diff options
author | he <he@pkgsrc.org> | 2012-10-08 13:58:48 +0000 |
---|---|---|
committer | he <he@pkgsrc.org> | 2012-10-08 13:58:48 +0000 |
commit | 3f011dcade5b4df947b1fa1e4c3404a8643cccd0 (patch) | |
tree | 6d54e8510edf1c275038ff13f6878914ffa66b7c /net | |
parent | e613b3f0efa03dae6065d04e7620c6c9e43a68a1 (diff) | |
download | pkgsrc-3f011dcade5b4df947b1fa1e4c3404a8643cccd0.tar.gz |
Add a patch each to code and documentation so that drill probes
for /etc/trusted-key.key, and uses that as a trust anchor if neither
-D nor -k options were specified. This feature is borrowed from
BIND's dig when it is compiled with SIGCHASE support. Bump
PKGREVISION.
Diffstat (limited to 'net')
-rw-r--r-- | net/drill/Makefile | 3 | ||||
-rw-r--r-- | net/drill/distinfo | 4 | ||||
-rw-r--r-- | net/drill/patches/patch-aa | 43 | ||||
-rw-r--r-- | net/drill/patches/patch-ab | 20 |
4 files changed, 68 insertions, 2 deletions
diff --git a/net/drill/Makefile b/net/drill/Makefile index 40d6a49d5a9..41103e349a0 100644 --- a/net/drill/Makefile +++ b/net/drill/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.5 2012/10/08 13:30:43 he Exp $ +# $NetBSD: Makefile,v 1.6 2012/10/08 13:58:48 he Exp $ VERSION= 1.6.13 DISTNAME= ldns-${VERSION} PKGNAME= drill-${VERSION} +PKGREVISION= 1 CATEGORIES= net MASTER_SITES= http://www.nlnetlabs.nl/downloads/ldns/ diff --git a/net/drill/distinfo b/net/drill/distinfo index 4808668968a..8c032b894cc 100644 --- a/net/drill/distinfo +++ b/net/drill/distinfo @@ -1,5 +1,7 @@ -$NetBSD: distinfo,v 1.5 2012/10/08 13:30:43 he Exp $ +$NetBSD: distinfo,v 1.6 2012/10/08 13:58:48 he Exp $ SHA1 (ldns-1.6.13.tar.gz) = 859f633d10b763f06b602e2113828cbbd964c7eb RMD160 (ldns-1.6.13.tar.gz) = c01c30699be2df5712a397516cd1a17bd8b155be Size (ldns-1.6.13.tar.gz) = 1066139 bytes +SHA1 (patch-aa) = 3bbfcea6f44b49526451286590eac5de62841e72 +SHA1 (patch-ab) = 706e5edcf6982337b7360051f9964d77ad8716c2 diff --git a/net/drill/patches/patch-aa b/net/drill/patches/patch-aa new file mode 100644 index 00000000000..6e6148c9053 --- /dev/null +++ b/net/drill/patches/patch-aa @@ -0,0 +1,43 @@ +$NetBSD: patch-aa,v 1.1 2012/10/08 13:58:48 he Exp $ + +For compatibility with dig, if neither -k <key> nor -D is specified, +read /etc/trusted-key.key if it exists, and if successful, turn on +DNSSEC handling. + +--- drill.c.orig 2012-01-20 10:18:41.000000000 +0000 ++++ drill.c +@@ -10,6 +10,8 @@ + #include "drill.h" + #include <ldns/ldns.h> + ++#include <sys/stat.h> ++ + #ifdef HAVE_SSL + #include <openssl/err.h> + #endif +@@ -397,6 +399,25 @@ main(int argc, char *argv[]) + argc -= optind; + argv += optind; + ++ /* ++ * If DNSSEC isn't enabled already, and /etc/trusted-key.key ++ * exists, try to read it and turn on DNSSEC handling if successful. ++ */ ++ { ++ struct stat sb; ++ ++ if (stat("/etc/trusted-key.key", &sb) == 0) { ++ if (qdnssec != true) { ++ status = read_key_file("/etc/trusted-key.key", key_list); ++ if (status != LDNS_STATUS_OK) { ++ error("Could not parse the key file /etc/trusted-key.key: %s", ldns_get_errorstr_by_id(status)); ++ } else { ++ qdnssec = true; /* enable that too */ ++ } ++ } ++ } ++ } ++ + /* do a secure trace when requested */ + if (PURPOSE == DRILL_TRACE && qdnssec) { + #ifdef HAVE_SSL diff --git a/net/drill/patches/patch-ab b/net/drill/patches/patch-ab new file mode 100644 index 00000000000..5053edbeeed --- /dev/null +++ b/net/drill/patches/patch-ab @@ -0,0 +1,20 @@ +$NetBSD: patch-ab,v 1.1 2012/10/08 13:58:48 he Exp $ + +Document the automatic probing for /etc/trusted-key.key. + +--- drill.1.orig 2010-08-06 07:09:45.000000000 +0000 ++++ drill.1 +@@ -161,6 +161,13 @@ given \fBdrill\fR tries to validate the + key. No chasing is done. When \fBdrill\fR is doing a secure trace, this + key will be used as trust anchor. Can contain a DNSKEY or a DS record. + ++Alternatively, if ++\fB-k\fR ++is not specified, and ++\fI/etc/trusted-key.key\fR ++exists and contains a valid DNSKEY or DS record, it will be used ++as the trust anchor. ++ + .TP + \fB\-o \fImnemonic\fR + Use this option to set or unset specific header bits. A bit is |