[opendnssec/el6] * Tue Aug 07 2012 Paul Wouters <pwouters at redhat.com> - 1.4.0-0.a3.2 - Updated to 1.4.0a3 - Added ods

Paul Wouters pwouters at fedoraproject.org
Fri Sep 21 21:31:33 UTC 2012 

commit b2b6b57a4fedcf38ec7572986177c4923d7026f8
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Aug 9 15:27:43 2012 -0400

    * Tue Aug 07 2012 Paul Wouters <pwouters at redhat.com> - 1.4.0-0.a3.2
    - Updated to 1.4.0a3
    - Added ods-enforcerd.cron to sync key rollovers over multiple servers
    - Removed merged in patch.
    - Added patch for cpu lock from trunk
    - Don't re-init softhsm on remove+install of opendnssec (as opposed to upgrade)

 opendnssec-1.4.0a3-cpu.patch |   68 ++++++++++++++++++++++++++++++++++++++++++
 opendnssec.cron              |    4 ++
 opendnssec.spec              |   26 ++++++++++-----
 3 files changed, 89 insertions(+), 9 deletions(-)
---
diff --git a/opendnssec-1.4.0a3-cpu.patch b/opendnssec-1.4.0a3-cpu.patch
new file mode 100644
index 0000000..f9d89f7
--- /dev/null
+++ b/opendnssec-1.4.0a3-cpu.patch
@@ -0,0 +1,68 @@
+Modified: trunk/OpenDNSSEC/signer/src/signer/namedb.c
+===================================================================
+- --- trunk/OpenDNSSEC/signer/src/signer/namedb.c	2012-08-09 09:36:35
+UTC (rev 6514)
++++ trunk/OpenDNSSEC/signer/src/signer/namedb.c	2012-08-09 14:19:56
+UTC (rev 6515)
+@@ -215,9 +215,11 @@
+     } else if (ods_strcmp(format, "datecounter") == 0) {
+         soa = (uint32_t) time_datestamp(0, "%Y%m%d", NULL) * 100;
+         if (!util_serial_gt(soa, prev)) {
+- -            ods_log_warning("[%s] unable to use datecounter as serial: %u "
+- -                "does not increase %u. Serial set to %u", db_str, soa, prev,
+- -                (prev+1));
++            if (!db->is_initialized) {
++                ods_log_warning("[%s] unable to use datecounter as serial: %u "
++                    "does not increase %u. Serial set to %u", db_str, soa, prev,
++                    (prev+1));
++            }
+             soa = prev + 1;
+         }
+     } else if (ods_strcmp(format, "counter") == 0) {
+
+Modified: trunk/OpenDNSSEC/signer/src/signer/tools.c
+===================================================================
+- --- trunk/OpenDNSSEC/signer/src/signer/tools.c	2012-08-09 09:36:35 UTC
+(rev 6514)
++++ trunk/OpenDNSSEC/signer/src/signer/tools.c	2012-08-09 14:19:56 UTC
+(rev 6515)
+@@ -39,6 +39,7 @@
+ #include "signer/tools.h"
+ #include "signer/zone.h"
+
++#include <errno.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+@@ -213,7 +214,7 @@
+     /* kick the nameserver */
+     if (zone->notify_ns) {
+         int status;
+- -        pid_t pid;
++        pid_t pid, wpid;
+         ods_log_verbose("[%s] notify nameserver: %s", tools_str,
+             zone->notify_ns);
+ 	/** fork */
+@@ -236,9 +237,20 @@
+                 ods_log_debug("[%s] notify nameserver process forked",
+                     tools_str);
+                 /** wait for completion  */
+- -                while (wait(&status) != pid) {
+- -                    ;
++                while((wpid = waitpid(pid, &status, 0)) <= 0) {
++                    if (errno != EINTR) {
++                        break;
++                    }
+                 }
++                if (wpid == -1) {
++                    ods_log_error("[%s] notify nameserver failed: waitpid() ",
++                        "failed (%s)", tools_str, strerror(errno));
++                } else if (!WIFEXITED(status)) {
++                    ods_log_error("[%s] notify nameserver failed: notify ",
++                        "command did not terminate normally", tools_str);
++                } else {
++                    ods_log_verbose("[%s] notify nameserver ok", tools_str);
++                }
+                 break;
+         }
+     }
diff --git a/opendnssec.cron b/opendnssec.cron
new file mode 100644
index 0000000..bb47f59
--- /dev/null
+++ b/opendnssec.cron
@@ -0,0 +1,4 @@
+# Ensure multiple ods-enforcerd's on different system roll at the same time
+# independant of when the daemon was started. Since TLDs often update their
+# zone "on the hour" we do the key rollover checks just before the hour.
+50,20 * * * * root kill -s SIGHUP `cat /var/run/opendnssec/enforcerd.pid` > /dev/null 2> /dev/null
diff --git a/opendnssec.spec b/opendnssec.spec
index 0f0c562..0c76b56 100644
--- a/opendnssec.spec
+++ b/opendnssec.spec
@@ -1,17 +1,18 @@
 Summary: DNSSEC key and zone management software
 Name: opendnssec
 Version: 1.4.0
-Release: 0.a1%{?dist}.4
+Release: 0.a3%{?dist}.2
 License: BSD
 Url: http://www.opendnssec.org/
 #Source: http://www.opendnssec.org/files/source/% {name}-% {version}a1.tar.gz
-Source: http://www.opendnssec.org/files/source/testing/%{name}-%{version}a1.tar.gz
+Source: http://www.opendnssec.org/files/source/testing/%{name}-%{version}a3.tar.gz
 Source1: ods-enforcerd.init
 Source2: ods-signerd.init
 Source3: ods.sysconfig
 Source4: conf.xml
+Source5: ods-enforcerd.cron
 Source6: opendnssec-LICENSE
-Patch1: opendnssec-1.4.0a1-deleterr.patch
+Patch1: opendnssec-1.4.0a3-cpu.patch
 Group: Applications/System
 Requires: opencryptoki, softhsm
 BuildRequires: ldns-devel >= 1.6.12, sqlite-devel , openssl-devel
@@ -25,7 +26,6 @@ name server. It requires a PKCS#11 crypto module library, such as softhsm
 
 %prep
 %setup -q -n %{name}-%{version}a1
-%patch1 -p1 -b .deleterr
 
 %build
 %configure --with-ldns=%{_libdir}
@@ -40,9 +40,10 @@ cp %{SOURCE6} LICENSE
 rm -rf %{buildroot}
 make DESTDIR=%{buildroot} install
 mkdir -p %{buildroot}/var/opendnssec/{tmp,signed,signconf}
-install -d -m 0755 %{buildroot}%{_initrddir}
 install -m 0755 %{SOURCE1} %{buildroot}/%{_initrddir}/ods-enforcerd
 install -m 0755 %{SOURCE2} %{buildroot}/%{_initrddir}/ods-signerd
+install -d -m 0755 %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/cron.d/
+install -m 0644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/cron.d/ods-enforcerd
 
 # cleanup sample files
 rm -f %{buildroot}/%{_sysconfdir}/opendnssec/*.sample
@@ -51,10 +52,6 @@ install -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ods
 install -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/opendnssec/
 mkdir -p %{buildroot}%{_localstatedir}/run/opendnssec
 
-
-%clean
-rm -rf %{buildroot}
-
 %files 
 %attr(0755,root,root) %{_initrddir}/ods-enforcerd
 %attr(0755,root,root) %{_initrddir}/ods-signerd
@@ -66,6 +63,8 @@ rm -rf %{buildroot}
 %attr(0660,root,ods) %config(noreplace) %{_sysconfdir}/opendnssec/*.xml
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ods
 %attr(0770,root,ods) %dir %{_localstatedir}/run/opendnssec
+%attr(0644,root,root) %{_sysconfdir}/cron.d/ods-enforcerd
+
 %doc NEWS README LICENSE
 %{_mandir}/*/*
 %{_sbindir}/*
@@ -85,7 +84,9 @@ exit 0
 /sbin/chkconfig --add ods-signerd
 # Initialise a slot on the softhsm on first install
 if [ "$1" -eq 1 ]; then
+    if [ ! -f /var/softhsm/slot0.db ]; then
         softhsm --init-token --slot 0 --label "OpenDNSSEC" --pin 1234 --so-pin 1234
+    fi
 fi
 
 %preun
@@ -103,6 +104,13 @@ if [ "$1" -ge "1" ]; then
 fi
 
 %changelog
+* Tue Aug 07 2012 Paul Wouters <pwouters at redhat.com> - 1.4.0-0.a3.2
+- Updated to 1.4.0a3
+- Added ods-enforcerd.cron to sync key rollovers over multiple servers
+- Removed merged in patch.
+- Added patch for cpu lock from trunk
+- Don't re-init softhsm on remove+install of opendnssec (as opposed to upgrade)
+
 * Wed May 16 2012 Paul Wouters <pwouters at redhat.com> - 1.4.0-0.a1.4
 - Missed the actual patch line, so previous build did not have the patch

More information about the scm-commits mailing list