diff --git a/CHANGES b/CHANGES index 27869baad0..0af2ea621c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +4945. [func] BIND can no longer be built without DNSSEC support. + A cryptography provder (i.e., OpenSSL or a hardware + service module with PKCS#11 support) must be + available. [GL #244] + 4944. [cleanup] Silence cppcheck portability warnings in lib/isc/tests/buffer_test.c. [GL #239] diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in index d2a6b692b3..83daebfe4a 100644 --- a/bin/confgen/Makefile.in +++ b/bin/confgen/Makefile.in @@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@ CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \ ${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} -CDEFINES = +CDEFINES = @CRYPTO@ CWARNINGS = ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ diff --git a/bin/confgen/unix/Makefile.in b/bin/confgen/unix/Makefile.in index 64e3cb8bb5..af1452dbb3 100644 --- a/bin/confgen/unix/Makefile.in +++ b/bin/confgen/unix/Makefile.in @@ -16,7 +16,7 @@ top_srcdir = @top_srcdir@ CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \ ${DNS_INCLUDES} ${ISC_INCLUDES} -CDEFINES = +CDEFINES = @CRYPTO@ CWARNINGS = OBJS = os.@O@ diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in index d33fc2094a..e932518943 100644 --- a/bin/pkcs11/Makefile.in +++ b/bin/pkcs11/Makefile.in @@ -15,7 +15,7 @@ top_srcdir = @top_srcdir@ CINCLUDES = ${ISC_INCLUDES} -CDEFINES = +CDEFINES = @CRYPTO@ ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@ diff --git a/bin/rndc/Makefile.in b/bin/rndc/Makefile.in index ba68e781f8..51983483a9 100644 --- a/bin/rndc/Makefile.in +++ b/bin/rndc/Makefile.in @@ -18,7 +18,7 @@ VERSION=@BIND9_VERSION@ CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \ ${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} -CDEFINES = +CDEFINES = @CRYPTO@ CWARNINGS = ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ diff --git a/bin/tests/pkcs11/Makefile.in b/bin/tests/pkcs11/Makefile.in index 73e0596705..29b1f3f0c7 100644 --- a/bin/tests/pkcs11/Makefile.in +++ b/bin/tests/pkcs11/Makefile.in @@ -17,7 +17,7 @@ PROVIDER = @PKCS11_PROVIDER@ CINCLUDES = ${ISC_INCLUDES} -CDEFINES = -DPK11_LIB_LOCATION=\"${PROVIDER}\" +CDEFINES = -DPK11_LIB_LOCATION=\"${PROVIDER}\" @CRYPTO@ ISCLIBS = ../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@ diff --git a/bin/tests/pkcs11/benchmarks/Makefile.in b/bin/tests/pkcs11/benchmarks/Makefile.in index 15f5460044..3ee3821eec 100644 --- a/bin/tests/pkcs11/benchmarks/Makefile.in +++ b/bin/tests/pkcs11/benchmarks/Makefile.in @@ -17,7 +17,7 @@ PROVIDER = @PKCS11_PROVIDER@ CINCLUDES = ${ISC_INCLUDES} -CDEFINES = -DPK11_LIB_LOCATION=\"${PROVIDER}\" +CDEFINES = -DPK11_LIB_LOCATION=\"${PROVIDER}\" @CRYPTO@ ISCLIBS = ../../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@ diff --git a/bin/tests/system/Makefile.in b/bin/tests/system/Makefile.in index a552f4667e..d40917fab7 100644 --- a/bin/tests/system/Makefile.in +++ b/bin/tests/system/Makefile.in @@ -19,7 +19,7 @@ SUBDIRS = dlzexternal dyndb pipelined rndc rpz rsabigexponent tkey CINCLUDES = ${ISC_INCLUDES} ${DNS_INCLUDES} -CDEFINES = @USE_GSSAPI@ +CDEFINES = @USE_GSSAPI@ @CRYPTO@ CWARNINGS = DNSLIBS = diff --git a/bin/tests/system/rndc/Makefile.in b/bin/tests/system/rndc/Makefile.in index 999c1e6e9f..000958b21f 100644 --- a/bin/tests/system/rndc/Makefile.in +++ b/bin/tests/system/rndc/Makefile.in @@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@ CINCLUDES = ${ISC_INCLUDES} -CDEFINES = +CDEFINES = @CRYPTO@ CWARNINGS = ISCLIBS = ../../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@ diff --git a/bin/tests/system/rpz/Makefile.in b/bin/tests/system/rpz/Makefile.in index 9ec63448cd..f44619dfc2 100644 --- a/bin/tests/system/rpz/Makefile.in +++ b/bin/tests/system/rpz/Makefile.in @@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@ CINCLUDES = ${ISC_INCLUDES} ${DNS_INCLUDES} -CDEFINES = +CDEFINES = @CRYPTO@ CWARNINGS = DNSLIBS = diff --git a/configure b/configure index f036382f6c..0ad864870e 100755 --- a/configure +++ b/configure @@ -941,6 +941,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -1100,6 +1101,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1352,6 +1354,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1489,7 +1500,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1642,6 +1653,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -16226,7 +16238,6 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL library" >&5 $as_echo_n "checking for OpenSSL library... " >&6; } -OPENSSL_WARNING= openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw" if test "yes" = "$want_native_pkcs11" then @@ -17345,6 +17356,15 @@ esac +if test "X$CRYPTO" = "X"; then +# cat << \EOF +as_fn_error $? "No cryptography library has been found or provided. +You must use --with-openssl, or --with-pkcs11 and --enable-native-pkcs11, +to enable cryptography." "$LINENO" 5 +#EOF + exit 1 +fi + # for PKCS11 benchmarks have_clock_gt=no @@ -26532,14 +26552,6 @@ if test "yes" != "$silent"; then report fi -if test "X$CRYPTO" = "X"; then -cat << \EOF -BIND 9 is being built without cryptography support. This means it will -not have DNSSEC support. Use --with-openssl, or --with-pkcs11 and ---enable-native-pkcs11 to enable cryptography. -EOF -fi - # Tell Emacs to edit this file in shell mode. # Local Variables: # mode: sh diff --git a/configure.in b/configure.in index 7accaf8bb1..387310a759 100644 --- a/configure.in +++ b/configure.in @@ -1472,7 +1472,6 @@ then fi AC_MSG_CHECKING(for OpenSSL library) -OPENSSL_WARNING= openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw" if test "yes" = "$want_native_pkcs11" then @@ -2320,6 +2319,15 @@ AC_SUBST(PKCS11_GOST) AC_SUBST(PKCS11_ED25519) AC_SUBST(PKCS11_TEST) +if test "X$CRYPTO" = "X"; then +# cat << \EOF +AC_MSG_ERROR([No cryptography library has been found or provided. +You must use --with-openssl, or --with-pkcs11 and --enable-native-pkcs11, +to enable cryptography.]) +#EOF + exit 1 +fi + # for PKCS11 benchmarks have_clock_gt=no @@ -5454,14 +5462,6 @@ if test "yes" != "$silent"; then report fi -if test "X$CRYPTO" = "X"; then -cat << \EOF -BIND 9 is being built without cryptography support. This means it will -not have DNSSEC support. Use --with-openssl, or --with-pkcs11 and ---enable-native-pkcs11 to enable cryptography. -EOF -fi - # Tell Emacs to edit this file in shell mode. # Local Variables: # mode: sh diff --git a/contrib/dlz/bin/dlzbdb/Makefile.in b/contrib/dlz/bin/dlzbdb/Makefile.in index abda98d107..8c9823c97a 100644 --- a/contrib/dlz/bin/dlzbdb/Makefile.in +++ b/contrib/dlz/bin/dlzbdb/Makefile.in @@ -17,7 +17,7 @@ DLZINCLUDES = @DLZ_DRIVER_INCLUDES@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include \ ${ISC_INCLUDES} ${DLZINCLUDES} -CDEFINES = @CONTRIB_DLZ@ +CDEFINES = @CONTRIB_DLZ@ @CRYPTO@ CWARNINGS = DLZLIBS = @DLZ_DRIVER_LIBS@ diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index a5f0cd53be..e0a37f8728 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -132,6 +132,13 @@
Feature Changes + + + BIND can no longer be built without DNSSEC support. A cryptography + provder (i.e., OpenSSL or a hardware service module with + PKCS#11 support) must be available. [GL #244] + + Zone types primary and diff --git a/lib/irs/tests/Makefile.in b/lib/irs/tests/Makefile.in index f1bd3c01c4..c4e3b7fdb5 100644 --- a/lib/irs/tests/Makefile.in +++ b/lib/irs/tests/Makefile.in @@ -20,7 +20,7 @@ VERSION=@BIND9_VERSION@ @BIND9_MAKE_INCLUDES@ CINCLUDES = -I. -Iinclude -I../include ${ISC_INCLUDES} ${IRS_INCLUDES} -CDEFINES = -DTESTS="\"${top_builddir}/lib/irs/tests/\"" +CDEFINES = -DTESTS="\"${top_builddir}/lib/irs/tests/\"" @CRYPTO@ CFGLIBS = ../../isccfg/libisccfg.@A@ CFGDEPLIBS = ../../isccfg/libisccfg.@A@ diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in index 9a74ee64d5..822cbead76 100644 --- a/lib/isc/include/isc/platform.h.in +++ b/lib/isc/include/isc/platform.h.in @@ -18,6 +18,14 @@ ***** Platform-dependent defines. *****/ +/*** + *** Enforce OpenSSL or PKCS#11 cryptography + ***/ + +#if !defined(OPENSSL) && !defined(PKCS11CRYPTO) +#error No cryptography library has been found or provided. +#endif + /*** *** Network. ***/ diff --git a/lib/isc/nls/Makefile.in b/lib/isc/nls/Makefile.in index 704deadbea..1acb767561 100644 --- a/lib/isc/nls/Makefile.in +++ b/lib/isc/nls/Makefile.in @@ -16,7 +16,7 @@ CINCLUDES = -I../unix/include \ -I../include \ -I${srcdir}/../include -CDEFINES = +CDEFINES = @CRYPTO@ CWARNINGS = OBJS = msgcat.@O@ diff --git a/lib/isc/nothreads/Makefile.in b/lib/isc/nothreads/Makefile.in index c79477363e..9f20d59831 100644 --- a/lib/isc/nothreads/Makefile.in +++ b/lib/isc/nothreads/Makefile.in @@ -17,7 +17,7 @@ CINCLUDES = -I${srcdir}/include \ -I${srcdir}/../include \ -I${srcdir}/.. -CDEFINES = +CDEFINES = @CRYPTO@ CWARNINGS = THREADOPTOBJS = condition.@O@ mutex.@O@ diff --git a/lib/isc/pthreads/Makefile.in b/lib/isc/pthreads/Makefile.in index af4fd6ec29..c3ba6a04e3 100644 --- a/lib/isc/pthreads/Makefile.in +++ b/lib/isc/pthreads/Makefile.in @@ -17,7 +17,7 @@ CINCLUDES = -I${srcdir}/include \ -I${srcdir}/../include \ -I${srcdir}/.. -CDEFINES = +CDEFINES = @CRYPTO@ CWARNINGS = OBJS = condition.@O@ mutex.@O@ thread.@O@ diff --git a/lib/isc/win32/Makefile.in b/lib/isc/win32/Makefile.in index 19b46bdec4..1c5d56793b 100644 --- a/lib/isc/win32/Makefile.in +++ b/lib/isc/win32/Makefile.in @@ -15,7 +15,7 @@ CINCLUDES = -I${srcdir}/.. \ -I./include \ -I${srcdir}/include \ -I${srcdir}/../include -CDEFINES = +CDEFINES = @CRYPTO@ CWARNINGS = # Alphabetically diff --git a/lib/isc/win32/include/isc/platform.h.in b/lib/isc/win32/include/isc/platform.h.in index d7f94a6ff0..b34e99b3e2 100644 --- a/lib/isc/win32/include/isc/platform.h.in +++ b/lib/isc/win32/include/isc/platform.h.in @@ -31,6 +31,14 @@ #endif #endif +/*** + *** Enforce OpenSSL or PKCS#11 cryptography + ***/ + +#if !defined(OPENSSL) && !defined(PKCS11CRYPTO) +#error No cryptography library has been found or provided. +#endif + /*** *** Network. ***/ diff --git a/lib/isccfg/Makefile.in b/lib/isccfg/Makefile.in index 4625fcd97b..62dbef000a 100644 --- a/lib/isccfg/Makefile.in +++ b/lib/isccfg/Makefile.in @@ -19,7 +19,7 @@ VERSION=@BIND9_VERSION@ CINCLUDES = -I. ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} -CDEFINES = +CDEFINES = @CRYPTO@ CWARNINGS = ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@ diff --git a/lib/ns/Makefile.in b/lib/ns/Makefile.in index e81eeb3367..1b26c0cbca 100644 --- a/lib/ns/Makefile.in +++ b/lib/ns/Makefile.in @@ -28,7 +28,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/ns -Iinclude \ ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \ @DST_OPENSSL_INC@ @DST_GSSAPI_INC@ -CDEFINES = +CDEFINES = @CRYPTO@ CWARNINGS = diff --git a/lib/samples/Makefile-postinstall.in b/lib/samples/Makefile-postinstall.in index cf114da6a1..8d5421f98c 100644 --- a/lib/samples/Makefile-postinstall.in +++ b/lib/samples/Makefile-postinstall.in @@ -11,7 +11,7 @@ srcdir = @srcdir@ #prefix = @prefix@ #exec_prefix = @exec_prefix@ -CDEFINES = +CDEFINES = @CRYPTO@ CWARNINGS = DNSLIBS = -ldns @DNS_CRYPTO_LIBS@