[opendnssec/el6] * Tue Aug 07 2012 Paul Wouters <pwouters at redhat.com> - 1.4.0-0.a3.2 - Updated to 1.4.0a3 - Added ods
Paul Wouters
pwouters at fedoraproject.org
Fri Sep 21 21:31:33 UTC 2012
commit b2b6b57a4fedcf38ec7572986177c4923d7026f8
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Aug 9 15:27:43 2012 -0400
* Tue Aug 07 2012 Paul Wouters <pwouters at redhat.com> - 1.4.0-0.a3.2
- Updated to 1.4.0a3
- Added ods-enforcerd.cron to sync key rollovers over multiple servers
- Removed merged in patch.
- Added patch for cpu lock from trunk
- Don't re-init softhsm on remove+install of opendnssec (as opposed to upgrade)
opendnssec-1.4.0a3-cpu.patch | 68 ++++++++++++++++++++++++++++++++++++++++++
opendnssec.cron | 4 ++
opendnssec.spec | 26 ++++++++++-----
3 files changed, 89 insertions(+), 9 deletions(-)
---
diff --git a/opendnssec-1.4.0a3-cpu.patch b/opendnssec-1.4.0a3-cpu.patch
new file mode 100644
index 0000000..f9d89f7
--- /dev/null
+++ b/opendnssec-1.4.0a3-cpu.patch
@@ -0,0 +1,68 @@
+Modified: trunk/OpenDNSSEC/signer/src/signer/namedb.c
+===================================================================
+- --- trunk/OpenDNSSEC/signer/src/signer/namedb.c 2012-08-09 09:36:35
+UTC (rev 6514)
++++ trunk/OpenDNSSEC/signer/src/signer/namedb.c 2012-08-09 14:19:56
+UTC (rev 6515)
+@@ -215,9 +215,11 @@
+ } else if (ods_strcmp(format, "datecounter") == 0) {
+ soa = (uint32_t) time_datestamp(0, "%Y%m%d", NULL) * 100;
+ if (!util_serial_gt(soa, prev)) {
+- - ods_log_warning("[%s] unable to use datecounter as serial: %u "
+- - "does not increase %u. Serial set to %u", db_str, soa, prev,
+- - (prev+1));
++ if (!db->is_initialized) {
++ ods_log_warning("[%s] unable to use datecounter as serial: %u "
++ "does not increase %u. Serial set to %u", db_str, soa, prev,
++ (prev+1));
++ }
+ soa = prev + 1;
+ }
+ } else if (ods_strcmp(format, "counter") == 0) {
+
+Modified: trunk/OpenDNSSEC/signer/src/signer/tools.c
+===================================================================
+- --- trunk/OpenDNSSEC/signer/src/signer/tools.c 2012-08-09 09:36:35 UTC
+(rev 6514)
++++ trunk/OpenDNSSEC/signer/src/signer/tools.c 2012-08-09 14:19:56 UTC
+(rev 6515)
+@@ -39,6 +39,7 @@
+ #include "signer/tools.h"
+ #include "signer/zone.h"
+
++#include <errno.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+@@ -213,7 +214,7 @@
+ /* kick the nameserver */
+ if (zone->notify_ns) {
+ int status;
+- - pid_t pid;
++ pid_t pid, wpid;
+ ods_log_verbose("[%s] notify nameserver: %s", tools_str,
+ zone->notify_ns);
+ /** fork */
+@@ -236,9 +237,20 @@
+ ods_log_debug("[%s] notify nameserver process forked",
+ tools_str);
+ /** wait for completion */
+- - while (wait(&status) != pid) {
+- - ;
++ while((wpid = waitpid(pid, &status, 0)) <= 0) {
++ if (errno != EINTR) {
++ break;
++ }
+ }
++ if (wpid == -1) {
++ ods_log_error("[%s] notify nameserver failed: waitpid() ",
++ "failed (%s)", tools_str, strerror(errno));
++ } else if (!WIFEXITED(status)) {
++ ods_log_error("[%s] notify nameserver failed: notify ",
++ "command did not terminate normally", tools_str);
++ } else {
++ ods_log_verbose("[%s] notify nameserver ok", tools_str);
++ }
+ break;
+ }
+ }
diff --git a/opendnssec.cron b/opendnssec.cron
new file mode 100644
index 0000000..bb47f59
--- /dev/null
+++ b/opendnssec.cron
@@ -0,0 +1,4 @@
+# Ensure multiple ods-enforcerd's on different system roll at the same time
+# independant of when the daemon was started. Since TLDs often update their
+# zone "on the hour" we do the key rollover checks just before the hour.
+50,20 * * * * root kill -s SIGHUP `cat /var/run/opendnssec/enforcerd.pid` > /dev/null 2> /dev/null
diff --git a/opendnssec.spec b/opendnssec.spec
index 0f0c562..0c76b56 100644
--- a/opendnssec.spec
+++ b/opendnssec.spec
@@ -1,17 +1,18 @@
Summary: DNSSEC key and zone management software
Name: opendnssec
Version: 1.4.0
-Release: 0.a1%{?dist}.4
+Release: 0.a3%{?dist}.2
License: BSD
Url: http://www.opendnssec.org/
#Source: http://www.opendnssec.org/files/source/% {name}-% {version}a1.tar.gz
-Source: http://www.opendnssec.org/files/source/testing/%{name}-%{version}a1.tar.gz
+Source: http://www.opendnssec.org/files/source/testing/%{name}-%{version}a3.tar.gz
Source1: ods-enforcerd.init
Source2: ods-signerd.init
Source3: ods.sysconfig
Source4: conf.xml
+Source5: ods-enforcerd.cron
Source6: opendnssec-LICENSE
-Patch1: opendnssec-1.4.0a1-deleterr.patch
+Patch1: opendnssec-1.4.0a3-cpu.patch
Group: Applications/System
Requires: opencryptoki, softhsm
BuildRequires: ldns-devel >= 1.6.12, sqlite-devel , openssl-devel
@@ -25,7 +26,6 @@ name server. It requires a PKCS#11 crypto module library, such as softhsm
%prep
%setup -q -n %{name}-%{version}a1
-%patch1 -p1 -b .deleterr
%build
%configure --with-ldns=%{_libdir}
@@ -40,9 +40,10 @@ cp %{SOURCE6} LICENSE
rm -rf %{buildroot}
make DESTDIR=%{buildroot} install
mkdir -p %{buildroot}/var/opendnssec/{tmp,signed,signconf}
-install -d -m 0755 %{buildroot}%{_initrddir}
install -m 0755 %{SOURCE1} %{buildroot}/%{_initrddir}/ods-enforcerd
install -m 0755 %{SOURCE2} %{buildroot}/%{_initrddir}/ods-signerd
+install -d -m 0755 %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/cron.d/
+install -m 0644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/cron.d/ods-enforcerd
# cleanup sample files
rm -f %{buildroot}/%{_sysconfdir}/opendnssec/*.sample
@@ -51,10 +52,6 @@ install -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ods
install -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/opendnssec/
mkdir -p %{buildroot}%{_localstatedir}/run/opendnssec
-
-%clean
-rm -rf %{buildroot}
-
%files
%attr(0755,root,root) %{_initrddir}/ods-enforcerd
%attr(0755,root,root) %{_initrddir}/ods-signerd
@@ -66,6 +63,8 @@ rm -rf %{buildroot}
%attr(0660,root,ods) %config(noreplace) %{_sysconfdir}/opendnssec/*.xml
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ods
%attr(0770,root,ods) %dir %{_localstatedir}/run/opendnssec
+%attr(0644,root,root) %{_sysconfdir}/cron.d/ods-enforcerd
+
%doc NEWS README LICENSE
%{_mandir}/*/*
%{_sbindir}/*
@@ -85,7 +84,9 @@ exit 0
/sbin/chkconfig --add ods-signerd
# Initialise a slot on the softhsm on first install
if [ "$1" -eq 1 ]; then
+ if [ ! -f /var/softhsm/slot0.db ]; then
softhsm --init-token --slot 0 --label "OpenDNSSEC" --pin 1234 --so-pin 1234
+ fi
fi
%preun
@@ -103,6 +104,13 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
+* Tue Aug 07 2012 Paul Wouters <pwouters at redhat.com> - 1.4.0-0.a3.2
+- Updated to 1.4.0a3
+- Added ods-enforcerd.cron to sync key rollovers over multiple servers
+- Removed merged in patch.
+- Added patch for cpu lock from trunk
+- Don't re-init softhsm on remove+install of opendnssec (as opposed to upgrade)
+
* Wed May 16 2012 Paul Wouters <pwouters at redhat.com> - 1.4.0-0.a1.4
- Missed the actual patch line, so previous build did not have the patch
More information about the scm-commits
mailing list