rpms/autotrust/devel autotrust.conf, NONE, 1.1 autotrust.cron, NONE, 1.1 autotrust.spec, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2

Paul Wouters pwouters at fedoraproject.org
Sat Jan 24 00:30:05 UTC 2009 

Author: pwouters

Update of /cvs/extras/rpms/autotrust/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30694/devel

Modified Files:
	.cvsignore sources 
Added Files:
	autotrust.conf autotrust.cron autotrust.spec import.log 
Log Message:
initial import



--- NEW FILE autotrust.conf ---
# program configuration
config:
	# directory to go to for performing autotrust.
	# by default, autotrust will store files in the current directory.
	working-dir:		"/var/lib/autotrust"

	# where to find the root-hints. 
	# by default, autotrust uses builtin root hints from libunbound.
	# root-hints:		"/etc/named.root"

	# where to log messages. 
	# by default, logs will be outputted to stderr.
	log-file:		"/var/log/autotrust.log"

	# where to store state information for trust anchors. 
	# by default, state information is stored in a file autotrust.state in 
	# the working directory.
	state-file:		"/var/lib/autotrust/autotrust.state" 

	# where to find the the trust anchors (that can be used for Unbound).
	# trust-anchor-file:	"trust-anchor.file"

	# where to find the the trust anchors (that can be used for 
	# BIND9 and Unbound). you can also put your BIND configuration file 
	# here, though it is recommended to solely put the trusted-keys clause 
	# in this file and include it in your actual BIND configuration file.
	trusted-keys-file:	"/etc/pki/dnssec-keys/production.conf"

	# what resolv.conf file to use. 
	# by default, autotrust doesn't use configured nameservers, but queries 
	# for the answers himself. By providing your resolver configuration, the
	# program will run much faster.
	# resolv-conf:		"/etc/resolv.conf"

	# by default, autotrust makes use of both ipv4 and ipv6. 
	# setting one of these options to "yes" eliminates the use of the other 
	# protocol version.
	# ipv4-only:		"no"
	# ipv6-only:		"no"

	# specify the time when a trust anchor may be added.
	# by default, add holddown time is 30 days.
	# add-holddown:		2592000 # 30 days

	# specify the time when a trust anchor may be removed.
	# by default, del holddown time is 30 days.
	# del-holddown:		2592000 # 30 days

	# how many times must a pending trust anchor be seen, before adding it 
	# to the valid trust anchor set. by default, 2 times.
	# STRONGLY RECOMMENDED VALUE: 2 or higher
	# pending-count:	2

	# keep trust anchors with the START state in the state information file.
	# by default, trust anchors in the state START are not stored.
	# keep-start:		"no"

	# keep trust anchors with the REMOVED state in the state information.
	# by default, trust anchors in the state REMOVED are not stored.
	# keep-removed:		"no"

	# the pidfile that stores the process id of your resolver.
	# by default, autotrust does not know about your resolver and will not 
	# signal resolvers.
	# resolver-pidfile:		"/var/run/named/named.pid"
	resolver-pidfile: "/var/run/unbound/unbound.pid /var/run/named/named.pid"

	# if you use Unbound, you can specify the Undbound configuration 
	# here, so that autotrust uses the same configuration. This option was 
	# built in for debugging purposes (to configure stub zones), and is 
	# considered experimental.
	unbound-conf:		"/etc/unbound/unbound.conf"

	# specify the time when a missing trust anchor may not be used 
	# as valid trust anchor anymore. If keep-missing is 0, missing keys 
	# are never removed (unless revoked), which is the default.
	# STRONGLY RECOMMENDED VALUE: 0, or 1year or higher
	# keep-missing:		31536000 # 1 year

	# log if keys gone missing, regardless of the used verbosity level.
	# on by default.
	# alert-missing:	"yes"

	# if you have a superior trust point configured, the subordinate trust 
	# anchors will be removed after 180 days after the superior trust point 
	# was introduced. by default, this option is disabled, you may enable it 
	# by setting 'superior-trust' to "yes".
	# THIS OPTION IS NOT IMPLEMENTED YET
	# superior-trust:	"yes"

	# set the level of verbosity. default it it set to 1. the higher this 
	# number, the more log messages you will get. if you want no 
	# output at all, set verbosity to 0 (you will log only error and 
	# warning messages).
	# verbosity:		1


--- NEW FILE autotrust.cron ---
#!/bin/sh

# Check for updated and revoked  DNSKEY trust anchors daily
/usr/sbin/autotrust


--- NEW FILE autotrust.spec ---
%define prever rc1
%define VERSION %{version}%{prever}

Summary: DNSKEY trust anchor update utility that uses RFC-5011
Name: autotrust
Version: 0.2.1
Release: 0.2.%{prever}%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/%{name}/
Source: http://www.nlnetlabs.nl/downloads/%{name}-%{VERSION}.tar.gz
Source1: autotrust.conf
Source2: autotrust.cron
Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: ldns-devel >= 1.3.0, unbound-devel >= 1.0.0
Requires: anacron

%description
autotrust takes care of keeping your DNSSEC trust anchors up to date. It
is RFC5011 compliant, except for the query intervals and the retry timers.
autotrust is meant to run from commandline or in a cron job. If we want to
follow the values recommended by RFC5011, autotrust should run as daemon. 

%prep
%setup -q -n autotrust-%{VERSION}

%build
%configure --disable-rpath 
make %{?_smp_mflags}

%install
rm -rf %{buildroot}

make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install 
mkdir -p %{buildroot}%{_sysconfdir}/%{name}/
mkdir -p %{buildroot}%{_localstatedir}/lib/%{name}
mkdir -p %{buildroot}%{_sysconfdir}/cron.daily/
install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/
install -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/cron.daily/autotrust

%clean
rm -rf %{buildroot}

%files 
%defattr(-,root,root)
%{_sbindir}/autotrust
%doc doc/*
%{_mandir}/*/*
%dir %{_sysconfdir}/%{name}
%dir %{_localstatedir}/lib/%{name}
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/autotrust.conf
%attr(0755,root,root) %{_sysconfdir}/cron.daily/autotrust

%changelog
* Wed Jan 21 2009 Paul Wouters <paul at xelerance.com> - 0.2.1-0.2.rc1
- Drop sysconfig argument for configure
- Merged changelog entry to avoid rpm warning 

* Wed Jan 21 2009 Paul Wouters <paul at xelerance.com> - 0.2.1-0.1.rc1
- Drop regeneration of configure - does not work on rawhide
- Fix version/release tag
- Removed merged in patch. updated to upstream which fixes the reported autoconf issues.

* Tue Dec  2 2008 Paul Wouters <paul at xelerance.com> - 0.2.0-3
- Use upstream svn patch for multiple resolvers and defaults
- Don't override unused libdir
- Cleanup and run autoreconf
- Added missing dependancies (anacron, automake, libtool)
- Fix permission on cron job.

* Fri Nov 28 2008 Paul Wouters <paul at xelerance.com> - 0.2.0-2
- Fix typo in resolver-pidfile: option in autotrust.conf

* Thu Nov 27 2008 Paul Wouters <paul at xelerance.com> - 0.2.0-1
- Updated to newest version
- Fix default file locations
- Allow resolver-pid: to take multiple filenames, seperated by a space

* Fri Nov 22 2008 Paul Wouters <paul at xelerance.com> - 0.1.0-1
- Initial version


--- NEW FILE import.log ---
autotrust-0_2_1-0_2_rc1_fc10:HEAD:autotrust-0.2.1-0.2.rc1.fc10.src.rpm:1232756896


Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/autotrust/devel/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- .cvsignore	23 Jan 2009 23:14:07 -0000	1.1
+++ .cvsignore	24 Jan 2009 00:29:35 -0000	1.2
@@ -0,0 +1 @@
+autotrust-0.2.1rc1.tar.gz


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/autotrust/devel/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources	23 Jan 2009 23:14:07 -0000	1.1
+++ sources	24 Jan 2009 00:29:35 -0000	1.2
@@ -0,0 +1 @@
+663254fbd41176e3b13952bffd49a21c  autotrust-0.2.1rc1.tar.gz

More information about the fedora-extras-commits mailing list