# please remember to update the pkghashes below when you
# update this list, as well as the one in builder-dispatch.yml
default: >-
- el-7
el-8
el-9
- debian-buster
debian-bullseye
debian-bookworm
ubuntu-focal
matrix:
os: ${{fromJson(needs.prepare.outputs.oslist)}}
runner-os: ${{ fromJson(needs.prepare.outputs.runnerlist )}}
- exclude:
- - os: el-7
- runner-os: ubicloud-standard-2-arm
fail-fast: false
outputs:
product-name: ${{ steps.normalize-name.outputs.normalized-package-name }}
version: ${{ steps.getversion.outputs.version }}
- pkghashes-el-7-x86_64: ${{ steps.pkghashes.outputs.pkghashes-el-7-x86_64 }}
pkghashes-el-8-x86_64: ${{ steps.pkghashes.outputs.pkghashes-el-8-x86_64 }}
pkghashes-el-8-aarch64: ${{ steps.pkghashes.outputs.pkghashes-el-8-aarch64 }}
pkghashes-el-9-x86_64: ${{ steps.pkghashes.outputs.pkghashes-el-9-x86_64 }}
pkghashes-el-9-aarch64: ${{ steps.pkghashes.outputs.pkghashes-el-9-aarch64 }}
- pkghashes-debian-buster-x86_64: ${{ steps.pkghashes.outputs.pkghashes-debian-buster-x86_64 }}
- pkghashes-debian-buster-aarch64: ${{ steps.pkghashes.outputs.pkghashes-debian-buster-aarch64 }}
pkghashes-debian-bullseye-x86_64: ${{ steps.pkghashes.outputs.pkghashes-debian-bullseye-x86_64 }}
pkghashes-debian-bullseye-aarch64: ${{ steps.pkghashes.outputs.pkghashes-debian-bullseye-aarch64 }}
pkghashes-debian-bookworm-x86_64: ${{ steps.pkghashes.outputs.pkghashes-debian-bookworm-x86_64 }}
run: |
for os in ${{ inputs.os }}; do
for architecture in x86_64 ${{ vars.ARM64_USE_UBICLOUD == '1' && 'aarch64' || '' }}; do
- [[ "$os" != "el-7" || "$architecture" != "aarch64" ]] && echo "\"pkghashes-$os-$architecture\"" | tee -a /tmp/os-inputs.txt
+ echo "\"pkghashes-$os-$architecture\"" | tee -a /tmp/os-inputs.txt
done
done
sort -o /tmp/os-inputs.txt /tmp/os-inputs.txt
matrix:
os: ${{fromJson(needs.prepare.outputs.oslist)}}
architecture: ${{ fromJson(needs.prepare.outputs.archlist )}}
- exclude:
- - os: el-7
- architecture: aarch64
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
matrix:
os: ${{fromJson(needs.prepare.outputs.oslist)}}
architecture: ${{ fromJson(needs.prepare.outputs.archlist )}}
- exclude:
- - os: el-7
- architecture: aarch64
steps:
- name: Download source tarball provenance for ${{ inputs.product }} (${{ inputs.ref }})
id: download-src-provenance
type: string
# please remember to update build-packages.yml as well
default: >-
- el-7
el-8
el-9
- debian-buster
debian-bullseye
debian-bookworm
ubuntu-focal
matrix:
product: ['authoritative', 'recursor', 'dnsdist']
os:
- - el-7
- el-8
- centos-9-stream
- ubuntu-noble
- debian-trixie
- amazon-2023
runner-os: ${{ fromJson(needs.prepare.outputs.runnerlist )}}
- exclude:
- - os: el-7
- runner-os: ubicloud-standard-2-arm
fail-fast: false
steps:
- uses: actions/checkout@v4
Adding a new OS is usually easy, provided that it does not differ too much from an existing one. For example, to add support for Debian Bookworm (already present in the current repository), one had to:
-Copy the existing instructions for Debian Buster:
+Copy the existing instructions for Debian bullseye:
```
-cp builder-support/dockerfiles/Dockerfile.target.debian-buster builder-support/dockerfiles/Dockerfile.target.debian-bookworm
+cp builder-support/dockerfiles/Dockerfile.target.debian-bullseye builder-support/dockerfiles/Dockerfile.target.debian-bookworm
```
-In the new `builder-support/dockerfiles/Dockerfile.target.debian-bookworm` file, replace every occurrence of `debian-buster` by `debian-bookworm`, and of `debian:buster` by `debian:bookworm`
+In the new `builder-support/dockerfiles/Dockerfile.target.debian-bookworm` file, replace every occurrence of `debian-bullseye` by `debian-bookworm`, and of `debian:bullseye` by `debian:bookworm`
Then add the new target to the list of OSes in the `.github/workflows/builder-dispatch.yml` workflow file:
```
default: >-
- el-7
el-8
el-9
- debian-buster
debian-bullseye
debian-bookworm
ubuntu-focal
``
```
default: >-
- el-7
el-8
el-9
- debian-buster
debian-bullseye
debian-bookworm
ubuntu-focal
Not forgetting to update the list of hashes later in the same file:
```
-pkghashes-el-7: ${{ steps.pkghashes.outputs.pkghashes-el-7 }}
pkghashes-el-8: ${{ steps.pkghashes.outputs.pkghashes-el-8 }}
pkghashes-el-9: ${{ steps.pkghashes.outputs.pkghashes-el-9 }}
-pkghashes-debian-buster: ${{ steps.pkghashes.outputs.pkghashes-debian-buster }}
pkghashes-debian-bullseye: ${{ steps.pkghashes.outputs.pkghashes-debian-bullseye }}
pkghashes-debian-bookworm: ${{ steps.pkghashes.outputs.pkghashes-debian-bookworm }}
pkghashes-ubuntu-focal: ${{ steps.pkghashes.outputs.pkghashes-ubuntu-focal }}
'rec-48', 'rec-49', 'rec-50', 'rec-51', 'rec-master',
'dnsdist-17', 'dnsdist-18', 'dnsdist-19', 'dnsdist-master']:
write_pkg_pin_file(release)
- write_dockerfile('el', '7', release)
write_dockerfile('el', '8', release)
write_dockerfile('el', '9', release)
- write_dockerfile('debian', 'buster', release)
- write_list_file('debian', 'buster', release)
write_dockerfile('debian', 'bullseye', release)
write_list_file('debian', 'bullseye', release)
write_dockerfile('ubuntu', 'focal', release)
returned_versions = []
print('=== testing {} ({}) ==='.format(release, arch))
for df in dockerfiles:
- if arch == 'aarch64' and str(df).endswith('el-7'):
- continue
if arch == 'aarch64' and not release in ['rec-49', 'rec-50', 'rec-51', 'rec-master',
'dnsdist-19', 'dnsdist-master']:
continue
+++ /dev/null
-[centos-sclo-rh]
-name=CentOS-6 - SCLo rh
-baseurl=http://vault.centos.org/centos/6/sclo/$basearch/rh/
-#mirrorlist=http://mirrorlist.centos.org?arch=$basearch&release=6&repo=sclo-rh
-gpgcheck=1
-enabled=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo
-
+++ /dev/null
-[base]
-name=CentOS-6.10 - Base
-baseurl=http://vault.centos.org/6.10/os/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
-enabled=1
-
-[updates]
-name=CentOS-6.10 - Updates
-baseurl=http://vault.centos.org/6.10/updates/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
-enabled=1
-
-[extras]
-name=CentOS-6.10 - Extras
-baseurl=http://vault.centos.org/6.10/extras/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
-enabled=1
-
-[contrib]
-name=CentOS-6.10 - Contrib
-baseurl=http://vault.centos.org/6.10/contrib/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
-enabled=1
-
-[centosplus]
-name=CentOS-6.10 - CentOSPlus
-baseurl=http://vault.centos.org/6.10/centosplus/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
-enabled=1
FROM dist-base as package-builder
-RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \
- yum upgrade -y && \
- yum install -y rpm-build rpmdevtools python2 python3 curl jq "@Development Tools"; \
- else \
- yum upgrade -y && \
- yum install --allowerasing -y rpm-build rpmdevtools python3 curl jq "@Development Tools"; \
- fi
+RUN yum upgrade -y && \
+ yum install --allowerasing -y rpm-build rpmdevtools python3 curl jq "@Development Tools"
RUN mkdir /dist /pdns
WORKDIR /pdns
@ENDIF
@IF [ -n "$M_dnsdist$M_all" ]
-# We do not build Quiche (DNS over QUIC support) on el-7 because the clang
-# version is too old to build the 'boring-sys' crate needed by Quiche
-RUN if ! $(grep -q 'release 7' /etc/redhat-release); then \
- cd /pdns/builder-support/helpers/ && ./install_rust.sh; \
- yum install -y git cmake clang; \
- cd /pdns/builder-support/helpers/ && \
- ./install_quiche.sh; \
- fi
+RUN cd /pdns/builder-support/helpers/ && ./install_rust.sh; \
+ yum install -y git cmake clang; \
+ cd /pdns/builder-support/helpers/ && \
+ ./install_quiche.sh
@ENDIF
# Used for -p option to only build specific spec files
RUN find /pdns/builder-support/specs/ -not -name '*.spec' -exec ln -s {} /root/rpmbuild/SOURCES/ \;
@IF [ -n "$M_authoritative$M_all" ]
-RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \
- scl enable devtoolset-11 -- builder/helpers/build-specs.sh builder-support/specs/pdns.spec; \
- elif $(grep -q 'release 8' /etc/redhat-release); then \
+RUN touch /var/lib/rpm/* && if $(grep -q 'release 8' /etc/redhat-release); then \
scl enable gcc-toolset-13 -- builder/helpers/build-specs.sh builder-support/specs/pdns.spec; \
else \
builder/helpers/build-specs.sh builder-support/specs/pdns.spec; \
@ENDIF
@IF [ -n "$M_recursor$M_all" ]
-RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \
- scl enable devtoolset-11 -- builder/helpers/build-specs.sh builder-support/specs/pdns-recursor.spec; \
- elif $(grep -q 'release 8' /etc/redhat-release); then \
+RUN touch /var/lib/rpm/* && if $(grep -q 'release 8' /etc/redhat-release); then \
scl enable gcc-toolset-13 -- builder/helpers/build-specs.sh builder-support/specs/pdns-recursor.spec; \
else \
builder/helpers/build-specs.sh builder-support/specs/pdns-recursor.spec; \
@IF [ -n "$M_dnsdist$M_all" ]
-# --allowerasing does not exist on el7, so we fall back to just installing
-# this is fine because --allowerasing is only there to deal with libcurl conflicting with libcurl-minimal on some el9 images
RUN touch /var/lib/rpm/* && mkdir /libh2o && cd /libh2o && \
- yum install -y --allowerasing curl libcurl openssl-devel cmake || yum install -y curl libcurl openssl-devel cmake && \
+ dnf install -y --allowerasing curl libcurl openssl-devel cmake && \
cd /pdns/builder-support/helpers/ && \
./install_h2o.sh
-RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \
- scl enable devtoolset-11 -- builder/helpers/build-specs.sh builder-support/specs/dnsdist.spec; \
- elif $(grep -q 'release 8' /etc/redhat-release); then \
+RUN touch /var/lib/rpm/* && if $(grep -q 'release 8' /etc/redhat-release); then \
scl enable gcc-toolset-13 -- builder/helpers/build-specs.sh builder-support/specs/dnsdist.spec; \
else \
builder/helpers/build-specs.sh builder-support/specs/dnsdist.spec; \
@ENDIF
# Generate provenance
-@IF [ "${BUILDER_TARGET}" = "el-7" -o "${BUILDER_TARGET}" = "centos-7" ]
-@EVAL RUN python builder/helpers/generate-yum-provenance.py /dist/packages-${BUILDER_TARGET}.json || python3 builder/helpers/generate-yum-provenance.py /dist/packages-${BUILDER_TARGET}.json
-@ENDIF
-@IF [ "${BUILDER_TARGET}" != "el-7" -a "${BUILDER_TARGET}" != "centos-7" ]
@EVAL RUN python builder/helpers/generate-dnf-provenance.py /dist/packages-${BUILDER_TARGET}.json || python3 builder/helpers/generate-dnf-provenance.py /dist/packages-${BUILDER_TARGET}.json
-@ENDIF
# mv across layers with overlay2 is buggy in some kernel versions (results in empty dirs)
# See: https://github.com/moby/moby/issues/33733
ARG BUILDER_VERSION
@EVAL ARG BUILDER_TARGET=${BUILDER_TARGET}
-# No SBOM on el-7, which only has Python 2 and will be EOL soon anyway
RUN touch /var/lib/rpm/* && \
- if ! $(grep -q 'release 7' /etc/redhat-release); then \
- yum install -y python3 python3-dnf; \
- fi
+ yum install -y python3 python3-dnf
ADD builder-support/helpers/ /pdns/builder-support/helpers/
@IF [ -n "$M_recursor$M_all" ]
RUN cd /pdns/builder-support/helpers/ && \
- if ! $(grep -q 'release 7' /etc/redhat-release); then \
- python3 generate-sbom-dnf.py /dist/pdns-recursor-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json pdns-recursor rust.json; \
- fi
+ python3 generate-sbom-dnf.py /dist/pdns-recursor-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json pdns-recursor rust.json
@ENDIF
@IF [ -n "$M_dnsdist$M_all" ]
RUN cd /pdns/builder-support/helpers/; \
- if ! $(grep -q 'release 7' /etc/redhat-release); then \
- python3 generate-sbom-dnf.py /dist/dnsdist-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json dnsdist rust.json quiche.json h2o.json; \
- fi
+ python3 generate-sbom-dnf.py /dist/dnsdist-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json dnsdist rust.json quiche.json h2o.json
@ENDIF
@IF [ -n "$M_authoritative$M_all" ]
RUN cd /pdns/builder-support/helpers/ && \
- if ! $(grep -q 'release 7' /etc/redhat-release); then \
- for pkg in $(dnf list installed 'pdns*' | grep -E ^'pdns' | grep -vE '\-debuginfo|\-debugsource' | cut -d. -f1); do \
+ for pkg in $(dnf list installed 'pdns*' | grep -E ^'pdns' | grep -vE '\-debuginfo|\-debugsource' | cut -d. -f1); do \
python3 generate-sbom-dnf.py /dist/${pkg}-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json ${pkg}; \
- done; \
- fi
+ done
@ENDIF
+++ /dev/null
-# First do the source builds
-@INCLUDE Dockerfile.target.sdist
-
-# This defines the distribution base layer
-# Put only the bare minimum of common commands here, without dev tools
-FROM amazonlinux:2 as dist-base
-ARG BUILDER_CACHE_BUSTER=
-RUN touch /var/lib/rpm/* && amazon-linux-extras install epel -y
-
-# Do the actual rpm build
-@INCLUDE Dockerfile.rpmbuild
-
-# Do a test install and verify
-# Can be skipped with skippackagetest=1 in the environment
-@EXEC [ "$skippackagetest" = "" ] && include Dockerfile.rpmtest
+++ /dev/null
-# First do the source builds
-@INCLUDE Dockerfile.target.sdist
-
-# This defines the distribution base layer
-# Put only the bare minimum of common commands here, without dev tools
-FROM centos:7 as dist-base
-
-ARG BUILDER_CACHE_BUSTER=
-RUN touch /var/lib/rpm/* && yum install -y epel-release centos-release-scl-rh
-RUN touch /var/lib/rpm/* && yum install -y --nogpgcheck devtoolset-11-gcc-c++
-
-# Do the actual rpm build
-@INCLUDE Dockerfile.rpmbuild
-
-# Do a test install and verify
-# Can be skipped with skippackagetest=1 in the environment
-@EXEC [ "$skippackagetest" = "" ] && include Dockerfile.rpmtest
+++ /dev/null
-# First do the source builds
-@INCLUDE Dockerfile.target.sdist
-
-FROM debian:buster as dist-base
-
-ARG BUILDER_CACHE_BUSTER=
-ARG APT_URL
-RUN apt-get update && apt-get -y dist-upgrade
-
-@INCLUDE Dockerfile.debbuild-prepare
-
-@IF [ -n "$M_authoritative$M_all" ]
-ADD builder-support/debian/authoritative/debian-buster/ pdns-${BUILDER_VERSION}/debian/
-@ENDIF
-
-@IF [ -n "$M_recursor$M_all" ]
-ADD builder-support/debian/recursor/debian-buster/ pdns-recursor-${BUILDER_VERSION}/debian/
-@ENDIF
-
-@IF [ -n "$M_dnsdist$M_all" ]
-ADD builder-support/debian/dnsdist/debian-buster/ dnsdist-${BUILDER_VERSION}/debian/
-@ENDIF
-
-@INCLUDE Dockerfile.debbuild
-
-# Do a test install and verify
-# Can be skipped with skiptests=1 in the environment
-# @EXEC [ "$skiptests" = "" ] && include Dockerfile.debtest
+++ /dev/null
-Dockerfile.target.oraclelinux-7
\ No newline at end of file
+++ /dev/null
-# First do the source builds
-@INCLUDE Dockerfile.target.sdist
-
-# This defines the distribution base layer
-# Put only the bare minimum of common commands here, without dev tools
-FROM oraclelinux:7 as dist-base
-
-ARG BUILDER_CACHE_BUSTER=
-RUN touch /var/lib/rpm/* && yum install -y oracle-epel-release-el7 oracle-softwarecollection-release-el7 && \
- yum-config-manager --add-repo=http://yum.oracle.com/repo/OracleLinux/OL7/optional/developer/$(uname -m)/ && \
- yum install -y --nogpgcheck devtoolset-11-gcc-c++ scl-utils
-
-# Do the actual rpm build
-@INCLUDE Dockerfile.rpmbuild
-
-# Do a test install and verify
-# Can be skipped with skippackagetest=1 in the environment
-@EXEC [ "$skippackagetest" = "" ] && include Dockerfile.rpmtest
+++ /dev/null
-# First do the source builds
-@INCLUDE Dockerfile.target.sdist
-
-FROM resin/rpi-raspbian:buster as dist-base
-ARG BUILDER_CACHE_BUSTER=
-ARG APT_URL
-RUN apt-get update && apt-get -y dist-upgrade
-
-@INCLUDE Dockerfile.debbuild-prepare
-
-@IF [ -n "$M_authoritative$M_all" ]
-ADD builder-support/debian/authoritative/debian-buster/ pdns-${BUILDER_VERSION}/debian/
-@ENDIF
-
-@IF [ -n "$M_recursor$M_all" ]
-ADD builder-support/debian/recursor/debian-buster/ pdns-recursor-${BUILDER_VERSION}/debian/
-@ENDIF
-
-@IF [ -n "$M_dnsdist$M_all" ]
-ADD builder-support/debian/dnsdist/debian-buster/ dnsdist-${BUILDER_VERSION}/debian/
-@ENDIF
-
-@INCLUDE Dockerfile.debbuild
-
-# Do a test install and verify
-# Can be skipped with skiptests=1 in the environment
-# @EXEC [ "$skiptests" = "" ] && include Dockerfile.debtest
BuildRequires: systemd-devel
%endif
-%if 0%{?rhel} < 8 && 0%{?amzn} != 2023
-BuildRequires: boost169-devel
-%else
BuildRequires: boost-devel
BuildRequires: python3-pyyaml
-%endif
-
-%if 0%{?rhel} >= 8
BuildRequires: clang
BuildRequires: lld
-%endif
-%if 0%{?rhel} >= 7 || 0%{?amzn} == 2023
BuildRequires: gnutls-devel
BuildRequires: libcap-devel
BuildRequires: libnghttp2-devel
BuildRequires: systemd-devel
BuildRequires: systemd-units
BuildRequires: tinycdb-devel
-%if 0%{?amzn} != 2023
BuildRequires: libsodium-devel
BuildRequires: net-snmp-devel
-%endif
-%endif
%if 0%{?suse_version}
Requires(pre): shadow
%systemd_requires
%endif
-%if 0%{?rhel} >= 7 || 0%{?amzn} == 2023
Requires(pre): shadow-utils
BuildRequires: fstrm-devel
%systemd_requires
-%endif
%if ( "%{_arch}" != "aarch64" && 0%{?rhel} >= 8 ) || ( "%{_arch}" == "aarch64" && 0%{?rhel} >= 9 )
BuildRequires: libbpf-devel
BuildRequires: libxdp-devel
%autosetup -p1 -n %{name}-%{getenv:BUILDER_VERSION}
%build
-%if 0%{?rhel} < 8
-export CPPFLAGS=-I/usr/include/boost169
-export LDFLAGS=-L/usr/lib64/boost169
-%endif
%if 0%{?rhel} >= 8
# We need to build with LLVM/clang to be able to use LTO, since we are linking against a static Rust library built with LLVM
export CC=clang
# build-id SHA1 prevents an issue with the debug symbols ("export: `-Wl,--build-id=sha1': not a valid identifier")
# and the --no-as-needed -ldl an issue with the dlsym not being found ("ld.lld: error: undefined symbol: dlsym eferenced by weak.rs:142 (library/std/src/sys/pal/unix/weak.rs:142) [...] in archive ./dnsdist-rust-lib/rust/libdnsdist_rust.a)
export LDFLAGS="-fuse-ld=lld -Wl,--build-id=sha1 -Wl,--no-as-needed -ldl"
-%endif
export AR=gcc-ar
export RANLIB=gcc-ranlib
--enable-systemd --with-systemd=%{_unitdir} \
--without-net-snmp
%endif
-%if 0%{?rhel} >= 7 || 0%{?amzn} == 2023
--enable-dnstap \
--enable-dns-over-https \
--enable-systemd --with-systemd=%{_unitdir} \
--with-libcap \
--with-lua=%{lua_implementation} \
--with-re2 \
-%if 0%{?amzn} != 2023
--enable-dnscrypt \
--with-libsodium \
--with-net-snmp \
-%endif
-%if 0%{?rhel} >= 8 || 0%{?amzn} == 2023
--enable-dns-over-quic \
--enable-dns-over-http3 \
--with-quiche \
-%endif
-%if 0%{?rhel} >= 8
--enable-yaml \
-%endif
PKG_CONFIG_PATH=/usr/lib/pkgconfig:/opt/lib64/pkgconfig
%endif
%install
%make_install
install -d %{buildroot}/%{_sysconfdir}/dnsdist
-%if 0%{?rhel} >= 8 || 0%{?amzn} == 2023
install -Dm644 /usr/lib/libdnsdist-quiche.so %{buildroot}/%{_libdir}/libdnsdist-quiche.so
-%endif
%{__mv} %{buildroot}%{_sysconfdir}/dnsdist/dnsdist.conf-dist %{buildroot}%{_sysconfdir}/dnsdist/dnsdist.conf
chmod 0640 %{buildroot}/%{_sysconfdir}/dnsdist/dnsdist.conf
%if 0%{?suse_version}
%service_add_post %{name}.service
%endif
-%if 0%{?rhel} >= 7
systemctl daemon-reload ||:
%systemd_post %{name}.service
-%endif
%preun
%if 0%{?suse_version}
%service_del_preun %{name}.service
%endif
-%if 0%{?rhel} >= 7
%systemd_preun %{name}.service
-%endif
%postun
%if 0%{?suse_version}
%service_del_postun %{name}.service
%endif
-%if 0%{?rhel} >= 7
%systemd_postun_with_restart %{name}.service
-%endif
%files
%{!?_licensedir:%global license %%doc}
%doc README.md
%{_bindir}/*
-%if 0%{?rhel} >= 8 || 0%{?amzn} == 2023
%define __requires_exclude libdnsdist-quiche\\.so
%{_libdir}/libdnsdist-quiche.so
-%endif
%{_mandir}/man1/*
%dir %{_sysconfdir}/dnsdist
%attr(-, root, dnsdist) %config(noreplace) %{_sysconfdir}/%{name}/dnsdist.conf
Provides: powerdns-recursor = %{version}-%{release}
-%if 0%{?rhel} < 8 && 0%{?amzn} != 2023
-BuildRequires: boost169-devel
-%else
BuildRequires: boost-devel
-%endif
BuildRequires: libcap-devel
BuildRequires: systemd
BuildRequires: systemd-devel
BuildRequires: openssl-devel
BuildRequires: fstrm-devel
BuildRequires: libcurl-devel
-
-%if 0%{?amzn} != 2023
BuildRequires: net-snmp-devel
BuildRequires: libsodium-devel
-%endif
%ifarch aarch64
BuildRequires: lua-devel
%autosetup -p1 -n %{name}-%{getenv:BUILDER_VERSION}
%build
-%if 0%{?rhel} < 8
-export CPPFLAGS=-I/usr/include/boost169
-export LDFLAGS=-L/usr/lib64/boost169
-%endif
%configure \
--enable-option-checking=fatal \
--enable-dnstap \
--with-libcap \
--with-lua=%{lua_implementation} \
-%if 0%{?amzn} != 2023
--with-libsodium \
--with-net-snmp \
-%endif
--enable-systemd --with-systemd=%{_unitdir} \
--enable-nod
# The EL7 and 8 systemd actually supports %t, but its version number is older than that, so we do use seperate runtime dirs, but don't rely on RUNTIME_DIRECTORY
%if 0%{?rhel} < 9
sed -e 's!/pdns_recursor!& --socket-dir=%t/pdns-recursor!' -i %{buildroot}/%{_unitdir}/pdns-recursor.service
-%if 0%{?rhel} < 8
-sed -e 's!/pdns_recursor!& --socket-dir=%t/pdns-recursor-%i!' -e 's!RuntimeDirectory=pdns-recursor!&-%i!' -i %{buildroot}/%{_unitdir}/pdns-recursor@.service
-%endif
%endif
%pre
BuildRequires: systemd
BuildRequires: systemd-units
BuildRequires: systemd-devel
-
BuildRequires: krb5-devel
BuildRequires: p11-kit-devel
BuildRequires: libcurl-devel
-%if 0%{?rhel} < 8 && 0%{?amzn} != 2023
-BuildRequires: boost169-devel
-%else
BuildRequires: boost-devel
-%endif
BuildRequires: bison
BuildRequires: openssl-devel
-
-%if 0%{?amzn} != 2023
BuildRequires: libsodium-devel
-%endif
-
Requires(pre): shadow-utils
%ifarch aarch64
Summary: MySQL backend for %{name}
Group: System Environment/Daemons
Requires: %{name}%{?_isa} = %{version}-%{release}
-%if 0%{?rhel} < 8 && 0%{?amzn} != 2023
-BuildRequires: mysql-devel
-%else
BuildRequires: mariadb-connector-c-devel
-%endif
%global backends %{backends} gmysql
%description backend-mysql
Group: System Environment/Daemons
Requires: %{name}%{?_isa} = %{version}-%{release}
BuildRequires: yaml-cpp-devel
-%if 0%{?rhel} < 9 && 0%{?amzn} != 2023
-BuildRequires: geoip-devel
-%endif
BuildRequires: libmaxminddb-devel
%global backends %{backends} geoip
%description backend-tinydns
This package contains the TinyDNS backend for %{name}
-%if 0%{?amzn} != 2
%package ixfrdist
BuildRequires: yaml-cpp-devel
Summary: A program to redistribute zones over AXFR and IXFR
%description ixfrdist
This package contains the ixfrdist program.
-%endif
%prep
%autosetup -p1 -n %{name}-%{getenv:BUILDER_VERSION}
%build
export CPPFLAGS="-DLDAP_DEPRECATED"
-%if 0%{?rhel} < 8
-export CPPFLAGS=-I/usr/include/boost169
-export LDFLAGS=-L/usr/lib64/boost169
-%endif
-
%configure \
--enable-option-checking=fatal \
--sysconfdir=%{_sysconfdir}/%{name} \
--with-lua=%{lua_implementation} \
--with-dynmodules='%{backends}' \
--enable-tools \
-%if 0%{?amzn} != 2023
--with-libsodium \
-%endif
-%if 0%{?amzn} != 2
--enable-ixfrdist \
-%endif
--enable-unit-tests \
--enable-lua-records \
--enable-experimental-pkcs11 \
# The EL7 and 8 systemd actually supports %t, but its version number is older than that, so we do use seperate runtime dirs, but don't rely on RUNTIME_DIRECTORY
%if 0%{?rhel} < 9
sed -e 's!/pdns_server!& --socket-dir=%t/pdns!' -i %{buildroot}/%{_unitdir}/pdns.service
-%if 0%{?rhel} < 8
-sed -e 's!/pdns_server!& --socket-dir=%t/pdns-%i!' -e 's!RuntimeDirectory=pdns!&-%i!' -i %{buildroot}/%{_unitdir}/pdns@.service
-%endif
%endif
%check
fi
exit 0
-%if 0%{?rhel} >= 7
if [ "`stat -c '%U:%G' %{_sysconfdir}/%{name}`" = "root:root" ]; then
chown -R root:pdns /etc/powerdns
# Make sure that pdns can read it; the default used to be 0600
chmod g+r /etc/powerdns/pdns.conf
fi
chown -R pdns:pdns /var/lib/powerdns || :
-%endif
%post
systemctl daemon-reload ||:
%files backend-tinydns
%{_libdir}/%{name}/libtinydnsbackend.so
-%if 0%{?amzn} != 2
%files ixfrdist
%{_bindir}/ixfrdist
%{_mandir}/man1/ixfrdist.1.gz
%{_sysconfdir}/%{name}/ixfrdist.example.yml
%{_unitdir}/ixfrdist.service
%{_unitdir}/ixfrdist@.service
-%endif
projects / thirdparty / pdns.git / commitdiff
