Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 766264

Summary: net-dns/dnsmasq-2.83-r100[dnssec] does not build DNSSEC support
Product: Gentoo Linux Reporter: Karl-Johan Karlsson <creideiki+gentoo-bugzilla>
Component: Current packagesAssignee: Patrick McLean <chutzpah>
Status: RESOLVED FIXED    
Severity: normal CC: ionen, s7mon, sam
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 766126    
Attachments: build.log for the broken binary
build.log with the ebuild changed to $(use_have dnssec), producing a working binary

Description Karl-Johan Karlsson 2021-01-20 10:18:16 UTC 
In net-dns/dnsmasq-2.82-r100, building with USE="dnssec" results in the make step running with "COPTS=-DHAVE_DNSSEC", which builds a binary with DNSSEC support.

In net-dns/dnsmasq-2.83-r100, the same USE settings give a binary which doesn't start, instead exiting with the error message:

   dnsmasq: unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support) at line 6 of /usr/share/dnsmasq/trust-anchors.conf

where that line is the "trust-anchor=[...]" line containing the root DNSSEC key.

Looking at the build log, 2.83-r100 no longer adds "-DHAVE_DNSSEC" to COPTS.

Looking at the ebuild, the culprit seems to be this change since 2.82-r100:

-               $(use_have dnssec)
+               $(use_have -n dnssec)

With the "-n" argument, use_have only outputs negative values, i.e. NO_DNSSEC. But dnssec.c is wrapped in an "#ifdef HAVE_DNSSEC"/"#endif /* HAVE_DNSSEC */" pair, meaning the positive form HAVE_DNSSEC has to be explicitly specified. Sure enough, removing "-n", reverting to the form in the 2.82-r100 ebuild, runs the make process with "COPTS=-DHAVE_DNSSEC" and builds a dnsmasq binary that accepts DNSSEC configuration.

Reproducible: Always

Steps to Reproduce:
1. env USE="dnssec" emerge =net-dns/dnsmasq-2.83-r100
2. /etc/init.d/dnsmasq start

Actual Results:  
 * Starting dnsmasq ...

dnsmasq: unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support) at line 6 of /usr/share/dnsmasq/trust-anchors.conf
 * start-stop-daemon: failed to start `/usr/sbin/dnsmasq'
 * Failed to start dnsmasq                                                                                        [ !! ]
 * ERROR: dnsmasq failed to start

Expected Results:  
dnsmasq starts.
Comment 1 Karl-Johan Karlsson 2021-01-20 10:19:15 UTC 
Created attachment 683836 [details]
build.log for the broken binary
Comment 2 Karl-Johan Karlsson 2021-01-20 10:20:44 UTC 
Created attachment 683839 [details]
build.log with the ebuild changed to $(use_have dnssec), producing a working binary
Comment 3 Larry the Git Cow gentoo-dev 2021-01-20 18:25:43 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d668f0e3fcf4db6a21ee016c2c9962567043825e

commit d668f0e3fcf4db6a21ee016c2c9962567043825e
Author:     Patrick McLean <patrick.mclean@sony.com>
AuthorDate: 2021-01-20 18:25:29 +0000
Commit:     Patrick McLean <chutzpah@gentoo.org>
CommitDate: 2021-01-20 18:25:29 +0000

    net-dns/dnsmasq: Revbumps, fix USE=dnssec (bug #766264)
    
    Closes: https://bugs.gentoo.org/766264
    Copyright: Sony Interactive Entertainment Inc.
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Patrick McLean <chutzpah@gentoo.org>

 net-dns/dnsmasq/{dnsmasq-2.83.ebuild => dnsmasq-2.83-r1.ebuild}   | 8 +++++---
 .../{dnsmasq-2.83-r100.ebuild => dnsmasq-2.83-r101.ebuild}        | 8 +++++---
 2 files changed, 10 insertions(+), 6 deletions(-)