pkgsrc-wip/opendnssec/options.mk

# $NetBSD: options.mk,v 1.8 2010/11/17 11:12:00 pettai Exp $

PKG_OPTIONS_VAR=		PKG_OPTIONS.opendnssec
PKG_SUPPORTED_OPTIONS=		softhsm
PKG_SUGGESTED_OPTIONS=		softhsm

.include "../../mk/bsd.options.mk"

###
### SoftHSM
###
.if !empty(PKG_OPTIONS:Msofthsm)
DEPENDS+=	softhsm:../../security/softhsm
.include "../../security/softhsm/buildlink3.mk"
.endif
OpenDNSSEC 1.2.0rc1: * New commandline option for the signer: ods-signer running. * Allow connection to different MySQL ports in the Enforcer. * Tone down and explain warning when converting M or Y to seconds * ldns 1.6.7 is required for bugfixes * dnsruby 1.51 is required for bugfixes Migration: * There is a kasp schema change from the 1.1 branch (or trunk if you built prior to r3823). To make this transition you have 2 options: 1) Run ods-ksmutil setup again. This will remove _all_ the current information from the kasp database and start you off again with a fresh environment. If that is not an option, or you want to try something else then: 2) run one of the migration scripts enforcer/utils/migrate_keyshare_mysql.pl or enforcer/utils/migrate_keyshare_sqlite3.pl depending on your database. NOTE: Although these scripts have been tested it is recommended to make a backup of your database prior to running them. Bugfixes: * Bugreport #187: ods-control signer start will return non-zero if start up failed (uses ods-signer running). * Narrow glue at the zone cut is allowed, do not consider it as occluded. * Move zone fetcher output to correct input adapter file. * Enforcer shared keys on zones with ShareKeys disabled. * Make names of key states consistent. * Signer Engine file descriptor leak fix on engine.sock. * Set explicit "unlimited" repository capacity to prevent random integer being read. Requires "ods-ksmutil update conf" to be run if using an existing database. * Fix issue with key generation creating too many keys Ticket #194. * Bugreport #189: Auditor did not handle white-space-seperated substrings for base64 text * Bugreport #190: Auditor (and signer) does not handle case correctly * Signer now silence stdout-output from the notify command OpenDNSSEC 1.2.0b1: * A new signer engine, written in c. Zones are maintained in memory, instead of in files on disk. * Removed the python and python-4suite-xml dependencies. * Remove separate autoconf for libhsm/conf/enforcer. * Add option to disable building the signer. * Signer logs statistics just after outputting a new signed zone. * libhsm will skip processing (and not create) any public keys if the per repository option <SkipPublicKey/> is set. * Keysharing improved - keys can now exist in different states on each zone that the key is in use for. * Backup prepare/commit/rollback added for 2-step backups without taking the enforcer offline. * Standby keys are now optional (default to 0) and should be considered experimental. Bugfixes: * Fix semantics of refresh value in Signer Engine. * Auditor handles chains of empty nonterminals correctly. * Recalculate salt immediately if the saltlength is changed. * libhsm connected to slot 0 if the token label was not found. An error is now returned instead of connecting to the slot. * Bugreport #102: Removed the obsoleted python-4suite-xml dependency. * Fixed Known Issue: KSK rollover requires manual timing. * Fixed Known Issue: Key rollover and reuse of signatures. * Fixed Known Issue: Issue with sharing keys and adding zones. * Fixed Known Issue: Quicksorter does not allow certain owner names (Quicksorter is removed, signer now reads and sorts the zone). 2010-11-17 12:12:00 +01:00			`# $NetBSD: options.mk,v 1.8 2010/11/17 11:12:00 pettai Exp $`
OpenDNSSEC 1.1: * Performance improvements for large zones * Clarification to the KSK rollover process * Partial auditing of large zones * Improved registrar support (EPP client plugin) 2010-05-09 21:07:53 +02:00
			`PKG_OPTIONS_VAR= PKG_OPTIONS.opendnssec`
OpenDNSSEC 1.2.0rc1: * New commandline option for the signer: ods-signer running. * Allow connection to different MySQL ports in the Enforcer. * Tone down and explain warning when converting M or Y to seconds * ldns 1.6.7 is required for bugfixes * dnsruby 1.51 is required for bugfixes Migration: * There is a kasp schema change from the 1.1 branch (or trunk if you built prior to r3823). To make this transition you have 2 options: 1) Run ods-ksmutil setup again. This will remove _all_ the current information from the kasp database and start you off again with a fresh environment. If that is not an option, or you want to try something else then: 2) run one of the migration scripts enforcer/utils/migrate_keyshare_mysql.pl or enforcer/utils/migrate_keyshare_sqlite3.pl depending on your database. NOTE: Although these scripts have been tested it is recommended to make a backup of your database prior to running them. Bugfixes: * Bugreport #187: ods-control signer start will return non-zero if start up failed (uses ods-signer running). * Narrow glue at the zone cut is allowed, do not consider it as occluded. * Move zone fetcher output to correct input adapter file. * Enforcer shared keys on zones with ShareKeys disabled. * Make names of key states consistent. * Signer Engine file descriptor leak fix on engine.sock. * Set explicit "unlimited" repository capacity to prevent random integer being read. Requires "ods-ksmutil update conf" to be run if using an existing database. * Fix issue with key generation creating too many keys Ticket #194. * Bugreport #189: Auditor did not handle white-space-seperated substrings for base64 text * Bugreport #190: Auditor (and signer) does not handle case correctly * Signer now silence stdout-output from the notify command OpenDNSSEC 1.2.0b1: * A new signer engine, written in c. Zones are maintained in memory, instead of in files on disk. * Removed the python and python-4suite-xml dependencies. * Remove separate autoconf for libhsm/conf/enforcer. * Add option to disable building the signer. * Signer logs statistics just after outputting a new signed zone. * libhsm will skip processing (and not create) any public keys if the per repository option <SkipPublicKey/> is set. * Keysharing improved - keys can now exist in different states on each zone that the key is in use for. * Backup prepare/commit/rollback added for 2-step backups without taking the enforcer offline. * Standby keys are now optional (default to 0) and should be considered experimental. Bugfixes: * Fix semantics of refresh value in Signer Engine. * Auditor handles chains of empty nonterminals correctly. * Recalculate salt immediately if the saltlength is changed. * libhsm connected to slot 0 if the token label was not found. An error is now returned instead of connecting to the slot. * Bugreport #102: Removed the obsoleted python-4suite-xml dependency. * Fixed Known Issue: KSK rollover requires manual timing. * Fixed Known Issue: Key rollover and reuse of signatures. * Fixed Known Issue: Issue with sharing keys and adding zones. * Fixed Known Issue: Quicksorter does not allow certain owner names (Quicksorter is removed, signer now reads and sorts the zone). 2010-11-17 12:12:00 +01:00			`PKG_SUPPORTED_OPTIONS= softhsm`
			`PKG_SUGGESTED_OPTIONS= softhsm`
OpenDNSSEC 1.1: * Performance improvements for large zones * Clarification to the KSK rollover process * Partial auditing of large zones * Improved registrar support (EPP client plugin) 2010-05-09 21:07:53 +02:00
			`.include "../../mk/bsd.options.mk"`

			`###`
			`### SoftHSM`
			`###`
			`.if !empty(PKG_OPTIONS:Msofthsm)`
			`DEPENDS+= softhsm:../../security/softhsm`
			`.include "../../security/softhsm/buildlink3.mk"`
			`.endif`