sorry for the long saga
i was just trying to fix logging to syslog and beating my head against
the bricks. so i decided to back off, reinstall latest opendnssec and
softhsm2
rip.psg.com:# softhsm2-util --version
2.6.1
rip.psg.com:# ods-hsmutil -V
ods-hsmutil (opendnssec) version 2.1.6
softhsm2 build from source on github ok, and `make check` looks fine
PASS: p11test
============================================================================
Testsuite summary for SoftHSM 2.6.1
============================================================================
# TOTAL: 1
# PASS: 1
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
============================================================================
opendnssec from github will not `./configure`
checking for MHD_start_daemon... no
checking for MHD_start_daemon in -lmicrohttpd... no
configure: error: No libmicrohttpd found
but it is there
rip.psg.com:# pkg install libmicrohttpd
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
so what the heck, i installed opendnssec binary from freebsd packaged
ports
then i try `service opensndsec start` and it logs (in /var/log/messages)
Sep 22 00:37:46 rip p11test[87307]: SoftHSM.cpp(12412): pSourceData must be
NULL
Sep 22 00:37:46 rip syslogd: last message repeated 1 times
Sep 22 00:37:46 rip p11test[87307]: SoftHSM.cpp(12417): ulSourceDataLen
must be 0
Sep 22 00:37:46 rip p11test[87307]: SoftHSM.cpp(424): SoftHSM is already
initialized
Sep 22 00:37:46 rip p11test[87308]: SoftHSM.cpp(424): SoftHSM is already
initialized
Sep 22 00:37:46 rip p11test[87307]: SoftHSM.cpp(424): SoftHSM is already
initialized
Sep 22 00:37:46 rip p11test[87308]: SoftHSM.cpp(424): SoftHSM is already
initialized
Sep 22 00:37:52 rip sshd[87364]: Connection closed by 198.180.150.1 port
33930 [preauth]
Sep 22 00:39:46 rip sshd[87366]: Received disconnect from 222.186.42.213
port 49074:11: [preauth]
Sep 22 00:39:46 rip sshd[87366]: Disconnected from 222.186.42.213 port
49074 [preauth]
Sep 22 00:42:21 rip ods-enforcerd[87403]: [enforcer] updateZone Ready for
transition but key material not backed up yet (828ffdc5e29abf35fd7fe80f2a084f74)
Sep 22 00:42:21 rip ods-enforcerd[87403]: [enforcer] updateZone Ready for
transition but key material not backed up yet (b59053fb3c7d8a44398dc41a75d14752)
Sep 22 00:42:21 rip ods-enforcerd[87403]: [enforcer] updateZone Ready for
transition but key material not backed up yet (30bbc11085a0f77f0b55a38014926e5c)
Sep 22 00:42:21 rip ods-enforcerd[87403]: [enforcer] updateZone Ready for
transition but key material not backed up yet (86f107d6113605d7f09dc9747809332b)
Sep 22 00:42:21 rip ods-enforcerd[87403]: [enforcer] updateZone Ready for
transition but key material not backed up yet (d9b17ff1c8c52f8b21978097c69ca93e)
Sep 22 00:42:21 rip ods-enforcerd[87403]: [enforcer] updateZone Ready for
transition but key material not backed up yet (5b5ac7ce18f5d7e30f3520ee8bbfa840)
...
Sep 22 00:42:22 rip ods-signerd[87409]: [hsm] unable to get key: key
7b90031343fd902d993026f8ee7c7185 not found
Sep 22 00:42:22 rip ods-signerd[87409]: [hsm] hsm_get_dnskey(): Got NULL key
Sep 22 00:42:22 rip ods-signerd[87409]: [hsm] unable to get key: hsm failed
to create dnskey
Sep 22 00:42:22 rip ods-signerd[87409]: [zone] unable to publish dnskeys
for zone 0.0.0.0.b.e.d.0.1.0.0.2.ip6.arpa: error creating dnskey
Sep 22 00:42:22 rip ods-signerd[87409]: [tools] unable to read zone
0.0.0.0.b.e.d.0.1.0.0.2.ip6.arpa: failed to publish dnskeys (General error)
Sep 22 00:42:22 rip ods-signerd[87409]: CRITICAL: failed to sign zone
0.0.0.0.b.e.d.0.1.0.0.2.ip6.arpa: General error
so i google around and find
rip.psg.com:# ods-ksmutil backup prepare
-bash: ods-ksmutil: command not found
rip.psg.com:# find / -name ods-ksmutil
rip.psg.com:#
so i guess that was v1
where the heck do i go from here. i had a working opendnssec, wanted to
fix logging, and now ...
randy
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
