Hi, There are new versions of the installers available on the website, for 0.13. This includes new unbound, 1.6.0. They can be installed by manually downloading and installing the installer.
They are found here: https://nlnetlabs.nl/projects/dnssec-trigger The source code tarball: https://nlnetlabs.nl/downloads/dnssec-trigger/dnssec-trigger-0.13.tar.gz sha1 11f3d28a57dcc8df63d9c35b5e32b8f76f413e73 sha256 d8418e6456263229acebdd7d32d43b1e8571f599fdff2f71a023dcad6882b631 The code has not changed a lot, this release mostly brings new included libraries for the binary downloaders. 0.13 2016-12-15 - Updated acx_nlnetlabs.m4 for openssl-1.1.0 compatibility. - Patch for openssl-1.1.0 compilation. - Tomas Hozza (3): dnssec-trigger-script: Use ducktaping when restarting NM, instead of checking the sysfs dnssec-trigger-script: Silence the calls to chattr Improved text in the panel GUI when insecure mode is forced - Remove kickstarts of daemons because daemon died for test user. - Fixup compile on OSX with static SSL for makedist mac build. - OSX hide unbound user from login screen. - Attempt to stop panels and kickstart daemons on OSX. - Remove stuff from osx installer that logs out the user. - Fixup osx gui panel start code for new osx. installer talks about new locations and set permissions on key files and add to the path the /usr/local/sbin directory during install. Do not link RiggerStatusItem to /usr/local/opt/openssl/lib. - chmod key files for unbound, dnssec-trigger control and ldns in /usr/local. For OSX. - Fixup installer for creation of missing keys, and also start panel in osx userspace. - Fix Makefile for use of /Library, which seems okay for new OSX. - makedist prints checksums on OSX. - new acx_nlnetlabs.m4 version and it has the libdl fix. - Fix lint warnings about int and size_t conversion. - Fixes to make the installer work on OSX-ElCapitan. - Patch for preliminary Mac OSX 10.11 support (from Philip Paeps). - Move plists into uidir on OSX (/usr/local/share), and set usr/local in makedist for OSX. - default keysize for control is 3072 on windows. - Changed windows setup compression to be more transparent. - Patches from Tomas Hozza for systemd service files: Set PIDFile in the dnssec-triggerd.service file. Remove restorecon call in dnssec-triggerd-keygen.service. - Patches from Tomas Hozza for dnssec-trigger-script: Use one import on one line as defined by PEP8. Use path to DEVNULL from os module. Move the main functionality into main() function to enable testing. Use existing API in NM for distinguishing VPN connections. Construct NMClient as advised by the documentation. Forbid Python from searching local dirs and using env variables. Set low max negative cache TTL to prevent possible user issues. Send SIGHUP to NM if it is new enough instead of restarting it. Set the required version in GI before importing NMClient. - Fix #618: create sha1 and sha256 hashes for created binaries, fixed in makedist.sh. - Renamed 'open resolvers' to 'relay resolvers' in the explanatory text what dnssec-trigger is doing. Resolvers from DHCP can also be public resolvers, so the term relay resolver is used for an open resolver that performs transport layer adjustment. - Patches from Tomas Hozza for dnssec-trigger-script: Add newlines between classes to conform with PEP-8 and increase readability. Add/remove local zones in Unbound when configuring reverse addr forward zones. - Patch from Tomas Hozza: dnssec-trigger-script: Don't configure RFC1918 zones if there are no global forwarders. - Patches from Tomas Hozza (7): dnssec-trigger-script: Fix wrong default value in configuration dnssec-trigger-script: Fix formatting errors dnssec-trigger-script: Remove unused class Allow to select the default Python interpretter during build Fix 01-dnssec-trigger NOT to hardcode shell path dnssec-trigger-script: Fix typo when adding search domains dnssec-trigger-control-setup: Use 3072 bit keys - Patches from Pavel Simerda: dnssec-trigger-script: check for paths, not files https://bugzilla.redhat.com/show_bug.cgi?id=1183975 dnssec-trigger-script: fix secure/insecure forward zone switching https://bugzilla.redhat.com/show_bug.cgi?id=1185796 dnssec.conf: clean up the dnssec.conf comments dnssec-trigger-script: log dnssec-trigger-control and unbound-control calls dnssec-trigger-script: use a global config object dnssec-trigger-script: add option to set search domains in /etc/resolv.conf https://bugzilla.redhat.com/show_bug.cgi?id=1130502 dnssec-trigger-script: add (undocumented) option to avoid flushing positive answers https://bugzilla.redhat.com/show_bug.cgi?id=1105685 dnssec-trigger-script: use private address ranges https://bugzilla.redhat.com/show_bug.cgi?id=1128310 - Patches from Pavel Simerda: dnssec-trigger-script: clean up servers as well, for restart dnssec-trigger-script: prefer VPN nameservers over default ones - Update OSX resolvehook to flush dns caches for new OSX release with "discoveryutil udnsflushcaches" and "discoveryutil mdnsflushcache". - Patches from Pavel Simerda: dnssec-trigger-script: The accepted version of NetworkManager patch uses `resolv.conf` instead of `resolv.conf.default`, https://bugzilla.gnome.org/show_bug.cgi?id=732941 dnssec-trigger-script: Leaking file descriptors is bad, especially when selinux or similar tool is used. https://bugzilla.redhat.com/show_bug.cgi?id=1147705 dnssec-trigger-script: Use a regular file unless use_resolv_secure_conf_symlink is set. Always install /var/run/dnssec-trigger/resolv.conf for comparison. Guard all of those regular files using immutable attribute. https://bugzilla.redhat.com/show_bug.cgi?id=1165126 dnssec-trigger-script: fix desktop file paths. - Patches from Pavel Simerda: dnssec-trigger-script: lock --update-* methods only The original locking was a bit too broad for future development. dnssec-trigger-script: improve /etc/dnssec.conf handling Minor changes that make future /etc/dnssec.conf extensions easier. dnssec-trigger-script: support 'debug' option in /etc/dnssec.conf With that you can get the debugging output even for instances run by systemd, dnssec-triggerd and NetworkManager dispatcher. dnssec-trigger-script: clean up resolv.conf backup and restore Clean up the code a bit so that later additions dont turn it into a mess. dnssec-trigger-script: use /var/run/NetworkManager/resolv.conf.default Avoid restarting NetworkManager just to restore /etc/resolv.conf when a simple symlink would do. This is only done when the NetworkManager's private resolv.conf actually exists. allow the resolv.conf hooks be handled by dnssec-trigger-script dnssec-trigger-script: handle resolv.conf events from the daemon The new implementation doesn't write directly to /etc/resolv.conf and instead it writes a temporary file and then replaces the /etc/resolv.conf using POSIX `rename()`. dnssec-trigger-script: support /etc/resolv.conf and /etc/resolv-secure.conf symlinks This is an experimental feature and is turned off by default. You need to put the following to /etc/dnssec.conf to activate it: use_resolv_conf_symlink=yes probe: use wildcard probing domains This change might need to be revisited to see whether we need to check both known wildcard and known non-wildcard domains. - Fix #629: bad if test in net_help for ctx_load_verify_locations. - Patch from Pavel Simerda: improve dnssec-trigger-script locking and avoid a dependency. - Fix NetworkManager script fails t parse nmcli version as of 0.9.10.0, patch from Gerald Turner. - Patches from Ondrej Sury (from the Debian package): Remove some ugly bashisms from the script. Fixes static paths that right be mismatched (f.e. on multiarch system). Fix IndexError in dnssec-trigger-script, when there less then 4 resolvers since you use 3xfields.pop(0) before that. Fix release date in makedist manpage to be more stable. Do substitutions in makefile, more autoconf'y Fixup dnssec-triggerd.service from Makefile.in - Better fix for pidof that sets PATH for networkmanager dispatcher script (from Ondrej Sury). - Add --with-pidof=/usr/sbin/pidof where you can set the location of the pidof command to use in the Networkmanager script, /usr/bin/pidof or /usr/sbin/pidof (depending no your distribution). - Patches from Pavel Simerda: improve systemctl call. serialize script instances. - Patches from Pavel Simerda: Fixup for python2. fix a race condition with NetworkManager restart. don't fail on empty connection list. move legacy connection handling to the cleanup phase. don't block on systemctl restart NetworkManager. - Patches from Pavel Simerda: fix bug that prevents calling dnssec-trigger-control submit (https://bugzilla.redhat.com/show_bug.cgi?id=1105896) avoid dependency on pidof handle missing resolv.conf backup gracefully upgrade zone cache format at startup ( https://bugzilla.redhat.com/show_bug.cgi?id=1111143) always log to stderr - Patch from Pavel Simerda. This, among other things, allows to restart unbound and/or dnssec-trigger without restarting NetworkManager when it's configured not to touch the DNS. And, avoid Filenotfounderror not available in python 2, https://bugzilla.redhat.com/show_bug.cgi?id=1100794 And fix unbound output parser https://bugzilla.redhat.com/show_bug.cgi?id=1100796 - updated authority server addresses builtin to dnssec-trigger for d root server (ipv4) and c root server (ipv6) for its tests. Best regards, Wouter
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dnssec-trigger mailing list [email protected] https://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger
