The upstream came with a different temporarily solution than the patch in PR 199298.

This one allows for GOST in DNSSEC. Add conflict with upcoming knot2 port. PR: 199866 Submitted by: Leo Vandewoestijne <freebsd@dns-lab.com> (maintainer)
svn path=/head/; revision=386670
2015-05-18 11:21:06 +00:00 · 2015-05-18 11:21:06 +00:00 · 21c81c1764 · 2021-03-31 03:12:20 +00:00
commit 21c81c1764
parent 5187c61024
3 changed files with 54 additions and 18 deletions
--- a/dns/knot/Makefile
+++ b/dns/knot/Makefile
@ -3,6 +3,7 @@

 PORTNAME=	knot
 PORTVERSION=	1.6.3
+PORTREVISION=	1
 CATEGORIES=	dns ipv6
 MASTER_SITES=	https://secure.nic.cz/files/knot-dns/ \
 		http://dns-lab.com/downloads/knot-dns/
@ -12,11 +13,11 @@ COMMENT=	High performance authoritative-only DNS server

 LICENSE=	GPLv3

-CONFLICTS=	knot-devel-1.*
-
 BUILD_DEPENDS=	flex>=2.5.35_1:${PORTSDIR}/textproc/flex
 LIB_DEPENDS=	liburcu.so:${PORTSDIR}/sysutils/liburcu

+CONFLICTS=	knot-2.*
+
 USES=		alias bison libtool pkgconfig tar:xz
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--with-storage=/var/db/knot \
@ -41,7 +42,7 @@ SUB_LIST+=	USERS="${USERS}" GROUPS="${GROUPS}"

 PORTDOCS=	AUTHORS COPYING ChangeLog INSTALL NEWS README THANKS

-OPTIONS_DEFINE=	DNSTAP FASTPARSER GOST IDN LMDB
+OPTIONS_DEFINE=	DNSTAP FASTPARSER IDN LMDB

 DNSTAP_DESC=		dnstap support (see dnstap.info)
 FASTPARSER_DESC=	Fast zone parser (demanding compilation)
@ -62,10 +63,6 @@ LMDB_LIB_DEPENDS=	liblmdb.so:${PORTSDIR}/databases/lmdb

 .include <bsd.port.options.mk>

-.if ${PORT_OPTIONS:MGOST} && defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl
-IGNORE=	cannot use both LibreSSL and GOST (not installing correctly); either don't use GOST or do use OpenSSL
-.endif
-
 post-patch:
 	@${REINPLACE_CMD} 's|$$(INSTALL) -d $$(DESTDIR)/\@run_dir\@|#$$(INSTALL) -d $$(DESTDIR)/\@run_dir\@|' \
 		${WRKSRC}/src/Makefile.in
--- a/dns/knot/files/patch-src_libknot_dnssec_config.h
+++ b/dns/knot/files/patch-src_libknot_dnssec_config.h
@ -1,11 +0,0 @@
--- src/libknot/dnssec/config.h.orig	2015-04-08 11:57:44 UTC
-+++ src/libknot/dnssec/config.h
-@@ -40,7 +40,7 @@
-   #undef KNOT_ENABLE_ECDSA
- #endif
- 
-#if !defined(OPENSSL_NO_GOST) && OPENSSL_VERSION_NUMBER >= 0x1000001fL
-+#if !defined(OPENSSL_NO_GOST) && OPENSSL_VERSION_NUMBER >= 0x1000001fL && !defined(LIBRESSL_VERSION_NUMBER)
-   #define KNOT_ENABLE_GOST 1
- #else
-   #undef KNOT_ENABLE_GOST
--- a/dns/knot/files/patch-src_libknot_dnssec_crypto.c
+++ b/dns/knot/files/patch-src_libknot_dnssec_crypto.c
@ -0,0 +1,50 @@
+--- src/libknot/dnssec/crypto.c.orig	2015-04-08 11:57:44 UTC
+++ src/libknot/dnssec/crypto.c
+@@ -122,7 +122,14 @@ static unsigned long openssl_threadid_cb(void)
+ 
+ /*- pluggable engines -------------------------------------------------------*/
+ 
+-#if KNOT_ENABLE_GOST
+#if KNOT_ENABLE_GOST && !defined(LIBRESSL_VERSION_NUMBER)
+  #define KNOT_LOAD_GOST 1
+#else
+  #undef KNOT_LOAD_GOST
+#endif
+
+
+#if KNOT_LOAD_GOST
+ 
+ static ENGINE *gost_engine = NULL;
+ 
+@@ -130,6 +137,8 @@ static void init_gost_engine(void)
+ {
+ 	assert(gost_engine == NULL);
+ 
+	ENGINE_load_builtin_engines();
+
+ #ifndef OPENSSL_NO_STATIC_ENGINE
+ 	ENGINE_load_gost();
+ #else
+@@ -206,16 +215,19 @@ void knot_crypto_cleanup_threads(void)
+ 
+ void knot_crypto_load_engines(void)
+ {
+-#if KNOT_ENABLE_GOST
+#if KNOT_LOAD_GOST
+ 	if (!gost_engine) {
+ 		init_gost_engine();
+ 	}
+ #endif
+#if KNOT_ENABLE_GOST
+	OpenSSL_add_all_algorithms();
+#endif
+ }
+ 
+ void knot_crypto_unload_engines(void)
+ {
+-#if KNOT_ENABLE_GOST
+#if KNOT_LOAD_GOST
+ 	if (gost_engine) {
+ 		deinit_gost_engine();
+ 	}
+