pkg/41751: add option to net/bind96 for DNSSEC signature chasing in dig(1)

[Taylor R Campbell <campbell%mumble.net@localhost>]

>Number:         41751
>Category:       pkg
>Synopsis:       add option to net/bind96 for DNSSEC signature chasing in dig(1)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 18 06:35:00 +0000 2009
>Originator:     Taylor R Campbell <campbell%mumble.net@localhost>
>Release:        NetBSD 5.0_STABLE
>Organization:
>Environment:
>Description:

        dig(1) has an option +sigchase which is enabled only by
        setting the cpp macro DIG_SIGCHASE to true.  The man page
        tantalizes users by discussing this even though the default
        builds, in NetBSD's base system and in pkgsrc, omit the
        option.

        Even if the support in dig(1) for signature chasing is not
        very useful, at least it alleviates a certain frustration just
        to find out exactly what it does after reading a tantalizing
        man page.

>How-To-Repeat:

        Inhale all the hype about DNSSEC.  Wonder how to verify a
        signed resource record, in practice.  Read the dig(1) man
        page.  Grow excited about the +sigchase option.  Fail to use
        it because support for it is excluded by default.

>Fix:

        Apply the following patch so that users can write

                PKG_OPTIONS.bind96+=    bind-dig-sigchase

        in their mk.conf files to enable support for the +sigchase
        option to dig(1).  This patch might be appropriate to apply to
        earlier versions of BIND, too, but I don't know, and I haven't
        tested them.

Index: ./mk/defaults/options.description
===================================================================
RCS file: /cvsroot/pkgsrc/mk/defaults/options.description,v
retrieving revision 1.281
diff -p -u -r1.281 options.description
--- ./mk/defaults/options.description   1 Jul 2009 01:39:21 -0000       1.281
+++ ./mk/defaults/options.description   18 Jul 2009 06:09:48 -0000
@@ -33,6 +33,7 @@ avahi-howl            Enable howl compatibility in
 bacula-static          Enable building of statically linked versions of the 
Bacula daemons
 batch                  Enable batch mode support.
 bdb                    Enable Berkeley DB support.
+bind-dig-sigchase      Enable dig(1) option +sigchase for DNSSEC signature 
chasing.
 bind-xml-statistics-server     Enable building in the statistics server in 
bind95 and later.
 bittorrent             Enable bittorrent support
 blender-exppython      Enable the Experimental Python support.
Index: ./net/bind96/options.mk
===================================================================
RCS file: /cvsroot/pkgsrc/net/bind96/options.mk,v
retrieving revision 1.1.1.1
diff -p -u -r1.1.1.1 options.mk
--- ./net/bind96/options.mk     4 Jan 2009 00:21:36 -0000       1.1.1.1
+++ ./net/bind96/options.mk     18 Jul 2009 06:09:48 -0000
@@ -2,7 +2,7 @@
 
 PKG_OPTIONS_VAR=        PKG_OPTIONS.bind96
 PKG_SUPPORTED_OPTIONS=  bind-xml-statistics-server inet6 threads
-PKG_SUPPORTED_OPTIONS+=        mysql pgsql ldap dlz-filesystem
+PKG_SUPPORTED_OPTIONS+=        mysql pgsql ldap dlz-filesystem 
bind-dig-sigchase
 
 .include "../../mk/pthread.buildlink3.mk"
 
@@ -74,3 +74,12 @@ CONFIGURE_ARGS+=     --enable-threads
 .else
 CONFIGURE_ARGS+=       --disable-threads
 .endif
+
+###
+### dig(1) option +sigchase for DNSSEC signature chasing
+###
+.if !empty(PKG_OPTIONS:Mbind-dig-sigchase)
+# If anything else needs to add entries to STD_CDEFINES, this will need
+# to be changed so that the two can cooperate.
+CONFIGURE_ENV+=                STD_CDEFINES=-DDIG_SIGCHASE=1
+.endif