Date: Mon, 18 May 2015 11:41:42 +0000 (UTC) From: Mathieu Arnold <mat@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r386672 - in head/dns: bind910 bind99 Message-ID: <201505181141.t4IBfg4N046998@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mat Date: Mon May 18 11:41:41 2015 New Revision: 386672 URL: https://svnweb.freebsd.org/changeset/ports/386672 Log: Allow BIND 9.10 users to select the old key format when using GOST.[1] While there, reword the options a bit, and the pkg-help files. PR: 200031 [1] Submitted by: Leo Vandewoestijne [1] Sponsored by: Absolight Modified: head/dns/bind910/Makefile head/dns/bind910/pkg-help head/dns/bind99/Makefile head/dns/bind99/pkg-help Modified: head/dns/bind910/Makefile ============================================================================== --- head/dns/bind910/Makefile Mon May 18 11:33:11 2015 (r386671) +++ head/dns/bind910/Makefile Mon May 18 11:41:41 2015 (r386672) @@ -1,4 +1,5 @@ # $FreeBSD$ +# pkg-help formatted with fmt 59 63 PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/} @@ -7,7 +8,7 @@ PORTVERSION= ${ISCVERSION:S/-P/P/} PORTREVISION= 0 .else # dns/bind910 here -PORTREVISION= 3 +PORTREVISION= 4 .endif CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} @@ -49,10 +50,11 @@ SUB_FILES= pkg-message .endif OPTIONS_DEFAULT= IPV6 SSL THREADS SIGCHASE IDN GSSAPI_NONE -OPTIONS_DEFINE= IDN LARGE_FILE GOST PYTHON \ +OPTIONS_DEFINE= IDN LARGE_FILE PYTHON \ FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA -OPTIONS_RADIO= CRYPTO +OPTIONS_RADIO= CRYPTO GOSTDEF OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11 +OPTIONS_RADIO_GOSTDEF= GOST GOST_ASN1 .if !defined(BIND_TOOLS_SLAVE) OPTIONS_DEFAULT+= RRL @@ -74,7 +76,9 @@ FILTER_AAAA_DESC= Enable filtering of AA CRYPTO_DESC= Choose which crypto engine to use NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) GEOIP_DESC= Allow geographically based ACL. -GOST_DESC= Enable GOST ciphers, needs SSL (see help) +GOSTDEF_DESC= Enable GOST ciphers, needs SSL (see help on 8 and 9) +GOST_DESC= GOST raw keys (new default) +GOST_ASN1_DESC= GOST using ASN.1 PYTHON_DESC= Build with Python utilities LINKS_DESC= Create conf file symlinks in ${PREFIX} @@ -89,10 +93,10 @@ DLZ_BDB_DESC= DLZ BDB driver DLZ_LDAP_DESC= DLZ LDAP driver DLZ_FILESYSTEM_DESC= DLZ filesystem driver DLZ_STUB_DESC= DLZ stub driver -GSSAPI_BASE_DESC= ${GSSAPI_DESC} (Heimdal in base) -GSSAPI_HEIMDAL_DESC= ${GSSAPI_DESC} (security/heimdal) -GSSAPI_MIT_DESC= ${GSSAPI_DESC} (security/krb5) -GSSAPI_NONE_DESC= No ${GSSAPI_DESC} +GSSAPI_BASE_DESC= Using Heimdal in base +GSSAPI_HEIMDAL_DESC= Using security/heimdal +GSSAPI_MIT_DESC= Using security/krb5 +GSSAPI_NONE_DESC= Disable .if !defined(BIND_TOOLS_SLAVE) CONFLICTS+= bind-tools-9.* @@ -122,7 +126,8 @@ NATIVE_PKCS11_CONFIGURE_ENABLE= native-p GEOIP_CONFIGURE_WITH= geoip GEOIP_LIB_DEPENDS= libGeoIP.so:${PORTSDIR}/net/GeoIP -GOST_CONFIGURE_WITH= gost +GOST_CONFIGURE_ON= --with-gost +GOST_ASN1_CONFIGURE_ON= --with-gost=asn1 PYTHON_CONFIGURE_WITH= python PYTHON_USES= python @@ -164,6 +169,10 @@ GSSAPI_NONE_CONFIGURE_ON= --without-gssa .include <bsd.port.options.mk> +.if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1} +CONFIGURE_ARGS+== --without-gost +.endif + .if !${PORT_OPTIONS:MLINKS} PKGINSTALL=${NONEXISTENT} .endif @@ -182,7 +191,7 @@ SUB_LIST+= NOBASE="" BASE="@comment " USE_RC_SUBR+= named SUB_FILES+= named.conf .endif # !defined(BIND_TOOLS_SLAVE) -.if ${PORT_OPTIONS:MGOST} +.if ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} WITH_OPENSSL_PORT=yes .endif .else Modified: head/dns/bind910/pkg-help ============================================================================== --- head/dns/bind910/pkg-help Mon May 18 11:33:11 2015 (r386671) +++ head/dns/bind910/pkg-help Mon May 18 11:41:41 2015 (r386672) @@ -1,3 +1,4 @@ + NATIVE_PKCS11 When using the NATIVE_PKCS11 option, BIND will use the PKCS#11 engine specified by the named_pkcss11_engine variable in /etc/rc.conf for *all* crypto operations. @@ -5,19 +6,19 @@ engine specified by the named_pkcss11_en This is primarily intended to be used in an authoritative case. -If BIND will also be operating as a validating resolver, +If BIND is also operating as a validating resolver, NATIVE_PKCS11 should not be used, because the HSM will be -used for DNSSEC validations, and the HSM is likely to be -slower than the CPU for this purpose. Additionally, the HSM -might not support all of the PKCS#11 API functions needed -for signature verification. +used for all crypto, including DNSSEC validations, and the +HSM is likely to be slower than the CPU for this purpose. +Additionally, the HSM might not support all of the PKCS#11 +API functions needed for signature verification. - GOST -If using a chrooted instance of BIND, the OpenSSL engines -need to be accessible from within the chroot. If BIND -is chrooted in /var/named, this can be achieved by either -copying content of /usr/local/lib/engines into -/var/named/usr/local/lib/engines, or by creating that -directory and adding this line to /etc/fstab: + GOST +If using a chrooted instance of BIND on FreeBSD 8.x and 9.x, +the OpenSSL engines MUST be accessible from within the chroot. +If BIND is chrooted in /var/named, this can be achieved by +either copying content of /usr/local/lib/engines into +/var/named/usr/local/lib/engines, or by creating that directory +and adding this line to /etc/fstab: /usr/local/lib/engines /var/named/usr/local/lib/engines nullfs ro 0 0 Modified: head/dns/bind99/Makefile ============================================================================== --- head/dns/bind99/Makefile Mon May 18 11:33:11 2015 (r386671) +++ head/dns/bind99/Makefile Mon May 18 11:41:41 2015 (r386672) @@ -1,4 +1,5 @@ # $FreeBSD$ +# pkg-help formatted with fmt 59 63 PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/} @@ -58,7 +59,7 @@ LARGE_FILE_DESC= 64-bit file support FIXED_RRSET_DESC= Enable fixed rrset ordering SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation FILTER_AAAA_DESC= Enable filtering of AAAA records -GOST_DESC= Enable GOST ciphers, needs SSL (see help) +GOST_DESC= Enable GOST ciphers, needs SSL (see help on 8 and 9) PYTHON_DESC= Build with Python utilities LINKS_DESC= Create conf file symlinks in ${PREFIX} Modified: head/dns/bind99/pkg-help ============================================================================== --- head/dns/bind99/pkg-help Mon May 18 11:33:11 2015 (r386671) +++ head/dns/bind99/pkg-help Mon May 18 11:41:41 2015 (r386672) @@ -1,9 +1,8 @@ - - GOST -If using a chrooted instance of BIND, the OpenSSL engines -need to be accessible from within the chroot. If BIND -is chrooted in /var/named, this can be achieved by either -copying content of /usr/local/lib/engines into -/var/named/usr/local/lib/engines, or by creating that -directory and adding this line to /etc/fstab: + GOST +If using a chrooted instance of BIND on FreeBSD 8.x and 9.x, +the OpenSSL engines MUST be accessible from within the chroot. +If BIND is chrooted in /var/named, this can be achieved by +either copying content of /usr/local/lib/engines into +/var/named/usr/local/lib/engines, or by creating that directory +and adding this line to /etc/fstab: /usr/local/lib/engines /var/named/usr/local/lib/engines nullfs ro 0 0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201505181141.t4IBfg4N046998>