From f13789f50abbd456967755ce2ac9b9bf2264cb4a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 7 May 2019 08:28:42 -0400 Subject: [PATCH] import dnssec-trigger-0.15-4.el8 --- .dnssec-trigger.metadata | 1 + .gitignore | 1 + ...-dnssec-trigger-script-port-to-libnm.patch | 108 +++++ SOURCES/dnssec-trigger-default.conf | 99 ++++ SOURCES/dnssec-trigger-workstation.conf | 101 +++++ SOURCES/dnssec-trigger.tmpfiles.d | 1 + SPECS/dnssec-trigger.spec | 427 ++++++++++++++++++ 7 files changed, 738 insertions(+) create mode 100644 .dnssec-trigger.metadata create mode 100644 .gitignore create mode 100644 SOURCES/0001-dnssec-trigger-script-port-to-libnm.patch create mode 100644 SOURCES/dnssec-trigger-default.conf create mode 100644 SOURCES/dnssec-trigger-workstation.conf create mode 100644 SOURCES/dnssec-trigger.tmpfiles.d create mode 100644 SPECS/dnssec-trigger.spec diff --git a/.dnssec-trigger.metadata b/.dnssec-trigger.metadata new file mode 100644 index 0000000..802ea06 --- /dev/null +++ b/.dnssec-trigger.metadata @@ -0,0 +1 @@ +36fd7c2aefaf7b5f066ad993bdc948126f3bf21f SOURCES/dnssec-trigger-0.15.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..30d03f7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/dnssec-trigger-0.15.tar.gz diff --git a/SOURCES/0001-dnssec-trigger-script-port-to-libnm.patch b/SOURCES/0001-dnssec-trigger-script-port-to-libnm.patch new file mode 100644 index 0000000..5891c2b --- /dev/null +++ b/SOURCES/0001-dnssec-trigger-script-port-to-libnm.patch @@ -0,0 +1,108 @@ +From ef18b39abdb5e8bf870ada3c108ab7f083405d2c Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Thu, 15 Feb 2018 17:57:52 +0100 +Subject: [PATCH] dnssec-trigger-script: port to libnm + +The libnm-glib is depreacted for a long time already and is eventually +going away. +--- + dnssec-trigger-script.in | 51 ++++++++++++++---------------------------------- + 1 file changed, 15 insertions(+), 36 deletions(-) + +diff --git a/dnssec-trigger-script.in b/dnssec-trigger-script.in +index 5f70580..14d9278 100644 +--- a/dnssec-trigger-script.in ++++ b/dnssec-trigger-script.in +@@ -13,14 +13,13 @@ import glob + import subprocess + import logging + import logging.handlers +-import socket + import struct + import signal + + import gi +-gi.require_version('NMClient', '1.0') ++gi.require_version('NM', '1.0') + +-from gi.repository import NMClient ++from gi.repository import NM + + # Python compatibility stuff + if not hasattr(os, "O_CLOEXEC"): +@@ -132,7 +131,7 @@ class ConnectionList: + + def __init__(self, client, only_default=False, only_vpn=False, skip_wifi=False): + # Cache the active connection list in the class +- if not client.get_manager_running(): ++ if not client.get_nm_running(): + raise UserError("NetworkManager is not running.") + if self.nm_connections is None: + self.__class__.nm_connections = client.get_active_connections() +@@ -208,40 +207,20 @@ class Connection: + self.uuid = connection.get_uuid() + + self.zones = [] +- try: +- self.zones += connection.get_ip4_config().get_domains() +- except AttributeError: +- pass +- try: +- self.zones += connection.get_ip6_config().get_domains() +- except AttributeError: +- pass +- + self.servers = [] +- try: +- self.servers += [self.ip4_to_str(server) for server in connection.get_ip4_config().get_nameservers()] +- except AttributeError: +- pass +- try: +- self.servers += [self.ip6_to_str(connection.get_ip6_config().get_nameserver(i)) +- for i in range(connection.get_ip6_config().get_num_nameservers())] +- except AttributeError: +- pass +- +- def __repr__(self): +- return "".format(**vars(self)) + +- @staticmethod +- def ip4_to_str(ip4): +- """Converts IPv4 address from integer to string.""" +- +- return socket.inet_ntop(socket.AF_INET, struct.pack("=I", ip4)) ++ ip4_config = connection.get_ip4_config() ++ if ip4_config is not None: ++ self.zones += ip4_config.get_domains() ++ self.servers += ip4_config.get_nameservers() + +- @staticmethod +- def ip6_to_str(ip6): +- """Converts IPv6 address from integer to string.""" ++ ip6_config = connection.get_ip6_config() ++ if ip6_config is not None: ++ self.zones += ip6_config.get_domains() ++ self.servers += ip6_config.get_nameservers() + +- return socket.inet_ntop(socket.AF_INET6, ip6) ++ def __repr__(self): ++ return "".format(**vars(self)) + + @property + def ignore(self): +@@ -466,10 +445,10 @@ class Application: + except AttributeError: + self.usage() + +- self.client = NMClient.Client().new() ++ self.client = NM.Client().new() + + def nm_handles_resolv_conf(self): +- if not self.client.get_manager_running(): ++ if not self.client.get_nm_running(): + log.debug("NetworkManager is not running") + return False + try: +-- +2.13.6 + diff --git a/SOURCES/dnssec-trigger-default.conf b/SOURCES/dnssec-trigger-default.conf new file mode 100644 index 0000000..cc18335 --- /dev/null +++ b/SOURCES/dnssec-trigger-default.conf @@ -0,0 +1,99 @@ +# Fedora/EPEL version of dnssec-trigger.conf + +# logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail. +# verbosity: 1 + +# pidfile location +pidfile: "/var/run/dnssec-triggerd.pid" + +# log to a file instead of syslog, default is to syslog +# logfile: "/var/log/dnssec-trigger.log" + +# log to syslog, or (log to to stderr or a logfile if specified). yes or no. +# use-syslog: yes + +# chroot to this directory +# chroot: "" + +# the unbound-control binary if not found in PATH. +# commandline options can be appended "unbound-control -c my.conf" if you wish. +# unbound-control: "/usr/sbin/unbound-control" + +# where is resolv.conf to edit. +# resolvconf: "/etc/resolv.conf" + +# the domain example.com line (if any) to add to resolv.conf(5). default none. +# domain: "" + +# domain name search path to add to resolv.conf(5). default none. +# the search path from DHCP is not picked up, it could be used to misdirect. +# search: "" + +# the command to run to open login pages on hot spots, a web browser. +# empty string runs no command. +# login-command: "xdg-open" + +# the url to open to get hot spot login, it gets overridden by the hotspot. +# login-location: "http://www.nlnetlabs.nl/projects/dnssec-trigger" +# should to be a ttl=0 entry +login-location: "http://hotspot-nocache.fedoraproject.org/" + +# do not perform actions (unbound-control or resolv.conf), for a dry-run. +# noaction: no + +# port number to use for probe daemon. +# port: 8955 + +# keys and certificates generated by the dnssec-trigger-keygen systemd service +# (which called dnssec-trigger-control-setup) +server-key-file: "/etc/dnssec-trigger/dnssec_trigger_server.key" +server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem" +control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key" +control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem" + +# check for updates, download and ask to install them (for Windows, OSX). +# check-updates: no + +# webservers that are probed to see if internet access is possible. +# They serve a simple static page over HTTP port 80. It probes a random url: +# after a space is the content expected on the page, (the page can contain +# whitespace before and after this code). Without urls it skips http probes. + +# provided by NLnetLabs +# It is provided on a best effort basis, with no service guarantee. +# url: "http://ster.nlnetlabs.nl/hotspot.txt OK" + +# provided by FedoraProject +url: "http://fedoraproject.org/static/hotspot.txt OK" + +# fallback open DNSSEC resolvers that run on TCP port 80 and TCP port 443. +# the ssl443 adds an ssl server IP, if you specify a hash it is checked, put +# the following on one line: ssl443: +# hash is output of openssl x509 -sha256 -fingerprint -in server.pem +# You can add more with extra config lines. + +# Provided by fedoraproject.org, #fedora-admin +# It is provided on a best effort basis, with no service guarantee. +ssl443: 140.211.169.201 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 140.211.169.201 +ssl443: 66.35.62.163 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 66.35.62.163 +ssl443: 152.19.134.150 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 152.19.134.150 +ssl443: 2610:28:3090:3001:dead:beef:cafe:fed9 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 2610:28:3090:3001:dead:beef:cafe:fed9 + +# provided by Paul Wouters (pwouters@redhat.com) +# It is provided on a best effort basis, with no service guarantee. +# tcp80: 193.110.157.123 +# tcp80: 2001:888:2003:1004::123 +# ssl443: 193.110.157.123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 +# ssl443: 2001:888:2003:1004::123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 + +# provided by NLnetLabs (www.nlnetlabs.nl) +# It is provided on a best effort basis, with no service guarantee. +# tcp80: 213.154.224.3 +# tcp80: 2001:7b8:206:1:bb:: +# ssl443: 213.154.224.3 DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F +# ssl443: 2001:7b8:206:1:bb:: DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F + diff --git a/SOURCES/dnssec-trigger-workstation.conf b/SOURCES/dnssec-trigger-workstation.conf new file mode 100644 index 0000000..78b0cc6 --- /dev/null +++ b/SOURCES/dnssec-trigger-workstation.conf @@ -0,0 +1,101 @@ +# Fedora/EPEL version of dnssec-trigger.conf + +# logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail. +# verbosity: 1 + +# pidfile location +pidfile: "/var/run/dnssec-triggerd.pid" + +# log to a file instead of syslog, default is to syslog +# logfile: "/var/log/dnssec-trigger.log" + +# log to syslog, or (log to to stderr or a logfile if specified). yes or no. +# use-syslog: yes + +# chroot to this directory +# chroot: "" + +# the unbound-control binary if not found in PATH. +# commandline options can be appended "unbound-control -c my.conf" if you wish. +# unbound-control: "/usr/sbin/unbound-control" + +# where is resolv.conf to edit. +# resolvconf: "/etc/resolv.conf" + +# the domain example.com line (if any) to add to resolv.conf(5). default none. +# domain: "" + +# domain name search path to add to resolv.conf(5). default none. +# the search path from DHCP is not picked up, it could be used to misdirect. +# search: "" + +# the command to run to open login pages on hot spots, a web browser. +# empty string runs no command. +# login-command: "xdg-open" +login-command: "" + +# the url to open to get hot spot login, it gets overridden by the hotspot. +# login-location: "http://www.nlnetlabs.nl/projects/dnssec-trigger" +# should to be a ttl=0 entry +# login-location: "http://hotspot-nocache.fedoraproject.org/" + +# do not perform actions (unbound-control or resolv.conf), for a dry-run. +# noaction: no + +# port number to use for probe daemon. +# port: 8955 + +# keys and certificates generated by the dnssec-trigger-keygen systemd service +# (which called dnssec-trigger-control-setup) +server-key-file: "/etc/dnssec-trigger/dnssec_trigger_server.key" +server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem" +control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key" +control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem" + +# check for updates, download and ask to install them (for Windows, OSX). +# check-updates: no + +# webservers that are probed to see if internet access is possible. +# They serve a simple static page over HTTP port 80. It probes a random url: +# after a space is the content expected on the page, (the page can contain +# whitespace before and after this code). Without urls it skips http probes. + +# provided by NLnetLabs +# It is provided on a best effort basis, with no service guarantee. +# url: "http://ster.nlnetlabs.nl/hotspot.txt OK" + +# provided by FedoraProject +# on Workstation, the detection is turned off +# url: "http://fedoraproject.org/static/hotspot.txt OK" + +# fallback open DNSSEC resolvers that run on TCP port 80 and TCP port 443. +# the ssl443 adds an ssl server IP, if you specify a hash it is checked, put +# the following on one line: ssl443: +# hash is output of openssl x509 -sha256 -fingerprint -in server.pem +# You can add more with extra config lines. + +# Provided by fedoraproject.org, #fedora-admin +# It is provided on a best effort basis, with no service guarantee. +ssl443: 140.211.169.201 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 140.211.169.201 +ssl443: 66.35.62.163 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 66.35.62.163 +ssl443: 152.19.134.150 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 152.19.134.150 +ssl443: 2610:28:3090:3001:dead:beef:cafe:fed9 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 2610:28:3090:3001:dead:beef:cafe:fed9 + +# provided by Paul Wouters (pwouters@redhat.com) +# It is provided on a best effort basis, with no service guarantee. +# tcp80: 193.110.157.123 +# tcp80: 2001:888:2003:1004::123 +# ssl443: 193.110.157.123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 +# ssl443: 2001:888:2003:1004::123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 + +# provided by NLnetLabs (www.nlnetlabs.nl) +# It is provided on a best effort basis, with no service guarantee. +# tcp80: 213.154.224.3 +# tcp80: 2001:7b8:206:1:bb:: +# ssl443: 213.154.224.3 DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F +# ssl443: 2001:7b8:206:1:bb:: DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F + diff --git a/SOURCES/dnssec-trigger.tmpfiles.d b/SOURCES/dnssec-trigger.tmpfiles.d new file mode 100644 index 0000000..000d918 --- /dev/null +++ b/SOURCES/dnssec-trigger.tmpfiles.d @@ -0,0 +1 @@ +d /var/run/dnssec-trigger 0755 root root - diff --git a/SPECS/dnssec-trigger.spec b/SPECS/dnssec-trigger.spec new file mode 100644 index 0000000..8ea9254 --- /dev/null +++ b/SPECS/dnssec-trigger.spec @@ -0,0 +1,427 @@ +%global _hardened_build 1 + +#%%global svn_snapshot 20150714 + +Summary: Tool for dynamic reconfiguration of validating resolver Unbound +Name: dnssec-trigger +Version: 0.15 +Release: 4%{?svn_snapshot:.%{svn_snapshot}svn}%{?dist} +License: BSD +Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/ + +%if 0%{?svn_snapshot:1} +# generated using './makedist.sh -s' in the cloned upstream trunk +Source0: %{name}-%{version}_%{svn_snapshot}.tar.gz +%else +Source0: http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz +%endif +Source1: dnssec-trigger.tmpfiles.d +Source2: dnssec-trigger-default.conf +Source3: dnssec-trigger-workstation.conf + +# Patches +Patch1: 0001-dnssec-trigger-script-port-to-libnm.patch + +# to obsolete the version in which the panel was in main package +Obsoletes: %{name} < 0.12-22 +Suggests: %{name}-panel +# Require a version of NetworkManager that doesn't forget to issue dhcp-change +# https://bugzilla.redhat.com/show_bug.cgi?id=1112248 +%if 0%{?rhel} >= 7 +Requires: NetworkManager >= 0.9.9.1-13 +%else +%if 0%{?fedora} >= 21 +Requires: NetworkManager >= 0.9.9.95-1 +%else +Requires: NetworkManager >= 0.9.9.0-40 +%endif +%endif +Requires: ldns >= 1.6.10, NetworkManager-libnm, unbound +# needed by /usr/sbin/dnssec-trigger-control-setup +# otherwise it ends with error: /usr/sbin/dnssec-trigger-control-setup: line 180: openssl: command not found +Requires: openssl +# needed for /usr/bin/chattr +Requires: e2fsprogs +BuildRequires: openssl-devel, ldns-devel, python3-devel, gcc +BuildRequires: NetworkManager-libnm-devel + +BuildRequires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +# Provides Workstation specific configuration +# - No captive portal detection and no action available on Captive portal (No UI) +Provides: variant_config(Workstation) + +%description +dnssec-trigger reconfigures the local Unbound DNS server. Unbound is a +resolver performing DNSSEC validation. dnssec-trigger is a set of daemon +and script. On every network configuration change dnssec-trigger performs +set of tests and configures Unbound based on the current NetworkManager +configuration, its own configuration and results of performed tests. + + +%package panel +Summary: Applet for interaction between the user and dnssec-trigger +Requires: %{name} = %{version}-%{release} +Obsoletes: %{name} < 0.12-22 +Requires: xdg-utils +BuildRequires: gtk2-devel, desktop-file-utils + +%description panel +This package provides the GTK panel for interaction between the user +and dnssec-trigger daemon. It is able to show the current state and +results of probing performed by dnssec-trigger daemon. Also in case +some user input is needed, the panel creates a dialog window. + + +%prep +%setup -q %{?svn_snapshot:-n %{name}-%{version}_%{svn_snapshot}} + +%patch1 -p1 -b .libnm_port + +# don't use DNSSEC for forward zones for now +sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zones=no/" dnssec.conf + + +%build +%configure \ + --with-keydir=%{_sysconfdir}/dnssec-trigger \ + --with-hooks=networkmanager \ + --with-python=%{__python3} \ + --with-pidfile=%{_localstatedir}/run/%{name}d.pid + +%{__make} %{?_smp_mflags} + + +%install +rm -rf %{buildroot} +%{__make} DESTDIR=%{buildroot} install + +install -d 0755 %{buildroot}%{_unitdir} +install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/%{name}/ +install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/ + +mkdir -p %{buildroot}%{_libexecdir} + +desktop-file-install --dir=%{buildroot}%{_datadir}/applications dnssec-trigger-panel.desktop + +# install the configuration for /var/run/dnssec-trigger into tmpfiles.d dir +mkdir -p %{buildroot}%{_tmpfilesdir} +install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/%{name}.conf +# we must create the /var/run/dnssec-trigger directory +mkdir -p %{buildroot}%{_localstatedir}/run +install -d -m 0755 %{buildroot}%{_localstatedir}/run/%{name} + +# supress the panel name everywhere including the gnome3 panel at the bottom +ln -s dnssec-trigger-panel %{buildroot}%{_bindir}/dnssec-trigger + +# Make dnssec-trigger.8 manpage available under names of all dnssec-trigger-* +# executables +for all in dnssec-trigger-control dnssec-trigger-control-setup dnssec-triggerd; do + ln -s %{_mandir}/man8/dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/"$all".8 +done +ln -s %{_mandir}/man8/dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/dnssec-trigger.conf.8 + + +%post +%systemd_post %{name}d.service + +%preun +%systemd_preun %{name}d.service + +%postun +%systemd_postun_with_restart %{name}d.service + +%posttrans +# If we don't yet have a symlink or existing file for dnssec-trigger.conf, +# create it.. +if [ ! -e %{_sysconfdir}/%{name}/dnssec-trigger.conf ]; then + # Import /etc/os-release to get the variant definition + . /etc/os-release || : + + case "$VARIANT_ID" in + workstation) + ln -sf %{name}-workstation.conf %{_sysconfdir}/%{name}/dnssec-trigger.conf || : + ;; + *) + ln -sf %{name}-default.conf %{_sysconfdir}/%{name}/dnssec-trigger.conf || : + ;; + esac +fi + + + +%files +%license LICENSE +%doc README +%{_bindir}/dnssec-trigger +%{_sbindir}/dnssec-trigger* +%{_libexecdir}/dnssec-trigger-script +%{_unitdir}/%{name}d.service +%{_unitdir}/%{name}d-keygen.service +%attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-dnssec-trigger +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/dnssec.conf +%attr(0755,root,root) %dir %{_sysconfdir}/%{name} +%attr(0644,root,root) %ghost %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger.conf +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger-default.conf +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger-workstation.conf +%dir %{_localstatedir}/run/%{name} +%{_tmpfilesdir}/%{name}.conf +%{_mandir}/man8/dnssec-trigger* + +%files panel +%{_bindir}/dnssec-trigger-panel +%attr(0755,root,root) %dir %{_datadir}/%{name} +%attr(0644,root,root) %{_datadir}/%{name}/* +%attr(0644,root,root) %{_datadir}/applications/dnssec-trigger-panel.desktop +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/xdg/autostart/dnssec-trigger-panel.desktop + + +%changelog +* Mon Feb 19 2018 Tomas Hozza - 0.15-4 +- Added explicit BuildRequires on gcc as required by packaging guidelines +- Added explicit Requires on e2fsprogs, so that /usr/bin/chattr is available +- Remove redundant removal of immutable bit in %%preun scriptlet (#1542400) + +* Mon Feb 19 2018 Tomas Hozza - 0.15-3 +- use NetworkManager-libnm instead of NetworkManager-glib + +* Wed Feb 07 2018 Fedora Release Engineering - 0.15-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Dec 11 2017 Tomas Hozza - 0.15-1 +- Update to stable 0.15 upstream release + +* Fri Aug 18 2017 Petr Menšík - 0.13-6 +- Skip always failing kr.com, update root IPs (#1482939) + +* Wed Aug 02 2017 Fedora Release Engineering - 0.13-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.13-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Mar 08 2017 Tomas Hozza - 0.13-3 +- Rebuild against new ldns + +* Wed Mar 01 2017 Tomas Hozza - 0.13-2 +- Include fix for runtime issues with OpenSSL 1.1.0 (#1427561) + +* Fri Feb 17 2017 Tomas Hozza - 0.13-1 +- Update to stable 0.13 upstream release +- Dropped merged patches + +* Fri Feb 10 2017 Fedora Release Engineering - 0.13-0.6.20150714svn +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Dec 19 2016 Miro Hrončok - 0.13-0.5.20150714svn +- Rebuild for Python 3.6 + +* Wed Feb 03 2016 Fedora Release Engineering - 0.13-0.4.20150714svn +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Nov 10 2015 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 + +* Mon Jul 20 2015 Tomas Hozza - 0.13-0.2.20150714svn +- Provide Workstation specific configuration + +* Wed Jul 15 2015 Tomas Hozza - 0.13-0.1.20150714svn +- split dnssec-trigger panel into separate subpackage (#1236363) +- SPEC file cleanup based on rpmlint and fedora-review issues +- implement some suggestions (#1236363) +- rebase to the latest svn trunk snapshot 0.13_20150714 +- Script is not searching local user directories any more (#1213062) +- Script now doesn't restart NM if version is >= 1.0.3, but sends just signal +- Script now specifies the NMClient version for GI (#1242430) +- Script now sets negative-cache-ttl in unbound to 5 seconds (#1229596) + +* Wed Jun 17 2015 Fedora Release Engineering - 0.12-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Apr 08 2015 Tomas Hozza - 0.12-20 +- Fix issue when installing private address range zone without global forwarders (#1205864) +- Fix configuration of private address range zones (#1128310#c20) + +* Fri Mar 13 2015 Tomas Hozza - 0.12-19 +- Fix typo in the dnssec-trigger-script (#1187371) +- Use Python3 by default + +* Mon Jan 26 2015 Pavel Šimerda - 0.12-18 +- Resolves: #1185796, #1130502, #1105685, #1128310 – update + +* Tue Jan 20 2015 Pavel Šimerda - 0.12-17 +- Resolves: #1183975 - systemd cgroup check fails + +* Tue Jan 20 2015 Pavel Šimerda - 0.12-16 +- Resolves: #1165126, #1125267, #1089766, #1112248, #824219 - update + +* Sat Aug 16 2014 Fedora Release Engineering - 0.12-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Aug 14 2014 Pavel Šimerda - 0.12-14 +- Resolves: #1125261 - dnssec-trigger-script: use fcntl.flock instead of + lockfile + +* Mon Aug 11 2014 Tomas Hozza - 0.12-13 +- One Fedora fallback server changed IP address (#1125440) + +* Mon Jun 30 2014 Pavel Šimerda - 0.12-12 +- Resolves: #1112248 - require a version of NetworkManager with #1113122 fixed + +* Tue Jun 24 2014 Pavel Šimerda - 0.12-11 +- Resolves: #1112248 - serialize the script instances + +* Tue Jun 24 2014 Pavel Šimerda - 0.12-10 +- Resolves: #1112248 - fix a typo + +* Tue Jun 24 2014 Pavel Šimerda - 0.12-9 +- Resolves: #1112248 - fix systemd race condition + +* Mon Jun 23 2014 Pavel Šimerda - 0.12-8 +- Resolves: #1112248 - don't block on systemctl restart NetworkManager + +* Mon Jun 23 2014 Pavel Šimerda - 0.12-7 +- Resolves: #1112248, #1111143 - update dnssec-trigger-script and dnssec-triggerd.service + +* Fri Jun 20 2014 Pavel Šimerda - 0.12-6 +- Resolves: #1111143 - fix for python2 + +* Fri Jun 20 2014 Pavel Šimerda - 0.12-5 +- Related: #842455 - remove a patch that is now redundant + +* Fri Jun 20 2014 Pavel Šimerda - 0.12-4 +- update dnssec-trigger-script to current development submitted upstream + +* Wed Jun 18 2014 Pavel Šimerda - 0.12-3 +- Resolves: #1105896 - the new script doesn't call dnssec-trigger-control submit + +* Fri Jun 06 2014 Pavel Šimerda - 0.12-2 +- fix various dnssec-trigger-script issues + +* Fri May 23 2014 Tomas Hozza - 0.12-1 +- Update to 0.12 version +- Drop merged patches +- Drop downstream files (systemd, dispatcher scripts) + +* Tue May 13 2014 Paul Wouters - 0.11-21 +- Enable full hardening (includig PIE) +- Resolves: rhbz#1045689 dnssec-trigger creates long-time RSA key with inappropriate size + +* Wed Feb 19 2014 Tomas Hozza - 0.11-20 +- Restart NM on dnssec-trigger shutdown (let NM handle the resolv.conf content) +- HN-hook: Handle situation when connection does not have a device + +* Wed Jan 29 2014 Tomas Hozza - 0.11-19 +- Use new Python dispatcher script and ship /etc/dnssec.conf + +* Tue Jan 28 2014 Tomas Hozza - 0.11-18 +- Use systemd macros instead of directly calling systemctl +- simplify the systemd unit file for generating keys + +* Thu Nov 21 2013 Tomas Hozza - 0.11-17 +- Add script to backup and restore resolv.conf on dnssec-trigger start/stop + +* Mon Nov 18 2013 Tomas Hozza - 0.11-16 +- Improve GUI dialogs texts + +* Tue Nov 12 2013 Tomas Hozza - 0.11-15 +- Fix NM dispatcher script to work with NM >= 0.9.9.0 (#1029571) + +* Mon Aug 26 2013 Tomas Hozza - 0.11-14 +- Fix errors found by static analysis of source + +* Fri Aug 09 2013 Tomas Hozza - 0.11-13 +- Use improved NM dispatcher script from upstream +- Added tmpfiles.d config due to improved NM dispatcher script + +* Sat Aug 03 2013 Fedora Release Engineering - 0.11-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Mar 04 2013 Adam Tkac - 0.11-11 +- link dnssec-trigger.conf.8 to dnssec-trigger.8 +- build dnssec-triggerd with full RELRO + +* Mon Mar 04 2013 Adam Tkac - 0.11-10 +- remove deprecated "Application" keyword from desktop file + +* Mon Mar 04 2013 Adam Tkac - 0.11-9 +- install various dnssec-trigger-* symlinks to dnssec-trigger.8 manpage + +* Wed Feb 13 2013 Fedora Release Engineering - 0.11-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Jan 08 2013 Paul Wouters - 0.11-7 +- Use full path for systemd (rhbz#842455) + +* Tue Jul 24 2012 Paul Wouters - 0.11-6 +- Patched daemon to remove immutable attr (rhbz#842455) as the + systemd ExecStopPost= target does not seem to work + +* Tue Jul 24 2012 Paul Wouters - 0.11-5 +- On service stop, remove immutable attr from resolv.conf (rhbz#842455) + +* Wed Jul 18 2012 Fedora Release Engineering - 0.11-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jun 28 2012 Paul Wouters - 0.11-3 +- Fix DHCP hook for f17+ version of nmcli (rhbz#835298) + +* Sun Jun 17 2012 Paul Wouters - 0.11-2 +- Small textual changes to some popup windows + +* Fri Jun 15 2012 Paul Wouters - 0.11-1 +- Updated to 0.11 +- http Hotspot detection via fedoraproject.org/static/hotspot.html +- http Hotspot Login page via uses hotspot-nocache.fedoraproject.org + +* Thu Feb 23 2012 Paul Wouters - 0.10-4 +- Require: unbound + +* Wed Feb 22 2012 Paul Wouters - 0.10-3 +- Fix the systemd startup to require unbound +- dnssec-triggerd no longer forks, giving systemd more control +- Fire NM dispatcher in ExecStartPost of dnssec-triggerd.service +- Fix tcp80 entries in dnssec-triggerd.conf +- symlink dnssec-trigger-panel to dnssec-trigger to supress the + "-panel" in the applet name shown in gnome3 + + +* Wed Feb 22 2012 Paul Wouters - 0.10-2 +- The NM hook was not modified at the right time during build + +* Wed Feb 22 2012 Paul Wouters - 0.10-1 +- Updated to 0.10 +- The NM hook lacks /usr/sbin in path, resulting in empty resolv.conf on hotspot + +* Wed Feb 08 2012 Paul Wouters - 0.9-4 +- Updated tls443 / tls80 resolver instances supplied by Fedora Hosted + +* Mon Feb 06 2012 Paul Wouters - 0.9-3 +- Convert from SysV to systemd for initial Fedora release +- Moved configs and pem files to /etc/dnssec-trigger/ +- No more /var/run/dnssec-triggerd/ +- Fix Build-requires +- Added commented tls443 port80 entries of pwouters resolvers +- On uninstall ensure there is no immutable bit on /etc/resolv.conf + +* Sat Jan 07 2012 Paul Wouters - 0.9-2 +- Added LICENCE to doc section + +* Mon Dec 19 2011 Paul Wouters - 0.9-1 +- Upgraded to 0.9 + +* Fri Oct 28 2011 Paul Wouters - 0.7-1 +- Upgraded to 0.7 + +* Fri Sep 23 2011 Paul Wouters - 0.4-1 +- Upgraded to 0.4 + +* Sat Sep 17 2011 Paul Wouters - 0.3-5 +- Start 01-dnssec-trigger-hook in daemon start +- Ensure dnssec-triggerd starts after NetworkManager + +* Fri Sep 16 2011 Paul Wouters - 0.3-4 +- Initial package