From 5db849a72f0b4c3166079da9f384c7667affaf0d Mon Sep 17 00:00:00 2001 From: Harvie Date: Wed, 4 Aug 2010 05:59:47 +0200 Subject: [PATCH] Added custom dnsval.conf to distribution --- dnssec-tools/PKGBUILD | 8 +++- dnssec-tools/dnsval.conf | 81 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+), 2 deletions(-) create mode 100644 dnssec-tools/dnsval.conf diff --git a/dnssec-tools/PKGBUILD b/dnssec-tools/PKGBUILD index 8d2d05e..eac4e7a 100644 --- a/dnssec-tools/PKGBUILD +++ b/dnssec-tools/PKGBUILD @@ -10,9 +10,11 @@ url="http://www.dnssec-tools.org/" license="Custom" arch=('i686' 'x86_64') depends=(dnssec-root-zone-trust-anchors perl perl-timedate perl-net-dns perl-net-dns-sec) +backup=(etc/dnssec-tools/dnsval.conf.head etc/dnssec-tools/dnsval.conf.tail) install="${pkgname}.install" -source=("http://www.dnssec-tools.org/download/${pkgname}-${pkgver}.tar.gz") -md5sums=('f3dfe18ae50cf65594936e1684d469d0') +source=("http://www.dnssec-tools.org/download/${pkgname}-${pkgver}.tar.gz" dnsval.conf) +md5sums=('f3dfe18ae50cf65594936e1684d469d0' + '05656944ff9caa959591f547cfe25eba') build() { cd ${srcdir}/${pkgname}-${pkgver}/ || return 1 @@ -42,6 +44,8 @@ build() { msg2 'configuration files' cp -r validator/etc/* "${pkgdir}/etc/${pkgname}/" rm -rf "${pkgdir}/etc/${pkgname}/${pkgname}.conf" #will be generated in post_install + cp -f "${srcdir}/dnsval.conf" "${pkgdir}/etc/dnssec-tools/" + touch "${pkgdir}"/etc/dnssec-tools/dnsval.conf.{head,tail} msg2 'license informations' mkdir -p "${pkgdir}/usr/share/licenses/${pkgname}/" cp COPYING "${pkgdir}/usr/share/licenses/${pkgname}/" diff --git a/dnssec-tools/dnsval.conf b/dnssec-tools/dnsval.conf new file mode 100644 index 0000000..2b4e984 --- /dev/null +++ b/dnssec-tools/dnsval.conf @@ -0,0 +1,81 @@ +####################################################################### +####################################################################### +### +### You should NOT modify this file, use the following files instead: +### - /etc/dnssec-tools/dnsval.conf.head +### - /etc/dnssec-tools/dnsval.conf.tail +### +####################################################################### +####################################################################### + +################################## +# Includes +################################## + +include /etc/dnssec-tools/dnsval.conf.head +include /usr/share/dnssec-trust-anchors/root-anchor.dnsval.conf +# TRUSTMAN-ACTION bind-include /var/opt/named/named.conf + +################################## +# Global Options +################################## + +global-options + trust-oob-answers yes + edns0-size 1492 + env-policy enable + app-policy disable + log 10:stderr +; + +################################## +# Default policies +################################## + +: trust-anchor + dnssec-tools.org DS 54556 5 2 6B026928292D452A5CC37B3EF327F27F50A29936CB31E664EB066D71A476E282 +; + +: zone-security-expectation + dnssec-tools.org validate +; + +: provably-insecure-status + . trusted +; + +: clock-skew + . 0 +; + +################################## +# MTA Policies +################################## + +mta provably-insecure-status + . trusted +; + +mta clock-skew + . -1 +; + +################################## +# Web Browser Policies +################################## + +browser provably-insecure-status + . trusted +; + +browser clock-skew + . 0 +; + + +################################## +# Overrides +################################## + +include /etc/dnssec-tools/dnsval.conf.tail +include $HOME/.config/dnsval.conf -- 2.30.2