%define debug_package %{nil}
%define _ghname nss-tls

Name: nss-tlsd
Version: 1.1
Release: 1%{?dist}

Summary: Encrypted DNS name resolution daemon
License: LGPLv2+
URL: https://github.com/dimkr/%{_ghname}

Source0: https://github.com/dimkr/%{_ghname}/archive/%{version}.tar.gz

BuildRequires: clang
BuildRequires: cmake
BuildRequires: glib2-devel
BuildRequires: libsoup-devel
BuildRequires: meson
BuildRequires: ninja-build
BuildRequires: pkgconfig
BuildRequires: systemd-devel
BuildRequires: systemd-rpm-macros

Obsoletes: nss-tls < %{version}-%{release}
Conflicts: nss-tls < %{version}-%{release}

%{?systemd_requires}

%description
nss-tls is an alternative, encrypted name resolving library to use
with glibc, which uses DNS-over-HTTPS (DoH).

The glibc name resolver can be configured through nsswitch.conf(5) to
use nss-tls instead of the DNS resolver, or fall back to DNS when
nss-tls fails.

This way, all applications that use the standard resolver API
(getaddrinfo(), gethostbyname(), etc'), are transparently migrated
from DNS to encrypted means of name resolving, with zero
application-side changes and minimal resource consumption footprint.
However, nss-tls does not deal with applications that use their own,
built-in DNS resolver.
.
This package contains the daemon to be used in conjunction with the
libnss-tls NSS module. The daemon runs in the background, receives
name resolving requests over a Unix socket and replies with resolved
addresses.

%prep
%autosetup -n %{_ghname}-%{version}

%build

%install
meson setup --prefix=/ --libdir=%{_libdir} --mandir=%{_mandir} --bindir=%{_prefix}/bin --sbindir=%{_prefix}/sbin --sysconfdir=%{_sysconfdir} --localstatedir=/var/%{name} build .
meson configure -Dresolvers=dns9.quad9.net/dns-query,dns.google/dns-query build
meson --prefix=/ --libdir=%{_libdir} --mandir=%{_mandir} --bindir=%{_prefix}/bin --sbindir=%{_prefix}/sbin --sysconfdir=%{_sysconfdir} --localstatedir=/var/%{name} --buildtype=release -Dstrip=true build
DESTDIR=%{buildroot} ninja -C build install

%post
/sbin/ldconfig
systemctl daemon-reload
%systemd_post nss-tlsd.service
%systemd_user_post nss-tlsd.service

%preun
%systemd_preun nss-tlsd.service
%systemd_user_preun nss-tlsd.service

%postun
/sbin/ldconfig
systemctl daemon-reload

%package -n libnss-tls
Summary: NSS module for encrypted DNS name resolution
Requires: nss-tlsd = %{version}-%{release}

%description -n libnss-tls
nss-tls is an alternative, encrypted name resolving library to use
with glibc, which uses DNS-over-HTTPS (DoH).

The glibc name resolver can be configured through nsswitch.conf(5) to
use nss-tls instead of the DNS resolver, or fall back to DNS when
nss-tls fails.

This way, all applications that use the standard resolver API
(getaddrinfo(), gethostbyname(), etc'), are transparently migrated
from DNS to encrypted means of name resolving, with zero
application-side changes and minimal resource consumption footprint.
However, nss-tls does not deal with applications that use their own,
built-in DNS resolver.

This package contains the NSS module, a tiny client library, which
delegates the resolving work to nss-tlsd through the Unix socket and
passes the results back to the application, without dependencies
other than libc.

%package -n tlslookup
Summary: Utility like nslookup(1), but uses libnss_tls.so instead of DNS
Requires: libnss-tls = %{version}-%{release}

%description -n tlslookup
nss-tls is an alternative, encrypted name resolving library to use
with glibc, which uses DNS-over-HTTPS (DoH).

The glibc name resolver can be configured through nsswitch.conf(5) to
use nss-tls instead of the DNS resolver, or fall back to DNS when
nss-tls fails.

This way, all applications that use the standard resolver API
(getaddrinfo(), gethostbyname(), etc'), are transparently migrated
from DNS to encrypted means of name resolving, with zero
application-side changes and minimal resource consumption footprint.
However, nss-tls does not deal with applications that use their own,
built-in DNS resolver.

This package contains the utility program to lookup DNS names using
libnss-tls.

%files
%defattr(-,root,root)
%license COPYING
%doc README.md
%config(noreplace) %{_sysconfdir}/nss-tls.conf
%{_unitdir}/nss-tlsd.service
%{_userunitdir}/nss-tlsd.service
%{_sbindir}/nss-tlsd
%doc %{_mandir}/man8/nss-tlsd*

%files -n libnss-tls
%defattr(-,root,root)
%license COPYING
%doc README.md
%{_libdir}/libnss_tls.so*

%files -n tlslookup
%defattr(-,root,root)
%license COPYING
%doc README.md
%{_bindir}/tlslookup
%doc %{_mandir}/man1/tlslookup*

%changelog
* Tue Dec 22 2020 Joel Goguen <contact@jgoguen.ca> - 1.1.1
- Update to v1.1

* Sat Jun 27 2020 Joel Goguen <contact@jgoguen.ca> - 0-0.1.20200524.8d92a5c
- Update to latest master
- Split packages to match debian packaging

* Fri Jan 10 2020 Joel Goguen <contact@jgoguen.ca> - 0-0.1.20200110.0a76663
- Update to latest upgrade branch (with automatic DoH upgrading)

* Sat Sep 21 2019 Joel Goguen <contact@jgoguen.ca> - 0-0.1.20190921.3b6cd7f
- Create spec for nss-tls