#BIND9-CURRENT.SPEC %global _bind_scm_host https://gitlab.isc.org %global _bind_scm_repo isc-projects/bind9 # https://gitlab.isc.org/isc-projects/bind9/-/tags # %%global _bind_scm_branch main %global _bind_scm_branch v9.21.14 %global _owner pgnd %global _build_timestamp %( date +%%Y%%m%%d_%%H%%M%%S --utc ) %global _dist .%{_build_timestamp}.%{_owner}.fc%{fedora} # https://stackoverflow.com/questions/47838041/rpmbuild-how-to-disable-check-buildroot # https://rpm-software-management.github.io/rpm/manual/dependency_generators.html # %%global __spec_install_pre /bin/true # %%global __arch_install_post %%{nil} # %%global __os_install_post %%{nil} %global _disable_source_fetch 0 %global debug_package %{nil} # %%undefine _auto_set_build_flags %global _hardened_build 1 # %%global __brp_mangle_shebangs %%{nil} # %%global __brp_strip %%{nil} # %%global __requires_exclude ^.*/xxx/bin/python.*$ # %%global __requires_exclude_from ^.*/xxx/bin/python.*$ # %%global _build_id_links none # %%bcond_with XXX : opt build with XXX; default, without # %%bcond_without XXX : opt build without XXX; default, with %global _bind_name named %global _bind_pkgnm bind9-current %global _bind_comment BIND9 DNS server %global _bind_descrip %{expand: %{_bind_comment}.} # https://spdx.org/licenses/MPL-2.0.html # https://spdx.org/licenses/BSD-3-Clause.html # https://spdx.org/licenses/MIT.html # https://spdx.org/licenses/BSD-2-Clause.html %global _bind_license MPL-2.0 AND ISC AND BSD-3-clause AND MIT AND BSD-2-clause %global _bind_usr_daemon named %global _bind_grp_daemon named %global _bind_build_dir bind9-build %global _bind_conf_dir /usr/local/etc/named %global _bind_conf_dir_ORIG %{_bind_install_dir}/etc %global _bind_include_dir_r include/bind9 %global _bind_install_dir /usr/local/bind9-pgnd %global _bind_lib_dir_r lib64 %global _bind_localstate_dir /var %global _bind_scm_type git %global _bind_scm_repo_base %( basename %{_bind_scm_repo} ) %global _bind_scm_url %{_bind_scm_host}/%{_bind_scm_repo} %global _bind_commit %(GIT_TERMINAL_PROMPT=0 git -c credential.helper= -c credential.interactive=never -c core.askPass= ls-remote %{_bind_scm_url}.git | grep -E "/%{_bind_scm_branch}\\^\\{\\}$" | cut -f1) %global _bind_shortcommit %(c=%{_bind_commit}; echo -n ${c} | head -c 7) # DL by: branch name, tag, shortcommit -- NOT full commit (requires signin) # https://gitlab.isc.org/isc-projects/bind9/-/archive/main/bind9-main.tar.gz # https://gitlab.isc.org/isc-projects/bind9/-/archive/v9.21.14/bind9-v9.21.14.tar.gz # https://gitlab.isc.org/isc-projects/bind9/-/archive/537824f/bind9-537824f.tar.gz %global _bind_scm_tarball %{_bind_scm_host}/%{_bind_scm_repo}/-/archive/%{_bind_shortcommit}/%{_bind_scm_repo_base}-%{_bind_shortcommit}.tar.gz %global _bind_scm_extract_dir %{_bind_scm_repo_base}-%{_bind_shortcommit} %global dist %{_dist} Vendor: %{_owner} # NEVRA (n-e:v-r.a) : https://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ Name: %{_bind_pkgnm} Epoch: 3 Version: %{_bind_scm_type}_%( echo %{_bind_scm_branch} | sed 's|-|_|g' ) Release: 0%{?dist} %global _same_evr %{epoch}:%{version}-%{release} Summary: %{_bind_comment} License: %{_bind_license} URL: %{_bind_scm_url} Source100: %{_bind_pkgnm}.service Source101: %{_bind_pkgnm}.target Source200: named.conf.EXAMPLE BuildRequires: coreutils BuildRequires: doxygen BuildRequires: findutils BuildRequires: fstrm-utils BuildRequires: gcc BuildRequires: gnupg2 BuildRequires: gzip BuildRequires: libcap BuildRequires: make BuildRequires: meson BuildRequires: ninja-build BuildRequires: nmap BuildRequires: pkgconf BuildRequires: pkgconfig(cmocka) BuildRequires: pkgconfig(jemalloc) BuildRequires: pkgconfig(json-c) BuildRequires: pkgconfig(libcap) BuildRequires: pkgconfig(libedit) BuildRequires: pkgconfig(libidn2) BuildRequires: pkgconfig(libfstrm) BuildRequires: pkgconfig(libmaxminddb) BuildRequires: pkgconfig(libnghttp2) BuildRequires: pkgconfig(libprotobuf-c) BuildRequires: pkgconfig(liburcu-cds) BuildRequires: pkgconfig(libuv) BuildRequires: pkgconfig(libxslt) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(lmdb) BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(protobuf) BuildRequires: python3-pytest BuildRequires: python3-sphinx BuildRequires: python3-sphinx_rtd_theme BuildRequires: sed BuildRequires: sudo BuildRequires: systemtap BuildRequires: systemtap-sdt-devel BuildRequires: systemtap-sdt-dtrace BuildRequires: xz BuildRequires: systemd BuildRequires: systemd-rpm-macros %{?systemd_requires} # dnf repoquery --list > # Packaging:Conflicts # https://fedoraproject.org/wiki/Packaging:Conflicts Provides: %{_bind_pkgnm} = %{_same_evr} Provides: %{_bind_pkgnm}-chroot = %{_same_evr} Provides: %{_bind_pkgnm}-dnssec-utils = %{_same_evr} Provides: %{_bind_pkgnm}-libs = %{_same_evr} Provides: %{_bind_pkgnm}-license = %{_same_evr} Provides: %{_bind_pkgnm}-libs-lite = %{_same_evr} Provides: %{_bind_pkgnm}-lite-devel = %{_same_evr} Provides: %{_bind_pkgnm}-pkcs11 = %{_same_evr} Provides: %{_bind_pkgnm}-utils = %{_same_evr} Provides: dnsutils = %{_same_evr} Obsoletes: %{_bind_pkgnm} < %{_same_evr} Obsoletes: %{_bind_pkgnm}-chroot < %{_same_evr} Obsoletes: %{_bind_pkgnm}-dnssec-utils < %{_same_evr} Obsoletes: %{_bind_pkgnm}-libs < %{_same_evr} Obsoletes: %{_bind_pkgnm}-license < %{_same_evr} Obsoletes: %{_bind_pkgnm}-libs-lite < %{_same_evr} Obsoletes: %{_bind_pkgnm}-lite-devel < %{_same_evr} Obsoletes: %{_bind_pkgnm}-pkcs11 < %{_same_evr} Obsoletes: %{_bind_pkgnm}-utils < %{_same_evr} Obsoletes: dnsutils < %{_same_evr} Conflicts: bind9-next Conflicts: bind9-next-chroot Conflicts: bind9-next-dnssec-utils Conflicts: bind9-next-libs Conflicts: bind9-next-license Conflicts: bind9-next-libs-lite Conflicts: bind9-next-lite-devel Conflicts: bind9-next-pkcs11 Conflicts: bind9-next-utils Conflicts: bind Conflicts: bind-chroot Conflicts: bind-dnssec-utils Conflicts: bind-libs Conflicts: bind-license Conflicts: bind-libs-lite Conflicts: bind-lite-devel Conflicts: bind-pkcs11 Conflicts: bind-utils Conflicts: bind-dyndb-ldap %description %{_bind_descrip} %prep echo '##### STARTING PREP #####' cd %{_builddir} wget %{_bind_scm_tarball} tar zxvf $( basename %{_bind_scm_tarball} ) cd %{_builddir}/%{_bind_scm_extract_dir} %build echo '##### STARTING BUILD #####' cd %{_builddir}/%{_bind_scm_extract_dir} CPPFLAGS+=" -DOPENSSL_NO_ENGINE=1" STD_CDEFINES="$CPPFLAGS" LIBDIR_SUFFIX= export CFLAGS CXXFLAGS CPPFLAGS LDFLAGS STD_CDEFINES LIBDIR_SUFFIX # prevent `git rev-parse` printf '%s\n' 'noscm' > srcid _this_builddir="%{_bind_build_dir}" _this_sourcedir="%{_builddir}/%{_bind_scm_extract_dir}" meson setup \ --prefix %{_bind_install_dir} \ --localstatedir %{_bind_localstate_dir} \ --sysconfdir %{_bind_conf_dir} \ --buildtype plain \ --backend ninja \ --default-library shared \ --default-both-libraries shared \ -D cmocka=enabled \ -D dnstap=enabled \ -D doc=enabled \ -D geoip=enabled \ -D gssapi=disabled \ -D idn=enabled \ -D lmdb=enabled \ -D stats-json=enabled \ -D tracing=enabled \ ${_this_builddir} ${_this_sourcedir} # %%{_bind_build_dir} %%{_builddir}/%%{_bind_scm_extract_dir} #_build_verbosity="" _build_verbosity="verbose" if [[ ${_build_verbosity} == "verbose" ]] then meson compile --verbose \ -C %{_bind_build_dir} \ --jobs ${RPM_BUILD_NCPUS} else _NINJA_ARGS="--quiet" meson compile \ --ninja-args="${_NINJA_ARGS}" \ -C %{_bind_build_dir} \ --jobs ${RPM_BUILD_NCPUS} fi # Compress changelog gzip doc/changelog/changelog-*.rst %check if [[ $(find "${RPM_BUILD_ROOT}/usr/local/etc/named" -type f -print -quit 2>/dev/null) ]] then echo "package payload owns forbidden path" exit 1 fi %install echo '##### STARTING INSTALL #####' cd %{_builddir}/%{_bind_scm_extract_dir} ## modify rpmbuild rpath check criteria # cref: /usr/lib/rpm/check-rpaths-worker # QA_RPATHS=$(( 0x0001|0x0002|0x0004|0x0008|0x0010|0x0020 )) # allow 'invalid' RPATHs export QA_RPATHS="$(( 0x0002 ))" DESTDIR="${RPM_BUILD_ROOT}" \ meson install \ -C %{_bind_build_dir} \ --no-rebuild # NEVER ship /usr/local/etc/named/*; COMPILED-IN default only if [ -d "${RPM_BUILD_ROOT}/usr/local/etc/named" ] then find "${RPM_BUILD_ROOT}/usr/local/etc/named" -mindepth 1 -depth -delete find "${RPM_BUILD_ROOT}/usr/local/etc/named" -maxdepth 0 -type d -delete fi if [[ -n "$(find "${RPM_BUILD_ROOT}/usr/local/etc/named" -mindepth 1 2>/dev/null)" ]] then echo "!! ERROR: SYSTEM CONFIG leaked into package payload !!" exit 1 fi install -D --preserve-timestamps --mode=640 --verbose \ %{SOURCE200} \ ${RPM_BUILD_ROOT}/%{_bind_conf_dir_ORIG}/named.conf.EXAMPLE %post %preun %postun %files # http://ftp.rpm.org/max-rpm/s1-rpm-inside-files-list-directives.html %{_bind_install_dir} %changelog * Sat Nov 1 2025 pgnd _ - bump 1762014428