[Swan-dev] why remove USERLAND_CFLAGS+=-DDEFAULT_DNSSEC_ROOTKEY_FILE

Paul Wouters paul at nohats.ca
Tue Sep 12 14:26:36 UTC 2017


On Tue, 12 Sep 2017, Antony Antony wrote:

>> It is now set using DEFAULT_DNSSEC_ROOTKEY_FILE which has a builtin
>> default? So you can still set it to build on debian, but you don't have
>> to tweak USERLAND_CFLAGS for it.
>
> Just setting in the make file without
> USERLAND_CFLAGS+=-DDEFAULT_DNSSEC_ROOTKEY_FILE=\"${DEFAULT_DNSSEC_ROOTKEY_FILE}\" has no effect.
>>> After the commit e0a15de DEFAULT_DNSSEC_ROOTKEY_FILE seems to be unused.
>>> It breaks on Debian default settings.
>>
>> That should not happen. I'll look into that today.
>
> It was still broken, so I pushed a fix!

I was trying to have it defined by default in an include file, and only
define it using make to override. That way it does not show up as a huge
line in the build for every gcc invocation. I can look at changing it
using an #ifndef in dnssec.h

> If you are missing some features  please report it. Now,  dnssec-rootkey-file is printed only when libreswan
> is compiled with USE_DNSSEC=true

That is not what I wanted. I want it to always print all the things,
even if <unset> so we can tell the difference in output between old and
new versions that do or don't contain a feature. People on the list often
don't tell us the version they are using, or giving incorrect information
by mistake. Therefor it is better to have the output confirm those things.

Paul


More information about the Swan-dev mailing list