rpms/dnssec-conf/F-11 dnssec-conf.spec,1.16,1.17
Paul Wouters
pwouters at fedoraproject.org
Tue Feb 9 19:44:12 UTC 2010
Author: pwouters
Update of /cvs/extras/rpms/dnssec-conf/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13796
Modified Files:
dnssec-conf.spec
Log Message:
* Tue Feb 09 2010 Paul Wouters <paul at xelerance.com> - 1.21-4
- Also remove the RIPE trust anchors from the named.dnssec.keys if the file
lives in /etc
Index: dnssec-conf.spec
===================================================================
RCS file: /cvs/extras/rpms/dnssec-conf/F-11/dnssec-conf.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -p -r1.16 -r1.17
--- dnssec-conf.spec 5 Feb 2010 21:29:14 -0000 1.16
+++ dnssec-conf.spec 9 Feb 2010 19:44:12 -0000 1.17
@@ -1,7 +1,7 @@
Summary: DNSSEC and DLV configuration and priming tool
Name: dnssec-conf
Version: 1.21
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2+
Url: http://www.xelerance.com/software/dnssec-conf/
Source0: http://www.xelerance.com/software/%{name}/%{name}-%{version}.tar.gz
@@ -47,11 +47,13 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}/etc/pki/
%clean
rm -rf ${RPM_BUILD_ROOT}
-%triggerpostun -- dnssec-conf < 1.21-3
+%triggerpostun -- dnssec-conf < 1.21-4
# we use a trigger because otherwise unbound restarts too soon and uses
# keyfiles that are about to get removed.
# remove old RIPE trust anchors from the generated bind include
-sed -i "/^.*reverse.*$/d" /etc/pki/dnssec-keys/named.dnssec.keys
+for keyfile in /etc/pki/dnssec-keys/named.dnssec.keys /etc/named.dnssec.keys; do
+ [ -f $keyfile ] && sed -i "/^.*reverse.*$/d" $keyfile
+done
# restart DNS servers which might be using now removed DNSSEC keys
/sbin/service named try-restart >/dev/null 2>&1 || :;
/sbin/service unbound try-restart >/dev/null 2>&1 || :;
@@ -72,6 +74,10 @@ sed -i "/^.*reverse.*$/d" /etc/pki/dnsse
%{_mandir}/*/*
%changelog
+* Tue Feb 09 2010 Paul Wouters <paul at xelerance.com> - 1.21-4
+- Also remove the RIPE trust anchors from the named.dnssec.keys if the file
+ lives in /etc
+
* Thu Feb 05 2010 Paul Wouters <paul at xelerance.com> - 1.21-3
- Do not ship DNSSEC trust anchors for in-addr.arpa zones. Rely on the DLV
and (from July 2010 onwards) the signed root
More information about the scm-commits
mailing list