From 721435cf7f2ed41fe807c34022fed31c792b4497 Mon Sep 17 00:00:00 2001
From: Stanislav Levin <slev@altlinux.org>
Date: Tue, 2 Jun 2020 11:04:24 +0300
Subject: [PATCH] named: Make use of 'pkcs11' OpenSSL engine for BIND on
 Fedora31

Fixes: https://pagure.io/freeipa/issue/8094
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
---
 ipaplatform/fedora/constants.py | 2 ++
 ipaplatform/fedora/paths.py     | 2 ++
 ipaplatform/fedora/services.py  | 4 ++++
 3 files changed, 8 insertions(+)

diff --git a/ipaplatform/fedora/constants.py b/ipaplatform/fedora/constants.py
index 7efa6e204..34ba0ce19 100644
--- a/ipaplatform/fedora/constants.py
+++ b/ipaplatform/fedora/constants.py
@@ -27,4 +27,6 @@ class FedoraConstantsNamespace(RedHatConstantsNamespace):
     if HAS_NFS_CONF:
         SECURE_NFS_VAR = None
 
+    NAMED_OPENSSL_ENGINE = "pkcs11"
+
 constants = FedoraConstantsNamespace()
diff --git a/ipaplatform/fedora/paths.py b/ipaplatform/fedora/paths.py
index 4e993c063..19cbb0e1d 100644
--- a/ipaplatform/fedora/paths.py
+++ b/ipaplatform/fedora/paths.py
@@ -36,6 +36,8 @@ class FedoraPathNamespace(RedHatPathNamespace):
     NAMED_CRYPTO_POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config"
     if HAS_NFS_CONF:
         SYSCONFIG_NFS = '/etc/nfs.conf'
+    DNSSEC_OPENSSL_CONF = "/etc/ipa/dnssec/openssl.cnf"
+    DNSSEC_KEYFROMLABEL = "/usr/sbin/dnssec-keyfromlabel"
 
 
 paths = FedoraPathNamespace()
diff --git a/ipaplatform/fedora/services.py b/ipaplatform/fedora/services.py
index 0778f624c..0669f4d20 100644
--- a/ipaplatform/fedora/services.py
+++ b/ipaplatform/fedora/services.py
@@ -29,6 +29,8 @@ from ipaplatform.redhat import services as redhat_services
 # Mappings from service names as FreeIPA code references to these services
 # to their actual systemd service names
 fedora_system_units = redhat_services.redhat_system_units.copy()
+fedora_system_units['named'] = fedora_system_units['named-regular']
+fedora_system_units['named-conflict'] = fedora_system_units['named-pkcs11']
 
 
 # Service classes that implement Fedora-specific behaviour
@@ -41,6 +43,8 @@ class FedoraService(redhat_services.RedHatService):
 # of specified name
 
 def fedora_service_class_factory(name, api=None):
+    if name in ['named', 'named-conflict']:
+        return FedoraService(name, api)
     return redhat_services.redhat_service_class_factory(name, api)