bind-8.2.2 chroot spec for RH6
Dave Wreski
dave at nic.com
Mon Nov 1 19:08:41 UTC 1999
Hi all. I've put together a spec file for chroot'ing bind-8.2.2 with RH6.
I don't think it's finished yet, but it does work.
I'm just not sure what to do with ndc, as it's now a binary, and doesn't
seem to be able to communicate with the chroot'd named. Does anyone have
any suggestions on how to get this to work?
Attached is the patch and spec file to build the RPMs. I had to further
modify /etc/rc.d/init.d/named to use holelogd and to use '/sbin/pidof
named' to stop the process, due to ndc not working properly...
Thanks,
Dave
-- Attached file included as plaintext by Listar --
-- File: bind-chroot-8.2.2-1.patch
diff -urN src/bin/named/Makefile src.mod/bin/named/Makefile
--- src/bin/named/Makefile Thu Aug 26 14:42:31 1999
+++ src.mod/bin/named/Makefile Thu Oct 28 21:52:38 1999
@@ -72,13 +72,13 @@
all: ${PROG}${EXE}
${PROG}${EXE}: pathnames.h ${OBJS} ${LIBBIND} Makefile tmp_version.${O}
- ${CC} ${CDEBUG} ${LDFLAGS} ${BOUNDS} -o ${PROG}${EXE} ${OBJS} \
+ ${CC} ${CDEBUG} ${LDFLAGS} ${LDSTATIC} ${BOUNDS} -o ${PROG}${EXE} ${OBJS} \
tmp_version.${O} ${LIBBIND} ${SYSLIBS}
ns_parser.c ns_parser.h: ns_parser.y
${YACC} ns_parser.y
- mv y.tab.c ns_parser.c
- mv y.tab.h ns_parser.h
+ mv ns_parser.tab.c ns_parser.c
+ mv ns_parser.tab.h ns_parser.h
tmp_version.${O}: tmp_version.c
diff -urN src/bin/named-xfer/Makefile src.mod/bin/named-xfer/Makefile
--- src/bin/named-xfer/Makefile Sun Aug 8 13:51:02 1999
+++ src.mod/bin/named-xfer/Makefile Thu Oct 28 21:50:01 1999
@@ -57,7 +57,7 @@
all: ${PROG}${EXE}
${PROG}${EXE}: ${OBJS} ${NAMED_OBJS} ${LIBBIND} Makefile
- ${CC} ${CDEBUG} ${LDFLAGS} ${BOUNDS} -o ${PROG}${EXE} ${OBJS} ${NAMED_OBJS} \
+ ${CC} ${CDEBUG} ${LDFLAGS} ${LDSTATIC} ${BOUNDS} -o ${PROG}${EXE} ${OBJS} ${NAMED_OBJS} \
${LIBBIND} ${SYSLIBS}
.c.${O}:
${CC} ${CPPFLAGS} ${CFLAGS} ${BOUNDS} -c $*.c
diff -urN src/include/resolv.h src.mod/include/resolv.h
--- src/include/resolv.h Thu Oct 7 04:24:14 1999
+++ src.mod/include/resolv.h Thu Oct 28 21:50:01 1999
@@ -327,7 +327,7 @@
#define res_nisourserver __res_nisourserver
#define res_ownok __res_ownok
#define res_queriesmatch __res_queriesmatch
-#define res_randomid __res_randomid
+/*#define res_randomid __res_randomid*/
#define sym_ntop __sym_ntop
#define sym_ntos __sym_ntos
#define sym_ston __sym_ston
diff -urN src/port/linux/Makefile.set src.mod/port/linux/Makefile.set
--- src/port/linux/Makefile.set Fri Jun 11 02:01:35 1999
+++ src.mod/port/linux/Makefile.set Thu Oct 28 21:55:07 1999
@@ -1,5 +1,8 @@
'CC=gcc -D_GNU_SOURCE'
-'CDEBUG=-O -g'
+'CDEBUG=-O2'
+'LDSTATIC=-static'
+'DESTDIR=/var/tmp/bind-root'
+'DESTINC=/usr/include/named'
'DESTBIN=/usr/bin'
'DESTSBIN=/usr/sbin'
'DESTEXEC=/usr/sbin'
@@ -8,12 +11,12 @@
'DESTETC=/etc'
'DESTRUN=/var/run'
'LEX=flex -8 -I'
-'YACC=yacc -d'
+'YACC=bison -d'
'SYSLIBS=-lfl'
'INSTALL=install'
'MANDIR=man'
'MANROFF=cat'
'CATEXT=$$N'
-'PS=ps -p'
+'PS=ps p'
'AR=ar crus'
'RANLIB=:'
-- Attached file included as plaintext by Listar --
-- File: bind-chroot-8.2.2.spec
Summary: BIND - DNS name server chrooted
Name: bind-chroot
Version: 8.2.2
Release: 1
Copyright: BSD and (GNU or artistic)
Group: Networking/Daemons
Source0: ftp://ftp.isc.org/isc/bind/src/8.2.2/bind-8.2.2-src.tar.gz
Source1: ftp://ftp.isc.org/isc/bind/src/8.2.2/bind-8.2.2-src.tar.gz.asc
Source2: ftp://ftp.isc.org/isc/bind/src/8.2.2/bind-8.2.2-doc.tar.gz
Source3: ftp://ftp.isc.org/isc/bind/src/8.2.2/bind-8.2.2-doc.tar.gz.asc
Source4: ftp://ftp.obtuse.com/pub/utils/utils-1.0.tar.gz
Source5: bind-chroot-8.2.2-1.jail.tar.gz
Source6: bind-chroot-8.2.2-1.named.init.tar.gz
Source7: bind-chroot-8.2.2-1.rpm.doc.tar.gz
Patch0: bind-chroot-8.2.2-1.patch
# Patch1: bind-chroot-8.1.2-9.ndc.sh.patch
# Patch2: bind-chroot-8.1.2-9.static.xfer.patch
# Patch3: bind-chroot-8.1.2-9.static.named.patch
URL: http://www.isc.org/bind.html
Packager: John A. Martin <jam at jamux.com>
Vendor: jamux <http://www.tux.org/~jam/jamux/>
Distribution: Experimental
Conflicts: bind
# WARNING 'rm -rf ${RPM_BUILD_ROOT}' below
Buildroot: /var/tmp/bind-root
%define setupdir %{name}-%{version}-%{release}
# empty string is no jail but watch out for %files
%define jail /home/named
%description
Includes the named name server, which is used to define host name to
IP address translations (and vice versa). It can be used on
workstations as a caching name server, but is generally only needed on
one machine for an entire network. This package runs named chrooted
to /home/named as user named group named.
%package utils
Summary: DNS utils - host, dig, dnsquery, nslookup
Group: Networking/Utilities
%description utils
Collection of utilities for querying name servers and looking up
hosts. These tools let you determine the IP addresses for given host
names, and find information about registered domains and network
addresses.
%package devel
Summary: DNS development includes and libs
Group: Networking/Development
%description devel
Provides the include files and the library required for DNS
development for bind 8.x.x. These are installed under
/usr/local/{include,lib,man}.
%prep
%setup -c -n %setupdir -T -a 0
%setup -D -n %setupdir -T -a 2
%setup -D -n %setupdir -T -a 4
%setup -D -n %setupdir -T -a 5
%setup -D -n %setupdir -T -a 6
%setup -D -n %setupdir -T -a 7
# Patch fixes 'ps p' command, gives better default CC options (in
# CDEBUG), and enables non-root build by removing -o -g specs from two
# install commands.
%patch0
# Patch ndc for chroot
# %patch1
# Patch to static link named-xfer
# %patch2
# Patch to static link named if we have libresolv
# ls /lib/libresolv.so.* > /dev/null 2>&1 && {
# %patch3
# }
%build
# Our patch file did not change CDEBUG which the Makefile uses like
# CFLAGS (CFLAGS is used in a way we don't want to muck with) and we
# leave it here for easy adjustment. CDEBUG is cached in .settings as
# is the stuff we have in our makefile patch.
cd src
make depend
make
cd -
# A little tool for logging from chroot
cd utils-1.0
gcc ${RPM_OPT_FLAGS} -static -o holelogd holelogd.c
cd -
# Adjust for the jail
# [ -z %{jail} ] || {
# cd src/bin/ndc
# mv ndc ndc.orig
# eval sed '/^CHROOTDIR=/s%=%=%{jail}%' ndc.orig > ndc
# cd -
# mv named.init named.init.orig
# eval sed '/^CHROOTDIR=/s%=%=%{jail}%' named.init.orig > named.init
# }
%install
rm -rf ${RPM_BUILD_ROOT}
mkdir -p ${RPM_BUILD_ROOT}
# This will be log daemon for our jail alone so we can easily start and
# stop it if there are others for other jails.
cd utils-1.0
mkdir -p ${RPM_BUILD_ROOT}/usr/sbin
install -m 500 -s holelogd ${RPM_BUILD_ROOT}/usr/sbin/holelogd.named
cd -
# We want the stuff cached in .settings by the earlier make but
# DESTDIR is not cached so we didn't bother setting it before.
cd src
make "DESTDIR=${RPM_BUILD_ROOT}" "STRIP=-s" install
cd -
rm -rf ${RPM_BUILD_ROOT}/etc/rc.d/*
mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/rc0.d
mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/rc1.d
mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/rc2.d
mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/rc3.d
mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/rc4.d
mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/rc5.d
mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/rc6.d
mkdir -p ${RPM_BUILD_ROOT}/etc/rc.d/init.d
install -m755 named.init ${RPM_BUILD_ROOT}/etc/rc.d/init.d/named
ln -sf ../init.d/named ${RPM_BUILD_ROOT}/etc/rc.d/rc0.d/K10named
ln -sf ../init.d/named ${RPM_BUILD_ROOT}/etc/rc.d/rc1.d/K10named
ln -sf ../init.d/named ${RPM_BUILD_ROOT}/etc/rc.d/rc2.d/K10named
ln -sf ../init.d/named ${RPM_BUILD_ROOT}/etc/rc.d/rc3.d/S55named
ln -sf ../init.d/named ${RPM_BUILD_ROOT}/etc/rc.d/rc5.d/S55named
ln -sf ../init.d/named ${RPM_BUILD_ROOT}/etc/rc.d/rc6.d/K10named
# Install the prisoner in the jail cell
install -m755 ${RPM_BUILD_ROOT}/usr/sbin/named-xfer jail/usr/sbin
# Transport the jail containing the prisoner to build_root
rm -rf ${RPM_BUILD_ROOT}%{jail}
mkdir -p ${RPM_BUILD_ROOT}%{jail}
cp -a jail/* ${RPM_BUILD_ROOT}%{jail}
# man pages
cd doc/man
make clean
rm -rf ${RPM_BUILD_ROOT}/usr/man
mkdir -p ${RPM_BUILD_ROOT}/usr/man
make "DESTDIR=${RPM_BUILD_ROOT}" 'DESTMAN=/usr/man' 'MANDIR=man' \
'CATEXT=$$N' 'MANROFF=cat' install
rm -rf ${RPM_BUILD_ROOT}/usr/local/man
mkdir -p ${RPM_BUILD_ROOT}/usr/local/man
mv ${RPM_BUILD_ROOT}/usr/man/man3 ${RPM_BUILD_ROOT}/usr/local/man
cd -
# gather holelogd docs
rm -rf holelogd
mkdir -p holelogd
chmod 0755 holelogd
cp -a utils-1.0/LICENSE utils-1.0/README holelogd
# no execuitables in %doc
chmod 0644 src/bin/named-bootconf/named-bootconf.sh
%files
%defattr(- root root)
%doc README.package
%doc src/README src/INSTALL src/Version src/CHANGES src/TODO
%doc src/bin/named/named.conf src/bin/named-bootconf/named-bootconf.sh
%doc doc/bog doc/html doc/misc holelogd
/etc
/usr/sbin
# our mailaddr.7 conflicts with man-pages-1.15-1
/usr/man/man7/hostname.7
/usr/man/man8/named.8
/usr/man/man8/ndc.8
/usr/man/man8/named-xfer.8
%dir %{jail}
%dir %{jail}/dev
%verify() %{jail}/dev/log
%verify() %{jail}/dev/null
%dir %{jail}/etc
%{jail}/etc/named.conf
%verify(not md5 size mtime) %{jail}/etc/group
%verify(not md5 size mtime) %{jail}/etc/localtime
%{jail}/usr
%dir %{jail}/var
%dir %{jail}/var/named
%{jail}/var/named/master
%{jail}/var/named/named.conf.pony
%config %{jail}/var/named/named.conf
%config %{jail}/var/named/named.root
%attr(- named named) %verify(not md5 size mtime) %{jail}/var/named/named.run
%attr(- named named) %{jail}/var/named/slave
%attr(- named named) %{jail}/var/run
%attr(- named named) %{jail}/var/tmp
%files utils
%defattr(- root root)
/usr/bin
/usr/lib/nslookup.help
/usr/man/man1
/usr/man/man5
/usr/man/man8/nslookup.8
%files devel
%defattr(- root root)
/usr/local
%pre
[ "`id -gn named 2> /dev/null`" = "named" ] || {
cat <<EOF
This package requires an account for user "named" with primary group
"named". We test [ "`id -gn named 2> /dev/null`" = "named" ]. Please
create the required account and try again.
On a Red Hat 5.x system you can create a suitable account like this:
useradd -d / -s /bin/false named
Aborting.
EOF
exit 1
}
exit 0
%post
cd %{jail}/dev
rm -f null
mknod -m a+rw ./null c 1 3
cd ../etc
# some systems seem to want /etc/group, others don't care
grep '^named:' /etc/group > ./group
cp /etc/localtime ./localtime
cd ..
[ -f /sbin/chkconfig ] && /sbin/chkconfig --add named
cat <<EOF
This version of named no longer uses /etc/named.boot. It now uses
/etc/named.conf which we place in /home/named/var/named. The
installed configuration implements a working nameserver. There is a
utility in the doc directory to convert your current named.boot file
to the new named.conf format. Please read the documentation in the
doc directory and review the installed sample named.conf before
attempting to run this version of named.
EOF
exit 0
%changelog
* Tue Aug 18 1998 John A. Martin <jam at jamux.com>
- Jail moved to /home/named.
* Sun Aug 16 1998 Brian Candler <B.Candler at pobox.com>
- Rebuilt and tested atop Red Hat 5.1.
* Fri Aug 14 1998 John A. Martin <jam at jamux.com>
- In ndc added kill holelogd when named fails to start.
* Sat Aug 8 1998 John A. Martin <jam at jamux.com>
- Moved named from jail to /usr/sbin, libc5 static linked named-xfer,
removed libraries and scaffolding from jail thanks to Brian Candler.
- Revised man page installation.
- Completed rebuild portability RH4.2 <-> RH5.1 with glibc static
named, named-xfer and holelogd (RH4.2 only does dynamic named).
- Built and tested bind-chroot-8.1.2-9 atop Red Hat 4.2.
* Wed Aug 5 1998 John A. Martin <jam at jamux.com>
- Cosmetics: added '%define setupdir %{name}-%{version}-%{release}',
made all sources tar.gz for %setup, moved editing of shell scripts
from %install to %build, and added 'cd doc/man ; make clean'.
* Mon Aug 3 1998 John A. Martin <jam at jamux.com>
- Fixed pesky %verify on /dev/null thanks to Brian Candler.
* Sat Aug 1 1998 John A. Martin <jam at jamux.com>
- Added chkconfig to named.init and %post. [*]
- Modified spec file to be easily adapted to build packages with
either static or dynamic linked daemons.
- Modified spec file to be portable between RH4.2 and RH5.1. [*]
- Corrected typo in SysVinit links. [*]
- Revised named.conf and layout of prefabricated jail so that all ndc
commands work.
- Simplified %pre test on named user account [*]
- Added package.readme file.
- [*] Thanks to Brian Candler <B.Candler at pobox.com>.
* Mon Jul 27 1998 Brian Candler <B.Candler at pobox.com>
- Applied jam's static.patch and removed the ldd stuff
- Checked OK under RH5.1
- Moved man3 under usr/local/man/man3 so gethostbyname.3 does not
conflict with man-pages package
* Fri Jul 24 1998 John A. Martin <jam at jamux.com>
- Revised prefab and customized jail, %post, and %files and removed
%preun to improve rpm -{V,e,U} action upon the jail.
- Removed named and named-xfer from installed /usr/sbin.
- Built and tested bind-chroot-8.1.2-8 atop Red Hat 4.2.
* Tue Jul 14 1998 John A. Martin <jam at jamux.com>
- Added %defattr after each %files.
(Who would guess from the description in changes that this was needed?)
- Moved libc.so and ld.so from the prefabricated to the customized jail.
* Fri Jul 3 1998 John A. Martin <jam at jamux.com>
- Added /etc/ld.so.cache to jail.
- Modified %pre tests on named pseudo account and group.
- Built and tested bind-chroot-8.1.2-6 atop Red Hat 4.2.
* Thu Jul 2 1998 John A. Martin <jam at jamux.com>
- Fixed spec file to reference correct init file,
thanks to Konrad Stêpieñ <stefan at interdata.com.pl>.
- Built bind-chroot-8.1.2-5 atop Red Hat 4.2.
* Mon Jun 29 1998 John A. Martin <jam at jamux.com>
- Added provision for dump.db in prefabricated jail,
thanks to Bertil Stenstrom <stenis at sto.sema.se>.
- Moved /var/lock/subsys/named processing from /etc/rc.d/init.d/named
to ndc.
- Removed %config from master zone files that user need never change.
- Built and tested bind-chroot-8.1.2-4 atop Red Hat 4.2.
* Thu Jun 25 1998 John A. Martin <jam at jamux.com>
- Fixed silly string tests in init script and ndc patch,
thanks to Brian Candler <B.Candler at pobox.com>.
- Tightened test for user named.
* Wed Jun 24 1998 John A. Martin <jam at jamux.com>
- Corrected [ -f holelogd.named ] in init script,
thanks to Joshua Heling <jrh at securepipe.com>.
- Added %define jail /chroot/named and %defattr().
- Built and tested on Redhat 4.2.
* Mon Jun 22 1998 John A. Martin <jam at jamux.com>
- Renamed holelogd holelogd.named and revised init script and ndc.
- Built and tested on Redhat 4.2. Started packaging bugs list.
* Tue Jun 16 1998 John A. Martin <jam at jamux.com>
- Modified makefile patch to minimize the patch and to allow non-root build.
- Added holelogd for logging from the chroot.
- Used make install instead of ad hoc install commands.
- Added a prefabricated jail and install operations to populate it.
- Patched ndc for use with chroot.
- Provided a new init script for chroot and using ndc.
- Made numerous modifications under %file for non-root build.
- Added a %pre check for the needed named user and group.
- Added %post operations to mknod a null device, to copy the target's named
group to the chroot/etc, to and copy the target's /etc/localtime to the
chroot; %preun to undo stuff for clean removal.
- Built and tested on Redhat 4.2.
* Thu Apr 16 1998 John A. Martin <jam at jamux.com>
- For Redhat 4.2 removed patch to use <libelf/nlist.h>, using <nlist.h>.
* Sun Apr 12 1998 Manuel J. Galan <manolow at step.es>
- Several essential modifications to build and install correctly.
- Modified 'ndc' to avoid deprecated use of '-'
* Mon Dec 22 1997 Scott Lampert <fortunato at heavymetal.org>
- Used buildroot
- patched bin/named/ns_udp.c to use <libelf/nlist.h> for include
on Redhat 5.0 instead of <nlist.h>
# Packaging Bugs
# Start, stop, and restart of holelogd.named is not too robust, though
# no actual trouble seen while testing. holelogd should write his pid
# in %{jail}/var/run/holelogd.pid, then we wouldn't need a private
# holelogd.named. Else get a better syslog daemon. Two daemons spoil
# one job.
# RH4.2 doesn't link -static named.
More information about the bind-users
mailing list