:bb:: +# ssl443: 213.154.224.3 DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F +# ssl443: 2001:7b8:206:1:bb:: DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F + diff --git a/dnssec-trigger.spec b/dnssec-trigger.spec index 9928104..016c5c4 100644 --- a/dnssec-trigger.spec +++ b/dnssec-trigger.spec @@ -5,8 +5,8 @@ Summary: Tool for dynamic reconfiguration of validating resolver Unbound Name: dnssec-trigger Version: 0.17 -Release: %autorelease -License: BSD-3-clause AND MIT AND ISC +Release: 1%{?snapshot:.%{snapshot}git}%{?dist} +License: BSD Url: https://www.nlnetlabs.nl/projects/dnssec-trigger/ %if 0%{?snapshot:1} @@ -18,24 +18,14 @@ Source1: https://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.ta Source2: https://keys.openpgp.org/vks/v1/by-fingerprint/EDFAA3F2CA4E6EB05681AF8E9F6F1C2D7E045F8D#/wouter.asc %endif Source3: dnssec-trigger.tmpfiles.d -#Source4: dnssec-trigger-default.conf -#Source5: dnssec-trigger-workstation.conf +Source4: dnssec-trigger-default.conf +Source5: dnssec-trigger-workstation.conf Source6: ssh_config.conf # Patches -# Downstream changes to configuration -Patch1: dnssec-trigger-config-workstation.patch -# Downstream changes to configuration -Patch2: dnssec-trigger-config-default.patch Patch3: 0003-Move-the-NetworkManager-dispatcher-script-out-of-etc.patch # https://github.com/NLnetLabs/dnssec-trigger/pull/7 Patch4: 0004-Add-options-edns0-and-trust-ad.patch -Patch5: dnssec-trigger-configure-c99.patch -# https://github.com/NLnetLabs/dnssec-trigger/commit/f187c2be221a26f3c4ef4d9b16f1df67104ae634 -Patch6: dnssec-trigger-0.17-allowed-characters.patch -Patch7: dnssec-trigger-0.17-openssl-3.2.patch -# https://github.com/NLnetLabs/dnssec-trigger/pull/15 -Patch8: dnssec-trigger-0.17-server-recipe.patch # to obsolete the version in which the panel was in main package Obsoletes: %{name} < 0.12-22 @@ -63,8 +53,10 @@ BuildRequires: NetworkManager-libnm-devel BuildRequires: gnupg2 %endif -BuildRequires: systemd-rpm-macros -%{?systemd_ordering} +BuildRequires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd # Provides Workstation specific configuration # - No captive portal detection and no action available on Captive portal (No UI) @@ -84,7 +76,6 @@ Requires: %{name} = %{version}-%{release} Obsoletes: %{name} < 0.12-22 Requires: xdg-utils BuildRequires: gtk2-devel, desktop-file-utils -BuildRequires: make %description panel This package provides the GTK panel for interaction between the user @@ -97,8 +88,7 @@ some user input is needed, the panel creates a dialog window. %if 0%{?fedora} && ! 0%{?snapshot:1} %gpgverify -d 0 -s 1 -k 2 %endif -%autosetup %{?snapshot:-n %{name}-%{version}_%{snapshot}} -N -%autopatch -m 3 -p1 +%autosetup %{?snapshot:-n %{name}-%{version}_%{snapshot}} -p1 # don't use DNSSEC for forward zones for now sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zones=no/" dnssec.conf @@ -112,27 +102,20 @@ sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zo --with-networkmanager-dispatch=%{_sysconfdir}/NetworkManager/dispatcher.d \ %endif --with-python=%{__python3} \ - --with-pidfile=%{_rundir}/%{name}d.pid \ - --with-login-command=%{_bindir}/xdg-open \ - --with-login-location="http://hotspot-nocache.fedoraproject.org/" + --with-pidfile=%{_rundir}/%{name}d.pid -# hotspot-nocache should have TTL=0 - -%make_build - -%autopatch -p1 2 -cp -p example.conf dnssec-trigger-workstation.conf -%autopatch -p1 1 +%{__make} %{?_smp_mflags} %install -# https://github.com/NLnetLabs/dnssec-trigger/pull/13 -install -d -m 0755 %{buildroot}%{_libexecdir} -%make_install +rm -rf %{buildroot} +%{__make} DESTDIR=%{buildroot} install install -d 0755 %{buildroot}%{_unitdir} -install -p -m 0644 example.conf %{buildroot}%{_sysconfdir}/%{name}/dnssec-trigger-default.conf -install -p -m 0644 dnssec-trigger-workstation.conf %{buildroot}%{_sysconfdir}/%{name}/ +install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/%{name}/ +install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/%{name}/ + +mkdir -p %{buildroot}%{_libexecdir} desktop-file-install --dir=%{buildroot}%{_datadir}/applications dnssec-trigger-panel.desktop @@ -149,9 +132,9 @@ ln -s dnssec-trigger-panel %{buildroot}%{_bindir}/dnssec-trigger # Make dnssec-trigger.8 manpage available under names of all dnssec-trigger-* # executables for all in dnssec-trigger-control dnssec-trigger-control-setup dnssec-triggerd; do - ln -s dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/"$all".8 + ln -s %{_mandir}/man8/dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/"$all".8 done -ln -s dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/dnssec-trigger.conf.8 +ln -s %{_mandir}/man8/dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/dnssec-trigger.conf.8 install -d -m 0755 %{buildroot}%{_sysconfdir}/ssh/ssh_config.d install -m 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/ssh/ssh_config.d/10-%{name}.conf @@ -203,7 +186,7 @@ fi %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger-default.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger-workstation.conf %attr(0755,root,root) %dir %{_sysconfdir}/ssh/ssh_config.d -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/10-%{name}.conf +%attr(0755,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/10-%{name}.conf %dir %{_localstatedir}/run/%{name} %{_tmpfilesdir}/%{name}.conf %{_mandir}/man8/dnssec-trigger* @@ -217,4 +200,276 @@ fi %changelog -%autochangelog +* Tue Oct 13 2020 Petr Menšík - 0.17-1 +- Update to 0.17 + +* Mon Oct 12 2020 Petr Menšík - 0.15-14 +- Add edns0 option to resolv.conf +- Add VerifyHostKeyDNS to ssh config + +* Mon Jan 06 2020 Jeff Law - 0.15-11 +- Fix typo in last change + +* Thu Aug 22 2019 Lubomir Rintel - 0.15-10 +- Move the NetworkManager dispatcher script out of /etc + +* Wed Jul 24 2019 Fedora Release Engineering - 0.15-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jan 31 2019 Fedora Release Engineering - 0.15-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Jul 12 2018 Fedora Release Engineering - 0.15-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 19 2018 Miro Hrončok - 0.15-6 +- Rebuilt for Python 3.7 + +* Wed Mar 14 2018 Petr Menšík - 0.15-5 +- Accept NXDOMAIN for NSEC probe (#1555355) + +* Mon Feb 19 2018 Tomas Hozza - 0.15-4 +- Added explicit BuildRequires on gcc as required by packaging guidelines +- Added explicit Requires on e2fsprogs, so that /usr/bin/chattr is available +- Remove redundant removal of immutable bit in %%preun scriptlet (#1542400) + +* Mon Feb 19 2018 Tomas Hozza - 0.15-3 +- use NetworkManager-libnm instead of NetworkManager-glib + +* Wed Feb 07 2018 Fedora Release Engineering - 0.15-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Dec 11 2017 Tomas Hozza - 0.15-1 +- Update to stable 0.15 upstream release + +* Fri Aug 18 2017 Petr Menšík - 0.13-6 +- Skip always failing kr.com, update root IPs (#1482939) + +* Wed Aug 02 2017 Fedora Release Engineering - 0.13-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.13-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Mar 08 2017 Tomas Hozza - 0.13-3 +- Rebuild against new ldns + +* Wed Mar 01 2017 Tomas Hozza - 0.13-2 +- Include fix for runtime issues with OpenSSL 1.1.0 (#1427561) + +* Fri Feb 17 2017 Tomas Hozza - 0.13-1 +- Update to stable 0.13 upstream release +- Dropped merged patches + +* Fri Feb 10 2017 Fedora Release Engineering - 0.13-0.6.20150714svn +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Dec 19 2016 Miro Hrončok - 0.13-0.5.20150714svn +- Rebuild for Python 3.6 + +* Wed Feb 03 2016 Fedora Release Engineering - 0.13-0.4.20150714svn +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Nov 10 2015 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 + +* Mon Jul 20 2015 Tomas Hozza - 0.13-0.2.20150714svn +- Provide Workstation specific configuration + +* Wed Jul 15 2015 Tomas Hozza - 0.13-0.1.20150714svn +- split dnssec-trigger panel into separate subpackage (#1236363) +- SPEC file cleanup based on rpmlint and fedora-review issues +- implement some suggestions (#1236363) +- rebase to the latest svn trunk snapshot 0.13_20150714 +- Script is not searching local user directories any more (#1213062) +- Script now doesn't restart NM if version is >= 1.0.3, but sends just signal +- Script now specifies the NMClient version for GI (#1242430) +- Script now sets negative-cache-ttl in unbound to 5 seconds (#1229596) + +* Wed Jun 17 2015 Fedora Release Engineering - 0.12-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Apr 08 2015 Tomas Hozza - 0.12-20 +- Fix issue when installing private address range zone without global forwarders (#1205864) +- Fix configuration of private address range zones (#1128310#c20) + +* Fri Mar 13 2015 Tomas Hozza - 0.12-19 +- Fix typo in the dnssec-trigger-script (#1187371) +- Use Python3 by default + +* Mon Jan 26 2015 Pavel Šimerda - 0.12-18 +- Resolves: #1185796, #1130502, #1105685, #1128310 – update + +* Tue Jan 20 2015 Pavel Šimerda - 0.12-17 +- Resolves: #1183975 - systemd cgroup check fails + +* Tue Jan 20 2015 Pavel Šimerda - 0.12-16 +- Resolves: #1165126, #1125267, #1089766, #1112248, #824219 - update + +* Sat Aug 16 2014 Fedora Release Engineering - 0.12-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Aug 14 2014 Pavel Šimerda - 0.12-14 +- Resolves: #1125261 - dnssec-trigger-script: use fcntl.flock instead of + lockfile + +* Mon Aug 11 2014 Tomas Hozza - 0.12-13 +- One Fedora fallback server changed IP address (#1125440) + +* Mon Jun 30 2014 Pavel Šimerda - 0.12-12 +- Resolves: #1112248 - require a version of NetworkManager with #1113122 fixed + +* Tue Jun 24 2014 Pavel Šimerda - 0.12-11 +- Resolves: #1112248 - serialize the script instances + +* Tue Jun 24 2014 Pavel Šimerda - 0.12-10 +- Resolves: #1112248 - fix a typo + +* Tue Jun 24 2014 Pavel Šimerda - 0.12-9 +- Resolves: #1112248 - fix systemd race condition + +* Mon Jun 23 2014 Pavel Šimerda - 0.12-8 +- Resolves: #1112248 - don't block on systemctl restart NetworkManager + +* Mon Jun 23 2014 Pavel Šimerda - 0.12-7 +- Resolves: #1112248, #1111143 - update dnssec-trigger-script and dnssec-triggerd.service + +* Fri Jun 20 2014 Pavel Šimerda - 0.12-6 +- Resolves: #1111143 - fix for python2 + +* Fri Jun 20 2014 Pavel Šimerda - 0.12-5 +- Related: #842455 - remove a patch that is now redundant + +* Fri Jun 20 2014 Pavel Šimerda - 0.12-4 +- update dnssec-trigger-script to current development submitted upstream + +* Wed Jun 18 2014 Pavel Šimerda - 0.12-3 +- Resolves: #1105896 - the new script doesn't call dnssec-trigger-control submit + +* Fri Jun 06 2014 Pavel Šimerda - 0.12-2 +- fix various dnssec-trigger-script issues + +* Fri May 23 2014 Tomas Hozza - 0.12-1 +- Update to 0.12 version +- Drop merged patches +- Drop downstream files (systemd, dispatcher scripts) + +* Tue May 13 2014 Paul Wouters - 0.11-21 +- Enable full hardening (includig PIE) +- Resolves: rhbz#1045689 dnssec-trigger creates long-time RSA key with inappropriate size + +* Wed Feb 19 2014 Tomas Hozza - 0.11-20 +- Restart NM on dnssec-trigger shutdown (let NM handle the resolv.conf content) +- HN-hook: Handle situation when connection does not have a device + +* Wed Jan 29 2014 Tomas Hozza - 0.11-19 +- Use new Python dispatcher script and ship /etc/dnssec.conf + +* Tue Jan 28 2014 Tomas Hozza - 0.11-18 +- Use systemd macros instead of directly calling systemctl +- simplify the systemd unit file for generating keys + +* Thu Nov 21 2013 Tomas Hozza - 0.11-17 +- Add script to backup and restore resolv.conf on dnssec-trigger start/stop + +* Mon Nov 18 2013 Tomas Hozza - 0.11-16 +- Improve GUI dialogs texts + +* Tue Nov 12 2013 Tomas Hozza - 0.11-15 +- Fix NM dispatcher script to work with NM >= 0.9.9.0 (#1029571) + +* Mon Aug 26 2013 Tomas Hozza - 0.11-14 +- Fix errors found by static analysis of source + +* Fri Aug 09 2013 Tomas Hozza - 0.11-13 +- Use improved NM dispatcher script from upstream +- Added tmpfiles.d config due to improved NM dispatcher script + +* Sat Aug 03 2013 Fedora Release Engineering - 0.11-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Mar 04 2013 Adam Tkac - 0.11-11 +- link dnssec-trigger.conf.8 to dnssec-trigger.8 +- build dnssec-triggerd with full RELRO + +* Mon Mar 04 2013 Adam Tkac - 0.11-10 +- remove deprecated "Application" keyword from desktop file + +* Mon Mar 04 2013 Adam Tkac - 0.11-9 +- install various dnssec-trigger-* symlinks to dnssec-trigger.8 manpage + +* Wed Feb 13 2013 Fedora Release Engineering - 0.11-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Jan 08 2013 Paul Wouters - 0.11-7 +- Use full path for systemd (rhbz#842455) + +* Tue Jul 24 2012 Paul Wouters - 0.11-6 +- Patched daemon to remove immutable attr (rhbz#842455) as the + systemd ExecStopPost= target does not seem to work + +* Tue Jul 24 2012 Paul Wouters - 0.11-5 +- On service stop, remove immutable attr from resolv.conf (rhbz#842455) + +* Wed Jul 18 2012 Fedora Release Engineering - 0.11-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jun 28 2012 Paul Wouters - 0.11-3 +- Fix DHCP hook for f17+ version of nmcli (rhbz#835298) + +* Sun Jun 17 2012 Paul Wouters - 0.11-2 +- Small textual changes to some popup windows + +* Fri Jun 15 2012 Paul Wouters - 0.11-1 +- Updated to 0.11 +- http Hotspot detection via fedoraproject.org/static/hotspot.html +- http Hotspot Login page via uses hotspot-nocache.fedoraproject.org + +* Thu Feb 23 2012 Paul Wouters - 0.10-4 +- Require: unbound + +* Wed Feb 22 2012 Paul Wouters - 0.10-3 +- Fix the systemd startup to require unbound +- dnssec-triggerd no longer forks, giving systemd more control +- Fire NM dispatcher in ExecStartPost of dnssec-triggerd.service +- Fix tcp80 entries in dnssec-triggerd.conf +- symlink dnssec-trigger-panel to dnssec-trigger to supress the + "-panel" in the applet name shown in gnome3 + + +* Wed Feb 22 2012 Paul Wouters - 0.10-2 +- The NM hook was not modified at the right time during build + +* Wed Feb 22 2012 Paul Wouters - 0.10-1 +- Updated to 0.10 +- The NM hook lacks /usr/sbin in path, resulting in empty resolv.conf on hotspot + +* Wed Feb 08 2012 Paul Wouters - 0.9-4 +- Updated tls443 / tls80 resolver instances supplied by Fedora Hosted + +* Mon Feb 06 2012 Paul Wouters - 0.9-3 +- Convert from SysV to systemd for initial Fedora release +- Moved configs and pem files to /etc/dnssec-trigger/ +- No more /var/run/dnssec-triggerd/ +- Fix Build-requires +- Added commented tls443 port80 entries of pwouters resolvers +- On uninstall ensure there is no immutable bit on /etc/resolv.conf + +* Sat Jan 07 2012 Paul Wouters - 0.9-2 +- Added LICENCE to doc section + +* Mon Dec 19 2011 Paul Wouters - 0.9-1 +- Upgraded to 0.9 + +* Fri Oct 28 2011 Paul Wouters - 0.7-1 +- Upgraded to 0.7 + +* Fri Sep 23 2011 Paul Wouters - 0.4-1 +- Upgraded to 0.4 + +* Sat Sep 17 2011 Paul Wouters - 0.3-5 +- Start 01-dnssec-trigger-hook in daemon start +- Ensure dnssec-triggerd starts after NetworkManager + +* Fri Sep 16 2011 Paul Wouters - 0.3-4 +- Initial package diff --git a/plans/public.fmf b/plans/public.fmf deleted file mode 100644 index e92437c..0000000 --- a/plans/public.fmf +++ /dev/null @@ -1,6 +0,0 @@ -summary: Run all beakerlib tests for dnssec-trigger -discover: - - name: fedora_tests_dnssec-trigger - how: fmf -execute: - how: tmt diff --git a/tests/.gitignore b/tests/.gitignore deleted file mode 100644 index f53babb..0000000 --- a/tests/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -.testinfo.tmt -.*.swp diff --git a/tests/Sanity/basic-functionality/main.fmf b/tests/Sanity/basic-functionality/main.fmf deleted file mode 100644 index 0bb8c12..0000000 --- a/tests/Sanity/basic-functionality/main.fmf +++ /dev/null @@ -1,9 +0,0 @@ -summary: Try starting dnssec-triggerd and use fallbacks -description: | - Use configured fallbacks manually by test_tcp and test_http commands. - Also check resolutions is actually working. -test: ./test.sh -framework: beakerlib -require: - - dnssec-trigger - - unbound diff --git a/tests/Sanity/basic-functionality/test.sh b/tests/Sanity/basic-functionality/test.sh deleted file mode 100755 index f014084..0000000 --- a/tests/Sanity/basic-functionality/test.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -MOVED_RESOLV_CONF="" - -wait_for_probe() { - while dnssec-trigger-control status | grep -q '^probe is in progress'; do - sleep 1 - done -} - -test_fallback() { - local TYPE=$1 - local HOST=$2 - - rlRun "dnssec-trigger-control test_${TYPE}" - wait_for_probe - sleep 1 - rlRun "dnssec-trigger-control status" - rlRun -s "unbound-host -rvD ${HOST}" 0 "Check dnssec works over ${TYPE} fallback" - rlAssertGrep '(secure)' $rlRun_LOG -} - -rlJournalStart - rlPhaseStartSetup - rlRun "tmp=\$(mktemp -d)" 0 "Create tmp directory" - rlAssertRpm dnssec-trigger - rlFileBackup --missing-ok /etc/resolv.conf - if test -L /etc/resolv.conf; then - MOVED_RESOLV_CONF="/etc/resolv-backup-$$.conf" - rlRun "mv /etc/resolv.conf ${MOVED_RESOLV_CONF}" - fi - rlRun "pushd $tmp" - rlServiceStart dnssec-triggerd - rlPhaseEnd - - rlPhaseStartTest - rlRun "dnssec-trigger-control status" - rlRun -s "unbound-host -rvD example.org" 0 "Check dnssec actually works" - rlAssertGrep '(secure)' $rlRun_LOG - - test_fallback tcp www.example.org - # This variant is not passing - #test_fallback http example.net - test_fallback ssl www.example.net - rlPhaseEnd - - rlPhaseStartCleanup - rlServiceRestore dnssec-triggerd - rlRun "popd" - if [ -n "$MOVED_RESOLV_CONF" ]; then - rm -f /etc/resolv.conf - rlRun "mv -f ${MOVED_RESOLV_CONF} /etc/resolv.conf" - fi - rlFileRestore - rlRun "rm -r $tmp" 0 "Remove tmp directory" - rlPhaseEnd -rlJournalEnd