Public bug reported: Native pkcs11 support in bind9 is needed for DNSSEC support in FreeIPA. I've added this to bind9 package here:
https://git.launchpad.net/~tjaalton/ubuntu/+source/bind It has a patch from Fedora split in two. The first one is applied with quilt along with the rest of the patches, and it just modifies Makefiles & configure to allow building native pkcs11 in the same build with openssl. The second patch is applied manually after copying bin/named, bin/dnssec, lib/isc, lib/dns for a separate build. This patch modifies includes and targets to use correct names for this build. Neither of the patches touch actual code, and if any new patches are later added that do, the changes are also carried over to the separate build since the directories are copied during build. The resulting binaries and libraries are added to the existing packages, but it's also possible to ship them separate. This whole separate build thing is because the current build is with openssl enabled, and I don't know what replacing that with pkcs11 would mean for existing users. Building it separate is guaranteed to not harm anyone. ** Affects: bind9 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1565392 Title: add support for native pkcs11 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1565392/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
