DNSSEC patch for BIND
lentferj
Jan.Lentfer at web.de
Fri Jan 8 02:41:44 PST 2010
Attached is a patch that *should* enable DNSSEC support in BIND and all
related tools (e.g. dig). According to what I could find out looking at
the
original tarball release from ISC, defining OPENSSL and liking to
libcrypto
should be sufficient, but unfortunatley I have to little knowledge about
DNSSEC that I can actually set up a test environment to check if it is
really working. Maybe someone can jump in here.
Thanks in advance
Jandiff --git a/etc/defaults/make.conf b/etc/defaults/make.conf
index dc8333b..4ede19d 100644
--- a/etc/defaults/make.conf
+++ b/etc/defaults/make.conf
@@ -100,6 +100,7 @@ THREAD_LIB?= thread_xu
#
# To avoid building various parts of the base system:
#NO_BIND= true # do not build BIND
+#NO_BIND_DNSSEC=true # do not build dnssec support in BIND
#NO_CRYPT= true # do not build crypto code
#NO_CVS= true # do not build CVS
#NO_GAMES= true # do not enter the games subdirectory
diff --git a/lib/libisc/Makefile b/lib/libisc/Makefile
index f75f626..cb23825 100644
--- a/lib/libisc/Makefile
+++ b/lib/libisc/Makefile
@@ -78,6 +78,10 @@ SRCS+= lwres/context.c lwres/gai_strerror.c lwres/getaddrinfo.c \
# contrib/bind/include/* must not override any real system includes
CFLAGS+= -I${.CURDIR}/../../usr.sbin/named
CFLAGS+= -I${.CURDIR}/../../usr.sbin/named/include
+CFLAGS+= -DUSE_MD5
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+CFLAGS+= -DOPENSSL
+.endif
.if ${MACHINE_ARCH} == "i386"
CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include
diff --git a/share/man/man5/make.conf.5 b/share/man/man5/make.conf.5
index b31a654..2cb0c65 100644
--- a/share/man/man5/make.conf.5
+++ b/share/man/man5/make.conf.5
@@ -344,6 +344,9 @@ Set to build modules with the system instead of the kernel.
.It Va NO_BIND
.Pq Vt bool
Set to not build BIND.
+.It Va NO_BIND_DNSSEC
+.Pq Vt bool
+Set to not build DNSSEC support in BIND.
.It Va NO_CRYPT
.Pq Vt bool
Set to not build crypto code.
diff --git a/usr.bin/dig/Makefile b/usr.bin/dig/Makefile
index a4d1d5c..1cbd0e6 100644
--- a/usr.bin/dig/Makefile
+++ b/usr.bin/dig/Makefile
@@ -17,6 +17,11 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
-I${BIND_DIR}/lib/bind9/include \
-I${BIND_DIR}/bin/dig/include
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+= ${LIBCRYPTO}
+LDADD+= -lcrypto
+.endif
+
.if ${MACHINE_ARCH} == "i386"
CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include
CFLAGS+= -DISC_PLATFORM_USETHREADS
diff --git a/usr.bin/dnssec-keygen/Makefile b/usr.bin/dnssec-keygen/Makefile
index f6fe1d0..2d69ea6 100644
--- a/usr.bin/dnssec-keygen/Makefile
+++ b/usr.bin/dnssec-keygen/Makefile
@@ -15,4 +15,9 @@ WARNS?= 3
CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
-I${.CURDIR}/../../usr.sbin/named/include
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+= ${LIBCRYPTO}
+LDADD+= -lcrypto
+.endif
+
.include <bsd.prog.mk>
diff --git a/usr.bin/dnssec-signzone/Makefile b/usr.bin/dnssec-signzone/Makefile
index 06e7529..c141bdf 100644
--- a/usr.bin/dnssec-signzone/Makefile
+++ b/usr.bin/dnssec-signzone/Makefile
@@ -15,4 +15,9 @@ WARNS?= 3
CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
-I${.CURDIR}/../../usr.sbin/named/include
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+= ${LIBCRYPTO}
+LDADD+= -lcrypto
+.endif
+
.include <bsd.prog.mk>
diff --git a/usr.bin/host/Makefile b/usr.bin/host/Makefile
index e95002e..fbf11a4 100644
--- a/usr.bin/host/Makefile
+++ b/usr.bin/host/Makefile
@@ -18,6 +18,11 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
-I${BIND_DIR}/lib/bind9/include \
-I${BIND_DIR}/bin/dig/include
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+= ${LIBCRYPTO}
+LDADD+= -lcrypto
+.endif
+
.if ${MACHINE_ARCH} == "i386"
CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include
CFLAGS+= -DISC_PLATFORM_USETHREADS
diff --git a/usr.sbin/named-checkconf/Makefile b/usr.sbin/named-checkconf/Makefile
index 2025a74..ff73bd6 100644
--- a/usr.sbin/named-checkconf/Makefile
+++ b/usr.sbin/named-checkconf/Makefile
@@ -18,4 +18,9 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
-I${BIND_DIR}/bin/check \
-DNAMED_CONFFILE=\"${DESTETC}/named.conf\"
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+= ${LIBCRYPTO}
+LDADD+= -lcrypto
+.endif
+
.include <bsd.prog.mk>
diff --git a/usr.sbin/named-checkzone/Makefile b/usr.sbin/named-checkzone/Makefile
index 0a05af3..67e702f 100644
--- a/usr.sbin/named-checkzone/Makefile
+++ b/usr.sbin/named-checkzone/Makefile
@@ -16,4 +16,9 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
-I${BIND_DIR}/bin/check \
-DNAMED_CONFFILE=\"${DESTETC}/named.conf\"
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+= ${LIBCRYPTO}
+LDADD+= -lcrypto
+.endif
+
.include <bsd.prog.mk>
diff --git a/usr.sbin/named/Makefile b/usr.sbin/named/Makefile
index 681fd06..1e4e286 100644
--- a/usr.sbin/named/Makefile
+++ b/usr.sbin/named/Makefile
@@ -51,6 +51,10 @@ LIBISC:= ${LIBISCDIR}/libisc.a
DPADD+= ${LIBISC}
LDADD+= ${LIBISC}
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+= ${LIBCRYPTO}
+LDADD+= -lcrypto
+.endif
#HTMLS= acl.html address_list.html comments.html config.html controls.html \
# docdef.html example.html include.html index.html key.html \
diff --git a/usr.sbin/nslookup/Makefile b/usr.sbin/nslookup/Makefile
index 4530e42..ca6cf17 100644
--- a/usr.sbin/nslookup/Makefile
+++ b/usr.sbin/nslookup/Makefile
@@ -19,6 +19,11 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
-I${BIND_DIR}/lib/bind9/include \
-I${BIND_DIR}/bin/dig/include
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+= ${LIBCRYPTO}
+LDADD+= -lcrypto
+.endif
+
.if ${MACHINE_ARCH} == "i386"
CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include
CFLAGS+= -DISC_PLATFORM_USETHREADS
diff --git a/usr.sbin/nsupdate/Makefile b/usr.sbin/nsupdate/Makefile
index e80b9d1..cb62890 100644
--- a/usr.sbin/nsupdate/Makefile
+++ b/usr.sbin/nsupdate/Makefile
@@ -16,6 +16,11 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
-I${.CURDIR}/../../usr.sbin/named/include \
-I${BIND_DIR}/lib/bind9/include
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+= ${LIBCRYPTO}
+LDADD+= -lcrypto
+.endif
+
.if ${MACHINE_ARCH} == "i386"
CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include
CFLAGS+= -DISC_PLATFORM_USETHREADS
diff --git a/usr.sbin/rndc-confgen/Makefile b/usr.sbin/rndc-confgen/Makefile
index 77abe71..a7a1abc 100644
--- a/usr.sbin/rndc-confgen/Makefile
+++ b/usr.sbin/rndc-confgen/Makefile
@@ -19,4 +19,9 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
-DRNDC_CONFFILE=\"${DESTETC}/rndc.conf\" \
-DRNDC_KEYFILE=\"${DESTETC}/rndc.key\"
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+= ${LIBCRYPTO}
+LDADD+= -lcrypto
+.endif
+
.include <bsd.prog.mk>
diff --git a/usr.sbin/rndc/Makefile b/usr.sbin/rndc/Makefile
index a854df7..c46352d 100644
--- a/usr.sbin/rndc/Makefile
+++ b/usr.sbin/rndc/Makefile
@@ -21,4 +21,9 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
-DRNDC_CONFFILE=\"${DESTETC}/rndc.conf\" \
-DRNDC_KEYFILE=\"${DESTETC}/rndc.key\"
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+= ${LIBCRYPTO}
+LDADD+= -lcrypto
+.endif
+
.include <bsd.prog.mk>
More information about the Submit
mailing list