summaryrefslogtreecommitdiffstats
path: root/debian/patches/0006-prepare_native_pkcs11.diff
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/0006-prepare_native_pkcs11.diff')
-rw-r--r--debian/patches/0006-prepare_native_pkcs11.diff246
1 files changed, 246 insertions, 0 deletions
diff --git a/debian/patches/0006-prepare_native_pkcs11.diff b/debian/patches/0006-prepare_native_pkcs11.diff
new file mode 100644
index 0000000..9cd63b6
--- /dev/null
+++ b/debian/patches/0006-prepare_native_pkcs11.diff
@@ -0,0 +1,246 @@
+From: Debian DNS Packaging <pkg-dns-devel@lists.alioth.debian.org>
+Date: Fri, 24 Nov 2017 16:26:54 +0000
+Subject: _prepare_native_pkcs11
+
+---
+ bin/Makefile.in | 2 +-
+ bin/dnssec/Makefile.in | 2 +-
+ bin/named/Makefile.in | 2 +-
+ bin/pkcs11/Makefile.in | 6 +++---
+ configure.in | 51 +++++++++++++++++++++++++++++++++++---------------
+ lib/Makefile.in | 2 +-
+ make/includes.in | 10 ++++++++++
+ 7 files changed, 53 insertions(+), 22 deletions(-)
+
+diff --git a/bin/Makefile.in b/bin/Makefile.in
+index f0c504a..ef6bf5f 100644
+--- a/bin/Makefile.in
++++ b/bin/Makefile.in
+@@ -11,7 +11,7 @@ srcdir = @srcdir@
+ VPATH = @srcdir@
+ top_srcdir = @top_srcdir@
+
+-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \
++SUBDIRS = named named-pkcs11 rndc dig delv dnssec dnssec-pkcs11 tools nsupdate check confgen \
+ @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests
+ TARGETS =
+
+diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
+index 2239ad1..1ded1fa 100644
+--- a/bin/dnssec/Makefile.in
++++ b/bin/dnssec/Makefile.in
+@@ -19,7 +19,7 @@ VERSION=@BIND9_VERSION@
+
+ CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
+
+-CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@ @PKCS11_ENGINE@ \
++CDEFINES = -DVERSION=\"${VERSION}\" \
+ @CRYPTO@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
+ CWARNINGS =
+
+diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
+index 1c41397..5e6e84c 100644
+--- a/bin/named/Makefile.in
++++ b/bin/named/Makefile.in
+@@ -47,7 +47,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
+ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
+ ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
+
+-CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO@
++CDEFINES = @CONTRIB_DLZ@ @CRYPTO@
+
+ CWARNINGS =
+
+diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in
+index ae90616..4bc1256 100644
+--- a/bin/pkcs11/Makefile.in
++++ b/bin/pkcs11/Makefile.in
+@@ -15,13 +15,13 @@ top_srcdir = @top_srcdir@
+
+ @BIND9_MAKE_INCLUDES@
+
+-CINCLUDES = ${ISC_INCLUDES}
++CINCLUDES = ${ISC_PKCS11_INCLUDES}
+
+ CDEFINES =
+
+-ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
++ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@ @ISC_OPENSSL_LIBS@
+
+-ISCDEPLIBS = ../../lib/isc/libisc.@A@
++ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
+
+ DEPLIBS = ${ISCDEPLIBS}
+
+diff --git a/configure.in b/configure.in
+index bf028fe..f8603b8 100644
+--- a/configure.in
++++ b/configure.in
+@@ -1109,12 +1109,14 @@ AC_SUBST(USE_GSSAPI)
+ AC_SUBST(DST_GSSAPI_INC)
+ AC_SUBST(DNS_GSSAPI_LIBS)
+ DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS"
++DNS_CRYPTO_PK11_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_PK11_LIBS"
+
+ #
+ # Applications linking with libdns also need to link with these libraries.
+ #
+
+ AC_SUBST(DNS_CRYPTO_LIBS)
++AC_SUBST(DNS_CRYPTO_PK11_LIBS)
+
+ #
+ # was --with-randomdev specified?
+@@ -1499,11 +1501,6 @@ fi
+ AC_MSG_CHECKING(for OpenSSL library)
+ OPENSSL_WARNING=
+ openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw"
+-if test "yes" = "$want_native_pkcs11"
+-then
+- use_openssl="native_pkcs11"
+- AC_MSG_RESULT(use of native PKCS11 instead)
+-fi
+
+ if test "auto" = "$use_openssl"
+ then
+@@ -1516,6 +1513,7 @@ then
+ fi
+ done
+ fi
++CRYPTO_PK11=""
+ OPENSSL_ECDSA=""
+ OPENSSL_GOST=""
+ OPENSSL_ED25519=""
+@@ -1537,11 +1535,10 @@ case "$with_gost" in
+ ;;
+ esac
+
+-case "$use_openssl" in
+- native_pkcs11)
+- AC_MSG_RESULT(disabled because of native PKCS11)
++if test "$want_native_pkcs11" = "yes"
++then
+ DST_OPENSSL_INC=""
+- CRYPTO="-DPKCS11CRYPTO"
++ CRYPTO_PK11="-DPKCS11CRYPTO"
+ OPENSSLECDSALINKOBJS=""
+ OPENSSLECDSALINKSRCS=""
+ OPENSSLEDDSALINKOBJS=""
+@@ -1550,7 +1547,9 @@ case "$use_openssl" in
+ OPENSSLGOSTLINKSRCS=""
+ OPENSSLLINKOBJS=""
+ OPENSSLLINKSRCS=""
+- ;;
++fi
++
++case "$use_openssl" in
+ no)
+ AC_MSG_RESULT(no)
+ DST_OPENSSL_INC=""
+@@ -1580,11 +1579,6 @@ case "$use_openssl" in
+ If you don't want OpenSSL, use --without-openssl])
+ ;;
+ *)
+- if test "yes" = "$want_native_pkcs11"
+- then
+- AC_MSG_RESULT()
+- AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
+- fi
+ if test "yes" = "$use_openssl"
+ then
+ # User did not specify a path - guess it
+@@ -2007,6 +2001,7 @@ AC_SUBST(OPENSSL_ED25519)
+ AC_SUBST(OPENSSL_GOST)
+
+ DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
++DNS_CRYPTO_PK11_LIBS="$DNS_CRYPTO_LIBS"
+
+ ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
+ if test "yes" = "$with_aes"
+@@ -2326,6 +2321,7 @@ esac
+ AC_SUBST(PKCS11LINKOBJS)
+ AC_SUBST(PKCS11LINKSRCS)
+ AC_SUBST(CRYPTO)
++AC_SUBST(CRYPTO_PK11)
+ AC_SUBST(PKCS11_ECDSA)
+ AC_SUBST(PKCS11_GOST)
+ AC_SUBST(PKCS11_ED25519)
+@@ -5331,8 +5327,11 @@ AC_CONFIG_FILES([
+ bin/delv/Makefile
+ bin/dig/Makefile
+ bin/dnssec/Makefile
++ bin/dnssec-pkcs11/Makefile
+ bin/named/Makefile
+ bin/named/unix/Makefile
++ bin/named-pkcs11/Makefile
++ bin/named-pkcs11/unix/Makefile
+ bin/nsupdate/Makefile
+ bin/pkcs11/Makefile
+ bin/python/Makefile
+@@ -5406,6 +5405,10 @@ AC_CONFIG_FILES([
+ lib/dns/include/dns/Makefile
+ lib/dns/include/dst/Makefile
+ lib/dns/tests/Makefile
++ lib/dns-pkcs11/Makefile
++ lib/dns-pkcs11/include/Makefile
++ lib/dns-pkcs11/include/dns/Makefile
++ lib/dns-pkcs11/include/dst/Makefile
+ lib/irs/Makefile
+ lib/irs/include/Makefile
+ lib/irs/include/irs/Makefile
+@@ -5430,6 +5433,24 @@ AC_CONFIG_FILES([
+ lib/isc/unix/include/Makefile
+ lib/isc/unix/include/isc/Makefile
+ lib/isc/unix/include/pkcs11/Makefile
++ lib/isc-pkcs11/$arch/Makefile
++ lib/isc-pkcs11/$arch/include/Makefile
++ lib/isc-pkcs11/$arch/include/isc/Makefile
++ lib/isc-pkcs11/$thread_dir/Makefile
++ lib/isc-pkcs11/$thread_dir/include/Makefile
++ lib/isc-pkcs11/$thread_dir/include/isc/Makefile
++ lib/isc-pkcs11/Makefile
++ lib/isc-pkcs11/include/Makefile
++ lib/isc-pkcs11/include/isc/Makefile
++ lib/isc-pkcs11/include/isc/platform.h
++ lib/isc-pkcs11/include/pk11/Makefile
++ lib/isc-pkcs11/include/pkcs11/Makefile
++ lib/isc-pkcs11/tests/Makefile
++ lib/isc-pkcs11/nls/Makefile
++ lib/isc-pkcs11/unix/Makefile
++ lib/isc-pkcs11/unix/include/Makefile
++ lib/isc-pkcs11/unix/include/isc/Makefile
++ lib/isc-pkcs11/unix/include/pkcs11/Makefile
+ lib/isccc/Makefile
+ lib/isccc/include/Makefile
+ lib/isccc/include/isccc/Makefile
+diff --git a/lib/Makefile.in b/lib/Makefile.in
+index 81270a0..bcb5312 100644
+--- a/lib/Makefile.in
++++ b/lib/Makefile.in
+@@ -15,7 +15,7 @@ top_srcdir = @top_srcdir@
+ # Attempt to disable parallel processing.
+ .NOTPARALLEL:
+ .NO_PARALLEL:
+-SUBDIRS = isc isccc dns isccfg bind9 lwres irs samples
++SUBDIRS = isc isc-pkcs11 isccc dns dns-pkcs11 isccfg bind9 lwres irs samples
+ TARGETS =
+
+ @BIND9_MAKE_RULES@
+diff --git a/make/includes.in b/make/includes.in
+index fa86ad1..3cfbe9f 100644
+--- a/make/includes.in
++++ b/make/includes.in
+@@ -43,3 +43,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
+
+ TEST_INCLUDES = \
+ -I${top_srcdir}/lib/tests/include
++
++ISC_PKCS11_INCLUDES = @BIND9_ISC_BUILDINCLUDE@ \
++ -I${top_srcdir}/lib/isc-pkcs11 \
++ -I${top_srcdir}/lib/isc-pkcs11/include \
++ -I${top_srcdir}/lib/isc-pkcs11/unix/include \
++ -I${top_srcdir}/lib/isc-pkcs11/@ISC_THREAD_DIR@/include \
++ -I${top_srcdir}/lib/isc-pkcs11/@ISC_ARCH_DIR@/include
++
++DNS_PKCS11_INCLUDES = @BIND9_DNS_BUILDINCLUDE@ \
++ -I${top_srcdir}/lib/dns-pkcs11/include
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-25 03:47:39 +0000