[Swan-dev] why remove USERLAND_CFLAGS+=-DDEFAULT_DNSSEC_ROOTKEY_FILE
Antony Antony
antony at phenome.org
Tue Sep 12 10:21:23 UTC 2017
On Thu, Aug 24, 2017 at 12:18:20PM -0400, Paul Wouters wrote:
> On Wed, 23 Aug 2017, Antony Antony wrote:
>
> > Why is commit e0a15de removing DEFAULT_DNSSEC_ROOTKEY_FILE from
> > USERLAND_CFLAGS. The compile time option is necessary for Debian, pluto need
> > the defined value.
> >
> > USERLAND_CFLAGS+=-DDEFAULT_DNSSEC_ROOTKEY_FILE=\"${DEFAULT_DNSSEC_ROOTKEY_FILE}\"
>
> It is now set using DEFAULT_DNSSEC_ROOTKEY_FILE which has a builtin
> default? So you can still set it to build on debian, but you don't have
> to tweak USERLAND_CFLAGS for it.
Just setting in the make file without
USERLAND_CFLAGS+=-DDEFAULT_DNSSEC_ROOTKEY_FILE=\"${DEFAULT_DNSSEC_ROOTKEY_FILE}\" has no effect.
> > After the commit e0a15de DEFAULT_DNSSEC_ROOTKEY_FILE seems to be unused.
> > It breaks on Debian default settings.
>
> That should not happen. I'll look into that today.
It was still broken, so I pushed a fix! If you are missing some features
please report it. Now, dnssec-rootkey-file is printed only when libreswan
is compiled with USE_DNSSEC=true
> I think possibly it is not broken, but the method of setting it changed
> and I didn't update that in the debian/ files.
This is not debian sepcific issue. You could easly test in on Fedora too.
how to verify the original issue I reported.
make clean
DEFAULT_DNSSEC_ROOTKEY_FILE=foo make install-base
ipsec start
ipsec status | grep dnssec-rootkey-file
000 dnssec-rootkey-file=foo, dnssec-trusted=<unset>
-antony
More information about the Swan-dev
mailing list