NetBSD Problem Report #55449

From www@netbsd.org  Fri Jul  3 00:28:17 2020
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id C919A1A9217
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  3 Jul 2020 00:28:17 +0000 (UTC)
Message-Id: <20200703002816.A01A01A9218@mollari.NetBSD.org>
Date: Fri,  3 Jul 2020 00:28:16 +0000 (UTC)
From: gnats@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com
Reply-To: gnats@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com
To: gnats-bugs@NetBSD.org
Subject: Include the trustanchor in net/dnsmasq package when using the dnssec option.
X-Send-Pr-Version: www-1.0

>Number:         55449
>Category:       pkg
>Synopsis:       Include the trustanchor in net/dnsmasq package when using the dnssec option.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Jul 03 00:30:00 +0000 2020
>Last-Modified:  Sat Oct 10 14:15:01 +0000 2020
>Originator:     Ben Gergely
>Release:        current
>Organization:
>Environment:
>Description:
Include the trustanchor in the package when using the dnssec option.
>How-To-Repeat:

>Fix:
Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/net/dnsmasq/Makefile,v
retrieving revision 1.42
diff -u -r1.42 Makefile
--- Makefile    22 May 2020 10:56:26 -0000      1.42
+++ Makefile    3 Jul 2020 00:17:17 -0000
@@ -51,5 +51,8 @@
        ${INSTALL_DATA} ${WRKSRC}/dbus/dnsmasq.conf \
                ${DESTDIR}${EGDIR}/dnsmasq-dbus.conf
 .endif
+.if !empty(PKG_OPTIONS:Mdnssec)
+       ${INSTALL_DATA} ${WRKDIR}/${DISTNAME}/trust-anchors.conf ${DESTDIR}${EGDIR}
+.endif

 .include "../../mk/bsd.pkg.mk"
Index: PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/net/dnsmasq/PLIST,v
retrieving revision 1.5
diff -u -r1.5 PLIST
--- PLIST       2 Jun 2017 08:37:49 -0000       1.5
+++ PLIST       3 Jul 2020 00:17:17 -0000
@@ -3,3 +3,4 @@
 sbin/dnsmasq
 ${PLIST.dbus}share/examples/dnsmasq/dnsmasq-dbus.conf
 share/examples/dnsmasq/dnsmasq.conf.example
+${PLIST.dnssec}share/examples/dnsmasq/trust-anchors.conf
Index: options.mk
===================================================================
RCS file: /cvsroot/pkgsrc/net/dnsmasq/options.mk,v
retrieving revision 1.5
diff -u -r1.5 options.mk
--- options.mk  27 Oct 2018 07:57:10 -0000      1.5
+++ options.mk  3 Jul 2020 00:17:17 -0000
@@ -6,7 +6,7 @@

 .include "../../mk/bsd.options.mk"

-PLIST_VARS+=   dbus
+PLIST_VARS+=   dbus dnssec

 .if !empty(PKG_OPTIONS:Mdbus)
 USE_TOOLS+=    pkg-config
@@ -24,6 +24,7 @@
 .if !empty(PKG_OPTIONS:Mdnssec)
 USE_TOOLS+=    pkg-config
 CFLAGS+=       -DHAVE_DNSSEC
+PLIST.dnssec=  yes
 .include "../../security/nettle/buildlink3.mk"
 .include "../../devel/gmp/buildlink3.mk"
 .endif

>Audit-Trail:
From: David Holland <dholland-pbugs@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: pkg/55449: Include the trustanchor in net/dnsmasq package when
 using the dnssec option.
Date: Mon, 24 Aug 2020 07:05:34 +0000

 On Fri, Jul 03, 2020 at 12:30:01AM +0000, gnats@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com wrote:
  > Include the trustanchor in the package when using the dnssec option.
  > 
  > Index: Makefile
  > ===================================================================
  > RCS file: /cvsroot/pkgsrc/net/dnsmasq/Makefile,v
  > retrieving revision 1.42
  > diff -u -r1.42 Makefile
  > --- Makefile    22 May 2020 10:56:26 -0000      1.42
  > +++ Makefile    3 Jul 2020 00:17:17 -0000
  > @@ -51,5 +51,8 @@
  >         ${INSTALL_DATA} ${WRKSRC}/dbus/dnsmasq.conf \
  >                 ${DESTDIR}${EGDIR}/dnsmasq-dbus.conf
  >  .endif
  > +.if !empty(PKG_OPTIONS:Mdnssec)
  > +       ${INSTALL_DATA} ${WRKDIR}/${DISTNAME}/trust-anchors.conf ${DESTDIR}${EGDIR}
  > +.endif

 Should this use the config file mechanism so a copy also goes in
 $PKGCONFDIR?

 -- 
 David A. Holland
 dholland@netbsd.org

From: Benedek Gergely <gnats@xn--rvztrtkrfrgp-bbb7j2b8f0b9d7a21oft.com>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: pkg/55449: Include the trustanchor in net/dnsmasq package when
 using the dnssec option.
Date: Sat, 10 Oct 2020 15:11:36 +0100

 I don't think its necessary since the user
 will need to edit the config file to enable 
 dnssec anyway at which point they can point
 it at the trust anchor wherever it is.

 It's a shame it can't just grab it from
 /etc/namedb/bind.keys
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.