[ipfire-3.x.git] / unbound / unbound.nm

###############################################################################
# IPFire.org    - An Open Source Firewall Solution                            #
# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
###############################################################################

name       = unbound
version    = 1.6.8
release    = 1

groups     = System/Daemons
url        = http://www.nlnetlabs.nl/unbound/
license    = BSD
summary    = A validating, recursive, and caching DNS(SEC) resolver.

description
	Unbound is a validating, recursive, and caching DNS(SEC) resolver.
	The C implementation of Unbound is developed and maintained by NLnet
	Labs and is based on ideas and algorithms taken from a java prototype
	developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is
	designed as a set of modular components, so that also
	DNSSEC (secure DNS) validation and stub-resolvers are easily possible.
end

source_dl  = http://www.unbound.net/downloads/

build
	requires
		expat-devel
		libevent-devel
		openssl-devel >= 1.0.1h-2
		python3-devel >= 3.4
		swig
	end

	configure_options += \
		--with-conf-file=%{sysconfdir}/%{name}/unbound.conf \
		--with-pidfile=%{localstatedir}/run/%{name}/%{name}.pid \
		--with-rootkey-file=%{sharedstatedir}/unbound/root.key \
		--with-libevent \
		--with-pthreads \
		--disable-rpath \
		--disable-static \
		--with-ssl \
		--enable-sha2 \
		--with-pythonmodule \
		--with-pyunbound PYTHON=%{python3}

	prepare_cmds
		%{create_user}
	end

	test
		make check
	end

	install_cmds
		# Create directories.
		mkdir -pv %{BUILDROOT}%{localstatedir}/run/%{name}
		mkdir -pv %{BUILDROOT}%{sharedstatedir}/%{name}

		# Directory for user specified and additional config files.
		mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/conf.d/

		# Directory for stub and forward zones.
		mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/local.d/

		# Directory for trusted-keys-file.
		mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/keys.d/

		# Install unbound config file.
		install -p -m 0664 %{DIR_SOURCE}/%{name}.conf \
			%{BUILDROOT}%{sysconfdir}/%{name}/

		# Install pem file for icannbundle.
		install -p -m 0664 %{DIR_SOURCE}/icannbundle.pem \
			%{BUILDROOT}%{sysconfdir}/%{name}/

		# Install root and DLV keys.
		install -p -m 0644 %{DIR_SOURCE}/root.key \
			%{BUILDROOT}%{sysconfdir}/%{name}/
		install -p -m 0664 %{DIR_SOURCE}/dlv.isc.org.key \
			%{BUILDROOT}%{sysconfdir}/%{name}/
		install -p -m 0664 %{DIR_SOURCE}/root.anchor \
			%{BUILDROOT}%{sharedstatedir}/%{name}/root.key

		# Fix ownership.
		chown -R unbound:unbound %{BUILDROOT}%{sharedstatedir}/%{name}/
	end
end

create_user
	getent group unound >/dev/null || /usr/sbin/groupadd -r unbound
	getent passwd unbound >/dev/null || /usr/sbin/useradd -r -g unbound \
		-d %{sysconfdir}/%{name} -s /sbin/nologin unbound
end

packages
	package %{name}
		prerequires
			shadow-utils
			systemd-units
		end

		requires += \
			openssl >= 1.0.1h-2

		configfiles
			%{sysconfdir}/%{name}.conf
		end

		datafiles
			%{sysconfdir}/%{name}/conf.d/
			%{sysconfdir}/%{name}/local.d/
			%{sysconfdir}/%{name}/keys.d/
		end

		script prein
			%{create_user}
		end

		script postin
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :

			# Enable root anchor for DNSSEC validation.
			systemctl enable unbound-anchor.timer >/dev/null 2>&1 || :
		end

		script preun
			systemctl --no-reload disable unbound-anchor.timer >/dev/null 2>&1 || :
			systemctl --no-reload disable unbound-keygen.service >/dev/null 2>&1 || :
			systemctl --no-reload disable unbound.service >/dev/null 2>&1 || :
			systemctl stop unbound.service >/dev/null 2>&1 || :
			systemctl stop unbound-keygen.service >/dev/null 2>&1 || :
		end

		script postun
			systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script postup
			systemctl daemon-reload >/dev/null 2>&1 || :
			systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
			systemctl try-restart unbound.service >/dev/null 2>&1 || :
		end
	end

	package %{name}-libs
		template LIBS
	end

	package python3-%{name}
		template PYTHON3
	end

	package %{name}-devel
		template DEVEL
	end

	package %{name}-debuginfo
		template DEBUGINFO
	end
end
Commit	Line	Data
23621ada SS	1	###############################################################################
	2	# IPFire.org - An Open Source Firewall Solution #
	3	# Copyright (C) - IPFire Development Team <info@ipfire.org> #
	4	###############################################################################
	5
	6	name = unbound
932a6a7a	7	version = 1.6.8
23621ada SS	8	release = 1
	9
	10	groups = System/Daemons
	11	url = http://www.nlnetlabs.nl/unbound/
	12	license = BSD
	13	summary = A validating, recursive, and caching DNS(SEC) resolver.
	14
	15	description
	16	Unbound is a validating, recursive, and caching DNS(SEC) resolver.
	17	The C implementation of Unbound is developed and maintained by NLnet
	18	Labs and is based on ideas and algorithms taken from a java prototype
	19	developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is
	20	designed as a set of modular components, so that also
	21	DNSSEC (secure DNS) validation and stub-resolvers are easily possible.
	22	end
	23
	24	source_dl = http://www.unbound.net/downloads/
	25
	26	build
	27	requires
	28	expat-devel
	29	libevent-devel
	30	openssl-devel >= 1.0.1h-2
	31	python3-devel >= 3.4
	32	swig
	33	end
	34
	35	configure_options += \
	36	--with-conf-file=%{sysconfdir}/%{name}/unbound.conf \
	37	--with-pidfile=%{localstatedir}/run/%{name}/%{name}.pid \
	38	--with-rootkey-file=%{sharedstatedir}/unbound/root.key \
	39	--with-libevent \
	40	--with-pthreads \
	41	--disable-rpath \
	42	--disable-static \
	43	--with-ssl \
	44	--enable-sha2 \
	45	--with-pythonmodule \
	46	--with-pyunbound PYTHON=%{python3}
	47
	48	prepare_cmds
	49	%{create_user}
	50	end
	51
	52	test
	53	make check
	54	end
	55
	56	install_cmds
	57	# Create directories.
	58	mkdir -pv %{BUILDROOT}%{localstatedir}/run/%{name}
	59	mkdir -pv %{BUILDROOT}%{sharedstatedir}/%{name}
	60
	61	# Directory for user specified and additional config files.
	62	mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/conf.d/
	63
	64	# Directory for stub and forward zones.
	65	mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/local.d/
	66
	67	# Directory for trusted-keys-file.
	68	mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/keys.d/
	69
	70	# Install unbound config file.
	71	install -p -m 0664 %{DIR_SOURCE}/%{name}.conf \
72	%{BUILDROOT}%{sysconfdir}/%{name}/
73
74	# Install pem file for icannbundle.
75	install -p -m 0664 %{DIR_SOURCE}/icannbundle.pem \
76	%{BUILDROOT}%{sysconfdir}/%{name}/
77
78	# Install root and DLV keys.
79	install -p -m 0644 %{DIR_SOURCE}/root.key \
80	%{BUILDROOT}%{sysconfdir}/%{name}/
81	install -p -m 0664 %{DIR_SOURCE}/dlv.isc.org.key \
82	%{BUILDROOT}%{sysconfdir}/%{name}/
83	install -p -m 0664 %{DIR_SOURCE}/root.anchor \
84	%{BUILDROOT}%{sharedstatedir}/%{name}/root.key
85
86	# Fix ownership.
87	chown -R unbound:unbound %{BUILDROOT}%{sharedstatedir}/%{name}/
88	end
89	end
90
91	create_user
92	getent group unound >/dev/null \|\| /usr/sbin/groupadd -r unbound
93	getent passwd unbound >/dev/null \|\| /usr/sbin/useradd -r -g unbound \
94	-d %{sysconfdir}/%{name} -s /sbin/nologin unbound
95	end
96
97	packages
98	package %{name}
99	prerequires
100	shadow-utils
101	systemd-units
102	end
103
104	requires += \
105	openssl >= 1.0.1h-2
106
107	configfiles
108	%{sysconfdir}/%{name}.conf
109	end
110
111	datafiles
112	%{sysconfdir}/%{name}/conf.d/
113	%{sysconfdir}/%{name}/local.d/
114	%{sysconfdir}/%{name}/keys.d/
115	end
116
117	script prein
118	%{create_user}
119	end
120
121	script postin
122	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
123
124	# Enable root anchor for DNSSEC validation.
125	systemctl enable unbound-anchor.timer >/dev/null 2>&1 \|\| :
126	end
127
128	script preun
129	systemctl --no-reload disable unbound-anchor.timer >/dev/null 2>&1 \|\| :
130	systemctl --no-reload disable unbound-keygen.service >/dev/null 2>&1 \|\| :
131	systemctl --no-reload disable unbound.service >/dev/null 2>&1 \|\| :
132	systemctl stop unbound.service >/dev/null 2>&1 \|\| :
133	systemctl stop unbound-keygen.service >/dev/null 2>&1 \|\| :
134	end
135
136	script postun
137	systemctl daemon-reload >/dev/null 2>&1 \|\| :
138	end
139
140	script postup
141	systemctl daemon-reload >/dev/null 2>&1 \|\| :
142	systemctl try-restart unbound-keygen.service >/dev/null 2>&1 \|\| :
143	systemctl try-restart unbound.service >/dev/null 2>&1 \|\| :
144	end
145	end
146
147	package %{name}-libs
148	template LIBS
149	end
150
151	package python3-%{name}
152	template PYTHON3
153	end
154
155	package %{name}-devel
156	template DEVEL
157	end
158
159	package %{name}-debuginfo
160	template DEBUGINFO
161	end
162	end