OpenDNSSEC 1.2.0:
Bugfixes: * Enforcer: Fixed a number of build warnings. OpenDNSSEC 1.2.0rc3: * Moved migration instructions to the file MIGRATION Bugfixes: * Bugreport #199: The previous DB schema change made the zone removal broken. * Enforcer: When retiring old KSK, use TTL(ds) and not TTL(ksk). * Enforcer: Minimize the set of DS RRs sent to DelegationSignerSubmitCommand. * Enforcer: Replace tab with a space character in the DNSKEY printed to syslog. * Enforcer: Fixed pontential format string bug. * ods-ksmutil: Log to syslog when ds-seen changes a key to active/standby. * Signer Engine: Don't be smart with RRSIG TTLs, the hsm will set them for you. * Signer Engine: Set notify command for zone when receiving ods-signer update. * Signer Engine: Update TTL of NSEC(3) records if SOA Minimum has changed in KASP. * Signer Engine: Now logs to the correct facility. * Signer Engine: Also remove NSEC records when detecting changes in signconf <Denial> * Signer Engine: Dropped privileges before starting Zonefetcher. OpenDNSSEC 1.2.0rc2: Bugfixes: * Signer Engine: Use the correct TTL for RRs after the $INCLUDE directive. * Signer Engine: Also create new signature if TTL of RR has changed. * Signer Engine: Drop old NSEC/NSEC3 records. * ods-ksmutil: Fixed some memory leaks. OpenDNSSEC 1.2.0rc1: * New commandline option for the signer: ods-signer running. * Allow connection to different MySQL ports in the Enforcer. * Tone down and explain warning when converting M or Y to seconds * ldns 1.6.7 is required for bugfixes * dnsruby 1.51 is required for bugfixes Bugfixes: * Bugreport #187: ods-control signer start will return non-zero if start up failed (uses ods-signer running). * Narrow glue at the zone cut is allowed, do not consider it as occluded. * Move zone fetcher output to correct input adapter file. * Enforcer shared keys on zones with ShareKeys disabled. * Make names of key states consistent. * Signer Engine file descriptor leak fix on engine.sock. * Set explicit "unlimited" repository capacity to prevent random integer being read. Requires "ods-ksmutil update conf" to be run if using an existing database. * Fix issue with key generation creating too many keys Ticket #194. * Bugreport #189: Auditor did not handle white-space-seperated substrings for base64 text * Bugreport #190: Auditor (and signer) does not handle case correctly * Signer now silence stdout-output from the notify command OpenDNSSEC 1.2.0b1: * A new signer engine, written in c. Zones are maintained in memory, instead of in files on disk. * Removed the python and python-4suite-xml dependencies. * Remove separate autoconf for libhsm/conf/enforcer. * Add option to disable building the signer. * Signer logs statistics just after outputting a new signed zone. * libhsm will skip processing (and not create) any public keys if the per repository option <SkipPublicKey/> is set. * Keysharing improved - keys can now exist in different states on each zone that the key is in use for. * Backup prepare/commit/rollback added for 2-step backups without taking the enforcer offline. * Standby keys are now optional (default to 0) and should be considered experimental. Bugfixes: * Fix semantics of refresh value in Signer Engine. * Auditor handles chains of empty nonterminals correctly. * Recalculate salt immediately if the saltlength is changed. * libhsm connected to slot 0 if the token label was not found. An error is now returned instead of connecting to the slot. * Bugreport #102: Removed the obsoleted python-4suite-xml dependency. * Fixed Known Issue: KSK rollover requires manual timing. * Fixed Known Issue: Key rollover and reuse of signatures. * Fixed Known Issue: Issue with sharing keys and adding zones. * Fixed Known Issue: Quicksorter does not allow certain owner names (Quicksorter is removed, signer now reads and sorts the zone).
This commit is contained in:
pettai
parent
3725d0eb4b
commit
77b9b55e05
5 changed files with 42 additions and 75 deletions
|
|
@ -1,7 +1,7 @@
|
|||
# $NetBSD: Makefile,v 1.8 2010/09/13 07:53:06 pettai Exp $
|
||||
# $NetBSD: Makefile,v 1.9 2011/01/24 20:30:28 pettai Exp $
|
||||
#
|
||||
|
||||
DISTNAME= opendnssec-1.1.3
|
||||
DISTNAME= opendnssec-1.2.0
|
||||
CATEGORIES= security net
|
||||
MASTER_SITES= http://www.opendnssec.org/files/source/
|
||||
|
||||
|
|
@ -10,11 +10,9 @@ HOMEPAGE= http://www.opendnssec.org/
|
|||
COMMENT= OSS for a fast and easy DNSSEC deployment
|
||||
LICENSE= 2-clause-bsd
|
||||
|
||||
DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat
|
||||
DEPENDS+= ${PYPKGPREFIX}-4Suite-[0-9]*:../../textproc/py-4Suite
|
||||
DEPENDS+= ldns>=1.6.6:../../net/ldns
|
||||
DEPENDS+= ldns>=1.6.7:../../net/ldns
|
||||
DEPENDS+= ${RUBY_PKGPREFIX}-rubygems-[0-9]*:../../misc/rubygems
|
||||
DEPENDS+= ${RUBY_PKGPREFIX}-dnsruby>=1.49:../../net/ruby-dnsruby
|
||||
DEPENDS+= ${RUBY_PKGPREFIX}-dnsruby>=1.51:../../net/ruby-dnsruby
|
||||
BUILD_DEPENDS+= CUnit-[0-9]*:../../devel/cunit
|
||||
|
||||
PKG_DESTDIR_SUPPORT= user-destdir
|
||||
|
|
@ -66,18 +64,17 @@ INSTALLATION_DIRS+= share/opendnssec
|
|||
INSTALLATION_DIRS+= lib/opendnssec
|
||||
INSTALLATION_DIRS+= lib/opendnssec/signer
|
||||
INSTALLATION_DIRS+= lib/opendnssec/kasp_auditor
|
||||
INSTALLATION_DIRS+= ${VARBASE}/opendnssec
|
||||
INSTALLATION_DIRS+= ${VARBASE}/opendnssec/tmp
|
||||
INSTALLATION_DIRS+= ${VARBASE}/opendnssec/signconf
|
||||
INSTALLATION_DIRS+= ${VARBASE}/opendnssec/signed
|
||||
INSTALLATION_DIRS+= ${VARBASE}/opendnssec/unsigned
|
||||
OWN_DIRS+= ${VARBASE}/opendnssec
|
||||
OWN_DIRS+= ${VARBASE}/opendnssec/tmp
|
||||
OWN_DIRS+= ${VARBASE}/opendnssec/signconf
|
||||
OWN_DIRS+= ${VARBASE}/opendnssec/signed
|
||||
OWN_DIRS+= ${VARBASE}/opendnssec/unsigned
|
||||
|
||||
.include "options.mk"
|
||||
|
||||
pre-install:
|
||||
${MKDIR} ${DESTDIR}${PKG_SYSCONFDIR}/opendnssec
|
||||
|
||||
.include "../../lang/python/application.mk"
|
||||
#.include "../../devel/cunit/buildlink3.mk"
|
||||
.include "../../textproc/libxml2/buildlink3.mk"
|
||||
.include "../../net/ldns/buildlink3.mk"
|
||||
|
|
|
|||
|
|
@ -1,52 +1,21 @@
|
|||
@comment $NetBSD: PLIST,v 1.2 2010/06/16 00:19:08 pettai Exp $
|
||||
@comment $NetBSD: PLIST,v 1.3 2011/01/24 20:30:28 pettai Exp $
|
||||
bin/ods-auditor
|
||||
bin/ods-hsmspeed
|
||||
bin/ods-hsmutil
|
||||
bin/ods-kasp2html
|
||||
bin/ods-kaspcheck
|
||||
bin/ods-ksmutil
|
||||
include/hsmtest.h
|
||||
include/libhsm.h
|
||||
include/libhsmdns.h
|
||||
lib/libhsm.la
|
||||
lib/opendnssec/kasp_auditor.rb
|
||||
lib/opendnssec/kasp_auditor/auditor.rb
|
||||
lib/opendnssec/kasp_auditor/changed_config.rb
|
||||
lib/opendnssec/kasp_auditor/commands.rb
|
||||
lib/opendnssec/kasp_auditor/config.rb
|
||||
lib/opendnssec/kasp_auditor/key_tracker.rb
|
||||
lib/opendnssec/kasp_auditor/parse.rb
|
||||
lib/opendnssec/kasp_auditor/partial_auditor.rb
|
||||
lib/opendnssec/kasp_auditor/preparser.rb
|
||||
lib/opendnssec/kasp_checker.rb
|
||||
lib/opendnssec/signer/Engine.py
|
||||
lib/opendnssec/signer/Engine.pyc
|
||||
lib/opendnssec/signer/Engine.pyo
|
||||
lib/opendnssec/signer/EngineConfig.py
|
||||
lib/opendnssec/signer/EngineConfig.pyc
|
||||
lib/opendnssec/signer/EngineConfig.pyo
|
||||
lib/opendnssec/signer/Util.py
|
||||
lib/opendnssec/signer/Util.pyc
|
||||
lib/opendnssec/signer/Util.pyo
|
||||
lib/opendnssec/signer/Worker.py
|
||||
lib/opendnssec/signer/Worker.pyc
|
||||
lib/opendnssec/signer/Worker.pyo
|
||||
lib/opendnssec/signer/Zone.py
|
||||
lib/opendnssec/signer/Zone.pyc
|
||||
lib/opendnssec/signer/Zone.pyo
|
||||
lib/opendnssec/signer/ZoneConfig.py
|
||||
lib/opendnssec/signer/ZoneConfig.pyc
|
||||
lib/opendnssec/signer/ZoneConfig.pyo
|
||||
lib/opendnssec/signer/ZoneList.py
|
||||
lib/opendnssec/signer/ZoneList.pyc
|
||||
lib/opendnssec/signer/ZoneList.pyo
|
||||
lib/opendnssec/time_shift.rb
|
||||
libexec/opendnssec/create_dnskey
|
||||
libexec/opendnssec/finalizer
|
||||
libexec/opendnssec/get_class
|
||||
libexec/opendnssec/get_serial
|
||||
libexec/opendnssec/quicksorter
|
||||
libexec/opendnssec/signer
|
||||
libexec/opendnssec/zone_fetcher
|
||||
libexec/opendnssec/zone_reader
|
||||
man/man1/ods-auditor.1
|
||||
man/man1/ods-hsmspeed.1
|
||||
man/man1/ods-hsmutil.1
|
||||
|
|
@ -70,7 +39,6 @@ share/examples/opendnssec/zonefetch.xml
|
|||
share/examples/opendnssec/zonefetch.xml.sample
|
||||
share/examples/opendnssec/zonelist.xml
|
||||
share/examples/opendnssec/zonelist.xml.sample
|
||||
share/opendnssec.spec
|
||||
share/opendnssec/conf.rnc
|
||||
share/opendnssec/conf.rng
|
||||
share/opendnssec/database_create.sqlite3
|
||||
|
|
@ -83,4 +51,5 @@ share/opendnssec/zonefetch.rnc
|
|||
share/opendnssec/zonefetch.rng
|
||||
share/opendnssec/zonelist.rnc
|
||||
share/opendnssec/zonelist.rng
|
||||
@pkgdir lib/opendnssec/signer
|
||||
@pkgdir etc/opendnssec
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
$NetBSD: distinfo,v 1.5 2010/09/13 07:53:06 pettai Exp $
|
||||
$NetBSD: distinfo,v 1.6 2011/01/24 20:30:28 pettai Exp $
|
||||
|
||||
SHA1 (opendnssec-1.1.3.tar.gz) = 394640b0cb8bb5afdf3446b4fe15e4942acd0d11
|
||||
RMD160 (opendnssec-1.1.3.tar.gz) = 2a41bf17553ed02e4654887a81f4665e4acdbf2d
|
||||
Size (opendnssec-1.1.3.tar.gz) = 2207087 bytes
|
||||
SHA1 (patch-aa) = 0007803ca6b323775b7d5e03d5f00c07030e14cc
|
||||
SHA1 (opendnssec-1.2.0.tar.gz) = 51e169f283bd1b69892bead8be9b6b7446e607de
|
||||
RMD160 (opendnssec-1.2.0.tar.gz) = b243c9e6edccd15e1ccb8fb8839c931a77e613df
|
||||
Size (opendnssec-1.2.0.tar.gz) = 1614858 bytes
|
||||
SHA1 (patch-aa) = ec0db5d0fe2cb5f0808e5113006b1243040b547d
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: options.mk,v 1.1.1.1 2010/05/06 12:50:17 pettai Exp $
|
||||
# $NetBSD: options.mk,v 1.2 2011/01/24 20:30:28 pettai Exp $
|
||||
|
||||
PKG_OPTIONS_VAR= PKG_OPTIONS.opendnssec
|
||||
PKG_SUPPORTED_OPTIONS= softhsm
|
||||
|
|
@ -10,5 +10,6 @@ PKG_SUGGESTED_OPTIONS= softhsm
|
|||
### SoftHSM
|
||||
###
|
||||
.if !empty(PKG_OPTIONS:Msofthsm)
|
||||
DEPENDS+= softhsm-[0-9]*:../../security/softhsm
|
||||
.include "../../security/softhsm/buildlink3.mk"
|
||||
.endif
|
||||
|
|
|
|||
|
|
@ -1,45 +1,45 @@
|
|||
$NetBSD: patch-aa,v 1.2 2010/06/16 00:19:08 pettai Exp $
|
||||
$NetBSD: patch-aa,v 1.3 2011/01/24 20:30:28 pettai Exp $
|
||||
|
||||
--- conf/Makefile.in.orig 2009-12-19 21:39:52.000000000 +0100
|
||||
+++ conf/Makefile.in 2009-12-19 21:43:40.000000000 +0100
|
||||
@@ -166,6 +166,7 @@
|
||||
sharedstatedir = @sharedstatedir@
|
||||
--- conf/Makefile.in.orig 2010-11-17 09:07:35.000000000 +0000
|
||||
+++ conf/Makefile.in
|
||||
@@ -277,6 +277,7 @@ sharedstatedir = @sharedstatedir@
|
||||
srcdir = @srcdir@
|
||||
subdirs = @subdirs@
|
||||
sysconfdir = @sysconfdir@/opendnssec
|
||||
+EGDIR=@EGDIR@
|
||||
target_alias = @target_alias@
|
||||
top_build_prefix = @top_build_prefix@
|
||||
top_builddir = @top_builddir@
|
||||
@@ -540,19 +541,19 @@
|
||||
@@ -530,19 +531,19 @@ regress: $(RNG)
|
||||
(echo "kasp.xml built")
|
||||
|
||||
install-data-hook:
|
||||
- test -d ${DESTDIR}${sysconfdir} || mkdir -p ${DESTDIR}${sysconfdir}
|
||||
- test -f ${DESTDIR}${sysconfdir}/conf.xml || \
|
||||
- ${INSTALL_DATA} -m 0640 ${top_builddir}/conf.xml ${DESTDIR}${sysconfdir}
|
||||
- ${INSTALL_DATA} -m 640 ${top_builddir}/conf.xml ${DESTDIR}${sysconfdir}/conf.xml.sample
|
||||
- ${INSTALL_DATA} -m 0640 conf.xml ${DESTDIR}${sysconfdir}
|
||||
- ${INSTALL_DATA} -m 640 conf.xml ${DESTDIR}${sysconfdir}/conf.xml.sample
|
||||
- test -f ${DESTDIR}${sysconfdir}/zonelist.xml || \
|
||||
- ${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${sysconfdir}
|
||||
- ${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${sysconfdir}/zonelist.xml.sample
|
||||
- ${INSTALL_DATA} zonelist.xml ${DESTDIR}${sysconfdir}
|
||||
- ${INSTALL_DATA} zonelist.xml ${DESTDIR}${sysconfdir}/zonelist.xml.sample
|
||||
- test -f ${DESTDIR}${sysconfdir}/zonefetch.xml || \
|
||||
- ${INSTALL_DATA} -m 0640 ${top_builddir}/zonefetch.xml ${DESTDIR}${sysconfdir}
|
||||
- ${INSTALL_DATA} -m 640 ${top_builddir}/zonefetch.xml ${DESTDIR}${sysconfdir}/zonefetch.xml.sample
|
||||
- ${INSTALL_DATA} -m 0640 zonefetch.xml ${DESTDIR}${sysconfdir}
|
||||
- ${INSTALL_DATA} -m 640 zonefetch.xml ${DESTDIR}${sysconfdir}/zonefetch.xml.sample
|
||||
- test -f ${DESTDIR}${sysconfdir}/kasp.xml || \
|
||||
- ${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${sysconfdir}
|
||||
- ${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${sysconfdir}/kasp.xml.sample
|
||||
- ${INSTALL_DATA} kasp.xml ${DESTDIR}${sysconfdir}
|
||||
- ${INSTALL_DATA} kasp.xml ${DESTDIR}${sysconfdir}/kasp.xml.sample
|
||||
+ test -d ${DESTDIR}${EGDIR} || mkdir -p ${DESTDIR}${EGDIR}
|
||||
+ test -f ${DESTDIR}${EGDIR}/conf.xml || \
|
||||
+ ${INSTALL_DATA} -m 0640 ${top_builddir}/conf.xml ${DESTDIR}${EGDIR}
|
||||
+ ${INSTALL_DATA} -m 640 ${top_builddir}/conf.xml ${DESTDIR}${EGDIR}/conf.xml.sample
|
||||
+ ${INSTALL_DATA} -m 0640 conf.xml ${DESTDIR}${EGDIR}
|
||||
+ ${INSTALL_DATA} -m 640 conf.xml ${DESTDIR}${EGDIR}/conf.xml.sample
|
||||
+ test -f ${DESTDIR}${EGDIR}/zonelist.xml || \
|
||||
+ ${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${EGDIR}
|
||||
+ ${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${EGDIR}/zonelist.xml.sample
|
||||
+ ${INSTALL_DATA} zonelist.xml ${DESTDIR}${EGDIR}
|
||||
+ ${INSTALL_DATA} zonelist.xml ${DESTDIR}${EGDIR}/zonelist.xml.sample
|
||||
+ test -f ${DESTDIR}${EGDIR}/zonefetch.xml || \
|
||||
+ ${INSTALL_DATA} -m 0640 ${top_builddir}/zonefetch.xml ${DESTDIR}${EGDIR}
|
||||
+ ${INSTALL_DATA} -m 640 ${top_builddir}/zonefetch.xml ${DESTDIR}${EGDIR}/zonefetch.xml.sample
|
||||
+ ${INSTALL_DATA} -m 0640 zonefetch.xml ${DESTDIR}${EGDIR}
|
||||
+ ${INSTALL_DATA} -m 640 zonefetch.xml ${DESTDIR}${EGDIR}/zonefetch.xml.sample
|
||||
+ test -f ${DESTDIR}${EGDIR}/kasp.xml || \
|
||||
+ ${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${EGDIR}
|
||||
+ ${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${EGDIR}/kasp.xml.sample
|
||||
+ ${INSTALL_DATA} kasp.xml ${DESTDIR}${EGDIR}
|
||||
+ ${INSTALL_DATA} kasp.xml ${DESTDIR}${EGDIR}/kasp.xml.sample
|
||||
# Tell versions [3.59,3.63) of GNU make to not export all variables.
|
||||
# Otherwise a system limit (for SysV at least) may be exceeded.
|
||||
.NOEXPORT:
|
||||
|
|
|
|||
Loading…
Reference in a new issue