[FFE] add support for native pkcs11

Bug #1565392 reported by Timo Aaltonen on 2016-04-03
This bug affects 2 people
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)

Bug Description

Native pkcs11 support in bind9 is needed for DNSSEC support in FreeIPA. I've added this to bind9 package here:


It has a patch from Fedora split in two. The first one is applied with quilt along with the rest of the patches, and it just modifies Makefiles & configure to allow building native pkcs11 in the same build with openssl. The second patch is applied manually after copying bin/named, bin/dnssec, lib/isc, lib/dns for a separate build. This patch modifies includes and targets to use correct names for this build.

Neither of the patches touch actual code, and if any new patches are later added that do, the changes are also carried over to the separate build since the directories are copied during build.

The resulting binaries and libraries are added to the existing packages, but it's also possible to ship them separate.

This whole separate build thing is because the current build is with openssl enabled, and I don't know what replacing that with pkcs11 would mean for existing users. Building it separate is guaranteed to not harm anyone.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in bind9 (Ubuntu):
status: New → Confirmed
LaMont Jones (lamont) wrote :

This is in 1:9.10.3.dfsg.P4-8

Changed in bind9 (Ubuntu):
status: Confirmed → Fix Committed
Martin Pitt (pitti) wrote :

The patch for this is quite big, and it's a new feature, adjusting bug accordingly

summary: - add support for native pkcs11
+ [FFE] add support for native pkcs11
Martin Pitt (pitti) wrote :

+1 as this is a separate new feature, so relatively low-risk. Accepted.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.10.3.dfsg.P4-8

bind9 (1:9.10.3.dfsg.P4-8) unstable; urgency=medium

  [Timo Aaltonen]

  * Fix bind9-resolvconf.service installation.
  * Add support for native pkcs11. LP: #1565392

  [Samuel Thibault]

  * Detect in6_pktinfo on hurd-i386. Closes: #820404

 -- LaMont Jones <email address hidden> Wed, 13 Apr 2016 13:19:37 -0600

Changed in bind9 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers