Date: Fri, 13 Jul 2012 03:30:07 GMT From: Joe Holden <joe@rewt.org.uk> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/169612: dns/powerdns: Fix botan/cryptopp dependency, make it configurable Message-ID: <201207130330.q6D3U77d097713@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/169612; it has been noted by GNATS.
From: Joe Holden <joe@rewt.org.uk>
To: Ralf van der Enden <ralf.vanderenden@deltares.nl>
Cc: <bug-followup@freebsd.org>
Subject: Re: ports/169612: dns/powerdns: Fix botan/cryptopp dependency, make it configurable
Date: Fri, 13 Jul 2012 04:23:19 +0100
On 2012-07-12 16:12, Ralf van der Enden wrote:
> On 12-7-2012 17:04, Joe Holden wrote:
>> On 2012-07-12 08:52, Ralf van der Enden wrote:
>>> Hi Joe,
>>>
>>> I've talked to the author of powerdns and if you disable botan and
>>> cryptopp, pdns will run at half speed when doing DNSSEC stuff.
>>> Therefore I'm not in favor of making them configurable. Large DNS
>>> installations might run into serious performance issues. Or is
>>> there
>>> another reason you want them configurable I'm not aware of ?
>>>
>> The default should probably be on, but I added that anyway to avoid
>> pulling in more dependencies if they aren't being used (e.g; if you
>> don't use DNSSEC), or don't have sufficient requirement for it.
> I'm more in favor of an 'Enable extra DNSSEC algorithms' option
> instead of configuring cryptopp and botan individually.
>>
>>> Checking out your patch I did find out there's a bug in powerdns'
>>> botan 1.8 support when using ECDSA crypto. Your botan patch
>>> unfortunately doesn't fix things, but I've upgraded botan to 1.10.2
>>> on
>>> my local system and that does seem to correct the issue. When I
>>> have
>>> some more time I will see if the port-maintainer of botan is
>>> interested in creating a 1.10 port besides the now existing 1.8
>>> one.
>>>
>> The problem with the botan port is that it didn't enable the correct
>> module and also deleted some headers after install - on my machines
>> where I use powerdns/botan the patch does allow powerdns to be built
>> correctly and the ECDSA headers for botan are present.
>>
>> Does this not work on your machine?
> Building with botan 1.8 worked just fine here, even without your (not
> yet submitted) patch. Not sure why it didn't on your machine though.
>
> The thing that doesn't work though is the following:
> pdnssec test-algorithms
>
> Although pdns compiled succesfully with botan 1.8, ECDSA support
> still is broken. I'm guessing that command also shows some failures
> on
> your end when running it.
> Until it's a) fixed or b) botan is upgraded to 1.10.2, I'm probably
> gonna disable botan support for now. ECC-GOST (algo 12) is only
> enabled when compiling against botan 1.10, and ECDSA(algo 13 en 14)
> are both supported by cryptopp.
>>
>>> Best regards,
>>>
>>> Ralf van der Enden
>>>
>> Thanks,
>> J
>>
>>
>
Actually - the:
-post-install:
- @(cd ${PREFIX}; ${FIND} -s include/botan -not -type d) >> ${TMPPLIST}
- @${ECHO_CMD} @dirrm include/botan >> ${TMPPLIST}
-
Lines shouldn't be there, forgot to re-add once I'd updated the
Makefile, if those aren't re-added it will create a false positive as
the files aren't deleted...
Thanks
> Thanks for your input though. It made me look further than just a
> succesful compilation proces.
>
> Best regards,
>
> Ralf
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201207130330.q6D3U77d097713>