![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / security / zkt
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.15 / (download) - annotate - [select for diffs], Fri Mar 3 09:24:20 2023 UTC (2 months, 3 weeks ago) by fcambus
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
HEAD
Changes since 1.14: +2 -2
lines
Diff to previous 1.14 (colored)
zkt: update to 1.1.6. zkt 1.1.6 -- 04. Jan 2023 * misc New configure.ac file generated by 'autoscan' * bug Jan Münnich found out that "-fcommon" is needed to compile ZKT with gcc 10. This is because of a double external definition caused by including header files while defining "extern" as empty. This is fixed now by eliminating includes within include files so "-fcommon" is not needed. * misc Increase of some string vars because of compiler warnings * bug Fixed an empty statement (semicolon) in freeconfig() (Thank you gcc!) zkt 1.1.5 -- 17. Jun 2019 * misc Option -r of dnssec-keygen has been deprecated since 9.13 (or so) Usage removed in dki_new() * func recursive_file_mtime() function added by Sven Stickroth This is useful if several zone files are included in a main zone.db file to track a change of any of the input files. It is not compiled in by default (use configure --enable-inc-file-tracking to enable) because for large zone files this could be a time consuming process. It is possible to add all included files to the local config parameter "DependFiles" instead. (Use zkt-conf <zonefile> to get a list of files to be added). * misc Log name of zone if KSK is expired Thanks to Sven Stickroth * misc DEST_DIR added to Makefile to install executables at common places Thanks to Sven Stickroth * bug Fix typos in rollover.c make clean also cleans OBJ_KLS files Thanks to Sven Stickroth
Revision 1.14 / (download) - annotate - [select for diffs], Tue Sep 1 14:06:52 2020 UTC (2 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3,
pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4,
pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3
Changes since 1.13: +5 -6
lines
Diff to previous 1.13 (colored)
security/zkt: update to 1.1.4 * pkgsrc change: switch dependency from net/bind914 to net/bind916. zkt 1.1.4 -- 9. May 2016 * misc Hint to mailinglist removed from README file * bug pathname wasn't initialized in any case (dist_and_reload() in nscomm.c Thanks Jeremy C. Reed * bug move $(LIBS) at the end of the ggc link line in Makefile.in * misc Exitcode of external command is now visible in log messages stderr of each external command is redirected to stdin * bug Fixed some potential memory leaks in ncparse.c dki.c zfparse.c and zkt-soaserial.c (mostly a missing fclose() on error conditions). Thanks to Jeremy C. Reed * misc README file changed to Markdown syntax * bug running zkt-keyman -3 didn't change anything on the key database so a zkt-signer run afterwards didn't see anything to do. Now the timestamp of the dnskey.db will be reset to a value less than the timestamp of the (new) key signing key. Thanks to Sven Strickroth for finding this. * func New binary zkt-delegate added Because it depends on the ldns library, it is located in a separate directory and use a different Makefile * func New Compile time option "--enable-ds-tracking" added. Now dig is used on KSK rollover to check if the DS record is announced in the parent zone. Thanks to Sven Strickroth providing the patch. zkt 1.1.3 -- 21. Nov 2014 * func New Config Parameter DependFiles added. Contains a (comma separated) list of files which are included into the ZoneFile. The timestamps of this files are checked additional to the timestamp of the ZoneFile. Based on a suggestion from Sven Strickroth * misc Makefile changed to build tar file out of git repository * misc Minimum supported BIND version is now 9.8 * bug Fixed bug in BIND version parsing (9.10.1 was parsed as 910 which is similar to 9.1.0) Version 9.10.1 is parsed now as 091001 * misc Remove flag to request large exponent when creating keys (BIND always creates keys with large exponents since BIND 9.5.0) * misc Project moved to github Thanks to Jakob Schlyter for doing the initial stuff
Revision 1.13 / (download) - annotate - [select for diffs], Sun Jan 26 17:32:08 2020 UTC (3 years, 4 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base,
pkgsrc-2020Q2,
pkgsrc-2020Q1-base,
pkgsrc-2020Q1
Changes since 1.12: +2 -2
lines
Diff to previous 1.12 (colored)
all: migrate homepages from http to https pkglint -r --network --only "migrate" As a side-effect of migrating the homepages, pkglint also fixed a few indentations in unrelated lines. These and the new homepages have been checked manually.
Revision 1.12 / (download) - annotate - [select for diffs], Wed Oct 16 09:37:27 2019 UTC (3 years, 7 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base,
pkgsrc-2019Q4
Changes since 1.11: +3 -3
lines
Diff to previous 1.11 (colored)
*: bind912 -> bind914 Thanks taca for the heads up.
Revision 1.11 / (download) - annotate - [select for diffs], Thu Sep 27 04:23:12 2018 UTC (4 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3,
pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3
Changes since 1.10: +2 -3
lines
Diff to previous 1.10 (colored)
zkt: switch to an existing bind version Only used on DragonFly
Revision 1.10 / (download) - annotate - [select for diffs], Tue Aug 18 07:31:17 2015 UTC (7 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2,
pkgsrc-2017Q1-base,
pkgsrc-2017Q1,
pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1,
pkgsrc-2015Q4-base,
pkgsrc-2015Q4,
pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.9: +2 -1
lines
Diff to previous 1.9 (colored)
Bump all packages that depend on curses.bui* or terminfo.bui* since they might incur ncurses dependencies on some platforms, and ncurses just bumped its shlib. Some packages were bumped twice now, sorry for that.
Revision 1.9 / (download) - annotate - [select for diffs], Thu Jan 2 00:50:07 2014 UTC (9 years, 4 months ago) by dholland
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1,
pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3,
pkgsrc-2014Q2-base,
pkgsrc-2014Q2,
pkgsrc-2014Q1-base,
pkgsrc-2014Q1
Changes since 1.8: +2 -2
lines
Diff to previous 1.8 (colored)
Use the correct path variable in one marino@'s dragonfly hacks.
Revision 1.8 / (download) - annotate - [select for diffs], Fri Mar 15 23:34:44 2013 UTC (10 years, 2 months ago) by pettai
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4,
pkgsrc-2013Q3-base,
pkgsrc-2013Q3,
pkgsrc-2013Q2-base,
pkgsrc-2013Q2,
pkgsrc-2013Q1-base,
pkgsrc-2013Q1
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
zkt 1.1.2
* bug Fixed bug introduced by changes on inc_soa_serial()
zkt 1.1.1
* bug Error fixed in zkt-conf in parsing the version number
* misc inc_soa_serial() now returns 0 on success
* bug Fixed bug in inc_serial()
The zone file wasn't closed on succesful change of the soa record.
Many thanks to Frederik Soderblom for fixing this.
Revision 1.7 / (download) - annotate - [select for diffs], Wed Oct 24 16:05:15 2012 UTC (10 years, 7 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base,
pkgsrc-2012Q4
Changes since 1.6: +8 -2
lines
Diff to previous 1.6 (colored)
Allow unprivileged build on NetBSD, if bind is in base.
Revision 1.6 / (download) - annotate - [select for diffs], Tue Oct 23 18:17:02 2012 UTC (10 years, 7 months ago) by asau
Branch: MAIN
Changes since 1.5: +1 -3
lines
Diff to previous 1.5 (colored)
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Revision 1.5 / (download) - annotate - [select for diffs], Wed Jul 18 20:44:38 2012 UTC (10 years, 10 months ago) by marino
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base,
pkgsrc-2012Q3
Changes since 1.4: +12 -1
lines
Diff to previous 1.4 (colored)
security/zkt: Fix DragonFly regression
When this package was updated to version 1.1, it stopped building on
DragonFly. The main issue is that DragonFly doesn't have bind in its
base. NetBSD does, so it zkt finds it there, but otherwise it needs
the configuration switch --enable-binutil-path to be used. This was
added for DragonFly to point at ${PREFIX}/sbin.
zkt requires bind to be installed in order to build. Unlike other
packages like python, postgresql, and ruby where the mk.conf can
define a version otherwise a default is used, no such mechanism
exists to hand the four separate bind packages (at least I don't know
about one). So the inclusion of bind99 is a hack I'm not too proud
of, but I don't have a better solution. With it, it builds in clean
environments like pbulk chroot and Tinderbox. If an individual user
is building from source, they'll be smart enough to comment out this
include if another version of bind is already installed (zkt will
fail on a bind build conflict).
I suspect DragonFly is rather unique in not having bind in base, so
for now this is left as a DragonFly-specific section. Something
like net/bind99/builtin.mk could possibly be used to determine if
no builtin bind is available and thus follow DragonFly approach. I
shall leave it to others to decide.
Revision 1.4 / (download) - annotate - [select for diffs], Sat Jun 16 22:55:25 2012 UTC (10 years, 11 months ago) by pettai
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base,
pkgsrc-2012Q2
Changes since 1.3: +4 -12
lines
Diff to previous 1.3 (colored)
zkt 1.1 -- 30. Jan 2012
* misc Release numbering changed to three level "major.minor.revison" scheme
* bug REMOVE_HOLD_TIME was set to 10 days only (Thanks to Chris Thompson)
* doc Improved README file (Thanks to Jan-Piet Mens)
* misc Fix of some typos in log messages
* bug Fixed error in rollover.c (return code of genfirstkey() wasn't checked)
* misc Default of KeySetDir changed from NULL to ".." (best for hierarchical mode)
Default Sig Lifetime changed from 10 days to 3 weeks (21 days)
Default ZSK lifetime changed from 3 months to 4 times the sig lifetime
Default KSK lifetime changed from 1 year to 2 years
Parameter checks in checkconfig() adapted.
KSK random device changed back from /dev/urandom to BIND default
(Be aware of some possibly long delay in key generation)
* func New configure option to set the bind utility path manually (--enable-bindutil_path)
BIND_UTIL_PATH in config_zkt.h will no longer used
* bug If nsec3 is turned on and KeyAlgo (or AddKeyAlgo) is RSHASHA1
or DSA, genkey() uses algorithm type NSECRSASHA1 or NSEC3DSA instead.
* bug Error in printconfigdiff() fixed. (Thanks to Holger Wirtz)
* func Description added to (some of the) dnssec.conf parameters
* func Adding a patch from Hrant Dadivanyan to always pre-publish ZSKs
* misc Config file syntax changed to parameter names without underscores.
zkt-conf uses ZKT_VERSION string as config version
* bug "make install-man" now installs all man page
* bug Bug fixed in zfparse.c. zkt-conf was unable to detect an already
included dnskey.db file if another file was included.
* misc destination dnssec-zkt removed from Makefile.in
* func dki_prt_managedkeys() added to dki.c
zkt_list_managedkeys() added to zkt.c
zkt-ls has new option -M to print out a list of managed-keys
* bug Bug fixed in the config parser (zconf.c). Couldn't parse
agorithm RSASHA512 correctly (Thanks to Michael Sinatra)
Revision 1.3 / (download) - annotate - [select for diffs], Sat Dec 17 23:43:43 2011 UTC (11 years, 5 months ago) by sbd
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4
Changes since 1.2: +3 -1
lines
Diff to previous 1.2 (colored)
Add missing mk/curses buildlink. Bump PKGREVISION
Revision 1.2 / (download) - annotate - [select for diffs], Sat Mar 12 16:46:05 2011 UTC (12 years, 2 months ago) by pettai
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base,
pkgsrc-2011Q3,
pkgsrc-2011Q2-base,
pkgsrc-2011Q2,
pkgsrc-2011Q1-base,
pkgsrc-2011Q1
Changes since 1.1: +19 -5
lines
Diff to previous 1.1 (colored)
zkt 1.0 -- 15. June 2010
* feat "/dev/urandom" check added to checkconfig()
* feat Config compability switch (-C) added to zkt-conf
* feat zkt-ls has a new switch -s to change sorting of domains from
subdomain before parent to subdomain below the parent
* feat "zkt-ls -T" prints only parent trust anchor
zkt 1.0rc1 -- 1. Apr 2010 (The 1.0 release was sponsored by DOMINIC(r) )
* feat Several config parameter are printed now in a more consistent and
user friendly form.
SerialFormat "Incremental" could be abbreviated as "inc" on input.
* bug use of AC_ARG_ENABLE macros changed in a way that it is possible
to use it as a "--disable-FEATURE" switch.
* port no longer checking for malloc() in configue script.
Mainly because it checks only if malloc(0) is allowed and we do
not need this.
* port --disable-color-mode added to configure script
* bug Makro PRINT_AGE_OF_YEAR renamed to PRINT_AGE_WITH_YEAR in configure.ac
* misc man page zkt-keyman added
* misc New command zkt-keyman added as replacement for dnssec-zkt's key
management functionality
* misc man page zkt-ls added
* port Check for ncurses added to Makefile.in
* misc Color mode (Option -C) added to zkt-ls (experimental)
New source file tcap.c.
* misc Deprecate "single linked list" version of ZKT. The binary tree
version is the default for years, so the VERSION string does no
longer contain a "T". Now, if someone insist on the single link
list version (configure --disable-tree) a "S" is added to the
version string.
Anyway, the code for the single link list version does no longer
have the same functionality and will be removed in one of the later
releases.
* misc New command zkt-ls added as replacement for dnssec-zkt's key
listing functionality
* func New key algorithms RSASHA256 and RSAHSHA512 added to dki.[ch]
and zconf.c
New parameter NSEC3 added. Now it's possible to configure
an NSEC3_OPTOUT zone.
* bug Token parsing function gettok() fixed to recognize tokens
with dashes ("zone-statistics" was seen as "zone").
Thanks to Andreas Baess for finding this bug.
* bug Fixed bug in (re)salting dynamic zones.
sig_zone() and gensalt() needs parameter change for this
* func New option -a added to zkt-conf
* func In zconf.c CONF_TIMEINT parameter are now able to recognize
"unset" values (which is represented internaly as 0)
* func Set Max_TTL to sig lifetime for dynamic zones or if Max_TTL
is less than 1.
max_ttl checks in checkconfig() fixed.
* func printconfigdiff() added to zconf.c and used by zkt-conf.
Now local configs are printed as diff to site wide config.
* misc man page zkt-signer.8 changed to new command syntax
* func Per domain logging added. Use parameter LogDomainDir to
enable it. For more details see file README.logging.
* func distribute.sh supports new action type "distkeys" but is
currently not used
* misc LOG_FNAMETMPL changed and moved from config_zkt.h to log.h
* misc Default soa serial format changed from "Incremental"
to "Unixtime"
* func dnssec-signer command renamed to zkt-signer. Man page updated.
* func New command zkt-conf added as replacement for dnssec-zkt -Z
* misc timeint2str() is now global (zconf.c)
* func zfparse.c - a rudimentary zone file parser
scans minimum and maximum ttl values; adds $INCLUDE dnskey.db
zkt 0.99d -- Not released
* func Option SIG_DnsKeyKSK for DNSKEY signing with KSK only added
* misc BIND 9.7 compability
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sat Mar 13 19:19:51 2010 UTC (13 years, 2 months ago) by pettai
Branch: TNF
CVS Tags: pkgsrc-base,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
ZKT is a tool to manage keys and signatures for DNSSEC-zones. The Zone Key Tool consist of two commands: * dnssec-zkt to create and list dnssec zone keys and * dnssec-signer to sign a zone and manage the lifetime of the zone signing keys Both commands are simple wrapper commands around the dnssec-keygen(8) and dnssec-signzone(8) commands provided by BIND.
Revision 1.1 / (download) - annotate - [select for diffs], Sat Mar 13 19:19:51 2010 UTC (13 years, 2 months ago) by pettai
Branch: MAIN
Initial revision