[people/stevee/ipfire-3.x.git] / unbound / unbound.nm

###############################################################################
# IPFire.org    - An Open Source Firewall Solution                            #
# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
###############################################################################

name       = unbound
version    = 1.17.0
release    = 4

groups     = System/Daemons
url        = https://www.nlnetlabs.nl/unbound/
license    = BSD
summary    = A validating, recursive, and caching DNS(SEC) resolver.

description
	Unbound is a validating, recursive, and caching DNS(SEC) resolver.
	The C implementation of Unbound is developed and maintained by NLnet
	Labs and is based on ideas and algorithms taken from a java prototype
	developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is
	designed as a set of modular components, so that also
	DNSSEC (secure DNS) validation and stub-resolvers are easily possible.
end

source_dl  = https://www.unbound.net/downloads/

build
	requires
		expat-devel
		openssl-devel >= 1.0.1h-2
		python3-devel >= 3.4
		swig
	end

	configure_options += \
		--with-conf-file=%{sysconfdir}/%{name}/unbound.conf \
		--with-pidfile=/run/%{name}/%{name}.pid \
		--with-rootkey-file=%{sharedstatedir}/unbound/root.key \
		--without-libevent \
		--with-pthreads \
		--disable-rpath \
		--disable-static \
		--with-ssl \
		--enable-sha2 \
		--with-pythonmodule \
		--with-pyunbound PYTHON=%{python3}

	prepare_cmds
		%{create_user}
	end

	test
		make check
	end

	install_cmds
		# Directory for user specified and additional config files.
		mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/conf.d/

		# Directory for stub and forward zones.
		mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/local.d/

		# Directory for trusted-keys-file.
		mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/keys.d/

		# Directory for the root anchor.
		mkdir -pv %{BUILDROOT}%{sharedstatedir}/%{name}

		# Install unbound config file.
		install -p -m 0664 %{DIR_SOURCE}/%{name}.conf \
			%{BUILDROOT}%{sysconfdir}/%{name}/

		# Install pem file for icannbundle.
		install -p -m 0664 %{DIR_SOURCE}/icannbundle.pem \
			%{BUILDROOT}%{sysconfdir}/%{name}/

		# Install root and DLV keys.
		install -p -m 0644 %{DIR_SOURCE}/root.key \
			%{BUILDROOT}%{sysconfdir}/%{name}/
		install -p -m 0664 %{DIR_SOURCE}/dlv.isc.org.key \
			%{BUILDROOT}%{sysconfdir}/%{name}/
		install -p -m 0664 %{DIR_SOURCE}/root.anchor \
			%{BUILDROOT}%{sharedstatedir}/%{name}/root.key

		# Fix ownership.
		chown -R unbound:unbound %{BUILDROOT}%{sharedstatedir}/%{name}/
	end
end

create_user
	getent group unound >/dev/null || /usr/sbin/groupadd -r unbound
	getent passwd unbound >/dev/null || /usr/sbin/useradd -r -g unbound \
		-d %{sysconfdir}/%{name} -s /sbin/nologin unbound
end

packages
	package %{name}
		prerequires
			shadow-utils
			systemd-units
		end

		requires += \
			openssl >= 1.0.1h-2

		configfiles
			%{sysconfdir}/%{name}.conf
		end

		datafiles
			%{sysconfdir}/%{name}/conf.d/
			%{sysconfdir}/%{name}/local.d/
			%{sysconfdir}/%{name}/keys.d/
		end

		script prein
			%{create_user}
		end

		script postin
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :

			# Enable root anchor for DNSSEC validation.
			systemctl enable unbound-anchor.timer >/dev/null 2>&1 || :
		end

		script preun
			systemctl --no-reload disable unbound-anchor.timer >/dev/null 2>&1 || :
			systemctl --no-reload disable unbound-keygen.service >/dev/null 2>&1 || :
			systemctl --no-reload disable unbound.service >/dev/null 2>&1 || :
			systemctl stop unbound.service >/dev/null 2>&1 || :
			systemctl stop unbound-keygen.service >/dev/null 2>&1 || :
		end

		script postun
			systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script postup
			systemctl daemon-reload >/dev/null 2>&1 || :
			systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
			systemctl try-restart unbound.service >/dev/null 2>&1 || :
		end
	end

	package %{name}-libs
		template LIBS
	end

	package python3-%{name}
		template PYTHON3
	end

	package %{name}-devel
		template DEVEL
	end

	package %{name}-debuginfo
		template DEBUGINFO
	end
end
Commit	Line	Data
23621ada SS	1	###############################################################################
	2	# IPFire.org - An Open Source Firewall Solution #
	3	# Copyright (C) - IPFire Development Team <info@ipfire.org> #
	4	###############################################################################
	5
	6	name = unbound
8be412d9	7	version = 1.17.0
65b29138	8	release = 4
23621ada SS	9
23621ada SS	10	groups = System/Daemons
8be412d9	11	url = https://www.nlnetlabs.nl/unbound/
23621ada SS	12	license = BSD
	13	summary = A validating, recursive, and caching DNS(SEC) resolver.
	14
	15	description
	16	Unbound is a validating, recursive, and caching DNS(SEC) resolver.
	17	The C implementation of Unbound is developed and maintained by NLnet
	18	Labs and is based on ideas and algorithms taken from a java prototype
	19	developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is
	20	designed as a set of modular components, so that also
	21	DNSSEC (secure DNS) validation and stub-resolvers are easily possible.
	22	end
	23
8be412d9	24	source_dl = https://www.unbound.net/downloads/
23621ada SS	25
	26	build
	27	requires
	28	expat-devel
23621ada SS	29	openssl-devel >= 1.0.1h-2
	30	python3-devel >= 3.4
	31	swig
	32	end
	33
	34	configure_options += \
	35	--with-conf-file=%{sysconfdir}/%{name}/unbound.conf \
ebb66ccf	36	--with-pidfile=/run/%{name}/%{name}.pid \
23621ada	37	--with-rootkey-file=%{sharedstatedir}/unbound/root.key \
8be412d9	38	--without-libevent \
23621ada SS	39	--with-pthreads \
	40	--disable-rpath \
	41	--disable-static \
	42	--with-ssl \
	43	--enable-sha2 \
	44	--with-pythonmodule \
	45	--with-pyunbound PYTHON=%{python3}
	46
	47	prepare_cmds
	48	%{create_user}
	49	end
	50
	51	test
	52	make check
	53	end
	54
	55	install_cmds
23621ada SS	56	# Directory for user specified and additional config files.
	57	mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/conf.d/
	58
	59	# Directory for stub and forward zones.
	60	mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/local.d/
	61
	62	# Directory for trusted-keys-file.
	63	mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/keys.d/
	64
65b29138 SS	65	# Directory for the root anchor.
	66	mkdir -pv %{BUILDROOT}%{sharedstatedir}/%{name}
	67
23621ada SS	68	# Install unbound config file.
	69	install -p -m 0664 %{DIR_SOURCE}/%{name}.conf \
	70	%{BUILDROOT}%{sysconfdir}/%{name}/
	71
	72	# Install pem file for icannbundle.
	73	install -p -m 0664 %{DIR_SOURCE}/icannbundle.pem \
	74	%{BUILDROOT}%{sysconfdir}/%{name}/
	75
	76	# Install root and DLV keys.
	77	install -p -m 0644 %{DIR_SOURCE}/root.key \
	78	%{BUILDROOT}%{sysconfdir}/%{name}/
	79	install -p -m 0664 %{DIR_SOURCE}/dlv.isc.org.key \
	80	%{BUILDROOT}%{sysconfdir}/%{name}/
	81	install -p -m 0664 %{DIR_SOURCE}/root.anchor \
	82	%{BUILDROOT}%{sharedstatedir}/%{name}/root.key
	83
	84	# Fix ownership.
	85	chown -R unbound:unbound %{BUILDROOT}%{sharedstatedir}/%{name}/
	86	end
	87	end
	88
	89	create_user
	90	getent group unound >/dev/null \|\| /usr/sbin/groupadd -r unbound
	91	getent passwd unbound >/dev/null \|\| /usr/sbin/useradd -r -g unbound \
	92	-d %{sysconfdir}/%{name} -s /sbin/nologin unbound
	93	end
	94
	95	packages
	96	package %{name}
	97	prerequires
	98	shadow-utils
	99	systemd-units
	100	end
	101
	102	requires += \
	103	openssl >= 1.0.1h-2
	104
	105	configfiles
	106	%{sysconfdir}/%{name}.conf
	107	end
	108
	109	datafiles
	110	%{sysconfdir}/%{name}/conf.d/
	111	%{sysconfdir}/%{name}/local.d/
	112	%{sysconfdir}/%{name}/keys.d/
	113	end
	114
	115	script prein
	116	%{create_user}
	117	end
	118
	119	script postin
	120	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	121
	122	# Enable root anchor for DNSSEC validation.
	123	systemctl enable unbound-anchor.timer >/dev/null 2>&1 \|\| :
	124	end
	125
	126	script preun
	127	systemctl --no-reload disable unbound-anchor.timer >/dev/null 2>&1 \|\| :
	128	systemctl --no-reload disable unbound-keygen.service >/dev/null 2>&1 \|\| :
	129	systemctl --no-reload disable unbound.service >/dev/null 2>&1 \|\| :
	130	systemctl stop unbound.service >/dev/null 2>&1 \|\| :
	131	systemctl stop unbound-keygen.service >/dev/null 2>&1 \|\| :
132	end
133
134	script postun
135	systemctl daemon-reload >/dev/null 2>&1 \|\| :
136	end
137
138	script postup
139	systemctl daemon-reload >/dev/null 2>&1 \|\| :
140	systemctl try-restart unbound-keygen.service >/dev/null 2>&1 \|\| :
141	systemctl try-restart unbound.service >/dev/null 2>&1 \|\| :
142	end
143	end
144
145	package %{name}-libs
146	template LIBS
147	end
148
149	package python3-%{name}
150	template PYTHON3
151	end
152
153	package %{name}-devel
154	template DEVEL
155	end
156
157	package %{name}-debuginfo
158	template DEBUGINFO
159	end
160	end