908822 – net-vpn/libreswan-4.11 fails to build with dnssec use flag enabled

Bug 908822 - net-vpn/libreswan-4.11 fails to build with dnssec use flag enabled

Summary: net-vpn/libreswan-4.11 fails to build with dnssec use flag enabled

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Hans de Graaff

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-06-19 06:16 UTC by Alex
Modified:	2023-06-20 05:25 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
build.log (build.log,1.72 KB, text/x-log) 2023-06-19 06:17 UTC, Alex	Details
emerge --info output (emerge-info.log,6.43 KB, text/x-log) 2023-06-19 06:18 UTC, Alex	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex 2023-06-19 06:16:54 UTC

latest libreswan fails to build with dnssec flag enabled.

the error is:   mk/config.mk:614: *** DEFAULT_DNSSEC_ROOTKEY_FILE unknown.  

Looked at upstream sources, makefiles tries to guess linux distribution and points sets DEFAULT_DNSSEC_ROOTKEY_FILE accordingly. It doesn't have a clause for gentoo systems, so it fails.
https://github.com/libreswan/libreswan/blob/v4.11/mk/defaults/linux.mk

I guess this needs to be patched to point to location provided by net-dns/dnssec-root, or maybe exporting variable from src_configure

Reproducible: Always

Steps to Reproduce:
1. echo "net-libs/libreswan dnssec" > /etc/portage/package.use/libreswan
2. emerge libreswan

Actual Results:  
fails on build with:
  mk/config.mk:614: *** DEFAULT_DNSSEC_ROOTKEY_FILE unknown.  Stop.


Expected Results:  
libreswan builds and installs

Comment 1 Alex 2023-06-19 06:17:36 UTC

Created attachment 864191 [details]
build.log

Comment 2 Alex 2023-06-19 06:18:41 UTC

Created attachment 864192 [details]
emerge --info output

Comment 3 Hans de Graaff gentoo-dev

2023-06-20 05:24:35 UTC

(In reply to Alex from comment #0)
> latest libreswan fails to build with dnssec flag enabled.
> 
> the error is:   mk/config.mk:614: *** DEFAULT_DNSSEC_ROOTKEY_FILE unknown.  
> 
> Looked at upstream sources, makefiles tries to guess linux distribution and
> points sets DEFAULT_DNSSEC_ROOTKEY_FILE accordingly. It doesn't have a
> clause for gentoo systems, so it fails.
> https://github.com/libreswan/libreswan/blob/v4.11/mk/defaults/linux.mk

Thanks for the analysis. We can set the ROOTKEY file manually in the ebuild. That at least fixes the compilation issue. I have not been able to test if dnssec works as expected. Please report back if there are still runtime issues with it.

Comment 4 Larry the Git Cow gentoo-dev

2023-06-20 05:25:53 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c99a2499670a3e98c48e2560cd02e27dda31ffc7

commit c99a2499670a3e98c48e2560cd02e27dda31ffc7
Author:     Hans de Graaff <graaff@gentoo.org>
AuthorDate: 2023-06-20 05:24:49 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-06-20 05:25:50 +0000

    net-vpn/libreswan: fix complication with USE=dnssec
    
    Thanks to Alex for the analysis and reporting the bug.
    
    Closes: https://bugs.gentoo.org/908822
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 net-vpn/libreswan/libreswan-4.11.ebuild | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)