Re: svn commit: r292206 - in head/contrib/unbound: . compat daemon dns64 dnstap doc iterator libunbound libunbound/python libunbound/python/doc libunbound/python/doc/modules libunbound/python/examples ...

[Peter Wemm]

On Wednesday, February 03, 2016 10:10:51 AM Peter Wemm wrote:
> On Monday, December 14, 2015 01:01:51 PM Dag-Erling Smørgrav wrote:
> > Author: des
> > Date: Mon Dec 14 13:01:51 2015
> > New Revision: 292206
> > URL: https://svnweb.freebsd.org/changeset/base/292206
> > 
> > Log:
> >   Upgrade to Unbound 1.5.7.
> > 
> > Added:
> >   head/contrib/unbound/.gitignore
> >   
> >      - copied unchanged from r292133, vendor/unbound/dist/.gitignore
> >   
> >   head/contrib/unbound/compat/isblank.c
> >   
> >      - copied unchanged from r292133, vendor/unbound/dist/compat/isblank.c
> > 
> > Modified:
> >   head/contrib/unbound/Makefile.in
> 
> An error was introduced here that breaks some of the support scripts:
> 
> @@ -107,16 +107,15 @@
>  fi
> 
>  # create self-signed cert for server
> -cat >request.cfg <<EOF
> -[req]
> -default_bits=$BITS
> -default_md=$HASH
> -prompt=no
> -distinguished_name=req_distinguished_name
> +echo "[req]\n" > request.cfg
> +echo "default_bits=$BITS\n" >> request.cfg
> +echo "default_md=$HASH\n" >> request.cfg
> +echo "prompt=no\n" >> request.cfg
> +echo "distinguished_name=req_distinguished_name\n" >> request.cfg
> +echo "\n" >> request.cfg
> +echo "[req_distinguished_name]\n" >> request.cfg
> +echo "commonName=$SERVERNAME\n" >> request.cfg
> 
> -[req_distinguished_name]
> -commonName=$SERVERNAME
> -EOF
>  test -f request.cfg || error "could not create request.cfg"
> 
>  echo "create $SVR_BASE.pem (self signed certificate)"
> @@ -125,16 +124,15 @@
>  openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out
> $SVR_BASE"_trust.pem"
> 
>  # create client request and sign it, piped
> -cat >request.cfg <<EOF
> -[req]
> -default_bits=$BITS
> -default_md=$HASH
> -prompt=no
> -distinguished_name=req_distinguished_name
> +echo "[req]\n" > request.cfg
> +echo "default_bits=$BITS\n" >> request.cfg
> +echo "default_md=$HASH\n" >> request.cfg
> +echo "prompt=no\n" >> request.cfg
> +echo "distinguished_name=req_distinguished_name\n" >> request.cfg
> +echo "\n" >> request.cfg
> +echo "[req_distinguished_name]\n" >> request.cfg
> +echo "commonName=$CLIENTNAME" >> request.cfg
> 
> -[req_distinguished_name]
> -commonName=$CLIENTNAME
> -EOF
>  test -f request.cfg || error "could not create request.cfg"
> 
>  echo "create $CTL_BASE.pem (signed client certificate)"
> 
> Whoever wrote this seems to have confused "echo" with "printf".  All the
> trailing "\n" lines cause an openssl error.  In the cluster build I had to
> remove the "\n" and that was sufficient to bootstrap new instances again.

Filed as https://bugs.freebsd.org/206887
-- 
Peter Wemm - pe...@wemm.org; pe...@freebsd.org; pe...@yahoo-inc.com; KI6FJV
UTF-8: for when a ' or ... just won\342\200\231t do\342\200\246

signature.asc
Description: This is a digitally signed message part.