The NetBSD Project

CVS log for pkgsrc/security/zkt/Makefile

[BACK] Up to [] / pkgsrc / security / zkt

Request diff between arbitrary revisions

Default branch: MAIN

Revision 1.15 / (download) - annotate - [select for diffs], Fri Mar 3 09:24:20 2023 UTC (2 months, 3 weeks ago) by fcambus
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1, HEAD
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

zkt: update to 1.1.6.

zkt 1.1.6 -- 04. Jan 2023

* misc	New file generated by 'autoscan'

* bug	Jan M√ľnnich found out that "-fcommon" is needed to compile ZKT
	with gcc 10.
	This is because of a double external definition caused by
	including header files while defining "extern" as empty.
	This is fixed now by eliminating includes within include files
	so "-fcommon" is not needed.

* misc	Increase of some string vars because of compiler warnings

* bug	Fixed an empty statement (semicolon) in freeconfig()
	(Thank you gcc!)

zkt 1.1.5 -- 17. Jun 2019

* misc	Option -r of dnssec-keygen has been deprecated since 9.13 (or so)
	Usage removed in dki_new()

* func	recursive_file_mtime() function added by Sven Stickroth
	This is useful if several zone files are included in a main zone.db
	file to track a change of any of the input files.
	It is not compiled in by default (use configure --enable-inc-file-tracking
	to enable) because for large zone files this could be a time consuming process.
	It is possible to add all included files to the local config parameter
	"DependFiles" instead. (Use zkt-conf <zonefile> to get a list of files to be added).

* misc	Log name of zone if KSK is expired
	Thanks to Sven Stickroth

* misc	DEST_DIR added to Makefile to install executables at common places
	Thanks to Sven Stickroth

* bug	Fix typos in rollover.c
	make clean also cleans OBJ_KLS files
	Thanks to Sven Stickroth

Revision 1.14 / (download) - annotate - [select for diffs], Tue Sep 1 14:06:52 2020 UTC (2 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.13: +5 -6 lines
Diff to previous 1.13 (colored)

security/zkt: update to 1.1.4

* pkgsrc change: switch dependency from net/bind914 to net/bind916.

zkt 1.1.4 -- 9. May 2016

* misc	Hint to mailinglist removed from README file

* bug	pathname wasn't initialized in any case (dist_and_reload() in nscomm.c
	Thanks Jeremy C. Reed

* bug	move $(LIBS) at the end of the ggc link line in

* misc	Exitcode of external command is now visible in log messages
	stderr of each external command is redirected to stdin

* bug	Fixed some potential memory leaks in ncparse.c dki.c zfparse.c
	and zkt-soaserial.c (mostly a missing fclose() on error conditions).
	Thanks to Jeremy C. Reed

* misc	README file changed to Markdown syntax

* bug	running zkt-keyman -3 didn't change anything on the key database
	so a zkt-signer run afterwards didn't see anything to do.
	Now the timestamp of the dnskey.db will be reset to a value less
	than the timestamp of the (new) key signing key.
	Thanks to Sven Strickroth for finding this.

* func	New binary zkt-delegate added
	Because it depends on the ldns library, it is located in
	a separate directory and use a different Makefile

* func	New Compile time option "--enable-ds-tracking" added.
	Now dig is used on KSK rollover to check if the DS record
	is announced in the parent zone.
	Thanks to Sven Strickroth providing the patch.

zkt 1.1.3 -- 21. Nov 2014

* func	New Config Parameter DependFiles added.
	Contains a (comma separated) list of files which are
	included into the ZoneFile. The timestamps of this files
	are checked additional to the timestamp of the ZoneFile.
	Based on a suggestion from Sven Strickroth

* misc	Makefile changed to build tar file out of git repository

* misc	Minimum supported BIND version is now 9.8

* bug	Fixed bug in BIND version parsing (9.10.1 was parsed as 910
	which is similar to 9.1.0)
	Version 9.10.1 is parsed now as 091001

* misc	Remove flag to request large exponent when creating keys
	(BIND always creates keys with large exponents since BIND 9.5.0)

* misc	Project moved to github
	Thanks to Jakob Schlyter for doing the initial stuff

Revision 1.13 / (download) - annotate - [select for diffs], Sun Jan 26 17:32:08 2020 UTC (3 years, 4 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)

all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.

Revision 1.12 / (download) - annotate - [select for diffs], Wed Oct 16 09:37:27 2019 UTC (3 years, 7 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)

*: bind912 -> bind914

Thanks taca for the heads up.

Revision 1.11 / (download) - annotate - [select for diffs], Thu Sep 27 04:23:12 2018 UTC (4 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.10: +2 -3 lines
Diff to previous 1.10 (colored)

zkt: switch to an existing bind version

Only used on DragonFly

Revision 1.10 / (download) - annotate - [select for diffs], Tue Aug 18 07:31:17 2015 UTC (7 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3
Changes since 1.9: +2 -1 lines
Diff to previous 1.9 (colored)

Bump all packages that depend on curses.bui* or terminfo.bui* since they
might incur ncurses dependencies on some platforms, and ncurses just bumped
its shlib.
Some packages were bumped twice now, sorry for that.

Revision 1.9 / (download) - annotate - [select for diffs], Thu Jan 2 00:50:07 2014 UTC (9 years, 4 months ago) by dholland
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)

Use the correct path variable in one marino@'s dragonfly hacks.

Revision 1.8 / (download) - annotate - [select for diffs], Fri Mar 15 23:34:44 2013 UTC (10 years, 2 months ago) by pettai
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)

zkt 1.1.2

* bug   Fixed bug introduced by changes on inc_soa_serial()

zkt 1.1.1

* bug   Error fixed in zkt-conf in parsing the version number
* misc  inc_soa_serial() now returns 0 on success
* bug   Fixed bug in inc_serial()
        The zone file wasn't closed on succesful change of the soa record.
        Many thanks to Frederik Soderblom for fixing this.

Revision 1.7 / (download) - annotate - [select for diffs], Wed Oct 24 16:05:15 2012 UTC (10 years, 7 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base, pkgsrc-2012Q4
Changes since 1.6: +8 -2 lines
Diff to previous 1.6 (colored)

Allow unprivileged build on NetBSD, if bind is in base.

Revision 1.6 / (download) - annotate - [select for diffs], Tue Oct 23 18:17:02 2012 UTC (10 years, 7 months ago) by asau
Branch: MAIN
Changes since 1.5: +1 -3 lines
Diff to previous 1.5 (colored)

Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.5 / (download) - annotate - [select for diffs], Wed Jul 18 20:44:38 2012 UTC (10 years, 10 months ago) by marino
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3
Changes since 1.4: +12 -1 lines
Diff to previous 1.4 (colored)

security/zkt: Fix DragonFly regression

When this package was updated to version 1.1, it stopped building on
DragonFly.  The main issue is that DragonFly doesn't have bind in its
base.  NetBSD does, so it zkt finds it there, but otherwise it needs
the configuration switch --enable-binutil-path to be used.  This was
added for DragonFly to point at ${PREFIX}/sbin.

zkt requires bind to be installed in order to build.  Unlike other
packages like python, postgresql, and ruby where the mk.conf can
define a version otherwise a default is used, no such mechanism
exists to hand the four separate bind packages (at least I don't know
about one).  So the inclusion of bind99 is a hack I'm not too proud
of, but I don't have a better solution.  With it, it builds in clean
environments like pbulk chroot and Tinderbox.  If an individual user
is building from source, they'll be smart enough to comment out this
include if another version of bind is already installed (zkt will
fail on a bind build conflict).

I suspect DragonFly is rather unique in not having bind in base, so
for now this is left as a DragonFly-specific section.  Something
like net/bind99/ could possibly be used to determine if
no builtin bind is available and thus follow DragonFly approach.  I
shall leave it to others to decide.

Revision 1.4 / (download) - annotate - [select for diffs], Sat Jun 16 22:55:25 2012 UTC (10 years, 11 months ago) by pettai
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base, pkgsrc-2012Q2
Changes since 1.3: +4 -12 lines
Diff to previous 1.3 (colored)

zkt 1.1 -- 30. Jan 2012

* misc  Release numbering changed to three level "major.minor.revison" scheme
* bug   REMOVE_HOLD_TIME was set to 10 days only (Thanks to Chris Thompson)
* doc   Improved README file (Thanks to Jan-Piet Mens)
* misc  Fix of some typos in log messages
* bug   Fixed error in rollover.c (return code of genfirstkey() wasn't checked)
* misc  Default of KeySetDir changed from NULL to ".." (best for hierarchical mode)
        Default Sig Lifetime changed from 10 days to 3 weeks (21 days)
        Default ZSK lifetime changed from 3 months to 4 times the sig lifetime
        Default KSK lifetime changed from 1 year to 2 years
        Parameter checks in checkconfig() adapted.
        KSK random device changed back from /dev/urandom to BIND default
        (Be aware of some possibly long delay in key generation)
* func  New configure option to set the bind utility path manually (--enable-bindutil_path)
        BIND_UTIL_PATH in config_zkt.h will no longer used
* bug   If nsec3 is turned on and KeyAlgo (or AddKeyAlgo) is RSHASHA1
        or DSA, genkey() uses algorithm type NSECRSASHA1 or NSEC3DSA instead.
* bug   Error in printconfigdiff() fixed. (Thanks to Holger Wirtz)
* func  Description added to (some of the) dnssec.conf parameters
* func  Adding a patch from Hrant Dadivanyan to always pre-publish ZSKs
* misc  Config file syntax changed to parameter names without underscores.
        zkt-conf uses ZKT_VERSION string as config version
* bug   "make install-man" now installs all man page
* bug   Bug fixed in zfparse.c. zkt-conf was unable to detect an already
        included dnskey.db file if another file was included.
* misc  destination dnssec-zkt removed from
* func  dki_prt_managedkeys() added to dki.c
        zkt_list_managedkeys() added to zkt.c
        zkt-ls has new option -M to print out a list of managed-keys
* bug   Bug fixed in the config parser (zconf.c). Couldn't parse
        agorithm RSASHA512 correctly (Thanks to Michael Sinatra)

Revision 1.3 / (download) - annotate - [select for diffs], Sat Dec 17 23:43:43 2011 UTC (11 years, 5 months ago) by sbd
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4
Changes since 1.2: +3 -1 lines
Diff to previous 1.2 (colored)

Add missing mk/curses buildlink.


Revision 1.2 / (download) - annotate - [select for diffs], Sat Mar 12 16:46:05 2011 UTC (12 years, 2 months ago) by pettai
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1
Changes since 1.1: +19 -5 lines
Diff to previous 1.1 (colored)

zkt 1.0 -- 15. June 2010

* feat  "/dev/urandom" check added to checkconfig()
* feat  Config compability switch (-C) added to zkt-conf
* feat  zkt-ls has a new switch -s to change sorting of domains from
        subdomain before parent to subdomain below the parent
* feat  "zkt-ls -T" prints only parent trust anchor

zkt 1.0rc1 -- 1. Apr 2010 (The 1.0 release was sponsored by DOMINIC(r) )

* feat  Several config parameter are printed now in a more consistent and
        user friendly form.
        SerialFormat "Incremental" could be abbreviated as "inc" on input.
* bug   use of AC_ARG_ENABLE macros changed in a way that it is possible
        to use it as a "--disable-FEATURE" switch.
* port  no longer checking for malloc() in configue script.
        Mainly because it checks only if malloc(0) is allowed and we do
        not need this.
* port  --disable-color-mode added to configure script
* bug   Makro PRINT_AGE_OF_YEAR renamed to PRINT_AGE_WITH_YEAR in
* misc  man page zkt-keyman added
* misc  New command zkt-keyman added as replacement for dnssec-zkt's key
        management functionality
* misc  man page zkt-ls added
* port  Check for ncurses added to
* misc  Color mode (Option -C) added to zkt-ls (experimental)
        New source file tcap.c.
* misc  Deprecate "single linked list" version of ZKT. The binary tree
        version is the default for years, so the VERSION string does no
        longer contain a "T".  Now, if someone insist on the single link
        list version (configure --disable-tree) a "S" is added to the
        version string.
        Anyway, the code for the single link list version does no longer
        have the same functionality and will be removed in one of the later
* misc  New command zkt-ls added as replacement for dnssec-zkt's key
        listing functionality
* func  New key algorithms RSASHA256 and RSAHSHA512 added to dki.[ch]
        and zconf.c
        New parameter NSEC3 added. Now it's possible to configure
        an NSEC3_OPTOUT zone.
* bug   Token parsing function gettok() fixed to recognize tokens
        with dashes ("zone-statistics" was seen as "zone").
        Thanks to Andreas Baess for finding this bug.
* bug   Fixed bug in (re)salting dynamic zones.
        sig_zone() and gensalt() needs parameter change for this
* func  New option -a added to zkt-conf
* func  In zconf.c CONF_TIMEINT parameter are now able to recognize
        "unset" values (which is represented internaly as 0)
* func  Set Max_TTL to sig lifetime for dynamic zones or if Max_TTL
        is less than 1.
        max_ttl checks in checkconfig() fixed.
* func  printconfigdiff() added to zconf.c and used by zkt-conf.
        Now local configs are printed as diff to site wide config.
* misc  man page zkt-signer.8 changed to new command syntax
* func  Per domain logging added. Use parameter LogDomainDir to
        enable it. For more details see file README.logging.
* func supports new action type "distkeys" but is
        currently not used
* misc  LOG_FNAMETMPL changed and moved from config_zkt.h to log.h
* misc  Default soa serial format changed from "Incremental"
        to "Unixtime"
* func  dnssec-signer command renamed to zkt-signer. Man page updated.
* func  New command zkt-conf added as replacement for dnssec-zkt -Z
* misc  timeint2str() is now global (zconf.c)
* func  zfparse.c - a rudimentary zone file parser
        scans minimum and maximum ttl values; adds $INCLUDE dnskey.db

zkt 0.99d -- Not released

* func  Option SIG_DnsKeyKSK for DNSKEY signing with KSK only added
* misc  BIND 9.7 compability

Revision / (download) - annotate - [select for diffs] (vendor branch), Sat Mar 13 19:19:51 2010 UTC (13 years, 2 months ago) by pettai
Branch: TNF
CVS Tags: pkgsrc-base, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

ZKT is a tool to manage keys and signatures for DNSSEC-zones.
The Zone Key Tool consist of two commands:
* dnssec-zkt to create and list dnssec zone keys and
* dnssec-signer to sign a zone and manage the lifetime of the zone signing keys
Both commands are simple wrapper commands around the dnssec-keygen(8) and
dnssec-signzone(8) commands provided by BIND.

Revision 1.1 / (download) - annotate - [select for diffs], Sat Mar 13 19:19:51 2010 UTC (13 years, 2 months ago) by pettai
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

CVSweb <>