Bug 250293

Summary: dns/opendnssec2: Update to 2.1.7
Product: Ports & Packages Reporter: Jaap Akkerhuis <jaap>
Component: Individual Port(s)Assignee: Danilo G. Baio <dbaio>
Status: Closed FIXED    
Severity: Affects Some People CC: dbaio, fernape, jaap
Priority: --- Flags: dbaio: maintainer-feedback+
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://www.opendnssec.org/2020/10/opendnssec-2-1-7/
Bug Depends on:    
Bug Blocks: 241270    
Attachments:
Description Flags
patch to update jaap: maintainer-approval+

Description Jaap Akkerhuis 2020-10-12 09:53:22 UTC
Created attachment 218688 [details]
patch to update

NEWS

This release of 2.1.7 fixes a bug in the migration script to migrate
from 1.4 to 2.1. Additionally a bug in creating unnecessary signatures
during a ZSK roll was fixed. We also had some contributions regarding
edward curves and exporting keys by CKA identifier and other
corrections and improvements, see the full list below.

Issues

* OPENDNSSEC-949: Fix for migration bug not keeping proper parameters
  of NSEC3 signed zones. Amongst others the zone become NSEC. Loading
  the policies

* fixes the situation, migration scripts now corrected. Since 1.4
  does not require a salt, a resalt might be automatic after
  migrating, as this is a required parameter.

* OPENDNSSEC-948: do not recreate signatures for keys that are
  moving out this fixes unexpected double signatures in the zone.

* SUPPORT-253: Incorrect keytag used when using Combined Signing
  keys (CSK) (Thanks to Simon Arlott)

* SUPPORT-257: Export keys by locator (Thansk to Simon Arlott)

* SUPPORT-222: Support ED25519/ED448 keys. This requires library
  ldns 1.7.0 or better, otherwise unavailable. (Thanks again to
  Simon Arlott)

* Load libsqlite3.so.0 and fall back on libsqlite3.so.0 to allow
  to run migration tool on systems without libsqlite3.so.0 soft
  link.  (Thanks to Paul Wouters)

* Some compilation warnings, o.a. gcc10 related, code quality and
  initialization improvements. (Thanks to Jonas Berlin, and Mathieu
  MirMont, and Paul Wouters)
Comment 1 Automation User 2020-10-12 10:18:02 UTC
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/201336228
Comment 2 Jaap Akkerhuis 2020-10-12 10:21:01 UTC
Note, this incorporate changes for bug #241270
Comment 3 Fernando Apesteguía freebsd_committer 2020-10-12 11:59:10 UTC
Q/A:  Makefile: [63]: whitespace before end of line.

Thanks!
Comment 4 Danilo G. Baio freebsd_committer 2020-11-02 13:16:07 UTC
Hi.

I'm seeing a build issue on FreeBSD 11.4 i386.

Adding localbase to USES fixes that... Is that ok? or do you you want to take a look?

Build log is here: https://people.freebsd.org/~dbaio/opendnssec2-2.1.7.log
Comment 5 Danilo G. Baio freebsd_committer 2020-11-02 13:45:30 UTC
That's odd, it's not just 11.4 i386, after I cleaned my jails/ccache, it randomly breaks with the same issue in 11, 12 or CURRENT jails (i386 or amd64).

`MAKE_JOBS_UNSAFE=yes` and `localbase` didn't help.
Comment 6 Jaap Akkerhuis 2020-11-02 13:56:47 UTC
(In reply to Danilo G. Baio from comment #4)

This is odd, I don't seem able to reproduce this (using poudriere on 12Stable)

What do you mean with adding localbase to USES?
Comment 7 Danilo G. Baio freebsd_committer 2020-11-02 14:01:47 UTC
(In reply to Jaap Akkerhuis from comment #6)

Ignore that, localbase didn't help.
I checked the pkg-fallout history, and there is an issue in 121powerpc64 which is the same issue I'm getting here:
https://portsfallout.com/fallout?port=dns%2Fopendnssec2
Comment 8 Danilo G. Baio freebsd_committer 2020-11-02 14:08:32 UTC
I've just built two rounds of 11, 12 and CURRENT (i386 and amd64) without issues. I can't explain.

I'll push this update forward, but it's good to watch out for pkg-fallouts.
Comment 9 commit-hook freebsd_committer 2020-11-02 14:12:04 UTC
A commit references this bug:

Author: dbaio
Date: Mon Nov  2 14:11:36 UTC 2020
New revision: 553910
URL: https://svnweb.freebsd.org/changeset/ports/553910

Log:
  dns/opendnssec2: Update to 2.1.7

  Patches removed were incorporated upstream.

  Changelog:	https://www.opendnssec.org/2020/10/opendnssec-2-1-7/

  PR:		250293
  Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
  MFH:		2020Q4 (blanket: bugfix release)

Changes:
  head/dns/opendnssec2/Makefile
  head/dns/opendnssec2/distinfo
  head/dns/opendnssec2/files/patch-enforcer_src_daemon_ctrl__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_daemon_enforcercommands.c
  head/dns/opendnssec2/files/patch-enforcer_src_daemon_enforcercommands.h
  head/dns/opendnssec2/files/patch-enforcer_src_daemon_help__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_daemon_queue__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_daemon_time__leap__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_daemon_verbosity__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_enforcer_enforce__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_enforcer_repositorylist__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_enforcer_update__all__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_enforcer_update__conf__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_enforcer_update__repositorylist__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_hsmkey_backup__hsmkeys__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_hsmkey_key__generate__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_key__purge__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__gone__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__retract__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__seen__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__submit__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__export__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__import__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__list__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__rollover__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_rollover__list__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__add__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__del__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__list__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__set__policy__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_zonelist__export__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_keystate_zonelist__import__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_policy_policy__export__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_policy_policy__import__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_policy_policy__list__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_policy_policy__purge__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_policy_policy__resalt__cmd.h
  head/dns/opendnssec2/files/patch-enforcer_src_signconf_signconf__cmd.h
  head/dns/opendnssec2/files/patch-signer_src_daemon_signercommands.h
Comment 10 commit-hook freebsd_committer 2020-11-02 14:15:06 UTC
A commit references this bug:

Author: dbaio
Date: Mon Nov  2 14:14:17 UTC 2020
New revision: 553911
URL: https://svnweb.freebsd.org/changeset/ports/553911

Log:
  MFH: r553910

  dns/opendnssec2: Update to 2.1.7

  Patches removed were incorporated upstream.

  Changelog:	https://www.opendnssec.org/2020/10/opendnssec-2-1-7/

  PR:		250293
  Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

  Approved by:	ports-secteam (blanket: bugfix release)

Changes:
_U  branches/2020Q4/
  branches/2020Q4/dns/opendnssec2/Makefile
  branches/2020Q4/dns/opendnssec2/distinfo
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_ctrl__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_enforcercommands.c
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_enforcercommands.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_help__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_queue__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_time__leap__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_verbosity__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_enforcer_enforce__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_enforcer_repositorylist__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_enforcer_update__all__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_enforcer_update__conf__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_enforcer_update__repositorylist__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_hsmkey_backup__hsmkeys__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_hsmkey_key__generate__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_key__purge__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__gone__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__retract__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__seen__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__submit__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__export__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__import__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__list__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__rollover__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_rollover__list__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__add__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__del__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__list__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__set__policy__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_zonelist__export__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_zonelist__import__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_policy_policy__export__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_policy_policy__import__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_policy_policy__list__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_policy_policy__purge__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_policy_policy__resalt__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_signconf_signconf__cmd.h
  branches/2020Q4/dns/opendnssec2/files/patch-signer_src_daemon_signercommands.h
Comment 11 Danilo G. Baio freebsd_committer 2020-11-02 14:19:10 UTC
Committed, thanks!