rpms/dnssec-conf/devel dnssec-conf.spec,1.26,1.27

Fri Feb 5 18:50:19 UTC 2010

Author: pwouters

Update of /cvs/extras/rpms/dnssec-conf/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5074

Modified Files:
	dnssec-conf.spec 
Log Message:
move daemon restart from post back to triggerpostun, because othewise
unbound will load keys that are going to be removed.



Index: dnssec-conf.spec
===================================================================
RCS file: /cvs/extras/rpms/dnssec-conf/devel/dnssec-conf.spec,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -p -r1.26 -r1.27

--- dnssec-conf.spec	5 Feb 2010 17:56:55 -0000	1.26
+++ dnssec-conf.spec	5 Feb 2010 18:50:19 -0000	1.27
@@ -49,7 +49,9 @@ install -m 0644 packaging/fedora/dnssec.
 %clean
 rm -rf ${RPM_BUILD_ROOT}
 
-%post
+%triggerpostun -- dnssec-conf < 1.22-4
+# we use a trigger because otherwise unbound restarts too soon and uses
+# keyfiles that are about to get removed.
 # remove old RIPE trust anchors from the generated bind include
 sed -i "/^.*reverse.*$/d" /etc/pki/dnssec-keys/named.dnssec.keys
 # restart DNS servers which might be using now removed DNSSEC keys
@@ -76,7 +78,7 @@ sed -i "/^.*reverse.*$/d" /etc/pki/dnsse
 - Do not ship DNSSEC trust anchors for in-addr.arpa zones. Rely on the DLV
   and (from July 2010 onwards) the signed root
 - Fix --nocheck option to work with bind
-- Use post to recreate an updated named.dnssec.keys and restart nameservers
+- Use trigger to recreate an updated named.dnssec.keys and restart nameservers
 
 * Fri Jan 29 2010 Stepan Kasal <skasal at redhat.com> - 1.22-3
 - better be ready for bind 9.8.x an 9.9.x as well...

