diff options
| author | pettai <pettai@pkgsrc.org> | 2011-01-24 20:30:28 +0000 |
|---|---|---|
| committer | pettai <pettai@pkgsrc.org> | 2011-01-24 20:30:28 +0000 |
| commit | 77b9b55e05e8ed35949255ec0dc16917d97b843b (patch) | |
| tree | 6176efe7bed96924a402bb3cd54370cc54a0b2b3 | |
| parent | 3725d0eb4bd3bfe1d28e273723a135861fba9f42 (diff) | |
| download | pkgsrc-77b9b55e05e8ed35949255ec0dc16917d97b843b.tar.gz | |
OpenDNSSEC 1.2.0:
Bugfixes:
* Enforcer: Fixed a number of build warnings.
OpenDNSSEC 1.2.0rc3:
* Moved migration instructions to the file MIGRATION
Bugfixes:
* Bugreport #199: The previous DB schema change made the zone removal broken.
* Enforcer: When retiring old KSK, use TTL(ds) and not TTL(ksk).
* Enforcer: Minimize the set of DS RRs sent to DelegationSignerSubmitCommand.
* Enforcer: Replace tab with a space character in the DNSKEY printed to syslog.
* Enforcer: Fixed pontential format string bug.
* ods-ksmutil: Log to syslog when ds-seen changes a key to active/standby.
* Signer Engine: Don't be smart with RRSIG TTLs, the hsm will set them for you.
* Signer Engine: Set notify command for zone when receiving ods-signer update.
* Signer Engine: Update TTL of NSEC(3) records if SOA Minimum has changed
in KASP.
* Signer Engine: Now logs to the correct facility.
* Signer Engine: Also remove NSEC records when detecting changes in
signconf <Denial>
* Signer Engine: Dropped privileges before starting Zonefetcher.
OpenDNSSEC 1.2.0rc2:
Bugfixes:
* Signer Engine: Use the correct TTL for RRs after the $INCLUDE directive.
* Signer Engine: Also create new signature if TTL of RR has changed.
* Signer Engine: Drop old NSEC/NSEC3 records.
* ods-ksmutil: Fixed some memory leaks.
OpenDNSSEC 1.2.0rc1:
* New commandline option for the signer: ods-signer running.
* Allow connection to different MySQL ports in the Enforcer.
* Tone down and explain warning when converting M or Y to seconds
* ldns 1.6.7 is required for bugfixes
* dnsruby 1.51 is required for bugfixes
Bugfixes:
* Bugreport #187: ods-control signer start will return non-zero if start up
failed (uses ods-signer running).
* Narrow glue at the zone cut is allowed, do not consider it as occluded.
* Move zone fetcher output to correct input adapter file.
* Enforcer shared keys on zones with ShareKeys disabled.
* Make names of key states consistent.
* Signer Engine file descriptor leak fix on engine.sock.
* Set explicit "unlimited" repository capacity to prevent random integer being
read. Requires "ods-ksmutil update conf" to be run if using an existing
database.
* Fix issue with key generation creating too many keys Ticket #194.
* Bugreport #189: Auditor did not handle white-space-seperated substrings
for base64 text
* Bugreport #190: Auditor (and signer) does not handle case correctly
* Signer now silence stdout-output from the notify command
OpenDNSSEC 1.2.0b1:
* A new signer engine, written in c. Zones are maintained in memory, instead of
in files on disk.
* Removed the python and python-4suite-xml dependencies.
* Remove separate autoconf for libhsm/conf/enforcer.
* Add option to disable building the signer.
* Signer logs statistics just after outputting a new signed zone.
* libhsm will skip processing (and not create) any public keys if the
per repository option <SkipPublicKey/> is set.
* Keysharing improved - keys can now exist in different states on each zone
that the key is in use for.
* Backup prepare/commit/rollback added for 2-step backups without taking the
enforcer offline.
* Standby keys are now optional (default to 0) and should be considered
experimental.
Bugfixes:
* Fix semantics of refresh value in Signer Engine.
* Auditor handles chains of empty nonterminals correctly.
* Recalculate salt immediately if the saltlength is changed.
* libhsm connected to slot 0 if the token label was not found.
An error is now returned instead of connecting to the slot.
* Bugreport #102: Removed the obsoleted python-4suite-xml dependency.
* Fixed Known Issue: KSK rollover requires manual timing.
* Fixed Known Issue: Key rollover and reuse of signatures.
* Fixed Known Issue: Issue with sharing keys and adding zones.
* Fixed Known Issue: Quicksorter does not allow certain owner names
(Quicksorter is removed, signer now reads and sorts the zone).
| -rw-r--r-- | security/opendnssec/Makefile | 21 | ||||
| -rw-r--r-- | security/opendnssec/PLIST | 39 | ||||
| -rw-r--r-- | security/opendnssec/distinfo | 10 | ||||
| -rw-r--r-- | security/opendnssec/options.mk | 3 | ||||
| -rw-r--r-- | security/opendnssec/patches/patch-aa | 44 |
5 files changed, 42 insertions, 75 deletions
diff --git a/security/opendnssec/Makefile b/security/opendnssec/Makefile index bf78035aa9c..c6bc25b1d2b 100644 --- a/security/opendnssec/Makefile +++ b/security/opendnssec/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.8 2010/09/13 07:53:06 pettai Exp $ +# $NetBSD: Makefile,v 1.9 2011/01/24 20:30:28 pettai Exp $ # -DISTNAME= opendnssec-1.1.3 +DISTNAME= opendnssec-1.2.0 CATEGORIES= security net MASTER_SITES= http://www.opendnssec.org/files/source/ @@ -10,11 +10,9 @@ HOMEPAGE= http://www.opendnssec.org/ COMMENT= OSS for a fast and easy DNSSEC deployment LICENSE= 2-clause-bsd -DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat -DEPENDS+= ${PYPKGPREFIX}-4Suite-[0-9]*:../../textproc/py-4Suite -DEPENDS+= ldns>=1.6.6:../../net/ldns +DEPENDS+= ldns>=1.6.7:../../net/ldns DEPENDS+= ${RUBY_PKGPREFIX}-rubygems-[0-9]*:../../misc/rubygems -DEPENDS+= ${RUBY_PKGPREFIX}-dnsruby>=1.49:../../net/ruby-dnsruby +DEPENDS+= ${RUBY_PKGPREFIX}-dnsruby>=1.51:../../net/ruby-dnsruby BUILD_DEPENDS+= CUnit-[0-9]*:../../devel/cunit PKG_DESTDIR_SUPPORT= user-destdir @@ -66,18 +64,17 @@ INSTALLATION_DIRS+= share/opendnssec INSTALLATION_DIRS+= lib/opendnssec INSTALLATION_DIRS+= lib/opendnssec/signer INSTALLATION_DIRS+= lib/opendnssec/kasp_auditor -INSTALLATION_DIRS+= ${VARBASE}/opendnssec -INSTALLATION_DIRS+= ${VARBASE}/opendnssec/tmp -INSTALLATION_DIRS+= ${VARBASE}/opendnssec/signconf -INSTALLATION_DIRS+= ${VARBASE}/opendnssec/signed -INSTALLATION_DIRS+= ${VARBASE}/opendnssec/unsigned +OWN_DIRS+= ${VARBASE}/opendnssec +OWN_DIRS+= ${VARBASE}/opendnssec/tmp +OWN_DIRS+= ${VARBASE}/opendnssec/signconf +OWN_DIRS+= ${VARBASE}/opendnssec/signed +OWN_DIRS+= ${VARBASE}/opendnssec/unsigned .include "options.mk" pre-install: ${MKDIR} ${DESTDIR}${PKG_SYSCONFDIR}/opendnssec -.include "../../lang/python/application.mk" #.include "../../devel/cunit/buildlink3.mk" .include "../../textproc/libxml2/buildlink3.mk" .include "../../net/ldns/buildlink3.mk" diff --git a/security/opendnssec/PLIST b/security/opendnssec/PLIST index a89a7aa60c8..e9c7d8643f6 100644 --- a/security/opendnssec/PLIST +++ b/security/opendnssec/PLIST @@ -1,52 +1,21 @@ -@comment $NetBSD: PLIST,v 1.2 2010/06/16 00:19:08 pettai Exp $ +@comment $NetBSD: PLIST,v 1.3 2011/01/24 20:30:28 pettai Exp $ bin/ods-auditor bin/ods-hsmspeed bin/ods-hsmutil bin/ods-kasp2html bin/ods-kaspcheck bin/ods-ksmutil -include/hsmtest.h -include/libhsm.h -include/libhsmdns.h -lib/libhsm.la lib/opendnssec/kasp_auditor.rb lib/opendnssec/kasp_auditor/auditor.rb +lib/opendnssec/kasp_auditor/changed_config.rb +lib/opendnssec/kasp_auditor/commands.rb lib/opendnssec/kasp_auditor/config.rb lib/opendnssec/kasp_auditor/key_tracker.rb lib/opendnssec/kasp_auditor/parse.rb lib/opendnssec/kasp_auditor/partial_auditor.rb lib/opendnssec/kasp_auditor/preparser.rb lib/opendnssec/kasp_checker.rb -lib/opendnssec/signer/Engine.py -lib/opendnssec/signer/Engine.pyc -lib/opendnssec/signer/Engine.pyo -lib/opendnssec/signer/EngineConfig.py -lib/opendnssec/signer/EngineConfig.pyc -lib/opendnssec/signer/EngineConfig.pyo -lib/opendnssec/signer/Util.py -lib/opendnssec/signer/Util.pyc -lib/opendnssec/signer/Util.pyo -lib/opendnssec/signer/Worker.py -lib/opendnssec/signer/Worker.pyc -lib/opendnssec/signer/Worker.pyo -lib/opendnssec/signer/Zone.py -lib/opendnssec/signer/Zone.pyc -lib/opendnssec/signer/Zone.pyo -lib/opendnssec/signer/ZoneConfig.py -lib/opendnssec/signer/ZoneConfig.pyc -lib/opendnssec/signer/ZoneConfig.pyo -lib/opendnssec/signer/ZoneList.py -lib/opendnssec/signer/ZoneList.pyc -lib/opendnssec/signer/ZoneList.pyo lib/opendnssec/time_shift.rb -libexec/opendnssec/create_dnskey -libexec/opendnssec/finalizer -libexec/opendnssec/get_class -libexec/opendnssec/get_serial -libexec/opendnssec/quicksorter -libexec/opendnssec/signer -libexec/opendnssec/zone_fetcher -libexec/opendnssec/zone_reader man/man1/ods-auditor.1 man/man1/ods-hsmspeed.1 man/man1/ods-hsmutil.1 @@ -70,7 +39,6 @@ share/examples/opendnssec/zonefetch.xml share/examples/opendnssec/zonefetch.xml.sample share/examples/opendnssec/zonelist.xml share/examples/opendnssec/zonelist.xml.sample -share/opendnssec.spec share/opendnssec/conf.rnc share/opendnssec/conf.rng share/opendnssec/database_create.sqlite3 @@ -83,4 +51,5 @@ share/opendnssec/zonefetch.rnc share/opendnssec/zonefetch.rng share/opendnssec/zonelist.rnc share/opendnssec/zonelist.rng +@pkgdir lib/opendnssec/signer @pkgdir etc/opendnssec diff --git a/security/opendnssec/distinfo b/security/opendnssec/distinfo index 99bd8357b6a..03dd37f48dd 100644 --- a/security/opendnssec/distinfo +++ b/security/opendnssec/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.5 2010/09/13 07:53:06 pettai Exp $ +$NetBSD: distinfo,v 1.6 2011/01/24 20:30:28 pettai Exp $ -SHA1 (opendnssec-1.1.3.tar.gz) = 394640b0cb8bb5afdf3446b4fe15e4942acd0d11 -RMD160 (opendnssec-1.1.3.tar.gz) = 2a41bf17553ed02e4654887a81f4665e4acdbf2d -Size (opendnssec-1.1.3.tar.gz) = 2207087 bytes -SHA1 (patch-aa) = 0007803ca6b323775b7d5e03d5f00c07030e14cc +SHA1 (opendnssec-1.2.0.tar.gz) = 51e169f283bd1b69892bead8be9b6b7446e607de +RMD160 (opendnssec-1.2.0.tar.gz) = b243c9e6edccd15e1ccb8fb8839c931a77e613df +Size (opendnssec-1.2.0.tar.gz) = 1614858 bytes +SHA1 (patch-aa) = ec0db5d0fe2cb5f0808e5113006b1243040b547d diff --git a/security/opendnssec/options.mk b/security/opendnssec/options.mk index c7c2560461f..52ddfea7cd1 100644 --- a/security/opendnssec/options.mk +++ b/security/opendnssec/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.1.1.1 2010/05/06 12:50:17 pettai Exp $ +# $NetBSD: options.mk,v 1.2 2011/01/24 20:30:28 pettai Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.opendnssec PKG_SUPPORTED_OPTIONS= softhsm @@ -10,5 +10,6 @@ PKG_SUGGESTED_OPTIONS= softhsm ### SoftHSM ### .if !empty(PKG_OPTIONS:Msofthsm) +DEPENDS+= softhsm-[0-9]*:../../security/softhsm .include "../../security/softhsm/buildlink3.mk" .endif diff --git a/security/opendnssec/patches/patch-aa b/security/opendnssec/patches/patch-aa index b7d997821d5..860fbdb1826 100644 --- a/security/opendnssec/patches/patch-aa +++ b/security/opendnssec/patches/patch-aa @@ -1,45 +1,45 @@ -$NetBSD: patch-aa,v 1.2 2010/06/16 00:19:08 pettai Exp $ +$NetBSD: patch-aa,v 1.3 2011/01/24 20:30:28 pettai Exp $ ---- conf/Makefile.in.orig 2009-12-19 21:39:52.000000000 +0100 -+++ conf/Makefile.in 2009-12-19 21:43:40.000000000 +0100 -@@ -166,6 +166,7 @@ - sharedstatedir = @sharedstatedir@ +--- conf/Makefile.in.orig 2010-11-17 09:07:35.000000000 +0000 ++++ conf/Makefile.in +@@ -277,6 +277,7 @@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ + subdirs = @subdirs@ sysconfdir = @sysconfdir@/opendnssec +EGDIR=@EGDIR@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ -@@ -540,19 +541,19 @@ +@@ -530,19 +531,19 @@ regress: $(RNG) (echo "kasp.xml built") install-data-hook: - test -d ${DESTDIR}${sysconfdir} || mkdir -p ${DESTDIR}${sysconfdir} - test -f ${DESTDIR}${sysconfdir}/conf.xml || \ -- ${INSTALL_DATA} -m 0640 ${top_builddir}/conf.xml ${DESTDIR}${sysconfdir} -- ${INSTALL_DATA} -m 640 ${top_builddir}/conf.xml ${DESTDIR}${sysconfdir}/conf.xml.sample +- ${INSTALL_DATA} -m 0640 conf.xml ${DESTDIR}${sysconfdir} +- ${INSTALL_DATA} -m 640 conf.xml ${DESTDIR}${sysconfdir}/conf.xml.sample - test -f ${DESTDIR}${sysconfdir}/zonelist.xml || \ -- ${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${sysconfdir} -- ${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${sysconfdir}/zonelist.xml.sample +- ${INSTALL_DATA} zonelist.xml ${DESTDIR}${sysconfdir} +- ${INSTALL_DATA} zonelist.xml ${DESTDIR}${sysconfdir}/zonelist.xml.sample - test -f ${DESTDIR}${sysconfdir}/zonefetch.xml || \ -- ${INSTALL_DATA} -m 0640 ${top_builddir}/zonefetch.xml ${DESTDIR}${sysconfdir} -- ${INSTALL_DATA} -m 640 ${top_builddir}/zonefetch.xml ${DESTDIR}${sysconfdir}/zonefetch.xml.sample +- ${INSTALL_DATA} -m 0640 zonefetch.xml ${DESTDIR}${sysconfdir} +- ${INSTALL_DATA} -m 640 zonefetch.xml ${DESTDIR}${sysconfdir}/zonefetch.xml.sample - test -f ${DESTDIR}${sysconfdir}/kasp.xml || \ -- ${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${sysconfdir} -- ${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${sysconfdir}/kasp.xml.sample +- ${INSTALL_DATA} kasp.xml ${DESTDIR}${sysconfdir} +- ${INSTALL_DATA} kasp.xml ${DESTDIR}${sysconfdir}/kasp.xml.sample + test -d ${DESTDIR}${EGDIR} || mkdir -p ${DESTDIR}${EGDIR} + test -f ${DESTDIR}${EGDIR}/conf.xml || \ -+ ${INSTALL_DATA} -m 0640 ${top_builddir}/conf.xml ${DESTDIR}${EGDIR} -+ ${INSTALL_DATA} -m 640 ${top_builddir}/conf.xml ${DESTDIR}${EGDIR}/conf.xml.sample ++ ${INSTALL_DATA} -m 0640 conf.xml ${DESTDIR}${EGDIR} ++ ${INSTALL_DATA} -m 640 conf.xml ${DESTDIR}${EGDIR}/conf.xml.sample + test -f ${DESTDIR}${EGDIR}/zonelist.xml || \ -+ ${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${EGDIR} -+ ${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${EGDIR}/zonelist.xml.sample ++ ${INSTALL_DATA} zonelist.xml ${DESTDIR}${EGDIR} ++ ${INSTALL_DATA} zonelist.xml ${DESTDIR}${EGDIR}/zonelist.xml.sample + test -f ${DESTDIR}${EGDIR}/zonefetch.xml || \ -+ ${INSTALL_DATA} -m 0640 ${top_builddir}/zonefetch.xml ${DESTDIR}${EGDIR} -+ ${INSTALL_DATA} -m 640 ${top_builddir}/zonefetch.xml ${DESTDIR}${EGDIR}/zonefetch.xml.sample ++ ${INSTALL_DATA} -m 0640 zonefetch.xml ${DESTDIR}${EGDIR} ++ ${INSTALL_DATA} -m 640 zonefetch.xml ${DESTDIR}${EGDIR}/zonefetch.xml.sample + test -f ${DESTDIR}${EGDIR}/kasp.xml || \ -+ ${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${EGDIR} -+ ${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${EGDIR}/kasp.xml.sample ++ ${INSTALL_DATA} kasp.xml ${DESTDIR}${EGDIR} ++ ${INSTALL_DATA} kasp.xml ${DESTDIR}${EGDIR}/kasp.xml.sample # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: |