Arguably this is an upstream problem, but we can work around it. The ebuilds for bind 9.10.x and 9.11.x require dlz if any of various USE flags are set (mysql, ldap, etc.). In turn, if dlz is set, --with-dlopen is passed to configure. If none of those are set, dlopen is not enabled. In 9.10.x this work(ed) fine. But in 9.11.0_p1, building without --with-dlopen dies with: [snip] libtool: compile: x86_64-pc-linux-gnu-gcc -I/var/tmp/portage/net-dns/bind-9.11.0_p1/work/bind-9.11.0-P1 -I../.. -I./include -I../dns/include -I/var/tmp/portage/net-dns/bind-9.11.0_p1/work/bind-9.11.0-P1/lib/dns/include -I../../lib/dns/include -I/var/tmp/portage/net-dns/bind-9.11.0_p1/work/bind-9.11.0-P1/lib/isc/include -I../../lib/isc -I../../lib/isc/include -I../../lib/isc/unix/include -I../../lib/isc/nothreads/include -I../../lib/isc/x86_32/include -I../../lib/irs/include -I../../lib/irs/include -DVERSION=\"9.11.0-P1\" -DSYSCONFDIR=\"/etc/bind\" -D_GNU_SOURCE -march=core2 -freorder-blocks-and-partition -O2 -pipe -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing -fno-delete-null-pointer-checks -c nsprobe.c -o nsprobe.o >/dev/null 2>&1 libtool: link: x86_64-pc-linux-gnu-gcc -march=core2 -freorder-blocks-and-partition -O2 -pipe -Wl,-O1 -o .libs/sample-gai .libs/sample-gai.o -Wl,--as-needed ../irs/.libs/libirs.so ../dns/.libs/libdns.so ../isccfg/.libs/libisccfg.so /var/tmp/portage/net-dns/bind-9.11.0_p1/work/bind-9.11.0-P1/lib/dns/.libs/libdns.so /var/tmp/portage/net-dns/bind-9.11.0_p1/work/bind-9.11.0-P1/lib/isccc/.libs/libisccc.so /var/tmp/portage/net-dns/bind-9.11.0_p1/work/bind-9.11.0-P1/lib/isc/.libs/libisc.so ../isc/.libs/libisc.so -lcap -lz ../dns/.libs/libdns.so: undefined reference to `dlopen' ../dns/.libs/libdns.so: undefined reference to `dlclose' ../dns/.libs/libdns.so: undefined reference to `dlerror' ../dns/.libs/libdns.so: undefined reference to `dlsym' collect2: error: ld returned 1 exit status make[2]: *** [Makefile:463: sample-gai] Error 1 [This occurred under lib/samples/, but the problem is with libdns.so itself; bypassing samples/ just means it will die somewhere else in the build.] Tested with gcc-4.9.4[hardened] and glibc-2.23-r2[hardened] on x86_64. Simply enabling --with-dlopen unconditionally in the ebuild allows the build to succeed.
I think upstream introduced this issue when merging dyndb: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=a00f9e2f50675bd43cc6a9fe2669709162a2ccb4 They should either disable dyndb if --without-dlopen (does not look straightforward to implement) or remove the configure option.
net-dns/bind-9.11.0_p2 has the same problem, cannot build without --with-dlopen set either implicitly or explicitly. I'll attach a patch that worked for me with net-dns/bind-9.11.0_p1 and now net-dns/bind-9.11.0_p2 as well.
Created attachment 460200 [details, diff] Force --with-dlopen to fix building when it is not implied by a USE flag.
Same here. Building just a minimalistic bind with USE="-* ipv6 zlib" fails, but works fine with USE="-* ipv6 dlz zlib".
Just had this problem crop up with me for net-dns/bind-9.11.0_p3 today, accidentally worked around it by enabling the ssl useflag, I'll have to try using the dlz useflag instead, my intention is to make as tiny a binary as possible since I'm running it on an rpi to filter out ipv6 hostnames.
(In reply to Tim from comment #5) > Just had this problem crop up with me for net-dns/bind-9.11.0_p3 today, > accidentally worked around it by enabling the ssl useflag, I'll have to try > using the dlz useflag instead, my intention is to make as tiny a binary as > possible since I'm running it on an rpi to filter out ipv6 hostnames. To add, this workaround only works as a side effect of OpenSSL being there. With USE="ssl libressl" I still get the dlopen compile failure.
Reported upstream: https://lists.isc.org/pipermail/bind-users/2017-May/098574.html I think currently we should require dlopen in ebuild: --- a/bind-9.11.0_p3.ebuild +++ b/bind-9.11.0_p3.ebuild @@ -170,7 +170,7 @@ src_configure() { $(use_enable seccomp) \ $(use_enable threads) \ $(use_with berkdb dlz-bdb) \ - $(use_with dlz dlopen) \ + --with-dlopen \ $(use_with dlz dlz-filesystem) \ $(use_with dlz dlz-stub) \ $(use_with gost) \ And stabilize for security fixes.
(In reply to Peter from comment #7) > Reported upstream: > https://lists.isc.org/pipermail/bind-users/2017-May/098574.html > > I think currently we should require dlopen in ebuild: I agree. Doing so would address the problem for everyone. Devs, can we get some traction on this?
Those who, like myself, are fatigued by having to work around this bug upon every upgrade might consider using package.env to define EXTRA_ECONF="--with-dlopen" for net-dns/bind as an interim workaround.
Created attachment 474718 [details, diff] bind-9.11.0_p5-dyndb-dlopen.patch Finally upstream fixed this issue: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=aa3a8979bc7eb1596d044eff572b3c35310584fa https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=ae903759c205f8a5039458d780c0e0c4442b7291 Attached patch is exactly two patches togeather without changes in CHANGES file. Works for me.
This has just been fixed by applying the mentioned patch(es). Thanks guys! Should be on the mirrors soon.
(In reply to Christian Ruppert (idl0r) from comment #11) > This has just been fixed by applying the mentioned patch(es). Thanks guys! > Should be on the mirrors soon. Thanks. Unfortunately, bind-9.11.1_p1 also requires these patches.
(In reply to Kerin Millar from comment #12) > (In reply to Christian Ruppert (idl0r) from comment #11) > > This has just been fixed by applying the mentioned patch(es). Thanks guys! > > Should be on the mirrors soon. > > Thanks. Unfortunately, bind-9.11.1_p1 also requires these patches. Damn... Should be fixed again now, in Git. It might take a bit to hit the mirrors. Thanks!