| Summary: | net-dns/bind-9.8.0 bad ssl/gost logic | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Duncan <1i5t5.duncan> |
| Component: | [OLD] Server | Assignee: | BIND Maintainers (DISABLED) <bind+disabled> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
(In reply to comment #0) > The openssl/gost logic in bind-9.8.0.ebuild is screwed up: > > src_install(), on line 235: > > if use ssl -a -e /usr/lib/engines/libgost.so; then > > 1) You are using hard-coded /usr/lib/ instead of get_libdir or the like, from > the multilib eclass. (This likely applies elsewhere in the ebuild... > pkg_config on line 347, etc, and initscripts as well.) > Right, I use get_libdir to check if we have lib64 or not. If lib64 then it'll create /usr/lib64 and also a symlink /usr/lib -> lib64 else /usr/lib only. This makes sure /usr/lib is always there and always valid to use as there is no get_libdir available for init scripts and it's IMO not worth to clone the get_libdir function for it. > 2) Regardless, I build openssl with USE=bindist so don't have libgost.so > anywhere (the openssl build logic forces it off if eliptic curve is off, which > it is due to USE=bindist), yet I end up with OPENSSL_LIBGOST=1 in > /etc/init.d/named. > > If I'm not mistaken, that -a should be &&. Think about it. As is, bash will > parse -a -e ... as part of the use ssl commandline, not as a shell AND > construct. > This has been fixed now, thanks. Re-sync in 1-2 hours and try again :) > 3) It seems to me that in the initscript, OPENSSL_LIBGOST=0 should always be > the default. The setting should then be exposed in the conf.d/named file, with > the ebuild setting the as-installed default there. (IOW, the line 235+ if/seds > should refer to an entry in "${D}/etc/conf.d/named instead, with the initscript > always defaulting to 0 for that setting, which AFAIK it already does if that > line explicitly setting it is taken out due to the ${OPENSSL_LIBGOST:-0} > logic.) I'll leave it auto detected by default but I improved this part a bit so that you're able to set OPENSSL_LIBGOST yourself in /etc/conf.d/named anyway. |
The openssl/gost logic in bind-9.8.0.ebuild is screwed up: src_install(), on line 235: if use ssl -a -e /usr/lib/engines/libgost.so; then 1) You are using hard-coded /usr/lib/ instead of get_libdir or the like, from the multilib eclass. (This likely applies elsewhere in the ebuild... pkg_config on line 347, etc, and initscripts as well.) 2) Regardless, I build openssl with USE=bindist so don't have libgost.so anywhere (the openssl build logic forces it off if eliptic curve is off, which it is due to USE=bindist), yet I end up with OPENSSL_LIBGOST=1 in /etc/init.d/named. If I'm not mistaken, that -a should be &&. Think about it. As is, bash will parse -a -e ... as part of the use ssl commandline, not as a shell AND construct. 3) It seems to me that in the initscript, OPENSSL_LIBGOST=0 should always be the default. The setting should then be exposed in the conf.d/named file, with the ebuild setting the as-installed default there. (IOW, the line 235+ if/seds should refer to an entry in "${D}/etc/conf.d/named instead, with the initscript always defaulting to 0 for that setting, which AFAIK it already does if that line explicitly setting it is taken out due to the ${OPENSSL_LIBGOST:-0} logic.)