From owner-freebsd-ports-bugs@FreeBSD.ORG  Thu Jul 12 18:30:06 2012
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 339E71065674
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 12 Jul 2012 18:30:06 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 0BB638FC1A
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 12 Jul 2012 18:30:06 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q6CIU5M1025265
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Thu, 12 Jul 2012 18:30:05 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q6CIU5NM025262;
	Thu, 12 Jul 2012 18:30:05 GMT (envelope-from gnats)
Date: Thu, 12 Jul 2012 18:30:05 GMT
Message-Id: <201207121830.q6CIU5NM025262@freefall.freebsd.org>
To: freebsd-ports-bugs@FreeBSD.org
From: Joe Holden <joe@rewt.org.uk>
Cc: 
Subject: Re: ports/169612: dns/powerdns:  Fix botan/cryptopp dependency,
	make it configurable
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Joe Holden <joe@rewt.org.uk>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jul 2012 18:30:06 -0000

The following reply was made to PR ports/169612; it has been noted by GNATS.

From: Joe Holden <joe@rewt.org.uk>
To: Ralf van der Enden <ralf.vanderenden@deltares.nl>
Cc: <bug-followup@freebsd.org>
Subject: Re: ports/169612: dns/powerdns:  Fix botan/cryptopp dependency,  make it configurable
Date: Thu, 12 Jul 2012 19:29:21 +0100

 On 2012-07-12 16:12, Ralf van der Enden wrote:
 > On 12-7-2012 17:04, Joe Holden wrote:
 >> On 2012-07-12 08:52, Ralf van der Enden wrote:
 >>> Hi Joe,
 >>>
 >>> I've talked to the author of powerdns and if you disable botan and
 >>> cryptopp, pdns will run at half speed when doing DNSSEC stuff.
 >>> Therefore I'm not in favor of making them configurable. Large DNS
 >>> installations might run into serious performance issues. Or is 
 >>> there
 >>> another reason you want them configurable I'm not aware of ?
 >>>
 >> The default should probably be on, but I added that anyway to avoid 
 >> pulling in more dependencies if they aren't being used (e.g; if you 
 >> don't use DNSSEC), or don't have sufficient requirement for it.
 > I'm more in favor of an 'Enable extra DNSSEC algorithms' option
 > instead of configuring cryptopp and botan individually.
 >>
 Agreed, that is more appropriate.
 
 >>> Checking out your patch I did find out there's a bug in powerdns'
 >>> botan 1.8 support when using ECDSA crypto. Your botan patch
 >>> unfortunately doesn't fix things, but I've upgraded botan to 1.10.2 
 >>> on
 >>> my local system and that does seem to correct the issue. When I 
 >>> have
 >>> some more time I will see if the port-maintainer of botan is
 >>> interested in creating a 1.10 port besides the now existing 1.8 
 >>> one.
 >>>
 >> The problem with the botan port is that it didn't enable the correct 
 >> module and also deleted some headers after install - on my machines 
 >> where I use powerdns/botan the patch does allow powerdns to be built 
 >> correctly and the ECDSA headers for botan are present.
 >>
 >> Does this not work on your machine?
 > Building with botan 1.8 worked just fine here, even without your (not
 > yet submitted) patch. Not sure why it didn't on your machine though.
 >
 Interesting, I will have to run through a build on a fresh machine 
 again, the problem was though that powerdns wasn't finding ecdsa.h and 
 friends as they weren't installed without the --enable-modules=ecdsa 
 flag to botan 1.8.
 
 I'll give it another try and see, though.
 
 > The thing that doesn't work though is the following:
 >     pdnssec test-algorithms
 >
 > Although pdns compiled succesfully with botan 1.8, ECDSA support
 > still is broken. I'm guessing that command also shows some failures 
 > on
 > your end when running it.
 > Until it's a) fixed or b) botan is upgraded to 1.10.2, I'm probably
 > gonna disable botan support for now. ECC-GOST (algo 12) is only
 > enabled when compiling against botan 1.10, and ECDSA(algo 13 en 14)
 > are both supported by cryptopp.
 >>
 >>> Best regards,
 >>>
 >>> Ralf van der Enden
 >>>
 >> Thanks,
 >> J
 >>
 >>
 >
 > Thanks for your input though. It made me look further than just a
 > succesful compilation proces.
 >
 > Best regards,
 >
 > Ralf
 
 Thanks,
 J