current/SPECS/bind.spec

%define sdb 1
%define pkcs11 1

%{?_with_sdb: %{expand: %%global sdb 1}}
%{?_without_sdb: %{expand: %%global sdb 0}}
%{?_with_pkcs11: %{expand: %%global pkcs11 1}}
%{?_without_pkcs11: %{expand: %%global pkcs11 0}}

%define major_version 9.11.37
#define patch_version P4
%define dashpatch %{?patch_version:-%patch_version}%nil
%define dotpatch %{?patch_version:.%patch_version}%nil
%define chroot_prefix /var/named/chroot
%if %{sdb}
%define chroot_sdb_prefix /var/named/chroot_sdb
%endif
%define chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\
                                 %{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\
                                 %{_libdir}/bind %{_datadir}/GeoIP

# lib*.so.X versions of selected libraries
%define dns_major    1115
%define irs_major    161
%define isc_major    1107
%define bind9_major  161
%define lwres_major  161
%define isccc_major  161
%define isccfg_major 163
%define dns_libname    %mklibname dns    %dns_major
%define irs_libname    %mklibname irs    %irs_major
%define isc_libname    %mklibname isc    %isc_major
%define bind9_libname  %mklibname bind9_ %bind9_major
%define lwres_libname  %mklibname lwres  %lwres_major
%define isccc_libname  %mklibname isccc  %isccc_major
%define isccfg_libname %mklibname isccfg %isccfg_major
%define dns_pkcs11_libname    %mklibname dns_pkcs11_ %dns_major
%define isc_pkcs11_libname    %mklibname isc_pkcs11_ %isc_major

# libisc-nosym requires to be linked with unresolved symbols
# When libisc-nosym linking is fixed, it can be defined to 1
# Visit https://bugzilla.redhat.com/show_bug.cgi?id=1540300
%define _disable_ld_no_undefined 1

Name:       bind
Version:    %{major_version}%{dotpatch}
Release:    %mkrel 1
Summary:    A DNS (Domain Name System) server
License:    MPLv2.0
Group:      System/Servers
URL:        http://www.isc.org/bind
Source0:    https://downloads.isc.org/isc/bind9/%{major_version}%{dashpatch}/%{name}-%{major_version}%{dashpatch}.tar.gz

Source1:  named.sysconfig
Source3:  named.logrotate
Source7:  bind-9.3.1rc1-sdb_tools-Makefile.in
Source8:  dnszone.schema
Source11: ftp://ftp.internic.net/domain/named.cache
Source12: README.sdb_pgsql
Source16: named.conf
# Refresh by command: dig @a.root-servers.net. +tcp +norec
# or from URL
Source17: https://www.internic.net/domain/named.root
Source18: named.localhost
Source19: named.loopback
Source20: named.empty
Source23: named.rfc1912.zones
Source25: named.conf.sample
Source27: named.root.key
Source30: ldap2zone.c
Source31: ldap2zone.1
Source32: named-sdb.8
Source33: zonetodb.1
Source34: zone2sqlite.1
Source35: bind.tmpfiles
Source36: trusted-key.key
Source37: named.service
Source38: named-chroot.service
Source39: named-sdb.service
Source40: named-sdb-chroot.service
Source41: setup-named-chroot.sh
Source42: generate-rndc-key.sh
Source43: named.rwtab
Source44: named-chroot-setup.service
Source45: named-sdb-chroot-setup.service
Source46: named-setup-rndc.service
Source47: named-pkcs11.service
Source48: setup-named-softhsm.sh
Source49: named-chroot.files

# fedora patches
Patch10: bind-9.5-PIE.patch
Patch72: bind-9.5-dlz-64bit.patch
Patch101:bind-96-old-api.patch
Patch102:bind-95-rh452060.patch
Patch106:bind93-rh490837.patch
Patch109:bind97-rh478718.patch
Patch112:bind97-rh645544.patch
Patch130:bind-9.9.1-P2-dlz-libdb.patch
Patch131:bind-9.9.1-P2-multlib-conflict.patch
Patch133:bind99-rh640538.patch
Patch134:bind97-rh669163.patch
# Fedora specific patch to distribute native-pkcs#11 functionality
Patch136:bind-9.10-dist-native-pkcs11.patch

# [ISC-Bugs #42525] non-portable use of strlcat in contrib/sdb/ldap/zone2ldap.c
# introduced by https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=fc9f0ac5778f78003a7acc957a23711811fec122
Patch137:bind-9.10-use-of-strlcat.patch
Patch140:bind-9.11-rh1410433.patch
Patch145:bind-9.11-rh1205168.patch
# [ISC-Bugs #46853] commit cb616c6d5c2ece1fac37fa6e0bca2b53d4043098 ISC 4851
Patch149:bind-9.11-kyua-pkcs11.patch
# Avoid conflicts with OpenSSL PKCS11 engine
Patch150:bind-9.11-engine-pkcs11.patch
Patch153:bind-9.11-export-suffix.patch
Patch154:bind-9.11-oot-manual.patch
Patch155:bind-9.11-pk11.patch
# [RT #31459] commit 06a8051d2476fb526fe6960832209392c763a9af
Patch158:bind-9.11-rt31459.patch
# [RT #46047] commit 24172bd2eeba91441ab1c65d2717b0692309244a ISC 4724
Patch159:bind-9.11-rt46047.patch
# https://gitlab.isc.org/isc-projects/bind9/issues/555
Patch161:bind-9.11-host-idn-disable.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/8a98277811e
Patch163:bind-9.11-rh1663318.patch
# https://gitlab.isc.org/isc-projects/bind9/issues/819
Patch164:bind-9.11-rh1666814.patch
# random_test fails too often by random, disable it
Patch168:bind-9.11-unit-disable-random.patch
Patch170:bind-9.11-feature-test-named.patch
Patch171:bind-9.11-tests-variants.patch
Patch172:bind-9.11-tests-pkcs11.patch
Patch173:bind-9.11-rh1732883.patch
# Make sure jsonccp-devel does not interfere
Patch174:bind-9.11-json-c.patch
Patch177: bind-9.11-serve-stale.patch
Patch178: bind-9.11-serve-stale-dbfix.patch

# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
Patch12: bind-9.10-sdb.patch
# needs inpection
Patch13: bind-9.3.2b1-fix_sdb_ldap.patch

Recommends:   bind-utils
Recommends:   bind-dnssec-utils
Requires(post):  systemd >= %{systemd_required_version}
Requires(post):  rpm-helper >= 0.24.8-1
Requires(preun): rpm-helper >= 0.24.8-1
BuildRequires:  docbook5-style-xsl
BuildRequires:  xsltproc
BuildRequires:  pkgconfig(openssl)
BuildRequires:  multiarch-utils >= 1.0.3
BuildRequires:  pkgconfig(libidn)
BuildRequires:  pkgconfig(libidn2)
BuildRequires:  postgresql-devel
BuildRequires:  mysql-devel
BuildRequires:  pkgconfig(libcap) >= 2.10
BuildRequires:  pkgconfig(libxml-2.0)
BuildRequires:  pkgconfig(krb5)
BuildRequires:  libmaxminddb-devel
%if %{sdb}
BuildRequires:  mysql-devel
BuildRequires:  openldap-devel
BuildRequires:  postgresql-devel
BuildRequires:  pkgconfig(sqlite3)
BuildRequires:  libdb-devel
%endif
%if %{pkcs11}
BuildRequires:  softhsm
%endif
BuildRequires:  json-c-devel

%description
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.

Build Options:
--with sdb     Build with database backends and DLZ support (enabled by default)
--with pkcs11  Build with native PKCS#11 functionality (enabled by default)

%if %{pkcs11}
%package pkcs11
Summary: Bind with native PKCS#11 functionality for crypto
Requires: bind = %{version}-%{release}
Recommends: softhsm

%description pkcs11
This is a version of BIND server built with native PKCS#11 functionality.
It is important to have SoftHSM v2+ installed and some token initialized.
For other supported HSM modules please check the BIND documentation.

%package pkcs11-utils
Summary: Bind tools with native PKCS#11 for using DNSSEC

%description pkcs11-utils
This is a set of PKCS#11 utilities that when used together create rsa
keys in a PKCS11 keystore. Also utilities for working with DNSSEC
compiled with native PKCS#11 functionality are included.
%endif

%if %{sdb}
%package sdb
Summary: BIND server with database backends and DLZ support
Group:   System/Servers
Requires: bind = %{version}-%{release}
Requires(post):  rpm-helper >= 0.24.8-1
Requires(preun): rpm-helper >= 0.24.8-1

%description sdb
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named-sdb)
which has compiled-in SDB (Simplified Database Backend) which includes
support for using alternative Zone Databases stored in an LDAP server
(ldapdb), a postgreSQL database (pgsqldb), an sqlite database (sqlitedb),
or in the filesystem (dirdb), in addition to the standard in-memory RBT
(Red Black Tree) zone database. It also includes support for DLZ
(Dynamic Loadable Zones)
%endif

%package utils
Summary:    Utilities for querying DNS name servers
Group:      Networking/Other
Conflicts:  bind < 9.11.5.P1-3
Conflicts:  bind-dnssec-utils < 9.11.9

%description utils
Bind-utils contains a collection of utilities for querying DNS (Domain
Name System) name servers to find out information about Internet
hosts. These tools will provide you with the IP addresses for given
host names, as well as other information about registered domains and
network addresses.

You should install bind-utils if you need to get information from DNS name
servers.

%package dnssec-utils
Summary:    Utilities for DNSSEC keys and DNS zone files management
Group:      Networking/Other
Conflicts:  bind-utils < 9.11.5.P1-6
Requires:   python3-bind = %{version}-%{release}

%description dnssec-utils
Bind-dnssec-utils contains a collection of utilities for editing
DNSSEC keys and BIND zone files. These tools provide generation,
revocation and verification of keys and DNSSEC signatures in zone files.

You should install bind-dnssec-utils if you need to sign a DNS zone
or maintain keys for it.

%package -n %{dns_libname}
Summary: libdns shared library for bind DNS
Group:   System/Libraries

%description -n %{dns_libname}
This package contains the libdns shared library for bind DNS.

%package -n %{irs_libname}
Summary: libirs shared library for bind DNS
Group:   System/Libraries

%description -n %{irs_libname}
This package contains the libirs shared library for bind DNS.

%package -n %{isc_libname}
Summary: libisc shared library for bind DNS
Group:   System/Libraries

%description -n %{isc_libname}
This package contains the libisc shared library for bind DNS.

%package -n %{bind9_libname}
Summary: libbind9 shared library for bind DNS
Group:   System/Libraries

%description -n %{bind9_libname}
This package contains the libbind9 shared libraries for bind DNS.

%package -n %{lwres_libname}
Summary: liblwres shared library for bind DNS
Group:   System/Libraries

%description -n %{lwres_libname}
This package contains the liblwres shared libraries for bind DNS.

%package -n %{isccc_libname}
Summary: libisccc shared library for bind DNS
Group:   System/Libraries

%description -n %{isccc_libname}
This package contains the libisccc shared libraries for bind DNS.

%package -n %{isccfg_libname}
Summary: libisccfg shared library for bind DNS
Group:   System/Libraries

%description -n %{isccfg_libname}
This package contains the libisccfg shared library for bind DNS.

%if %{pkcs11}
%package -n %{dns_pkcs11_libname}
Summary: libdns shared library for bind DNS (native PKCS#11 version)
Group:   System/Libraries

%description -n %{dns_pkcs11_libname}
This package contains the libdns shared library for bind DNS, compiled with
native PKCS#11 functionality.

%package -n %{isc_pkcs11_libname}
Summary: libisc shared library for bind DNS ((native PKCS#11 version)
Group:   System/Libraries

%description -n %{isc_pkcs11_libname}
This package contains the libisc shared library for bind DNS, compiled with
native PKCS#11 functionality.
%endif

%package    devel
Summary:    Include files and libraries needed for bind DNS development
Group:      Development/C
Requires:   %{dns_libname} = %{version}-%{release}
Requires:   %{irs_libname} = %{version}-%{release}
Requires:   %{isc_libname} = %{version}-%{release}
Requires:   %{bind9_libname} = %{version}-%{release}
Requires:   %{lwres_libname} = %{version}-%{release}
Requires:   %{isccc_libname} = %{version}-%{release}
Requires:   %{isccfg_libname} = %{version}-%{release}

%description devel
The bind-devel package contains full version of the header files and libraries
required for development with ISC BIND 9

%if %{pkcs11}
%package pkcs11-devel
Summary: Development files for Bind libraries compiled with native PKCS#11
Requires: bind-devel = %{version}-%{release}
Requires: %{dns_pkcs11_libname} = %{version}-%{release}
Requires: %{isc_pkcs11_libname} = %{version}-%{release}

%description pkcs11-devel
This a set of development files for BIND libraries (dns, isc) compiled
with native PKCS#11 functionality.
%endif

%package chroot
Summary:        A chroot runtime environment for the ISC BIND DNS server, named(8)
Prefix:         %{chroot_prefix}
# grep is required due to setup-named-chroot.sh script
Requires:       grep
Requires:       bind = %{version}-%{release}

%description chroot
This package contains a tree of files which can be used as a
chroot(2) jail for the named(8) program from the BIND package.
Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>

%if %{sdb}
%package sdb-chroot
Summary:        A chroot runtime environment for the ISC BIND DNS server, named-sdb(8)
Prefix:         %{chroot_sdb_prefix}
# grep is required due to setup-named-chroot.sh script
Requires:       grep
Requires:       bind-sdb = %{version}-%{release}

%description sdb-chroot
This package contains a tree of files which can be used as a
chroot(2) jail for the named-sdb(8) program from the BIND package.
Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
%endif

%package -n python3-bind
Summary:   A module allowing rndc commands to be sent from Python programs
Requires:  python3
Requires:  python3-ply
BuildRequires: python3
BuildRequires: python3-ply
BuildArch: noarch
%{?python_provide:%python_provide python3-bind}
%{?python_provide:%python_provide python3-isc}

%description -n python3-bind
This package provides a module which allows commands to be sent to rndc directly from Python programs.
%prep
%setup -q  -n %{name}-%{major_version}%{dashpatch}

%patch10 -p1 -b .PIE
%patch72 -p1 -b .64bit
%patch102 -p1 -b .rh452060
%patch106 -p1 -b .rh490837
%patch109 -p1 -b .rh478718
%patch112 -p1 -b .rh645544
%patch130 -p1 -b .libdb
%patch131 -p1 -b .multlib-conflict
%patch140 -p1 -b .rh1410433
%patch145 -p1 -b .rh1205168
%patch153 -p1 -b .export_suffix
%patch154 -p1 -b .oot-man
%patch155 -p1 -b .pk11-internal
%patch158 -p1 -b .rt31459
%patch159 -p1 -b .rt46047
%patch161 -p1 -b .host-idn-disable
%patch163 -p1 -b .rh1663318
%patch164 -p1 -b .rh1666814
%patch168 -p1 -b .random_test-disable
%patch170 -p1 -b .featuretest-named
%patch171 -p1 -b .test-variant
%patch172 -p1 -b .test-pkcs11
%patch173 -p1 -b .rh1732883
%patch174 -p1 -b .json-c
%patch177 -p1 -b .serve-stale
%patch178 -p1 -b .rh1770492

# Avoid having [FIXME: manual] on top of generated manual pages
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4524
find bin lib/lwres/man -name '*.docbook' -exec \
  sed -e 's|<refmiscinfo>BIND9|<refmiscinfo class="manual">BIND9|' -i '{}' ';'

%if %{pkcs11}
cp -r bin/named{,-pkcs11}
cp -r bin/dnssec{,-pkcs11}
cp -r lib/isc{,-pkcs11}
cp -r lib/dns{,-pkcs11}
%patch136 -p1 -b .dist_pkcs11
%patch149 -p1 -b .kyua-pkcs11
%patch150 -p1 -b .engine-pkcs11
%endif

%if %{sdb}
%patch101 -p1 -b .old-api
mkdir bin/named-sdb
cp -r bin/named/* bin/named-sdb
%patch11 -p1 -b .sdbsrc
# SDB ldap
cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named-sdb
# SDB postgreSQL
cp -fp contrib/sdb/pgsql/pgsqldb.[ch] bin/named-sdb
# SDB sqlite
cp -fp contrib/sdb/sqlite/sqlitedb.[ch] bin/named-sdb
# SDB Berkeley DB - needs to be ported to DB4!
#cp -fp contrib/sdb/bdb/bdb.[ch] bin/named_sdb
# SDB dir
cp -fp contrib/sdb/dir/dirdb.[ch] bin/named-sdb
# SDB tools
mkdir -p bin/sdb_tools
cp -fp %{SOURCE30} bin/sdb_tools/ldap2zone.c
cp -fp %{SOURCE7} bin/sdb_tools/Makefile.in
#cp -fp contrib/sdb/bdb/zone2bdb.c bin/sdb_tools
cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/sdb_tools
cp -fp contrib/sdb/pgsql/zonetodb.c bin/sdb_tools
cp -fp contrib/sdb/sqlite/zone2sqlite.c bin/sdb_tools
%patch12 -p1 -b .sdb
%patch13 -p1 -b .fix_sdb_ldap
%patch137 -p1 -b .strlcat_fix
%endif

%patch133 -p1 -b .rh640538
%patch134 -p1 -b .rh669163

cp %{SOURCE11} named.cache

%build
%serverbuild

export CFLAGS="$CFLAGS $RPM_OPT_FLAGS"
export CPPFLAGS="$CPPFLAGS -DDIG_SIGCHASE"
export STD_CDEFINES="$CPPFLAGS"

sed -i -e \
's/RELEASEVER=\(.*\)/RELEASEVER=Mageia-%{release}/' \
version

libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f

%configure \
  --with-python=%{__python3} \
  --with-libtool \
  --localstatedir=/var \
  --enable-threads \
  --enable-ipv6 \
  --enable-filter-aaaa \
  --with-pic \
  --disable-static \
  --includedir=%{_includedir}/bind9 \
  --with-tuning=large \
  --with-libidn2 \
  --enable-openssl-hash \
  --with-geoip2 \
%if %{pkcs11}
  --enable-native-pkcs11 \
  --with-pkcs11=%{_libdir}/pkcs11/libsofthsm2.so \
%endif
%if %{sdb}
  --with-dlopen=yes \
  --with-dlz-ldap=yes \
  --with-dlz-postgres=yes \
  --with-dlz-mysql=yes \
  --with-dlz-filesystem=yes \
  --with-dlz-bdb=yes \
%endif
  --with-gssapi=yes \
  --with-libjson \
  --with-lmdb=no \
  --enable-fixed-rrset \
  --with-docbook-xsl=%{_datadir}/sgml/docbook/xsl-ns-stylesheets \
  --enable-full-report \
;

%make_build

# Regenerate dig.1 manpage
pushd bin/dig
make man
popd
pushd bin/python
make man
popd

pushd contrib/queryperf
rm -f configure
autoconf
%configure
%make_build CFLAGS="$CFLAGS"
popd

%install

# Build directory hierarchy
mkdir -p %{buildroot}/etc/logrotate.d
mkdir -p %{buildroot}%{_libdir}/bind
mkdir -p %{buildroot}/var/named/{slaves,data,dynamic}
mkdir -p %{buildroot}%{_mandir}/{man1,man5,man8}
mkdir -p %{buildroot}/var/log

#chroot
for D in %{chroot_create_directories}; do
    mkdir -p %{buildroot}/%{chroot_prefix}${D}
done

# create symlink as it is on real filesystem
pushd %{buildroot}/%{chroot_prefix}/var
ln -s ../run run
popd

mkdir -p %{buildroot}/%{chroot_prefix}/etc/{pki/dnssec-keys,named}
mkdir -p %{buildroot}/%{chroot_prefix}/%{_libdir}/bind
# these are required to prevent them being erased during upgrade of previous
touch %{buildroot}/%{chroot_prefix}/etc/named.conf
#end chroot

#sdb-chroot
%if %{sdb}
for D in %{chroot_create_directories}; do
    mkdir -p %{buildroot}/%{chroot_sdb_prefix}${D}
done

# create symlink as it is on real filesystem
pushd %{buildroot}/%{chroot_sdb_prefix}/var
ln -s ../run run
popd

mkdir -p %{buildroot}/%{chroot_sdb_prefix}/etc/{pki/dnssec-keys,named}
mkdir -p %{buildroot}/%{chroot_sdb_prefix}/%{_libdir}/bind
# these are required to prevent them being erased during upgrade of previous
touch %{buildroot}/%{chroot_sdb_prefix}/etc/named.conf
%endif
#end sdb-chroot

%make_install

# Remove unwanted files
rm -f %{buildroot}/etc/bind.keys

# Systemd unit files
install -d -m 755 %{buildroot}%{_unitdir}
install -m 644 %{SOURCE37} %{buildroot}%{_unitdir}
install -m 644 %{SOURCE38} %{buildroot}%{_unitdir}
install -m 644 %{SOURCE44} %{buildroot}%{_unitdir}
install -m 644 %{SOURCE46} %{buildroot}%{_unitdir}

%if %{sdb}
install -m 644 %{SOURCE39} %{buildroot}%{_unitdir}
install -m 644 %{SOURCE40} %{buildroot}%{_unitdir}
install -m 644 %{SOURCE45} %{buildroot}%{_unitdir}
%endif

%if %{pkcs11}
install -m 644 %{SOURCE47} %{buildroot}%{_unitdir}
%endif

mkdir -p %{buildroot}%{_libexecdir}
install -m 755 %{SOURCE41} %{buildroot}%{_libexecdir}/setup-named-chroot.sh
install -m 755 %{SOURCE42} %{buildroot}%{_libexecdir}/generate-rndc-key.sh

%if %{pkcs11}
install -m 644 %{SOURCE48} %{buildroot}%{_libexecdir}/setup-named-softhsm.sh
%endif

install -m 644 %SOURCE3 %{buildroot}/etc/logrotate.d/named
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/named
install -m 644 %{SOURCE49} %{buildroot}%{_sysconfdir}/named-chroot.files

%if %{sdb}
mkdir -p %{buildroot}/etc/openldap/schema
install -m 644 %{SOURCE8} %{buildroot}/etc/openldap/schema/dnszone.schema
install -m 644 %{SOURCE12} contrib/sdb/pgsql/
%endif

# Install isc/errno2result.h header
install -m 644 lib/isc/unix/errno2result.h %{buildroot}%{_includedir}/bind9/isc

cp -fp config.h %{buildroot}/%{_includedir}/bind9
# Remove libtool .la files:
find %{buildroot}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';

install -d -m 755 %{buildroot}%{_sysconfdir}/rsyslog.d/
cat > %{buildroot}%{_sysconfdir}/rsyslog.d/named.conf <<'EOF'
$AddUnixListenSocket %{chroot_prefix}/dev/log
EOF
cat > %{buildroot}%{_sysconfdir}/rsyslog.d/named-sdb.conf <<'EOF'
$AddUnixListenSocket %{chroot_sdb_prefix}/dev/log
EOF

# SDB manpages
%if %{sdb}
install -m 644 %{SOURCE31} %{buildroot}%{_mandir}/man1/ldap2zone.1
install -m 644 %{SOURCE32} %{buildroot}%{_mandir}/man8/named-sdb.8
install -m 644 %{SOURCE33} %{buildroot}%{_mandir}/man1/zonetodb.1
install -m 644 %{SOURCE34} %{buildroot}%{_mandir}/man1/zone2sqlite.1

# PKCS11 versions manpages
%if %{pkcs11}
pushd %{buildroot}%{_mandir}/man8
ln -s named.8 named-pkcs11.8
ln -s dnssec-checkds.8 dnssec-checkds-pkcs11.8
ln -s dnssec-coverage.8 dnssec-coverage-pkcs11.8
ln -s dnssec-dsfromkey.8 dnssec-dsfromkey-pkcs11.8
ln -s dnssec-importkey.8 dnssec-importkey-pkcs11.8
ln -s dnssec-keyfromlabel.8 dnssec-keyfromlabel-pkcs11.8
ln -s dnssec-keygen.8 dnssec-keygen-pkcs11.8
ln -s dnssec-revoke.8 dnssec-revoke-pkcs11.8
ln -s dnssec-settime.8 dnssec-settime-pkcs11.8
ln -s dnssec-signzone.8 dnssec-signzone-pkcs11.8
ln -s dnssec-verify.8 dnssec-verify-pkcs11.8
popd
%endif

mkdir -p %{buildroot}/etc/openldap/schema
install -m 644 %{SOURCE8} %{buildroot}/etc/openldap/schema/dnszone.schema
install -m 644 %{SOURCE12} contrib/sdb/pgsql/

%endif

# Ghost config files:
touch %{buildroot}%{_localstatedir}/log/named.log

# configuration files:
install -m 644 %{SOURCE16} %{buildroot}%{_sysconfdir}/named.conf
touch %{buildroot}%{_sysconfdir}/rndc.{key,conf}
install -m 644 %{SOURCE27} %{buildroot}%{_sysconfdir}/named.root.key
install -m 644 %{SOURCE36} %{buildroot}%{_sysconfdir}/trusted-key.key
mkdir %{buildroot}%{_sysconfdir}/named

# data files:
mkdir -p %{buildroot}%{_localstatedir}/named
install -m 644 %{SOURCE17} %{buildroot}%{_localstatedir}/named/named.ca
install -m 644 %{SOURCE18} %{buildroot}%{_localstatedir}/named/named.localhost
install -m 644 %{SOURCE19} %{buildroot}%{_localstatedir}/named/named.loopback
install -m 644 %{SOURCE20} %{buildroot}%{_localstatedir}/named/named.empty
install -m 644 %{SOURCE23} %{buildroot}%{_sysconfdir}/named.rfc1912.zones 

# sample bind configuration files for %%doc:
mkdir -p sample/etc sample/var/named/{data,slaves}
install -m 644 %{SOURCE25} sample/etc/named.conf
# Copy default configuration to %%doc to make it usable from system-config-bind
install -m 644 %{SOURCE16} named.conf.default
install -m 644 %{SOURCE23} sample/etc/named.rfc1912.zones
install -m 644 %{SOURCE18} %{SOURCE19} %{SOURCE20} sample/var/named
install -m 644 %{SOURCE17} sample/var//named/named.ca
for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.internal.zone.db my.external.zone.db; do 
  echo '@ in soa localhost. root 1 3H 15M 1W 1D
  ns localhost.' > sample/var/named/$f; 
done
:;

mkdir -p %{buildroot}%{_tmpfilesdir}
install -m 644 %{SOURCE35} %{buildroot}%{_tmpfilesdir}/named.conf

mkdir -p %{buildroot}%{_sysconfdir}/rwtab.d
install -m 644 %{SOURCE43} %{buildroot}%{_sysconfdir}/rwtab.d/named

# contrib
install -m0755 contrib/queryperf/queryperf %{buildroot}%{_bindir}/
cp contrib/queryperf/README README.queryperf

%multiarch_binaries %{buildroot}%{_bindir}/isc-config.sh
%multiarch_binaries %{buildroot}%{_bindir}/bind9-config

cat > README.urpmi.update <<EOF
Important package setup changes

Starting with bind 9.11.5P1-2mga7, the files needed to run bind in a chroot are
now shipped in distinct subpackages:
- bind-chroot for the standard bind
- bind-sdb-chroot for bind with SDB support

The new systemcl units follow the same logic:
- bind.service runs bind
- bind-sdb.service runs bind with SDB support
- bind-chroot.service runs bind in a chroot
- bind-sdb-chroot.service runs with SDB support in a chroot
EOF

%triggerun -- bind < 9.11.5.P1-2.mga7   
# stop the service so as to be able to umount old chroot
systemctl condstop named.service

%pre
%_pre_useradd named /var/named /bin/false

%post
%_tmpfilescreate named
%_post_service named

%preun
%_preun_service named

%postun
%_postun_userdel named

%files
%{_libdir}/bind
%config(noreplace) %{_sysconfdir}/sysconfig/named
%config(noreplace) %{_sysconfdir}/named.root.key
%{_tmpfilesdir}/named.conf
%{_sysconfdir}/rwtab.d/named
%{_unitdir}/named.service
%{_unitdir}/named-setup-rndc.service
%{_sbindir}/named-journalprint
%{_sbindir}/named-checkconf
%{_bindir}/named-rrchecker
%{_bindir}/mdig
%{_sbindir}/lwresd
%{_sbindir}/named
%{_sbindir}/rndc*
%{_libexecdir}/generate-rndc-key.sh
%{_mandir}/man1/mdig.1*
%{_mandir}/man1/named-rrchecker.1*
%{_mandir}/man5/named.conf.5*
%{_mandir}/man5/rndc.conf.5*
%{_mandir}/man8/rndc.8*
%{_mandir}/man8/named.8*
%{_mandir}/man8/lwresd.8*
%{_mandir}/man8/named-checkconf.8*
%{_mandir}/man8/rndc-confgen.8*
%{_mandir}/man8/named-journalprint.8*
%doc CHANGES README named.conf.default README.urpmi.update
%doc doc/arm/*html doc/arm/*pdf
%doc sample/

# main configuration
%dir %{_sysconfdir}/named
%config(noreplace) %verify(not link) %{_sysconfdir}/named.conf
%config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones
%attr(-,named,named) %dir %{_localstatedir}/named
%attr(-,named,named) %dir %{_localstatedir}/named/slaves
%attr(-,named,named) %dir %{_localstatedir}/named/data
%attr(-,named,named) %dir %{_localstatedir}/named/dynamic
%ghost %{_localstatedir}/log/named.log
%config %verify(not link) %{_localstatedir}/named/named.ca
%config %verify(not link) %{_localstatedir}/named/named.localhost
%config %verify(not link) %{_localstatedir}/named/named.loopback
%config %verify(not link) %{_localstatedir}/named/named.empty
%ghost %config(noreplace) %{_sysconfdir}/rndc.key
# ^- rndc.key now created on first install only if it does not exist
%ghost %config(noreplace) %{_sysconfdir}/rndc.conf
# ^- The default rndc.conf which uses rndc.key is in named's default internal config -
#    so rndc.conf is not necessary.
%config(noreplace) %{_sysconfdir}/logrotate.d/named

%files -n %{dns_libname}
%{_libdir}/libdns.so.%{dns_major}{,.*}

%files -n %{irs_libname}
%{_libdir}/libirs.so.%{irs_major}{,.*}

%files -n %{isc_libname}
%{_libdir}/libisc.so.%{isc_major}{,.*}

%files -n %{bind9_libname}
%{_libdir}/libbind9.so.%{bind9_major}{,.*}

%files -n %{lwres_libname}
%{_libdir}/liblwres.so.%{lwres_major}{,.*}

%files -n %{isccc_libname}
%{_libdir}/libisccc.so.%{isccc_major}{,.*}

%files -n %{isccfg_libname}
%{_libdir}/libisccfg.so.%{isccfg_major}{,.*}

%if %{pkcs11}
%files -n %{dns_pkcs11_libname}
%{_libdir}/libdns-pkcs11.so.%{dns_major}{,.*}

%files -n %{isc_pkcs11_libname}
%{_libdir}/libisc-pkcs11.so.%{isc_major}{,.*}
%endif

%if %{sdb}
%files sdb
%{_unitdir}/named-sdb.service
%{_mandir}/man1/zone2ldap.1*
%{_mandir}/man1/ldap2zone.1*
%{_mandir}/man1/zonetodb.1*
%{_mandir}/man1/zone2sqlite.1*
%{_mandir}/man8/named-sdb.8*
%doc contrib/sdb/ldap/README.ldap contrib/sdb/ldap/INSTALL.ldap contrib/sdb/pgsql/README.sdb_pgsql
%dir %{_sysconfdir}/openldap/schema
%config(noreplace) %{_sysconfdir}/openldap/schema/dnszone.schema
%{_sbindir}/named-sdb
%{_sbindir}/zone2ldap
%{_sbindir}/ldap2zone
%{_sbindir}/zonetodb
%{_sbindir}/zone2sqlite
%endif

%files utils
%{_bindir}/dig
%{_bindir}/delv
%{_bindir}/host
%{_bindir}/nslookup
%{_bindir}/nsupdate
%{_bindir}/arpaname
%{_bindir}/queryperf
%{_sbindir}/ddns-confgen
%{_sbindir}/tsig-keygen
%{_sbindir}/genrandom
%{_sbindir}/nsec3hash
%{_sbindir}/isc-hmac-fixup
%{_sbindir}/named-checkzone
%{_sbindir}/named-compilezone
%{_mandir}/man1/host.1*
%{_mandir}/man1/nsupdate.1*
%{_mandir}/man1/dig.1*
%{_mandir}/man1/delv.1*
%{_mandir}/man1/nslookup.1*
%{_mandir}/man1/arpaname.1*
%{_mandir}/man8/ddns-confgen.8*
%{_mandir}/man8/tsig-keygen.8*
%{_mandir}/man8/genrandom.8*
%{_mandir}/man8/nsec3hash.8*
%{_mandir}/man8/isc-hmac-fixup.8*
%{_mandir}/man8/named-checkzone.8*
%{_mandir}/man8/named-compilezone.8*
%{_sysconfdir}/trusted-key.key

%files dnssec-utils
%{_sbindir}/dnssec*
%{_mandir}/man8/dnssec*.8*
%if %{pkcs11}
%exclude %{_sbindir}/dnssec*pkcs11
%exclude %{_mandir}/man8/dnssec*-pkcs11.8*
%endif

%files devel
%multiarch %{multiarch_bindir}/isc-config.sh
%multiarch %{multiarch_bindir}/bind9-config
%{_libdir}/libbind9.so
%{_libdir}/libisccc.so
%{_libdir}/liblwres.so
%{_mandir}/man1/isc-config.sh.1*
%{_mandir}/man1/bind9-config.1*
%{_mandir}/man3/lwres*
%{_bindir}/isc-config.sh
%{_bindir}/bind9-config
%{_libdir}/libdns.so
%{_libdir}/libirs.so
%{_libdir}/libisc.so
%{_libdir}/libisccfg.so
%{_includedir}/bind9

%files chroot
%config(noreplace) %{_sysconfdir}/rsyslog.d/named.conf
%config(noreplace) %{_sysconfdir}/named-chroot.files
%{_unitdir}/named-chroot.service
%{_unitdir}/named-chroot-setup.service
%{_libexecdir}/setup-named-chroot.sh
%attr(0664,root,named) %ghost %dev(c,1,3) %verify(not mtime) %{chroot_prefix}/dev/null
%attr(0664,root,named) %ghost %dev(c,1,8) %verify(not mtime) %{chroot_prefix}/dev/random
%attr(0664,root,named) %ghost %dev(c,1,9) %verify(not mtime) %{chroot_prefix}/dev/urandom
%attr(0664,root,named) %ghost %dev(c,1,5) %verify(not mtime) %{chroot_prefix}/dev/zero
%dir %{chroot_prefix}
%dir %{chroot_prefix}/dev
%dir %{chroot_prefix}/etc
%dir %{chroot_prefix}/etc/named
%dir %{chroot_prefix}/etc/pki
%dir %{chroot_prefix}/etc/pki/dnssec-keys
%dir %{chroot_prefix}/etc/crypto-policies
%dir %{chroot_prefix}/etc/crypto-policies/back-ends
%ghost %config(noreplace) %{chroot_prefix}/etc/named.conf
%dir %{chroot_prefix}/run
%dir %{chroot_prefix}/usr
%dir %{chroot_prefix}/%{_libdir}
%dir %{chroot_prefix}/%{_libdir}/bind
%dir %{chroot_prefix}/%{_datadir}/GeoIP
%dir %{chroot_prefix}/var
%dir %{chroot_prefix}/var/named
%attr(-,named,named) %dir %{chroot_prefix}/var/tmp
%attr(-,named,named) %dir %{chroot_prefix}/var/log
%attr(-,named,named) %dir %{chroot_prefix}/run/named
%attr(-,named,named) %{chroot_prefix}/var/run

%if %{sdb}
%files sdb-chroot
%config(noreplace) %{_sysconfdir}/rsyslog.d/named-sdb.conf
%config(noreplace) %{_sysconfdir}/named-chroot.files
%{_unitdir}/named-sdb-chroot.service
%{_unitdir}/named-sdb-chroot-setup.service
%{_libexecdir}/setup-named-chroot.sh
%attr(0664,root,named) %ghost %dev(c,1,3) %verify(not mtime) %{chroot_sdb_prefix}/dev/null
%attr(0664,root,named) %ghost %dev(c,1,8) %verify(not mtime) %{chroot_sdb_prefix}/dev/random
%attr(0664,root,named) %ghost %dev(c,1,9) %verify(not mtime) %{chroot_sdb_prefix}/dev/urandom
%attr(0664,root,named) %ghost %dev(c,1,5) %verify(not mtime) %{chroot_sdb_prefix}/dev/zero
%dir %{chroot_sdb_prefix}
%dir %{chroot_sdb_prefix}/dev
%dir %{chroot_sdb_prefix}/etc
%dir %{chroot_sdb_prefix}/etc/named
%dir %{chroot_sdb_prefix}/etc/pki
%dir %{chroot_sdb_prefix}/etc/pki/dnssec-keys
%dir %{chroot_sdb_prefix}/etc/crypto-policies
%dir %{chroot_sdb_prefix}/etc/crypto-policies/back-ends
%ghost %config(noreplace) %{chroot_sdb_prefix}/etc/named.conf
%dir %{chroot_sdb_prefix}/run
%dir %{chroot_sdb_prefix}/usr
%dir %{chroot_sdb_prefix}/%{_libdir}
%dir %{chroot_sdb_prefix}/%{_libdir}/bind
%dir %{chroot_sdb_prefix}/var
%dir %{chroot_sdb_prefix}/var/named
%attr(-,named,named) %dir %{chroot_sdb_prefix}/var/tmp
%attr(-,named,named) %dir %{chroot_sdb_prefix}/var/log
%attr(-,named,named) %dir %{chroot_sdb_prefix}/run/named
%attr(-,named,named) %{chroot_sdb_prefix}/var/run
%endif

%if %{pkcs11}
%files pkcs11
%{_sbindir}/named-pkcs11
%{_unitdir}/named-pkcs11.service
%{_mandir}/man8/named-pkcs11.8*
%{_libexecdir}/setup-named-softhsm.sh
        
%files pkcs11-utils
%{_sbindir}/dnssec*pkcs11
%{_sbindir}/pkcs11-destroy
%{_sbindir}/pkcs11-keygen
%{_sbindir}/pkcs11-list
%{_sbindir}/pkcs11-tokens
%{_mandir}/man8/pkcs11*.8*
%{_mandir}/man8/dnssec*-pkcs11.8*
        
%files pkcs11-devel
%{_includedir}/bind9/pk11/*.h
%exclude %{_includedir}/bind9/pk11/site.h
%{_includedir}/bind9/pkcs11
%{_libdir}/libdns-pkcs11.so
%{_libdir}/libisc-pkcs11.so
%endif

%files -n python3-bind
%{python3_sitelib}/*.egg-info
%{python3_sitelib}/isc
