# BIND9-CURRENT.SPEC %global _bind_scm_host https://gitlab.isc.org %global _bind_scm_repo isc-projects/bind9 # https://gitlab.isc.org/isc-projects/bind9/-/tags # %%global _bind_scm_branch main %global _bind_scm_branch v9.21.14 %global _owner pgnd %global _build_timestamp %( date +%%Y%%m%%d_%%H%%M%%S --utc ) %global _dist .%{_build_timestamp}.%{_owner}.fc%{fedora} # https://stackoverflow.com/questions/47838041/rpmbuild-how-to-disable-check-buildroot # https://rpm-software-management.github.io/rpm/manual/dependency_generators.html # %%global __spec_install_pre /bin/true # %%global __arch_install_post %%{nil} # %%global __os_install_post %%{nil} %global _disable_source_fetch 0 %global debug_package %{nil} # %%undefine _auto_set_build_flags %global _hardened_build 1 # %%global __brp_mangle_shebangs %%{nil} # %%global __brp_strip %%{nil} # %%global __requires_exclude ^.*/xxx/bin/python.*$ # %%global __requires_exclude_from ^.*/xxx/bin/python.*$ # %%global _build_id_links none # %%bcond_with XXX : opt build with XXX; default, without # %%bcond_without XXX : opt build without XXX; default, with %global _bind_name named %global _bind_pkgnm bind9-current %global _bind_unitnm bind9-current %global _bind_comment BIND9 DNS server %global _bind_descrip %{expand: %{_bind_comment}.} # https://spdx.org/licenses/MPL-2.0.html # https://spdx.org/licenses/BSD-3-Clause.html # https://spdx.org/licenses/MIT.html # https://spdx.org/licenses/BSD-2-Clause.html %global _bind_license MPL-2.0 AND ISC AND BSD-3-Clause AND MIT AND BSD-2-Clause %global _bind_usr_daemon named %global _bind_grp_daemon named %global _bind_bin_dir_r bin %global _bind_conf_dir /usr/local/etc/named %global _bind_conf_dir_ORIG %{_bind_install_dir}/etc %global _bind_data_dir_r share %global _bind_include_dir_r include %global _bind_install_dir /usr/local/bind9-pgnd %global _bind_lib_dir_r lib64 %global _bind_libexec_dir_r libexec %global _bind_localstate_dir /var %global _bind_sbin_dir_r %{_bind_bin_dir_r} %global _bind_sharedstate_dir /var/lib %global _bind_unit_dir /etc/systemd/system %global _bind_build_dir bind9-build %global _bind_scm_type git %global _bind_scm_repo_base %( basename %{_bind_scm_repo} ) %global _bind_scm_url %{_bind_scm_host}/%{_bind_scm_repo} %global _bind_commit %(GIT_TERMINAL_PROMPT=0 git -c credential.helper= -c credential.interactive=never -c core.askPass= ls-remote %{_bind_scm_url}.git | grep -E "/%{_bind_scm_branch}\\^\\{\\}$" | cut -f1) %global _bind_shortcommit %(c=%{_bind_commit}; echo -n ${c} | head -c 7) # DL by: branch name, tag, shortcommit -- NOT full commit (requires signin) # https://gitlab.isc.org/isc-projects/bind9/-/archive/main/bind9-main.tar.gz # https://gitlab.isc.org/isc-projects/bind9/-/archive/v9.21.14/bind9-v9.21.14.tar.gz # https://gitlab.isc.org/isc-projects/bind9/-/archive/537824f/bind9-537824f.tar.gz %global _bind_scm_tarball %{_bind_scm_host}/%{_bind_scm_repo}/-/archive/%{_bind_shortcommit}/%{_bind_scm_repo_base}-%{_bind_shortcommit}.tar.gz %global _bind_scm_extract_dir %{_bind_scm_repo_base}-%{_bind_shortcommit} %global dist %{_dist} Vendor: %{_owner} # NEVRA (n-e:v-r.a) : https://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ Name: %{_bind_pkgnm} Epoch: 3 Version: %{_bind_scm_type}_%( echo %{_bind_scm_branch} | sed 's|-|_|g' ) Release: 0%{?dist} %global _same_evr %{epoch}:%{version}-%{release} Summary: %{_bind_comment} License: %{_bind_license} URL: %{_bind_scm_url} Source100: %{_bind_pkgnm}.service Source101: %{_bind_pkgnm}.target Source900: stub.service Source901: stub.target Source200: named.conf.EXAMPLE BuildRequires: coreutils BuildRequires: docbook-style-xsl BuildRequires: doxygen BuildRequires: findutils BuildRequires: fstrm-utils BuildRequires: gcc BuildRequires: git BuildRequires: gnupg2 BuildRequires: gzip BuildRequires: libcap BuildRequires: make BuildRequires: meson BuildRequires: ninja-build BuildRequires: nmap BuildRequires: pkgconf BuildRequires: pkgconfig(cmocka) BuildRequires: pkgconfig(jemalloc) BuildRequires: pkgconfig(json-c) BuildRequires: pkgconfig(libcap) BuildRequires: pkgconfig(libedit) BuildRequires: pkgconfig(libidn2) BuildRequires: pkgconfig(libfstrm) BuildRequires: pkgconfig(libmaxminddb) BuildRequires: pkgconfig(libnghttp2) BuildRequires: pkgconfig(libprotobuf-c) BuildRequires: pkgconfig(liburcu-cds) BuildRequires: pkgconfig(libuv) BuildRequires: pkgconfig(libxslt) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(lmdb) BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(protobuf) BuildRequires: python3-pytest BuildRequires: python3-sphinx BuildRequires: python3-sphinx_rtd_theme BuildRequires: sed BuildRequires: sudo BuildRequires: systemtap BuildRequires: systemtap-sdt-devel BuildRequires: systemtap-sdt-dtrace BuildRequires: tar BuildRequires: wget BuildRequires: xz BuildRequires: systemd BuildRequires: systemd-rpm-macros %{?systemd_ordering} %{?systemd_requires} # dnf repoquery --list > # Packaging:Conflicts # https://fedoraproject.org/wiki/Packaging:Conflicts # --- virtuals for bind9-current stream (keep your existing ones) --- Provides: %{_bind_pkgnm} = %{_same_evr} Provides: %{_bind_pkgnm}-chroot = %{_same_evr} Provides: %{_bind_pkgnm}-dnssec-utils = %{_same_evr} Provides: %{_bind_pkgnm}-libs = %{_same_evr} Provides: %{_bind_pkgnm}-license = %{_same_evr} Provides: %{_bind_pkgnm}-libs-lite = %{_same_evr} Provides: %{_bind_pkgnm}-lite-devel = %{_same_evr} Provides: %{_bind_pkgnm}-pkcs11 = %{_same_evr} Provides: %{_bind_pkgnm}-utils = %{_same_evr} Provides: dnsutils = %{_same_evr} # --- replace legacy bind-* packages (auto-upgrade path) --- Provides: bind = %{_same_evr} Provides: bind-chroot = %{_same_evr} Provides: bind-dnssec-utils = %{_same_evr} Provides: bind-libs = %{_same_evr} Provides: bind-license = %{_same_evr} Provides: bind-libs-lite = %{_same_evr} Provides: bind-lite-devel = %{_same_evr} Provides: bind-pkcs11 = %{_same_evr} Provides: bind-utils = %{_same_evr} Obsoletes: bind Obsoletes: bind-chroot Obsoletes: bind-dnssec-utils Obsoletes: bind-libs Obsoletes: bind-license Obsoletes: bind-libs-lite Obsoletes: bind-lite-devel Obsoletes: bind-pkcs11 Obsoletes: bind-utils # --- prefer uninstall of bind9-next*; else fail install --- # If installed bind9-next* EVR is lower, DNF removes them via Obsoletes. # If EVR is higher/same and not matched by Obsoletes, Conflicts forces a hard failure. Obsoletes: bind9-next Obsoletes: bind9-next-chroot Obsoletes: bind9-next-dnssec-utils Obsoletes: bind9-next-libs Obsoletes: bind9-next-license Obsoletes: bind9-next-libs-lite Obsoletes: bind9-next-lite-devel Obsoletes: bind9-next-pkcs11 Obsoletes: bind9-next-utils Conflicts: bind9-next Conflicts: bind9-next-chroot Conflicts: bind9-next-dnssec-utils Conflicts: bind9-next-libs Conflicts: bind9-next-license Conflicts: bind9-next-libs-lite Conflicts: bind9-next-lite-devel Conflicts: bind9-next-pkcs11 Conflicts: bind9-next-utils Conflicts: bind-dyndb-ldap %description %{_bind_descrip} %prep echo '##### STARTING PREP #####' cd %{_builddir} wget %{_bind_scm_tarball} tar zxvf $( basename %{_bind_scm_tarball} ) cd %{_builddir}/%{_bind_scm_extract_dir} %build echo '##### STARTING BUILD #####' cd %{_builddir}/%{_bind_scm_extract_dir} CPPFLAGS+=" -DOPENSSL_NO_ENGINE=1" STD_CDEFINES="$CPPFLAGS" LIBDIR_SUFFIX= export CFLAGS CXXFLAGS CPPFLAGS LDFLAGS STD_CDEFINES LIBDIR_SUFFIX # prevent `git rev-parse` exec in meson.build printf '%s\n' 'noscm' > srcid _common_build_paths=() _common_build_paths+=("--prefix %{_bind_install_dir}") _common_build_paths+=("--bindir %{_bind_install_dir}/%{_bind_bin_dir_r}") _common_build_paths+=("--sbindir %{_bind_install_dir}/%{_bind_sbin_dir_r}") _common_build_paths+=("--libexecdir %{_bind_install_dir}/%{_bind_libexec_dir_r}") _common_build_paths+=("--libdir %{_bind_install_dir}/%{_bind_lib_dir_r}") _common_build_paths+=("--includedir %{_bind_install_dir}/%{_bind_include_dir_r}") _common_build_paths+=("--datadir %{_bind_install_dir}/%{_bind_data_dir_r}") _common_build_paths+=("--infodir %{_bind_install_dir}/%{_bind_data_dir_r}/info") _common_build_paths+=("--localedir %{_bind_install_dir}/%{_bind_data_dir_r}/locale") _common_build_paths+=("--mandir %{_bind_install_dir}/%{_bind_data_dir_r}/man") _common_build_paths+=("--sharedstatedir %{_bind_sharedstate_dir}") _common_build_paths+=("--localstatedir %{_bind_localstate_dir}") _common_build_paths+=("--sysconfdir %{_bind_conf_dir}") _this_builddir="%{_bind_build_dir}" _this_sourcedir="%{_builddir}/%{_bind_scm_extract_dir}" meson setup \ "${_common_build_paths[@]}" \ --buildtype plain \ --backend ninja \ --default-library shared \ --wrap-mode=nodownload \ --auto-features=enabled \ -D cmocka=enabled \ -D dnstap=enabled \ -D doc=enabled \ -D geoip=enabled \ -D gssapi=disabled \ -D idn=enabled \ -D lmdb=enabled \ -D stats-json=enabled \ -D tracing=enabled \ ${_this_builddir} ${_this_sourcedir} #_build_verbosity="" _build_verbosity="verbose" if [[ ${_build_verbosity} == "verbose" ]] then meson compile --verbose \ -C %{_bind_build_dir} \ --jobs ${RPM_BUILD_NCPUS} else _NINJA_ARGS="--quiet" meson compile \ --ninja-args="${_NINJA_ARGS}" \ -C %{_bind_build_dir} \ --jobs ${RPM_BUILD_NCPUS} fi %install echo '##### STARTING INSTALL #####' cd %{_builddir}/%{_bind_scm_extract_dir} ## modify rpmbuild rpath check criteria # cref: /usr/lib/rpm/check-rpaths-worker # QA_RPATHS=$(( 0x0001|0x0002|0x0004|0x0008|0x0010|0x0020 )) # allow 'invalid' RPATHs export QA_RPATHS="$(( 0x0002 ))" # DIRS mkdir -p ${RPM_BUILD_ROOT}/%{_bind_unit_dir} mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir} mkdir -p ${RPM_BUILD_ROOT}/%{_bind_install_dir}/%{_bind_data_dir_r}/doc/changelog # GENERATE .service FILES, scripts sed -i \ -e 's|__BIND_CONFDIR__|%{_bind_conf_dir}|g' \ %{SOURCE100} %{SOURCE101} DESTDIR="${RPM_BUILD_ROOT}" \ meson install \ -C %{_bind_build_dir} \ --no-rebuild # NEVER ship /usr/local/etc/named/*; COMPILED-IN default only if [ -d "${RPM_BUILD_ROOT}/usr/local/etc/named" ] then find "${RPM_BUILD_ROOT}/usr/local/etc/named" -mindepth 1 -depth -delete find "${RPM_BUILD_ROOT}/usr/local/etc/named" -maxdepth 0 -type d -delete fi if [[ -n "$(find "${RPM_BUILD_ROOT}/usr/local/etc/named" -mindepth 1 2>/dev/null)" ]] then echo "!! ERROR: SYSTEM CONFIG leaked into package payload !!" exit 1 fi ## SYSTEMD FILES install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE100} \ ${RPM_BUILD_ROOT}/%{_bind_unit_dir}/%{_bind_unitnm}.service install -D --preserve-timestamps --mode=644 --verbose \ %{SOURCE101} \ ${RPM_BUILD_ROOT}/%{_bind_unit_dir}/%{_bind_unitnm}.target # vendor stubs to keep systemd behavior predictable install -D --mode=0644 %{SOURCE900} ${RPM_BUILD_ROOT}%{_unitdir}/%{_bind_unitnm}.service install -D --mode=0644 %{SOURCE901} ${RPM_BUILD_ROOT}%{_unitdir}/%{_bind_unitnm}.target # Install upstream changelog .rst files under install prefix install -D --preserve-timestamps --mode=640 --verbose \ doc/changelog/changelog-*.rst \ -t "${RPM_BUILD_ROOT}%{_bind_install_dir}/%{_bind_data_dir_r}/doc/changelog/" install -D --preserve-timestamps --mode=640 --verbose \ %{SOURCE200} \ ${RPM_BUILD_ROOT}/%{_bind_conf_dir_ORIG}/named.conf.EXAMPLE %check # verify payload sanity after staging if [[ $(find "${RPM_BUILD_ROOT}/usr/local/etc/named" -type f -print -quit 2>/dev/null) ]] then echo "!! ERROR: SYSTEM CONFIG leaked into package payload !!" exit 1 else echo "no system config leakage detected" fi if [[ ! -d "${RPM_BUILD_ROOT}%{_bind_install_dir}" ]] then echo "!! ERROR: install dir missing in payload !!" exit 1 else echo "install dir verified present" fi %post %systemd_post %{_bind_unitnm}.service %preun %systemd_preun %{_bind_unitnm}.service %postun %systemd_postun_with_restart %{_bind_unitnm}.service %files # http://ftp.rpm.org/max-rpm/s1-rpm-inside-files-list-directives.html %{_bind_install_dir} %{_bind_unit_dir}/%{_bind_unitnm}* %{_unitdir}/%{_bind_unitnm}.service %{_unitdir}/%{_bind_unitnm}.target %changelog * Sat Nov 1 2025 pgnd _ - bump 1762024621