Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 766264 - net-dns/dnsmasq-2.83-r100[dnssec] does not build DNSSEC support
Summary: net-dns/dnsmasq-2.83-r100[dnssec] does not build DNSSEC support
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Patrick McLean
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687
  Show dependency tree
 
Reported: 2021-01-20 10:18 UTC by Karl-Johan Karlsson
Modified: 2021-01-20 18:25 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
build.log for the broken binary (build.log,21.68 KB, text/x-log)
2021-01-20 10:19 UTC, Karl-Johan Karlsson
Details
build.log with the ebuild changed to $(use_have dnssec), producing a working binary (build.log,22.25 KB, text/x-log)
2021-01-20 10:20 UTC, Karl-Johan Karlsson
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Karl-Johan Karlsson 2021-01-20 10:18:16 UTC
In net-dns/dnsmasq-2.82-r100, building with USE="dnssec" results in the make step running with "COPTS=-DHAVE_DNSSEC", which builds a binary with DNSSEC support.

In net-dns/dnsmasq-2.83-r100, the same USE settings give a binary which doesn't start, instead exiting with the error message:

   dnsmasq: unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support) at line 6 of /usr/share/dnsmasq/trust-anchors.conf

where that line is the "trust-anchor=[...]" line containing the root DNSSEC key.

Looking at the build log, 2.83-r100 no longer adds "-DHAVE_DNSSEC" to COPTS.

Looking at the ebuild, the culprit seems to be this change since 2.82-r100:

-               $(use_have dnssec)
+               $(use_have -n dnssec)

With the "-n" argument, use_have only outputs negative values, i.e. NO_DNSSEC. But dnssec.c is wrapped in an "#ifdef HAVE_DNSSEC"/"#endif /* HAVE_DNSSEC */" pair, meaning the positive form HAVE_DNSSEC has to be explicitly specified. Sure enough, removing "-n", reverting to the form in the 2.82-r100 ebuild, runs the make process with "COPTS=-DHAVE_DNSSEC" and builds a dnsmasq binary that accepts DNSSEC configuration.

Reproducible: Always

Steps to Reproduce:
1. env USE="dnssec" emerge =net-dns/dnsmasq-2.83-r100
2. /etc/init.d/dnsmasq start

Actual Results:  
 * Starting dnsmasq ...

dnsmasq: unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support) at line 6 of /usr/share/dnsmasq/trust-anchors.conf
 * start-stop-daemon: failed to start `/usr/sbin/dnsmasq'
 * Failed to start dnsmasq                                                                                        [ !! ]
 * ERROR: dnsmasq failed to start

Expected Results:  
dnsmasq starts.
Comment 1 Karl-Johan Karlsson 2021-01-20 10:19:15 UTC
Created attachment 683836 [details]
build.log for the broken binary
Comment 2 Karl-Johan Karlsson 2021-01-20 10:20:44 UTC
Created attachment 683839 [details]
build.log with the ebuild changed to $(use_have dnssec), producing a working binary
Comment 3 Larry the Git Cow gentoo-dev 2021-01-20 18:25:43 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d668f0e3fcf4db6a21ee016c2c9962567043825e

commit d668f0e3fcf4db6a21ee016c2c9962567043825e
Author:     Patrick McLean <patrick.mclean@sony.com>
AuthorDate: 2021-01-20 18:25:29 +0000
Commit:     Patrick McLean <chutzpah@gentoo.org>
CommitDate: 2021-01-20 18:25:29 +0000

    net-dns/dnsmasq: Revbumps, fix USE=dnssec (bug #766264)
    
    Closes: https://bugs.gentoo.org/766264
    Copyright: Sony Interactive Entertainment Inc.
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Patrick McLean <chutzpah@gentoo.org>

 net-dns/dnsmasq/{dnsmasq-2.83.ebuild => dnsmasq-2.83-r1.ebuild}   | 8 +++++---
 .../{dnsmasq-2.83-r100.ebuild => dnsmasq-2.83-r101.ebuild}        | 8 +++++---
 2 files changed, 10 insertions(+), 6 deletions(-)