Sisyphus repository
Last update: 5 june 2023 | SRPMs: 18455 | Visits: 27942961
en ru br
ALT Linux repos
5.0: 9.3.6-alt5
4.1: 9.3.6-alt4.M41.2
4.0: 9.3.6-alt4.M41.1
3.0: 9.2.4.rel-alt2

Group :: System/Servers
RPM: bind

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs and FR  Repocop 

%define _unpackaged_files_terminate_build 1

# build rules

%def_with docs
%def_with openssl
%def_with libjson
%def_without python
%def_with check
%def_without system_tests

# common directory for documentation

%define docdir %_docdir/bind-%version
# root directory for chrooted environment
%define _chrootdir %_localstatedir/bind
%define run_dir /run/named
%define log_dir %_logdir/named
%define restart_flag /run/named/named.restart

%define named_user named
%define named_group named

%ifndef timestamp
%define timestamp %(TZ=UTC LC_TIME=C date +%%Y%%m%%d)

Name: bind
Version: 9.16.41
%define src_version 9.16.41
Release: alt1

Summary: ISC BIND - DNS server
License: MPL-2.0
Group: System/Servers


Source0: %name-%version.tar
Source3: README.bind-devel

Source11: bind.init

Source21: rndc.conf
Source22: rndc.key

Source31: bind.named.conf
Source32: bind.options.conf
Source33: bind.rndc.conf
Source34: bind.local.conf
Source35: bind.rfc1912.conf
Source36: bind.rfc1918.conf
Source37: bind.sysconfig

Source41: bind.localhost
Source42: bind.localdomain
Source44: bind.empty

Source50: bind.service
Source51: bind.tmpfiles.conf

# NB: there must be at least one patch :)

Patch0001: 0001-ALT-defaults-Reintroduce-chrooted-named-by-default.patch
Patch0002: 0002-ALT-Minimize-linux-capabilities.patch
Patch0003: 0003-ALT-Make-it-possible-to-retain-Linux-capabilities-of.patch
Patch0004: 0004-ALT-named-Allow-non-writable-working-directory.patch
Patch0005: 0005-ALT-tests-Unchroot-named-for-tests.patch
Patch0006: 0006-ALT-tests-Add-tests-for-signing-with-custom-OpenSSL.patch
Patch0007: 0007-ALT-tests-Raise-expected-delta-time-for-cds.patch
Patch0008: 0008-ALT-tests-Wait-up-to-30sec-for-the-server-start.patch

%if_with docs
BuildRequires: python3(sphinx)
BuildRequires: python3(sphinx_rtd_theme)

%if_with check
# for backtraces
BuildRequires: gdb
%if_with system_tests
BuildRequires: python3(dns)
BuildRequires: python3(hypothesis)
# requires only for pkcs11 tests
BuildRequires: softhsm
BuildRequires: libp11
BuildRequires: opensc
BuildRequires: rpm-build-vm
BuildRequires: /sbin/runuser
BuildRequires: /dev/kvm

BuildRequires: iproute2
BuildRequires: perl-Net-DNS
BuildRequires: perl-File-Fetch
BuildRequires: perl-Digest-HMAC
BuildRequires: python3(pytest)

Provides: bind-chroot(%_chrootdir)
Obsoletes: bind-chroot, bind-debug, bind-slave, caching-nameserver
# Because of /etc/syslog.d/ feature.
Conflicts: syslogd < 1.4.1-alt11
Requires(pre): bind-control >= 1.3

# due to %_chrootdir/dev/log

BuildPreReq: coreutils

# due to broken configure script

BuildPreReq: gcc-c++

# for better --enable-linux-caps experience

BuildPreReq: libcap-devel

%{?_with_openssl:BuildPreReq: libssl-devel}
%{?_with_libjson:BuildPreReq: libjson-c-devel}
BuildPreReq: libkrb5-devel
BuildRequires: libuv-devel
BuildRequires: libidn2-devel

%package utils
Summary: Utilities provided by ISC BIND
Group: Networking/Other
Requires: libbind = %EVR

%package -n libbind
Summary: Shared library used by ISC BIND
Group: System/Libraries
Provides: libdns = %EVR
Provides: libisc = %EVR
Provides: libisccc = %EVR
Provides: libisccfg = %EVR
Obsoletes: libdns8, libdns9, libdns10, libdns11, libdns16
Obsoletes: libisc4, libisc7, libisccc0, libisccfg0

%package devel
Summary: ISC BIND development libraries and headers
Group: Development/C
Requires: libbind = %EVR
Provides: libisc-export-devel = %EVR
Obsoletes: libisc-export-devel < %version

%if_with docs
%package doc
Summary: Documentation for ISC BIND
Group: Development/Other
BuildArch: noarch
Prefix: %prefix

The Berkeley Internet Name Domain (BIND) implements an Internet domain
name server.  BIND is the most widely-used name server software on the
Internet, and is supported by the Internet Software Consortium (ISC).

This package provides the %src_version server and related
configuration files.

%description utils
This package contains various utilities related to DNS that are derived
from the BIND %src_version source tree, including dig, host,
nslookup and nsupdate.

%description -n libbind
This package contains shared libraries used by BIND's %src_version
daemons and clients.

%description devel
This package contains development libraries, header files, and API man
pages for libdns, libisc, libisccc, libisccfg. These are
only needed if you want to compile packages that need more BIND
%src_version nameserver API than the resolver code provided by

%if_with docs
%description doc
This package provides various documents that are useful for maintaining
a working BIND %src_version installation.


# NB: there must be at least one patch :)

%autopatch -p2

mkdir addon
install -pm644 \
   %_sourcedir/bind.init \
   %_sourcedir/bind.named.conf \
   %_sourcedir/bind.options.conf \
   %_sourcedir/bind.rndc.conf \
   %_sourcedir/bind.local.conf \
   %_sourcedir/bind.rfc1912.conf \
   %_sourcedir/bind.rfc1918.conf \
   %_sourcedir/bind.localhost \
   %_sourcedir/bind.localdomain \
   %_sourcedir/ \
   %_sourcedir/bind.empty \
   %_sourcedir/bind.sysconfig \
   %_sourcedir/bind.service \
   %_sourcedir/bind.tmpfiles.conf \
   %_sourcedir/rndc.conf \
   %_sourcedir/rndc.key \

find -type f -print0 |
xargs -r0 grep -lZ ' at [A-Z_]\+ at ' -- |
xargs -r0 sed -i \
s, at ROOT at ,%_chrootdir,g;
s, at DISTRO_OPTIONS at ,-u %named_user,g;
s, at RUN_DIR at ,%run_dir,g;
s, at NAMED_USER at ,%named_user,g;
s, at LOG_DIR at ,%log_dir,g;
' --

%if_with docs
# see HTMLTARGET in and doc/arm/
export SPHINX_BUILD=/usr/bin/sphinx-build-3

%configure \
--localstatedir=/var \
--with-libidn2 \
--enable-linux-caps \
--enable-fixed-rrset \
%{subst_with openssl} \
%if_with libjson
--with-json-c=yes \
%{subst_with python} \
--disable-static \
--includedir=%{_includedir}/bind9 \
--with-libtool \
--with-gssapi=yes \


%if_with docs
%make doc


# Install additional headers.

install -pm644 lib/isc/unix/errno2result.h %buildroot%_includedir/bind9/isc/

# Install startup scripts.

install -pD -m755 addon/bind.init %buildroot%_initdir/bind

# Install systemd service

install -pD -m644 addon/bind.service %buildroot%_unitdir/bind.service
install -pD -m644 addon/bind.tmpfiles.conf %buildroot%_tmpfilesdir/bind.conf

# Install configurations files

install -pm640 addon/rndc.conf %buildroot%_sysconfdir/
install -pD -m644 addon/bind.sysconfig %buildroot%_sysconfdir/sysconfig/bind

mkdir -p %buildroot%run_dir
mkdir -p %buildroot%log_dir

# Create a chrooted environment...

mkdir -p %buildroot%_chrootdir/{dev,%_sysconfdir,var/run,session,zone/slave}
for n in named options rndc local rfc1912 rfc1918; do
install -pm640 "addon/bind.$n.conf" \
for n in localhost localdomain empty; do
install -pm640 "addon/bind.$n" \
sed -i s/YYYYMMDDNN/%{timestamp}00/ \

install -pm640 addon/rndc.key bind.keys %buildroot%_chrootdir%_sysconfdir/
ln -snfr %buildroot%_sysconfdir/bind/{named.conf,bind.keys} \

# Create symlinks for unchrooted bind.

ln -snf . %buildroot%_chrootdir%_sysconfdir/bind
ln -snf ../zone %buildroot%_chrootdir%_sysconfdir/zone
ln -snfr %buildroot%_chrootdir%_sysconfdir %buildroot%_sysconfdir/bind

# Make use of syslogd-1.4.1-alt11 /etc/syslog.d/ feature.

/usr/bin/mksock %buildroot%_chrootdir/dev/log
mkdir %buildroot%_sysconfdir/syslog.d
ln -s %_chrootdir/dev/log %buildroot%_sysconfdir/syslog.d/bind
#... end of the chroot configuration.

# ALT docs

mkdir -p %buildroot%docdir
cp -a README %SOURCE3 %SOURCE4 CHANGES %buildroot%docdir/

%if_with docs
mkdir -p %buildroot%docdir/arm
cp -a doc/arm/_build/html %buildroot%docdir/arm/

# legacy path for plugins (for example, bind-dyndb-ldap)

mkdir -p %buildroot%_libdir/bind

# filetrigger: delayed restart of named if named or its plugins were

# installed/upgraded
mkdir -p %buildroot%_rpmlibdir
cat > %buildroot%_rpmlibdir/%name-restart.filetrigger <<'EOF'
#!/bin/sh -u
# delayed restart of named if its plugins were installed/upgraded

grep -qsE -- '^%_libdir/(named|bind)/' && [ -f '%restart_flag' ] || exit 0
rm -f '%restart_flag'

service bind start
exit 0
chmod 0755 %buildroot%_rpmlibdir/%name-restart.filetrigger

%if_with system_tests
# setup and teardown require root
perl bin/tests/system/ || sudo sh -x bin/tests/system/ up

# setup softhsm

export SOFTHSM_MODULE_PATH=%_libdir/softhsm/
export SOFTHSM2_CONF=/tmp/softhsm2/softhsm2.conf
export OPENSSL_CONF=/tmp/softhsm2/openssl.cnf
export PKCS11_ENGINE=pkcs11
export SLOT=$(sh -eu bin/tests/

# tests are run as current user

# see .gitlab-ci.yml
pushd bin/tests/system
# named must be unchrooted for upstream tests
export ALT_NAMED_OPTIONS=' -t / '
SYSTEMTEST_NO_CLEAN=1 %make_build -k test V=1

# depends on PKCS11_TEST, which is only defined if named is built with native

# PKCS11

# teardown

sudo sh bin/tests/system/ down

# today's (2021) vm-run (underlying KVM) is relatively slow.
# The complete tests suite takes ~1h on x86_64 and results are not stable atm.
# I tried to filter out some expected heavy tests by roughly the number of
# named instances they use (<=2). The expected acceptable tests time is ~10min
# on x86_64.

cat > <<'_EOF'
# setup
perl bin/tests/system/ || sh -x bin/tests/system/ up
ip a

# tests

# named must be unchrooted for upstream tests
export ALT_NAMED_OPTIONS=' -t / '

pushd bin/tests/system
source ./
for testdir in $SUBDIRS; do
   subns=$(find "$testdir" -maxdepth 1 -type d -name "ns[0-9]" | wc -l)
   if [ $subns -lt 2 ]; then
       runuser -u "$runas" -- sh "$testdir"

# teardown

sh bin/tests/system/ down
time vm-run --kvm=cond --sbin -- /bin/bash --norc --noprofile -eu "$(id -un)"

/usr/sbin/groupadd -r -f %named_group
/usr/sbin/useradd -r -g %named_group -d %_chrootdir -s /dev/null -n \
   -c "Domain Name Server" %named_user >/dev/null 2>&1 ||:
[ -f %_initdir/named -a ! -L %_initdir/named ] && /sbin/chkconfig --del named ||:

# save running status and use it in post-transaction

rm -f '%restart_flag'

if [ "$1" -gt 1 ]; then
   if sd_booted && "$SYSTEMCTL" --version >/dev/null 2>&1; then
       "$SYSTEMCTL" is-active bind.service >/dev/null 2>&1 &&
       "$SYSTEMCTL" stop bind.service 2>/dev/null &&
       mkdir -p "$(dirname '%restart_flag')" &&
       touch '%restart_flag' 2>/dev/null ||:
       %_initdir/bind status >/dev/null 2>&1 &&
       %_initdir/bind stop 2>/dev/null &&
       mkdir -p "$(dirname '%restart_flag')" &&
       touch '%restart_flag' 2>/dev/null ||:

%pre_control bind-chroot bind-debug bind-slave bind-caps

%preun_service bind

if grep -qs '^SYSLOGD_OPTIONS=.*-a %_chrootdir/dev/log' "$SYSLOGD_CONFIG"; then
# Remove artefacts of pre-syslog.d epoch.
sed -i 's|^\(SYSLOGD_OPTIONS=.*\) \?-a %_chrootdir/dev/log|\1|' "$SYSLOGD_CONFIG"
if [ -x "$SYSLOGD_SCRIPT" ]; then
"$SYSLOGD_SCRIPT" condreload ||:

%post_control -s enabled bind-chroot
%post_control -s disabled bind-debug bind-slave bind-caps

# next section is the copy of post_service, but

# it doesn't restart named since this is responsibility of filetrigger
if sd_booted && "$SYSTEMCTL" --version >/dev/null 2>&1; then
   "$SYSTEMCTL" daemon-reload
   if [ "$1" -eq 1 ]; then
       "$SYSTEMCTL" -q preset bind
   if [ "$1" -eq 1 ]; then
       chkconfig --add bind
       chkconfig bind resetpriorities

%triggerun -- bind < 9.11.19-alt3
if [ $2 -gt 0 -a -f $F ]; then
grep -q '^#\?CHROOT=' $F || echo '#CHROOT="-t /"' >> $F
grep -q '^#\?RETAIN_CAPS=' $F || echo '#RETAIN_CAPS="-r"' >> $F

%files -n libbind

%files devel
%dir %docdir

%dir %docdir
# plugins
%dir %_libdir/named
# legacy path for plugins (for example, bind-dyndb-ldap)
%dir %_libdir/bind

%config %_initdir/bind
%config(noreplace) %_sysconfdir/sysconfig/bind
%config(noreplace) %attr(640,root,%named_group) %_sysconfdir/rndc.conf
%dir %attr(770,root,%named_group) %run_dir
%dir %attr(770,root,%named_group) %log_dir




%dir %_chrootdir
%dir %_chrootdir/dev
%dir %_chrootdir%_sysconfdir
%dir %attr(1770,root,%named_group) %_chrootdir/zone
%dir %attr(700,root,%named_group) %verify(not mode) %_chrootdir/zone/slave
%dir %attr(700,root,%named_group) %verify(not mode) %_chrootdir/var
%dir %attr(1770,root,%named_group) %_chrootdir/var/run
%dir %attr(700,root,%named_group) %_chrootdir/session
%config(noreplace) %_chrootdir%_sysconfdir/*.conf
%config(noreplace) %verify(not md5 mtime size) %_chrootdir%_sysconfdir/rndc.key
%attr(-,root,root) %_chrootdir%_sysconfdir/bind
%attr(-,root,root) %_chrootdir%_sysconfdir/zone
%config %_chrootdir/zone/localhost
%config %_chrootdir/zone/localdomain
%config %_chrootdir/zone/
%config %_chrootdir/zone/empty

%ghost %attr(666,root,root) %_chrootdir/dev/*

%files utils

%if_with docs
%files doc
%dir %docdir


Full changelog you can see here

design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin