File bind.spec of Package bind

# spec file for package bind
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via

# Don't forget to update the package names also in baselibs.conf
%define bind9_sonum 160
%define libbind9 libbind9-%{bind9_sonum}
%define dns_sonum 169
%define libdns libdns%{dns_sonum}
%define irs_sonum 160
%define libirs libirs%{irs_sonum}
%define isc_sonum 166
%define libisc libisc%{isc_sonum}
%define isccc_sonum 160
%define libisccc libisccc%{isccc_sonum}
%define isccfg_sonum 160
%define libisccfg libisccfg%{isccfg_sonum}
%define lwres_sonum 160
%define liblwres liblwres%{lwres_sonum}
# Defines for user and group add
%define	NAMED_UID 44
%define	NAMED_UID_NAME named
%define	NAMED_GID 44
%define	NAMED_GID_NAME named
%define	NAMED_COMMENT Name server daemon
%define	NAMED_HOMEDIR %{_localstatedir}/lib/named
%define	NAMED_SHELL /bin/false
%define	GROUPADD_NAMED getent group %{NAMED_GID_NAME} >/dev/null || %{_sbindir}/groupadd -g %{NAMED_GID} -o -r %{NAMED_GID_NAME}
%define	USERADD_NAMED getent passwd %{NAMED_UID_NAME} >/dev/null || %{_sbindir}/useradd -r -o -g %{NAMED_GID_NAME} -u %{NAMED_UID} -s %{NAMED_SHELL} -c "%{NAMED_COMMENT}" -d %{NAMED_HOMEDIR} %{NAMED_UID_NAME}
%define	USERMOD_NAMED getent passwd %{NAMED_UID_NAME} >/dev/null || %{_sbindir}/usermod -s %{NAMED_SHELL} -d  %{NAMED_HOMEDIR} %{NAMED_UID_NAME}
%if 0%{?suse_version} >= 1500
%define with_systemd 1
%define with_systemd 0

#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
Name:           bind
Version:        9.11.2
Release:        0
Summary:        Domain Name System (DNS) Server (named)
License:        MPL-2.0
Group:          Productivity/Networking/DNS/Servers
Source1:        vendor-files.tar.bz2
Source2:        baselibs.conf
# from ... changes yearly apparently.
Source4:        %{name}.keyring
# url no longer exists...
Source40:       dnszone-schema.txt
Source60:       dlz-schema.txt
Patch2:         bind-99-libidn.patch
Patch4:         perl-path.diff
Patch51:        pie_compile.diff
Patch52:        named-bootconf.diff
Patch53:        bind-sdb-ldap.patch
Patch54:        bind-CVE-2017-3145.patch
Patch55:        bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
Patch56:        bind-ldapdump-use-valid-host.patch
BuildRequires:  libcap-devel
BuildRequires:  libmysqlclient-devel
BuildRequires:  libopenssl-devel
BuildRequires:  libtool
BuildRequires:  openldap2-devel
BuildRequires:  openssl
BuildRequires:  pkgconfig
BuildRequires:  python3
BuildRequires:  python3-ply
BuildRequires:  update-desktop-files
BuildRequires:  pkgconfig(geoip)
BuildRequires:  pkgconfig(json)
BuildRequires:  pkgconfig(krb5)
BuildRequires:  pkgconfig(libidn)
BuildRequires:  pkgconfig(libxml-2.0)
Requires:       %{name}-chrootenv
Requires:       %{name}-utils
Requires(post): %fillup_prereq
Requires(post): bind-utils
Requires(post): coreutils
Requires(pre):  shadow
Provides:       bind8
Provides:       bind9
Provides:       dns_daemon
Obsoletes:      bind8 < %{version}
Obsoletes:      bind9 < %{version}
%if %{with_systemd}
BuildRequires:  systemd-rpm-macros
BuildRequires:  pkgconfig(libsystemd)
BuildRequires:  pkgconfig(systemd)
Requires(post): %insserv_prereq

Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols and provides an openly redistributable
reference implementation of the major components of the Domain Name
System.  This package includes the components to operate a DNS server.

%package -n %{libbind9}
Summary:        BIND9 shared library used by BIND
Group:          System/Libraries

%description -n %{libbind9}
This library contains a few utility functions used by the BIND
server and utilities.

%package -n %{libdns}
Summary:        DNS library used by BIND
Group:          System/Libraries

%description -n %{libdns}
This subpackage contains the "DNS client" module. This is a higher
level API that provides an interface to name resolution, single DNS
transaction with a particular server, and dynamic update. Regarding
name resolution, it supports advanced features such as DNSSEC
validation and caching. This module supports both synchronous and
asynchronous mode.

It also contains the Advanced Database (ADB) and Simple Database
(SDB) APIs. ADB allows user-written routines to replace BIND’s
internal database function for both nominated and all zones. SDB
allows a user-written driver to supply zone data either from
alternate data sources (for instance, a relational database) or using
specialized algorithms (for instance, for load-balancing).
[Book links for SDB: "Pro DNS and BIND 10", R. Aitchison, Apress]

%package -n %{libirs}
Summary:        The BIND Information Retrieval System library
Group:          System/Libraries

%description -n %{libirs}
libirs provides an interface to parse the traditional resolv.conf file and an
"advanced" configuration file related to the DNS library for configuration
parameters that would be beyond the capability of the resolv.conf file.
Specifically, it is intended to provide DNSSEC related configuration
parameters. By default, the path to this configuration file is %{_sysconfdir}/dns.conf.

%package -n libirs-devel
Summary:        Development files for IRS
Group:          Development/Libraries/C and C++
Requires:       %{libirs} = %{version}

%description -n libirs-devel
libirs provides an interface to parse the traditional resolv.conf file and an
"advanced" configuration file related to the DNS library for configuration
parameters that would be beyond the capability of the resolv.conf file.  This
subpackage contains the header files needed for building programs with it.

%package -n %{libisc}
Summary:        ISC shared library used by BIND
Group:          System/Libraries
Provides:       bind-libs = %{version}-%{release}
Obsoletes:      bind-libs < %{version}-%{release}

%description -n %{libisc}
This library contains miscellaneous utility function used by the BIND
server and utilities. It includes functions for assertion handling,
balanced binary (AVL) trees, bit masks comparison, event based
programs, heap-based priority queues, memory handling, and program

%package -n %{libisccc}
Summary:        Command Channel Library used by BIND
Group:          System/Libraries

%description -n %{libisccc}
This library is used for communicating with BIND servers'
administrative command channel (port 953 by default).

%package -n %{libisccfg}
Summary:        Exported ISC configuration shared library
Group:          System/Libraries

%description -n %{libisccfg}
This BIND library contains the configuration file parser.

%package -n %{liblwres}
Summary:        Lightweight Resolver API library
Group:          System/Libraries

%description -n %{liblwres}
The BIND 9 lightweight resolver library is a name service independent
stub resolver library. It provides hostname-to-address and
address-to-hostname lookup services to applications by transmitting
lookup requests to a resolver daemon, lwresd, running on the local
host. The resover daemon performs the lookup using the DNS or
possibly other name service protocols, and returns the results to the
application through the library. The library and resolver daemon
communicate using a UDP-based protocol.

%package chrootenv
Summary:        Chroot environment for BIND named and lwresd
Group:          Productivity/Networking/DNS/Servers
Requires(pre):  shadow

%description chrootenv
This package contains all directories and files which are common to the
chroot environment of BIND named and lwresd.  Most is part of the
structure below %{_localstatedir}/lib/named.

%package devel
Summary:        Development Libraries and Header Files of BIND
Group:          Development/Libraries/C and C++
Requires:       %{libbind9} = %{version}
Requires:       %{libdns} = %{version}
Requires:       %{libirs} = %{version}
Requires:       %{libisccc} = %{version}
Requires:       %{libisccfg} = %{version}
Requires:       %{libisc} = %{version}
Requires:       %{liblwres} = %{version}
Provides:       bind8-devel
Provides:       bind9-devel
Obsoletes:      bind8-devel < %{version}
Obsoletes:      bind9-devel < %{version}

%description devel
This package contains the header files, libraries, and documentation
for building programs using the libraries of the Berkeley Internet Name
Domain (BIND) Domain Name System implementation of the Domain Name
System (DNS) protocols.

%package doc
Summary:        BIND documentation
Group:          Documentation/Other
BuildArch:      noarch

%description doc
Documentation of the Berkeley Internet Name Domain (BIND) Domain Name
System implementation of the Domain Name System (DNS) protocols.  This
includes also the BIND Administrator Reference Manual (ARM).

%package lwresd
Summary:        Lightweight Resolver Daemon
Group:          Productivity/Networking/DNS/Utilities
Requires:       %{name}-chrootenv
Requires(pre):  shadow
Requires(pre):  sysvinit(network)
Requires(pre):  sysvinit(syslog)
Provides:       dns_daemon
%if !%{with_systemd}
Requires(post): %insserv_prereq

%description lwresd
Bind-lwresd provides resolution services to local clients using a
combination of the lightweight resolver library liblwres and the
resolver daemon process lwresd running on the local host.  These
communicate using a simple UDP-based protocol, the "lightweight
resolver protocol" that is distinct from and simpler than the full DNS

%package utils
Summary:        Utilities to query and test DNS
# Needed for dnssec parts
Group:          Productivity/Networking/DNS/Utilities
Requires:       python3-bind = %{version}
Provides:       bind9-utils
Provides:       bindutil
Provides:       dns_utils
Obsoletes:      bind9-utils < %{version}
Obsoletes:      bindutil < %{version}

%description utils
This package includes the utilities "host", "dig", and "nslookup" used to
test and query the Domain Name System (DNS).  The Berkeley Internet
Name Domain (BIND) DNS server is found in the package named bind.

%package -n python3-bind
Summary:        A module allowing rndc commands to be sent from Python programs
Group:          Development/Languages/Python
Requires:       python3
Requires:       python3-ply
BuildArch:      noarch

%description -n python3-bind
This package provides a module which allows commands to be sent to rndc directly from Python programs.

%setup -q -a1
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch54 -p1
%patch55 -p1
%patch56 -p1

# use the year from source gzip header instead of current one to make reproducible rpms
year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0})
sed -i "s/stdout, copyright, year/stdout, copyright, \"-$year\"/" lib/dns/gen.c

# modify settings of some files regarding to OS version and vendor
function replaceStrings()
	sed -e "s@__NSD__@/lib@g" \
		-e "s@__BIND_PACKAGE_NAME__@%{name}@g" \
		-e "s@__VENDOR__@%{VENDOR}@g" \
                -e "s@__openssl__@$(pkg-config --variable=enginesdir libcrypto)@g" \
		-i "${file}"
pushd vendor-files
for file in docu/README tools/createNamedConfInclude config/{README,named.conf} init/{named,lwresd} system/{named.init,lwresd.init} sysconfig/{named-common,named-named,syslog-named}; do
	replaceStrings ${file}
cp contrib/sdb/ldap/ldapdb.c bin/named/
cp contrib/sdb/ldap/ldapdb.h bin/named/include/

autoreconf -fvi
export CFLAGS="%{optflags}"
%configure \
	--with-python=%{_bindir}/python3 \
	--includedir=%{_includedir}/bind \
	--disable-static \
	--with-openssl \
	--enable-threads \
	--with-libtool \
	--with-libxml2 \
	--with-libjson \
	--with-dlz-mysql \
	--with-dlz-ldap \
	--with-randomdev=/dev/urandom \
	--enable-ipv6 \
	--with-pic \
	--disable-openssl-version-check \
	--with-tuning=large \
	--with-geoip \
	--with-dlopen \
	--with-gssapi=yes \
	--disable-isc-spnego \
	--enable-fixed-rrset \
	--enable-filter-aaaa \
%if %{with_systemd}
        --with-systemd \
# disable rpath
sed -i '
' libtool
make %{?_smp_mflags}

mkdir -p \
	%{buildroot}/%{_sysconfdir}/init.d \
	%{buildroot}/%{_sysconfdir}/named.d \
	%{buildroot}/%{_sysconfdir}/openldap/schema \
	%{buildroot}/%{_sysconfdir}/slp.reg.d \
	%{buildroot}%{_prefix}/{bin,%{_lib},sbin,include} \
	%{buildroot}/%{_datadir}/bind \
	%{buildroot}/%{_datadir}/susehelp/meta/Administration/System \
	%{buildroot}/%{_defaultdocdir}/bind \
	%{buildroot}%{_localstatedir}/lib/named/{etc/named.d,dev,dyn,log,master,slave,var/{lib,run/{lwresd,named}}} \
	%{buildroot}%{_mandir}/{man1,man3,man5,man8} \
	%{buildroot}%{_fillupdir} \
	%{buildroot}/%{_rundir} \
	%{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services \
	%{buildroot}%{_includedir}/bind/dns \
# install errno2result.h, some dynamic DB plugins could use it.
install -m 0755 -d %{buildroot}%{_includedir}/isc/
install -m 0644 lib/isc/unix/errno2result.h %{buildroot}%{_includedir}/isc/

# remove useless .la files
rm -f %{buildroot}/%{_libdir}/lib*.{la,a}
mv vendor-files/config/named.conf %{buildroot}/%{_sysconfdir}
mv vendor-files/config/bind.reg %{buildroot}/%{_sysconfdir}/slp.reg.d
mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d
for file in lwresd.conf named.conf.include; do
	touch %{buildroot}/%{_sysconfdir}/${file}

%if %{with_systemd}
	for file in lwresd named; do
        	install -D -m 0644 vendor-files/system/${file}.service %{buildroot}%{_unitdir}/${file}.service
                install -m 0755 vendor-files/system/${file}.init %{buildroot}/usr/sbin/${file}.init
		ln -s /sbin/service %{buildroot}%{_sbindir}/rc${file}
	for file in lwresd named; do
		install -m 0754 vendor-files/init/${file} %{buildroot}%{_initddir}/${file}
		ln -sf %{_initddir}/${file} %{buildroot}%{_sbindir}/rc${file}
install -m 0644 ${RPM_SOURCE_DIR}/named.root %{buildroot}%{_localstatedir}/lib/named/root.hint
mv vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_localstatedir}/lib/named
install -m 0754 vendor-files/tools/createNamedConfInclude %{buildroot}/%{_datadir}/bind
install -m 0755 vendor-files/tools/bind.genDDNSkey %{buildroot}/%{_bindir}/genDDNSkey
cp -a vendor-files/docu/BIND.desktop %{buildroot}/%{_datadir}/susehelp/meta/Administration/System
cp -p ${RPM_SOURCE_DIR}/dnszone-schema.txt %{buildroot}/%{_sysconfdir}/openldap/schema/dnszone.schema
cp -p "%{SOURCE60}" "%{buildroot}/%{_sysconfdir}/openldap/schema/dlz.schema"
install -m 0754 vendor-files/tools/ldapdump %{buildroot}/%{_datadir}/bind
find %{buildroot}/%{_libdir} -type f -name '*.so*' -print0 | xargs -0 chmod 0755
touch %{buildroot}%{_localstatedir}/lib/named%{_sysconfdir}/{localtime,named.conf.include,named.d/rndc.access.conf}
touch %{buildroot}%{_localstatedir}/lib/named/dev/log
ln -s ../.. %{buildroot}%{_localstatedir}/lib/named%{_localstatedir}/lib/named
ln -s ../log %{buildroot}%{_localstatedir}/lib/named%{_localstatedir}
ln -s ..%{_localstatedir}/lib/named%{_localstatedir}/run/lwresd %{buildroot}/run
ln -s ..%{_localstatedir}/lib/named%{_localstatedir}/run/named %{buildroot}/run
for file in named-common named-named syslog-named; do
	install -m 0644 vendor-files/sysconfig/${file} %{buildroot}%{_fillupdir}/sysconfig.${file}
install -m 644 vendor-files/sysconfig/SuSEFirewall.named %{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/bind
# Cleanup doc
rm doc/misc/Makefile*
find doc/arm -type f ! -name '*.html' -print0 | xargs -0 rm -f
# Create doc as we want it in bind and not bind-doc
cp -a vendor-files/docu/README %{buildroot}/%{_defaultdocdir}/bind/README.%{VENDOR}
cp -a vendor-files/docu/dnszonehowto.html contrib/sdb/ldap/
mkdir -p vendor-files/config/ISC-examples
cp -a bin/tests/*.conf* vendor-files/config/ISC-examples
for file in CHANGES COPYRIGHT README version contrib doc/{arm,misc} vendor-files/config contrib/sdb/ldap/INSTALL.ldap; do
	basename=$( basename ${file})
	cp -a ${file} %{buildroot}/%{_defaultdocdir}/bind/${basename}
	echo "%doc %{_defaultdocdir}/bind/${basename}" >>filelist-bind-doc
# ---------------------------------------------------------------------------
install -m 0644 bind.keys %{buildroot}%{_localstatedir}/lib/named/named.root.key

# Are we updating from a package named bind9?
if test -d usr/share/doc/packages/bind9 && sbin/chkconfig -c named; then
	test -d ${ACTIVE_DIR} || mkdir -p ${ACTIVE_DIR}
# Might be an update.
# var/run/named is now a sym link pointing to the chroot jail
test -L var/run/named || rm -rf var/run/named
test -f etc/sysconfig/named && \
	. etc/sysconfig/named
# Store NAMED_RUN_CHROOTED setting to a temp file.
test -d ${TEMP_DIR} || \
	mkdir -p ${TEMP_DIR}
test -e ${TEMP_SYSCONFIG_FILE} && \
%if %{with_systemd}
%service_add_pre named.service

%if %{with_systemd}
%service_del_preun named.service
%stop_on_removal named

%if !%{with_systemd}
%{fillup_and_insserv -nf named}
%{fillup_only -nsa named named}
# Are we in update mode?
if [ ${FIRST_ARG:-0} -gt 1 ]; then
# Is named.conf an old, /var/named configuration?
if [ -f etc/named.conf ] && grep -qi '^[[:space:]]*directory[[:space:]]*"%{_localstatedir}/named"[[:space:]]*;' etc/named.conf; then
	test -d var/log || \
		mkdir -p var/log
	# move zone files to new location
	echo "Moving zone files to new location %{_localstatedir}/lib/named" | tee ${CONVLOG}
	for dir in var/named var/named/slave; do
		for source in $( find ${dir} -maxdepth 1 ); do
			case "${source#var/named/}" in||root.hint|slave|var/named) continue ;;
			sourcedir=$( echo "${source%/*}")
			destdir=$( echo "${sourcedir#var/named}")
			if [ -e "var/lib/named/${destdir}/${source##*/}" ]; then
				echo "Warning: %{_localstatedir}/lib/named${destdir}/${source##*/} already exists; skipped." | tee -a ${CONVLOG}
		  		echo "${source#var/named/}" | tee -a ${CONVLOG}
				mv "${source}" "var/lib/named/${destdir}"
	# updating named.conf
	echo -n "Backup old %{_sysconfdir}/named.conf to " | tee -a ${CONVLOG}
	oldconfig=$( old etc/named.conf) 2>/dev/null
	echo -n "%{_sysconfdir}/${oldconfig}. Conversion " | tee -a ${CONVLOG}
	sed -e "s@\"%{_localstatedir}/named\"@\"%{_localstatedir}/lib/named\"@" "etc/${oldconfig}" > etc/named.conf 2>/dev/null
	if [ ${conv_rc} -eq 0 ]; then
		echo "succeded." | tee -a ${CONVLOG}
		chmod --reference="etc/${oldconfig}" etc/named.conf
		chown --reference="etc/${oldconfig}" etc/named.conf
		echo "failed." | tee -a ${CONVLOG}
	if [ ${conv_rc} -eq 0 ]; then
		cat << EOF >>${CONVLOG}
Result: named.conf conversion succeded.  For details check the following
diff of the the old and new configuration.
		diff -u etc/${oldconfig} etc/named.conf >>${CONVLOG}
		cat << EOF >>${CONVLOG}
Result: Conversion failed. You must check your %{_sysconfdir}/named.conf
	rm -f var/lib/update-messages/bind.1
fi # End of 'Is named.conf an old, %{_localstatedir}/named configuration?'.
# Add include files to NAMED_CONF_INCLUDE_FILES if we have already a include
# file (SL Standard Server 8) and NAMED_RUN_CHROOTED from the
if [ -f ${TEMP_SYSCONFIG_FILE} ]; then
if [ -s etc/named.conf.include -a -z "${NAMED_RUN_CHROOTED}" ]; then
	test -f etc/sysconfig/named && . etc/sysconfig/named
	if [ "${NAMED_INITIALIZE_SCRIPTS}" = "createNamedConfInclude" -a \
		-z "${NAMED_CONF_INCLUDE_FILES}" ]; then
		# Get the included files from an existing meta include file.
		INCLUDE_LINES=$( grep -e '^[[:space:]]*include' etc/named.conf.include | cut -f 2 -d '"')
		if [ "${INCLUDE_LINES}" -a -z "${NAMED_CONF_INCLUDE_FILES}" ]; then
			for file in ${INCLUDE_LINES}; do
				# don't add a file a second time
				echo "${INCLUDE_FILES}" | grep -qe "\<${file#%{_sysconfdir}/named.d/}\>" && continue
				# don't add the meta include file as the init script copy it anyway
				# to the chroot jail
				test "${file}" = "%{_sysconfdir}/named.conf.include" && continue
				# strip off any leading %{_sysconfdir}/named.d/ as the init script takes care
				# of relative file names
			TMPFILE=$( mktemp %{_localstatedir}/tmp/named.sysconfig.XXXXXX)
			if [ $? -ne 0 ]; then
				echo "Can't create temp file. Please add your included files from %{_sysconfdir}/named.conf to"
				echo "NAMED_CONF_INCLUDE_FILES of %{_sysconfdir}/sysconfig/named manually."
			chmod --reference=etc/sysconfig/named ${TMPFILE}
			if sed "s+^NAMED_CONF_INCLUDE_FILES.*$+NAMED_CONF_INCLUDE_FILES=\"${INCLUDE_FILES}\"+" etc/sysconfig/named > "${TMPFILE}"; then
				mv "${TMPFILE}" etc/sysconfig/named
				echo "Can't set NAMED_CONF_INCLUDE_FILES of %{_sysconfdir}/sysconfig/named to \"${INCLUDE_FILES}\"."
	rm -f touch var/lib/update-messages/bind.3
fi # End of 'Add include files to NAMED_CONF_INCLUDE_FILES'
fi # End of 'Are we in update mode?'
# Remove TEMP_SYSCONFIG_FILE in any case.
%if %{with_systemd}
%service_add_post named.service
if [ -f ${NAMED_ACTIVE_FILE} ]; then
        sbin/insserv named
        test ! -s ${NAMED_ACTIVE_FILE} && rm -f ${NAMED_ACTIVE_FILE}
if [ -x %{_bindir}/systemctl ]; then
# make sure systemctl knows about the service even though it's not a systemd service
# Without this, systemctl status named would return
#     Unit named.service could not be found.
# until systemctl daemon-reload has been executed
    %{_bindir}/systemctl daemon-reload || :

%if %{with_systemd}
%service_del_postun named.service
%restart_on_update named

%post   -n %{libbind9} -p /sbin/ldconfig
%postun -n %{libbind9} -p /sbin/ldconfig
%post   -n %{libdns} -p /sbin/ldconfig
%postun -n %{libdns} -p /sbin/ldconfig
%post   -n %{libirs} -p /sbin/ldconfig
%postun -n %{libirs} -p /sbin/ldconfig
%post   -n %{libisc} -p /sbin/ldconfig
%postun -n %{libisc} -p /sbin/ldconfig
%post   -n %{libisccc} -p /sbin/ldconfig
%postun -n %{libisccc} -p /sbin/ldconfig
%post   -n %{libisccfg} -p /sbin/ldconfig
%postun -n %{libisccfg} -p /sbin/ldconfig
%post   -n %{liblwres} -p /sbin/ldconfig
%postun -n %{liblwres} -p /sbin/ldconfig
%pre chrootenv

%post chrootenv
%{fillup_only -nsa named common}
%{fillup_only -nsa syslog named}

%pre lwresd
%if %{with_systemd}
%service_add_pre lwresd.service

%post lwresd
# delete an emtpy lwresd.conf file
if [ ! -s etc/lwresd.conf ]; then
    rm -f etc/lwresd.conf
%if %{with_systemd}
%service_add_post lwresd.service
if [ $1 -le 1 ]; then
    %{fillup_and_insserv -fy lwresd}

%preun lwresd
%stop_on_removal lwresd
%if %{with_systemd}
%service_del_preun lwresd.service
%stop_on_removal lwresd

%postun lwresd
%if %{with_systemd}
%service_del_postun lwresd.service
%restart_on_update lwresd

%post utils

%attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/named.conf
%dir %{_sysconfdir}/slp.reg.d
%attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/bind.reg
%attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include
%if %{with_systemd}
%config %{_unitdir}/named.service
%config /%{_sysconfdir}/init.d/named
%dir %{_datadir}/bind
%ghost %{_rundir}/named
%dir %{_var}/lib/named/master
%attr(-,named,named) %dir %{_var}/lib/named/dyn
%attr(-,named,named) %dir %{_var}/lib/named/slave
%config %{_var}/lib/named/root.hint
%config %{_var}/lib/named/
%config %{_var}/lib/named/
%config %{_var}/lib/named/named.root.key
%dir %{_libexecdir}/bind

%files -n %{libbind9}

%files -n %{libdns}

%files -n %{libirs}

%files -n libirs-devel

%files -n %{libisc}

%files -n %{libisccc}

%files -n %{libisccfg}

%files -n %{liblwres}

%files chrootenv
%attr(-,named,named) %dir %{_var}/lib/named
%dir %{_var}/lib/named%{_sysconfdir}
%dir %{_var}/lib/named%{_sysconfdir}/named.d
%dir %{_var}/lib/named/dev
%dir %{_var}/lib/named%{_localstatedir}
%dir %{_var}/lib/named%{_localstatedir}/lib
%dir %{_var}/lib/named%{_localstatedir}/run
%attr(-,named,named) %dir %{_var}/lib/named/log
%ghost %{_var}/lib/named%{_sysconfdir}/named.d/rndc.access.conf
%ghost %{_var}/lib/named/dev/log
%attr(0666, root, root) %dev(c, 1, 3) %{_var}/lib/named/dev/null
%attr(0666, root, root) %dev(c, 1, 8) %{_var}/lib/named/dev/random
%attr(0664, root, root) %dev(c, 1, 9) %{_var}/lib/named/dev/urandom
%ghost %{_var}/lib/named%{_sysconfdir}/localtime
%attr(0644,root,named) %ghost %{_var}/lib/named%{_sysconfdir}/named.conf.include
%attr(-,named,named) %dir %{_var}/lib/named%{_localstatedir}/run/named

%files devel
%dir %{_includedir}/isc

%files doc -f filelist-bind-doc
%dir %doc %{_defaultdocdir}/bind
%doc %{_datadir}/susehelp

%files lwresd
%ghost %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/lwresd.conf
%if %{with_systemd}
%config %{_unitdir}/lwresd.service
%config %{_initddir}/lwresd
%ghost %{_rundir}/lwresd
%attr(-,named,named) %dir %{_var}/lib/named%{_localstatedir}/run/lwresd

%files utils
%dir %{_sysconfdir}/named.d
%config(noreplace) %{_sysconfdir}/named.d/rndc-access.conf
%config(noreplace) %{_sysconfdir}/bind.keys
%dir %{_sysconfdir}/openldap
%dir %{_sysconfdir}/openldap/schema
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dnszone.schema
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dlz.schema
%dir %doc %{_defaultdocdir}/bind

%files -n python3-bind