rpms/dnssec-trigger
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:f43
rpms:main
rpms:f42
rpms:f40
rpms:f41
rpms:epel9
rpms:f38
rpms:f39
rpms:f37
rpms:f36
rpms:f35
rpms:f33
rpms:f34
rpms:f31
rpms:f32
rpms:f30
rpms:f29
rpms:f26
rpms:f27
rpms:f28
rpms:f25
rpms:f24
rpms:f22
rpms:f23
rpms:f21
rpms:f20
rpms:f19
rpms:f18
rpms:f16
rpms:f17
rpms:el6
..
compare: rpms:f41
Branches Tags
rpms:f43
rpms:main
rpms:rawhide
rpms:f42
rpms:f40
rpms:f41
rpms:epel9
rpms:f38
rpms:f39
rpms:f37
rpms:f36
rpms:f35
rpms:f33
rpms:f34
rpms:f31
rpms:f32
rpms:f30
rpms:f29
rpms:f26
rpms:f27
rpms:f28
rpms:f25
rpms:f24
rpms:f22
rpms:f23
rpms:f21
rpms:f20
rpms:f19
rpms:f18
rpms:f16
rpms:f17
rpms:el6

No commits in common. "rawhide" and "f41" have entirely different histories.
rawhide ... f41

2 changed files with 0 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

59
dnssec-trigger-0.17-server-recipe.patch
View file

@ -1,59 +0,0 @@
From f6b4cd17294d8faa8fd4d70110ac9da9916e7d61 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Wed, 20 Nov 2024 16:58:48 +0100
Subject: [PATCH] Add recipe for adding own server
Until someone adds nice support for using just CA bundle and server
name, allow specification by fingerprint obtained manually. Do not rely
only on server provided by upstream.
---
dnssec.conf | 4 ++--
example.conf.in | 6 +++++-
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/dnssec.conf b/dnssec.conf
index bf896d3..4726ca1 100644
--- a/dnssec.conf
+++ b/dnssec.conf
@@ -38,7 +38,7 @@
#
# - See also security notes on the `add_wifi_provided_zones` option.
#
-# validate_connection_provided_zones=yes
+# validate_connection_provided_zones=no
#
# - Connection provided zones will be configured in Unbound as secure forward
# zones, validated using DNSSEC.
@@ -63,7 +63,7 @@
# Turning this option off has security implications, See the security
# notice above.
#
-validate_connection_provided_zones=yes
+validate_connection_provided_zones=no
# add_wifi_provided_zones:
# ------------------------
diff --git a/example.conf.in b/example.conf.in
index dafd35d..f7e8a54 100644
--- a/example.conf.in
+++ b/example.conf.in
@@ -79,6 +79,11 @@ tcp80: 2a04:b900::10:0:0:67
ssl443: 185.49.140.67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
+# How to add your own record:
+# openssl s_client -connect example.com:443 -showcerts </dev/null > /tmp/dns.crt
+# openssl x509 -noout -in /tmp/dns.crt -fingerprint -sha256
+# Append returned sha256 Fingerprint after ssl443: IP-address section.
+
# Use VPN servers for all traffic
# use-vpn-forwarders: no
@@ -87,4 +92,3 @@ ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:
# Add domains provided by VPN connections into Unbound forward zones
# add-wifi-provided-zones: no
-
--
2.47.0

2
dnssec-trigger.spec
View file

@ -34,8 +34,6 @@ Patch5: dnssec-trigger-configure-c99.patch
# https://github.com/NLnetLabs/dnssec-trigger/commit/f187c2be221a26f3c4ef4d9b16f1df67104ae634
Patch6: dnssec-trigger-0.17-allowed-characters.patch
Patch7: dnssec-trigger-0.17-openssl-3.2.patch
# https://github.com/NLnetLabs/dnssec-trigger/pull/15
Patch8: dnssec-trigger-0.17-server-recipe.patch
# to obsolete the version in which the panel was in main package
Obsoletes: %{name} < 0.12-22