svn commit: r484916 - in head/dns: bind911 bind911/files bind912 bind912/files
Mathieu Arnold
mat at FreeBSD.org
Wed Nov 14 10:12:00 UTC 2018
Author: mat
Date: Wed Nov 14 10:11:58 2018
New Revision: 484916
URL: https://svnweb.freebsd.org/changeset/ports/484916
Log:
Make sure gost is really disabled.
It may get picked up from the base OpenSSL and break startup.
While there, make sure the correct engines are used.
Reported by: Kevin P. Neal (on ports@)
Modified:
head/dns/bind911/Makefile (contents, props changed)
head/dns/bind911/files/named.in
head/dns/bind912/Makefile (contents, props changed)
head/dns/bind912/files/named.in
Modified: head/dns/bind911/Makefile
==============================================================================
--- head/dns/bind911/Makefile Wed Nov 14 09:30:23 2018 (r484915)
+++ head/dns/bind911/Makefile Wed Nov 14 10:11:58 2018 (r484916)
@@ -3,7 +3,7 @@
PORTNAME= bind
PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
-PORTREVISION= 0
+PORTREVISION= 1
CATEGORIES= dns net ipv6
MASTER_SITES= ISC/bind9/${ISCVERSION}
PKGNAMESUFFIX= 911
@@ -35,6 +35,7 @@ CONFIGURE_ARGS= --localstatedir=/var --disable-linux-c
--with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \
--with-dlopen=yes \
+ --with-gost=no \
--sysconfdir=${ETCDIR}
ETCDIR= ${PREFIX}/etc/namedb
@@ -190,6 +191,12 @@ TUNING_LARGE_CONFIGURE_ON= --with-tuning=large
TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk>
+
+.if ${SSL_DEFAULT} == base
+SUB_LIST+= ENGINES=/usr/lib/engines
+.else
+SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
+.endif
post-patch:
.for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \
Modified: head/dns/bind911/files/named.in
==============================================================================
--- head/dns/bind911/files/named.in Wed Nov 14 09:30:23 2018 (r484915)
+++ head/dns/bind911/files/named.in Wed Nov 14 10:11:58 2018 (r484916)
@@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}"
_named_confdirroot="${named_conf%/*}"
_named_confdir="${named_chrootdir}${_named_confdirroot}"
_named_program_root="${named_program%/sbin/named}"
-_openssl_engines="%%LOCALBASE%%/lib/engines"
+_openssl_engines="%%ENGINES%%"
# Needed if named.conf and rndc.conf are moved or if rndc.conf is used
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
@@ -143,12 +143,12 @@ chroot_autoupdate()
fi
fi
- # If OpenSSL from ports, then the engines should be present in the
- # chroot, named loads them after chrooting.
+ # The OpenSSL engines should be present in the chroot, named loads them
+ # after chrooting.
if [ -d ${_openssl_engines} ]; then
- # FIXME when 8.4 is gone see if
- # security.jail.param.allow.mount.nullfs can be used.
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then
mkdir -p ${named_chrootdir}${_openssl_engines}
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
Modified: head/dns/bind912/Makefile
==============================================================================
--- head/dns/bind912/Makefile Wed Nov 14 09:30:23 2018 (r484915)
+++ head/dns/bind912/Makefile Wed Nov 14 10:11:58 2018 (r484916)
@@ -8,7 +8,7 @@ PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc
PORTREVISION= 0
.else
# dns/bind912 here
-PORTREVISION= 0
+PORTREVISION= 1
.endif
CATEGORIES= dns net ipv6
MASTER_SITES= ISC/bind9/${ISCVERSION}
@@ -48,6 +48,7 @@ CONFIGURE_ARGS= --localstatedir=/var --disable-linux-c
--with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \
--with-dlopen=yes \
+ --with-gost=no \
--sysconfdir=${ETCDIR}
ETCDIR= ${PREFIX}/etc/namedb
@@ -209,6 +210,12 @@ TUNING_LARGE_CONFIGURE_ON= --with-tuning=large
TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk>
+
+.if ${SSL_DEFAULT} == base
+SUB_LIST+= ENGINES=/usr/lib/engines
+.else
+SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
+.endif
post-patch:
.if defined(BIND_TOOLS_SLAVE)
Modified: head/dns/bind912/files/named.in
==============================================================================
--- head/dns/bind912/files/named.in Wed Nov 14 09:30:23 2018 (r484915)
+++ head/dns/bind912/files/named.in Wed Nov 14 10:11:58 2018 (r484916)
@@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}"
_named_confdirroot="${named_conf%/*}"
_named_confdir="${named_chrootdir}${_named_confdirroot}"
_named_program_root="${named_program%/sbin/named}"
-_openssl_engines="%%LOCALBASE%%/lib/engines"
+_openssl_engines="%%ENGINES%%"
# Needed if named.conf and rndc.conf are moved or if rndc.conf is used
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
@@ -143,12 +143,12 @@ chroot_autoupdate()
fi
fi
- # If OpenSSL from ports, then the engines should be present in the
- # chroot, named loads them after chrooting.
+ # The OpenSSL engines should be present in the chroot, named loads them
+ # after chrooting.
if [ -d ${_openssl_engines} ]; then
- # FIXME when 8.4 is gone see if
- # security.jail.param.allow.mount.nullfs can be used.
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then
mkdir -p ${named_chrootdir}${_openssl_engines}
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
More information about the svn-ports-all
mailing list