Hello list,
I want to release bind-dyndb-ldap 4.0 to Fedora 20+ but I have found that we
need to enable SELinux boolean named_write_master_zones otherwise the plugin
will not be able to write journal files to /var/named.
I have asked Miroslav Grepl <mgr...@redhat.com> for advice and his
recommendation is to use another context for our dyndb-ldap sub-directory or
to enable named_write_master_zones.
(See https://bugzilla.redhat.com/show_bug.cgi?id=1066333)
I have decided to use more generic named_write_master_zones because it will be
need for DNSSEC key management anyway.
Miroslav told me that it is allowed to change SELinux booleans in RPM
scriptlets - it is normal operation - but that we have to disable the boolean
during package un-installation.
Please review %post and %postun sections in SPEC file.
Thank you!
--
Petr^2 Spacek
From a7329ae3459a135eff2897d3de9da607280b4615 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Fri, 21 Feb 2014 10:35:35 +0100
Subject: [PATCH] Update to 4.0.
Signed-off-by: Petr Spacek <pspa...@redhat.com>
---
bind-dyndb-ldap.spec | 31 ++++++++++++++++++++++++-------
1 file changed, 24 insertions(+), 7 deletions(-)
diff --git a/bind-dyndb-ldap.spec b/bind-dyndb-ldap.spec
index 85b59e40035a35276ee0997764cdd976a8716df5..cbe6b7c76327a9df8e49d4acf925be8f9c1da29b 100644
--- a/bind-dyndb-ldap.spec
+++ b/bind-dyndb-ldap.spec
@@ -1,26 +1,22 @@
-#%define PATCHVER P4
-#%define PREVER 20121009git6a86b1
-#%define VERSION %{version}-%{PATCHVER}
-#%define VERSION %{version}-%{PREVER}
%define VERSION %{version}
Name: bind-dyndb-ldap
-Version: 3.5
+Version: 4.0
Release: 1%{?dist}
Summary: LDAP back-end plug-in for BIND
Group: System Environment/Libraries
License: GPLv2+
URL: https://fedorahosted.org/bind-dyndb-ldap
Source0: https://fedorahosted.org/released/%{name}/%{name}-%{VERSION}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: bind-devel >= 32:9.6.1-0.3.b1
+BuildRequires: bind-devel >= 32:9.9.0-1, bind-lite-devel >= 32:9.9.0-1
BuildRequires: krb5-devel
BuildRequires: openldap-devel
BuildRequires: automake, autoconf, libtool
-Requires: bind >= 32:9.6.1-0.3.b1
+Requires: bind >= 32:9.9.0-1
%description
This package provides an LDAP back-end plug-in for BIND. It features
@@ -41,23 +37,44 @@ make %{?_smp_mflags}
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot}
+mkdir -m 770 -p %{buildroot}/%{_localstatedir}/named/dyndb-ldap
# Remove unwanted files
rm %{buildroot}%{_libdir}/bind/ldap.la
rm -r %{buildroot}%{_datadir}/doc/%{name}
+# SELinux boolean named_write_master_zones has to be enabled
+# otherwise plugin will not be able to write to /var/named
+%post
+if [ "0$1" -eq "1" ] && [ -x "/usr/sbin/setsebool" ] ; then
+ echo "Enabling SELinux boolean named_write_master_zones"
+ /usr/sbin/setsebool -P named_write_master_zones=1 || true
+fi
+
+
+%postun
+if [ "0$1" -eq "0" ] && [ -x "/usr/sbin/setsebool" ] ; then
+ echo "Disabling SELinux boolean named_write_master_zones"
+ /usr/sbin/setsebool -P named_write_master_zones=0 || true
+fi
+
+
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%doc NEWS README COPYING doc/{example.ldif,schema}
+%dir %attr(770, root, named) %{_localstatedir}/named/dyndb-ldap
%{_libdir}/bind/ldap.so
%changelog
+* Wed Feb 19 2014 Petr Spacek <pspacek redhat com> 4.0-1
+- update to 4.0
+
* Thu Jul 18 2013 Petr Spacek <pspacek redhat com> 3.5-1
- update to 3.5
--
1.8.5.3
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
