Created attachment 218688 [details] patch to update NEWS This release of 2.1.7 fixes a bug in the migration script to migrate from 1.4 to 2.1. Additionally a bug in creating unnecessary signatures during a ZSK roll was fixed. We also had some contributions regarding edward curves and exporting keys by CKA identifier and other corrections and improvements, see the full list below. Issues * OPENDNSSEC-949: Fix for migration bug not keeping proper parameters of NSEC3 signed zones. Amongst others the zone become NSEC. Loading the policies * fixes the situation, migration scripts now corrected. Since 1.4 does not require a salt, a resalt might be automatic after migrating, as this is a required parameter. * OPENDNSSEC-948: do not recreate signatures for keys that are moving out this fixes unexpected double signatures in the zone. * SUPPORT-253: Incorrect keytag used when using Combined Signing keys (CSK) (Thanks to Simon Arlott) * SUPPORT-257: Export keys by locator (Thansk to Simon Arlott) * SUPPORT-222: Support ED25519/ED448 keys. This requires library ldns 1.7.0 or better, otherwise unavailable. (Thanks again to Simon Arlott) * Load libsqlite3.so.0 and fall back on libsqlite3.so.0 to allow to run migration tool on systems without libsqlite3.so.0 soft link. (Thanks to Paul Wouters) * Some compilation warnings, o.a. gcc10 related, code quality and initialization improvements. (Thanks to Jonas Berlin, and Mathieu MirMont, and Paul Wouters)
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/201336228
Note, this incorporate changes for bug #241270
Q/A: Makefile: [63]: whitespace before end of line. Thanks!
Hi. I'm seeing a build issue on FreeBSD 11.4 i386. Adding localbase to USES fixes that... Is that ok? or do you you want to take a look? Build log is here: https://people.freebsd.org/~dbaio/opendnssec2-2.1.7.log
That's odd, it's not just 11.4 i386, after I cleaned my jails/ccache, it randomly breaks with the same issue in 11, 12 or CURRENT jails (i386 or amd64). `MAKE_JOBS_UNSAFE=yes` and `localbase` didn't help.
(In reply to Danilo G. Baio from comment #4) This is odd, I don't seem able to reproduce this (using poudriere on 12Stable) What do you mean with adding localbase to USES?
(In reply to Jaap Akkerhuis from comment #6) Ignore that, localbase didn't help. I checked the pkg-fallout history, and there is an issue in 121powerpc64 which is the same issue I'm getting here: https://portsfallout.com/fallout?port=dns%2Fopendnssec2
I've just built two rounds of 11, 12 and CURRENT (i386 and amd64) without issues. I can't explain. I'll push this update forward, but it's good to watch out for pkg-fallouts.
A commit references this bug: Author: dbaio Date: Mon Nov 2 14:11:36 UTC 2020 New revision: 553910 URL: https://svnweb.freebsd.org/changeset/ports/553910 Log: dns/opendnssec2: Update to 2.1.7 Patches removed were incorporated upstream. Changelog: https://www.opendnssec.org/2020/10/opendnssec-2-1-7/ PR: 250293 Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer) MFH: 2020Q4 (blanket: bugfix release) Changes: head/dns/opendnssec2/Makefile head/dns/opendnssec2/distinfo head/dns/opendnssec2/files/patch-enforcer_src_daemon_ctrl__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_daemon_enforcercommands.c head/dns/opendnssec2/files/patch-enforcer_src_daemon_enforcercommands.h head/dns/opendnssec2/files/patch-enforcer_src_daemon_help__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_daemon_queue__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_daemon_time__leap__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_daemon_verbosity__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_enforcer_enforce__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_enforcer_repositorylist__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_enforcer_update__all__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_enforcer_update__conf__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_enforcer_update__repositorylist__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_hsmkey_backup__hsmkeys__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_hsmkey_key__generate__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_key__purge__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__gone__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__retract__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__seen__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__submit__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__export__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__import__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__list__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__rollover__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_rollover__list__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__add__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__del__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__list__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__set__policy__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_zonelist__export__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_keystate_zonelist__import__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_policy_policy__export__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_policy_policy__import__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_policy_policy__list__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_policy_policy__purge__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_policy_policy__resalt__cmd.h head/dns/opendnssec2/files/patch-enforcer_src_signconf_signconf__cmd.h head/dns/opendnssec2/files/patch-signer_src_daemon_signercommands.h
A commit references this bug: Author: dbaio Date: Mon Nov 2 14:14:17 UTC 2020 New revision: 553911 URL: https://svnweb.freebsd.org/changeset/ports/553911 Log: MFH: r553910 dns/opendnssec2: Update to 2.1.7 Patches removed were incorporated upstream. Changelog: https://www.opendnssec.org/2020/10/opendnssec-2-1-7/ PR: 250293 Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer) Approved by: ports-secteam (blanket: bugfix release) Changes: _U branches/2020Q4/ branches/2020Q4/dns/opendnssec2/Makefile branches/2020Q4/dns/opendnssec2/distinfo branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_ctrl__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_enforcercommands.c branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_enforcercommands.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_help__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_queue__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_time__leap__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_daemon_verbosity__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_enforcer_enforce__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_enforcer_repositorylist__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_enforcer_update__all__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_enforcer_update__conf__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_enforcer_update__repositorylist__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_hsmkey_backup__hsmkeys__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_hsmkey_key__generate__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_key__purge__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__gone__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__retract__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__seen__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__ds__submit__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__export__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__import__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__list__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_keystate__rollover__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_rollover__list__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__add__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__del__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__list__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_zone__set__policy__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_zonelist__export__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_keystate_zonelist__import__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_policy_policy__export__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_policy_policy__import__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_policy_policy__list__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_policy_policy__purge__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_policy_policy__resalt__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-enforcer_src_signconf_signconf__cmd.h branches/2020Q4/dns/opendnssec2/files/patch-signer_src_daemon_signercommands.h
Committed, thanks!