NetBSD Problem Report #55449
From www@netbsd.org Fri Jul 3 00:28:17 2020
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id C919A1A9217
for <gnats-bugs@gnats.NetBSD.org>; Fri, 3 Jul 2020 00:28:17 +0000 (UTC)
Message-Id: <20200703002816.A01A01A9218@mollari.NetBSD.org>
Date: Fri, 3 Jul 2020 00:28:16 +0000 (UTC)
From: gnats@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com
Reply-To: gnats@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com
To: gnats-bugs@NetBSD.org
Subject: Include the trustanchor in net/dnsmasq package when using the dnssec option.
X-Send-Pr-Version: www-1.0
>Number: 55449
>Category: pkg
>Synopsis: Include the trustanchor in net/dnsmasq package when using the dnssec option.
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Fri Jul 03 00:30:00 +0000 2020
>Last-Modified: Sat Oct 10 14:15:01 +0000 2020
>Originator: Ben Gergely
>Release: current
>Organization:
>Environment:
>Description:
Include the trustanchor in the package when using the dnssec option.
>How-To-Repeat:
>Fix:
Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/net/dnsmasq/Makefile,v
retrieving revision 1.42
diff -u -r1.42 Makefile
--- Makefile 22 May 2020 10:56:26 -0000 1.42
+++ Makefile 3 Jul 2020 00:17:17 -0000
@@ -51,5 +51,8 @@
${INSTALL_DATA} ${WRKSRC}/dbus/dnsmasq.conf \
${DESTDIR}${EGDIR}/dnsmasq-dbus.conf
.endif
+.if !empty(PKG_OPTIONS:Mdnssec)
+ ${INSTALL_DATA} ${WRKDIR}/${DISTNAME}/trust-anchors.conf ${DESTDIR}${EGDIR}
+.endif
.include "../../mk/bsd.pkg.mk"
Index: PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/net/dnsmasq/PLIST,v
retrieving revision 1.5
diff -u -r1.5 PLIST
--- PLIST 2 Jun 2017 08:37:49 -0000 1.5
+++ PLIST 3 Jul 2020 00:17:17 -0000
@@ -3,3 +3,4 @@
sbin/dnsmasq
${PLIST.dbus}share/examples/dnsmasq/dnsmasq-dbus.conf
share/examples/dnsmasq/dnsmasq.conf.example
+${PLIST.dnssec}share/examples/dnsmasq/trust-anchors.conf
Index: options.mk
===================================================================
RCS file: /cvsroot/pkgsrc/net/dnsmasq/options.mk,v
retrieving revision 1.5
diff -u -r1.5 options.mk
--- options.mk 27 Oct 2018 07:57:10 -0000 1.5
+++ options.mk 3 Jul 2020 00:17:17 -0000
@@ -6,7 +6,7 @@
.include "../../mk/bsd.options.mk"
-PLIST_VARS+= dbus
+PLIST_VARS+= dbus dnssec
.if !empty(PKG_OPTIONS:Mdbus)
USE_TOOLS+= pkg-config
@@ -24,6 +24,7 @@
.if !empty(PKG_OPTIONS:Mdnssec)
USE_TOOLS+= pkg-config
CFLAGS+= -DHAVE_DNSSEC
+PLIST.dnssec= yes
.include "../../security/nettle/buildlink3.mk"
.include "../../devel/gmp/buildlink3.mk"
.endif
>Audit-Trail:
From: David Holland <dholland-pbugs@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/55449: Include the trustanchor in net/dnsmasq package when
using the dnssec option.
Date: Mon, 24 Aug 2020 07:05:34 +0000
On Fri, Jul 03, 2020 at 12:30:01AM +0000, gnats@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com wrote:
> Include the trustanchor in the package when using the dnssec option.
>
> Index: Makefile
> ===================================================================
> RCS file: /cvsroot/pkgsrc/net/dnsmasq/Makefile,v
> retrieving revision 1.42
> diff -u -r1.42 Makefile
> --- Makefile 22 May 2020 10:56:26 -0000 1.42
> +++ Makefile 3 Jul 2020 00:17:17 -0000
> @@ -51,5 +51,8 @@
> ${INSTALL_DATA} ${WRKSRC}/dbus/dnsmasq.conf \
> ${DESTDIR}${EGDIR}/dnsmasq-dbus.conf
> .endif
> +.if !empty(PKG_OPTIONS:Mdnssec)
> + ${INSTALL_DATA} ${WRKDIR}/${DISTNAME}/trust-anchors.conf ${DESTDIR}${EGDIR}
> +.endif
Should this use the config file mechanism so a copy also goes in
$PKGCONFDIR?
--
David A. Holland
dholland@netbsd.org
From: Benedek Gergely <gnats@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/55449: Include the trustanchor in net/dnsmasq package when
using the dnssec option.
Date: Sat, 10 Oct 2020 15:11:36 +0100
I don't think its necessary since the user
will need to edit the config file to enable
dnssec anyway at which point they can point
it at the trust anchor wherever it is.
It's a shame it can't just grab it from
/etc/namedb/bind.keys
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.