Date: Sat, 17 May 2014 21:30:25 +0000 (UTC) From: Mathieu Arnold <mat@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r354375 - in head/dns: bind910 bind98 bind99 Message-ID: <201405172130.s4HLUPHV011474@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mat Date: Sat May 17 21:30:24 2014 New Revision: 354375 URL: http://svnweb.freebsd.org/changeset/ports/354375 QAT: https://qat.redports.org/buildarchive/r354375/ Log: Fix build with GOST (on 10, base OpenSSL doesn't have it) Make sure OpenSSL from ports is used < 10. Sponsored by: Absolight Added: head/dns/bind98/pkg-help - copied, changed from r354152, head/dns/bind910/pkg-help head/dns/bind99/pkg-help - copied, changed from r354152, head/dns/bind910/pkg-help Modified: head/dns/bind910/Makefile head/dns/bind910/pkg-help head/dns/bind98/Makefile head/dns/bind99/Makefile Modified: head/dns/bind910/Makefile ============================================================================== --- head/dns/bind910/Makefile Sat May 17 21:28:59 2014 (r354374) +++ head/dns/bind910/Makefile Sat May 17 21:30:24 2014 (r354375) @@ -2,7 +2,7 @@ PORTNAME= bind PORTVERSION= 9.10.0.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} @@ -56,7 +56,7 @@ FILTER_AAAA_DESC= Enable filtering of AA CRYPTO_DESC= Choose which crypto engine to use NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) GEOIP_DESC= Allow geographically based ACL. -GOST_DESC= Enable GOST ciphers (DSO incompatible with chroot) +GOST_DESC= Enable GOST ciphers, needs SSL (see help) LINKS_DESC= Create conf file symlinks in ${PREFIX} NEWSTATS_DESC= Enable alternate xml statistics channel format @@ -154,6 +154,9 @@ PLIST_SUB+= NOBASE="" BASE="@comment " SUB_LIST+= NOBASE="" BASE="@comment " USE_RC_SUBR+= named SUB_FILES+= named.conf +.if ${PORT_OPTIONS:MGOST} +WITH_OPENSSL_PORT=yes +.endif .else ETCDIR= ${PREFIX}/etc PLIST_SUB+= NOBASE="@comment " BASE="" Modified: head/dns/bind910/pkg-help ============================================================================== --- head/dns/bind910/pkg-help Sat May 17 21:28:59 2014 (r354374) +++ head/dns/bind910/pkg-help Sat May 17 21:30:24 2014 (r354375) @@ -11,3 +11,13 @@ used for DNSSEC validations, and the HSM slower than the CPU for this purpose. Additionally, the HSM might not support all of the PKCS#11 API functions needed for signature verification. + + + GOST +If using a chrooted instance of BIND, the OpenSSL engines +need to be accessible from within the chroot. If BIND +is chrooted in /var/named, this can be achieved by either +copying content of /usr/local/lib/engines into +/var/named/usr/local/lib/engines, or by creating that +directory and adding this line to /etc/fstab: +/usr/local/lib/engines /var/named/usr/local/lib/engines nullfs ro 0 0 Modified: head/dns/bind98/Makefile ============================================================================== --- head/dns/bind98/Makefile Sat May 17 21:28:59 2014 (r354374) +++ head/dns/bind98/Makefile Sat May 17 21:30:24 2014 (r354375) @@ -2,7 +2,7 @@ PORTNAME= bind PORTVERSION= 9.8.7 -PORTREVISION= 13 +PORTREVISION= 14 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} @@ -156,8 +156,14 @@ SUB_LIST+= BIND_DESTETC="${BIND_DESTETC} PLIST_SUB+= NOBASE="" BASE="@comment " USE_RC_SUBR+= named SUB_FILES+= named.conf +.if ${PORT_OPTIONS:MGOST} +WITH_OPENSSL_PORT=yes +.endif .else PLIST_SUB+= NOBASE="@comment " BASE="" +.if ${PORT_OPTIONS:MSSL} +WITH_OPENSSL_PORT= yes +.endif .endif post-patch: Copied and modified: head/dns/bind98/pkg-help (from r354152, head/dns/bind910/pkg-help) ============================================================================== --- head/dns/bind910/pkg-help Thu May 15 16:44:18 2014 (r354152, copy source) +++ head/dns/bind98/pkg-help Sat May 17 21:30:24 2014 (r354375) @@ -1,13 +1,8 @@ -When using the NATIVE_PKCS11 option, BIND will use the PKCS#11 -engine specified by the named_pkcss11_engine variable in -/etc/rc.conf for *all* crypto operations. - -This is primarily intended to be used in an authoritative -case. - -If BIND will also be operating as a validating resolver, -NATIVE_PKCS11 should not be used, because the HSM will be -used for DNSSEC validations, and the HSM is likely to be -slower than the CPU for this purpose. Additionally, the HSM -might not support all of the PKCS#11 API functions needed -for signature verification. + GOST +If using a chrooted instance of BIND, the OpenSSL engines +need to be accessible from within the chroot. If BIND +is chrooted in /var/named, this can be achieved by either +copying content of /usr/local/lib/engines into +/var/named/usr/local/lib/engines, or by creating that +directory and adding this line to /etc/fstab: +/usr/local/lib/engines /var/named/usr/local/lib/engines nullfs ro 0 0 Modified: head/dns/bind99/Makefile ============================================================================== --- head/dns/bind99/Makefile Sat May 17 21:28:59 2014 (r354374) +++ head/dns/bind99/Makefile Sat May 17 21:30:24 2014 (r354375) @@ -2,7 +2,7 @@ PORTNAME= bind PORTVERSION= 9.9.5 -PORTREVISION= 15 +PORTREVISION= 16 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} @@ -47,7 +47,7 @@ LARGE_FILE_DESC= 64-bit file support FIXED_RRSET_DESC= Enable fixed rrset ordering SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation FILTER_AAAA_DESC= Enable filtering of AAAA records -GOST_DESC= Enable GOST ciphers (DSO incompatible with chroot) +GOST_DESC= Enable GOST ciphers, needs SSL (see help) LINKS_DESC= Create conf file symlinks in ${PREFIX} NEWSTATS_DESC= Enable alternate xml statistics channel format @@ -168,8 +168,14 @@ SUB_LIST+= BIND_DESTETC="${BIND_DESTETC} PLIST_SUB+= NOBASE="" BASE="@comment " USE_RC_SUBR+= named SUB_FILES+= named.conf +.if ${PORT_OPTIONS:MGOST} +WITH_OPENSSL_PORT=yes +.endif .else PLIST_SUB+= NOBASE="@comment " BASE="" +.if ${PORT_OPTIONS:MSSL} +WITH_OPENSSL_PORT= yes +.endif .endif .if !defined(BIND_TOOLS_SLAVE) Copied and modified: head/dns/bind99/pkg-help (from r354152, head/dns/bind910/pkg-help) ============================================================================== --- head/dns/bind910/pkg-help Thu May 15 16:44:18 2014 (r354152, copy source) +++ head/dns/bind99/pkg-help Sat May 17 21:30:24 2014 (r354375) @@ -1,13 +1,9 @@ -When using the NATIVE_PKCS11 option, BIND will use the PKCS#11 -engine specified by the named_pkcss11_engine variable in -/etc/rc.conf for *all* crypto operations. -This is primarily intended to be used in an authoritative -case. - -If BIND will also be operating as a validating resolver, -NATIVE_PKCS11 should not be used, because the HSM will be -used for DNSSEC validations, and the HSM is likely to be -slower than the CPU for this purpose. Additionally, the HSM -might not support all of the PKCS#11 API functions needed -for signature verification. + GOST +If using a chrooted instance of BIND, the OpenSSL engines +need to be accessible from within the chroot. If BIND +is chrooted in /var/named, this can be achieved by either +copying content of /usr/local/lib/engines into +/var/named/usr/local/lib/engines, or by creating that +directory and adding this line to /etc/fstab: +/usr/local/lib/engines /var/named/usr/local/lib/engines nullfs ro 0 0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405172130.s4HLUPHV011474>