I'm not sure if /etc/dnssec/root-anchors.txt is the value gnutls asks about, nevertheless right now during configure following warning gets printed *** The DNSSEC root key file in $unbound_root_key_file was not found. *** This file is needed for the verification of DNSSEC responses. *** Use the command: unbound-anchor -a "$unbound_root_key_file" *** to generate or update it. Looking at net-dns/unbound ebuild, that's my best guess.
I do not fully understand the description, nor can I reproduce this. Almost sure it is not gnutls issue...
Created attachment 333090 [details] build log of gnutls with the warning :sigh: My idea of the solution comes from net-dns/unbound ebuild, which passes the mentioned filename as an agument to configure.
Please CC crypto if there is an issue unrelated to this package, thanks.
as far as I understand unbound should provide this file.
(In reply to comment #4) > as far as I understand unbound should provide this file. AFA*I*U (by reading the ebuild), it does, just under a different name. A confirmation/rebuttal from net-dns/unbound maintainer would be welcome. But if it does and the reason for the name change is valid, it needs to be fixed on gnultls side.
Readding crypto as gnutls 3.3.4 still prints that warning. Mind, that I can't really tell, if it causes any real problems, as I most likely don't use that 'dane' functionality, but could it be that there's a reason gnutls prints such warning during configure ? Again, gnutls checks for /etc/unbound/root.key, unbound renames that to /etc/dnssec/root-anchors.txt, so put things in sync, one way or another. PS: unbound during build complains also about '--with-ldns' as 'unrecognized option', but that's just basic QA for you.
OK, thank you, now I understand. Never used this dane thing. Fixed in gnutls-3.3.4-r1.