unbound/unbound.nm

   1 ###############################################################################
   2 # IPFire.org    - An Open Source Firewall Solution                            #
   3 # Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
   4 ###############################################################################
   5
   6 name       = unbound
   7 version    = 1.17.0
   8 release    = 3
   9
  10 groups     = System/Daemons
  11 url        = https://www.nlnetlabs.nl/unbound/
  12 license    = BSD
  13 summary    = A validating, recursive, and caching DNS(SEC) resolver.
  14
  15 description
  16         Unbound is a validating, recursive, and caching DNS(SEC) resolver.
  17         The C implementation of Unbound is developed and maintained by NLnet
  18         Labs and is based on ideas and algorithms taken from a java prototype
  19         developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is
  20         designed as a set of modular components, so that also
  21         DNSSEC (secure DNS) validation and stub-resolvers are easily possible.
  22 end
  23
  24 source_dl  = https://www.unbound.net/downloads/
  25
  26 build
  27         requires
  28                 expat-devel
  29                 openssl-devel >= 1.0.1h-2
  30                 python3-devel >= 3.4
  31                 swig
  32         end
  33
  34         configure_options += \
  35                 --with-conf-file=%{sysconfdir}/%{name}/unbound.conf \
  36                 --with-pidfile=/run/%{name}/%{name}.pid \
  37                 --with-rootkey-file=%{sharedstatedir}/unbound/root.key \
  38                 --without-libevent \
  39                 --with-pthreads \
  40                 --disable-rpath \
  41                 --disable-static \
  42                 --with-ssl \
  43                 --enable-sha2 \
  44                 --with-pythonmodule \
  45                 --with-pyunbound PYTHON=%{python3}
  46
  47         prepare_cmds
  48                 %{create_user}
  49         end
  50
  51         test
  52                 make check
  53         end
  54
  55         install_cmds
  56                 # Directory for user specified and additional config files.
  57                 mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/conf.d/
  58
  59                 # Directory for stub and forward zones.
  60                 mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/local.d/
  61
  62                 # Directory for trusted-keys-file.
  63                 mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/keys.d/
  64
  65                 # Install unbound config file.
  66                 install -p -m 0664 %{DIR_SOURCE}/%{name}.conf \
  67                         %{BUILDROOT}%{sysconfdir}/%{name}/
  68
  69                 # Install pem file for icannbundle.
  70                 install -p -m 0664 %{DIR_SOURCE}/icannbundle.pem \
  71                         %{BUILDROOT}%{sysconfdir}/%{name}/
  72
  73                 # Install root and DLV keys.
  74                 install -p -m 0644 %{DIR_SOURCE}/root.key \
  75                         %{BUILDROOT}%{sysconfdir}/%{name}/
  76                 install -p -m 0664 %{DIR_SOURCE}/dlv.isc.org.key \
  77                         %{BUILDROOT}%{sysconfdir}/%{name}/
  78                 install -p -m 0664 %{DIR_SOURCE}/root.anchor \
  79                         %{BUILDROOT}%{sharedstatedir}/%{name}/root.key
  80
  81                 # Fix ownership.
  82                 chown -R unbound:unbound %{BUILDROOT}%{sharedstatedir}/%{name}/
  83         end
  84 end
  85
  86 create_user
  87         getent group unound >/dev/null || /usr/sbin/groupadd -r unbound
  88         getent passwd unbound >/dev/null || /usr/sbin/useradd -r -g unbound \
  89                 -d %{sysconfdir}/%{name} -s /sbin/nologin unbound
  90 end
  91
  92 packages
  93         package %{name}
  94                 prerequires
  95                         shadow-utils
  96                         systemd-units
  97                 end
  98
  99                 requires += \
 100                         openssl >= 1.0.1h-2
 101
 102                 configfiles
 103                         %{sysconfdir}/%{name}.conf
 104                 end
 105
 106                 datafiles
 107                         %{sysconfdir}/%{name}/conf.d/
 108                         %{sysconfdir}/%{name}/local.d/
 109                         %{sysconfdir}/%{name}/keys.d/
 110                 end
 111
 112                 script prein
 113                         %{create_user}
 114                 end
 115
 116                 script postin
 117                         /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 118
 119                         # Enable root anchor for DNSSEC validation.
 120                         systemctl enable unbound-anchor.timer >/dev/null 2>&1 || :
 121                 end
 122
 123                 script preun
 124                         systemctl --no-reload disable unbound-anchor.timer >/dev/null 2>&1 || :
 125                         systemctl --no-reload disable unbound-keygen.service >/dev/null 2>&1 || :
 126                         systemctl --no-reload disable unbound.service >/dev/null 2>&1 || :
 127                         systemctl stop unbound.service >/dev/null 2>&1 || :
 128                         systemctl stop unbound-keygen.service >/dev/null 2>&1 || :
 129                 end
 130
 131                 script postun
 132                         systemctl daemon-reload >/dev/null 2>&1 || :
 133                 end
 134
 135                 script postup
 136                         systemctl daemon-reload >/dev/null 2>&1 || :
 137                         systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
 138                         systemctl try-restart unbound.service >/dev/null 2>&1 || :
 139                 end
 140         end
 141
 142         package %{name}-libs
 143                 template LIBS
 144         end
 145
 146         package python3-%{name}
 147                 template PYTHON3
 148         end
 149
 150         package %{name}-devel
 151                 template DEVEL
 152         end
 153
 154         package %{name}-debuginfo
 155                 template DEBUGINFO
 156         end
 157 end