rpms/autotrust/F-10 .cvsignore, 1.2, 1.3 autotrust.conf, 1.1, 1.2 autotrust.cron, 1.1, 1.2 autotrust.spec, 1.1, 1.2 sources, 1.2, 1.3
Paul Wouters
pwouters at fedoraproject.org
Wed Oct 14 17:42:39 UTC 2009
- Previous message (by thread): rpms/highlight/F-12 highlight.spec, 1.48, 1.49 sources, 1.28, 1.29 highlight-2.6.11-makefile.patch, 1.1, NONE
- Next message (by thread): rpms/highlight/F-11 highlight.spec,1.46,1.47 sources,1.27,1.28
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: pwouters
Update of /cvs/extras/rpms/autotrust/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2781
Modified Files:
.cvsignore autotrust.conf autotrust.cron autotrust.spec
sources
Log Message:
* Wed Oct 14 2009 Paul Wouters <paul at xelerance.com> - 0.3.1-1
- Updated to autotrust 0.3.1
- Try restarting running nameservers from the autotrust cron job
- Use the "named" version generated by dnssec-configure as trust anchor includes
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/autotrust/F-10/.cvsignore,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- .cvsignore 25 Jan 2009 15:32:49 -0000 1.2
+++ .cvsignore 14 Oct 2009 17:42:38 -0000 1.3
@@ -1 +1,2 @@
autotrust-0.2.1rc1.tar.gz
+autotrust-0.3.1.tar.gz
Index: autotrust.conf
===================================================================
RCS file: /cvs/extras/rpms/autotrust/F-10/autotrust.conf,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- autotrust.conf 25 Jan 2009 15:32:49 -0000 1.1
+++ autotrust.conf 14 Oct 2009 17:42:38 -0000 1.2
@@ -1,95 +1,122 @@
+# include another configfile, so you can split up configuration settings.
+# for example, you can store your dynamica trust anchor configuration in
+# a file called keys.conf.
+# include: "keys.conf"
+
# program configuration
config:
# directory to go to for performing autotrust.
# by default, autotrust will store files in the current directory.
- working-dir: "/var/lib/autotrust"
+ working-dir: "/var/lib/autotrust"
# where to find the root-hints.
# by default, autotrust uses builtin root hints from libunbound.
- # root-hints: "/etc/named.root"
+ # root-hints: "/etc/named.root"
- # where to log messages.
- # by default, logs will be outputted to stderr.
- log-file: "/var/log/autotrust.log"
-
- # where to store state information for trust anchors.
- # by default, state information is stored in a file autotrust.state in
- # the working directory.
- state-file: "/var/lib/autotrust/autotrust.state"
+ # where to log messages. by default, logs will be outputted to
+ # @logfile at .
+ # If no log-file is given, stderr is used.
+ log-file: "/var/log/autotrust.log"
+
+ # whether to use syslog as logging device. not default.
+ # if set to "yes", the log-file option will be ignored.
+ # use-syslog: "no"
+
+ # where to store the pid. by default, the pidfile is set to
+ # @pidfile at .
+ # the pidfile is only used if autotrust runs as daemon.
+ pid-file: "/var/run/autotrust.pid"
+
+ # where to store trust anchor state. by default, it is stored in
+ # @statefile at .
+ state-file: "/var/lib/autotrust/autotrust.state"
- # where to find the the trust anchors (that can be used for Unbound).
+ # where to find the the trust anchors (these can be used for Unbound).
# trust-anchor-file: "trust-anchor.file"
- # where to find the the trust anchors (that can be used for
+ # where to find the the trust anchors (these can be used for
# BIND9 and Unbound). you can also put your BIND configuration file
# here, though it is recommended to solely put the trusted-keys clause
# in this file and include it in your actual BIND configuration file.
- trusted-keys-file: "/etc/pki/dnssec-keys/production.conf"
+ trusted-keys-file: "/etc/pki/dnssec-keys/named.dnssec.keys"
+ #trusted-keys-file: "/etc/pki/dnssec-keys/production/*.conf"
+ #trusted-keys-file: "/etc/pki/dnssec-keys/production/reverse/*.conf"
# what resolv.conf file to use.
# by default, autotrust doesn't use configured nameservers, but queries
- # for the answers himself. By providing your resolver configuration, the
+ # for the answers himself. By providing your resolver configuration, the
# program will run much faster.
- # resolv-conf: "/etc/resolv.conf"
+ # resolv-conf: "/etc/resolv.conf"
- # by default, autotrust makes use of both ipv4 and ipv6.
- # setting one of these options to "yes" eliminates the use of the other
- # protocol version.
- # ipv4-only: "no"
- # ipv6-only: "no"
+ # by default, autotrust makes use of both ipv4 and ipv6. setting one of
+ # these options to "no" eliminates the use of the that protocol version.
+ # do-ip4: "yes"
+ # do-ip6: "yes"
# specify the time when a trust anchor may be added.
# by default, add holddown time is 30 days.
- # add-holddown: 2592000 # 30 days
+ # STRONGLY RECOMMENDED VALUE: 30days or higher
+ # add-holddown: 2592000 # 30 days
# specify the time when a trust anchor may be removed.
# by default, del holddown time is 30 days.
- # del-holddown: 2592000 # 30 days
+ # STRONGLY RECOMMENDED VALUE: 30days or higher
+ # del-holddown: 2592000 # 30 days
# how many times must a pending trust anchor be seen, before adding it
# to the valid trust anchor set. by default, 2 times.
# STRONGLY RECOMMENDED VALUE: 2 or higher
- # pending-count: 2
+ # pending-count: 2
# keep trust anchors with the START state in the state information file.
# by default, trust anchors in the state START are not stored.
- # keep-start: "no"
+ # keep-start: "no"
# keep trust anchors with the REMOVED state in the state information.
# by default, trust anchors in the state REMOVED are not stored.
- # keep-removed: "no"
+ # keep-removed: "no"
+
+ # Fedora/EPEL: nameservers are restarted via the autostart.cron job
+ # instead of via resolver-pidfile/resolver-reload
# the pidfile that stores the process id of your resolver.
# by default, autotrust does not know about your resolver and will not
- # signal resolvers.
- # resolver-pidfile: "/var/run/named/named.pid"
- resolver-pidfile: "/var/run/unbound/unbound.pid /var/run/named/named.pid"
+ # signal resolvers. You may configure multiple resolver pidfiles.
+ # resolver-pidfile: "/var/run/unbound/unbound.pid"
+ # resolver-pidfile: "/var/run/named/named.pid"
+
+ # you may also specify the reload command to be executed.
+ # resolver-reload: "unbound-control reload"
+ # resolver-reload: "rndc reload"
# if you use Unbound, you can specify the Undbound configuration
# here, so that autotrust uses the same configuration. This option was
# built in for debugging purposes (to configure stub zones), and is
# considered experimental.
- unbound-conf: "/etc/unbound/unbound.conf"
-
+ unbound-conf: "/etc/unbound/unbound.conf"
+
# specify the time when a missing trust anchor may not be used
# as valid trust anchor anymore. If keep-missing is 0, missing keys
# are never removed (unless revoked), which is the default.
# STRONGLY RECOMMENDED VALUE: 0, or 1year or higher
- # keep-missing: 31536000 # 1 year
+ # keep-missing: 31536000 # 1 year
# log if keys gone missing, regardless of the used verbosity level.
# on by default.
- # alert-missing: "yes"
+ # alert-missing: "yes"
+
+ # run autotrust as daemon. By default "no".
+ # daemonize: "no"
# if you have a superior trust point configured, the subordinate trust
# anchors will be removed after 180 days after the superior trust point
# was introduced. by default, this option is disabled, you may enable it
# by setting 'superior-trust' to "yes".
# THIS OPTION IS NOT IMPLEMENTED YET
- # superior-trust: "yes"
+ # superior-trust: "no"
# set the level of verbosity. default it it set to 1. the higher this
# number, the more log messages you will get. if you want no
# output at all, set verbosity to 0 (you will log only error and
# warning messages).
- # verbosity: 1
+ # verbosity: 1
Index: autotrust.cron
===================================================================
RCS file: /cvs/extras/rpms/autotrust/F-10/autotrust.cron,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- autotrust.cron 25 Jan 2009 15:32:49 -0000 1.1
+++ autotrust.cron 14 Oct 2009 17:42:38 -0000 1.2
@@ -2,3 +2,7 @@
# Check for updated and revoked DNSKEY trust anchors daily
/usr/sbin/autotrust
+# lets try and restart (caching) nameservers ourselves, it produces
+# less errors then when autotrust attempts this.
+/sbin/service unbound try-restart
+/sbin/service named try-restart
Index: autotrust.spec
===================================================================
RCS file: /cvs/extras/rpms/autotrust/F-10/autotrust.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- autotrust.spec 25 Jan 2009 15:32:49 -0000 1.1
+++ autotrust.spec 14 Oct 2009 17:42:38 -0000 1.2
@@ -1,19 +1,16 @@
-%define prever rc1
-%define VERSION %{version}%{prever}
-
Summary: DNSKEY trust anchor update utility that uses RFC-5011
Name: autotrust
-Version: 0.2.1
-Release: 0.2.%{prever}%{?dist}
+Version: 0.3.1
+Release: 1%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/%{name}/
-Source: http://www.nlnetlabs.nl/downloads/%{name}-%{VERSION}.tar.gz
+Source: http://www.nlnetlabs.nl/downloads/%{name}-%{version}.tar.gz
Source1: autotrust.conf
Source2: autotrust.cron
Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: ldns-devel >= 1.3.0, unbound-devel >= 1.0.0
-Requires: anacron
+Requires: anacron, dnssec-conf
%description
autotrust takes care of keeping your DNSSEC trust anchors up to date. It
@@ -22,7 +19,7 @@ autotrust is meant to run from commandli
follow the values recommended by RFC5011, autotrust should run as daemon.
%prep
-%setup -q -n autotrust-%{VERSION}
+%setup -q
%build
%configure --disable-rpath
@@ -37,6 +34,7 @@ mkdir -p %{buildroot}%{_localstatedir}/l
mkdir -p %{buildroot}%{_sysconfdir}/cron.daily/
install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/
install -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/cron.daily/autotrust
+rm %{buildroot}%{_sysconfdir}/%{name}/autotrust.conf.sample
%clean
rm -rf %{buildroot}
@@ -52,6 +50,11 @@ rm -rf %{buildroot}
%attr(0755,root,root) %{_sysconfdir}/cron.daily/autotrust
%changelog
+* Wed Oct 14 2009 Paul Wouters <paul at xelerance.com> - 0.3.1-1
+- Updated to autotrust 0.3.1
+- Try restarting running nameservers from the autotrust cron job
+- Use the "named" version generated by dnssec-configure as trust anchor includes
+
* Wed Jan 21 2009 Paul Wouters <paul at xelerance.com> - 0.2.1-0.2.rc1
- Drop sysconfig argument for configure
- Merged changelog entry to avoid rpm warning
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/autotrust/F-10/sources,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- sources 25 Jan 2009 15:32:49 -0000 1.2
+++ sources 14 Oct 2009 17:42:38 -0000 1.3
@@ -1 +1,2 @@
663254fbd41176e3b13952bffd49a21c autotrust-0.2.1rc1.tar.gz
+ff0177aa0df8c645829fc26de2ac0b54 autotrust-0.3.1.tar.gz
- Previous message (by thread): rpms/highlight/F-12 highlight.spec, 1.48, 1.49 sources, 1.28, 1.29 highlight-2.6.11-makefile.patch, 1.1, NONE
- Next message (by thread): rpms/highlight/F-11 highlight.spec,1.46,1.47 sources,1.27,1.28
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list