Re: UPDATE: security/opendnssec
On Thu, Feb 07, 2019 at 11:16:45AM +0100, Aham Brahmasmi wrote: > > > > [1]: https://blog.sigterm.se/posts/to-the-cloud-dns-edition/ > > Tack så mycket Patrik for that informative blog post. Could I request > you to please help me with my queries: > Since the question was posted to the list I'll include the list in this initial response, but any further discussion I will gladly take offlist to not disturb the work of the porters. > 1) Since the capability to run OpenBSD virtual machines is now present > in the base, would you still suggest running authoritative DNS in > "cloud" vs on VMs in on-premise/rented baremetal OpenBSD machines? I > ask this because I have trouble relying on cloud, and as I have learnt, > "free" in cloud usually translates to "you do not know how you pay". My reasons for running "in the cloud" are not based on a former lack of virtualization support in OpenBSD. More than anything else it is based on trying new things for fun, cost and the maintenance required to support your own infrastructure. Would you be better served by running your own infrastructure on bare metal? I can't really tell you that, as with so many other things "it depends". I agree there are trust issues involved with free services, so again, it depends on your needs. Sorry i don't have a more concrete answer :). > 2) Could you please elaborate on the custom built DNS server daemon? I > find that very interesting, especially when combined with OpenDNSSEC. > It is a minimal service written in go, there is some code here: https://github.com/eest/cds For production work I would probably not start out with building my own ServeMux implementation but rather use the default one. I did so here for the learning experience. The responses from that service are not signed at this point, so there is no correlation with OpenDNSSEC. -- Patrik Lundin
Re: UPDATE: security/opendnssec
Hi Patrik, Pavel, > On Sun, Dec 30, 2018 at 03:27:42PM +0100, Rafael Sadowski wrote: > > On Sun Nov 18, 2018 at 04:57:55PM +0300, Pavel Korovin wrote: > > > Dear all, > > > please find the update for the latest OpenDNSSEC attached. > > > Tested with sqlite3, softhsm/softhsm2 on amd64. > > > Also tested migration from v1.4 (enforcer database migration is > > > required for v2). Спасибо Pavel for the v2 port. If I may ask, are there any specific OpenBSD related things to keep in mind while running OpenDNSSec v2? I ask this because it appears that there are some changes in the architecture in this version. > > It seems I missed this work completely somehow, sorry about that! > > Nice to see you are working on both opendnssec and softhsm 2.x :). > > I am actually not running opendnssec any more[1], if you would like to > take over maintainership I would be fine with that. This goes for > softhsm 1.x as well. > > > > > Is there any howto to migrate from 1.4? A note or an howto/link to > > current.html would be nice! > > > > There is an official note about this here: > https://wiki.opendnssec.org/pages/viewpage.action?pageId=10125376#HowdoI...?-UpgradeOpenDNSSEC1.4.9toOpenDNSSEC2.0 > > -- > Patrik Lundin > > [1]: https://blog.sigterm.se/posts/to-the-cloud-dns-edition/ Tack så mycket Patrik for that informative blog post. Could I request you to please help me with my queries: 1) Since the capability to run OpenBSD virtual machines is now present in the base, would you still suggest running authoritative DNS in "cloud" vs on VMs in on-premise/rented baremetal OpenBSD machines? I ask this because I have trouble relying on cloud, and as I have learnt, "free" in cloud usually translates to "you do not know how you pay". 2) Could you please elaborate on the custom built DNS server daemon? I find that very interesting, especially when combined with OpenDNSSEC. Dhanyavaad. Regards, ab -|-|-|-|-|-|-|--
Re: UPDATE: security/opendnssec
On Thu Jan 24, 2019 at 05:29:34PM +0300, Pavel Korovin wrote: > Dear all, > Please find updated diff for the latest opendnssec attached. > Thanks to Rafael Sadowski for noticing the previous diff problem. > OK to commit? Portwise OK with me but I didn't run a runtime test. > > -- > With best regards, > Pavel Korovin > Index: Makefile > === > RCS file: /cvs/ports/security/opendnssec/Makefile,v > retrieving revision 1.15 > diff -u -p -r1.15 Makefile > --- Makefile 4 Sep 2018 12:46:21 - 1.15 > +++ Makefile 24 Jan 2019 14:17:19 - > @@ -2,27 +2,29 @@ > > COMMENT= open-source turn-key solution for DNSSEC > > -DISTNAME=opendnssec-1.4.14 > -REVISION=1 > +DISTNAME=opendnssec-2.1.3 > > CATEGORIES= security > > -HOMEPAGE=http://www.opendnssec.org/ > +HOMEPAGE=https://www.opendnssec.org/ > > -MAINTAINER= Patrik Lundin > +MAINTAINER= Pavel Korovin > > # BSD > PERMIT_PACKAGE_CDROM=Yes > > WANTLIB += c crypto iconv ldns lzma m pthread xml2 z > > -MASTER_SITES=http://dist.opendnssec.org/source/ > +MASTER_SITES=https://dist.opendnssec.org/source/ > + > +BUILD_DEPENDS= devel/cunit > > LIB_DEPENDS= converters/libiconv \ > net/ldns/libldns \ > textproc/libxml > > -TEST_DEPENDS=security/softhsm > +TEST_DEPENDS=${BUILD_DEPENDS} \ > + security/softhsm2 > > FAKE_FLAGS= sysconfdir=${PREFIX}/share/examples/opendnssec > > @@ -47,11 +49,52 @@ LIB_DEPENDS+= databases/mariadb > ERRORS+= "Fatal: mutually exclusive flavors: ${FLAVORS}" > .endif > > +SUBST_TARGETS= ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/README.md \ > + ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_{mysql,sqlite} \ > + ${WRKSRC}/enforcer/utils/convert_{mysql_to_sqlite,sqlite_to_mysql} \ > + ${WRKSRC}/contrib/ods-sequencer/ods-sequencer-submit.sh \ > + ${WRKSRC}/MIGRATION > + > +post-patch: > + ${SUBST_CMD} ${SUBST_TARGETS} > + > +# regress-db target doesn't currently work > +# > https://github.com/opendnssec/opendnssec/commit/6b1b0da4a7ba5ae658aca49a45a45be4867f6806 > +pre-test: > + sed -i 's/^check: regress-db/\#check: regress-db/' \ > + ${WRKSRC}/enforcer/src/db/test/Makefile > + > post-install: > - ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/opendnssec > - cd ${WRKSRC}; \ > - ${INSTALL_DATA} LICENSE ${PREFIX}/share/doc/opendnssec; \ > - ${INSTALL_DATA} plugins/simple-dnskey-mailer/simple-dnskey-mailer.sh \ > - ${PREFIX}/share/opendnssec > + sed -i 's,#!/bin/bash,#!/bin/sh,' \ > + ${WRKSRC}/contrib/ods-sequencer/ods-sequencer-submit.sh \ > + ${WRKSRC}/contrib/simple-dnskey-mailer/simple-dnskey-mailer.sh > + @find ${WRKSRC} -type f \ > + \( -name '*.beforesubst' -o -name '*.orig' \) -delete > + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/convert_mysql_to_sqlite \ > + ${PREFIX}/sbin/ods-convert_mysql_to_sqlite > + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/convert_sqlite_to_mysql \ > + ${PREFIX}/sbin/ods-convert_sqlite_to_mysql > + ${INSTALL_SCRIPT} > ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_mysql \ > + ${PREFIX}/sbin/ods-migrate-mysql > + ${INSTALL_SCRIPT} > ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_sqlite \ > + ${PREFIX}/sbin/ods-migrate-sqlite3 > + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/opendnssec/ > + ${INSTALL_DATA} ${WRKSRC}/{LICENSE,MIGRATION,NEWS} \ > + ${PREFIX}/share/doc/opendnssec/ > + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/README.md \ > + ${PREFIX}/share/doc/opendnssec/MIGRATE_1.4-2.0.md > + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/opendnssec/ods-sequencer/ > + ${INSTALL_DATA} ${WRKSRC}/contrib/ods-sequencer/* \ > + ${PREFIX}/share/examples/opendnssec/ods-sequencer/ > + ${INSTALL_DATA} > ${WRKSRC}/contrib/simple-dnskey-mailer/simple-dnskey-mailer.sh \ > + ${PREFIX}/share/examples/opendnssec/ > + ${INSTALL_DATA_DIR} ${PREFIX}/share/opendnssec/migration/ > + ${INSTALL_DATA} ${WRKSRC}/enforcer/src/db/schema.* > ${PREFIX}/share/opendnssec/ > + ${INSTALL_DATA} > ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/find_problematic_zones.sql \ > + ${PREFIX}/share/opendnssec/migration/ > + ${INSTALL_DATA} > ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/sqlite_convert.sql \ > + ${PREFIX}/share/opendnssec/migration/migrate-sqlite.sql > + ${INSTALL_DATA} > ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/mysql_convert.sql \ > + ${PREFIX}/share/opendnssec/migration/migrate-mysql.sql > > .include > Index: distinfo > === > RCS file: /cvs/ports/security/opendnssec/distinfo,v > retrieving revision 1.6 > diff -u -p -r1.6
Re: UPDATE: security/opendnssec
Dear all, Please find updated diff for the latest opendnssec attached. Thanks to Rafael Sadowski for noticing the previous diff problem. OK to commit? -- With best regards, Pavel Korovin Index: Makefile === RCS file: /cvs/ports/security/opendnssec/Makefile,v retrieving revision 1.15 diff -u -p -r1.15 Makefile --- Makefile4 Sep 2018 12:46:21 - 1.15 +++ Makefile24 Jan 2019 14:17:19 - @@ -2,27 +2,29 @@ COMMENT= open-source turn-key solution for DNSSEC -DISTNAME= opendnssec-1.4.14 -REVISION= 1 +DISTNAME= opendnssec-2.1.3 CATEGORIES=security -HOMEPAGE= http://www.opendnssec.org/ +HOMEPAGE= https://www.opendnssec.org/ -MAINTAINER=Patrik Lundin +MAINTAINER=Pavel Korovin # BSD PERMIT_PACKAGE_CDROM= Yes WANTLIB += c crypto iconv ldns lzma m pthread xml2 z -MASTER_SITES= http://dist.opendnssec.org/source/ +MASTER_SITES= https://dist.opendnssec.org/source/ + +BUILD_DEPENDS= devel/cunit LIB_DEPENDS= converters/libiconv \ net/ldns/libldns \ textproc/libxml -TEST_DEPENDS= security/softhsm +TEST_DEPENDS= ${BUILD_DEPENDS} \ + security/softhsm2 FAKE_FLAGS=sysconfdir=${PREFIX}/share/examples/opendnssec @@ -47,11 +49,52 @@ LIB_DEPENDS+= databases/mariadb ERRORS+= "Fatal: mutually exclusive flavors: ${FLAVORS}" .endif +SUBST_TARGETS= ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/README.md \ + ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_{mysql,sqlite} \ + ${WRKSRC}/enforcer/utils/convert_{mysql_to_sqlite,sqlite_to_mysql} \ + ${WRKSRC}/contrib/ods-sequencer/ods-sequencer-submit.sh \ + ${WRKSRC}/MIGRATION + +post-patch: + ${SUBST_CMD} ${SUBST_TARGETS} + +# regress-db target doesn't currently work +# https://github.com/opendnssec/opendnssec/commit/6b1b0da4a7ba5ae658aca49a45a45be4867f6806 +pre-test: + sed -i 's/^check: regress-db/\#check: regress-db/' \ + ${WRKSRC}/enforcer/src/db/test/Makefile + post-install: - ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/opendnssec - cd ${WRKSRC}; \ - ${INSTALL_DATA} LICENSE ${PREFIX}/share/doc/opendnssec; \ - ${INSTALL_DATA} plugins/simple-dnskey-mailer/simple-dnskey-mailer.sh \ - ${PREFIX}/share/opendnssec + sed -i 's,#!/bin/bash,#!/bin/sh,' \ + ${WRKSRC}/contrib/ods-sequencer/ods-sequencer-submit.sh \ + ${WRKSRC}/contrib/simple-dnskey-mailer/simple-dnskey-mailer.sh + @find ${WRKSRC} -type f \ + \( -name '*.beforesubst' -o -name '*.orig' \) -delete + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/convert_mysql_to_sqlite \ + ${PREFIX}/sbin/ods-convert_mysql_to_sqlite + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/convert_sqlite_to_mysql \ + ${PREFIX}/sbin/ods-convert_sqlite_to_mysql + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_mysql \ + ${PREFIX}/sbin/ods-migrate-mysql + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_sqlite \ + ${PREFIX}/sbin/ods-migrate-sqlite3 + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/opendnssec/ + ${INSTALL_DATA} ${WRKSRC}/{LICENSE,MIGRATION,NEWS} \ + ${PREFIX}/share/doc/opendnssec/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/README.md \ + ${PREFIX}/share/doc/opendnssec/MIGRATE_1.4-2.0.md + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/opendnssec/ods-sequencer/ + ${INSTALL_DATA} ${WRKSRC}/contrib/ods-sequencer/* \ + ${PREFIX}/share/examples/opendnssec/ods-sequencer/ + ${INSTALL_DATA} ${WRKSRC}/contrib/simple-dnskey-mailer/simple-dnskey-mailer.sh \ + ${PREFIX}/share/examples/opendnssec/ + ${INSTALL_DATA_DIR} ${PREFIX}/share/opendnssec/migration/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/src/db/schema.* ${PREFIX}/share/opendnssec/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/find_problematic_zones.sql \ + ${PREFIX}/share/opendnssec/migration/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/sqlite_convert.sql \ + ${PREFIX}/share/opendnssec/migration/migrate-sqlite.sql + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/mysql_convert.sql \ + ${PREFIX}/share/opendnssec/migration/migrate-mysql.sql .include Index: distinfo === RCS file: /cvs/ports/security/opendnssec/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- distinfo10 Jul 2017 18:12:05 - 1.6 +++ distinfo24 Jan 2019 14:17:19 - @@ -1,2 +1,2 @@ -SHA256 (opendnssec-1.4.14.tar.gz) = 4cQexbxhdiM7LZT09PcD51h7rmdgdkqxvvA88QvR3N8= -SIZE (opendnssec-1.4.14.tar.gz) = 1037188 +SHA256 (opendnssec-2.1.3.tar.gz) = Pe
Re: UPDATE: security/opendnssec
Dear all, Please find updated diff for the latest opendnssec attached. Added /var/run/opendnssec/ creation to rc script. Waiting for OK's to commit. On 01/18, Pavel Korovin wrote: > Dear all, > Please see the fixed patch for the latest opendnssec + > patch for www/faq/current.html > > Took the maintainership (OK'd by maintainer Patrik Lundin), switched > HOMEPAGE/MASTER_SITES to https as suggested by Rafael Sadowski, fixed > package docs dir in pkg README. > Looking for OK's to commit. -- With best regards, Pavel Korovin Index: Makefile === RCS file: /cvs/ports/security/opendnssec/Makefile,v retrieving revision 1.15 diff -u -p -r1.15 Makefile --- Makefile4 Sep 2018 12:46:21 - 1.15 +++ Makefile21 Jan 2019 08:07:49 - @@ -2,27 +2,29 @@ COMMENT= open-source turn-key solution for DNSSEC -DISTNAME= opendnssec-1.4.14 -REVISION= 1 +DISTNAME= opendnssec-2.1.3 CATEGORIES=security -HOMEPAGE= http://www.opendnssec.org/ +HOMEPAGE= https://www.opendnssec.org/ -MAINTAINER=Patrik Lundin +MAINTAINER=Pavel Korovin # BSD PERMIT_PACKAGE_CDROM= Yes WANTLIB += c crypto iconv ldns lzma m pthread xml2 z -MASTER_SITES= http://dist.opendnssec.org/source/ +MASTER_SITES= https://dist.opendnssec.org/source/ + +BUILD_DEPENDS= devel/cunit LIB_DEPENDS= converters/libiconv \ net/ldns/libldns \ textproc/libxml -TEST_DEPENDS= security/softhsm +TEST_DEPENDS= ${BUILD_DEPENDS} \ + security/softhsm2 FAKE_FLAGS=sysconfdir=${PREFIX}/share/examples/opendnssec @@ -47,11 +49,52 @@ LIB_DEPENDS+= databases/mariadb ERRORS+= "Fatal: mutually exclusive flavors: ${FLAVORS}" .endif +SUBST_TARGETS= ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/README.md \ + ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_{mysql,sqlite} \ + ${WRKSRC}/enforcer/utils/convert_{mysql_to_sqlite,sqlite_to_mysql} \ + ${WRKSRC}/contrib/ods-sequencer/ods-sequencer-submit.sh \ + ${WRKSRC}/MIGRATION + +post-patch: + ${SUBST_CMD} ${SUBST_TARGETS} + +# regress-db target doesn't currently work +# https://github.com/opendnssec/opendnssec/commit/6b1b0da4a7ba5ae658aca49a45a45be4867f6806 +pre-test: + sed -i 's/^check: regress-db/\#check: regress-db/' \ + ${WRKSRC}/enforcer/src/db/test/Makefile + post-install: - ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/opendnssec - cd ${WRKSRC}; \ - ${INSTALL_DATA} LICENSE ${PREFIX}/share/doc/opendnssec; \ - ${INSTALL_DATA} plugins/simple-dnskey-mailer/simple-dnskey-mailer.sh \ - ${PREFIX}/share/opendnssec + sed -i 's,#!/bin/bash,#!/bin/sh,' \ + ${WRKSRC}/contrib/ods-sequencer/ods-sequencer-submit.sh \ + ${WRKSRC}/contrib/simple-dnskey-mailer/simple-dnskey-mailer.sh + @find ${WRKSRC} -type f \ + \( -name '*.beforesubst' -o -name '*.orig' \) -delete + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/convert_mysql_to_sqlite \ + ${PREFIX}/sbin/ods-convert_mysql_to_sqlite + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/convert_sqlite_to_mysql \ + ${PREFIX}/sbin/ods-convert_sqlite_to_mysql + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_mysql \ + ${PREFIX}/sbin/ods-migrate-mysql + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_sqlite \ + ${PREFIX}/sbin/ods-migrate-sqlite3 + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/opendnssec/ + ${INSTALL_DATA} ${WRKSRC}/{LICENSE,MIGRATION,NEWS} \ + ${PREFIX}/share/doc/opendnssec/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/README.md \ + ${PREFIX}/share/doc/opendnssec/MIGRATE_1.4-2.0.md + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/opendnssec/ods-sequencer/ + ${INSTALL_DATA} ${WRKSRC}/contrib/ods-sequencer/* \ + ${PREFIX}/share/examples/opendnssec/ods-sequencer/ + ${INSTALL_DATA} ${WRKSRC}/contrib/simple-dnskey-mailer/simple-dnskey-mailer.sh \ + ${PREFIX}/share/examples/opendnssec/ + ${INSTALL_DATA_DIR} ${PREFIX}/share/opendnssec/migration/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/src/db/schema.* ${PREFIX}/share/opendnssec/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/find_problematic_zones.sql \ + ${PREFIX}/share/opendnssec/migration/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/sqlite_convert.sql \ + ${PREFIX}/share/opendnssec/migration/migrate-sqlite.sql + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/mysql_convert.sql \ + ${PREFIX}/share/opendnssec/migration/migrate-mysql.sql .include Index: distinfo === RCS file: /cvs/ports/security/open
Re: UPDATE: security/opendnssec
Dear all, Please see the fixed patch for the latest opendnssec + patch for www/faq/current.html Took the maintainership (OK'd by maintainer Patrik Lundin), switched HOMEPAGE/MASTER_SITES to https as suggested by Rafael Sadowski, fixed package docs dir in pkg README. Looking for OK's to commit. -- With best regards, Pavel Korovin Index: Makefile === RCS file: /cvs/ports/security/opendnssec/Makefile,v retrieving revision 1.15 diff -u -p -r1.15 Makefile --- Makefile4 Sep 2018 12:46:21 - 1.15 +++ Makefile18 Jan 2019 20:19:49 - @@ -2,27 +2,29 @@ COMMENT= open-source turn-key solution for DNSSEC -DISTNAME= opendnssec-1.4.14 -REVISION= 1 +DISTNAME= opendnssec-2.1.3 CATEGORIES=security -HOMEPAGE= http://www.opendnssec.org/ +HOMEPAGE= https://www.opendnssec.org/ -MAINTAINER=Patrik Lundin +MAINTAINER=Pavel Korovin # BSD PERMIT_PACKAGE_CDROM= Yes WANTLIB += c crypto iconv ldns lzma m pthread xml2 z -MASTER_SITES= http://dist.opendnssec.org/source/ +MASTER_SITES= https://dist.opendnssec.org/source/ + +BUILD_DEPENDS= devel/cunit LIB_DEPENDS= converters/libiconv \ net/ldns/libldns \ textproc/libxml -TEST_DEPENDS= security/softhsm +TEST_DEPENDS= ${BUILD_DEPENDS} \ + security/softhsm2 FAKE_FLAGS=sysconfdir=${PREFIX}/share/examples/opendnssec @@ -47,11 +49,52 @@ LIB_DEPENDS+= databases/mariadb ERRORS+= "Fatal: mutually exclusive flavors: ${FLAVORS}" .endif +SUBST_TARGETS= ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/README.md \ + ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_{mysql,sqlite} \ + ${WRKSRC}/enforcer/utils/convert_{mysql_to_sqlite,sqlite_to_mysql} \ + ${WRKSRC}/contrib/ods-sequencer/ods-sequencer-submit.sh \ + ${WRKSRC}/MIGRATION + +post-patch: + ${SUBST_CMD} ${SUBST_TARGETS} + +# regress-db target doesn't currently work +# https://github.com/opendnssec/opendnssec/commit/6b1b0da4a7ba5ae658aca49a45a45be4867f6806 +pre-test: + sed -i 's/^check: regress-db/\#check: regress-db/' \ + ${WRKSRC}/enforcer/src/db/test/Makefile + post-install: - ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/opendnssec - cd ${WRKSRC}; \ - ${INSTALL_DATA} LICENSE ${PREFIX}/share/doc/opendnssec; \ - ${INSTALL_DATA} plugins/simple-dnskey-mailer/simple-dnskey-mailer.sh \ - ${PREFIX}/share/opendnssec + sed -i 's,#!/bin/bash,#!/bin/sh,' \ + ${WRKSRC}/contrib/ods-sequencer/ods-sequencer-submit.sh \ + ${WRKSRC}/contrib/simple-dnskey-mailer/simple-dnskey-mailer.sh + @find ${WRKSRC} -type f \ + \( -name '*.beforesubst' -o -name '*.orig' \) -delete + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/convert_mysql_to_sqlite \ + ${PREFIX}/sbin/ods-convert_mysql_to_sqlite + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/convert_sqlite_to_mysql \ + ${PREFIX}/sbin/ods-convert_sqlite_to_mysql + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_mysql \ + ${PREFIX}/sbin/ods-migrate-mysql + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_sqlite \ + ${PREFIX}/sbin/ods-migrate-sqlite3 + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/opendnssec/ + ${INSTALL_DATA} ${WRKSRC}/{LICENSE,MIGRATION,NEWS} \ + ${PREFIX}/share/doc/opendnssec/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/README.md \ + ${PREFIX}/share/doc/opendnssec/MIGRATE_1.4-2.0.md + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/opendnssec/ods-sequencer/ + ${INSTALL_DATA} ${WRKSRC}/contrib/ods-sequencer/* \ + ${PREFIX}/share/examples/opendnssec/ods-sequencer/ + ${INSTALL_DATA} ${WRKSRC}/contrib/simple-dnskey-mailer/simple-dnskey-mailer.sh \ + ${PREFIX}/share/examples/opendnssec/ + ${INSTALL_DATA_DIR} ${PREFIX}/share/opendnssec/migration/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/src/db/schema.* ${PREFIX}/share/opendnssec/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/find_problematic_zones.sql \ + ${PREFIX}/share/opendnssec/migration/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/sqlite_convert.sql \ + ${PREFIX}/share/opendnssec/migration/migrate-sqlite.sql + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/mysql_convert.sql \ + ${PREFIX}/share/opendnssec/migration/migrate-mysql.sql .include Index: distinfo === RCS file: /cvs/ports/security/opendnssec/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- distinfo10 Jul 2017 18:12:05 - 1.6 +++ distinfo18 Jan 2019 20:19:49 - @@ -1,2 +1,2 @@ -SHA256 (opendnssec
Re: UPDATE: security/opendnssec
Patrik, Rafael, thank you for review! Should I consider it as OK for update/take maintainership? I have it running for few months, the port requires some final polishing (e.g. fixing port's docs directory name in the README), but I think it's stable enough to update. -- With best regards, Pavel Korovin On 01/12, Patrik Lundin wrote: > On Sun, Dec 30, 2018 at 03:27:42PM +0100, Rafael Sadowski wrote: > > On Sun Nov 18, 2018 at 04:57:55PM +0300, Pavel Korovin wrote: > > > Dear all, > > > please find the update for the latest OpenDNSSEC attached. > > > Tested with sqlite3, softhsm/softhsm2 on amd64. > > > Also tested migration from v1.4 (enforcer database migration is > > > required for v2). > > > > It seems I missed this work completely somehow, sorry about that! > > Nice to see you are working on both opendnssec and softhsm 2.x :). > > I am actually not running opendnssec any more[1], if you would like to > take over maintainership I would be fine with that. This goes for > softhsm 1.x as well. > > > > > Is there any howto to migrate from 1.4? A note or an howto/link to > > current.html would be nice! > > > > There is an official note about this here: > https://wiki.opendnssec.org/pages/viewpage.action?pageId=10125376#HowdoI...?-UpgradeOpenDNSSEC1.4.9toOpenDNSSEC2.0 > > -- > Patrik Lundin > > [1]: https://blog.sigterm.se/posts/to-the-cloud-dns-edition/
Re: UPDATE: security/opendnssec
On Sun, Dec 30, 2018 at 03:27:42PM +0100, Rafael Sadowski wrote: > On Sun Nov 18, 2018 at 04:57:55PM +0300, Pavel Korovin wrote: > > Dear all, > > please find the update for the latest OpenDNSSEC attached. > > Tested with sqlite3, softhsm/softhsm2 on amd64. > > Also tested migration from v1.4 (enforcer database migration is > > required for v2). > It seems I missed this work completely somehow, sorry about that! Nice to see you are working on both opendnssec and softhsm 2.x :). I am actually not running opendnssec any more[1], if you would like to take over maintainership I would be fine with that. This goes for softhsm 1.x as well. > > Is there any howto to migrate from 1.4? A note or an howto/link to > current.html would be nice! > There is an official note about this here: https://wiki.opendnssec.org/pages/viewpage.action?pageId=10125376#HowdoI...?-UpgradeOpenDNSSEC1.4.9toOpenDNSSEC2.0 -- Patrik Lundin [1]: https://blog.sigterm.se/posts/to-the-cloud-dns-edition/
Re: UPDATE: security/opendnssec
On Sun Nov 18, 2018 at 04:57:55PM +0300, Pavel Korovin wrote: > Dear all, > please find the update for the latest OpenDNSSEC attached. > Tested with sqlite3, softhsm/softhsm2 on amd64. > Also tested migration from v1.4 (enforcer database migration is > required for v2). Is there any howto to migrate from 1.4? A note or an howto/link to current.html would be nice! Please switch to https otherwise the port is okay. Rafael Sadowski > Didn't test mysql flavor. > > -- > With best regards, > Pavel Korovin > Index: Makefile > === > RCS file: /cvs/ports/security/opendnssec/Makefile,v > retrieving revision 1.15 > diff -u -p -r1.15 Makefile > --- Makefile 4 Sep 2018 12:46:21 - 1.15 > +++ Makefile 18 Nov 2018 13:42:52 - > @@ -2,8 +2,7 @@ > > COMMENT= open-source turn-key solution for DNSSEC > > -DISTNAME=opendnssec-1.4.14 > -REVISION=1 > +DISTNAME=opendnssec-2.1.3 > > CATEGORIES= security > > @@ -18,11 +17,14 @@ WANTLIB += c crypto iconv ldns lzma m pt > > MASTER_SITES=http://dist.opendnssec.org/source/ > > +BUILD_DEPENDS= devel/cunit > + > LIB_DEPENDS= converters/libiconv \ > net/ldns/libldns \ > textproc/libxml > > -TEST_DEPENDS=security/softhsm > +TEST_DEPENDS=${BUILD_DEPENDS} \ > + security/softhsm2 > > FAKE_FLAGS= sysconfdir=${PREFIX}/share/examples/opendnssec > > @@ -47,11 +49,52 @@ LIB_DEPENDS+= databases/mariadb > ERRORS+= "Fatal: mutually exclusive flavors: ${FLAVORS}" > .endif > > +SUBST_TARGETS= ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/README.md \ > + ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_{mysql,sqlite} \ > + ${WRKSRC}/enforcer/utils/convert_{mysql_to_sqlite,sqlite_to_mysql} \ > + ${WRKSRC}/contrib/ods-sequencer/ods-sequencer-submit.sh \ > + ${WRKSRC}/MIGRATION > + > +post-patch: > + ${SUBST_CMD} ${SUBST_TARGETS} > + > +# regress-db target doesn't currently work > +# > https://github.com/opendnssec/opendnssec/commit/6b1b0da4a7ba5ae658aca49a45a45be4867f6806 > +pre-test: > + sed -i 's/^check: regress-db/\#check: regress-db/' \ > + ${WRKSRC}/enforcer/src/db/test/Makefile > + > post-install: > - ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/opendnssec > - cd ${WRKSRC}; \ > - ${INSTALL_DATA} LICENSE ${PREFIX}/share/doc/opendnssec; \ > - ${INSTALL_DATA} plugins/simple-dnskey-mailer/simple-dnskey-mailer.sh \ > - ${PREFIX}/share/opendnssec > + sed -i 's,#!/bin/bash,#!/bin/sh,' \ > + ${WRKSRC}/contrib/ods-sequencer/ods-sequencer-submit.sh \ > + ${WRKSRC}/contrib/simple-dnskey-mailer/simple-dnskey-mailer.sh > + @find ${WRKSRC} -type f \ > + \( -name '*.beforesubst' -o -name '*.orig' \) -delete > + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/convert_mysql_to_sqlite \ > + ${PREFIX}/sbin/ods-convert_mysql_to_sqlite > + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/convert_sqlite_to_mysql \ > + ${PREFIX}/sbin/ods-convert_sqlite_to_mysql > + ${INSTALL_SCRIPT} > ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_mysql \ > + ${PREFIX}/sbin/ods-migrate-mysql > + ${INSTALL_SCRIPT} > ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_sqlite \ > + ${PREFIX}/sbin/ods-migrate-sqlite3 > + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/opendnssec/ > + ${INSTALL_DATA} ${WRKSRC}/{LICENSE,MIGRATION,NEWS} \ > + ${PREFIX}/share/doc/opendnssec/ > + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/README.md \ > + ${PREFIX}/share/doc/opendnssec/MIGRATE_1.4-2.0.md > + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/opendnssec/ods-sequencer/ > + ${INSTALL_DATA} ${WRKSRC}/contrib/ods-sequencer/* \ > + ${PREFIX}/share/examples/opendnssec/ods-sequencer/ > + ${INSTALL_DATA} > ${WRKSRC}/contrib/simple-dnskey-mailer/simple-dnskey-mailer.sh \ > + ${PREFIX}/share/examples/opendnssec/ > + ${INSTALL_DATA_DIR} ${PREFIX}/share/opendnssec/migration/ > + ${INSTALL_DATA} ${WRKSRC}/enforcer/src/db/schema.* > ${PREFIX}/share/opendnssec/ > + ${INSTALL_DATA} > ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/find_problematic_zones.sql \ > + ${PREFIX}/share/opendnssec/migration/ > + ${INSTALL_DATA} > ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/sqlite_convert.sql \ > + ${PREFIX}/share/opendnssec/migration/migrate-sqlite.sql > + ${INSTALL_DATA} > ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/mysql_convert.sql \ > + ${PREFIX}/share/opendnssec/migration/migrate-mysql.sql > > .include > Index: distinfo > === > RCS file: /cvs/ports/security/opendnssec/distinfo,v > retrieving revision 1.6 > diff -u -p -r1.6 distinfo > --- distinfo 10 Jul 2017 18:12:05 - 1.6 > +++ disti
Re: UPDATE: security/opendnssec
Anybody? OK to commit? -- With best regards, Pavel Korovin
UPDATE: security/opendnssec
Dear all, please find the update for the latest OpenDNSSEC attached. Tested with sqlite3, softhsm/softhsm2 on amd64. Also tested migration from v1.4 (enforcer database migration is required for v2). Didn't test mysql flavor. -- With best regards, Pavel Korovin Index: Makefile === RCS file: /cvs/ports/security/opendnssec/Makefile,v retrieving revision 1.15 diff -u -p -r1.15 Makefile --- Makefile4 Sep 2018 12:46:21 - 1.15 +++ Makefile18 Nov 2018 13:42:52 - @@ -2,8 +2,7 @@ COMMENT= open-source turn-key solution for DNSSEC -DISTNAME= opendnssec-1.4.14 -REVISION= 1 +DISTNAME= opendnssec-2.1.3 CATEGORIES=security @@ -18,11 +17,14 @@ WANTLIB += c crypto iconv ldns lzma m pt MASTER_SITES= http://dist.opendnssec.org/source/ +BUILD_DEPENDS= devel/cunit + LIB_DEPENDS= converters/libiconv \ net/ldns/libldns \ textproc/libxml -TEST_DEPENDS= security/softhsm +TEST_DEPENDS= ${BUILD_DEPENDS} \ + security/softhsm2 FAKE_FLAGS=sysconfdir=${PREFIX}/share/examples/opendnssec @@ -47,11 +49,52 @@ LIB_DEPENDS+= databases/mariadb ERRORS+= "Fatal: mutually exclusive flavors: ${FLAVORS}" .endif +SUBST_TARGETS= ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/README.md \ + ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_{mysql,sqlite} \ + ${WRKSRC}/enforcer/utils/convert_{mysql_to_sqlite,sqlite_to_mysql} \ + ${WRKSRC}/contrib/ods-sequencer/ods-sequencer-submit.sh \ + ${WRKSRC}/MIGRATION + +post-patch: + ${SUBST_CMD} ${SUBST_TARGETS} + +# regress-db target doesn't currently work +# https://github.com/opendnssec/opendnssec/commit/6b1b0da4a7ba5ae658aca49a45a45be4867f6806 +pre-test: + sed -i 's/^check: regress-db/\#check: regress-db/' \ + ${WRKSRC}/enforcer/src/db/test/Makefile + post-install: - ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/opendnssec - cd ${WRKSRC}; \ - ${INSTALL_DATA} LICENSE ${PREFIX}/share/doc/opendnssec; \ - ${INSTALL_DATA} plugins/simple-dnskey-mailer/simple-dnskey-mailer.sh \ - ${PREFIX}/share/opendnssec + sed -i 's,#!/bin/bash,#!/bin/sh,' \ + ${WRKSRC}/contrib/ods-sequencer/ods-sequencer-submit.sh \ + ${WRKSRC}/contrib/simple-dnskey-mailer/simple-dnskey-mailer.sh + @find ${WRKSRC} -type f \ + \( -name '*.beforesubst' -o -name '*.orig' \) -delete + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/convert_mysql_to_sqlite \ + ${PREFIX}/sbin/ods-convert_mysql_to_sqlite + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/convert_sqlite_to_mysql \ + ${PREFIX}/sbin/ods-convert_sqlite_to_mysql + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_mysql \ + ${PREFIX}/sbin/ods-migrate-mysql + ${INSTALL_SCRIPT} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/convert_sqlite \ + ${PREFIX}/sbin/ods-migrate-sqlite3 + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/opendnssec/ + ${INSTALL_DATA} ${WRKSRC}/{LICENSE,MIGRATION,NEWS} \ + ${PREFIX}/share/doc/opendnssec/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/README.md \ + ${PREFIX}/share/doc/opendnssec/MIGRATE_1.4-2.0.md + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/opendnssec/ods-sequencer/ + ${INSTALL_DATA} ${WRKSRC}/contrib/ods-sequencer/* \ + ${PREFIX}/share/examples/opendnssec/ods-sequencer/ + ${INSTALL_DATA} ${WRKSRC}/contrib/simple-dnskey-mailer/simple-dnskey-mailer.sh \ + ${PREFIX}/share/examples/opendnssec/ + ${INSTALL_DATA_DIR} ${PREFIX}/share/opendnssec/migration/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/src/db/schema.* ${PREFIX}/share/opendnssec/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/find_problematic_zones.sql \ + ${PREFIX}/share/opendnssec/migration/ + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/sqlite_convert.sql \ + ${PREFIX}/share/opendnssec/migration/migrate-sqlite.sql + ${INSTALL_DATA} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/mysql_convert.sql \ + ${PREFIX}/share/opendnssec/migration/migrate-mysql.sql .include Index: distinfo === RCS file: /cvs/ports/security/opendnssec/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- distinfo10 Jul 2017 18:12:05 - 1.6 +++ distinfo18 Nov 2018 13:42:52 - @@ -1,2 +1,2 @@ -SHA256 (opendnssec-1.4.14.tar.gz) = 4cQexbxhdiM7LZT09PcD51h7rmdgdkqxvvA88QvR3N8= -SIZE (opendnssec-1.4.14.tar.gz) = 1037188 +SHA256 (opendnssec-2.1.3.tar.gz) = PeKgPtyeK4w2a/CrVBAE+YR3fUgTBXy7p6eARdjL/n4= +SIZE (opendnssec-2.1.3.tar.gz) = 1107073 Index: patches/patch-MIGRATION ===