[dnssec-trigger] Fix typo in the dnssec-trigger-script (#1187371)
Tomas Hozza
thozza at fedoraproject.org
Fri Mar 13 15:17:51 UTC 2015
commit e6bfbb9aba3f5f4283d80e78c9009b1afe72cc67
Author: Tomas Hozza <thozza at redhat.com>
Date: Fri Mar 13 15:55:17 2015 +0100
Fix typo in the dnssec-trigger-script (#1187371)
- Use Python3 by default
Signed-off-by: Tomas Hozza <thozza at redhat.com>
...igger-0.12-script-fixes-python-key-length.patch | 227 +++++++++++++++++++++
dnssec-trigger.spec | 19 +-
2 files changed, 241 insertions(+), 5 deletions(-)
---
diff --git a/dnssec-trigger-0.12-script-fixes-python-key-length.patch b/dnssec-trigger-0.12-script-fixes-python-key-length.patch
new file mode 100644
index 0000000..334c637
--- /dev/null
+++ b/dnssec-trigger-0.12-script-fixes-python-key-length.patch
@@ -0,0 +1,227 @@
+From 47323af3dfd5afe38ebd90f550ad5d7dc078e860 Mon Sep 17 00:00:00 2001
+From: wouter <wouter at 14dc9c71-5cc2-e011-b339-0019d10b89f4>
+Date: Thu, 12 Mar 2015 15:37:44 +0000
+Subject: [PATCH] - Patches from Tomas Hozza (7): dnssec-trigger-script:
+ Fix wrong default value in configuration dnssec-trigger-script: Fix
+ formatting errors dnssec-trigger-script: Remove unused class Allow
+ to select the default Python interpretter during build Fix
+ 01-dnssec-trigger NOT to hardcode shell path dnssec-trigger-script: Fix
+ typo when adding search domains dnssec-trigger-control-setup: Use 3072
+ bit keys
+
+git-svn-id: http://www.nlnetlabs.nl/svn/dnssec-trigger/trunk@693 14dc9c71-5cc2-e011-b339-0019d10b89f4
+---
+ 01-dnssec-trigger.in | 2 +-
+ Changelog | 10 ++++++++++
+ Makefile.in | 3 +++
+ config.h.in | 3 +++
+ configure | 25 +++++++++++++++++++++++++
+ configure.ac | 10 ++++++++++
+ dnssec-trigger-control-setup.sh.in | 4 +++-
+ dnssec-trigger-script.in | 21 +++++----------------
+ 8 files changed, 60 insertions(+), 18 deletions(-)
+
+diff --git a/01-dnssec-trigger.in b/01-dnssec-trigger.in
+index f410723..8ece20e 100644
+--- a/01-dnssec-trigger.in
++++ b/01-dnssec-trigger.in
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!0SHELL0
+ #
+ # Script to notify dnssec-trigger that the DNS configuration in NetworkManager
+ # may have changed.
+diff --git a/Makefile.in b/Makefile.in
+index 8d4de79..5b356fc 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -20,6 +20,7 @@ endif
+
+ SHELL=@SHELL@
+ VERSION=@PACKAGE_VERSION@
++PYTHON=@PYTHON@
+ srcdir=@srcdir@
+ prefix=@prefix@
+ exec_prefix=@exec_prefix@
+@@ -223,6 +225,7 @@ networkmanager-hook: 01-dnssec-trigger dnssec-trigger-script
+
+ dnssec-trigger-script: $(srcdir)/dnssec-trigger-script.in Makefile
+ cp $< $@
++ sed -e 's?0PYTHON0?$(PYTHON)?' < $(srcdir)/dnssec-trigger-script.in > $@
+ chmod +x $@
+
+ osx/RiggerStatusItem/log.c: $(srcdir)/riggerd/log.c osx/RiggerStatusItem
+diff --git a/config.h.in b/config.h.in
+index e79b245..022d056 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -258,6 +258,9 @@
+ /* default pidfile name for dnssec-trigger */
+ #undef PIDFILE
+
++/* default Python interpreter path for all Python scripts */
++#undef PYTHON
++
+ /* Define as the return type of signal handlers (`int' or `void'). */
+ #undef RETSIGTYPE
+
+diff --git a/configure b/configure
+index 2082a49..a53d6b2 100755
+--- a/configure
++++ b/configure
+@@ -626,6 +626,7 @@ DATE
+ LDNSLIBS
+ ldnsdir
+ unbound_control_path
++PYTHON
+ pidfile
+ configfile
+ uidir
+@@ -718,6 +719,7 @@ with_keydir
+ with_uidir
+ with_configfile
+ with_pidfile
++with_python
+ with_unbound_control
+ with_ldns
+ enable_rpath
+@@ -1383,6 +1385,8 @@ Optional Packages:
+ keydir/dnssec-trigger.conf
+ --with-pidfile=path set the pidfile to use, default
+ /var/run/dnssec-trigger.pid
++ --with-python=path set the path to Python interpreter to use for Python
++ scripts, defaults /usr/bin/python
+ --with-unbound-control=path
+ set the unbound-control to use, default what
+ configure finds in its path
+@@ -7336,6 +7340,27 @@ _ACEOF
+
+
+
++# Check whether --with-python was given.
++if test "${with_python+set}" = set; then :
++ withval=$with_python;
++else
++ withval=""
++fi
++
++PYTHON="/usr/bin/python"
++if test -n "$withval"; then
++ PYTHON="$withval"
++fi
++python_esc="`echo $PYTHON | sed -e 's/\\\\/\\\\\\\\/g'`"
++
++
++cat >>confdefs.h <<_ACEOF
++#define PYTHON "$python_esc"
++_ACEOF
++
++
++
++
+ # Check whether --with-unbound-control was given.
+ if test "${with_unbound_control+set}" = set; then :
+ withval=$with_unbound_control;
+diff --git a/configure.ac b/configure.ac
+index 1f9967b..4c1c716 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -504,6 +504,16 @@ ACX_ESCAPE_BACKSLASH($pidfile, pidfile_esc)
+ AC_DEFINE_UNQUOTED([PIDFILE], ["$pidfile_esc"], [default pidfile name for dnssec-trigger])
+ AC_SUBST(pidfile)
+
++AC_ARG_WITH([python], AC_HELP_STRING([--with-python=path],
++[set the path to Python interpreter to use for Python scripts, defaults /usr/bin/python]),, withval="")
++PYTHON="/usr/bin/python"
++if test -n "$withval"; then
++ PYTHON="$withval"
++fi
++ACX_ESCAPE_BACKSLASH($PYTHON, python_esc)
++AC_DEFINE_UNQUOTED([PYTHON], ["$python_esc"], [default Python interpreter path for all Python scripts])
++AC_SUBST(PYTHON)
++
+ AC_ARG_WITH([unbound-control], AC_HELP_STRING([--with-unbound-control=path],
+ [set the unbound-control to use, default what configure finds in its path]),, withval="")
+ AC_MSG_CHECKING([for unbound-control])
+diff --git a/dnssec-trigger-control-setup.sh.in b/dnssec-trigger-control-setup.sh.in
+index 7d0387a..7cc305a 100644
+--- a/dnssec-trigger-control-setup.sh.in
++++ b/dnssec-trigger-control-setup.sh.in
+@@ -48,7 +48,9 @@ CLIENTNAME=dnssec-trigger-control
+ DAYS=7200
+
+ # size of keys in bits
+-BITS=1536
++# recommendation for new systems is to use at least 3072 bits
++# http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report
++BITS=3072
+
+ # hash algorithm
+ HASH=sha256
+diff --git a/dnssec-trigger-script.in b/dnssec-trigger-script.in
+index 830baa9..7bf6c2e 100644
+--- a/dnssec-trigger-script.in
++++ b/dnssec-trigger-script.in
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!0PYTHON0
+ # -*- coding: utf-8 -*-
+ """
+ @author: Tomas Hozza <thozza at redhat.com>
+@@ -57,7 +57,7 @@ class Config:
+ "use_vpn_global_forwarders": False,
+ "use_resolv_conf_symlink": False,
+ "use_resolv_secure_conf_symlink": False,
+- "use_private_address_ranges": TRUE,
++ "use_private_address_ranges": True,
+ "set_search_domains": False,
+ "keep_positive_answers": False,
+ }
+@@ -86,7 +86,7 @@ class Config:
+
+ config = Config()
+ if config.debug:
+- log.setLevel(logging.DEBUG);
++ log.setLevel(logging.DEBUG)
+
+ class ConnectionList:
+ """List of NetworkManager active connections"""
+@@ -186,7 +186,7 @@ class Connection:
+ pass
+ try:
+ self.servers += [self.ip6_to_str(connection.get_ip6_config().get_nameserver(i))
+- for i in range(connection.get_ip6_config().get_num_nameservers())]
++ for i in range(connection.get_ip6_config().get_num_nameservers())]
+ except AttributeError:
+ pass
+
+@@ -353,17 +353,6 @@ class Store:
+ zone_file.write("{}\n".format(zone))
+ os.rename(self.path_tmp, self.path)
+
+-class GlobalForwarders:
+- def __init__(self):
+- self.cache = set()
+- try:
+- with open(self.path) as zone_file:
+- for line in zone_file:
+- line = line.strip()
+- if line:
+- self.cache.add(line)
+- except IOError:
+- pass
+
+ class Application:
+ resolvconf = "/etc/resolv.conf"
+@@ -490,7 +479,7 @@ class Application:
+ Called by dnssec-trigger.
+ """
+
+- if config.add_search_domains:
++ if config.set_search_domains:
+ zones = set(sum((connection.zones for connection in ConnectionList(self.client)), []))
+ log.info("Search domains: " + ' '.join(zones))
+ self.resolvconf_localhost_contents = self.__class__.resolvconf_localhost_contents
+--
+2.1.0
+
diff --git a/dnssec-trigger.spec b/dnssec-trigger.spec
index 8800034..81dcdc8 100644
--- a/dnssec-trigger.spec
+++ b/dnssec-trigger.spec
@@ -3,7 +3,7 @@
Summary: NetworkManager plugin to update/reconfigure DNSSEC resolving
Name: dnssec-trigger
Version: 0.12
-Release: 18%{?dist}
+Release: 19%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/
Source0: http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz
@@ -43,6 +43,8 @@ Patch5: dnssec-trigger-0.12-probe.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1130502
# https://bugzilla.redhat.com/show_bug.cgi?id=1128310
Patch6: dnssec-trigger-0.12-dnssec-conf.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1187371 + other fixes
+Patch7: dnssec-trigger-0.12-script-fixes-python-key-length.patch
Requires(postun): initscripts
Requires: ldns >= 1.6.10, NetworkManager-glib, unbound, xdg-utils
@@ -59,7 +61,7 @@ Requires: NetworkManager >= 0.9.9.0-40
%endif
%endif
Requires(pre): shadow-utils
-BuildRequires: desktop-file-utils systemd-units, openssl-devel, ldns-devel
+BuildRequires: desktop-file-utils systemd-units, openssl-devel, ldns-devel, python3-devel
BuildRequires: gtk2-devel, NetworkManager-devel
BuildRequires: systemd
@@ -85,14 +87,17 @@ sed -i "s/-panel//" panel/dnssec-trigger-panel.desktop.in
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
-# change default RSA key between deamon/control from 1536 to 3072
-sed -i "s/BITS=1536/BITS=3072/" dnssec-trigger-control-setup.sh.in
# don't use DNSSEC for forward zones for now
sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zones=no/" dnssec.conf
%build
-%configure --with-keydir=/etc/dnssec-trigger --with-hooks=networkmanager
+%configure \
+ --with-keydir=/etc/dnssec-trigger \
+ --with-hooks=networkmanager \
+ --with-python=%{__python3}
+
%{__make} %{?_smp_mflags}
%install
@@ -163,6 +168,10 @@ fi
%systemd_postun_with_restart %{name}d.service
%changelog
+* Fri Mar 13 2015 Tomas Hozza <thozza at redhat.com> - 0.12-19
+- Fix typo in the dnssec-trigger-script (#1187371)
+- Use Python3 by default
+
* Mon Jan 26 2015 Pavel Šimerda <psimerda at redhat.com> - 0.12-18
- Resolves: #1185796, #1130502, #1105685, #1128310 – update
More information about the scm-commits
mailing list