rpms/bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Added native PKCS#11 functionality

Browse Source 
Resolves: rhbz#1097752
Signed-off-by: Tomas Hozza <thozza@redhat.com>
This commit is contained in:
Tomas Hozza 2014-08-21 16:37:44 +02:00
parent 23b1421845
commit dce2d1bd1c
6 changed files with 20772 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
bind-9.5-sdb.patch
View File

@ -1,30 +1,30 @@
diff -up bind-9.9.3rc1/bin/Makefile.in.sdb bind-9.9.3rc1/bin/Makefile.in diff -up bind-9.9.4-P2/bin/Makefile.in.sdb bind-9.9.4-P2/bin/Makefile.in
--- bind-9.9.3rc1/bin/Makefile.in.sdb 2013-04-05 00:21:21.000000000 +0200 --- bind-9.9.4-P2/bin/Makefile.in.sdb 2013-12-20 01:28:28.000000000 +0100
+++ bind-9.9.3rc1/bin/Makefile.in 2013-04-16 15:21:22.286944331 +0200 +++ bind-9.9.4-P2/bin/Makefile.in 2014-07-22 10:29:23.940233449 +0200
@@ -19,8 +19,8 @@ srcdir = @srcdir@ @@ -19,8 +19,8 @@ srcdir = @srcdir@
VPATH = @srcdir@ VPATH = @srcdir@
top_srcdir = @top_srcdir@ top_srcdir = @top_srcdir@
-SUBDIRS = named rndc dig dnssec tools tests nsupdate \ -SUBDIRS = named named-pkcs11 rndc dig dnssec dnssec-pkcs11 tools tests nsupdate \
- check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@ - check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
+SUBDIRS = named named-sdb rndc dig dnssec tools tests nsupdate \ +SUBDIRS = named named-pkcs11 named-sdb rndc dig dnssec dnssec-pkcs11 tools tests nsupdate \
+ check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@ sdb_tools + check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@ sdb_tools
TARGETS = TARGETS =
@BIND9_MAKE_RULES@ @BIND9_MAKE_RULES@
diff -up bind-9.9.3rc1/bin/named/Makefile.in.sdb bind-9.9.3rc1/bin/named/Makefile.in diff -up bind-9.9.4-P2/bin/named/Makefile.in.sdb bind-9.9.4-P2/bin/named/Makefile.in
--- bind-9.9.3rc1/bin/named/Makefile.in.sdb 2013-04-16 15:21:22.102944727 +0200 --- bind-9.9.4-P2/bin/named/Makefile.in.sdb 2014-07-22 10:29:23.873233351 +0200
+++ bind-9.9.3rc1/bin/named/Makefile.in 2013-04-16 15:21:22.286944331 +0200 +++ bind-9.9.4-P2/bin/named/Makefile.in 2014-07-22 10:30:43.247348398 +0200
@@ -49,7 +49,7 @@ CINCLUDES = -I${srcdir}/include -I${srcd @@ -52,7 +52,7 @@ CINCLUDES = -I${srcdir}/include -I${srcd
${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@ ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
-CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @USE_OPENSSL@ -CDEFINES = @CONTRIB_DLZ@ @CRYPTO@
+CDEFINES = @USE_PKCS11@ @USE_OPENSSL@ +CDEFINES = @CRYPTO@
CWARNINGS = CWARNINGS =
@@ -73,11 +73,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} @@ -79,11 +79,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS}
LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \ ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \
@ -38,7 +38,7 @@ diff -up bind-9.9.3rc1/bin/named/Makefile.in.sdb bind-9.9.3rc1/bin/named/Makefil
SUBDIRS = unix SUBDIRS = unix
@@ -90,8 +90,7 @@ OBJS = builtin.@O@ client.@O@ config.@O @@ -96,8 +96,7 @@ OBJS = builtin.@O@ client.@O@ config.@O
tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \ tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \
zoneconf.@O@ \ zoneconf.@O@ \
lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \ lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \
@ -48,7 +48,7 @@ diff -up bind-9.9.3rc1/bin/named/Makefile.in.sdb bind-9.9.3rc1/bin/named/Makefil
UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@ UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@
@@ -104,8 +103,7 @@ SRCS = builtin.c client.c config.c cont @@ -110,8 +109,7 @@ SRCS = builtin.c client.c config.c cont
tkeyconf.c tsigconf.c update.c xfrout.c \ tkeyconf.c tsigconf.c update.c xfrout.c \
zoneconf.c \ zoneconf.c \
lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \ lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \
@ -58,7 +58,7 @@ diff -up bind-9.9.3rc1/bin/named/Makefile.in.sdb bind-9.9.3rc1/bin/named/Makefil
MANPAGES = named.8 lwresd.8 named.conf.5 MANPAGES = named.8 lwresd.8 named.conf.5
@@ -180,7 +178,5 @@ install:: named@EXEEXT@ lwresd@EXEEXT@ i @@ -187,7 +185,5 @@ install:: named@EXEEXT@ lwresd@EXEEXT@ i
${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8 ${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8
${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5 ${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5
@ -66,9 +66,9 @@ diff -up bind-9.9.3rc1/bin/named/Makefile.in.sdb bind-9.9.3rc1/bin/named/Makefil
- -
named-symtbl.@O@: named-symtbl.c named-symtbl.@O@: named-symtbl.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c named-symtbl.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c named-symtbl.c
diff -up bind-9.9.3rc1/bin/named-sdb/main.c.sdb bind-9.9.3rc1/bin/named-sdb/main.c diff -up bind-9.9.4-P2/bin/named-sdb/main.c.sdb bind-9.9.4-P2/bin/named-sdb/main.c
--- bind-9.9.3rc1/bin/named-sdb/main.c.sdb 2013-04-16 15:21:22.249944411 +0200 --- bind-9.9.4-P2/bin/named-sdb/main.c.sdb 2014-07-22 10:29:23.919233417 +0200
+++ bind-9.9.3rc1/bin/named-sdb/main.c 2013-04-16 15:21:22.287944329 +0200 +++ bind-9.9.4-P2/bin/named-sdb/main.c 2014-07-22 10:29:23.940233449 +0200
@@ -83,6 +83,9 @@ @@ -83,6 +83,9 @@
* Include header files for database drivers here. * Include header files for database drivers here.
*/ */
@ -79,7 +79,7 @@ diff -up bind-9.9.3rc1/bin/named-sdb/main.c.sdb bind-9.9.3rc1/bin/named-sdb/main
#ifdef CONTRIB_DLZ #ifdef CONTRIB_DLZ
/* /*
@@ -808,6 +811,10 @@ setup(void) { @@ -814,6 +817,10 @@ setup(void) {
ns_main_earlyfatal("isc_app_start() failed: %s", ns_main_earlyfatal("isc_app_start() failed: %s",
isc_result_totext(result)); isc_result_totext(result));
@ -90,7 +90,7 @@ diff -up bind-9.9.3rc1/bin/named-sdb/main.c.sdb bind-9.9.3rc1/bin/named-sdb/main
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE, "starting %s %s%s", ns_g_product, ISC_LOG_NOTICE, "starting %s %s%s", ns_g_product,
ns_g_version, saved_command_line); ns_g_version, saved_command_line);
@@ -920,6 +927,57 @@ setup(void) { @@ -926,6 +933,57 @@ setup(void) {
isc_result_totext(result)); isc_result_totext(result));
#endif #endif
@ -148,7 +148,7 @@ diff -up bind-9.9.3rc1/bin/named-sdb/main.c.sdb bind-9.9.3rc1/bin/named-sdb/main
ns_server_create(ns_g_mctx, &ns_g_server); ns_server_create(ns_g_mctx, &ns_g_server);
} }
@@ -951,6 +1009,10 @@ cleanup(void) { @@ -957,6 +1015,10 @@ cleanup(void) {
dns_name_destroy(); dns_name_destroy();
@ -159,10 +159,10 @@ diff -up bind-9.9.3rc1/bin/named-sdb/main.c.sdb bind-9.9.3rc1/bin/named-sdb/main
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE, "exiting"); ISC_LOG_NOTICE, "exiting");
ns_log_shutdown(); ns_log_shutdown();
diff -up bind-9.9.3rc1/bin/named-sdb/Makefile.in.sdb bind-9.9.3rc1/bin/named-sdb/Makefile.in diff -up bind-9.9.4-P2/bin/named-sdb/Makefile.in.sdb bind-9.9.4-P2/bin/named-sdb/Makefile.in
--- bind-9.9.3rc1/bin/named-sdb/Makefile.in.sdb 2013-04-16 15:21:22.243944424 +0200 --- bind-9.9.4-P2/bin/named-sdb/Makefile.in.sdb 2014-07-22 10:29:23.917233415 +0200
+++ bind-9.9.3rc1/bin/named-sdb/Makefile.in 2013-04-16 15:21:22.287944329 +0200 +++ bind-9.9.4-P2/bin/named-sdb/Makefile.in 2014-07-22 10:29:23.941233449 +0200
@@ -32,10 +32,10 @@ top_srcdir = @top_srcdir@ @@ -34,10 +34,10 @@ top_srcdir = @top_srcdir@
# #
# Add database drivers here. # Add database drivers here.
# #
@ -176,7 +176,7 @@ diff -up bind-9.9.3rc1/bin/named-sdb/Makefile.in.sdb bind-9.9.3rc1/bin/named-sdb
DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers
@@ -81,7 +81,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BI @@ -87,7 +87,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BI
SUBDIRS = unix SUBDIRS = unix
@ -185,7 +185,7 @@ diff -up bind-9.9.3rc1/bin/named-sdb/Makefile.in.sdb bind-9.9.3rc1/bin/named-sdb
OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \
controlconf.@O@ interfacemgr.@O@ \ controlconf.@O@ interfacemgr.@O@ \
@@ -139,7 +139,7 @@ config.@O@: config.c bind.keys.h @@ -146,7 +146,7 @@ config.@O@: config.c bind.keys.h
-DNS_SYSCONFDIR=\"${sysconfdir}\" \ -DNS_SYSCONFDIR=\"${sysconfdir}\" \
-c ${srcdir}/config.c -c ${srcdir}/config.c
@ -194,7 +194,7 @@ diff -up bind-9.9.3rc1/bin/named-sdb/Makefile.in.sdb bind-9.9.3rc1/bin/named-sdb
export MAKE_SYMTABLE="yes"; \ export MAKE_SYMTABLE="yes"; \
export BASEOBJS="${OBJS} ${UOBJS}"; \ export BASEOBJS="${OBJS} ${UOBJS}"; \
${FINALBUILDCMD} ${FINALBUILDCMD}
@@ -170,15 +170,9 @@ statschannel.@O@: bind9.xsl.h bind9.ver3 @@ -177,15 +177,9 @@ statschannel.@O@: bind9.xsl.h bind9.ver3
installdirs: installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
@ -212,12 +212,12 @@ diff -up bind-9.9.3rc1/bin/named-sdb/Makefile.in.sdb bind-9.9.3rc1/bin/named-sdb
@DLZ_DRIVER_RULES@ @DLZ_DRIVER_RULES@
diff -up bind-9.9.3rc1/configure.in.sdb bind-9.9.3rc1/configure.in diff -up bind-9.9.4-P2/configure.in.sdb bind-9.9.4-P2/configure.in
--- bind-9.9.3rc1/configure.in.sdb 2013-04-16 15:21:22.208944499 +0200 --- bind-9.9.4-P2/configure.in.sdb 2014-07-22 10:29:23.909233403 +0200
+++ bind-9.9.3rc1/configure.in 2013-04-16 15:21:19.395950103 +0200 +++ bind-9.9.4-P2/configure.in 2014-07-22 10:29:23.942233450 +0200
@@ -3651,12 +3651,15 @@ AC_CONFIG_FILES([ @@ -3900,12 +3900,15 @@ AC_CONFIG_FILES([
bin/dnssec/Makefile bin/named-pkcs11/Makefile
bin/named/Makefile bin/named-pkcs11/unix/Makefile
bin/named/unix/Makefile bin/named/unix/Makefile
+ bin/named-sdb/Makefile + bin/named-sdb/Makefile
+ bin/named-sdb/unix/Makefile + bin/named-sdb/unix/Makefile

745
bind-9.9-dist-native-pkcs11.patch Normal file
View File

@ -0,0 +1,745 @@
diff --git a/bin/Makefile.in b/bin/Makefile.in
index 87ca5b2..187ec23 100644
--- a/bin/Makefile.in
+++ b/bin/Makefile.in
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-SUBDIRS = named rndc dig dnssec tools tests nsupdate \
+SUBDIRS = named named-pkcs11 rndc dig dnssec dnssec-pkcs11 tools tests nsupdate \
check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
TARGETS =
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
index 4f1bf90..3da5277 100644
--- a/bin/dnssec-pkcs11/Makefile.in
+++ b/bin/dnssec-pkcs11/Makefile.in
@@ -23,18 +23,18 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
-CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES}
+CINCLUDES = ${DNS_PKCS11_INCLUDES} ${ISC_PKCS11_INCLUDES}
CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@ @PKCS11_ENGINE@ \
- @CRYPTO@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
+ @CRYPTO_PK11@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
CWARNINGS =
-DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-ISCLIBS = ../../lib/isc/libisc.@A@
-ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @DNS_CRYPTO_PK11_LIBS@
+ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
+ISCNOSYMLIBS = ../../lib/isc-pkcs11/libisc-pkcs11-nosymtbl.@A@
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
-ISCDEPLIBS = ../../lib/isc/libisc.@A@
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
+ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
@@ -43,10 +43,10 @@ LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
NOSYMLIBS = ${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
# Alphabetically
-TARGETS = dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@ \
- dnssec-keyfromlabel@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
- dnssec-revoke@EXEEXT@ dnssec-settime@EXEEXT@ \
- dnssec-verify@EXEEXT@ dnssec-importkey@EXEEXT@
+TARGETS = dnssec-keygen-pkcs11@EXEEXT@ dnssec-signzone-pkcs11@EXEEXT@ \
+ dnssec-keyfromlabel-pkcs11@EXEEXT@ dnssec-dsfromkey-pkcs11@EXEEXT@ \
+ dnssec-revoke-pkcs11@EXEEXT@ dnssec-settime-pkcs11@EXEEXT@ \
+ dnssec-verify-pkcs11@EXEEXT@ dnssec-importkey-pkcs11@EXEEXT@
OBJS = dnssectool.@O@
@@ -67,15 +67,15 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES}
@BIND9_MAKE_RULES@
-dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
+dnssec-dsfromkey-pkcs11@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \
${FINALBUILDCMD}
-dnssec-keyfromlabel@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
+dnssec-keyfromlabel-pkcs11@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
export BASEOBJS="dnssec-keyfromlabel.@O@ ${OBJS}"; \
${FINALBUILDCMD}
-dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
+dnssec-keygen-pkcs11@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \
${FINALBUILDCMD}
@@ -83,7 +83,7 @@ dnssec-signzone.@O@: dnssec-signzone.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-c ${srcdir}/dnssec-signzone.c
-dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
+dnssec-signzone-pkcs11@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
${FINALBUILDCMD}
@@ -91,19 +91,19 @@ dnssec-verify.@O@: dnssec-verify.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-c ${srcdir}/dnssec-verify.c
-dnssec-verify@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}
+dnssec-verify-pkcs11@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}
export BASEOBJS="dnssec-verify.@O@ ${OBJS}"; \
${FINALBUILDCMD}
-dnssec-revoke@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
+dnssec-revoke-pkcs11@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
dnssec-revoke.@O@ ${OBJS} ${LIBS}
-dnssec-settime@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}
+dnssec-settime-pkcs11@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
dnssec-settime.@O@ ${OBJS} ${LIBS}
-dnssec-importkey@EXEEXT@: dnssec-importkey.@O@ ${OBJS} ${DEPLIBS}
+dnssec-importkey-pkcs11@EXEEXT@: dnssec-importkey.@O@ ${OBJS} ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
dnssec-importkey.@O@ ${OBJS} ${LIBS}
@@ -114,11 +114,9 @@ docclean manclean maintainer-clean::
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
install:: ${TARGETS} installdirs
for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done
- for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
clean distclean::
rm -f ${TARGETS}
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index 4f1bf90..e1132ea 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -25,7 +25,7 @@ top_srcdir = @top_srcdir@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES}
-CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@ @PKCS11_ENGINE@ \
+CDEFINES = -DVERSION=\"${VERSION}\" \
@CRYPTO@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
CWARNINGS =
diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in
index 10cbdec..c70af88 100644
--- a/bin/named-pkcs11/Makefile.in
+++ b/bin/named-pkcs11/Makefile.in
@@ -47,26 +47,26 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@
DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@
CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
- ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
- ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
+ ${LWRES_INCLUDES} ${DNS_PKCS11_INCLUDES} ${BIND9_INCLUDES} \
+ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_PKCS11_INCLUDES} \
${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
-CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO@
+CDEFINES = @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO_PK11@
CWARNINGS =
-DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCCCLIBS = ../../lib/isccc/libisccc.@A@
-ISCLIBS = ../../lib/isc/libisc.@A@
+ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@
LWRESLIBS = ../../lib/lwres/liblwres.@A@
BIND9LIBS = ../../lib/bind9/libbind9.@A@
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@
-ISCDEPLIBS = ../../lib/isc/libisc.@A@
+ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@
BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
@@ -75,15 +75,15 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \
- ${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBS@
+ @LIBS@
NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCNOSYMLIBS} \
- ${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBS@
+ @LIBS@
SUBDIRS = unix
-TARGETS = named@EXEEXT@ lwresd@EXEEXT@
+TARGETS = named-pkcs11@EXEEXT@
OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \
controlconf.@O@ interfacemgr.@O@ \
@@ -92,8 +92,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \
tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \
zoneconf.@O@ \
lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \
- lwdgnba.@O@ lwdgrbn.@O@ lwdnoop.@O@ lwsearch.@O@ \
- ${DLZDRIVER_OBJS} ${DBDRIVER_OBJS}
+ lwdgnba.@O@ lwdgrbn.@O@ lwdnoop.@O@ lwsearch.@O@
UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@
@@ -106,8 +105,7 @@ SRCS = builtin.c client.c config.c control.c \
tkeyconf.c tsigconf.c update.c xfrout.c \
zoneconf.c \
lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \
- lwdgnba.c lwdgrbn.c lwdnoop.c lwsearch.c \
- ${DLZDRIVER_SRCS} ${DBDRIVER_SRCS}
+ lwdgnba.c lwdgrbn.c lwdnoop.c lwsearch.c
MANPAGES = named.8 lwresd.8 named.conf.5
@@ -143,7 +141,7 @@ config.@O@: config.c bind.keys.h
-DNS_SYSCONFDIR=\"${sysconfdir}\" \
-c ${srcdir}/config.c
-named@EXEEXT@: ${OBJS} ${UOBJS} ${DEPLIBS}
+named-pkcs11@EXEEXT@: ${OBJS} ${UOBJS} ${DEPLIBS}
export MAKE_SYMTABLE="yes"; \
export BASEOBJS="${OBJS} ${UOBJS}"; \
${FINALBUILDCMD}
@@ -174,15 +172,9 @@ statschannel.@O@: bind9.xsl.h bind9.ver3.xsl.h
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5
- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
-
-install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}
- (cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@)
- ${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8
- ${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8
- ${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5
+
+install:: named-pkcs11@EXEEXT@ installdirs
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-pkcs11@EXEEXT@ ${DESTDIR}${sbindir}
@DLZ_DRIVER_RULES@
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index 10cbdec..1be4e2f 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -51,7 +51,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
-CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO@
+CDEFINES = @CONTRIB_DLZ@ @CRYPTO@
CWARNINGS =
diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in
index 15d3fb5..32cc753 100644
--- a/bin/pkcs11/Makefile.in
+++ b/bin/pkcs11/Makefile.in
@@ -20,13 +20,13 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
-CINCLUDES = ${ISC_INCLUDES}
+CINCLUDES = ${ISC_PKCS11_INCLUDES}
CDEFINES =
-ISCLIBS = ../../lib/isc/libisc.@A@
+ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
-ISCDEPLIBS = ../../lib/isc/libisc.@A@
+ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
DEPLIBS = ${ISCDEPLIBS}
diff --git a/configure.in b/configure.in
index 4ab50d8..917b98b 100644
--- a/configure.in
+++ b/configure.in
@@ -671,10 +671,10 @@ AC_ARG_WITH(pkcs11,
openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw"
if test "$use_openssl" = "auto"
then
- if test "$want_native_pkcs11" = "yes"
- then
- use_openssl="native_pkcs11"
- else
+# if test "$want_native_pkcs11" = "yes"
+# then
+# use_openssl="native_pkcs11"
+# else
for d in $openssldirs
do
if test -f $d/include/openssl/opensslv.h
@@ -683,7 +683,7 @@ then
break
fi
done
- fi
+# fi
fi
OPENSSL_ECDSA=""
OPENSSL_GOST=""
@@ -742,11 +742,11 @@ case "$use_openssl" in
If you don't want OpenSSL, use --without-openssl])
;;
*)
- if test "$want_native_pkcs11" = "yes"
- then
- AC_MSG_RESULT()
- AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
- fi
+# if test "$want_native_pkcs11" = "yes"
+# then
+# AC_MSG_RESULT()
+# AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
+# fi
if test "$use_openssl" = "yes"
then
# User did not specify a path - guess it
@@ -1026,6 +1026,7 @@ AC_SUBST(OPENSSL_ECDSA)
AC_SUBST(OPENSSL_GOST)
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DNS_OPENSSL_LIBS"
+DNS_CRYPTO_PK11_LIBS="$DNS_CRYPTO_LIBS"
#
# Use OpenSSL for hash functions
@@ -1209,7 +1210,7 @@ case "$use_pkcs11" in
esac
AC_SUBST(PKCS11_PROVIDER)
-
+CRYPTO_PK11=""
PKCS11_ECDSA=""
PKCS11_GOST=""
AC_MSG_CHECKING(for native PKCS11)
@@ -1217,7 +1218,7 @@ AC_MSG_CHECKING(for native PKCS11)
case "$want_native_pkcs11" in
yes)
AC_MSG_RESULT(using native PKCS11 crypto)
- CRYPTO="-DPKCS11CRYPTO"
+ CRYPTO_PK11="-DPKCS11CRYPTO"
PKCS11LINKOBJS='${PKCS11LINKOBJS}'
PKCS11LINKSRCS='${PKCS11LINKSRCS}'
PKCS11_TEST=pkcs11
@@ -1254,6 +1255,7 @@ esac
AC_SUBST(PKCS11LINKOBJS)
AC_SUBST(PKCS11LINKSRCS)
AC_SUBST(CRYPTO)
+AC_SUBST(CRYPTO_PK11)
AC_SUBST(PKCS11_ECDSA)
AC_SUBST(PKCS11_GOST)
AC_SUBST(PKCS11_TEST)
@@ -1465,12 +1467,13 @@ AC_SUBST(USE_GSSAPI)
AC_SUBST(DST_GSSAPI_INC)
AC_SUBST(DNS_GSSAPI_LIBS)
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS"
-
+DNS_CRYPTO_PK11_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_PK11_LIBS"
#
# Applications linking with libdns also need to link with these libraries.
#
AC_SUBST(DNS_CRYPTO_LIBS)
+AC_SUBST(DNS_CRYPTO_PK11_LIBS)
#
# was --with-randomdev specified?
@@ -4010,7 +4013,10 @@ AC_CONFIG_FILES([
bin/confgen/unix/Makefile
bin/dig/Makefile
bin/dnssec/Makefile
+ bin/dnssec-pkcs11/Makefile
bin/named/Makefile
+ bin/named-pkcs11/Makefile
+ bin/named-pkcs11/unix/Makefile
bin/named/unix/Makefile
bin/nsupdate/Makefile
bin/pkcs11/Makefile
@@ -4088,11 +4094,19 @@ AC_CONFIG_FILES([
lib/dns/include/dns/Makefile
lib/dns/include/dst/Makefile
lib/dns/tests/Makefile
+ lib/dns-pkcs11/Makefile
+ lib/dns-pkcs11/include/Makefile
+ lib/dns-pkcs11/include/dns/Makefile
+ lib/dns-pkcs11/include/dst/Makefile
lib/export/Makefile
lib/export/dns/Makefile
lib/export/dns/include/Makefile
lib/export/dns/include/dns/Makefile
lib/export/dns/include/dst/Makefile
+ lib/export/dns-pkcs11/Makefile
+ lib/export/dns-pkcs11/include/Makefile
+ lib/export/dns-pkcs11/include/dns/Makefile
+ lib/export/dns-pkcs11/include/dst/Makefile
lib/export/irs/Makefile
lib/export/irs/include/Makefile
lib/export/irs/include/irs/Makefile
@@ -4106,6 +4120,16 @@ AC_CONFIG_FILES([
lib/export/isc/unix/Makefile
lib/export/isc/unix/include/Makefile
lib/export/isc/unix/include/isc/Makefile
+ lib/export/isc-pkcs11/$thread_dir/Makefile
+ lib/export/isc-pkcs11/$thread_dir/include/Makefile
+ lib/export/isc-pkcs11/$thread_dir/include/isc/Makefile
+ lib/export/isc-pkcs11/Makefile
+ lib/export/isc-pkcs11/include/Makefile
+ lib/export/isc-pkcs11/include/isc/Makefile
+ lib/export/isc-pkcs11/nls/Makefile
+ lib/export/isc-pkcs11/unix/Makefile
+ lib/export/isc-pkcs11/unix/include/Makefile
+ lib/export/isc-pkcs11/unix/include/isc/Makefile
lib/export/isccfg/Makefile
lib/export/isccfg/include/Makefile
lib/export/isccfg/include/isccfg/Makefile
@@ -4134,6 +4158,24 @@ AC_CONFIG_FILES([
lib/isc/unix/include/Makefile
lib/isc/unix/include/isc/Makefile
lib/isc/unix/include/pkcs11/Makefile
+ lib/isc-pkcs11/$arch/Makefile
+ lib/isc-pkcs11/$arch/include/Makefile
+ lib/isc-pkcs11/$arch/include/isc/Makefile
+ lib/isc-pkcs11/$thread_dir/Makefile
+ lib/isc-pkcs11/$thread_dir/include/Makefile
+ lib/isc-pkcs11/$thread_dir/include/isc/Makefile
+ lib/isc-pkcs11/Makefile
+ lib/isc-pkcs11/include/Makefile
+ lib/isc-pkcs11/include/isc/Makefile
+ lib/isc-pkcs11/include/isc/platform.h
+ lib/isc-pkcs11/include/pk11/Makefile
+ lib/isc-pkcs11/include/pkcs11/Makefile
+ lib/isc-pkcs11/tests/Makefile
+ lib/isc-pkcs11/nls/Makefile
+ lib/isc-pkcs11/unix/Makefile
+ lib/isc-pkcs11/unix/include/Makefile
+ lib/isc-pkcs11/unix/include/isc/Makefile
+ lib/isc-pkcs11/unix/include/pkcs11/Makefile
lib/isccc/Makefile
lib/isccc/include/Makefile
lib/isccc/include/isccc/Makefile
diff --git a/lib/Makefile.in b/lib/Makefile.in
index 8dc1d38..8e48d5e 100644
--- a/lib/Makefile.in
+++ b/lib/Makefile.in
@@ -23,7 +23,7 @@ top_srcdir = @top_srcdir@
# Attempt to disable parallel processing.
.NOTPARALLEL:
.NO_PARALLEL:
-SUBDIRS = isc isccc dns isccfg bind9 lwres tests
+SUBDIRS = isc isccc dns isccfg bind9 lwres tests isc-pkcs11 dns-pkcs11
TARGETS =
@BIND9_MAKE_RULES@
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
index 4204121..d26b84e 100644
--- a/lib/dns-pkcs11/Makefile.in
+++ b/lib/dns-pkcs11/Makefile.in
@@ -27,16 +27,16 @@ top_srcdir = @top_srcdir@
USE_ISC_SPNEGO = @USE_ISC_SPNEGO@
-CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \
+CINCLUDES = -I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} ${ISC_PKCS11_INCLUDES} \
@DST_OPENSSL_INC@ @DST_GSSAPI_INC@
-CDEFINES = -DUSE_MD5 @CRYPTO@ @USE_GSSAPI@ ${USE_ISC_SPNEGO}
+CDEFINES = -DUSE_MD5 @CRYPTO_PK11@ @USE_GSSAPI@ ${USE_ISC_SPNEGO}
CWARNINGS =
-ISCLIBS = ../../lib/isc/libisc.@A@
+ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
-ISCDEPLIBS = ../../lib/isc/libisc.@A@
+ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
LIBS = @LIBS@
@@ -132,27 +132,27 @@ dynamic_db.@O@: dynamic_db.c
-DDYNDB_LIBDIR=\"@libdir@/bind/\" \
-c ${srcdir}/dynamic_db.c
-libdns.@SA@: ${OBJS}
+libdns-pkcs11.@SA@: ${OBJS}
${AR} ${ARFLAGS} $@ ${OBJS}
${RANLIB} $@
-libdns.la: ${OBJS}
+libdns-pkcs11.la: ${OBJS}
${LIBTOOL_MODE_LINK} \
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns.la -rpath ${libdir} \
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-pkcs11.la -rpath ${libdir} \
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
- ${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
+ ${OBJS} ${ISCLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS}
-timestamp: libdns.@A@
+timestamp: libdns-pkcs11.@A@
touch timestamp
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libdns.@A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libdns-pkcs11.@A@ ${DESTDIR}${libdir}
clean distclean::
- rm -f libdns.@A@ timestamp
+ rm -f libdns-pkcs11.@A@ timestamp
rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
rm -f include/dns/rdatastruct.h
@@ -182,7 +182,7 @@ code.h: gen
./gen -s ${srcdir} > code.h
gen: gen.c
- ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
+ ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc-pkcs11/include \
${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
rbtdb64.@O@: rbtdb.c
diff --git a/lib/export/Makefile.in b/lib/export/Makefile.in
index 1fd7216..a8a1342 100644
--- a/lib/export/Makefile.in
+++ b/lib/export/Makefile.in
@@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@
# Attempt to disable parallel processing.
.NOTPARALLEL:
.NO_PARALLEL:
-SUBDIRS = isc dns isccfg irs samples
+SUBDIRS = isc dns isccfg irs samples isc-pkcs11 dns-pkcs11
TARGETS =
@BIND9_MAKE_RULES@
diff --git a/lib/export/dns-pkcs11/Makefile.in b/lib/export/dns-pkcs11/Makefile.in
index e10bf59..669509f 100644
--- a/lib/export/dns-pkcs11/Makefile.in
+++ b/lib/export/dns-pkcs11/Makefile.in
@@ -15,7 +15,7 @@
# $Id$
top_srcdir = @top_srcdir@
-srcdir = @top_srcdir@/lib/dns
+srcdir = @top_srcdir@/lib/dns-pkcs11
export_srcdir = @top_srcdir@/lib/export
# Attempt to disable parallel processing.
@@ -28,16 +28,16 @@ export_srcdir = @top_srcdir@/lib/export
@BIND9_MAKE_INCLUDES@
-CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} -I${export_srcdir}/isc/include \
- ${ISC_INCLUDES} @DST_OPENSSL_INC@ @DST_GSSAPI_INC@
+CINCLUDES = -I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} -I${export_srcdir}/isc-pkcs11/include \
+ ${ISC_PKCS11_INCLUDES} @DST_OPENSSL_INC@ @DST_GSSAPI_INC@
-CDEFINES = -DUSE_MD5 @CRYPTO@ @USE_GSSAPI@
+CDEFINES = -DUSE_MD5 @CRYPTO_PK11@ @USE_GSSAPI@
CWARNINGS =
-ISCLIBS = ../isc/libisc-export.@A@
+ISCLIBS = ../isc-pkcs11/libisc-pkcs11-export.@A@
-ISCDEPLIBS = ../isc/libisc-export.@A@
+ISCDEPLIBS = ../isc-pkcs11/libisc-pkcs11-export.@A@
LIBS = @LIBS@
@@ -116,29 +116,29 @@ version.@O@: ${srcdir}/version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
-libdns-export.@SA@: ${OBJS}
+libdns-pkcs11-export.@SA@: ${OBJS}
${AR} ${ARFLAGS} $@ ${OBJS}
${RANLIB} $@
-libdns-export.la: ${OBJS}
+libdns-pkcs11-export.la: ${OBJS}
${LIBTOOL_MODE_LINK} \
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-export.la \
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-pkcs11-export.la \
-rpath ${export_libdir} \
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
- ${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
+ ${OBJS} ${ISCLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS}
-timestamp: libdns-export.@A@
+timestamp: libdns-pkcs11-export.@A@
touch timestamp
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libdns-export.@A@ \
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libdns-pkcs11-export.@A@ \
${DESTDIR}${export_libdir}/
clean distclean::
- rm -f libdns-export.@A@ timestamp
+ rm -f libdns-pkcs11-export.@A@ timestamp
rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
rm -f include/dns/rdatastruct.h
diff --git a/lib/export/isc-pkcs11/Makefile.in b/lib/export/isc-pkcs11/Makefile.in
index 70f2a77..25bfd4d 100644
--- a/lib/export/isc-pkcs11/Makefile.in
+++ b/lib/export/isc-pkcs11/Makefile.in
@@ -15,7 +15,7 @@
# $Id: Makefile.in,v 1.8 2010/06/09 23:50:58 tbox Exp $
top_srcdir = @top_srcdir@
-srcdir = @top_srcdir@/lib/isc
+srcdir = @top_srcdir@/lib/isc-pkcs11
export_srcdir = @top_srcdir@/lib/export
@BIND9_VERSION@
@@ -25,9 +25,9 @@ export_srcdir = @top_srcdir@/lib/export
CINCLUDES = -I${srcdir}/unix/include \
-I${srcdir}/@ISC_THREAD_DIR@/include \
-I${srcdir}/@ISC_ARCH_DIR@/include \
- -I${export_srcdir}/isc/include -I${srcdir}/include \
+ -I${export_srcdir}/isc-pkcs11/include -I${srcdir}/include \
@ISC_OPENSSL_INC@
-CDEFINES = @CRYPTO@ -DUSE_APPIMPREGISTER -DUSE_MEMIMPREGISTER \
+CDEFINES = @CRYPTO_PK11@ -DUSE_APPIMPREGISTER -DUSE_MEMIMPREGISTER \
-DUSE_SOCKETIMPREGISTER -DUSE_TASKIMPREGISTER \
-DUSE_TIMERIMPREGISTER
CWARNINGS =
@@ -121,26 +121,26 @@ version.@O@: ${srcdir}/version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
-libisc-export.@SA@: ${OBJS}
+libisc-pkcs11-export.@SA@: ${OBJS}
${AR} ${ARFLAGS} $@ ${OBJS}
${RANLIB} $@
-libisc-export.la: ${OBJS}
+libisc-pkcs11-export.la: ${OBJS}
${LIBTOOL_MODE_LINK} \
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-export.la \
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-pkcs11-export.la \
-rpath ${export_libdir} \
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
${OBJS} ${LIBS}
-timestamp: libisc-export.@A@
+timestamp: libisc-pkcs11-export.@A@
touch timestamp
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisc-export.@A@ \
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisc-pkcs11-export.@A@ \
${DESTDIR}${export_libdir}
clean distclean::
- rm -f libisc-export.@A@ libisc-export.la timestamp
+ rm -f libisc-pkcs11-export.@A@ libisc-pkcs11-export.la timestamp
diff --git a/lib/isc-pkcs11/Makefile.in b/lib/isc-pkcs11/Makefile.in
index 0fbedc3..de2977d 100644
--- a/lib/isc-pkcs11/Makefile.in
+++ b/lib/isc-pkcs11/Makefile.in
@@ -31,8 +31,8 @@ CINCLUDES = -I${srcdir}/unix/include \
-I${srcdir}/@ISC_THREAD_DIR@/include \
-I${srcdir}/@ISC_ARCH_DIR@/include \
-I./include \
- -I${srcdir}/include @ISC_OPENSSL_INC@ ${DNS_INCLUDES}
-CDEFINES = @CRYPTO@ -DPK11_LIB_LOCATION=\"${PROVIDER}\"
+ -I${srcdir}/include ${DNS_PKCS11_INCLUDES}
+CDEFINES = @CRYPTO_PK11@ -DPK11_LIB_LOCATION=\"${PROVIDER}\"
CWARNINGS =
# Alphabetically
@@ -111,35 +111,35 @@ version.@O@: version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
-libisc.@SA@: ${OBJS} ${SYMTBLOBJS}
+libisc-pkcs11.@SA@: ${OBJS} ${SYMTBLOBJS}
${AR} ${ARFLAGS} $@ ${OBJS} ${SYMTBLOBJS}
${RANLIB} $@
-libisc-nosymtbl.@SA@: ${OBJS}
+libisc-pkcs11-nosymtbl.@SA@: ${OBJS}
${AR} ${ARFLAGS} $@ ${OBJS}
${RANLIB} $@
-libisc.la: ${OBJS} ${SYMTBLOBJS}
+libisc-pkcs11.la: ${OBJS} ${SYMTBLOBJS}
${LIBTOOL_MODE_LINK} \
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc.la -rpath ${libdir} \
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-pkcs11.la -rpath ${libdir} \
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
${OBJS} ${SYMTBLOBJS} ${LIBS}
-libisc-nosymtbl.la: ${OBJS}
+libisc-pkcs11-nosymtbl.la: ${OBJS}
${LIBTOOL_MODE_LINK} \
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-nosymtbl.la -rpath ${libdir} \
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-pkcs11-nosymtbl.la -rpath ${libdir} \
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
${OBJS} ${LIBS}
-timestamp: libisc.@A@ libisc-nosymtbl.@A@
+timestamp: libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@
touch timestamp
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libisc.@A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libisc-pkcs11.@A@ ${DESTDIR}${libdir}
clean distclean::
- rm -f libisc.@A@ libisc-nosymtbl.@A@ libisc.la \
- libisc-nosymtbl.la timestamp
+ rm -f libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@ libisc-pkcs11.la \
+ libisc-pkcs11-nosymtbl.la timestamp
diff --git a/make/includes.in b/make/includes.in
index f2f1b3f..639477c 100644
--- a/make/includes.in
+++ b/make/includes.in
@@ -46,3 +46,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
TEST_INCLUDES = \
-I${top_srcdir}/lib/tests/include
+
+ISC_PKCS11_INCLUDES = @BIND9_ISC_BUILDINCLUDE@ \
+ -I${top_srcdir}/lib/isc-pkcs11 \
+ -I${top_srcdir}/lib/isc-pkcs11/include \
+ -I${top_srcdir}/lib/isc-pkcs11/unix/include \
+ -I${top_srcdir}/lib/isc-pkcs11/@ISC_THREAD_DIR@/include \
+ -I${top_srcdir}/lib/isc-pkcs11/@ISC_ARCH_DIR@/include
+
+DNS_PKCS11_INCLUDES = @BIND9_DNS_BUILDINCLUDE@ \
+ -I${top_srcdir}/lib/dns-pkcs11/include

19840
bind-9.9-native-pkcs11.patch Normal file
View File

File diff suppressed because it is too large Load Diff

143
bind.spec
View File

@ -11,11 +11,7 @@
%{?!bind_uid: %global bind_uid 25} %{?!bind_uid: %global bind_uid 25}
%{?!bind_gid: %global bind_gid 25} %{?!bind_gid: %global bind_gid 25}
%{?!GSSTSIG: %global GSSTSIG 1} %{?!GSSTSIG: %global GSSTSIG 1}
%if 0%{?rhel}
%{?!PKCS11: %global PKCS11 0}
%else
%{?!PKCS11: %global PKCS11 1} %{?!PKCS11: %global PKCS11 1}
%endif
%{?!DEVEL: %global DEVEL 1} %{?!DEVEL: %global DEVEL 1}
%{?!developer: %global developer 0} %{?!developer: %global developer 0}
%global bind_dir /var/named %global bind_dir /var/named
@ -28,7 +24,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind Name: bind
License: ISC License: ISC
Version: 9.9.6 Version: 9.9.6
Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Release: 2%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32 Epoch: 32
Url: http://www.isc.org/products/BIND/ Url: http://www.isc.org/products/BIND/
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -60,6 +56,7 @@ Source43: named.rwtab
Source44: named-chroot-setup.service Source44: named-chroot-setup.service
Source45: named-sdb-chroot-setup.service Source45: named-sdb-chroot-setup.service
Source46: named-setup-rndc.service Source46: named-setup-rndc.service
Source47: named-pkcs11.service
# Common patches # Common patches
Patch10: bind-9.5-PIE.patch Patch10: bind-9.5-PIE.patch
@ -69,7 +66,6 @@ Patch87: bind-9.5-parallel-build.patch
Patch101:bind-96-old-api.patch Patch101:bind-96-old-api.patch
Patch102:bind-95-rh452060.patch Patch102:bind-95-rh452060.patch
Patch106:bind93-rh490837.patch Patch106:bind93-rh490837.patch
Patch107:bind97-dist-pkcs11.patch
Patch109:bind97-rh478718.patch Patch109:bind97-rh478718.patch
Patch110:bind97-rh570851.patch Patch110:bind97-rh570851.patch
Patch111:bind97-exportlib.patch Patch111:bind97-exportlib.patch
@ -83,6 +79,9 @@ Patch131:bind-9.9.1-P2-multlib-conflict.patch
Patch133:bind99-rh640538.patch Patch133:bind99-rh640538.patch
Patch134:bind97-rh669163.patch Patch134:bind97-rh669163.patch
Patch135:bind99-rh985918.patch Patch135:bind99-rh985918.patch
# Native PKCS#11 functionality from 9.10
Patch136:bind-9.9-native-pkcs11.patch
Patch137:bind-9.9-dist-native-pkcs11.patch
# SDB patches # SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch Patch11: bind-9.3.2b2-sdbsrc.patch
@ -136,14 +135,47 @@ tools for verifying that the DNS server is operating properly.
%if %{PKCS11} %if %{PKCS11}
%package pkcs11 %package pkcs11
Summary: Bind PKCS#11 tools for using DNSSEC Summary: Bind with native PKCS#11 functionality for crypto
Group: System Environment/Daemons Group: System Environment/Daemons
Requires: engine_pkcs11 opensc Requires: systemd-units
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description pkcs11 %description pkcs11
This is a version of BIND server built with native PKCS#11 functionality.
It is important to have SoftHSM v2+ installed and some token initialized.
For other supported HSM modules please check the BIND documentation.
%package pkcs11-utils
Summary: Bind tools with native PKCS#11 for using DNSSEC
Group: System Environment/Daemons
Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
Obsoletes: bind-pkcs11 < 32:9.9.4-16.P2
%description pkcs11-utils
This is a set of PKCS#11 utilities that when used together create rsa This is a set of PKCS#11 utilities that when used together create rsa
keys in a PKCS11 keystore, such as provided by opencryptoki. The keys keys in a PKCS11 keystore. Also utilities for working with DNSSEC
will have a label of "zone,zsk|ksk,xxx" and an id of the keytag in hex. compiled with native PKCS#11 functionality are included.
%package pkcs11-libs
Summary: Bind libraries compiled with native PKCS#11
Group: System Environment/Daemons
Requires: engine_pkcs11
Requires: bind-license = %{epoch}:%{version}-%{release}
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description pkcs11-libs
This is a set of BIND libraries (dns, isc) compiled with native PKCS#11
functionality.
%package pkcs11-devel
Summary: Development files for Bind libraries compiled with native PKCS#11
Group: System Environment/Daemons
Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description pkcs11-devel
This a set of development files for BIND libraries (dns, isc) compiled
with native PKCS#11 functionality.
%endif %endif
%if %{SDB} %if %{SDB}
@ -152,6 +184,7 @@ Summary: BIND server with database backends and DLZ support
Group: System Environment/Daemons Group: System Environment/Daemons
Requires: bind Requires: bind
Requires: systemd-units Requires: systemd-units
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description sdb %description sdb
@ -237,8 +270,8 @@ Group: System Environment/Daemons
Prefix: %{chroot_prefix} Prefix: %{chroot_prefix}
Requires(post): grep Requires(post): grep
Requires(preun):grep Requires(preun):grep
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
Requires: systemd-units Requires: systemd-units
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
%description chroot %description chroot
This package contains a tree of files which can be used as a This package contains a tree of files which can be used as a
@ -249,7 +282,7 @@ Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
%package sdb-chroot %package sdb-chroot
Summary: A chroot runtime environment for the ISC BIND DNS server, named-sdb(8) Summary: A chroot runtime environment for the ISC BIND DNS server, named-sdb(8)
Group: System Environment/Daemons Group: System Environment/Daemons
Prefix: %{chroot_prefix} Prefix: %{chroot_sdb_prefix}
Requires: bind-sdb%{?_isa} = %{epoch}:%{version}-%{release} Requires: bind-sdb%{?_isa} = %{epoch}:%{version}-%{release}
Requires: systemd-units Requires: systemd-units
@ -275,7 +308,6 @@ Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
%patch102 -p1 -b .rh452060 %patch102 -p1 -b .rh452060
%patch106 -p0 -b .rh490837 %patch106 -p0 -b .rh490837
%patch107 -p1 -b .dist-pkcs11
%patch109 -p1 -b .rh478718 %patch109 -p1 -b .rh478718
%patch110 -p1 -b .rh570851 %patch110 -p1 -b .rh570851
%patch111 -p1 -b .exportlib %patch111 -p1 -b .exportlib
@ -288,6 +320,17 @@ popd
%patch125 -p1 -b .buildfix %patch125 -p1 -b .buildfix
%patch130 -p1 -b .libdb %patch130 -p1 -b .libdb
%patch131 -p1 -b .multlib-conflict %patch131 -p1 -b .multlib-conflict
%patch136 -p1 -b .native_pkcs11
%if %{PKCS11}
cp -r bin/named{,-pkcs11}
cp -r bin/dnssec{,-pkcs11}
cp -r lib/isc{,-pkcs11}
cp -r lib/dns{,-pkcs11}
cp -r lib/export/isc{,-pkcs11}
cp -r lib/export/dns{,-pkcs11}
%patch137 -p1 -b .dist_pkcs11
%endif
%if %{SDB} %if %{SDB}
%patch101 -p1 -b .old-api %patch101 -p1 -b .old-api
@ -314,6 +357,7 @@ cp -fp contrib/sdb/pgsql/zonetodb.c bin/sdb_tools
cp -fp contrib/sdb/sqlite/zone2sqlite.c bin/sdb_tools cp -fp contrib/sdb/sqlite/zone2sqlite.c bin/sdb_tools
%patch12 -p1 -b .sdb %patch12 -p1 -b .sdb
%endif %endif
%if %{SDB} %if %{SDB}
%patch17 -p1 -b .fix_sdb_ldap %patch17 -p1 -b .fix_sdb_ldap
%endif %endif
@ -359,7 +403,8 @@ libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f
--with-export-includedir=%{_includedir} \ --with-export-includedir=%{_includedir} \
--includedir=%{_includedir}/bind9 \ --includedir=%{_includedir}/bind9 \
%if %{PKCS11} %if %{PKCS11}
--with-pkcs11=%{_libdir}/pkcs11/PKCS11_API.so \ --enable-native-pkcs11 \
--with-pkcs11=%{_libdir}/pkcs11/libsofthsm2.so \
%endif %endif
%if %{SDB} %if %{SDB}
--with-dlopen=yes \ --with-dlopen=yes \
@ -485,6 +530,10 @@ install -m 644 %{SOURCE40} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE45} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE45} ${RPM_BUILD_ROOT}%{_unitdir}
%endif %endif
%if %{PKCS11}
install -m 644 %{SOURCE47} ${RPM_BUILD_ROOT}%{_unitdir}
%endif
mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir} mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir}
install -m 755 %{SOURCE41} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh install -m 755 %{SOURCE41} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh
install -m 755 %{SOURCE42} ${RPM_BUILD_ROOT}%{_libexecdir}/generate-rndc-key.sh install -m 755 %{SOURCE42} ${RPM_BUILD_ROOT}%{_libexecdir}/generate-rndc-key.sh
@ -527,6 +576,22 @@ install -m 644 %{SOURCE33} ${RPM_BUILD_ROOT}%{_mandir}/man1/zonetodb.1
install -m 644 %{SOURCE34} ${RPM_BUILD_ROOT}%{_mandir}/man1/zone2sqlite.1 install -m 644 %{SOURCE34} ${RPM_BUILD_ROOT}%{_mandir}/man1/zone2sqlite.1
%endif %endif
# PKCS11 versions manpages
%if %{PKCS11}
pushd ${RPM_BUILD_ROOT}%{_mandir}/man8
ln -s named.8.gz named-pkcs11.8.gz
ln -s dnssec-checkds.8.gz dnssec-checkds-pkcs11.8.gz
ln -s dnssec-coverage.8.gz dnssec-coverage-pkcs11.8.gz
ln -s dnssec-dsfromkey.8.gz dnssec-dsfromkey-pkcs11.8.gz
ln -s dnssec-keyfromlabel.8.gz dnssec-keyfromlabel-pkcs11.8.gz
ln -s dnssec-keygen.8.gz dnssec-keygen-pkcs11.8.gz
ln -s dnssec-revoke.8.gz dnssec-revoke-pkcs11.8.gz
ln -s dnssec-settime.8.gz dnssec-settime-pkcs11.8.gz
ln -s dnssec-signzone.8.gz dnssec-signzone-pkcs11.8.gz
ln -s dnssec-verify.8.gz dnssec-verify-pkcs11.8.gz
popd
%endif
# Ghost config files: # Ghost config files:
touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log
@ -599,6 +664,20 @@ fi
%systemd_postun_with_restart named-sdb.service %systemd_postun_with_restart named-sdb.service
%endif %endif
%if %{PKCS11}
%post pkcs11
# Initial installation
%systemd_post named-pkcs11.service
%preun pkcs11
# Package removal, not upgrade
%systemd_preun named-pkcs11.service
%postun pkcs11
# Package upgrade, not uninstall
%systemd_postun_with_restart named-pkcs11.service
%endif
%triggerpostun -n bind -- bind <= 32:9.5.0-20.b1 %triggerpostun -n bind -- bind <= 32:9.5.0-20.b1
if [ "$1" -gt 0 ]; then if [ "$1" -gt 0 ]; then
[ -e /etc/rndc.key ] && chown root:named /etc/rndc.key [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
@ -801,6 +880,7 @@ rm -rf ${RPM_BUILD_ROOT}
%{_sbindir}/genrandom %{_sbindir}/genrandom
%{_sbindir}/nsec3hash %{_sbindir}/nsec3hash
%{_sbindir}/dnssec* %{_sbindir}/dnssec*
%exclude %{_sbindir}/dnssec*pkcs11
%{_sbindir}/isc-hmac-fixup %{_sbindir}/isc-hmac-fixup
%{_sbindir}/named-checkzone %{_sbindir}/named-checkzone
%{_sbindir}/named-compilezone %{_sbindir}/named-compilezone
@ -813,6 +893,7 @@ rm -rf ${RPM_BUILD_ROOT}
%{_mandir}/man8/genrandom.8* %{_mandir}/man8/genrandom.8*
%{_mandir}/man8/nsec3hash.8* %{_mandir}/man8/nsec3hash.8*
%{_mandir}/man8/dnssec*.8* %{_mandir}/man8/dnssec*.8*
%exclude %{_mandir}/man8/dnssec*-pkcs11.8*
%{_mandir}/man8/isc-hmac-fixup.8* %{_mandir}/man8/isc-hmac-fixup.8*
%{_mandir}/man8/named-checkzone.8* %{_mandir}/man8/named-checkzone.8*
%{_mandir}/man8/named-compilezone.8* %{_mandir}/man8/named-compilezone.8*
@ -828,6 +909,7 @@ rm -rf ${RPM_BUILD_ROOT}
%{_libdir}/libisccfg.so %{_libdir}/libisccfg.so
%{_libdir}/liblwres.so %{_libdir}/liblwres.so
%{_includedir}/bind9 %{_includedir}/bind9
%exclude %{_includedir}/bind9/pkcs11
%{_mandir}/man1/isc-config.sh.1* %{_mandir}/man1/isc-config.sh.1*
%{_mandir}/man1/bind9-config.1* %{_mandir}/man1/bind9-config.1*
%{_mandir}/man3/lwres* %{_mandir}/man3/lwres*
@ -910,14 +992,43 @@ rm -rf ${RPM_BUILD_ROOT}
%if %{PKCS11} %if %{PKCS11}
%files pkcs11 %files pkcs11
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc COPYRIGHT %{_sbindir}/named-pkcs11
%{_unitdir}/named-pkcs11.service
%{_mandir}/man8/named-pkcs11.8*
%files pkcs11-utils
%defattr(-,root,root,-)
%{_sbindir}/dnssec*pkcs11
%{_sbindir}/pkcs11-destroy %{_sbindir}/pkcs11-destroy
%{_sbindir}/pkcs11-keygen %{_sbindir}/pkcs11-keygen
%{_sbindir}/pkcs11-list %{_sbindir}/pkcs11-list
%{_mandir}/man8/pkcs11* %{_sbindir}/pkcs11-tokens
%{_mandir}/man8/pkcs11*.8*
%{_mandir}/man8/dnssec*-pkcs11.8*
%files pkcs11-libs
%defattr(-,root,root,-)
%{_libdir}/libdns-pkcs11.so.104*
%{_libdir}/libisc-pkcs11.so.95*
%{_libdir}/libdns-pkcs11-export.so.104*
%{_libdir}/libisc-pkcs11-export.so.95*
%files pkcs11-devel
%defattr(-,root,root,-)
%{_includedir}/bind9/pkcs11
%{_libdir}/libdns-pkcs11.so
%{_libdir}/libisc-pkcs11.so
%{_libdir}/libdns-pkcs11-export.so
%{_libdir}/libisc-pkcs11-export.so
%endif %endif
%changelog %changelog
* Tue Oct 14 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-2
- Added native PKCS#11 functionality (#1097752)
- bind-sdb now requires bind due to configuration and other utilities
- bind-pkcs11 now requires bind due to configuration and other utilities
* Thu Oct 02 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-1 * Thu Oct 02 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-1
- Update to 9.9.6 - Update to 9.9.6
- drop merged patches and rebase some of existing patches - drop merged patches and rebase some of existing patches

22
bind97-dist-pkcs11.patch
View File

@ -1,22 +0,0 @@
diff -up bind-9.7.0b1/configure.in.dist-pkcs11 bind-9.7.0b1/configure.in
--- bind-9.7.0b1/configure.in.dist-pkcs11 2009-11-03 11:37:25.481430279 +0100
+++ bind-9.7.0b1/configure.in 2009-11-03 11:41:04.573930858 +0100
@@ -721,15 +721,16 @@ AC_ARG_WITH(pkcs11,
case "$use_pkcs11" in
no|'')
AC_MSG_RESULT(disabled)
- USE_PKCS11=''
PKCS11_TOOLS=''
;;
yes|*)
AC_MSG_RESULT(using OpenSSL with PKCS11 support)
- USE_PKCS11='-DUSE_PKCS11'
PKCS11_TOOLS=pkcs11
;;
esac
+# We don't want to automatically load engine because it needs to have openct,
+# opencryptoki and friends installed.
+USE_PKCS11=''
AC_SUBST(USE_PKCS11)
AC_SUBST(PKCS11_TOOLS)

26
named-pkcs11.service Normal file
View File

@ -0,0 +1,26 @@
[Unit]
Description=Berkeley Internet Name Domain (DNS) with native PKCS#11
Wants=nss-lookup.target
Wants=network-online.target
Wants=named-setup-rndc.service
Before=nss-lookup.target
After=network-online.target
After=named-setup-rndc.service
[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/run/named/named.pid
ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf
ExecStart=/usr/sbin/named-pkcs11 -u named $OPTIONS
ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
PrivateTmp=true
[Install]
WantedBy=multi-user.target