[Swan-dev] debian patch for dnssec root.key
Antony Antony
antony at phenome.org
Mon Jun 26 08:22:03 UTC 2017
Hi dkg,
I think Debian will need this patch for pluto to read
/usr/share/dns/root.key file.
Libreswan default location is a root.key file on Fedora 2x,
/var/lib/unbound/root.key
I can also imagine Debian has a different file with the latest root key(s),
generated; such as root.anchor file? However, be careful using a root.anchor
instead of root.key which comes from the package dns-root-data. If the
root.anchor is not get generated for some reason say no network or no access
to "." zone pluto may fail. I am not sure how root.anchor is generated.
As far as I see, unbound-anchor does not come with root.key on Debian.
https://packages.debian.org/sid/amd64/unbound-anchor/filelist
dns-root-data seems to come with root.key file.
https://packages.debian.org/stretch/all/dns-root-data/filelist
Some weird dsl modem/routers may block queries "." zone when they try to do
more dns magic.
Thanks for testing 3.21rcX on debain.
regards,
-antony
-------------- next part --------------
>From fdf94f2756d3b3844b8d6fe62286c941d705e59f Mon Sep 17 00:00:00 2001
From: Antony Antony <antony at phenome.org>
Date: Sat, 24 Jun 2017 00:21:12 +0200
Subject: [PATCH] add dns-root-data dependency and use root.key from it
set Debian location for root.key file when compiling
DEFAULT_DNSSEC_ROOTKEY_FILE=/usr/share/dns/root.key
Signed-off-by: Antony Antony <antony at phenome.org>
---
debian/control | 1 +
debian/rules | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/debian/control b/debian/control
index 4ccc0a590..f7fc6bdb7 100644
--- a/debian/control
+++ b/debian/control
@@ -40,6 +40,7 @@ Pre-Depends:
debconf | debconf-2.0,
Depends:
bsdmainutils,
+ dns-root-data,
host,
iproute2 | iproute (>= 20071016),
libnspr4,
diff --git a/debian/rules b/debian/rules
index 54c6baa0a..541801dc6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -33,7 +33,8 @@ override_dh_auto_build:
$(ENABLE_LIBCAP_NG) \
$(ENABLE_SELINUX) \
USE_KLIPS=false \
- USE_DNSSEC=true
+ USE_DNSSEC=true \
+ DEFAULT_DNSSEC_ROOTKEY_FILE=/usr/share/dns/root.key
override_dh_auto_install-arch:
# Add here commands to install the package into debian/libreswan
--
2.11.0
More information about the Swan-dev
mailing list