a38c250807
- Use more recent kyua, upstream bind now requires parallelism. - Make global so version variables for libraries with multiple builds. Signed-off-by: Petr Menšík <pemensik@redhat.com>
624 lines
21 KiB
Diff
624 lines
21 KiB
Diff
diff --git a/bin/Makefile.in b/bin/Makefile.in
|
|
index f0c504a..ce7a2da 100644
|
|
--- a/bin/Makefile.in
|
|
+++ b/bin/Makefile.in
|
|
@@ -11,8 +11,8 @@ srcdir = @srcdir@
|
|
VPATH = @srcdir@
|
|
top_srcdir = @top_srcdir@
|
|
|
|
-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \
|
|
- @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests
|
|
+SUBDIRS = named named-pkcs11 rndc dig delv dnssec dnssec-pkcs11 tools nsupdate \
|
|
+ check confgen @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests
|
|
TARGETS =
|
|
|
|
@BIND9_MAKE_RULES@
|
|
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
|
|
index 1be1d5f..0f09216 100644
|
|
--- a/bin/dnssec-pkcs11/Makefile.in
|
|
+++ b/bin/dnssec-pkcs11/Makefile.in
|
|
@@ -17,18 +17,18 @@ VERSION=@BIND9_VERSION@
|
|
|
|
@BIND9_MAKE_INCLUDES@
|
|
|
|
-CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
|
|
+CINCLUDES = ${DNS_PKCS11_INCLUDES} ${ISC_PKCS11_INCLUDES}
|
|
|
|
CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@ @PKCS11_ENGINE@ \
|
|
- @CRYPTO@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
|
|
+ @CRYPTO_PK11@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
|
|
CWARNINGS =
|
|
|
|
-DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
|
|
-ISCLIBS = ../../lib/isc/libisc.@A@
|
|
-ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@
|
|
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@
|
|
+ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
|
|
+ISCNOSYMLIBS = ../../lib/isc-pkcs11/libisc-pkcs11-nosymtbl.@A@
|
|
|
|
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
|
|
-ISCDEPLIBS = ../../lib/isc/libisc.@A@
|
|
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
|
|
+ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
|
|
|
|
DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
|
|
|
|
@@ -37,10 +37,10 @@ LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
|
|
NOSYMLIBS = ${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
|
|
|
|
# Alphabetically
|
|
-TARGETS = dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@ \
|
|
- dnssec-keyfromlabel@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
|
|
- dnssec-revoke@EXEEXT@ dnssec-settime@EXEEXT@ \
|
|
- dnssec-verify@EXEEXT@ dnssec-importkey@EXEEXT@
|
|
+TARGETS = dnssec-keygen-pkcs11@EXEEXT@ dnssec-signzone-pkcs11@EXEEXT@ \
|
|
+ dnssec-keyfromlabel-pkcs11@EXEEXT@ dnssec-dsfromkey-pkcs11@EXEEXT@ \
|
|
+ dnssec-revoke-pkcs11@EXEEXT@ dnssec-settime-pkcs11@EXEEXT@ \
|
|
+ dnssec-verify-pkcs11@EXEEXT@ dnssec-importkey-pkcs11@EXEEXT@
|
|
|
|
OBJS = dnssectool.@O@
|
|
|
|
@@ -61,15 +61,15 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES}
|
|
|
|
@BIND9_MAKE_RULES@
|
|
|
|
-dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
|
|
+dnssec-dsfromkey-pkcs11@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
|
|
export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \
|
|
${FINALBUILDCMD}
|
|
|
|
-dnssec-keyfromlabel@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
|
|
+dnssec-keyfromlabel-pkcs11@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
|
|
export BASEOBJS="dnssec-keyfromlabel.@O@ ${OBJS}"; \
|
|
${FINALBUILDCMD}
|
|
|
|
-dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
|
|
+dnssec-keygen-pkcs11@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
|
|
export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \
|
|
${FINALBUILDCMD}
|
|
|
|
@@ -77,7 +77,7 @@ dnssec-signzone.@O@: dnssec-signzone.c
|
|
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
|
|
-c ${srcdir}/dnssec-signzone.c
|
|
|
|
-dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
|
|
+dnssec-signzone-pkcs11@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
|
|
export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
|
|
${FINALBUILDCMD}
|
|
|
|
@@ -85,19 +85,19 @@ dnssec-verify.@O@: dnssec-verify.c
|
|
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
|
|
-c ${srcdir}/dnssec-verify.c
|
|
|
|
-dnssec-verify@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}
|
|
+dnssec-verify-pkcs11@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}
|
|
export BASEOBJS="dnssec-verify.@O@ ${OBJS}"; \
|
|
${FINALBUILDCMD}
|
|
|
|
-dnssec-revoke@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
|
|
+dnssec-revoke-pkcs11@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
|
|
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
|
|
dnssec-revoke.@O@ ${OBJS} ${LIBS}
|
|
|
|
-dnssec-settime@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}
|
|
+dnssec-settime-pkcs11@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}
|
|
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
|
|
dnssec-settime.@O@ ${OBJS} ${LIBS}
|
|
|
|
-dnssec-importkey@EXEEXT@: dnssec-importkey.@O@ ${OBJS} ${DEPLIBS}
|
|
+dnssec-importkey-pkcs11@EXEEXT@: dnssec-importkey.@O@ ${OBJS} ${DEPLIBS}
|
|
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
|
|
dnssec-importkey.@O@ ${OBJS} ${LIBS}
|
|
|
|
@@ -108,14 +108,11 @@ docclean manclean maintainer-clean::
|
|
|
|
installdirs:
|
|
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
|
|
- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
|
|
|
|
install:: ${TARGETS} installdirs
|
|
for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done
|
|
- for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
|
|
|
|
uninstall::
|
|
- for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m ; done
|
|
for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t ; done
|
|
|
|
clean distclean::
|
|
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
|
|
index 1be1d5f..fc983bf 100644
|
|
--- a/bin/dnssec/Makefile.in
|
|
+++ b/bin/dnssec/Makefile.in
|
|
@@ -19,7 +19,7 @@ VERSION=@BIND9_VERSION@
|
|
|
|
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
|
|
|
|
-CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@ @PKCS11_ENGINE@ \
|
|
+CDEFINES = -DVERSION=\"${VERSION}\" \
|
|
@CRYPTO@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
|
|
CWARNINGS =
|
|
|
|
diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in
|
|
index e1f85a9..2effa69 100644
|
|
--- a/bin/named-pkcs11/Makefile.in
|
|
+++ b/bin/named-pkcs11/Makefile.in
|
|
@@ -43,26 +43,26 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@
|
|
DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@
|
|
|
|
CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
|
|
- ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
|
|
- ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
|
|
+ ${LWRES_INCLUDES} ${DNS_PKCS11_INCLUDES} ${BIND9_INCLUDES} \
|
|
+ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_PKCS11_INCLUDES} \
|
|
${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
|
|
|
|
-CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO@
|
|
+CDEFINES = @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO_PK11@
|
|
|
|
CWARNINGS =
|
|
|
|
-DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
|
|
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@
|
|
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
|
|
ISCCCLIBS = ../../lib/isccc/libisccc.@A@
|
|
-ISCLIBS = ../../lib/isc/libisc.@A@
|
|
+ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
|
|
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@
|
|
LWRESLIBS = ../../lib/lwres/liblwres.@A@
|
|
BIND9LIBS = ../../lib/bind9/libbind9.@A@
|
|
|
|
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
|
|
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
|
|
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
|
|
ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@
|
|
-ISCDEPLIBS = ../../lib/isc/libisc.@A@
|
|
+ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
|
|
LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@
|
|
BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
|
|
|
|
@@ -71,15 +71,15 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
|
|
|
|
LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
|
|
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \
|
|
- ${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBS@
|
|
+ @LIBS@
|
|
|
|
NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
|
|
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCNOSYMLIBS} \
|
|
- ${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBS@
|
|
+ @LIBS@
|
|
|
|
SUBDIRS = unix
|
|
|
|
-TARGETS = named@EXEEXT@ lwresd@EXEEXT@
|
|
+TARGETS = named-pkcs11@EXEEXT@
|
|
|
|
GEOIPLINKOBJS = geoip.@O@
|
|
|
|
@@ -90,8 +90,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \
|
|
tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \
|
|
zoneconf.@O@ \
|
|
lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \
|
|
- lwdgnba.@O@ lwdgrbn.@O@ lwdnoop.@O@ lwsearch.@O@ \
|
|
- ${DLZDRIVER_OBJS} ${DBDRIVER_OBJS}
|
|
+ lwdgnba.@O@ lwdgrbn.@O@ lwdnoop.@O@ lwsearch.@O@
|
|
|
|
UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@
|
|
|
|
@@ -106,8 +105,7 @@ SRCS = builtin.c client.c config.c control.c \
|
|
tkeyconf.c tsigconf.c update.c xfrout.c \
|
|
zoneconf.c \
|
|
lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \
|
|
- lwdgnba.c lwdgrbn.c lwdnoop.c lwsearch.c \
|
|
- ${DLZDRIVER_SRCS} ${DBDRIVER_SRCS}
|
|
+ lwdgnba.c lwdgrbn.c lwdnoop.c lwsearch.c
|
|
|
|
MANPAGES = named.8 lwresd.8 named.conf.5
|
|
|
|
@@ -146,14 +144,14 @@ server.@O@: server.c
|
|
-DPRODUCT=\"${PRODUCT}\" \
|
|
-DVERSION=\"${VERSION}\" -c ${srcdir}/server.c
|
|
|
|
-named@EXEEXT@: ${OBJS} ${DEPLIBS}
|
|
+named-pkcs11@EXEEXT@: ${OBJS} ${DEPLIBS}
|
|
export MAKE_SYMTABLE="yes"; \
|
|
export BASEOBJS="${OBJS} ${UOBJS}"; \
|
|
${FINALBUILDCMD}
|
|
|
|
-lwresd@EXEEXT@: named@EXEEXT@
|
|
+lwresd@EXEEXT@: named-pkcs11@EXEEXT@
|
|
rm -f lwresd@EXEEXT@
|
|
- @LN@ named@EXEEXT@ lwresd@EXEEXT@
|
|
+ @LN@ named-pkcs11@EXEEXT@ lwresd@EXEEXT@
|
|
|
|
doc man:: ${MANOBJS}
|
|
|
|
@@ -173,22 +171,12 @@ statschannel.@O@: bind9.xsl.h
|
|
|
|
installdirs:
|
|
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
|
|
- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5
|
|
- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
|
|
|
|
-install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs
|
|
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}
|
|
- (cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@)
|
|
- ${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8
|
|
- ${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8
|
|
- ${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5
|
|
+install:: named-pkcs11@EXEEXT@ installdirs
|
|
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-pkcs11@EXEEXT@ ${DESTDIR}${sbindir}
|
|
|
|
uninstall::
|
|
- rm -f ${DESTDIR}${mandir}/man5/named.conf.5
|
|
- rm -f ${DESTDIR}${mandir}/man8/lwresd.8
|
|
- rm -f ${DESTDIR}${mandir}/man8/named.8
|
|
- rm -f ${DESTDIR}${sbindir}/lwresd@EXEEXT@
|
|
- ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named@EXEEXT@
|
|
+ ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-pkcs11@EXEEXT@
|
|
|
|
@DLZ_DRIVER_RULES@
|
|
|
|
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
|
|
index e1f85a9..b7493c5 100644
|
|
--- a/bin/named/Makefile.in
|
|
+++ b/bin/named/Makefile.in
|
|
@@ -47,7 +47,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
|
|
${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
|
|
${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
|
|
|
|
-CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO@
|
|
+CDEFINES = @CONTRIB_DLZ@ @CRYPTO@
|
|
|
|
CWARNINGS =
|
|
|
|
diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in
|
|
index ae90616..4bc1256 100644
|
|
--- a/bin/pkcs11/Makefile.in
|
|
+++ b/bin/pkcs11/Makefile.in
|
|
@@ -15,13 +15,13 @@ top_srcdir = @top_srcdir@
|
|
|
|
@BIND9_MAKE_INCLUDES@
|
|
|
|
-CINCLUDES = ${ISC_INCLUDES}
|
|
+CINCLUDES = ${ISC_PKCS11_INCLUDES}
|
|
|
|
CDEFINES =
|
|
|
|
-ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
|
|
+ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@ @ISC_OPENSSL_LIBS@
|
|
|
|
-ISCDEPLIBS = ../../lib/isc/libisc.@A@
|
|
+ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
|
|
|
|
DEPLIBS = ${ISCDEPLIBS}
|
|
|
|
diff --git a/configure.in b/configure.in
|
|
index 9a1d16d..2f13059 100644
|
|
--- a/configure.in
|
|
+++ b/configure.in
|
|
@@ -1164,12 +1164,14 @@ AC_SUBST(USE_GSSAPI)
|
|
AC_SUBST(DST_GSSAPI_INC)
|
|
AC_SUBST(DNS_GSSAPI_LIBS)
|
|
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS"
|
|
+DNS_CRYPTO_PK11_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_PK11_LIBS"
|
|
|
|
#
|
|
# Applications linking with libdns also need to link with these libraries.
|
|
#
|
|
|
|
AC_SUBST(DNS_CRYPTO_LIBS)
|
|
+AC_SUBST(DNS_CRYPTO_PK11_LIBS)
|
|
|
|
#
|
|
# was --with-randomdev specified?
|
|
@@ -1554,11 +1556,11 @@ fi
|
|
AC_MSG_CHECKING(for OpenSSL library)
|
|
OPENSSL_WARNING=
|
|
openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw"
|
|
-if test "yes" = "$want_native_pkcs11"
|
|
-then
|
|
- use_openssl="native_pkcs11"
|
|
- AC_MSG_RESULT(use of native PKCS11 instead)
|
|
-fi
|
|
+# if test "yes" = "$want_native_pkcs11"
|
|
+# then
|
|
+# use_openssl="native_pkcs11"
|
|
+# AC_MSG_RESULT(use of native PKCS11 instead)
|
|
+# fi
|
|
|
|
if test "auto" = "$use_openssl"
|
|
then
|
|
@@ -1571,6 +1573,7 @@ then
|
|
fi
|
|
done
|
|
fi
|
|
+CRYPTO_PK11=""
|
|
OPENSSL_ECDSA=""
|
|
OPENSSL_GOST=""
|
|
OPENSSL_ED25519=""
|
|
@@ -1592,11 +1595,10 @@ case "$with_gost" in
|
|
;;
|
|
esac
|
|
|
|
-case "$use_openssl" in
|
|
- native_pkcs11)
|
|
- AC_MSG_RESULT(disabled because of native PKCS11)
|
|
+if test "$want_native_pkcs11" = "yes"
|
|
+then
|
|
DST_OPENSSL_INC=""
|
|
- CRYPTO="-DPKCS11CRYPTO"
|
|
+ CRYPTO_PK11="-DPKCS11CRYPTO"
|
|
OPENSSLECDSALINKOBJS=""
|
|
OPENSSLECDSALINKSRCS=""
|
|
OPENSSLEDDSALINKOBJS=""
|
|
@@ -1605,7 +1607,9 @@ case "$use_openssl" in
|
|
OPENSSLGOSTLINKSRCS=""
|
|
OPENSSLLINKOBJS=""
|
|
OPENSSLLINKSRCS=""
|
|
- ;;
|
|
+fi
|
|
+
|
|
+case "$use_openssl" in
|
|
no)
|
|
AC_MSG_RESULT(no)
|
|
DST_OPENSSL_INC=""
|
|
@@ -1635,11 +1639,11 @@ case "$use_openssl" in
|
|
If you don't want OpenSSL, use --without-openssl])
|
|
;;
|
|
*)
|
|
- if test "yes" = "$want_native_pkcs11"
|
|
- then
|
|
- AC_MSG_RESULT()
|
|
- AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
|
|
- fi
|
|
+ # if test "yes" = "$want_native_pkcs11"
|
|
+ # then
|
|
+ # AC_MSG_RESULT()
|
|
+ # AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
|
|
+ # fi
|
|
if test "yes" = "$use_openssl"
|
|
then
|
|
# User did not specify a path - guess it
|
|
@@ -2062,6 +2066,7 @@ AC_SUBST(OPENSSL_ED25519)
|
|
AC_SUBST(OPENSSL_GOST)
|
|
|
|
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
|
|
+DNS_CRYPTO_PK11_LIBS="$DNS_CRYPTO_LIBS"
|
|
|
|
ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
|
|
if test "yes" = "$with_aes"
|
|
@@ -2381,6 +2386,7 @@ esac
|
|
AC_SUBST(PKCS11LINKOBJS)
|
|
AC_SUBST(PKCS11LINKSRCS)
|
|
AC_SUBST(CRYPTO)
|
|
+AC_SUBST(CRYPTO_PK11)
|
|
AC_SUBST(PKCS11_ECDSA)
|
|
AC_SUBST(PKCS11_GOST)
|
|
AC_SUBST(PKCS11_ED25519)
|
|
@@ -5434,8 +5440,11 @@ AC_CONFIG_FILES([
|
|
bin/delv/Makefile
|
|
bin/dig/Makefile
|
|
bin/dnssec/Makefile
|
|
+ bin/dnssec-pkcs11/Makefile
|
|
bin/named/Makefile
|
|
bin/named/unix/Makefile
|
|
+ bin/named-pkcs11/Makefile
|
|
+ bin/named-pkcs11/unix/Makefile
|
|
bin/nsupdate/Makefile
|
|
bin/pkcs11/Makefile
|
|
bin/python/Makefile
|
|
@@ -5509,6 +5518,10 @@ AC_CONFIG_FILES([
|
|
lib/dns/include/dns/Makefile
|
|
lib/dns/include/dst/Makefile
|
|
lib/dns/tests/Makefile
|
|
+ lib/dns-pkcs11/Makefile
|
|
+ lib/dns-pkcs11/include/Makefile
|
|
+ lib/dns-pkcs11/include/dns/Makefile
|
|
+ lib/dns-pkcs11/include/dst/Makefile
|
|
lib/irs/Makefile
|
|
lib/irs/include/Makefile
|
|
lib/irs/include/irs/Makefile
|
|
@@ -5533,6 +5546,24 @@ AC_CONFIG_FILES([
|
|
lib/isc/unix/include/Makefile
|
|
lib/isc/unix/include/isc/Makefile
|
|
lib/isc/unix/include/pkcs11/Makefile
|
|
+ lib/isc-pkcs11/$arch/Makefile
|
|
+ lib/isc-pkcs11/$arch/include/Makefile
|
|
+ lib/isc-pkcs11/$arch/include/isc/Makefile
|
|
+ lib/isc-pkcs11/$thread_dir/Makefile
|
|
+ lib/isc-pkcs11/$thread_dir/include/Makefile
|
|
+ lib/isc-pkcs11/$thread_dir/include/isc/Makefile
|
|
+ lib/isc-pkcs11/Makefile
|
|
+ lib/isc-pkcs11/include/Makefile
|
|
+ lib/isc-pkcs11/include/isc/Makefile
|
|
+ lib/isc-pkcs11/include/isc/platform.h
|
|
+ lib/isc-pkcs11/include/pk11/Makefile
|
|
+ lib/isc-pkcs11/include/pkcs11/Makefile
|
|
+ lib/isc-pkcs11/tests/Makefile
|
|
+ lib/isc-pkcs11/nls/Makefile
|
|
+ lib/isc-pkcs11/unix/Makefile
|
|
+ lib/isc-pkcs11/unix/include/Makefile
|
|
+ lib/isc-pkcs11/unix/include/isc/Makefile
|
|
+ lib/isc-pkcs11/unix/include/pkcs11/Makefile
|
|
lib/isccc/Makefile
|
|
lib/isccc/include/Makefile
|
|
lib/isccc/include/isccc/Makefile
|
|
diff --git a/lib/Makefile.in b/lib/Makefile.in
|
|
index 81270a0..bcb5312 100644
|
|
--- a/lib/Makefile.in
|
|
+++ b/lib/Makefile.in
|
|
@@ -15,7 +15,7 @@ top_srcdir = @top_srcdir@
|
|
# Attempt to disable parallel processing.
|
|
.NOTPARALLEL:
|
|
.NO_PARALLEL:
|
|
-SUBDIRS = isc isccc dns isccfg bind9 lwres irs samples
|
|
+SUBDIRS = isc isc-pkcs11 isccc dns dns-pkcs11 isccfg bind9 lwres irs samples
|
|
TARGETS =
|
|
|
|
@BIND9_MAKE_RULES@
|
|
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
|
|
index 4a8549e..6a19906 100644
|
|
--- a/lib/dns-pkcs11/Makefile.in
|
|
+++ b/lib/dns-pkcs11/Makefile.in
|
|
@@ -26,16 +26,16 @@ VERSION=@BIND9_VERSION@
|
|
|
|
USE_ISC_SPNEGO = @USE_ISC_SPNEGO@
|
|
|
|
-CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
|
|
- ${ISC_INCLUDES} @DST_OPENSSL_INC@ @DST_GSSAPI_INC@
|
|
+CINCLUDES = -I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} \
|
|
+ ${ISC_PKCS11_INCLUDES} @DST_OPENSSL_INC@ @DST_GSSAPI_INC@
|
|
|
|
-CDEFINES = -DUSE_MD5 @CRYPTO@ @USE_GSSAPI@ ${USE_ISC_SPNEGO}
|
|
+CDEFINES = -DUSE_MD5 @CRYPTO_PK11@ @USE_GSSAPI@ ${USE_ISC_SPNEGO}
|
|
|
|
CWARNINGS =
|
|
|
|
-ISCLIBS = ../../lib/isc/libisc.@A@
|
|
+ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
|
|
|
|
-ISCDEPLIBS = ../../lib/isc/libisc.@A@
|
|
+ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
|
|
|
|
LIBS = @LIBS@
|
|
|
|
@@ -146,15 +146,15 @@ version.@O@: version.c
|
|
-DLIBAGE=${LIBAGE} \
|
|
-c ${srcdir}/version.c
|
|
|
|
-libdns.@SA@: ${OBJS}
|
|
+libdns-pkcs11.@SA@: ${OBJS}
|
|
${AR} ${ARFLAGS} $@ ${OBJS}
|
|
${RANLIB} $@
|
|
|
|
-libdns.la: ${OBJS}
|
|
+libdns-pkcs11.la: ${OBJS}
|
|
${LIBTOOL_MODE_LINK} \
|
|
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns.la -rpath ${libdir} \
|
|
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-pkcs11.la -rpath ${libdir} \
|
|
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
|
- ${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
|
|
+ ${OBJS} ${ISCLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS}
|
|
|
|
include: gen
|
|
${MAKE} include/dns/enumtype.h
|
|
@@ -180,25 +180,25 @@ code.h: gen
|
|
./gen -s ${srcdir} > code.h || { rm -f $@ ; exit 1; }
|
|
|
|
gen: gen.c
|
|
- ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
|
|
+ ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc-pkcs11/include \
|
|
${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
|
|
|
|
-timestamp: include libdns.@A@
|
|
+timestamp: include libdns-pkcs11.@A@
|
|
touch timestamp
|
|
|
|
-testdirs: libdns.@A@
|
|
+testdirs: libdns-pkcs11.@A@
|
|
|
|
installdirs:
|
|
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
|
|
|
|
install:: timestamp installdirs
|
|
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libdns.@A@ ${DESTDIR}${libdir}
|
|
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libdns-pkcs11.@A@ ${DESTDIR}${libdir}
|
|
|
|
uninstall::
|
|
- ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libdns.@A@
|
|
+ ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libdns-pkcs11.@A@
|
|
|
|
clean distclean::
|
|
- rm -f libdns.@A@ timestamp
|
|
+ rm -f libdns-pkcs11.@A@ timestamp
|
|
rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
|
|
rm -f include/dns/rdatastruct.h
|
|
rm -f dnstap.pb-c.c dnstap.pb-c.h include/dns/dnstap.pb-c.h
|
|
diff --git a/lib/isc-pkcs11/Makefile.in b/lib/isc-pkcs11/Makefile.in
|
|
index ba53ef1..d1f1771 100644
|
|
--- a/lib/isc-pkcs11/Makefile.in
|
|
+++ b/lib/isc-pkcs11/Makefile.in
|
|
@@ -23,8 +23,8 @@ CINCLUDES = -I${srcdir}/unix/include \
|
|
-I${srcdir}/@ISC_THREAD_DIR@/include \
|
|
-I${srcdir}/@ISC_ARCH_DIR@/include \
|
|
-I./include \
|
|
- -I${srcdir}/include ${DNS_INCLUDES} @ISC_OPENSSL_INC@
|
|
-CDEFINES = @CRYPTO@ -DPK11_LIB_LOCATION=\"${PROVIDER}\"
|
|
+ -I${srcdir}/include ${DNS_PKCS11_INCLUDES}
|
|
+CDEFINES = @CRYPTO_PK11@ -DPK11_LIB_LOCATION=\"${PROVIDER}\"
|
|
CWARNINGS =
|
|
|
|
# Alphabetically
|
|
@@ -107,40 +107,40 @@ version.@O@: version.c
|
|
-DLIBAGE=${LIBAGE} \
|
|
-c ${srcdir}/version.c
|
|
|
|
-libisc.@SA@: ${OBJS} ${SYMTBLOBJS}
|
|
+libisc-pkcs11.@SA@: ${OBJS} ${SYMTBLOBJS}
|
|
${AR} ${ARFLAGS} $@ ${OBJS} ${SYMTBLOBJS}
|
|
${RANLIB} $@
|
|
|
|
-libisc-nosymtbl.@SA@: ${OBJS}
|
|
+libisc-pkcs11-nosymtbl.@SA@: ${OBJS}
|
|
${AR} ${ARFLAGS} $@ ${OBJS}
|
|
${RANLIB} $@
|
|
|
|
-libisc.la: ${OBJS} ${SYMTBLOBJS}
|
|
+libisc-pkcs11.la: ${OBJS} ${SYMTBLOBJS}
|
|
${LIBTOOL_MODE_LINK} \
|
|
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc.la -rpath ${libdir} \
|
|
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-pkcs11.la -rpath ${libdir} \
|
|
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
|
${OBJS} ${SYMTBLOBJS} ${LIBS}
|
|
|
|
-libisc-nosymtbl.la: ${OBJS}
|
|
+libisc-pkcs11-nosymtbl.la: ${OBJS}
|
|
${LIBTOOL_MODE_LINK} \
|
|
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-nosymtbl.la -rpath ${libdir} \
|
|
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-pkcs11-nosymtbl.la -rpath ${libdir} \
|
|
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
|
${OBJS} ${LIBS}
|
|
|
|
-timestamp: libisc.@A@ libisc-nosymtbl.@A@
|
|
+timestamp: libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@
|
|
touch timestamp
|
|
|
|
-testdirs: libisc.@A@ libisc-nosymtbl.@A@
|
|
+testdirs: libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@
|
|
|
|
installdirs:
|
|
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
|
|
|
|
install:: timestamp installdirs
|
|
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libisc.@A@ ${DESTDIR}${libdir}
|
|
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libisc-pkcs11.@A@ ${DESTDIR}${libdir}
|
|
|
|
uninstall::
|
|
- ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libisc.@A@
|
|
+ ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libisc-pkcs11.@A@
|
|
|
|
clean distclean::
|
|
- rm -f libisc.@A@ libisc-nosymtbl.@A@ libisc.la \
|
|
- libisc-nosymtbl.la timestamp
|
|
+ rm -f libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@ libisc-pkcs11.la \
|
|
+ libisc-pkcs11-nosymtbl.la timestamp
|
|
diff --git a/make/includes.in b/make/includes.in
|
|
index fa86ad1..3cfbe9f 100644
|
|
--- a/make/includes.in
|
|
+++ b/make/includes.in
|
|
@@ -43,3 +43,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
|
|
|
|
TEST_INCLUDES = \
|
|
-I${top_srcdir}/lib/tests/include
|
|
+
|
|
+ISC_PKCS11_INCLUDES = @BIND9_ISC_BUILDINCLUDE@ \
|
|
+ -I${top_srcdir}/lib/isc-pkcs11 \
|
|
+ -I${top_srcdir}/lib/isc-pkcs11/include \
|
|
+ -I${top_srcdir}/lib/isc-pkcs11/unix/include \
|
|
+ -I${top_srcdir}/lib/isc-pkcs11/@ISC_THREAD_DIR@/include \
|
|
+ -I${top_srcdir}/lib/isc-pkcs11/@ISC_ARCH_DIR@/include
|
|
+
|
|
+DNS_PKCS11_INCLUDES = @BIND9_DNS_BUILDINCLUDE@ \
|
|
+ -I${top_srcdir}/lib/dns-pkcs11/include
|