unbound/unbound.nm

   1 ###############################################################################
   2 # IPFire.org    - An Open Source Firewall Solution                            #
   3 # Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
   4 ###############################################################################
   5
   6 name       = unbound
   7 version    = 1.17.0
   8 release    = 1
   9
  10 groups     = System/Daemons
  11 url        = https://www.nlnetlabs.nl/unbound/
  12 license    = BSD
  13 summary    = A validating, recursive, and caching DNS(SEC) resolver.
  14
  15 description
  16         Unbound is a validating, recursive, and caching DNS(SEC) resolver.
  17         The C implementation of Unbound is developed and maintained by NLnet
  18         Labs and is based on ideas and algorithms taken from a java prototype
  19         developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is
  20         designed as a set of modular components, so that also
  21         DNSSEC (secure DNS) validation and stub-resolvers are easily possible.
  22 end
  23
  24 source_dl  = https://www.unbound.net/downloads/
  25
  26 build
  27         requires
  28                 expat-devel
  29                 openssl-devel >= 1.0.1h-2
  30                 python3-devel >= 3.4
  31                 swig
  32         end
  33
  34         configure_options += \
  35                 --with-conf-file=%{sysconfdir}/%{name}/unbound.conf \
  36                 --with-pidfile=%{localstatedir}/run/%{name}/%{name}.pid \
  37                 --with-rootkey-file=%{sharedstatedir}/unbound/root.key \
  38                 --without-libevent \
  39                 --with-pthreads \
  40                 --disable-rpath \
  41                 --disable-static \
  42                 --with-ssl \
  43                 --enable-sha2 \
  44                 --with-pythonmodule \
  45                 --with-pyunbound PYTHON=%{python3}
  46
  47         prepare_cmds
  48                 %{create_user}
  49         end
  50
  51         test
  52                 make check
  53         end
  54
  55         install_cmds
  56                 # Create directories.
  57                 mkdir -pv %{BUILDROOT}%{localstatedir}/run/%{name}
  58                 mkdir -pv %{BUILDROOT}%{sharedstatedir}/%{name}
  59
  60                 # Directory for user specified and additional config files.
  61                 mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/conf.d/
  62
  63                 # Directory for stub and forward zones.
  64                 mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/local.d/
  65
  66                 # Directory for trusted-keys-file.
  67                 mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/keys.d/
  68
  69                 # Install unbound config file.
  70                 install -p -m 0664 %{DIR_SOURCE}/%{name}.conf \
  71                         %{BUILDROOT}%{sysconfdir}/%{name}/
  72
  73                 # Install pem file for icannbundle.
  74                 install -p -m 0664 %{DIR_SOURCE}/icannbundle.pem \
  75                         %{BUILDROOT}%{sysconfdir}/%{name}/
  76
  77                 # Install root and DLV keys.
  78                 install -p -m 0644 %{DIR_SOURCE}/root.key \
  79                         %{BUILDROOT}%{sysconfdir}/%{name}/
  80                 install -p -m 0664 %{DIR_SOURCE}/dlv.isc.org.key \
  81                         %{BUILDROOT}%{sysconfdir}/%{name}/
  82                 install -p -m 0664 %{DIR_SOURCE}/root.anchor \
  83                         %{BUILDROOT}%{sharedstatedir}/%{name}/root.key
  84
  85                 # Fix ownership.
  86                 chown -R unbound:unbound %{BUILDROOT}%{sharedstatedir}/%{name}/
  87         end
  88 end
  89
  90 create_user
  91         getent group unound >/dev/null || /usr/sbin/groupadd -r unbound
  92         getent passwd unbound >/dev/null || /usr/sbin/useradd -r -g unbound \
  93                 -d %{sysconfdir}/%{name} -s /sbin/nologin unbound
  94 end
  95
  96 packages
  97         package %{name}
  98                 prerequires
  99                         shadow-utils
 100                         systemd-units
 101                 end
 102
 103                 requires += \
 104                         openssl >= 1.0.1h-2
 105
 106                 configfiles
 107                         %{sysconfdir}/%{name}.conf
 108                 end
 109
 110                 datafiles
 111                         %{sysconfdir}/%{name}/conf.d/
 112                         %{sysconfdir}/%{name}/local.d/
 113                         %{sysconfdir}/%{name}/keys.d/
 114                 end
 115
 116                 script prein
 117                         %{create_user}
 118                 end
 119
 120                 script postin
 121                         /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 122
 123                         # Enable root anchor for DNSSEC validation.
 124                         systemctl enable unbound-anchor.timer >/dev/null 2>&1 || :
 125                 end
 126
 127                 script preun
 128                         systemctl --no-reload disable unbound-anchor.timer >/dev/null 2>&1 || :
 129                         systemctl --no-reload disable unbound-keygen.service >/dev/null 2>&1 || :
 130                         systemctl --no-reload disable unbound.service >/dev/null 2>&1 || :
 131                         systemctl stop unbound.service >/dev/null 2>&1 || :
 132                         systemctl stop unbound-keygen.service >/dev/null 2>&1 || :
 133                 end
 134
 135                 script postun
 136                         systemctl daemon-reload >/dev/null 2>&1 || :
 137                 end
 138
 139                 script postup
 140                         systemctl daemon-reload >/dev/null 2>&1 || :
 141                         systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
 142                         systemctl try-restart unbound.service >/dev/null 2>&1 || :
 143                 end
 144         end
 145
 146         package %{name}-libs
 147                 template LIBS
 148         end
 149
 150         package python3-%{name}
 151                 template PYTHON3
 152         end
 153
 154         package %{name}-devel
 155                 template DEVEL
 156         end
 157
 158         package %{name}-debuginfo
 159                 template DEBUGINFO
 160         end
 161 end