rpms/bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Add support to native PKCS11

Browse Source 
Set of patches and changes, that fixes compilation of native PKCS11
support as subpackage. Moves definition of USE_PKCS11 from config.h to
Makefiles. Defaults to off and only PKCS11 subdirectories set it to
true.
This commit is contained in:
Petr Menšík 2020-04-27 21:59:25 +02:00
parent 3ef9cd3dce
commit afbbd0be52
4 changed files with 114 additions and 277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

253
bind-9.10-dist-native-pkcs11.patch
View File

@ -12,7 +12,7 @@ index 9ad7f62..094775a 100644
TARGETS = TARGETS =
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
index 1e0fe0e..dc3a7f6 100644 index ef3e70c..1f5165a 100644
--- a/bin/confgen/Makefile.in --- a/bin/confgen/Makefile.in
+++ b/bin/confgen/Makefile.in +++ b/bin/confgen/Makefile.in
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@ @@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
@ -23,62 +23,56 @@ index 1e0fe0e..dc3a7f6 100644
+CDEFINES = +CDEFINES =
CWARNINGS = CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in
index 2317ec0..0601939 100644
--- a/bin/dig/Makefile.in
+++ b/bin/dig/Makefile.in
@@ -21,7 +21,7 @@ CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} \
${BIND9_INCLUDES} ${ISC_INCLUDES} \
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @OPENSSL_INCLUDES@
-CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@
+CDEFINES = -DVERSION=\"${VERSION}\"
CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
index 1dad340..ffac64e 100644 index 7486bf0..7d791d1 100644
--- a/bin/dnssec-pkcs11/Makefile.in --- a/bin/dnssec-pkcs11/Makefile.in
+++ b/bin/dnssec-pkcs11/Makefile.in +++ b/bin/dnssec-pkcs11/Makefile.in
@@ -15,16 +15,16 @@ VERSION=@BIND9_VERSION@ @@ -15,18 +15,18 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@ @BIND9_MAKE_INCLUDES@
-CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @OPENSSL_INCLUDES@ -CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
+CINCLUDES = ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} @OPENSSL_INCLUDES@ +CINCLUDES = ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
${OPENSSL_CFLAGS}
CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@ -CDEFINES = -DVERSION=\"${VERSION}\" -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
+CDEFINES = -DVERSION=\"${VERSION}\" -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\" -DUSE_PKCS11=1
CWARNINGS = CWARNINGS =
-DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ -DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@ +DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@ ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@ ISCLIBS = ../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
-DNSDEPLIBS = ../../lib/dns/libdns.@A@ -DNSDEPLIBS = ../../lib/dns/libdns.@A@
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ +DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
ISCDEPLIBS = ../../lib/isc/libisc.@A@ ISCDEPLIBS = ../../lib/isc/libisc.@A@
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS} @@ -36,12 +36,15 @@ LIBS = ${DNSLIBS} ${ISCCFGLIBS} ${ISCLIBS} @LIBS@
@@ -34,11 +34,11 @@ LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
NOSYMLIBS = ${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
NOSYMLIBS = ${DNSLIBS} ${ISCCFGLIBS} ${ISCNOSYMLIBS} @LIBS@
+# Add suffix to all targets
+EXEEXT = -pkcs11@EXEEXT@
+
# Alphabetically # Alphabetically
-TARGETS = dnssec-cds@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \ -TARGETS = dnssec-cds@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
- dnssec-importkey@EXEEXT@ dnssec-keyfromlabel@EXEEXT@ \ - dnssec-importkey@EXEEXT@ dnssec-keyfromlabel@EXEEXT@ \
- dnssec-keygen@EXEEXT@ dnssec-revoke@EXEEXT@ \ - dnssec-keygen@EXEEXT@ dnssec-revoke@EXEEXT@ \
- dnssec-settime@EXEEXT@ dnssec-signzone@EXEEXT@ \ - dnssec-settime@EXEEXT@ dnssec-signzone@EXEEXT@ \
- dnssec-verify@EXEEXT@ - dnssec-verify@EXEEXT@
+TARGETS = dnssec-cds-pkcs11@EXEEXT@ dnssec-dsfromkey-pkcs11@EXEEXT@ \ +TARGETS = dnssec-cds${EXEEXT} dnssec-dsfromkey${EXEEXT} \
+ dnssec-importkey-pkcs11@EXEEXT@ dnssec-keyfromlabel-pkcs11@EXEEXT@ \ + dnssec-importkey${EXEEXT} dnssec-keyfromlabel${EXEEXT} \
+ dnssec-keygen-pkcs11@EXEEXT@ dnssec-revoke-pkcs11@EXEEXT@ \ + dnssec-keygen${EXEEXT} dnssec-revoke${EXEEXT} \
+ dnssec-settime-pkcs11@EXEEXT@ dnssec-signzone-pkcs11@EXEEXT@ \ + dnssec-settime${EXEEXT} dnssec-signzone${EXEEXT} \
+ dnssec-verify-pkcs11@EXEEXT@ + dnssec-verify${EXEEXT}
OBJS = dnssectool.@O@ OBJS = dnssectool.@O@
@@ -61,19 +61,19 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -64,19 +67,19 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES}
@BIND9_MAKE_RULES@ @BIND9_MAKE_RULES@
@ -102,7 +96,7 @@ index 1dad340..ffac64e 100644
export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \ export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \
${FINALBUILDCMD} ${FINALBUILDCMD}
@@ -81,7 +81,7 @@ dnssec-signzone.@O@: dnssec-signzone.c @@ -84,7 +87,7 @@ dnssec-signzone.@O@: dnssec-signzone.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-c ${srcdir}/dnssec-signzone.c -c ${srcdir}/dnssec-signzone.c
@ -111,7 +105,7 @@ index 1dad340..ffac64e 100644
export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \ export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
${FINALBUILDCMD} ${FINALBUILDCMD}
@@ -89,19 +89,19 @@ dnssec-verify.@O@: dnssec-verify.c @@ -92,19 +95,19 @@ dnssec-verify.@O@: dnssec-verify.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-c ${srcdir}/dnssec-verify.c -c ${srcdir}/dnssec-verify.c
@ -135,7 +129,7 @@ index 1dad340..ffac64e 100644
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
dnssec-importkey.@O@ ${OBJS} ${LIBS} dnssec-importkey.@O@ ${OBJS} ${LIBS}
@@ -112,16 +112,14 @@ docclean manclean maintainer-clean:: @@ -115,16 +118,14 @@ docclean manclean maintainer-clean::
installdirs: installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
@ -153,33 +147,36 @@ index 1dad340..ffac64e 100644
for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t || exit 1; done for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t || exit 1; done
clean distclean:: clean distclean::
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index 1dad340..321058b 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @OPENSSL_INCLUDES@
-CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@
+CDEFINES = -DVERSION=\"${VERSION}\"
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in
index e5b0d4b..b739869 100644 index cb187e5..1bcb249 100644
--- a/bin/named-pkcs11/Makefile.in --- a/bin/named-pkcs11/Makefile.in
+++ b/bin/named-pkcs11/Makefile.in +++ b/bin/named-pkcs11/Makefile.in
@@ -43,7 +43,7 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@ @@ -37,13 +37,14 @@ DBDRIVER_LIBS =
DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@
DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers
-DLZDRIVER_OBJS = @DLZ_DRIVER_OBJS@
-DLZDRIVER_SRCS = @DLZ_DRIVER_SRCS@
-DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@
-DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@
+# Skip building on PKCS11 variant
+DLZDRIVER_OBJS =
+DLZDRIVER_SRCS =
+DLZDRIVER_INCLUDES =
+DLZDRIVER_LIBS =
CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
- ${NS_INCLUDES} ${DNS_INCLUDES} \ - ${NS_INCLUDES} ${DNS_INCLUDES} \
+ ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} \ + ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} \
${BIND9_INCLUDES} ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \ ${BIND9_INCLUDES} ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \
${ISC_INCLUDES} ${DLZDRIVER_INCLUDES} \ ${ISC_INCLUDES} ${DLZDRIVER_INCLUDES} \
${DBDRIVER_INCLUDES} ${MAXMINDDB_CFLAGS} \ ${DBDRIVER_INCLUDES} \
@@ -53,37 +53,37 @@ CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @@ -53,24 +54,24 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${MAXMINDDB_CFLAGS} \
${ZLIB_CFLAGS}
-CDEFINES = @CONTRIB_DLZ@
+CDEFINES =
CWARNINGS = CWARNINGS =
@ -187,8 +184,8 @@ index e5b0d4b..b739869 100644
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@ +DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCCCLIBS = ../../lib/isccc/libisccc.@A@ ISCCCLIBS = ../../lib/isccc/libisccc.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@ ISCLIBS = ../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@ ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
BIND9LIBS = ../../lib/bind9/libbind9.@A@ BIND9LIBS = ../../lib/bind9/libbind9.@A@
-NSLIBS = ../../lib/ns/libns.@A@ -NSLIBS = ../../lib/ns/libns.@A@
+NSLIBS = ../../lib/ns-pkcs11/libns-pkcs11.@A@ +NSLIBS = ../../lib/ns-pkcs11/libns-pkcs11.@A@
@ -204,47 +201,16 @@ index e5b0d4b..b739869 100644
DEPLIBS = ${NSDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ DEPLIBS = ${NSDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS} ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS}
@@ -87,7 +88,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
LIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \
- ${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBCAP_LIBS@ \
+ @LIBCAP_LIBS@ \
@LIBS@
NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCNOSYMLIBS} \
- ${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBCAP_LIBS@ \
+ @LIBCAP_LIBS@ \
@LIBS@
SUBDIRS = unix SUBDIRS = unix
-TARGETS = named@EXEEXT@ feature-test@EXEEXT@ -TARGETS = named@EXEEXT@ feature-test@EXEEXT@
+TARGETS = named-pkcs11@EXEEXT@ feature-test-pkcs11@EXEEXT@ +TARGETS = named-pkcs11@EXEEXT@ feature-test-pkcs11@EXEEXT@
GEOIPLINKOBJS = geoip.@O@
GEOIP2LINKOBJS = geoip.@O@ GEOIP2LINKOBJS = geoip.@O@
@@ -93,8 +93,7 @@ OBJS = builtin.@O@ config.@O@ control.@O@ \
@GEOIPLINKOBJS@ @GEOIP2LINKOBJS@ \
log.@O@ logconf.@O@ main.@O@ \
server.@O@ statschannel.@O@ \
- tkeyconf.@O@ tsigconf.@O@ zoneconf.@O@ \
- ${DLZDRIVER_OBJS} ${DBDRIVER_OBJS}
+ tkeyconf.@O@ tsigconf.@O@ zoneconf.@O@
UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@ @@ -151,7 +152,7 @@ server.@O@: server.c
@@ -108,8 +107,7 @@ SRCS = builtin.c config.c control.c \
@GEOIPLINKSRCS@ @GEOIP2LINKSRCS@ \
log.c logconf.c main.c \
server.c statschannel.c \
- tkeyconf.c tsigconf.c zoneconf.c \
- ${DLZDRIVER_SRCS} ${DBDRIVER_SRCS}
+ tkeyconf.c tsigconf.c zoneconf.c
MANPAGES = named.8 named.conf.5
@@ -149,7 +147,7 @@ server.@O@: server.c
-DPRODUCT=\"${PRODUCT}\" \ -DPRODUCT=\"${PRODUCT}\" \
-DVERSION=\"${VERSION}\" -c ${srcdir}/server.c -DVERSION=\"${VERSION}\" -c ${srcdir}/server.c
@ -253,7 +219,7 @@ index e5b0d4b..b739869 100644
export MAKE_SYMTABLE="yes"; \ export MAKE_SYMTABLE="yes"; \
export BASEOBJS="${OBJS} ${UOBJS}"; \ export BASEOBJS="${OBJS} ${UOBJS}"; \
${FINALBUILDCMD} ${FINALBUILDCMD}
@@ -159,7 +157,7 @@ feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c @@ -161,7 +162,7 @@ feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-c ${top_srcdir}/bin/tests/system/feature-test.c -c ${top_srcdir}/bin/tests/system/feature-test.c
@ -262,7 +228,7 @@ index e5b0d4b..b739869 100644
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \
-o $@ feature-test.@O@ ${ISCLIBS} ${LIBS} -o $@ feature-test.@O@ ${ISCLIBS} ${LIBS}
@@ -192,13 +190,13 @@ install-man8: named.8 @@ -194,13 +195,13 @@ install-man8: named.8
install-man: install-man5 install-man8 install-man: install-man5 install-man8
@ -279,24 +245,11 @@ index e5b0d4b..b739869 100644
@DLZ_DRIVER_RULES@ @DLZ_DRIVER_RULES@
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index e5b0d4b..eecfa76 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -49,7 +49,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${DBDRIVER_INCLUDES} ${MAXMINDDB_CFLAGS} \
@OPENSSL_INCLUDES@
-CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@
+CDEFINES = @CONTRIB_DLZ@
CWARNINGS =
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index 6cce3bb..d80ae31 100644 index de6a248..e95ef36 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -1276,12 +1276,14 @@ AC_SUBST(USE_GSSAPI) @@ -1196,12 +1196,14 @@ AC_SUBST(USE_GSSAPI)
AC_SUBST(DST_GSSAPI_INC) AC_SUBST(DST_GSSAPI_INC)
AC_SUBST(DNS_GSSAPI_LIBS) AC_SUBST(DNS_GSSAPI_LIBS)
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS" DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS"
@ -311,7 +264,7 @@ index 6cce3bb..d80ae31 100644
# #
# was --with-lmdb specified? # was --with-lmdb specified?
@@ -2522,6 +2524,8 @@ AC_SUBST(BIND9_DNS_BUILDINCLUDE) @@ -2296,6 +2298,8 @@ AC_SUBST(BIND9_DNS_BUILDINCLUDE)
AC_SUBST(BIND9_NS_BUILDINCLUDE) AC_SUBST(BIND9_NS_BUILDINCLUDE)
AC_SUBST(BIND9_BIND9_BUILDINCLUDE) AC_SUBST(BIND9_BIND9_BUILDINCLUDE)
AC_SUBST(BIND9_IRS_BUILDINCLUDE) AC_SUBST(BIND9_IRS_BUILDINCLUDE)
@ -320,7 +273,7 @@ index 6cce3bb..d80ae31 100644
if test "X$srcdir" != "X"; then if test "X$srcdir" != "X"; then
BIND9_ISC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isc/include" BIND9_ISC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isc/include"
BIND9_ISCCC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isccc/include" BIND9_ISCCC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isccc/include"
@@ -2530,6 +2534,8 @@ if test "X$srcdir" != "X"; then @@ -2304,6 +2308,8 @@ if test "X$srcdir" != "X"; then
BIND9_NS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/ns/include" BIND9_NS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/ns/include"
BIND9_BIND9_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/bind9/include" BIND9_BIND9_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/bind9/include"
BIND9_IRS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/irs/include" BIND9_IRS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/irs/include"
@ -329,7 +282,7 @@ index 6cce3bb..d80ae31 100644
else else
BIND9_ISC_BUILDINCLUDE="" BIND9_ISC_BUILDINCLUDE=""
BIND9_ISCCC_BUILDINCLUDE="" BIND9_ISCCC_BUILDINCLUDE=""
@@ -2538,6 +2544,8 @@ else @@ -2312,6 +2318,8 @@ else
BIND9_NS_BUILDINCLUDE="" BIND9_NS_BUILDINCLUDE=""
BIND9_BIND9_BUILDINCLUDE="" BIND9_BIND9_BUILDINCLUDE=""
BIND9_IRS_BUILDINCLUDE="" BIND9_IRS_BUILDINCLUDE=""
@ -338,7 +291,7 @@ index 6cce3bb..d80ae31 100644
fi fi
AC_SUBST_FILE(BIND9_MAKE_INCLUDES) AC_SUBST_FILE(BIND9_MAKE_INCLUDES)
@@ -3001,8 +3009,11 @@ AC_CONFIG_FILES([ @@ -2771,8 +2779,11 @@ AC_CONFIG_FILES([
bin/delv/Makefile bin/delv/Makefile
bin/dig/Makefile bin/dig/Makefile
bin/dnssec/Makefile bin/dnssec/Makefile
@ -350,7 +303,7 @@ index 6cce3bb..d80ae31 100644
bin/nsupdate/Makefile bin/nsupdate/Makefile
bin/pkcs11/Makefile bin/pkcs11/Makefile
bin/plugins/Makefile bin/plugins/Makefile
@@ -3075,6 +3086,10 @@ AC_CONFIG_FILES([ @@ -2843,6 +2854,10 @@ AC_CONFIG_FILES([
lib/dns/include/dns/Makefile lib/dns/include/dns/Makefile
lib/dns/include/dst/Makefile lib/dns/include/dst/Makefile
lib/dns/tests/Makefile lib/dns/tests/Makefile
@ -361,7 +314,7 @@ index 6cce3bb..d80ae31 100644
lib/irs/Makefile lib/irs/Makefile
lib/irs/include/Makefile lib/irs/include/Makefile
lib/irs/include/irs/Makefile lib/irs/include/irs/Makefile
@@ -3107,6 +3122,10 @@ AC_CONFIG_FILES([ @@ -2875,6 +2890,10 @@ AC_CONFIG_FILES([
lib/ns/include/Makefile lib/ns/include/Makefile
lib/ns/include/ns/Makefile lib/ns/include/ns/Makefile
lib/ns/tests/Makefile lib/ns/tests/Makefile
@ -371,7 +324,7 @@ index 6cce3bb..d80ae31 100644
+ lib/ns-pkcs11/tests/Makefile + lib/ns-pkcs11/tests/Makefile
lib/samples/Makefile lib/samples/Makefile
lib/samples/Makefile-postinstall lib/samples/Makefile-postinstall
unit/unittest.sh make/Makefile
diff --git a/lib/Makefile.in b/lib/Makefile.in diff --git a/lib/Makefile.in b/lib/Makefile.in
index ffa2d5a..6fbc192 100644 index ffa2d5a..6fbc192 100644
--- a/lib/Makefile.in --- a/lib/Makefile.in
@ -386,24 +339,27 @@ index ffa2d5a..6fbc192 100644
@BIND9_MAKE_RULES@ @BIND9_MAKE_RULES@
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
index 9125b10..593270d 100644 index 0ef3b5f..80683c2 100644
--- a/lib/dns-pkcs11/Makefile.in --- a/lib/dns-pkcs11/Makefile.in
+++ b/lib/dns-pkcs11/Makefile.in +++ b/lib/dns-pkcs11/Makefile.in
@@ -26,11 +26,11 @@ VERSION=@BIND9_VERSION@ @@ -26,14 +26,14 @@ VERSION=@BIND9_VERSION@
USE_ISC_SPNEGO = @USE_ISC_SPNEGO@ USE_ISC_SPNEGO = @USE_ISC_SPNEGO@
-CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \ -CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
+CINCLUDES = -I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} \ +CINCLUDES = -I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} \
${ISC_INCLUDES} ${MAXMINDDB_CFLAGS} \ ${ISC_INCLUDES} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@ ${OPENSSL_CFLAGS} @DST_GSSAPI_INC@ \
${JSON_C_CFLAGS} \
${LIBXML2_CFLAGS} \
${MAXMINDDB_CFLAGS}
-CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @USE_OPENSSL@ @USE_PKCS11@ -CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO}
+CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @USE_PKCS11@ -DUSE_OPENSSL=0 +CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @USE_PKCS11@
CWARNINGS = CWARNINGS =
@@ -138,15 +138,15 @@ version.@O@: version.c @@ -139,15 +139,15 @@ version.@O@: version.c
-DLIBAGE=${LIBAGE} \ -DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c -c ${srcdir}/version.c
@ -423,7 +379,7 @@ index 9125b10..593270d 100644
include: gen include: gen
${MAKE} include/dns/enumtype.h ${MAKE} include/dns/enumtype.h
@@ -177,22 +177,22 @@ gen: gen.c @@ -178,22 +178,22 @@ gen: gen.c
${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c \ ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c \
${BUILD_LIBS} ${LFS_LIBS} ${BUILD_LIBS} ${LFS_LIBS}
@ -452,7 +408,7 @@ index 9125b10..593270d 100644
rm -f include/dns/rdatastruct.h rm -f include/dns/rdatastruct.h
rm -f dnstap.pb-c.c dnstap.pb-c.h rm -f dnstap.pb-c.c dnstap.pb-c.h
diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in
index 0e91523..9351c3f 100644 index fd8ebb9..9384a4f 100644
--- a/lib/dns-pkcs11/tests/Makefile.in --- a/lib/dns-pkcs11/tests/Makefile.in
+++ b/lib/dns-pkcs11/tests/Makefile.in +++ b/lib/dns-pkcs11/tests/Makefile.in
@@ -15,14 +15,14 @@ VERSION=@BIND9_VERSION@ @@ -15,14 +15,14 @@ VERSION=@BIND9_VERSION@
@ -461,11 +417,11 @@ index 0e91523..9351c3f 100644
-CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \ -CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \
+CINCLUDES = -I. -Iinclude ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \ +CINCLUDES = -I. -Iinclude ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \
@OPENSSL_INCLUDES@ @CMOCKA_CFLAGS@ ${OPENSSL_CFLAGS} ${MAXMINDDB_CFLAGS} @CMOCKA_CFLAGS@
-CDEFINES = -DTESTS="\"${top_builddir}/lib/dns/tests/\"" -CDEFINES = -DTESTS="\"${top_builddir}/lib/dns/tests/\""
+CDEFINES = @USE_PKCS11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\"" +CDEFINES = @USE_PKCS11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\""
ISCLIBS = ../../isc/libisc.@A@ @OPENSSL_LIBS@ ISCLIBS = ../../isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCDEPLIBS = ../../isc/libisc.@A@ ISCDEPLIBS = ../../isc/libisc.@A@
-DNSLIBS = ../libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ -DNSLIBS = ../libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
-DNSDEPLIBS = ../libdns.@A@ -DNSDEPLIBS = ../libdns.@A@
@ -474,24 +430,11 @@ index 0e91523..9351c3f 100644
LIBS = @LIBS@ @CMOCKA_LIBS@ LIBS = @LIBS@ @CMOCKA_LIBS@
diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in
index 9125b10..70644d8 100644
--- a/lib/dns/Makefile.in
+++ b/lib/dns/Makefile.in
@@ -30,7 +30,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
${ISC_INCLUDES} ${MAXMINDDB_CFLAGS} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
-CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @USE_OPENSSL@ @USE_PKCS11@
+CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @USE_OPENSSL@
CWARNINGS =
diff --git a/lib/ns-pkcs11/Makefile.in b/lib/ns-pkcs11/Makefile.in diff --git a/lib/ns-pkcs11/Makefile.in b/lib/ns-pkcs11/Makefile.in
index 58d731a..47b4b98 100644 index 97aaaf6..c7ffc7b 100644
--- a/lib/ns-pkcs11/Makefile.in --- a/lib/ns-pkcs11/Makefile.in
+++ b/lib/ns-pkcs11/Makefile.in +++ b/lib/ns-pkcs11/Makefile.in
@@ -20,8 +20,8 @@ VERSION=@BIND9_VERSION@ @@ -20,11 +20,11 @@ VERSION=@BIND9_VERSION@
USE_ISC_SPNEGO = @USE_ISC_SPNEGO@ USE_ISC_SPNEGO = @USE_ISC_SPNEGO@
@ -499,10 +442,14 @@ index 58d731a..47b4b98 100644
- ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \ - ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
+CINCLUDES = -I. -I${top_srcdir}/lib/ns-pkcs11 -Iinclude \ +CINCLUDES = -I. -I${top_srcdir}/lib/ns-pkcs11 -Iinclude \
+ ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \ + ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@ ${OPENSSL_CFLAGS} @DST_GSSAPI_INC@
CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\" -CDEFINES = -DNAMED_PLUGINDIR=\"${plugindir}\"
@@ -32,9 +32,9 @@ ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@ +CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\"
CWARNINGS =
@@ -32,9 +32,9 @@ ISCLIBS = ../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS
ISCDEPLIBS = ../../lib/isc/libisc.@A@ ISCDEPLIBS = ../../lib/isc/libisc.@A@
@ -552,20 +499,21 @@ index 58d731a..47b4b98 100644
- rm -f libns.@A@ timestamp - rm -f libns.@A@ timestamp
+ rm -f libns-pkcs11.@A@ timestamp + rm -f libns-pkcs11.@A@ timestamp
diff --git a/lib/ns-pkcs11/tests/Makefile.in b/lib/ns-pkcs11/tests/Makefile.in diff --git a/lib/ns-pkcs11/tests/Makefile.in b/lib/ns-pkcs11/tests/Makefile.in
index ffd8f41..4a6cb1b 100644 index 70c77a4..87955a7 100644
--- a/lib/ns-pkcs11/tests/Makefile.in --- a/lib/ns-pkcs11/tests/Makefile.in
+++ b/lib/ns-pkcs11/tests/Makefile.in +++ b/lib/ns-pkcs11/tests/Makefile.in
@@ -15,16 +15,16 @@ VERSION=@BIND9_VERSION@ @@ -21,17 +21,17 @@ WRAP_NAME = -Wl,-install_name,${top_builddir}/lib/ns/tests/$@
WRAP_RPATH = -Wl,-rpath,${top_builddir}/lib/ns/tests
@BIND9_MAKE_INCLUDES@ WRAP_LIB = -L${top_builddir}/lib/ns/tests -lwrap
-CINCLUDES = -I. -Iinclude ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \ -CINCLUDES = -I. -Iinclude ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
+CINCLUDES = -I. -Iinclude ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \ +CINCLUDES = -I. -Iinclude ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \
@OPENSSL_INCLUDES@ @CMOCKA_CFLAGS@ ${OPENSSL_CFLAGS} \
@CMOCKA_CFLAGS@
-CDEFINES = -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\" -CDEFINES = -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\"
+CDEFINES = @USE_PKCS11@ -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\" +CDEFINES = -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\" @USE_PKCS11@
ISCLIBS = ../../isc/libisc.@A@ @OPENSSL_LIBS@ ISCLIBS = ../../isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCDEPLIBS = ../../isc/libisc.@A@ ISCDEPLIBS = ../../isc/libisc.@A@
-DNSLIBS = ../../dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ -DNSLIBS = ../../dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
-DNSDEPLIBS = ../../dns/libdns.@A@ -DNSDEPLIBS = ../../dns/libdns.@A@
@ -578,19 +526,6 @@ index ffd8f41..4a6cb1b 100644
LIBS = @LIBS@ @CMOCKA_LIBS@ LIBS = @LIBS@ @CMOCKA_LIBS@
diff --git a/lib/ns/Makefile.in b/lib/ns/Makefile.in
index 58d731a..a14728d 100644
--- a/lib/ns/Makefile.in
+++ b/lib/ns/Makefile.in
@@ -24,7 +24,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/ns -Iinclude \
${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
-CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\"
+CDEFINES = -DNAMED_PLUGINDIR=\"${plugindir}\"
CWARNINGS =
diff --git a/make/includes.in b/make/includes.in diff --git a/make/includes.in b/make/includes.in
index 48cdaf7..7b17738 100644 index 48cdaf7..7b17738 100644
--- a/make/includes.in --- a/make/includes.in

27
bind-9.11-engine-pkcs11.patch
View File

@ -1,27 +0,0 @@
From 37f89ccfc439f8d86c401d9ae10e94e53b924961 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Tue, 27 Aug 2019 20:39:59 +0200
Subject: [PATCH] Do not set engine for native PKCS11
It resets already set lib_path to pkcs11, which is invalid in native
pkcs11 crypto. Engine has to be path to PKCS#11 module.
---
bin/named/include/named/globals.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
index eda2214..2a611d5 100644
--- a/bin/named/include/named/globals.h
+++ b/bin/named/include/named/globals.h
@@ -160,7 +160,7 @@ EXTERN const char * ns_g_defaultdnstap INIT(NULL);
EXTERN const char * ns_g_username INIT(NULL);
-#if defined(USE_PKCS11)
+#if defined(USE_PKCS11) && !defined(PKCS11CRYPTO)
EXTERN const char * ns_g_engine INIT(PKCS11_ENGINE);
#else
EXTERN const char * ns_g_engine INIT(NULL);
--
2.20.1

100
bind-9.14-config-pkcs11.patch
View File

@ -1,4 +1,4 @@
From 233d3784d04bee37b772f391da8726f0cd7b223e Mon Sep 17 00:00:00 2001 From 2d8abd838870b58629ce55df411b6ba1b2c7288f Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com> From: Petr Mensik <pemensik@redhat.com>
Date: Fri, 18 Oct 2019 21:30:52 +0200 Date: Fri, 18 Oct 2019 21:30:52 +0200
Subject: [PATCH] Move USE_PKCS11 and USE_OPENSSL out of config.h Subject: [PATCH] Move USE_PKCS11 and USE_OPENSSL out of config.h
@ -8,17 +8,12 @@ USE_PKCS11 on part of build. That is not possible with config.h value.
Move it as normal define to CDEFINES. Move it as normal define to CDEFINES.
--- ---
bin/confgen/Makefile.in | 2 +- bin/confgen/Makefile.in | 2 +-
bin/dig/Makefile.in | 2 +-
bin/dnssec/Makefile.in | 2 +-
bin/named/Makefile.in | 2 +-
configure.ac | 8 ++++++-- configure.ac | 8 ++++++--
lib/dns/Makefile.in | 2 +-
lib/dns/dst_internal.h | 12 +++++++++--- lib/dns/dst_internal.h | 12 +++++++++---
lib/ns/Makefile.in | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-)
8 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
index dc3a7f6..1e0fe0e 100644 index 1f5165a..ef3e70c 100644
--- a/bin/confgen/Makefile.in --- a/bin/confgen/Makefile.in
+++ b/bin/confgen/Makefile.in +++ b/bin/confgen/Makefile.in
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@ @@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
@ -30,50 +25,11 @@ index dc3a7f6..1e0fe0e 100644
CWARNINGS = CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in
index 0601939..2317ec0 100644
--- a/bin/dig/Makefile.in
+++ b/bin/dig/Makefile.in
@@ -21,7 +21,7 @@ CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} \
${BIND9_INCLUDES} ${ISC_INCLUDES} \
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @OPENSSL_INCLUDES@
-CDEFINES = -DVERSION=\"${VERSION}\"
+CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@
CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index 321058b..1dad340 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @OPENSSL_INCLUDES@
-CDEFINES = -DVERSION=\"${VERSION}\"
+CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index eecfa76..e5b0d4b 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -49,7 +49,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${DBDRIVER_INCLUDES} ${MAXMINDDB_CFLAGS} \
@OPENSSL_INCLUDES@
-CDEFINES = @CONTRIB_DLZ@
+CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@
CWARNINGS =
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index 80039b7..6cce3bb 100644 index c69bc37..de6a248 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -963,9 +963,13 @@ AS_CASE([$enable_native_pkcs11], @@ -883,9 +883,13 @@ AS_CASE([$enable_native_pkcs11],
AC_SUBST([PKCS11_TEST]) AC_SUBST([PKCS11_TEST])
AC_SUBST([PKCS11_TOOLS]) AC_SUBST([PKCS11_TOOLS])
@ -89,64 +45,38 @@ index 80039b7..6cce3bb 100644
# preparation for automake # preparation for automake
# AM_CONDITIONAL([PKCS11_TOOLS], [test "$with_native_pkcs11" = "yes"]) # AM_CONDITIONAL([PKCS11_TOOLS], [test "$with_native_pkcs11" = "yes"])
diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in
index 60c87a8..9125b10 100644
--- a/lib/dns/Makefile.in
+++ b/lib/dns/Makefile.in
@@ -30,7 +30,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
${ISC_INCLUDES} ${MAXMINDDB_CFLAGS} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
-CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO}
+CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @USE_OPENSSL@ @USE_PKCS11@
CWARNINGS =
diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h
index bfa28f0..d3ff613 100644 index bce2a9f..ef9d045 100644
--- a/lib/dns/dst_internal.h --- a/lib/dns/dst_internal.h
+++ b/lib/dns/dst_internal.h +++ b/lib/dns/dst_internal.h
@@ -40,6 +40,13 @@ @@ -38,6 +38,13 @@
#include <isc/stdtime.h> #include <isc/stdtime.h>
#include <isc/hmac.h> #include <isc/types.h>
+#ifndef USE_OPENSSL
+#define USE_OPENSSL 1
+#endif
+#ifndef USE_PKCS11 +#ifndef USE_PKCS11
+#define USE_PKCS11 0 +#define USE_PKCS11 0
+#endif +#endif
+#ifndef USE_OPENSSL
+#define USE_OPENSSL (! USE_PKCS11)
+#endif
+ +
#if USE_PKCS11 #if USE_PKCS11
#include <pk11/pk11.h> #include <pk11/pk11.h>
#include <pk11/site.h> #include <pk11/site.h>
@@ -99,11 +106,10 @@ struct dst_key { @@ -98,11 +105,10 @@ struct dst_key {
void *generic; void *generic;
gss_ctx_id_t gssctx; gss_ctx_id_t gssctx;
DH *dh; DH *dh;
-#if USE_OPENSSL -#if USE_OPENSSL
- EVP_PKEY *pkey; - EVP_PKEY *pkey;
-#endif -#endif /* if USE_OPENSSL */
#if USE_PKCS11 #if USE_PKCS11
pk11_object_t *pkey; pk11_object_t *pkey;
+#else +#else
+ EVP_PKEY *pkey; + EVP_PKEY *pkey;
#endif #endif /* if USE_PKCS11 */
dst_hmac_key_t *hmac_key; dst_hmac_key_t *hmac_key;
} keydata; /*%< pointer to key in crypto pkg fmt */ } keydata; /*%< pointer to key in crypto pkg fmt */
diff --git a/lib/ns/Makefile.in b/lib/ns/Makefile.in
index a14728d..58d731a 100644
--- a/lib/ns/Makefile.in
+++ b/lib/ns/Makefile.in
@@ -24,7 +24,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/ns -Iinclude \
${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
-CDEFINES = -DNAMED_PLUGINDIR=\"${plugindir}\"
+CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\"
CWARNINGS =
-- --
2.20.1 2.21.1

9
bind.spec
View File

@ -57,6 +57,7 @@
%global sover_isc 1602 %global sover_isc 1602
%global sover_irs 1600 %global sover_irs 1600
%global sover_isccfg 1600 %global sover_isccfg 1600
%global sover_ns 1602
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
@ -115,7 +116,6 @@ Patch149:bind-9.11-kyua-pkcs11.patch
Patch137:bind-9.10-use-of-strlcat.patch Patch137:bind-9.10-use-of-strlcat.patch
Patch140:bind-9.11-rh1410433.patch Patch140:bind-9.11-rh1410433.patch
# Avoid conflicts with OpenSSL PKCS11 engine # Avoid conflicts with OpenSSL PKCS11 engine
Patch150:bind-9.11-engine-pkcs11.patch
Patch154:bind-9.11-oot-manual.patch Patch154:bind-9.11-oot-manual.patch
Patch157:bind-9.11-fips-tests.patch Patch157:bind-9.11-fips-tests.patch
Patch164:bind-9.11-rh1666814.patch Patch164:bind-9.11-rh1666814.patch
@ -445,7 +445,6 @@ cp -r lib/dns{,-pkcs11}
cp -r lib/ns{,-pkcs11} cp -r lib/ns{,-pkcs11}
%patch136 -p1 -b .dist_pkcs11 %patch136 -p1 -b .dist_pkcs11
%patch149 -p1 -b .kyua-pkcs11 %patch149 -p1 -b .kyua-pkcs11
%patch150 -p1 -b .engine-pkcs11
%endif %endif
%patch133 -p1 -b .rh640538 %patch133 -p1 -b .rh640538
@ -978,7 +977,7 @@ fi;
%files libs %files libs
%{_libdir}/libbind9.so.1600* %{_libdir}/libbind9.so.1600*
%{_libdir}/libisccc.so.1600* %{_libdir}/libisccc.so.1600*
%{_libdir}/libns.so.1602* %{_libdir}/libns.so.%{sover_ns}*
%files libs-lite %files libs-lite
%{_libdir}/libdns.so.%{sover_dns}* %{_libdir}/libdns.so.%{sover_dns}*
@ -1113,14 +1112,14 @@ fi;
%files pkcs11-libs %files pkcs11-libs
%{_libdir}/libdns-pkcs11.so.%{sover_dns}* %{_libdir}/libdns-pkcs11.so.%{sover_dns}*
%{_libdir}/libisc-pkcs11.so.%{sover_isc}* %{_libdir}/libns-pkcs11.so.%{sover_ns}*
%files pkcs11-devel %files pkcs11-devel
%{_includedir}/bind9/pk11/*.h %{_includedir}/bind9/pk11/*.h
%exclude %{_includedir}/bind9/pk11/site.h %exclude %{_includedir}/bind9/pk11/site.h
%{_includedir}/bind9/pkcs11 %{_includedir}/bind9/pkcs11
%{_libdir}/libdns-pkcs11.so %{_libdir}/libdns-pkcs11.so
%{_libdir}/libisc-pkcs11.so %{_libdir}/libns-pkcs11.so
%endif %endif
%if %{with DLZ} && %{with BDB} %if %{with DLZ} && %{with BDB}