[Opendnssec-user] CentOS RPM distribution
vmattila at csc.fi
Thu Apr 15 12:47:25 UTC 2010
On Tue, 13 Apr 2010, Rachid Zarouali wrote:
> I do agree with you,
> but as far as i remember EPEL provides packages that does not exist in RHEL5 official upstream.
EPEL is even more strict: From EPEL FAQ :
"Does EPEL replace packages provided within Red Hat Enterprise Linux
or layered products?
No. EPEL is purely a complimentary repository that provide add-on
> we are using sqlite 3.4.2 and rpm and all sqlite aware apps are working perfectly :-)
> if you want to keep the official sqlite and install the 3.4.2 version it would need more work in both sides.
> for sqlite you will need to install in separate directories. create binary with version ....
> for opendnssec you will need to link it to the sqlite version you have build.
> i see two options:
> 1°) chroot opendnssec and all of his dependencies
Interesting option. There must exist some tools for automating chroot
initialization from RPM preinstall scriptlets etc?
> 2°) static link between opendnssec and sqlite 3.4.2
Well I did this. The packages are available here:
(signed with my key EA8840E6 available from
http://staff.csc.fi/vmattila/ and public keyservers)
You can make your own conclusions on the quality of the hacks required
for static linking. The packages seem to work but I doubt no EPEL
package maintainer would ever accept them..
There are some other enhancements wrt the
opendnssec-1.0.0/contrib/opendnssec.spec, too. Could they be considered
for inclusion there? Changelog below:
* Thu Apr 15 2010 Ville Mattila <vmattila at csc.fi> - 1.0.0-4
- sqlite3 tool is used by ods-ksmutil, thus include it in the package
as $libexecdir/opendnssec/sqlite3 (statically linked, patch #201)
* Tue Apr 13 2010 Ville Mattila <vmattila at csc.fi> - 1.0.0-3
- Fix for conditional installation of configuration files (patch #3)
- Workaround SQLite version dependency problem for RHEL/CentOS 5 builds
with 'rpmbuild --with static_sqlite' flag to build and install
sqlite-3.6.20 into a temporary location and statically link the
into enforcer daemon and ods-ksmutil.
* Mon Apr 12 2010 Ville Mattila <vmattila at csc.fi> - 1.0.0-2
- Update to 1.0.0.
- Updates to Requires: and BuildRequires: definitions
- Move headers and libhsm.so into separate package opendnssec-devel.
- Use /var/lib/opendnssec instead of /var/opendnssec (FHS / Fedora EPEL
compliance, stealed patch #0 from Debian/Ubuntu package by Ondřej
- Changes to default config (copied from Debian/Ubuntu packaging):
+ conf.xml: Make make enforcer and signer to run as user opendnssec
config has <Privileges> commented out, thus daemons would be started
+ conf.xml: Comment out <Repository name="softHSM">
+ signconf.xml: Comment out <Zone name="opendnssec.org">
- Create opendnssec user account and group in %pre if they don't exist
(otherwise RPM would make root:root the owner of /var/lib/opendnssec).
- Add chkconfig: and description: tags in tools/ods-control.in to make
it chkconfig(8) compliant.
- Run 'chkconfig --add ods-control' and 'chkconfig --del ods-control'
when installing (rpm -i) and removing (rpm -e) the package, not when
upgrading (rpm -U).
- Assign /etc/opendnssec and the config files to root:opendnssec with
umask 007 instead (I thinks it's best not to give anyone but root
write access anywhere in /etc).
- Use config(noreplace) protection for configuration files.
- Explicitly define the directories for libraries in
config validation schemas in /usr/share/opendnssec etc.
- Remove /usr/share/opendnssec.spec from the package.
- Ditch the *.la files.
- Plus some other minor cleanups.
More information about the Opendnssec-user