Commit graph

134 commits

Author SHA1 Message Date
Michał Kępień
0476e8f1ac Make VS solution upgrading unnecessary
Until now, the build process for BIND on Windows involved upgrading the
solution file to the version of Visual Studio used on the build host.
Unfortunately, the executable used for that (devenv.exe) is not part of
Visual Studio Build Tools and thus there is no clean way to make that
executable part of a Windows Server container.

Luckily, the solution upgrade process boils down to just adding XML tags
to Visual Studio project files and modifying certain XML attributes - in
files which we pregenerate anyway using win32utils/Configure.  Thus,
extend win32utils/Configure with three new command line parameters that
enable it to mimic what "devenv.exe bind9.sln /upgrade" does.  This
makes the devenv.exe build step redundant and thus facilitates building
BIND in Windows Server containers.
2019-09-26 15:11:15 +02:00
Ondřej Surý
4957255d13 Use the semantic patch to change the usage isc_mem_create() to new API 2019-09-12 09:26:09 +02:00
Ondřej Surý
ae83801e2b Remove blocks checking whether isc_mem_get() failed using the coccinelle 2019-07-23 15:32:35 -04:00
Evan Hunt
fea6b5bf10 add a search for GeoIP2 libraries in configure
- "--with-geoip" is used to enable the legacy GeoIP library.
- "--with-geoip2" is used to enable the new GeoIP2 library
  (libmaxminddb), and is on by default if the library is found.
- using both "--with-geoip" and "--with-geoip2" at the same time
  is an error.
- an attempt is made to determine the default GeoIP2 database path at
  compile time if pkg-config is able to report the module prefix. if
  this fails, it will be necessary to set the path in named.conf with
  geoip-directory
- Makefiles have been updated, and a stub lib/dns/geoip2.c has been
  added for the eventual GeoIP2 search implementation.
2019-06-27 14:58:13 -07:00
Ondřej Surý
5d1e7be582 Rename OPENSSL_INCLUDES to OPENSSL_CFLAGS in AX_CHECK_OPENSSL() macro
The ax_check_openssl m4 macro used OPENSSL_INCLUDES.  Rename the
subst variable to OPENSSL_CFLAGS and wrap AX_CHECK_OPENSSL() in
action-if-not-found part of PKG_CHECK_MODULE check for libcrypto.
2019-06-25 12:36:01 +02:00
Ondřej Surý
e3e6888946 Make the usage of json-c objects opaque to the caller
The json-c have previously leaked into the global namespace leading
to forced -I<include_path> for every compilation unit using isc/xml.h
header.  This MR fixes the usage making the caller object opaque.
2019-06-25 12:04:20 +02:00
Ondřej Surý
0771dd3be8 Make the usage of libxml2 opaque to the caller
The libxml2 have previously leaked into the global namespace leading
to forced -I<include_path> for every compilation unit using isc/xml.h
header.  This MR fixes the usage making the caller object opaque.
2019-06-25 12:01:32 +02:00
Ondřej Surý
4d2d3b49ce Cleanup the way we detect json-c library to use only pkg-config 2019-05-29 15:08:52 +02:00
Ondřej Surý
a04a390195 Convert *.vcxproj.user to CRLF line endings 2019-03-08 18:01:48 +01:00
Ondřej Surý
c2637c8429 Use ForcedIncludeFiles directive to include config.h everywhere automatically 2019-03-08 17:14:38 +01:00
Ondřej Surý
78d0cb0a7d Use coccinelle to remove explicit '#include <config.h>' from the source files 2019-03-08 15:15:05 +01:00
Tinderbox User
b4d3f78293 prep 9.13.6 2019-02-06 22:13:05 +00:00
Mark Andrews
dc64b70616 update copyrights 2019-01-02 10:20:43 +11:00
Ondřej Surý
23fff6c569 Hint the compiler with ISC_UNREACHABLE(); that code after INSIST(0); cannot be reached 2018-11-08 12:22:17 +07:00
Ondřej Surý
fecbc7923a Remove isc_keyboard family of functions as they were not used anywhere 2018-08-28 14:37:30 +02:00
Ondřej Surý
c5040e5c9e Add @OPENSSL_LIB@ to Windows project files as needed 2018-08-10 16:45:00 +02:00
Ondřej Surý
994e656977 Replace custom isc_boolean_t with C standard bool type 2018-08-08 09:37:30 +02:00
Ondřej Surý
69380eb033 Revert "Merge branch 'modified-manual-install-oot' into 'master'"
This reverts commit d9929b1b0a, reversing
changes made to 8abf2f23d0.
2018-08-02 10:23:30 -04:00
Petr Menšík
88f913ac81 Use make automatic variables to install updated manuals
Make will choose modified manual from build directory or original from source
directory automagically. Take advantage of install tool feature.
Install all files in single command instead of iterating on each of them.
2018-08-01 01:56:16 -04:00
Ondřej Surý
71877806e8 Fix ax_check_openssl to accept yes and improve it to modern autotools standard 2018-07-23 22:10:52 +02:00
Ondřej Surý
c3b8130fe8 Make OpenSSL mandatory 2018-07-19 12:47:03 -04:00
Ondřej Surý
7ee8a7e69f address win32 build issues
- Replace external -DOPENSSL/-DPKCS11CRYPTO with properly AC_DEFINEd
  HAVE_OPENSSL/HAVE_PKCS11
- Don't enforce the crypto provider from platform.h, just from dst_api.c
  and configure scripts
2018-05-22 16:32:21 -07:00
Tinderbox User
9536688b37 regenerate doc 2018-05-21 19:59:45 +00:00
Ondřej Surý
2b8fab6828 Remove genrandom command and all usage of specific random files throughout the system test suite 2018-05-16 09:54:35 +02:00
Ondřej Surý
3a4f820d62 Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API.
The three functions has been modeled after the arc4random family of
functions, and they will always return random bytes.

The isc_random family of functions internally use these CSPRNG (if available):

1. getrandom() libc call (might be available on Linux and Solaris)
2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
4. crypto library function:
4a. RAND_bytes in case OpenSSL
4b. pkcs_C_GenerateRandom() in case PKCS#11 library
2018-05-16 09:54:35 +02:00
Ondřej Surý
23c1f7e506 Enforce usage of OpenSSL or PKCS#11 library in platform.h header 2018-05-13 19:18:56 -07:00
Ondřej Surý
55a10b7acd Remove $Id markers, Principal Author and Reviewed tags from the full source tree 2018-05-11 13:17:46 +02:00
Ondřej Surý
9a3a257374 Always use random data from the crypto provider 2018-05-03 15:03:46 +02:00
Witold Kręcicki
702c022016 libdns refactoring: get rid of multiple versions of dns_xfrin_create, dst_key_generate, dst_lib_init and dst_context_create 2018-04-06 08:04:41 +02:00
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Michał Kępień
a573b93b46 [master] Disable parallel make inside bin/confgen/ and bin/named/
4826.	[cleanup]	Prevent potential build failures in bin/confgen/ and
			bin/named/ when using parallel make. [RT #46648]
2017-11-23 11:44:33 +01:00
Tinderbox User
497f3f913e regen master 2017-10-28 01:12:35 +00:00
Evan Hunt
1d57d460d4 [master] change rndc-confgen default algorithm
this completes change 4785. the CHANGES note has been revised:

4785.	[func]		The hmac-md5 algorithm is no longer recommended for
			use with RNDC keys.  The default in rndc-confgen
			is now hmac-sha256. [RT #42272]
2017-10-27 10:56:43 -07:00
Tinderbox User
a53e03205a regen master 2017-10-25 01:08:58 +00:00
Tinderbox User
ea055a82cd update copyright notice / whitespace 2017-10-24 23:47:14 +00:00
Mark Andrews
79e78994d0 add missing semicolon 2017-10-25 10:29:10 +11:00
Evan Hunt
21761bfe79 [master] deprecate HMAC in dnssec-keygen, MD5 in rndc-confgen
4785.	[func]		The hmac-md5 algorithm is no longer recommended for
			use with RNDC keys. For compatibility reasons, it
			it is still the default algorithm in rndc-confgen,
			but this will be changed to hmac-sha256 in a future
			release. [RT #42272]

4784.	[func]		The use of dnssec-keygen to generate HMAC keys is
			deprecated in favor of tsig-keygen.  dnssec-keygen
			will print a warning when used for this purpose.
			All HMAC algorithms will be removed from
			dnssec-keygen in a future release. [RT #42272]
2017-10-24 15:35:13 -07:00
Evan Hunt
24172bd2ee [master] completed and corrected the crypto-random change
4724.	[func]		By default, BIND now uses the random number
			functions provided by the crypto library (i.e.,
			OpenSSL or a PKCS#11 provider) as a source of
			randomness rather than /dev/random.  This is
			suitable for virtual machine environments
			which have limited entropy pools and lack
			hardware random number generators.

			This can be overridden by specifying another
			entropy source via the "random-device" option
			in named.conf, or via the -r command line option;
			however, for functions requiring full cryptographic
			strength, such as DNSSEC key generation, this
			cannot be overridden. In particular, the -r
			command line option no longer has any effect on
			dnssec-keygen.

			This can be disabled by building with
			"configure --disable-crypto-rand".
			[RT #31459] [RT #46047]
2017-09-28 10:09:22 -07:00
Tinderbox User
cb5bc50c91 update copyright notice / whitespace 2017-09-18 23:48:50 +00:00
Evan Hunt
586e65ea5c [rt31459d] rebased rt31459c 2017-09-12 19:05:46 -07:00
Tinderbox User
672586440b update copyright notice / whitespace 2017-09-09 23:46:01 +00:00
Francis Dupont
90f6140832 Finished merge of rt45019 (openssl hash default) 2017-09-09 10:30:16 +02:00
Evan Hunt
8eb88aafee [master] add libns and remove liblwres
4708.   [cleanup]       Legacy Windows builds (i.e. for XP and earlier)
                        are no longer supported. [RT #45186]

4707.	[func]		The lightweight resolver daemon and library (lwresd
			and liblwres) have been removed. [RT #45186]

4706.	[func]		Code implementing name server query processing has
			been moved from bin/named to a new library "libns".
			Functions remaining in bin/named are now prefixed
			with "named_" rather than "ns_".  This will make it
			easier to write unit tests for name server code, or
			link name server functionality into new tools.
			[RT #45186]
2017-09-08 13:47:34 -07:00
Mark Andrews
164616cb9c don't attempt to link -lcrypto multiple times 2017-09-08 16:15:37 +10:00
Evan Hunt
509ba96497 [rt45019] separate DNS_CRYPTO_LIBS from ISC_OPENSSL_LIBS and use both 2017-09-07 22:05:20 -07:00
Mark Andrews
3742338a7b 4585. [port] win32: Set CompileAS value. [RT #42474] 2017-04-20 12:41:40 +10:00
Tinderbox User
16fde7f0b3 regen master 2016-12-07 01:05:34 +00:00
Mark Andrews
1b8ce3b330 4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831] 2016-12-07 10:49:55 +11:00
Evan Hunt
6087f87afb [master] make uninstall
4503.	[cleanup]	"make uninstall" now removes file installed by
			BIND. (This currently excludes Python files
			due to lack of support in setup.py.) [RT #42912]
2016-11-01 19:17:07 -07:00
Mark Andrews
63fe88e8d8 4456. [doc] Add DOCTYPE and lang attribute to <html> tags.
[RT #42587]
2016-08-26 15:14:04 +10:00