76074cd59a
Reworked custom redhat version. Complete version is now part of library names. Libraries are not recommended for any third party application. They are still required for bind-dyndb-ldap only. Version of named changed, only suffix -RH is appended to upstream version. Therefore dig would not contain version 9.6.11-RedHat-9.6.11-1.fc34, but only 9.6.13-RH. Version of fedora build have to be obtained from rpm -q bind. Version is now part of library names, bind-libs-lite was merged to bind-libs. bind-dyndb-ldap needs whole bind, no point to offer smaller library set just for its dependencies. Updated also named(8) manual page to match current state of SELinux.
84 lines
2.4 KiB
Diff
84 lines
2.4 KiB
Diff
From e6ab9c67f0a14adc23c1067e03a106da1b1651b7 Mon Sep 17 00:00:00 2001
|
|
From: Petr Mensik <pemensik@redhat.com>
|
|
Date: Fri, 18 Oct 2019 21:30:52 +0200
|
|
Subject: [PATCH] Move USE_PKCS11 and USE_OPENSSL out of config.h
|
|
|
|
Building two variants with the same common code requires to unset
|
|
USE_PKCS11 on part of build. That is not possible with config.h value.
|
|
Move it as normal define to CDEFINES.
|
|
---
|
|
bin/confgen/Makefile.in | 2 +-
|
|
configure.ac | 8 ++++++--
|
|
lib/dns/dst_internal.h | 12 +++++++++---
|
|
3 files changed, 16 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
|
|
index 1b7512d..c126bf3 100644
|
|
--- a/bin/confgen/Makefile.in
|
|
+++ b/bin/confgen/Makefile.in
|
|
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
|
|
CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
|
|
${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
|
|
|
|
-CDEFINES =
|
|
+CDEFINES = @USE_PKCS11@
|
|
CWARNINGS =
|
|
|
|
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
|
|
diff --git a/configure.ac b/configure.ac
|
|
index f5483fe..08a7d8a 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -935,10 +935,14 @@ AC_SUBST([PKCS11_TEST])
|
|
AC_SUBST([PKCS11_TOOLS])
|
|
AC_SUBST([PKCS11_MANS])
|
|
|
|
+USE_PKCS11='-DUSE_PKCS11=0'
|
|
+USE_OPENSSL='-DUSE_OPENSSL=0'
|
|
AC_SUBST([CRYPTO])
|
|
AS_CASE([$CRYPTO],
|
|
- [pkcs11],[AC_DEFINE([USE_PKCS11], [1], [define if PKCS11 is used for Public-Key Cryptography])],
|
|
- [AC_DEFINE([USE_OPENSSL], [1], [define if OpenSSL is used for Public-Key Cryptography])])
|
|
+ [pkcs11],[USE_PKCS11='-DUSE_PKCS11=1'],
|
|
+ [USE_OPENSSL='-DUSE_OPENSSL=1'])
|
|
+AC_SUBST(USE_PKCS11)
|
|
+AC_SUBST(USE_OPENSSL)
|
|
|
|
# preparation for automake
|
|
# AM_CONDITIONAL([PKCS11_TOOLS], [test "$with_native_pkcs11" = "yes"])
|
|
diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h
|
|
index 2c3b4a3..55e9dc4 100644
|
|
--- a/lib/dns/dst_internal.h
|
|
+++ b/lib/dns/dst_internal.h
|
|
@@ -38,6 +38,13 @@
|
|
#include <isc/stdtime.h>
|
|
#include <isc/types.h>
|
|
|
|
+#ifndef USE_PKCS11
|
|
+#define USE_PKCS11 0
|
|
+#endif
|
|
+#ifndef USE_OPENSSL
|
|
+#define USE_OPENSSL (! USE_PKCS11)
|
|
+#endif
|
|
+
|
|
#if USE_PKCS11
|
|
#include <pk11/pk11.h>
|
|
#include <pk11/site.h>
|
|
@@ -116,11 +123,10 @@ struct dst_key {
|
|
void *generic;
|
|
dns_gss_ctx_id_t gssctx;
|
|
DH *dh;
|
|
-#if USE_OPENSSL
|
|
- EVP_PKEY *pkey;
|
|
-#endif /* if USE_OPENSSL */
|
|
#if USE_PKCS11
|
|
pk11_object_t *pkey;
|
|
+#else
|
|
+ EVP_PKEY *pkey;
|
|
#endif /* if USE_PKCS11 */
|
|
dst_hmac_key_t *hmac_key;
|
|
} keydata; /*%< pointer to key in crypto pkg fmt */
|
|
--
|
|
2.26.2
|
|
|