opendnssec: add recipe

Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2020-09-28 08:56:46 -0700
committer: Armin Kuster <akuster808@gmail.com> 2020-09-29 07:18:24 -0700
commit: 524a44f6d5c7b2fad220fc1b7169dc01609fa7d9 (patch)
tree: 32b5f8bb4bfa4a46d7dbdfac40096e2d150ec7d9 /recipes-security
parent: 904b0cbd33fd6e6bc0488677bfb7f8ac575c13fc (diff)
download: meta-security-524a44f6d5c7b2fad220fc1b7169dc01609fa7d9.tar.gz
4 files changed, 391 insertions, 0 deletions
diff --git a/recipes-security/opendnssec/files/fix_fprint.patch b/recipes-security/opendnssec/files/fix_fprint.patch
new file mode 100644
index 0000000..da0bcfe
--- /dev/null
+++ b/recipes-security/opendnssec/files/fix_fprint.patch
@@ -0,0 +1,25 @@
+format not a string literal and no format arguments
+missing module_str in call
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+../../../git/enforcer/src/keystate/keystate_ds.c:192:7: error: format not a string literal and no format arguments [-Werror=format-security]
+|   192 |       ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds);
+|       |       ^~~~~~~~~~~~~~~~~~~~~~~~
+Index: git/enforcer/src/keystate/keystate_ds.c
+===================================================================
+--- git.orig/enforcer/src/keystate/keystate_ds.c
+++ git/enforcer/src/keystate/keystate_ds.c
+@@ -189,7 +189,7 @@ exec_dnskey_by_id(int sockfd, struct dbw
+                                                status = 0;
+                                        }
+                                        else {
+-                                               ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds);
+                                               ods_log_error_and_printf(sockfd, module_str, "Failed to run %s", cp_ds);
+                                                 status = 7;
+                                        }
+                                }
diff --git a/recipes-security/opendnssec/files/libdns_conf_fix.patch b/recipes-security/opendnssec/files/libdns_conf_fix.patch
new file mode 100644
index 0000000..126e197
--- /dev/null
+++ b/recipes-security/opendnssec/files/libdns_conf_fix.patch
@@ -0,0 +1,217 @@
+Configure does not work with OE pkg-config for the ldns option
+Upstream-Status: OE specific
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+Index: opendnssec-2.1.6/m4/acx_ldns.m4
+===================================================================
+--- opendnssec-2.1.6.orig/m4/acx_ldns.m4
+++ opendnssec-2.1.6/m4/acx_ldns.m4
+@@ -1,128 +1,65 @@
+-AC_DEFUN([ACX_LDNS],[
+-       AC_ARG_WITH(ldns, 
+-               [AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
+-               [
+-                       LDNS_PATH="$withval"
+-                       AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin)
+-               ],[
+-                       LDNS_PATH="/usr/local"
+-                       AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $PATH)
+-               ])
+-
+-       if test -x "$LDNS_CONFIG"
+-       then
+-               AC_MSG_CHECKING(what are the ldns includes)
+-               LDNS_INCLUDES="`$LDNS_CONFIG --cflags`"
+-               AC_MSG_RESULT($LDNS_INCLUDES)
+-
+-               AC_MSG_CHECKING(what are the ldns libs)
+-               LDNS_LIBS="`$LDNS_CONFIG --libs`"
+-               AC_MSG_RESULT($LDNS_LIBS)
+-       else
+-               AC_MSG_CHECKING(what are the ldns includes)
+-               LDNS_INCLUDES="-I$LDNS_PATH/include"
+-               AC_MSG_RESULT($LDNS_INCLUDES)
+-
+-               AC_MSG_CHECKING(what are the ldns libs)
+-               LDNS_LIBS="-L$LDNS_PATH/lib -lldns"
+-               AC_MSG_RESULT($LDNS_LIBS)
+-       fi
+-
+-       tmp_CPPFLAGS=$CPPFLAGS
+-       tmp_LIBS=$LIBS
+-
+-       CPPFLAGS="$CPPFLAGS $LDNS_INCLUDES"
+-       LIBS="$LIBS $LDNS_LIBS"
+-
+-       AC_CHECK_LIB(ldns, ldns_rr_new,,[AC_MSG_ERROR([Can't find ldns library])])
+-       LIBS=$tmp_LIBS
+-
+-       AC_MSG_CHECKING([for ldns version])
+-       CHECK_LDNS_VERSION=m4_format(0x%02x%02x%02x, $1, $2, $3)
+-       AC_LANG_PUSH([C])
+-       AC_RUN_IFELSE([
+-               AC_LANG_SOURCE([[
+-                       #include <ldns/ldns.h>
+-                       int main()
+-                       {
+-                       #ifdef LDNS_REVISION
+-                               if (LDNS_REVISION >= $CHECK_LDNS_VERSION)
+-                                       return 0;
+-                       #endif
+-                               return 1;
+-                       }
+-               ]])
+-       ],[
+-               AC_MSG_RESULT([>= $1.$2.$3])
+-       ],[
+-               AC_MSG_RESULT([< $1.$2.$3])
+-               AC_MSG_ERROR([ldns library too old ($1.$2.$3 or later required)])
+-       ],[])
+-       AC_LANG_POP([C])
+#serial 11
+ 
+-       CPPFLAGS=$tmp_CPPFLAGS
+-
+-       AC_SUBST(LDNS_INCLUDES)
+-       AC_SUBST(LDNS_LIBS)
+-])
+-
+-
+-AC_DEFUN([ACX_LDNS_NOT],[
+-       AC_ARG_WITH(ldns, 
+-               [AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
+-               [
+-                       LDNS_PATH="$withval"
+-                       AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin)
+-               ],[
+-                       LDNS_PATH="/usr/local"
+-                       AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $PATH)
+-               ])
+-
+-       if test -x "$LDNS_CONFIG"
+-       then
+-               AC_MSG_CHECKING(what are the ldns includes)
+-               LDNS_INCLUDES="`$LDNS_CONFIG --cflags`"
+-               AC_MSG_RESULT($LDNS_INCLUDES)
+-
+-               AC_MSG_CHECKING(what are the ldns libs)
+-               LDNS_LIBS="`$LDNS_CONFIG --libs`"
+-               AC_MSG_RESULT($LDNS_LIBS)
+-       else
+-               AC_MSG_CHECKING(what are the ldns includes)
+-               LDNS_INCLUDES="-I$LDNS_PATH/include"
+-               AC_MSG_RESULT($LDNS_INCLUDES)
+-
+-               AC_MSG_CHECKING(what are the ldns libs)
+-               LDNS_LIBS="-L$LDNS_PATH/lib -lldns"
+-               AC_MSG_RESULT($LDNS_LIBS)
+-       fi
+-
+-       tmp_CPPFLAGS=$CPPFLAGS
+-
+-       CPPFLAGS="$CPPFLAGS $LDNS_INCLUDES"
+-
+-       AC_MSG_CHECKING([for ldns version not $1.$2.$3])
+-       CHECK_LDNS_VERSION=m4_format(0x%02x%02x%02x, $1, $2, $3)
+-       AC_LANG_PUSH([C])
+-       AC_RUN_IFELSE([
+-       AC_LANG_SOURCE([[
+-               #include <ldns/ldns.h>
+-               int main()
+-               {
+-               #ifdef LDNS_REVISION
+-                       if (LDNS_REVISION != $CHECK_LDNS_VERSION)
+-                               return 0;
+-               #endif
+-                       return 1;
+-               }
+-               ]])
+-       ],[
+-               AC_MSG_RESULT([ok])
+-       ],[
+-               AC_MSG_RESULT([no])
+-               AC_MSG_ERROR([ldns version $1.$2.$3 is not compatible due to $4])
+-       ],[])
+-       AC_LANG_POP([C])
+-
+-       CPPFLAGS=$tmp_CPPFLAGS
+AU_ALIAS([CHECK_LDNS], [ACX_LDNS])
+AC_DEFUN([ACX_LDNS], [
+    found=false
+    AC_ARG_WITH([ldns],
+        [AS_HELP_STRING([--with-ldns=DIR],
+            [root of the lnds directory])],
+        [
+            case "$withval" in
+            "" | y | ye | yes | n | no)
+            AC_MSG_ERROR([Invalid --with-lnds value])
+              ;;
+            *) ldnsdirs="$withval"
+              ;;
+            esac
+        ], [
+            # if pkg-config is installed and lnds has installed a .pc file,
+            # then use that information and don't search ldnsdirs
+            AC_CHECK_TOOL([PKG_CONFIG], [pkg-config])
+            if test x"$PKG_CONFIG" != x""; then
+                OPENSSL_LDFLAGS=`$PKG_CONFIG ldns --libs-only-L 2>/dev/null`
+                if test $? = 0; then
+                    LDNS_LIBS=`$PKG_CONFIG ldns --libs-only-l 2>/dev/null`
+                    LDNS_INCLUDES=`$PKG_CONFIG ldns --cflags-only-I 2>/dev/null`
+                    found=true
+                fi
+            fi
+
+            # no such luck; use some default ldnsdirs
+            if ! $found; then
+                ldnsdirs="/usr/local/ldns /usr/lib/ldns /usr/ldns  /usr/local /usr"
+            fi
+        ]
+        )
+
+
+    if ! $found; then
+        LDNS_INCLUDES=
+        for ldnsdir in $ldnsdirs; do
+            AC_MSG_CHECKING([for LDNS in $ldnsdir])
+            if test -f "$ldnsdir/include/ldns/dnssec.h"; then
+                LDNS_INCLUDES="-I$ldnsdir/include"
+                LDNS_LDFLAGS="-L$ldnsdir/lib"
+                LDNS_LIBS="-lldns"
+                found=true
+                AC_MSG_RESULT([yes])
+                break
+            else
+                AC_MSG_RESULT([no])
+            fi
+        done
+
+        # if the file wasn't found, well, go ahead and try the link anyway -- maybe
+        # it will just work!
+    fi
+
+    LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
+    LIBS="$LDNS_LIBS $LIBS"
+    CPPFLAGS="$LDNS_INCLUDES $CPPFLAGS"
+
+    AC_SUBST([LDNS_INCLUDES])
+    AC_SUBST([LDNS_LIBS])
+    AC_SUBST([LDNS_LDFLAGS])
+ ])
+Index: opendnssec-2.1.6/configure.ac
+===================================================================
+--- opendnssec-2.1.6.orig/configure.ac
+++ opendnssec-2.1.6/configure.ac
+@@ -138,9 +138,7 @@ AC_CHECK_MEMBER([struct sockaddr_un.sun_
+ 
+ # common dependencies
+ ACX_LIBXML2
+-ACX_LDNS(1,6,17)
+-ACX_LDNS_NOT(1,6,14, [binary incompatibility, see http://open.nlnetlabs.nl/pipermail/ldns-users/2012-October/000564.html])
+-ACX_LDNS_NOT(1,6,15, [fail to create NSEC3 bitmap for empty non-terminals, see http://www.nlnetlabs.nl/pipermail/ldns-users/2012-November/000565.html])
+ACX_LDNS(1.6.17)
+ ACX_PKCS11_MODULES
+ ACX_RT
+ ACX_LIBC
diff --git a/recipes-security/opendnssec/files/libxml2_conf.patch b/recipes-security/opendnssec/files/libxml2_conf.patch
new file mode 100644
index 0000000..b4ed430
--- /dev/null
+++ b/recipes-security/opendnssec/files/libxml2_conf.patch
@@ -0,0 +1,112 @@
+configure does not work with OE pkg-config for the libxml2 option
+Upstream-Status: OE specific
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+Index: opendnssec-2.1.6/m4/acx_libxml2.m4
+===================================================================
+--- opendnssec-2.1.6.orig/m4/acx_libxml2.m4
+++ opendnssec-2.1.6/m4/acx_libxml2.m4
+@@ -1,37 +1,67 @@
+#serial 11
+AU_ALIAS([CHECK_XML2], [ACX_LIBXML2])
+ AC_DEFUN([ACX_LIBXML2],[
+-       AC_ARG_WITH(libxml2,
+-               [AS_HELP_STRING([--with-libxml2=DIR],[look for libxml2 in this dir])],
+-               [
+-                       XML2_PATH="$withval"
+-                       AC_PATH_PROGS(XML2_CONFIG, xml2-config, xml2-config, $XML2_PATH/bin)
+-               ],[
+-                       XML2_PATH="/usr/local"
+-                       AC_PATH_PROGS(XML2_CONFIG, xml2-config, xml2-config, $PATH)
+-               ])
+-       if test -x "$XML2_CONFIG"
+-       then
+-               AC_MSG_CHECKING(what are the xml2 includes)
+-               XML2_INCLUDES="`$XML2_CONFIG --cflags`"
+-               AC_MSG_RESULT($XML2_INCLUDES)
+-
+-               AC_MSG_CHECKING(what are the xml2 libs)
+-               XML2_LIBS="`$XML2_CONFIG --libs`"
+-               AC_MSG_RESULT($XML2_LIBS)
+-
+-               tmp_CPPFLAGS=$CPPFLAGS
+-               tmp_LIBS=$LIBS
+-
+-               CPPFLAGS="$CPPFLAGS $XML2_INCLUDES"
+-               LIBS="$LIBS $XML2_LIBS"
+-
+-               AC_CHECK_LIB(xml2, xmlDocGetRootElement,,[AC_MSG_ERROR([Can't find libxml2 library])])
+-               
+-               CPPFLAGS=$tmp_CPPFLAGS
+-               LIBS=$tmp_LIBS
+-       else
+-               AC_MSG_ERROR([libxml2 required, but not found.])
+-       fi
+    found=false
+    AC_ARG_WITH([libxml2],
+        [AS_HELP_STRING([--with-libxml2=DIR],
+            [root of the libxml directory])],
+        [
+            case "$withval" in
+            "" | y | ye | yes | n | no)
+            AC_MSG_ERROR([Invalid --with-libxml2 value])
+              ;;
+            *) xml2dirs="$withval"
+              ;;
+            esac
+        ], [
+            # if pkg-config is installed and openssl has installed a .pc file,
+            # then use that information and don't search ssldirs
+            AC_CHECK_TOOL([PKG_CONFIG], [pkg-config])
+            if test x"$PKG_CONFIG" != x""; then
+                XML2_LDFLAGS=`$PKG_CONFIG libxml-2.0 --libs-only-L 2>/dev/null`
+                if test $? = 0; then
+                    XML2_LIBS=`$PKG_CONFIG libxml-2.0 --libs-only-l 2>/dev/null`
+                    XML2_INCLUDES=`$PKG_CONFIG libxml-2.0 --cflags-only-I 2>/dev/null`
+                    found=true
+                fi
+            fi
+ 
+-       AC_SUBST(XML2_INCLUDES)
+-       AC_SUBST(XML2_LIBS)
+            # no such luck; use some default ssldirs
+            if ! $found; then
+                xml2dirs="/usr/local/libxml /usr/lib/libxml /usr/libxml /usr/pkg /usr/local /usr"
+            fi
+        ]
+        )
+
+
+    # note that we #include <libxml/tree.h>, so the libxml2 headers have to be in
+    # an 'libxml' subdirectory
+
+    if ! $found; then
+        XML2_INCLUDES=
+        for xml2dir in $xml2dirs; do
+            AC_MSG_CHECKING([for XML2 in $xml2dir])
+            if test -f "$xml2dir/include/libxml2/libxml/tree.h"; then
+                XML2_INCLUDES="-I$xml2dir/include/libxml2"
+                XML2_LDFLAGS="-L$xml2dir/lib"
+                XML2_LIBS="-lxml2"
+                found=true
+                AC_MSG_RESULT([yes])
+                break
+            else
+                AC_MSG_RESULT([no])
+            fi
+        done
+
+        # if the file wasn't found, well, go ahead and try the link anyway -- maybe
+        # it will just work!
+    fi
+
+    LDFLAGS="$LDFLAGS $XML2_LDFLAGS"
+    LIBS="$XML2_LIBS $LIBS"
+    CPPFLAGS="$XML2_INCLUDES $CPPFLAGS"
+
+    AC_SUBST(XML2_INCLUDES)
+    AC_SUBST(XML2_LIBS)
+    AC_SUBST(XML2_LDFLAGS)
+ ])
diff --git a/recipes-security/opendnssec/opendnssec_2.1.6.bb b/recipes-security/opendnssec/opendnssec_2.1.6.bb
new file mode 100644
index 0000000..5e42ca8
--- /dev/null
+++ b/recipes-security/opendnssec/opendnssec_2.1.6.bb
@@ -0,0 +1,37 @@
+SUMMARY = "OpenDNSSEC is a policy-based zone signer that automates the process of keeping track of DNSSEC keys and the signing of zones"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b041dbe2da80d4efd951393fbba90937"
+DEPENDS = "libxml2 openssl ldns libmicrohttpd jansson libyaml "
+SRC_URI = "git://github.com/opendnssec/opendnssec;branch=develop \
+           file://libxml2_conf.patch \
+           file://libdns_conf_fix.patch \
+           file://fix_fprint.patch \
+           "
+SRCREV = "5876bccb38428790e2e9afc806ca68b029879874"
+inherit autotools pkgconfig perlnative
+S = "${WORKDIR}/git"
+EXTRA_OECONF = " --with-libxml2=${STAGING_DIR_HOST}/usr --with-ldns=${STAGING_DIR_HOST}/usr \
+                 --with-ssl=${STAGING_DIR_HOST}/usr  "
+CFLAGS += "-fcommon"
+PACKAGECONFIG ?= "sqlite3"
+PACKAGECONFIG[cunit] = "--with-cunit=${STAGING_DIR_HOST}/usr, --without-cunit,"
+PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_DIR_HOST}/usr, ,sqlite3, sqlite3"
+PACKAGECONFIG[mysql] = "--with-mysql=yes, , mariadb, mariadb"
+PACKAGECONFIG[readline]  = "--with-readline, --without-readline, readline"
+PACKAGECONFIG[unwind] = "--with-libunwind, --without-libunwind"
+do_install_append () {
+    rm -rf ${D}${localstatedir}/run
+}
+RDEPENDS_${PN} = "softhsm"
author	Armin Kuster <akuster808@gmail.com>	2020-09-28 08:56:46 -0700
committer	Armin Kuster <akuster808@gmail.com>	2020-09-29 07:18:24 -0700
commit	524a44f6d5c7b2fad220fc1b7169dc01609fa7d9 (patch)
tree	32b5f8bb4bfa4a46d7dbdfac40096e2d150ec7d9 /recipes-security
parent	904b0cbd33fd6e6bc0488677bfb7f8ac575c13fc (diff)
download	meta-security-524a44f6d5c7b2fad220fc1b7169dc01609fa7d9.tar.gz

diff --git a/recipes-security/opendnssec/files/fix_fprint.patch b/recipes-security/opendnssec/files/fix_fprint.patch new file mode 100644 index 0000000..da0bcfe --- /dev/null +++ b/recipes-security/opendnssec/files/fix_fprint.patch
@@ -0,0 +1,25 @@
	1	format not a string literal and no format arguments
	2
	3	missing module_str in call
	4
	5	Upstream-Status: Pending
	6	Signed-off-by: Armin Kuster <akuster808@gmail.com>
	7
	8	../../../git/enforcer/src/keystate/keystate_ds.c:192:7: error: format not a string literal and no format arguments [-Werror=format-security]
	9	\| 192 \| ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds);
	10	\| \| ^~~~~~~~~~~~~~~~~~~~~~~~
	11
	12
	13	Index: git/enforcer/src/keystate/keystate_ds.c
	14	===================================================================
	15	--- git.orig/enforcer/src/keystate/keystate_ds.c
	16	+++ git/enforcer/src/keystate/keystate_ds.c
	17	@@ -189,7 +189,7 @@ exec_dnskey_by_id(int sockfd, struct dbw
	18	status = 0;
	19	}
	20	else {
	21	- ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds);
	22	+ ods_log_error_and_printf(sockfd, module_str, "Failed to run %s", cp_ds);
	23	status = 7;
	24	}
	25	}


diff --git a/recipes-security/opendnssec/files/libdns_conf_fix.patch b/recipes-security/opendnssec/files/libdns_conf_fix.patch new file mode 100644 index 0000000..126e197 --- /dev/null +++ b/recipes-security/opendnssec/files/libdns_conf_fix.patch
@@ -0,0 +1,217 @@
	1	Configure does not work with OE pkg-config for the ldns option
	2
	3	Upstream-Status: OE specific
	4
	5	Signed-off-by: Armin Kuster <akuster808@gmail.com>
	6
	7	Index: opendnssec-2.1.6/m4/acx_ldns.m4
	8	===================================================================
	9	--- opendnssec-2.1.6.orig/m4/acx_ldns.m4
	10	+++ opendnssec-2.1.6/m4/acx_ldns.m4
	11	@@ -1,128 +1,65 @@
	12	-AC_DEFUN([ACX_LDNS],[
	13	- AC_ARG_WITH(ldns,
	14	- [AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
	15	- [
	16	- LDNS_PATH="$withval"
	17	- AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin)
	18	- ],[
	19	- LDNS_PATH="/usr/local"
	20	- AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $PATH)
	21	- ])
	22	-
	23	- if test -x "$LDNS_CONFIG"
	24	- then
	25	- AC_MSG_CHECKING(what are the ldns includes)
	26	- LDNS_INCLUDES="`$LDNS_CONFIG --cflags`"
	27	- AC_MSG_RESULT($LDNS_INCLUDES)
	28	-
	29	- AC_MSG_CHECKING(what are the ldns libs)
	30	- LDNS_LIBS="`$LDNS_CONFIG --libs`"
	31	- AC_MSG_RESULT($LDNS_LIBS)
	32	- else
	33	- AC_MSG_CHECKING(what are the ldns includes)
	34	- LDNS_INCLUDES="-I$LDNS_PATH/include"
	35	- AC_MSG_RESULT($LDNS_INCLUDES)
	36	-
	37	- AC_MSG_CHECKING(what are the ldns libs)
	38	- LDNS_LIBS="-L$LDNS_PATH/lib -lldns"
	39	- AC_MSG_RESULT($LDNS_LIBS)
	40	- fi
	41	-
	42	- tmp_CPPFLAGS=$CPPFLAGS
	43	- tmp_LIBS=$LIBS
	44	-
	45	- CPPFLAGS="$CPPFLAGS $LDNS_INCLUDES"
	46	- LIBS="$LIBS $LDNS_LIBS"
	47	-
	48	- AC_CHECK_LIB(ldns, ldns_rr_new,,[AC_MSG_ERROR([Can't find ldns library])])
	49	- LIBS=$tmp_LIBS
	50	-
	51	- AC_MSG_CHECKING([for ldns version])
	52	- CHECK_LDNS_VERSION=m4_format(0x%02x%02x%02x, $1, $2, $3)
	53	- AC_LANG_PUSH([C])
	54	- AC_RUN_IFELSE([
	55	- AC_LANG_SOURCE([[
	56	- #include <ldns/ldns.h>
	57	- int main()
	58	- {
	59	- #ifdef LDNS_REVISION
	60	- if (LDNS_REVISION >= $CHECK_LDNS_VERSION)
	61	- return 0;
	62	- #endif
	63	- return 1;
	64	- }
	65	- ]])
	66	- ],[
	67	- AC_MSG_RESULT([>= $1.$2.$3])
	68	- ],[
	69	- AC_MSG_RESULT([< $1.$2.$3])
	70	- AC_MSG_ERROR([ldns library too old ($1.$2.$3 or later required)])
	71	- ],[])
	72	- AC_LANG_POP([C])
	73	+#serial 11
	74
	75	- CPPFLAGS=$tmp_CPPFLAGS
	76	-
	77	- AC_SUBST(LDNS_INCLUDES)
	78	- AC_SUBST(LDNS_LIBS)
	79	-])
	80	-
	81	-
	82	-AC_DEFUN([ACX_LDNS_NOT],[
	83	- AC_ARG_WITH(ldns,
	84	- [AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
	85	- [
	86	- LDNS_PATH="$withval"
	87	- AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin)
	88	- ],[
	89	- LDNS_PATH="/usr/local"
	90	- AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $PATH)
	91	- ])
	92	-
	93	- if test -x "$LDNS_CONFIG"
	94	- then
	95	- AC_MSG_CHECKING(what are the ldns includes)
	96	- LDNS_INCLUDES="`$LDNS_CONFIG --cflags`"
	97	- AC_MSG_RESULT($LDNS_INCLUDES)
	98	-
	99	- AC_MSG_CHECKING(what are the ldns libs)
	100	- LDNS_LIBS="`$LDNS_CONFIG --libs`"
	101	- AC_MSG_RESULT($LDNS_LIBS)
	102	- else
	103	- AC_MSG_CHECKING(what are the ldns includes)
	104	- LDNS_INCLUDES="-I$LDNS_PATH/include"
	105	- AC_MSG_RESULT($LDNS_INCLUDES)
	106	-
	107	- AC_MSG_CHECKING(what are the ldns libs)
	108	- LDNS_LIBS="-L$LDNS_PATH/lib -lldns"
	109	- AC_MSG_RESULT($LDNS_LIBS)
	110	- fi
	111	-
	112	- tmp_CPPFLAGS=$CPPFLAGS
	113	-
	114	- CPPFLAGS="$CPPFLAGS $LDNS_INCLUDES"
	115	-
	116	- AC_MSG_CHECKING([for ldns version not $1.$2.$3])
	117	- CHECK_LDNS_VERSION=m4_format(0x%02x%02x%02x, $1, $2, $3)
	118	- AC_LANG_PUSH([C])
	119	- AC_RUN_IFELSE([
	120	- AC_LANG_SOURCE([[
	121	- #include <ldns/ldns.h>
	122	- int main()
	123	- {
	124	- #ifdef LDNS_REVISION
	125	- if (LDNS_REVISION != $CHECK_LDNS_VERSION)
	126	- return 0;
	127	- #endif
	128	- return 1;
	129	- }
	130	- ]])
	131	- ],[
	132	- AC_MSG_RESULT([ok])
	133	- ],[
	134	- AC_MSG_RESULT([no])
	135	- AC_MSG_ERROR([ldns version $1.$2.$3 is not compatible due to $4])
	136	- ],[])
	137	- AC_LANG_POP([C])
	138	-
	139	- CPPFLAGS=$tmp_CPPFLAGS
	140	+AU_ALIAS([CHECK_LDNS], [ACX_LDNS])
	141	+AC_DEFUN([ACX_LDNS], [
	142	+ found=false
	143	+ AC_ARG_WITH([ldns],
	144	+ [AS_HELP_STRING([--with-ldns=DIR],
	145	+ [root of the lnds directory])],
	146	+ [
	147	+ case "$withval" in
	148	+ "" \| y \| ye \| yes \| n \| no)
	149	+ AC_MSG_ERROR([Invalid --with-lnds value])
	150	+ ;;
	151	+ *) ldnsdirs="$withval"
	152	+ ;;
	153	+ esac
	154	+ ], [
	155	+ # if pkg-config is installed and lnds has installed a .pc file,
	156	+ # then use that information and don't search ldnsdirs
	157	+ AC_CHECK_TOOL([PKG_CONFIG], [pkg-config])
	158	+ if test x"$PKG_CONFIG" != x""; then
	159	+ OPENSSL_LDFLAGS=`$PKG_CONFIG ldns --libs-only-L 2>/dev/null`
	160	+ if test $? = 0; then
	161	+ LDNS_LIBS=`$PKG_CONFIG ldns --libs-only-l 2>/dev/null`
	162	+ LDNS_INCLUDES=`$PKG_CONFIG ldns --cflags-only-I 2>/dev/null`
	163	+ found=true
	164	+ fi
	165	+ fi
	166	+
	167	+ # no such luck; use some default ldnsdirs
	168	+ if ! $found; then
	169	+ ldnsdirs="/usr/local/ldns /usr/lib/ldns /usr/ldns /usr/local /usr"
	170	+ fi
	171	+ ]
	172	+ )
	173	+
	174	+
	175	+ if ! $found; then
	176	+ LDNS_INCLUDES=
	177	+ for ldnsdir in $ldnsdirs; do
	178	+ AC_MSG_CHECKING([for LDNS in $ldnsdir])
	179	+ if test -f "$ldnsdir/include/ldns/dnssec.h"; then
	180	+ LDNS_INCLUDES="-I$ldnsdir/include"
	181	+ LDNS_LDFLAGS="-L$ldnsdir/lib"
	182	+ LDNS_LIBS="-lldns"
	183	+ found=true
	184	+ AC_MSG_RESULT([yes])
	185	+ break
	186	+ else
	187	+ AC_MSG_RESULT([no])
	188	+ fi
	189	+ done
	190	+
	191	+ # if the file wasn't found, well, go ahead and try the link anyway -- maybe
	192	+ # it will just work!
	193	+ fi
	194	+
	195	+ LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
	196	+ LIBS="$LDNS_LIBS $LIBS"
	197	+ CPPFLAGS="$LDNS_INCLUDES $CPPFLAGS"
	198	+
	199	+ AC_SUBST([LDNS_INCLUDES])
	200	+ AC_SUBST([LDNS_LIBS])
	201	+ AC_SUBST([LDNS_LDFLAGS])
	202	])
	203	Index: opendnssec-2.1.6/configure.ac
	204	===================================================================
	205	--- opendnssec-2.1.6.orig/configure.ac
	206	+++ opendnssec-2.1.6/configure.ac
	207	@@ -138,9 +138,7 @@ AC_CHECK_MEMBER([struct sockaddr_un.sun_
	208
	209	# common dependencies
	210	ACX_LIBXML2
	211	-ACX_LDNS(1,6,17)
	212	-ACX_LDNS_NOT(1,6,14, [binary incompatibility, see http://open.nlnetlabs.nl/pipermail/ldns-users/2012-October/000564.html])
	213	-ACX_LDNS_NOT(1,6,15, [fail to create NSEC3 bitmap for empty non-terminals, see http://www.nlnetlabs.nl/pipermail/ldns-users/2012-November/000565.html])
	214	+ACX_LDNS(1.6.17)
	215	ACX_PKCS11_MODULES
	216	ACX_RT
	217	ACX_LIBC


diff --git a/recipes-security/opendnssec/files/libxml2_conf.patch b/recipes-security/opendnssec/files/libxml2_conf.patch new file mode 100644 index 0000000..b4ed430 --- /dev/null +++ b/recipes-security/opendnssec/files/libxml2_conf.patch
@@ -0,0 +1,112 @@
	1	configure does not work with OE pkg-config for the libxml2 option
	2
	3	Upstream-Status: OE specific
	4
	5	Signed-off-by: Armin Kuster <akuster808@gmail.com>
	6
	7	Index: opendnssec-2.1.6/m4/acx_libxml2.m4
	8	===================================================================
	9	--- opendnssec-2.1.6.orig/m4/acx_libxml2.m4
	10	+++ opendnssec-2.1.6/m4/acx_libxml2.m4
	11	@@ -1,37 +1,67 @@
	12	+#serial 11
	13	+AU_ALIAS([CHECK_XML2], [ACX_LIBXML2])
	14	AC_DEFUN([ACX_LIBXML2],[
	15	- AC_ARG_WITH(libxml2,
	16	- [AS_HELP_STRING([--with-libxml2=DIR],[look for libxml2 in this dir])],
	17	- [
	18	- XML2_PATH="$withval"
	19	- AC_PATH_PROGS(XML2_CONFIG, xml2-config, xml2-config, $XML2_PATH/bin)
	20	- ],[
	21	- XML2_PATH="/usr/local"
	22	- AC_PATH_PROGS(XML2_CONFIG, xml2-config, xml2-config, $PATH)
	23	- ])
	24	- if test -x "$XML2_CONFIG"
	25	- then
	26	- AC_MSG_CHECKING(what are the xml2 includes)
	27	- XML2_INCLUDES="`$XML2_CONFIG --cflags`"
	28	- AC_MSG_RESULT($XML2_INCLUDES)
	29	-
	30	- AC_MSG_CHECKING(what are the xml2 libs)
	31	- XML2_LIBS="`$XML2_CONFIG --libs`"
	32	- AC_MSG_RESULT($XML2_LIBS)
	33	-
	34	- tmp_CPPFLAGS=$CPPFLAGS
	35	- tmp_LIBS=$LIBS
	36	-
	37	- CPPFLAGS="$CPPFLAGS $XML2_INCLUDES"
	38	- LIBS="$LIBS $XML2_LIBS"
	39	-
	40	- AC_CHECK_LIB(xml2, xmlDocGetRootElement,,[AC_MSG_ERROR([Can't find libxml2 library])])
	41	-
	42	- CPPFLAGS=$tmp_CPPFLAGS
	43	- LIBS=$tmp_LIBS
	44	- else
	45	- AC_MSG_ERROR([libxml2 required, but not found.])
	46	- fi
	47	+ found=false
	48	+ AC_ARG_WITH([libxml2],
	49	+ [AS_HELP_STRING([--with-libxml2=DIR],
	50	+ [root of the libxml directory])],
	51	+ [
	52	+ case "$withval" in
	53	+ "" \| y \| ye \| yes \| n \| no)
	54	+ AC_MSG_ERROR([Invalid --with-libxml2 value])
	55	+ ;;
	56	+ *) xml2dirs="$withval"
	57	+ ;;
	58	+ esac
	59	+ ], [
	60	+ # if pkg-config is installed and openssl has installed a .pc file,
	61	+ # then use that information and don't search ssldirs
	62	+ AC_CHECK_TOOL([PKG_CONFIG], [pkg-config])
	63	+ if test x"$PKG_CONFIG" != x""; then
	64	+ XML2_LDFLAGS=`$PKG_CONFIG libxml-2.0 --libs-only-L 2>/dev/null`
	65	+ if test $? = 0; then
	66	+ XML2_LIBS=`$PKG_CONFIG libxml-2.0 --libs-only-l 2>/dev/null`
	67	+ XML2_INCLUDES=`$PKG_CONFIG libxml-2.0 --cflags-only-I 2>/dev/null`
	68	+ found=true
	69	+ fi
	70	+ fi
	71
	72	- AC_SUBST(XML2_INCLUDES)
	73	- AC_SUBST(XML2_LIBS)
	74	+ # no such luck; use some default ssldirs
	75	+ if ! $found; then
	76	+ xml2dirs="/usr/local/libxml /usr/lib/libxml /usr/libxml /usr/pkg /usr/local /usr"
	77	+ fi
	78	+ ]
	79	+ )
	80	+
	81	+
	82	+ # note that we #include <libxml/tree.h>, so the libxml2 headers have to be in
	83	+ # an 'libxml' subdirectory
	84	+
	85	+ if ! $found; then
	86	+ XML2_INCLUDES=
	87	+ for xml2dir in $xml2dirs; do
	88	+ AC_MSG_CHECKING([for XML2 in $xml2dir])
	89	+ if test -f "$xml2dir/include/libxml2/libxml/tree.h"; then
	90	+ XML2_INCLUDES="-I$xml2dir/include/libxml2"
	91	+ XML2_LDFLAGS="-L$xml2dir/lib"
	92	+ XML2_LIBS="-lxml2"
	93	+ found=true
	94	+ AC_MSG_RESULT([yes])
	95	+ break
	96	+ else
	97	+ AC_MSG_RESULT([no])
	98	+ fi
	99	+ done
	100	+
	101	+ # if the file wasn't found, well, go ahead and try the link anyway -- maybe
	102	+ # it will just work!
	103	+ fi
	104	+
	105	+ LDFLAGS="$LDFLAGS $XML2_LDFLAGS"
	106	+ LIBS="$XML2_LIBS $LIBS"
	107	+ CPPFLAGS="$XML2_INCLUDES $CPPFLAGS"
	108	+
	109	+ AC_SUBST(XML2_INCLUDES)
	110	+ AC_SUBST(XML2_LIBS)
	111	+ AC_SUBST(XML2_LDFLAGS)
	112	])


diff --git a/recipes-security/opendnssec/opendnssec_2.1.6.bb b/recipes-security/opendnssec/opendnssec_2.1.6.bb new file mode 100644 index 0000000..5e42ca8 --- /dev/null +++ b/recipes-security/opendnssec/opendnssec_2.1.6.bb
@@ -0,0 +1,37 @@
	1	SUMMARY = "OpenDNSSEC is a policy-based zone signer that automates the process of keeping track of DNSSEC keys and the signing of zones"
	2
	3	LICENSE = "BSD"
	4	LIC_FILES_CHKSUM = "file://LICENSE;md5=b041dbe2da80d4efd951393fbba90937"
	5
	6	DEPENDS = "libxml2 openssl ldns libmicrohttpd jansson libyaml "
	7
	8	SRC_URI = "git://github.com/opendnssec/opendnssec;branch=develop \
	9	file://libxml2_conf.patch \
	10	file://libdns_conf_fix.patch \
	11	file://fix_fprint.patch \
	12	"
	13
	14	SRCREV = "5876bccb38428790e2e9afc806ca68b029879874"
	15
	16	inherit autotools pkgconfig perlnative
	17
	18	S = "${WORKDIR}/git"
	19
	20	EXTRA_OECONF = " --with-libxml2=${STAGING_DIR_HOST}/usr --with-ldns=${STAGING_DIR_HOST}/usr \
	21	--with-ssl=${STAGING_DIR_HOST}/usr "
	22
	23	CFLAGS += "-fcommon"
	24
	25	PACKAGECONFIG ?= "sqlite3"
	26
	27	PACKAGECONFIG[cunit] = "--with-cunit=${STAGING_DIR_HOST}/usr, --without-cunit,"
	28	PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_DIR_HOST}/usr, ,sqlite3, sqlite3"
	29	PACKAGECONFIG[mysql] = "--with-mysql=yes, , mariadb, mariadb"
	30	PACKAGECONFIG[readline] = "--with-readline, --without-readline, readline"
	31	PACKAGECONFIG[unwind] = "--with-libunwind, --without-libunwind"
	32
	33	do_install_append () {
	34	rm -rf ${D}${localstatedir}/run
	35	}
	36
	37	RDEPENDS_${PN} = "softhsm"