diff options
author | Armin Kuster <akuster808@gmail.com> | 2020-09-28 08:56:46 -0700 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2020-09-29 07:18:24 -0700 |
commit | 524a44f6d5c7b2fad220fc1b7169dc01609fa7d9 (patch) | |
tree | 32b5f8bb4bfa4a46d7dbdfac40096e2d150ec7d9 /recipes-security | |
parent | 904b0cbd33fd6e6bc0488677bfb7f8ac575c13fc (diff) | |
download | meta-security-524a44f6d5c7b2fad220fc1b7169dc01609fa7d9.tar.gz |
opendnssec: add recipe
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'recipes-security')
-rw-r--r-- | recipes-security/opendnssec/files/fix_fprint.patch | 25 | ||||
-rw-r--r-- | recipes-security/opendnssec/files/libdns_conf_fix.patch | 217 | ||||
-rw-r--r-- | recipes-security/opendnssec/files/libxml2_conf.patch | 112 | ||||
-rw-r--r-- | recipes-security/opendnssec/opendnssec_2.1.6.bb | 37 |
4 files changed, 391 insertions, 0 deletions
diff --git a/recipes-security/opendnssec/files/fix_fprint.patch b/recipes-security/opendnssec/files/fix_fprint.patch new file mode 100644 index 0000000..da0bcfe --- /dev/null +++ b/recipes-security/opendnssec/files/fix_fprint.patch | |||
@@ -0,0 +1,25 @@ | |||
1 | format not a string literal and no format arguments | ||
2 | |||
3 | missing module_str in call | ||
4 | |||
5 | Upstream-Status: Pending | ||
6 | Signed-off-by: Armin Kuster <akuster808@gmail.com> | ||
7 | |||
8 | ../../../git/enforcer/src/keystate/keystate_ds.c:192:7: error: format not a string literal and no format arguments [-Werror=format-security] | ||
9 | | 192 | ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds); | ||
10 | | | ^~~~~~~~~~~~~~~~~~~~~~~~ | ||
11 | |||
12 | |||
13 | Index: git/enforcer/src/keystate/keystate_ds.c | ||
14 | =================================================================== | ||
15 | --- git.orig/enforcer/src/keystate/keystate_ds.c | ||
16 | +++ git/enforcer/src/keystate/keystate_ds.c | ||
17 | @@ -189,7 +189,7 @@ exec_dnskey_by_id(int sockfd, struct dbw | ||
18 | status = 0; | ||
19 | } | ||
20 | else { | ||
21 | - ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds); | ||
22 | + ods_log_error_and_printf(sockfd, module_str, "Failed to run %s", cp_ds); | ||
23 | status = 7; | ||
24 | } | ||
25 | } | ||
diff --git a/recipes-security/opendnssec/files/libdns_conf_fix.patch b/recipes-security/opendnssec/files/libdns_conf_fix.patch new file mode 100644 index 0000000..126e197 --- /dev/null +++ b/recipes-security/opendnssec/files/libdns_conf_fix.patch | |||
@@ -0,0 +1,217 @@ | |||
1 | Configure does not work with OE pkg-config for the ldns option | ||
2 | |||
3 | Upstream-Status: OE specific | ||
4 | |||
5 | Signed-off-by: Armin Kuster <akuster808@gmail.com> | ||
6 | |||
7 | Index: opendnssec-2.1.6/m4/acx_ldns.m4 | ||
8 | =================================================================== | ||
9 | --- opendnssec-2.1.6.orig/m4/acx_ldns.m4 | ||
10 | +++ opendnssec-2.1.6/m4/acx_ldns.m4 | ||
11 | @@ -1,128 +1,65 @@ | ||
12 | -AC_DEFUN([ACX_LDNS],[ | ||
13 | - AC_ARG_WITH(ldns, | ||
14 | - [AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])], | ||
15 | - [ | ||
16 | - LDNS_PATH="$withval" | ||
17 | - AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin) | ||
18 | - ],[ | ||
19 | - LDNS_PATH="/usr/local" | ||
20 | - AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $PATH) | ||
21 | - ]) | ||
22 | - | ||
23 | - if test -x "$LDNS_CONFIG" | ||
24 | - then | ||
25 | - AC_MSG_CHECKING(what are the ldns includes) | ||
26 | - LDNS_INCLUDES="`$LDNS_CONFIG --cflags`" | ||
27 | - AC_MSG_RESULT($LDNS_INCLUDES) | ||
28 | - | ||
29 | - AC_MSG_CHECKING(what are the ldns libs) | ||
30 | - LDNS_LIBS="`$LDNS_CONFIG --libs`" | ||
31 | - AC_MSG_RESULT($LDNS_LIBS) | ||
32 | - else | ||
33 | - AC_MSG_CHECKING(what are the ldns includes) | ||
34 | - LDNS_INCLUDES="-I$LDNS_PATH/include" | ||
35 | - AC_MSG_RESULT($LDNS_INCLUDES) | ||
36 | - | ||
37 | - AC_MSG_CHECKING(what are the ldns libs) | ||
38 | - LDNS_LIBS="-L$LDNS_PATH/lib -lldns" | ||
39 | - AC_MSG_RESULT($LDNS_LIBS) | ||
40 | - fi | ||
41 | - | ||
42 | - tmp_CPPFLAGS=$CPPFLAGS | ||
43 | - tmp_LIBS=$LIBS | ||
44 | - | ||
45 | - CPPFLAGS="$CPPFLAGS $LDNS_INCLUDES" | ||
46 | - LIBS="$LIBS $LDNS_LIBS" | ||
47 | - | ||
48 | - AC_CHECK_LIB(ldns, ldns_rr_new,,[AC_MSG_ERROR([Can't find ldns library])]) | ||
49 | - LIBS=$tmp_LIBS | ||
50 | - | ||
51 | - AC_MSG_CHECKING([for ldns version]) | ||
52 | - CHECK_LDNS_VERSION=m4_format(0x%02x%02x%02x, $1, $2, $3) | ||
53 | - AC_LANG_PUSH([C]) | ||
54 | - AC_RUN_IFELSE([ | ||
55 | - AC_LANG_SOURCE([[ | ||
56 | - #include <ldns/ldns.h> | ||
57 | - int main() | ||
58 | - { | ||
59 | - #ifdef LDNS_REVISION | ||
60 | - if (LDNS_REVISION >= $CHECK_LDNS_VERSION) | ||
61 | - return 0; | ||
62 | - #endif | ||
63 | - return 1; | ||
64 | - } | ||
65 | - ]]) | ||
66 | - ],[ | ||
67 | - AC_MSG_RESULT([>= $1.$2.$3]) | ||
68 | - ],[ | ||
69 | - AC_MSG_RESULT([< $1.$2.$3]) | ||
70 | - AC_MSG_ERROR([ldns library too old ($1.$2.$3 or later required)]) | ||
71 | - ],[]) | ||
72 | - AC_LANG_POP([C]) | ||
73 | +#serial 11 | ||
74 | |||
75 | - CPPFLAGS=$tmp_CPPFLAGS | ||
76 | - | ||
77 | - AC_SUBST(LDNS_INCLUDES) | ||
78 | - AC_SUBST(LDNS_LIBS) | ||
79 | -]) | ||
80 | - | ||
81 | - | ||
82 | -AC_DEFUN([ACX_LDNS_NOT],[ | ||
83 | - AC_ARG_WITH(ldns, | ||
84 | - [AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])], | ||
85 | - [ | ||
86 | - LDNS_PATH="$withval" | ||
87 | - AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin) | ||
88 | - ],[ | ||
89 | - LDNS_PATH="/usr/local" | ||
90 | - AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $PATH) | ||
91 | - ]) | ||
92 | - | ||
93 | - if test -x "$LDNS_CONFIG" | ||
94 | - then | ||
95 | - AC_MSG_CHECKING(what are the ldns includes) | ||
96 | - LDNS_INCLUDES="`$LDNS_CONFIG --cflags`" | ||
97 | - AC_MSG_RESULT($LDNS_INCLUDES) | ||
98 | - | ||
99 | - AC_MSG_CHECKING(what are the ldns libs) | ||
100 | - LDNS_LIBS="`$LDNS_CONFIG --libs`" | ||
101 | - AC_MSG_RESULT($LDNS_LIBS) | ||
102 | - else | ||
103 | - AC_MSG_CHECKING(what are the ldns includes) | ||
104 | - LDNS_INCLUDES="-I$LDNS_PATH/include" | ||
105 | - AC_MSG_RESULT($LDNS_INCLUDES) | ||
106 | - | ||
107 | - AC_MSG_CHECKING(what are the ldns libs) | ||
108 | - LDNS_LIBS="-L$LDNS_PATH/lib -lldns" | ||
109 | - AC_MSG_RESULT($LDNS_LIBS) | ||
110 | - fi | ||
111 | - | ||
112 | - tmp_CPPFLAGS=$CPPFLAGS | ||
113 | - | ||
114 | - CPPFLAGS="$CPPFLAGS $LDNS_INCLUDES" | ||
115 | - | ||
116 | - AC_MSG_CHECKING([for ldns version not $1.$2.$3]) | ||
117 | - CHECK_LDNS_VERSION=m4_format(0x%02x%02x%02x, $1, $2, $3) | ||
118 | - AC_LANG_PUSH([C]) | ||
119 | - AC_RUN_IFELSE([ | ||
120 | - AC_LANG_SOURCE([[ | ||
121 | - #include <ldns/ldns.h> | ||
122 | - int main() | ||
123 | - { | ||
124 | - #ifdef LDNS_REVISION | ||
125 | - if (LDNS_REVISION != $CHECK_LDNS_VERSION) | ||
126 | - return 0; | ||
127 | - #endif | ||
128 | - return 1; | ||
129 | - } | ||
130 | - ]]) | ||
131 | - ],[ | ||
132 | - AC_MSG_RESULT([ok]) | ||
133 | - ],[ | ||
134 | - AC_MSG_RESULT([no]) | ||
135 | - AC_MSG_ERROR([ldns version $1.$2.$3 is not compatible due to $4]) | ||
136 | - ],[]) | ||
137 | - AC_LANG_POP([C]) | ||
138 | - | ||
139 | - CPPFLAGS=$tmp_CPPFLAGS | ||
140 | +AU_ALIAS([CHECK_LDNS], [ACX_LDNS]) | ||
141 | +AC_DEFUN([ACX_LDNS], [ | ||
142 | + found=false | ||
143 | + AC_ARG_WITH([ldns], | ||
144 | + [AS_HELP_STRING([--with-ldns=DIR], | ||
145 | + [root of the lnds directory])], | ||
146 | + [ | ||
147 | + case "$withval" in | ||
148 | + "" | y | ye | yes | n | no) | ||
149 | + AC_MSG_ERROR([Invalid --with-lnds value]) | ||
150 | + ;; | ||
151 | + *) ldnsdirs="$withval" | ||
152 | + ;; | ||
153 | + esac | ||
154 | + ], [ | ||
155 | + # if pkg-config is installed and lnds has installed a .pc file, | ||
156 | + # then use that information and don't search ldnsdirs | ||
157 | + AC_CHECK_TOOL([PKG_CONFIG], [pkg-config]) | ||
158 | + if test x"$PKG_CONFIG" != x""; then | ||
159 | + OPENSSL_LDFLAGS=`$PKG_CONFIG ldns --libs-only-L 2>/dev/null` | ||
160 | + if test $? = 0; then | ||
161 | + LDNS_LIBS=`$PKG_CONFIG ldns --libs-only-l 2>/dev/null` | ||
162 | + LDNS_INCLUDES=`$PKG_CONFIG ldns --cflags-only-I 2>/dev/null` | ||
163 | + found=true | ||
164 | + fi | ||
165 | + fi | ||
166 | + | ||
167 | + # no such luck; use some default ldnsdirs | ||
168 | + if ! $found; then | ||
169 | + ldnsdirs="/usr/local/ldns /usr/lib/ldns /usr/ldns /usr/local /usr" | ||
170 | + fi | ||
171 | + ] | ||
172 | + ) | ||
173 | + | ||
174 | + | ||
175 | + if ! $found; then | ||
176 | + LDNS_INCLUDES= | ||
177 | + for ldnsdir in $ldnsdirs; do | ||
178 | + AC_MSG_CHECKING([for LDNS in $ldnsdir]) | ||
179 | + if test -f "$ldnsdir/include/ldns/dnssec.h"; then | ||
180 | + LDNS_INCLUDES="-I$ldnsdir/include" | ||
181 | + LDNS_LDFLAGS="-L$ldnsdir/lib" | ||
182 | + LDNS_LIBS="-lldns" | ||
183 | + found=true | ||
184 | + AC_MSG_RESULT([yes]) | ||
185 | + break | ||
186 | + else | ||
187 | + AC_MSG_RESULT([no]) | ||
188 | + fi | ||
189 | + done | ||
190 | + | ||
191 | + # if the file wasn't found, well, go ahead and try the link anyway -- maybe | ||
192 | + # it will just work! | ||
193 | + fi | ||
194 | + | ||
195 | + LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS" | ||
196 | + LIBS="$LDNS_LIBS $LIBS" | ||
197 | + CPPFLAGS="$LDNS_INCLUDES $CPPFLAGS" | ||
198 | + | ||
199 | + AC_SUBST([LDNS_INCLUDES]) | ||
200 | + AC_SUBST([LDNS_LIBS]) | ||
201 | + AC_SUBST([LDNS_LDFLAGS]) | ||
202 | ]) | ||
203 | Index: opendnssec-2.1.6/configure.ac | ||
204 | =================================================================== | ||
205 | --- opendnssec-2.1.6.orig/configure.ac | ||
206 | +++ opendnssec-2.1.6/configure.ac | ||
207 | @@ -138,9 +138,7 @@ AC_CHECK_MEMBER([struct sockaddr_un.sun_ | ||
208 | |||
209 | # common dependencies | ||
210 | ACX_LIBXML2 | ||
211 | -ACX_LDNS(1,6,17) | ||
212 | -ACX_LDNS_NOT(1,6,14, [binary incompatibility, see http://open.nlnetlabs.nl/pipermail/ldns-users/2012-October/000564.html]) | ||
213 | -ACX_LDNS_NOT(1,6,15, [fail to create NSEC3 bitmap for empty non-terminals, see http://www.nlnetlabs.nl/pipermail/ldns-users/2012-November/000565.html]) | ||
214 | +ACX_LDNS(1.6.17) | ||
215 | ACX_PKCS11_MODULES | ||
216 | ACX_RT | ||
217 | ACX_LIBC | ||
diff --git a/recipes-security/opendnssec/files/libxml2_conf.patch b/recipes-security/opendnssec/files/libxml2_conf.patch new file mode 100644 index 0000000..b4ed430 --- /dev/null +++ b/recipes-security/opendnssec/files/libxml2_conf.patch | |||
@@ -0,0 +1,112 @@ | |||
1 | configure does not work with OE pkg-config for the libxml2 option | ||
2 | |||
3 | Upstream-Status: OE specific | ||
4 | |||
5 | Signed-off-by: Armin Kuster <akuster808@gmail.com> | ||
6 | |||
7 | Index: opendnssec-2.1.6/m4/acx_libxml2.m4 | ||
8 | =================================================================== | ||
9 | --- opendnssec-2.1.6.orig/m4/acx_libxml2.m4 | ||
10 | +++ opendnssec-2.1.6/m4/acx_libxml2.m4 | ||
11 | @@ -1,37 +1,67 @@ | ||
12 | +#serial 11 | ||
13 | +AU_ALIAS([CHECK_XML2], [ACX_LIBXML2]) | ||
14 | AC_DEFUN([ACX_LIBXML2],[ | ||
15 | - AC_ARG_WITH(libxml2, | ||
16 | - [AS_HELP_STRING([--with-libxml2=DIR],[look for libxml2 in this dir])], | ||
17 | - [ | ||
18 | - XML2_PATH="$withval" | ||
19 | - AC_PATH_PROGS(XML2_CONFIG, xml2-config, xml2-config, $XML2_PATH/bin) | ||
20 | - ],[ | ||
21 | - XML2_PATH="/usr/local" | ||
22 | - AC_PATH_PROGS(XML2_CONFIG, xml2-config, xml2-config, $PATH) | ||
23 | - ]) | ||
24 | - if test -x "$XML2_CONFIG" | ||
25 | - then | ||
26 | - AC_MSG_CHECKING(what are the xml2 includes) | ||
27 | - XML2_INCLUDES="`$XML2_CONFIG --cflags`" | ||
28 | - AC_MSG_RESULT($XML2_INCLUDES) | ||
29 | - | ||
30 | - AC_MSG_CHECKING(what are the xml2 libs) | ||
31 | - XML2_LIBS="`$XML2_CONFIG --libs`" | ||
32 | - AC_MSG_RESULT($XML2_LIBS) | ||
33 | - | ||
34 | - tmp_CPPFLAGS=$CPPFLAGS | ||
35 | - tmp_LIBS=$LIBS | ||
36 | - | ||
37 | - CPPFLAGS="$CPPFLAGS $XML2_INCLUDES" | ||
38 | - LIBS="$LIBS $XML2_LIBS" | ||
39 | - | ||
40 | - AC_CHECK_LIB(xml2, xmlDocGetRootElement,,[AC_MSG_ERROR([Can't find libxml2 library])]) | ||
41 | - | ||
42 | - CPPFLAGS=$tmp_CPPFLAGS | ||
43 | - LIBS=$tmp_LIBS | ||
44 | - else | ||
45 | - AC_MSG_ERROR([libxml2 required, but not found.]) | ||
46 | - fi | ||
47 | + found=false | ||
48 | + AC_ARG_WITH([libxml2], | ||
49 | + [AS_HELP_STRING([--with-libxml2=DIR], | ||
50 | + [root of the libxml directory])], | ||
51 | + [ | ||
52 | + case "$withval" in | ||
53 | + "" | y | ye | yes | n | no) | ||
54 | + AC_MSG_ERROR([Invalid --with-libxml2 value]) | ||
55 | + ;; | ||
56 | + *) xml2dirs="$withval" | ||
57 | + ;; | ||
58 | + esac | ||
59 | + ], [ | ||
60 | + # if pkg-config is installed and openssl has installed a .pc file, | ||
61 | + # then use that information and don't search ssldirs | ||
62 | + AC_CHECK_TOOL([PKG_CONFIG], [pkg-config]) | ||
63 | + if test x"$PKG_CONFIG" != x""; then | ||
64 | + XML2_LDFLAGS=`$PKG_CONFIG libxml-2.0 --libs-only-L 2>/dev/null` | ||
65 | + if test $? = 0; then | ||
66 | + XML2_LIBS=`$PKG_CONFIG libxml-2.0 --libs-only-l 2>/dev/null` | ||
67 | + XML2_INCLUDES=`$PKG_CONFIG libxml-2.0 --cflags-only-I 2>/dev/null` | ||
68 | + found=true | ||
69 | + fi | ||
70 | + fi | ||
71 | |||
72 | - AC_SUBST(XML2_INCLUDES) | ||
73 | - AC_SUBST(XML2_LIBS) | ||
74 | + # no such luck; use some default ssldirs | ||
75 | + if ! $found; then | ||
76 | + xml2dirs="/usr/local/libxml /usr/lib/libxml /usr/libxml /usr/pkg /usr/local /usr" | ||
77 | + fi | ||
78 | + ] | ||
79 | + ) | ||
80 | + | ||
81 | + | ||
82 | + # note that we #include <libxml/tree.h>, so the libxml2 headers have to be in | ||
83 | + # an 'libxml' subdirectory | ||
84 | + | ||
85 | + if ! $found; then | ||
86 | + XML2_INCLUDES= | ||
87 | + for xml2dir in $xml2dirs; do | ||
88 | + AC_MSG_CHECKING([for XML2 in $xml2dir]) | ||
89 | + if test -f "$xml2dir/include/libxml2/libxml/tree.h"; then | ||
90 | + XML2_INCLUDES="-I$xml2dir/include/libxml2" | ||
91 | + XML2_LDFLAGS="-L$xml2dir/lib" | ||
92 | + XML2_LIBS="-lxml2" | ||
93 | + found=true | ||
94 | + AC_MSG_RESULT([yes]) | ||
95 | + break | ||
96 | + else | ||
97 | + AC_MSG_RESULT([no]) | ||
98 | + fi | ||
99 | + done | ||
100 | + | ||
101 | + # if the file wasn't found, well, go ahead and try the link anyway -- maybe | ||
102 | + # it will just work! | ||
103 | + fi | ||
104 | + | ||
105 | + LDFLAGS="$LDFLAGS $XML2_LDFLAGS" | ||
106 | + LIBS="$XML2_LIBS $LIBS" | ||
107 | + CPPFLAGS="$XML2_INCLUDES $CPPFLAGS" | ||
108 | + | ||
109 | + AC_SUBST(XML2_INCLUDES) | ||
110 | + AC_SUBST(XML2_LIBS) | ||
111 | + AC_SUBST(XML2_LDFLAGS) | ||
112 | ]) | ||
diff --git a/recipes-security/opendnssec/opendnssec_2.1.6.bb b/recipes-security/opendnssec/opendnssec_2.1.6.bb new file mode 100644 index 0000000..5e42ca8 --- /dev/null +++ b/recipes-security/opendnssec/opendnssec_2.1.6.bb | |||
@@ -0,0 +1,37 @@ | |||
1 | SUMMARY = "OpenDNSSEC is a policy-based zone signer that automates the process of keeping track of DNSSEC keys and the signing of zones" | ||
2 | |||
3 | LICENSE = "BSD" | ||
4 | LIC_FILES_CHKSUM = "file://LICENSE;md5=b041dbe2da80d4efd951393fbba90937" | ||
5 | |||
6 | DEPENDS = "libxml2 openssl ldns libmicrohttpd jansson libyaml " | ||
7 | |||
8 | SRC_URI = "git://github.com/opendnssec/opendnssec;branch=develop \ | ||
9 | file://libxml2_conf.patch \ | ||
10 | file://libdns_conf_fix.patch \ | ||
11 | file://fix_fprint.patch \ | ||
12 | " | ||
13 | |||
14 | SRCREV = "5876bccb38428790e2e9afc806ca68b029879874" | ||
15 | |||
16 | inherit autotools pkgconfig perlnative | ||
17 | |||
18 | S = "${WORKDIR}/git" | ||
19 | |||
20 | EXTRA_OECONF = " --with-libxml2=${STAGING_DIR_HOST}/usr --with-ldns=${STAGING_DIR_HOST}/usr \ | ||
21 | --with-ssl=${STAGING_DIR_HOST}/usr " | ||
22 | |||
23 | CFLAGS += "-fcommon" | ||
24 | |||
25 | PACKAGECONFIG ?= "sqlite3" | ||
26 | |||
27 | PACKAGECONFIG[cunit] = "--with-cunit=${STAGING_DIR_HOST}/usr, --without-cunit," | ||
28 | PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_DIR_HOST}/usr, ,sqlite3, sqlite3" | ||
29 | PACKAGECONFIG[mysql] = "--with-mysql=yes, , mariadb, mariadb" | ||
30 | PACKAGECONFIG[readline] = "--with-readline, --without-readline, readline" | ||
31 | PACKAGECONFIG[unwind] = "--with-libunwind, --without-libunwind" | ||
32 | |||
33 | do_install_append () { | ||
34 | rm -rf ${D}${localstatedir}/run | ||
35 | } | ||
36 | |||
37 | RDEPENDS_${PN} = "softhsm" | ||