Antony Antony antony at phenome.org
Tue Sep 12 10:21:23 UTC 2017

On Thu, Aug 24, 2017 at 12:18:20PM -0400, Paul Wouters wrote:
> On Wed, 23 Aug 2017, Antony Antony wrote:
> > Why is commit e0a15de removing DEFAULT_DNSSEC_ROOTKEY_FILE from
> > USERLAND_CFLAGS. The compile time option is necessary for Debian, pluto need
> > the defined value.
> > 
> It is now set using DEFAULT_DNSSEC_ROOTKEY_FILE which has a builtin
> default? So you can still set it to build on debian, but you don't have
> to tweak USERLAND_CFLAGS for it.

Just setting in the make file without 
> > After the commit e0a15de DEFAULT_DNSSEC_ROOTKEY_FILE seems to be unused.
> > It breaks on Debian default settings.
> That should not happen. I'll look into that today.

It was still broken, so I pushed a fix! If you are missing some features 
please report it. Now,  dnssec-rootkey-file is printed only when libreswan 
is compiled with USE_DNSSEC=true

> I think possibly it is not broken, but the method of setting it changed
> and I didn't update that in the debian/ files.

This is not debian sepcific issue. You could easly test in on Fedora too.

how to verify the original issue I reported.
make clean
DEFAULT_DNSSEC_ROOTKEY_FILE=foo make install-base
ipsec start
ipsec status | grep dnssec-rootkey-file
000 dnssec-rootkey-file=foo, dnssec-trusted=<unset>


More information about the Swan-dev mailing list