se the default one. I did so here for the
learning experience.
The responses from that service are not signed at this point, so there
is no correlation with OpenDNSSEC.
--
Patrik Lundin
org/pages/viewpage.action?pageId=10125376#HowdoI...?-UpgradeOpenDNSSEC1.4.9toOpenDNSSEC2.0
--
Patrik Lundin
[1]: https://blog.sigterm.se/posts/to-the-cloud-dns-edition/
On Sun, Aug 27, 2017 at 11:19:44AM +0100, Stuart Henderson wrote:
> On 2017/08/27 12:07, Patrik Lundin wrote:
> > On Sat, Aug 12, 2017 at 11:39:14PM +0200, Patrik Lundin wrote:
> > >
> > > Since there have been no further feedback, is there a chance the latest
On Sat, Aug 12, 2017 at 11:39:14PM +0200, Patrik Lundin wrote:
>
> Since there have been no further feedback, is there a chance the latest
> diff can get commited?
>
Ping.
--
Patrik Lundin
On Thu, Aug 03, 2017 at 10:24:00PM +0200, Patrik Lundin wrote:
>
> Thanks for spotting that. New diff against fresh ports tree below (and
> now portcheck is happy as well).
>
Since there have been no further feedback, is there a chance the latest
diff can get commited?
--
Patrik Lundin
m/isc-projects/kea/pull/53
I dont feel that warrants a port patch though as I don't think the
outcome matters on OpenBSD.
--
Patrik Lundin
Index: Makefile
===
RCS file: /cvs/ports/net/kea/Makefile,v
retrieving revision
by me, so I am unsure what the correct
solution is. Here is the output of the requested port-lib-depends-check:
===
# make port-lib-depends-check
kea-1.2.0(net/kea):
Extra: stdc++.57
===
Any input on this?
--
Patrik Lundin
Index: Makefile
==
On Sun, Jul 02, 2017 at 12:00:08PM +0200, Patrik Lundin wrote:
> Hello,
>
> Below is an update of security/opendnssec to 1.4.14.
> From https://www.opendnssec.org/:
> ===
> Bugs Fixed
> * OPENDNSSEC-888: Fix up MySQL<->SQLite3 database conversion script.
>
the same parameters. This would prevent KSK rollovers.
* OPENDNSSEC-890: Bogus signatures on mismatching TTLs within the same
RRset.
===
--
Patrik Lundin
Index: Makefile
===
RCS file: /cvs/ports/security/opendnssec/Makefile,v
r
On Tue, Feb 07, 2017 at 07:12:57PM +0100, Patrik Lundin wrote:
> On Sun, Jan 22, 2017 at 09:08:09PM +0100, Patrik Lundin wrote:
> > Hello,
> >
> > Here is an update to the newly released OpenDNSSEC 1.4.13. It removes a
> > patch
> > that has been merged u
On Sun, Jan 22, 2017 at 09:08:09PM +0100, Patrik Lundin wrote:
> Hello,
>
> Here is an update to the newly released OpenDNSSEC 1.4.13. It removes a patch
> that has been merged upstream.
>
Ping.
--
Patrik Lundin
state file.
Wrong error was sometimes being print on failing TCP connect.
Add support for OpenSSL 1.1.0.
OPENDNSSEC-866: Script for migration between MySQL and SQLite was outdated.
===
--
Patrik Lundin
Index: Makefile
On Sat, Nov 19, 2016 at 02:02:06PM +, Stuart Henderson wrote:
>
> It seems the first hunk of the configure script patch is unnecessary,
> probably since changes to pthread so that pulled in as a normal dependency.
> Can you confirm that please?
>
Good catch, new diff bel
: Inconsistencies between v1 and v2.
Issue #17: Use the MutexFactory wrapper functions correctly.
===
Note that SOFTHSM-101 was already backported to the version currently in
ports. This update removes those local patches. It also regens the
patch to the configure script.
--
Patrik Lundin
Index
.
===
It removes two already applied patches, and adds a new one which has also been
accepted upstream:
https://github.com/opendnssec/opendnssec/pull/603
Finally it updates LIB_DEPENDS so that databases/sqlite3 is only part of
the sqlite3 flavor to make portcheck happy.
--
Patrik Lundin
Index: Makefile
On Mon, Oct 10, 2016 at 12:28:58AM +0200, Patrik Lundin wrote:
> Hello,
>
> See below for an update to net/kea from 1.0.0 to 1.1.0.
>
Ping.
--
Patrik Lundin
r retrieving file: 404 Not Found
> $pkg_info -Iq ansible-2.1.1.0p2
> ansible-2.1.1.0p2
>
> The only 'advantage' of -e here is that it finds it if you pass the full
> version without the patchlevel.
>
Right, the reason for the switch was the requirement to find the real
package on disk when a user supplies a name using the branch syntax.
--
Patrik Lundin
to be true for "-Iq inst:".
This could mean that the module will always think that the package
needs to be installed because it can't tell there is a package with the
supplied name (plus patchlevel) already installed.
===
--
Patrik Lundin
ball is missing a lot of branch related changes from
upstream.
This particular problem is a result of adding the last iteration of
branch-syntax fixes without the previous plumbing.
Doing a diff -u between a "make extract" version of openbsd_pkg.py and
an upstream version from git shows quite a bit of changes that are
missing.
--
Patrik Lundin
l
Other then that the library versions of the port have been bumped based on
shared_libs.log in WRKSRC.
--
Patrik Lundin
Index: Makefile
===
RCS file: /cvs/ports/net/kea/Makefile,v
retrieving revision 1.5
diff -u -p -u -r1.5 Mak
tps://pthree.org/2013/05/27/strengthen-your-private-encrypted-ssh-keys/
generated a private key file which i manged to import with softhsm.
Does this fix your problem?
--
Patrik Lundin
On Mon, Jun 27, 2016 at 07:44:07PM +0200, Jeremie Courreges-Anglas wrote:
> Patrik Lundin writes:
>
> >
> > This means that the failing "test" can actually be thought of as a
> > feature. It is of course brittle, and will modify the build parameters
> &
On Mon, Jun 27, 2016 at 07:51:33PM +, Christian Weisgerber wrote:
> On 2016-06-27, Patrik Lundin wrote:
>
> > CXX_DUMP_VERSION=`$CXX -dumpversion | cut -f1-2 -d.`
> > if test "$CXX_DUMP_VERSION" \< "4.5"; then
> >WARNING_GCC_44_STRI
ters from other porters, anyone have
an idea how I should deal with this? Should I bother at all?
--
Patrik Lundin
wrap my head around the autoconf magic involved.
--
Patrik Lundin
Index: Makefile
===
RCS file: /cvs/ports/net/kea/Makefile,v
retrieving revision 1.5
diff -u -p -u -r1.5 Makefile
--- Makefile14 Mar 2016 06:46:24 - 1.5
On Mon, May 16, 2016 at 06:09:54PM +0200, Patrik Lundin wrote:
> Hello,
>
> Attached is a patch for OpenDNSSEC 1.4.10:
> https://www.opendnssec.org/2016/05/opendnssec-1-4-10/
>
Ping.
--
Patrik Lundin
Hello,
Attached is a patch for OpenDNSSEC 1.4.10:
https://www.opendnssec.org/2016/05/opendnssec-1-4-10/
The additional patch files were added to silence some minor build
warnings that I noticed. They have been accepted upstream:
https://github.com/opendnssec/opendnssec/pull/418
--
Patrik
On Mon, Mar 14, 2016 at 09:25:48AM +, Stuart Henderson wrote:
> On 2016/03/14 07:49, Jeremie Courreges-Anglas wrote:
> > Patrik Lundin writes:
> >
> > [...]
> >
> > > The only thing I felt a bit unsure about is net/kea which disables the
> > > b
too. :-)
>
Thanks for the information, it seems jca@ has come to the rescue already
:).
--
Patrik Lundin
On Fri, Mar 11, 2016 at 09:25:46PM +0100, Jeremie Courreges-Anglas wrote:
> Patrik Lundin writes:
>
> If this is what you had in mind, I can commit it. No REVISION bump
> needed.
>
> Index: net/kea/Makefile
>
[...]
>
> Index: security/opendnssec/Makefile
&g
call for people with commit bits?
--
Patrik Lundin
s specific
combination.
===
Diff below.
--
Patrik Lundin
Index: Makefile
===
RCS file: /cvs/ports/security/opendnssec/Makefile,v
retrieving revision 1.2
diff -u -p -u -r1.2 Makefile
--- Makefile22 Dec 2015 07:02:24 - 1
gging led me to this ticket http://kea.isc.org/ticket/4009
which in turn led me to the configure flags for defining what boost library to
use. After adding the additional configure flags the build succeeded.
Highlights:
* Renames "message" binar
sec anyway,
> and since I maintain the BIND port I track a few places where ISC are
> likely to announce things.
>
> http://www.openwall.com/lists/oss-security/2015/12/22/11
> https://www.isc.org/?feed=security-feed
>
Thanks for the info, I guess it is time to spin up newsbeuter again :).
--
Patrik Lundin
u notice it?
>
> I also added an XXX comment
> to remind us to update the license marker for 1.0 because ISC are moving
> to the Apache license :'(
>
I did have this upcoming change noted in the back of my head, but having
an explicit note in the Makefile does makes sense.
--
Patrik Lundin
gt; Thanks.
>
Great, thanks!
--
Patrik Lundin
Hello,
I noticed I was still using some '/etc' locations in PLIST and rc
script, diff below.
--
Patrik Lundin
Index: pkg/PLIST
===
RCS file: /cvs/ports/security/opendnssec/pkg/PLIST,v
retrieving revision 1.1.1.1
dif
On Wed, Dec 09, 2015 at 08:33:10PM +0100, Patrik Lundin wrote:
>
> Attached is a port with the explicit flag set and a shortened
> LIB_DEPENDS/WANTLIB list. I have tested that it ignores the use of Botan
> when it is installed. Let me know what you think.
>
Stuart: It would of co
On Tue, Dec 08, 2015 at 11:15:04PM +, Stuart Henderson wrote:
> On 2015/12/08 23:59, Patrik Lundin wrote:
> > I have posted a question to kea-dev regarding this:
> > https://lists.isc.org/pipermail/kea-dev/2015-December/000588.html
> >
> > Let's see how that
/2015-December/000588.html
Let's see how that goes.
--
Patrik Lundin
On Tue, Dec 08, 2015 at 11:18:53PM +0100, Patrik Lundin wrote:
>
> What is picking up botan? I looked at every @bin and @lib with ldd and I
> can't see anyone referring to that library. What am i missing?
>
>From http://kea.isc.org/docs/kea-guide.html#required-software:
oked at every @bin and @lib with ldd and I
can't see anyone referring to that library. What am i missing?
--
Patrik Lundin
On Tue, Dec 08, 2015 at 07:39:24PM +0100, Patrik Lundin wrote:
> > not a port problem, but "message" is a terrible name for sonething that
> > upstream want to place in a system directory!
>
> I have mentioned this in my upstream kea-dev thread.
>
FYI: upstream
"message" is a terrible name for sonething that
> upstream want to place in a system directory!
I have mentioned this in my upstream kea-dev thread.
Attached is the updated port, which only uses LIBTOOL_FLAGS to disable
the static libraries.
Thanks a lot for your time!
--
Patrik Lundin
kea.tgz
Description: application/tar-gz
December/000576.html
--
Patrik Lundin
kea.tgz
Description: application/tar-gz
On Mon, Oct 12, 2015 at 11:34:46PM +0100, Stuart Henderson wrote:
> On 2015/10/05 22:22, Patrik Lundin wrote:
> > The 1.4.8.2 version of opendnssec was just released. This version
> > incorporates the above mentioned fixes. You will find the port attached.
>
> Looks good to
On Sat, Sep 19, 2015 at 11:24:12AM +0200, Patrik Lundin wrote:
>
> Just a quick update: both the segfault on i386 and the lockup on macppc
> has been fixed on the development branch.
>
> I'll send an updated port as soon as the fixes are available in a
> release which may
Hello,
After sitting in the audience at EuroBSDcon 2015 listening to the
portroach talk by jasper@ I realized I had some homework to do :).
A PORTROACH limit should be accompanied by a PORTROACH_COMMENT. Attached
is a diff against my port.
--
Patrik Lundin
Index: Makefile
On Mon, Sep 21, 2015 at 02:25:53PM +0100, Stuart Henderson wrote:
>
> Thanks, committed. I added comments to patches with the headers from
> https://github.com/opendnssec/SoftHSMv1/commit/e853dc5b34d00a09e3e114cb4914b06c01c72b1c.patch
>
Looks good to me, thanks!
--
Patrik Lundin
e853dc5b34d00a09e3e114cb4914b06c01c72b1c.diff
===
I have verified that this makes the files created by softhsm --export as
well has softhsm-keyconv have 0600 permissions.
See below for diff against the port which also adds REVISION=0 to the
Makefile.
--
Patrik Lundin
Index: Makefile
a security issue that is fixed in the NetBSD port:
http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/security/softhsm/patches/patch-src_bin_softhsm-keyconv.cpp?annotate=1.1
I'll handle that in a separate thread once I have reproduced and fixed
the problem.
--
Patrik Lundin
On Thu, Aug 27, 2015 at 06:06:44PM +0200, Patrik Lundin wrote:
> Hello,
>
> portroach currently thinks security/softhsm is outdated. The reason for
> this is that while the version in ports is 1.3.7, there is a development
> release using a 2.0.0 version number.
>
> The di
ry
> patch.
>
Just a quick update: both the segfault on i386 and the lockup on macppc
has been fixed on the development branch.
I'll send an updated port as soon as the fixes are available in a
release which may be out in the upcoming week.
--
Patrik Lundin
On Wed, Jun 24, 2015 at 07:10:33AM +0200, Patrik Lundin wrote:
>
> The summary for now looks like this:
> Working: amd64, sparc64
> Broken: i386, macppc
>
> Is there some relation between threading and 32/64 bit? It is the main
> thing that sticks out currently, since sparc6
On Thu, Aug 27, 2015 at 05:35:54PM +0100, Stuart Henderson wrote:
> On 2015/08/27 18:17, Antoine Jacoutot wrote:
> > On Thu, Aug 27, 2015 at 06:06:44PM +0200, Patrik Lundin wrote:
> > > Hello,
> > >
> > > portroach currently thinks security/softhsm is outdate
Hello,
portroach currently thinks security/softhsm is outdated. The reason for
this is that while the version in ports is 1.3.7, there is a development
release using a 2.0.0 version number.
The diff below should limit the version check to the 1.x.x versions.
--
Patrik Lundin
Index: Makefile
On Mon, Jun 22, 2015 at 05:25:52PM +0200, Patrik Lundin wrote:
>
> I did not see the problem on amd64 or sparc64 at least. I am currently
> building stuff on a fresh macppc snapshot to see what happens there.
> After that I am out of platforms :).
>
So this is interesting. It tu
pins endlessly. Sucks...
>
Yeah it seems to be quite a funky problem to debug. The last guy from
NLnet labs that looked at it seemed to believe it had something to do
with threading, but was not able to make more sense of it than that.
--
Patrik Lundin
ew tarball attached.
> - don't hardcode the botan libs but use botan-config
> - no need for libsofthsm.{a,la}, ltdl is not used
>
> I think it's ready to import.
>
Thanks for the feedback!
--
Patrik Lundin
pshot to see what happens there.
After that I am out of platforms :).
>
> softhsm is probably easier to test so let's look at that first. I'm
> fairly busy at the moment but I'll put it on my list to look at...
>
Sounds good to me, thanks!
--
Patrik Lundin
On Wed, Jun 17, 2015 at 08:57:35AM +0200, Patrik Lundin wrote:
> On Thu, May 21, 2015 at 08:23:49PM +0200, Patrik Lundin wrote:
> > On Sat, May 16, 2015 at 06:24:11PM +0200, Patrik Lundin wrote:
> > >
> > > You will find the latest ports attached. Except for marking
On Thu, May 21, 2015 at 08:23:49PM +0200, Patrik Lundin wrote:
> On Sat, May 16, 2015 at 06:24:11PM +0200, Patrik Lundin wrote:
> >
> > You will find the latest ports attached. Except for marking opendnssec
> > broken on i386 I have also updated the version from 1.4.6 to
o the same thing in the port. Diff below.
--
Patrik Lundin
Index: isc_dhcpd.rc
===
RCS file: /cvs/ports/net/isc-dhcp/pkg/isc_dhcpd.rc,v
retrieving revision 1.1
diff -u -p -u -r1.1 isc_dhcpd.rc
--- isc_dhcpd.rc12 Oct 2014 20:1
On Sat, May 16, 2015 at 06:24:11PM +0200, Patrik Lundin wrote:
>
> You will find the latest ports attached. Except for marking opendnssec
> broken on i386 I have also updated the version from 1.4.6 to 1.4.7, and
> I have converted databases/mysql dependencies to databases/mariadb.
>
n these problems on amd64 or sparc64.
You will find the latest ports attached. Except for marking opendnssec
broken on i386 I have also updated the version from 1.4.6 to 1.4.7, and
I have converted databases/mysql dependencies to databases/mariadb.
--
Patrik Lundin
opendnssec.tgz
Des
?
It seems to me the simplest way of solving the certificate stuff is to
generate the key and crt on the logstash host, and then use that same
crt file as the "ssl ca" on the logstash-forwarder host.
--
Patrik Lundin
On Sat, Jan 17, 2015 at 12:22:09PM +0100, Patrik Lundin wrote:
>
> Also, pending input from armani@ the code could change drastically. So
> I would not invest too much time until it is merged.
>
Better late than never:
The updated rcctl support has been merged upstream
(https:
On Wed, Dec 31, 2014 at 03:17:23PM +0100, Patrik Lundin wrote:
>
> Just a small update, the PR above has now been merged into armanis
> branch. If anyone was waiting for this to have a nice baseline for
> testing you are good to go. As mentioned earlier the upstream PR is
>
On Thu, Dec 11, 2014 at 11:55:59PM +, Stuart Henderson wrote:
> > On Thu, Dec 11, 2014 at 09:11:27PM +0100, Patrik Lundin wrote:
> >
> > Ugh, I spoke too soon. I found a bug in the handling of special services
> > like pf just now. A PR against armanis fork is availabl
On Thu, Dec 11, 2014 at 09:11:27PM +0100, Patrik Lundin wrote:
>
> To my knowledge the support should be pretty solid by now.
>
Ugh, I spoke too soon. I found a bug in the handling of special services
like pf just now. A PR against armanis fork is available here (this will
of course be
ny negative feedback would also be welcome of course ;).
Regards,
Patrik Lundin
On Mon, Jun 02, 2014 at 09:48:41AM +0200, Patrik Lundin wrote:
>
> Is no one interested in this? I think it is a nice complement to nsd in
> base for automated DNSSEC.
>
I have now been updating the ports for both opendnssec and softhsm to
the latest versions (opendnssec 1.4.6 and s
On Tue, May 27, 2014 at 10:27:52PM +0200, Patrik Lundin wrote:
>
> The ports are now at a state where i feel they are suitable for import.
>
Is no one interested in this? I think it is a nice complement to nsd in
base for automated DNSSEC.
Regards,
Patrik Lundin
acility,
user/group used etc.) the other changes have been merged upstream.
The ports have recieved testing on amd64 and sparc64.
If they are found to be good enough for import I want to make sure Stuart,
Jérémie and Jerry Lundström are credited for
the help so far.
Regards,
Patrik Lundin
op
has
been fixed on the branch.
> We try to avoid having too much patches in the ports tree. The best way
> is probably to work with upstream and get your patches integrated, after
> proper reviewing. Some mistakes have been done while wrongly replacing
> eg. strcpy by strlcpy.
>
I intend to ignore the strcat/strcpy stuff for now given the above
status. The other stuff has been fixed.
Thanks a lot for your input :).
Regards,
Patrik Lundin
On Sun, May 18, 2014 at 07:24:00PM +0200, Patrik Lundin wrote:
>
> First up is this one:
> ===
> pin.c: In function 'hsm_shm_open':
> pin.c:209: warning: comparison between signed and unsigned
> ===
>
> Next we have this one:
> ===
> hsmspeed.c:38:1: warni
On Sun, May 18, 2014 at 01:24:11PM +0200, Patrik Lundin wrote:
>
> I guess I will have to look into how to disabled -pedantic in the build
> then.
>
Disabling -pedantic was easy to do at configure time, using
--disable-pedantic. Now I have started looking at the remaining
war
how_bug.cgi?id=579
I guess I will have to look into how to disabled -pedantic in the build
then.
Regards,
Patrik Lundin
On Wed, May 07, 2014 at 10:57:50PM +0200, Patrik Lundin wrote:
>
> The opendnssec port is a work in progress. The most annoying thing
> while building currently is the warnings regarding "comma at end of
> enumerator list" which seems to be the result of inconsistent use o
ALSTATEDIR}
>
Using ${LOCALSTATEDIR} in the PLISTs also cause "Bogus element outside
of every prefix" warnings, maby this is OK?
I have updated the PLISTs for now.
Thanks a lot for taking a look!
Regards,
Patrik Lundin
softhsm.tgz
Description: application/tar-gz
opendnssec.tgz
Description: application/tar-gz
d it to be
there.
Finally I am pretty sure both LICENSE files can be summed up as BSD, an
extra pair of eyes would be welcome though. I make sure they are
installed under doc/ in both ports.
Anyway, any feedback is much appreciated.
Regards,
Patrik Lundin
opendnssec.tgz
Description: applic
On Thu, Jun 06, 2013 at 10:07:56PM +0100, Stuart Henderson wrote:
>
> The attached port builds, but doesn't produce a shared library, which
> the produced binaries rely upon, so it doesn't actually work..
>
Ah, cool!
It seems your configure patch fixes that specfic build problem I
described.
>
-rpath,/usr/local/lib/softhsm
===
Is there a proper way to fix this without resorting to GNU?
Regards,
Patrik Lundin
83 matches
Mail list logo
