Re: CVS commit: pkgsrc/net/ldns

[Greg Troxel <gdt%lexort.com@localhost>]

Havard Eidnes <he%NetBSD.org@localhost> writes:

>>>> The default for LDNS_TRUST_ANCHOR_FILE is dubious, since we could use
>>>> the unbound from -base, and we don't depend on net/unbound either.
>>>> It can be overridden on the command line, though.
>>>
>>> So where does ldns look for a config file then?
>>
>> It doesn't really, it's a library: <https://github.com/NLnetLabs/ldns>
>>
>>> Or is this about looking for some other file that isn't an ldns config
>>> file, and it's misusing autoconf sysconfdir for that?
>>
>> This - by default, it looks for a key file in unbound's config dir. 
>> Arguably, it should use its own directory instead. Maybe the pkg 
>> maintainer wants to chime in?
>
> Well...  LDNS_TRUST_ANCHOR_FILE isn't set in the package
> infrastructure files, so we end up with what configure.ac says
> and does:
>
> AC_ARG_WITH(trust-anchor, AC_HELP_STRING([--with-trust-anchor=KEYFILE], [Default location of the trust anchor file for drill and ldns-dane. [default=SYSCONFDIR/unbound/root.key]]), [
>  AC_SUBST([LDNS_TRUST_ANCHOR_FILE], ["$withval"])
>  AC_MSG_NOTICE([Default trust anchor: $withval])
> ],[
>  AC_SUBST([LDNS_TRUST_ANCHOR_FILE], ["\$(sysconfdir)/unbound/root.key"])
> ])
>
> It doesn't look like NetBSD's base system in netbsd-9 (or
> netbsd-10?!?) installs a root.key file, the above is about as
> good or bad as anything else, usability-wise, I would think.

Probably then, ldns should bl3 on unbound, letting that be builtin or
pkgsrc, and figure out unbound's dir and set --with-trust-anchor to
that.