From jerry at opendnssec.org Thu Apr 3 12:53:38 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Thu, 03 Apr 2014 14:53:38 +0200 Subject: [Opendnssec-develop] Re: [Opendnssec-user] opendnssec 1.4.4 and mysql In-Reply-To: References: <1396277087.4171.13.camel@mje.posix.co.za> Message-ID: <1396529618.6057.10.camel@mine> Hi Mark, On tor, 2014-04-03 at 10:51 +0100, Sara Dickinson wrote: > On 31 Mar 2014, at 15:44, Mark Elkins wrote: > > > ods-ksmutil key list: > > Keys: > > ERROR: error executing SQL - Unknown column 'k.zone_id' in 'on clause' > > Error: failed to list keys Sadly there is a little bug that passed us by here, the issue is that a SQL join was made to the key data which is a view and MySQL does not like this. > I?ve managed to reproduce this problem locally, but I don?t see it happening on any of our test systems so something a little strange is going on. Our tests didn't catch this because there was a miss when we migrated to GitHub and our tests for 1.3 and 1.4 using MySQL was actually running SQLite, that has been fixed now. We will of course start working on this and release a fixed version ASAP! Also note that this bug only affects "key list" and should not disrupt services and 1.3 is not affected. Thanks for reporting this. Cheers Jerry -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 620 bytes Desc: This is a digitally signed message part URL: From jerry at opendnssec.org Thu Apr 3 13:05:47 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Thu, 03 Apr 2014 15:05:47 +0200 Subject: [Opendnssec-develop] Re: [Opendnssec-user] opendnssec 1.4.4 and mysql In-Reply-To: <1396529618.6057.10.camel@mine> References: <1396277087.4171.13.camel@mje.posix.co.za> <1396529618.6057.10.camel@mine> Message-ID: <1396530347.6057.15.camel@mine> Hi, On tor, 2014-04-03 at 14:53 +0200, Jerry Lundstr?m wrote: > Sadly there is a little bug that passed us by here, the issue is that a > SQL join was made to the key data which is a view and MySQL does not > like this. The problem was not really the join but more that the alias to KEYDATA_VIEW is misleading, the alias "k" and "d" is used inside the view and looks like they are exported to outside the view and the alias "k" set in the SQL statement for key list can't be trusted on. So Sara/Warren and anyone else working on 1.3/1.4 SQL stuff, have that in mind in the future. I did a PR with a fix: https://github.com/opendnssec/opendnssec/pull/65 Will see if I can get MySQL tests to run via the build bot quickly today and we should be able to push out a candidate tomorrow. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 620 bytes Desc: This is a digitally signed message part URL: From jerry at opendnssec.org Thu Apr 3 14:21:12 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Thu, 03 Apr 2014 16:21:12 +0200 Subject: [Opendnssec-develop] Build bot - opendnssec PR's - now with MySQL tests Message-ID: <1396534872.6057.17.camel@mine> Hi, I have chained the MySQL build/test jobs into PR's for opendnssec now. It has doubled the run time for a #build but it is needed. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 620 bytes Desc: This is a digitally signed message part URL: From jerry at opendnssec.org Thu Apr 3 14:24:38 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Thu, 03 Apr 2014 16:24:38 +0200 Subject: [Opendnssec-develop] OpenDNSSEC 1.4.5rc1 tomorrow? (Was:: [Opendnssec-user] opendnssec 1.4.4 and mysql) In-Reply-To: <1396530347.6057.15.camel@mine> References: <1396277087.4171.13.camel@mje.posix.co.za> <1396529618.6057.10.camel@mine> <1396530347.6057.15.camel@mine> Message-ID: <1396535078.6057.20.camel@mine> On tor, 2014-04-03 at 15:05 +0200, Jerry Lundstr?m wrote: > I did a PR with a fix: > https://github.com/opendnssec/opendnssec/pull/65 > > Will see if I can get MySQL tests to run via the build bot quickly > today > and we should be able to push out a candidate tomorrow. PR #65 seems to solve it, shall we do 1.4.5rc1 tomorrow? -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 620 bytes Desc: This is a digitally signed message part URL: From sara at sinodun.com Thu Apr 3 16:40:33 2014 From: sara at sinodun.com (Sara Dickinson) Date: Thu, 3 Apr 2014 17:40:33 +0100 Subject: [Opendnssec-develop] Re: OpenDNSSEC 1.4.5rc1 tomorrow? (Was:: [Opendnssec-user] opendnssec 1.4.4 and mysql) In-Reply-To: <1396535078.6057.20.camel@mine> References: <1396277087.4171.13.camel@mje.posix.co.za> <1396529618.6057.10.camel@mine> <1396530347.6057.15.camel@mine> <1396535078.6057.20.camel@mine> Message-ID: <05FD0F57-904B-4538-8FD1-F4527057022F@sinodun.com> Sounds good. I'll have a quick look later tonightn and then yes, lets plan to do that. Thanks Sara. Sent from my iPhone > On 3 Apr 2014, at 15:24, Jerry Lundstr?m wrote: > >> On tor, 2014-04-03 at 15:05 +0200, Jerry Lundstr?m wrote: >> I did a PR with a fix: >> https://github.com/opendnssec/opendnssec/pull/65 >> >> Will see if I can get MySQL tests to run via the build bot quickly >> today >> and we should be able to push out a candidate tomorrow. > > PR #65 seems to solve it, shall we do 1.4.5rc1 tomorrow? > > -- > Jerry Lundstr?m - OpenDNSSEC Developer > http://www.opendnssec.org/ > From sara at sinodun.com Fri Apr 4 08:19:43 2014 From: sara at sinodun.com (Sara Dickinson) Date: Fri, 4 Apr 2014 09:19:43 +0100 Subject: [Opendnssec-develop] Re: OpenDNSSEC 1.4.5rc1 tomorrow? (Was:: [Opendnssec-user] opendnssec 1.4.4 and mysql) In-Reply-To: <1396535078.6057.20.camel@mine> References: <1396277087.4171.13.camel@mje.posix.co.za> <1396529618.6057.10.camel@mine> <1396530347.6057.15.camel@mine> <1396535078.6057.20.camel@mine> Message-ID: <5E14F077-F895-4974-B0BC-0FCF772ABF50@sinodun.com> On 3 Apr 2014, at 15:24, Jerry Lundstr?m wrote: > On tor, 2014-04-03 at 15:05 +0200, Jerry Lundstr?m wrote: >> I did a PR with a fix: >> https://github.com/opendnssec/opendnssec/pull/65 >> >> Will see if I can get MySQL tests to run via the build bot quickly >> today >> and we should be able to push out a candidate tomorrow. > > PR #65 seems to solve it, shall we do 1.4.5rc1 tomorrow? Code fix looks fine. 1) I would like to comment in the NEWS file to be much more explicit about what the problem was. I?ll do a quick pull request to fix this. 2) Looking at Jenkins, is seems like the daily tests are not running every night? Last time they ran for 1.4 was 27th March as far as I can tell. Jerry can you please look into this and also kick them off manually before we do the release? Thanks Sara. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From sara at sinodun.com Fri Apr 4 08:31:17 2014 From: sara at sinodun.com (Sara Dickinson) Date: Fri, 4 Apr 2014 09:31:17 +0100 Subject: [Opendnssec-develop] Re: [Opendnssec-user] opendnssec 1.4.4 and mysql In-Reply-To: <1396530347.6057.15.camel@mine> References: <1396277087.4171.13.camel@mje.posix.co.za> <1396529618.6057.10.camel@mine> <1396530347.6057.15.camel@mine> Message-ID: On 3 Apr 2014, at 14:05, Jerry Lundstr?m wrote: > Hi, > > On tor, 2014-04-03 at 14:53 +0200, Jerry Lundstr?m wrote: >> Sadly there is a little bug that passed us by here, the issue is that a >> SQL join was made to the key data which is a view and MySQL does not >> like this. > > The problem was not really the join but more that the alias to > KEYDATA_VIEW is misleading, the alias "k" and "d" is used inside the > view and looks like they are exported to outside the view and the alias > "k" set in the SQL statement for key list can't be trusted on. Jerry - thanks for taking over this investigation and providing a fix :-) > > So Sara/Warren and anyone else working on 1.3/1.4 SQL stuff, have that > in mind in the future. It is amazing what _three_ pairs of eyes can miss! > > Will see if I can get MySQL tests to run via the build bot quickly today > and we should be able to push out a candidate tomorrow. I would like to suggest we introduce a #build_mysql command now so code changes that touch DB queries can run it before the PR is merged. Also, in terms of avoiding a similar problem with jenkins in future I would like to suggest that large scale changes to jenkins are reviewed by a second pair of eyes, just as we now have with code changes. We rely so heavily on jenkins now that I think this is prudent. Jakob - as the jenkins backup admin have you reviewed the changes Jerry made for the migration to Git (if I understand correctly quite a bit was changed?) Sara. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jerry at opendnssec.org Fri Apr 4 08:41:59 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Fri, 04 Apr 2014 10:41:59 +0200 Subject: [Opendnssec-develop] Re: [Opendnssec-user] opendnssec 1.4.4 and mysql In-Reply-To: References: <1396277087.4171.13.camel@mje.posix.co.za> <1396529618.6057.10.camel@mine> <1396530347.6057.15.camel@mine> Message-ID: <1396600919.18822.2.camel@mine> On fre, 2014-04-04 at 09:31 +0100, Sara Dickinson wrote: > I would like to suggest we introduce a #build_mysql command now so > code changes that touch DB queries can run it before the PR is merged. MySQL is chained into #build now so it is tested on every PR. That was a few minutes fix rather then adding a new command. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 620 bytes Desc: This is a digitally signed message part URL: From sara at sinodun.com Fri Apr 4 08:41:57 2014 From: sara at sinodun.com (Sara Dickinson) Date: Fri, 4 Apr 2014 09:41:57 +0100 Subject: [Opendnssec-develop] Build bot - opendnssec PR's - now with MySQL tests In-Reply-To: <1396534872.6057.17.camel@mine> References: <1396534872.6057.17.camel@mine> Message-ID: <9FE6BF31-31E1-4A16-A1C4-9ACCCE655CB5@sinodun.com> On 3 Apr 2014, at 15:21, Jerry Lundstr?m wrote: > Hi, > > I have chained the MySQL build/test jobs into PR's for opendnssec now. Hi, Sorry - didn?t see this email when I made my comment on the other email. Great. > > It has doubled the run time for a #build but it is needed. > How much work would it be to have #build #build_mysql #build_all_db commands as we previously discussed? Are you looking at making this change in the near future? I think that would be _really_ useful. Sara. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jerry at opendnssec.org Fri Apr 4 08:44:27 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Fri, 04 Apr 2014 10:44:27 +0200 Subject: [Opendnssec-develop] Build bot - opendnssec PR's - now with MySQL tests In-Reply-To: <9FE6BF31-31E1-4A16-A1C4-9ACCCE655CB5@sinodun.com> References: <1396534872.6057.17.camel@mine> <9FE6BF31-31E1-4A16-A1C4-9ACCCE655CB5@sinodun.com> Message-ID: <1396601067.22427.1.camel@mine> On fre, 2014-04-04 at 09:41 +0100, Sara Dickinson wrote: > How much work would it be to have > > #build > #build_mysql > #build_all_db > > commands as we previously discussed? Are you looking at making this change in the near future? I think that would be _really_ useful. There will be more commands in the future but it will take time since I need to setup an environment for testing rather then abusing our "production" Jenkins. Chaining MySQL into the #build command took minutes so I did that because adding new command will take days. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 620 bytes Desc: This is a digitally signed message part URL: From jerry at opendnssec.org Fri Apr 4 08:52:02 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Fri, 04 Apr 2014 10:52:02 +0200 Subject: [Opendnssec-develop] Re: OpenDNSSEC 1.4.5rc1 tomorrow? (Was:: [Opendnssec-user] opendnssec 1.4.4 and mysql) In-Reply-To: <5E14F077-F895-4974-B0BC-0FCF772ABF50@sinodun.com> References: <1396277087.4171.13.camel@mje.posix.co.za> <1396529618.6057.10.camel@mine> <1396530347.6057.15.camel@mine> <1396535078.6057.20.camel@mine> <5E14F077-F895-4974-B0BC-0FCF772ABF50@sinodun.com> Message-ID: <1396601522.22612.1.camel@mine> On fre, 2014-04-04 at 09:19 +0100, Sara Dickinson wrote: > 1) I would like to comment in the NEWS file to be much more explicit about what the problem was. I?ll do a quick pull request to fix this. Go ahead. > 2) Looking at Jenkins, is seems like the daily tests are not running every night? Last time they ran for 1.4 was 27th March as far as I can tell. Fixed now, chained after test-*. All jobs started. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 620 bytes Desc: This is a digitally signed message part URL: From sara at sinodun.com Fri Apr 4 17:10:29 2014 From: sara at sinodun.com (Sara Dickinson) Date: Fri, 4 Apr 2014 18:10:29 +0100 Subject: [Opendnssec-develop] OpenDNSSEC 1.4.5rc1 release candidate Message-ID: All, Version 1.4.5rc1 of OpenDNSSEC is now available. This is a release candidate for testing purposes: OpenDNSSEC 1.4.5rc1 ------------------------------- Bugfixes: * OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key generation. * OPENDNSSEC-609: ods-ksmutil: 'key list' command fails with error in 1.4.4 on MySQL. Reported by Mark Elkins Download: * https://dist.opendnssec.org/source/testing/opendnssec-1.4.5rc1.tar.gz * https://dist.opendnssec.org/source/testing/opendnssec-1.4.5rc1.tar.gz.sig * Checksum: SHA1 6cafb6d912f68db578139529c2aaaedf15e6d4da * Checksum: SHA256 2b579687131428038d2dc671cd78cf9b5605e1b8ecd258fc90fb7b77c12a034f A full OpenDNSSEC 1.4.5 release is planned for Friday 11th April. //OpenDNSSEC team From yuri at nlnetlabs.nl Mon Apr 7 09:57:09 2014 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Mon, 07 Apr 2014 11:57:09 +0200 Subject: [Opendnssec-develop] EnfNG link problem Message-ID: <53427675.2050602@nlnetlabs.nl> Every time I install a new (Debian testing) machine I run into the problem that I'm unable to link the EnforcerNG when compiled with sqlite3. With MySQL there is no problem. After every ./configure I need to change enforcer-ng/src/Makefile: - LDFLAGS = + LDFLAGS = -lpthread My autotools-fu is to weak to solve it. Any suggestions? //Yuri From jerry at opendnssec.org Mon Apr 7 10:31:13 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Mon, 07 Apr 2014 12:31:13 +0200 Subject: [Opendnssec-develop] EnfNG link problem In-Reply-To: <53427675.2050602@nlnetlabs.nl> References: <53427675.2050602@nlnetlabs.nl> Message-ID: <1396866673.13488.1.camel@mine> On m?n, 2014-04-07 at 11:57 +0200, Yuri Schaeffer wrote: > My autotools-fu is to weak to solve it. Any suggestions? Sounds like m4/ax_pthread.m4 needs an update or tweak, it is suppose to detect if you need -lpthread or not. Is this a problem for 1.4 on your debian testing also? -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 620 bytes Desc: This is a digitally signed message part URL: From yuri at nlnetlabs.nl Mon Apr 7 10:58:10 2014 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Mon, 07 Apr 2014 12:58:10 +0200 Subject: [Opendnssec-develop] EnfNG link problem In-Reply-To: <1396866673.13488.1.camel@mine> References: <53427675.2050602@nlnetlabs.nl> <1396866673.13488.1.camel@mine> Message-ID: <534284C2.4070100@nlnetlabs.nl> > Is this a problem for 1.4 on your debian testing also? No. I just tested 1.4/develop. just works. From sara at sinodun.com Mon Apr 7 11:06:34 2014 From: sara at sinodun.com (Sara Dickinson) Date: Mon, 7 Apr 2014 12:06:34 +0100 Subject: [Opendnssec-develop] RE: Team meeting - Tuesday 8 Apr 2014 @ 14:00 CEST Message-ID: Hi All, We have a team meeting scheduled for tomorrow Date: Tuesday 8 April 2014 Time: 14:00-15:00 CEST, 13:00-14:00 BST, 20:00-21:00 CST, 12:00-13:00 UTC Method: Teamspeak (https://wiki.opendnssec.org/display/OpenDNSSEC/Conference+call+details) Agenda: https://wiki.opendnssec.org/display/OpenDNSSEC/2014-04-08+Agenda Sara. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry at opendnssec.org Mon Apr 7 11:13:10 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Mon, 07 Apr 2014 13:13:10 +0200 Subject: [Opendnssec-develop] EnfNG link problem In-Reply-To: <534284C2.4070100@nlnetlabs.nl> References: <53427675.2050602@nlnetlabs.nl> <1396866673.13488.1.camel@mine> <534284C2.4070100@nlnetlabs.nl> Message-ID: <1396869190.13488.4.camel@mine> On m?n, 2014-04-07 at 12:58 +0200, Yuri Schaeffer wrote: > No. I just tested 1.4/develop. just works. Looking at "git diff upstream/develop upstream/1.4/develop m4/ax_pthread.m4" (I like git!) they are running different versions (serial 17/18) but the difference hasn't anything to do with LDFLAGS. http://www.gnu.org/software/autoconf-archive/ax_pthread.html has serial 21, maybe you could try it? -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 620 bytes Desc: This is a digitally signed message part URL: From jakob at kirei.se Mon Apr 7 11:30:08 2014 From: jakob at kirei.se (Jakob Schlyter) Date: Mon, 7 Apr 2014 13:30:08 +0200 Subject: [Opendnssec-develop] Short-term plans OpenDNSSEC 2.0 Message-ID: <99C567A5-DF6B-49F3-8B8E-D1CBFC5805EF@kirei.se> As Sara will be busy with other projects the next following months, I will be taking care of managing development for OpenDNSSEC 2.0 for some time. Sara will continue managing the 1.x releases. Early this week, we'll release 2.0.0a4 (just waiting for some review by Yuri). Once that is done, Yuri will enable more regression tests and we'll release 2.0.0a5 some time next week. To address the 2.0 database issues recently discussed, we're going to make a limited effort into moving ahead with the a new database backend [1] developed by Jerry (with help from Yuri). The new database backend is written in pure C and has already both SQL (SQLite) and noSQL (CouchDB) backends. We have good reasons to believe that this new backend will address the performance issues and integration for other types of storage engines (e.g., LDAP as recently proposed by RedHat). The reasoning I'm calling this a "limited effort" is that we don't know for sure, and the way we've (Jerry/Yuri/myself) chosen to evaluate this is to just do the work as soon as the additional regression tests are in. jakob [1] https://github.com/jelu/opendnssec/tree/dbx/enforcer-ng/src/db From jad at sinodun.com Mon Apr 7 11:40:07 2014 From: jad at sinodun.com (John Dickinson) Date: Mon, 7 Apr 2014 11:40:07 +0000 Subject: [Opendnssec-develop] EnfNG link problem In-Reply-To: <534284C2.4070100@nlnetlabs.nl> References: <53427675.2050602@nlnetlabs.nl> <1396866673.13488.1.camel@mine> <534284C2.4070100@nlnetlabs.nl> Message-ID: Hi Yuri, what does pkg-config sqlite3 --libs say? John On 7 Apr 2014, at 10:58, Yuri Schaeffer wrote: >> Is this a problem for 1.4 on your debian testing also? > > No. I just tested 1.4/develop. just works. > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From yuri at nlnetlabs.nl Mon Apr 7 12:30:02 2014 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Mon, 07 Apr 2014 14:30:02 +0200 Subject: [Opendnssec-develop] EnfNG link problem In-Reply-To: References: <53427675.2050602@nlnetlabs.nl> <1396866673.13488.1.camel@mine> <534284C2.4070100@nlnetlabs.nl> Message-ID: <53429A4A.7000109@nlnetlabs.nl> > pkg-config sqlite3 --libs yuri at prlwytzkofsky:~$ pkg-config sqlite3 --libs -lsqlite3 From jad at sinodun.com Mon Apr 7 13:35:49 2014 From: jad at sinodun.com (John Dickinson) Date: Mon, 7 Apr 2014 13:35:49 +0000 Subject: [Opendnssec-develop] EnfNG link problem In-Reply-To: <53429A4A.7000109@nlnetlabs.nl> References: <53427675.2050602@nlnetlabs.nl> <1396866673.13488.1.camel@mine> <534284C2.4070100@nlnetlabs.nl> <53429A4A.7000109@nlnetlabs.nl> Message-ID: <5F34B0A0-919D-4FC3-B183-F4100B104A5D@sinodun.com> Ah - but ax_lib_mysql.m4 uses mysql_config --libs to find the linker flags and this gives: $ mysql_config --libs -L/usr/local/lib/mysql -lmysqlclient -pthread -lm thus pulling in pthread. I suggest changing acx_libsqlite3.m4 to stick -pthread on the end of SQLITE3_LIBS HTH John On 7 Apr 2014, at 12:30, Yuri Schaeffer wrote: >> pkg-config sqlite3 --libs > > yuri at prlwytzkofsky:~$ pkg-config sqlite3 --libs > -lsqlite3 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jad at sinodun.com Mon Apr 7 13:41:29 2014 From: jad at sinodun.com (John Dickinson) Date: Mon, 7 Apr 2014 13:41:29 +0000 Subject: [Opendnssec-develop] EnfNG link problem In-Reply-To: <5F34B0A0-919D-4FC3-B183-F4100B104A5D@sinodun.com> References: <53427675.2050602@nlnetlabs.nl> <1396866673.13488.1.camel@mine> <534284C2.4070100@nlnetlabs.nl> <53429A4A.7000109@nlnetlabs.nl> <5F34B0A0-919D-4FC3-B183-F4100B104A5D@sinodun.com> Message-ID: On 7 Apr 2014, at 13:35, John Dickinson wrote: > Ah - but ax_lib_mysql.m4 uses mysql_config --libs to find the linker flags and this gives: > > $ mysql_config --libs > -L/usr/local/lib/mysql -lmysqlclient -pthread -lm > > thus pulling in pthread. > > I suggest changing acx_libsqlite3.m4 to stick -pthread on the end of SQLITE3_LIBS Or of course - tracking down the real check that is not adding the -pthread! John -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From sara at sinodun.com Tue Apr 8 13:38:23 2014 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 8 Apr 2014 14:38:23 +0100 Subject: [Opendnssec-develop] Team meeting - Tuesday 8 Apr 2014 @ 14:00 CEST In-Reply-To: References: Message-ID: Hi All, Minutes from the meeting today are available for review: https://wiki.opendnssec.org/display/OpenDNSSEC/2014-04-08+Minutes Next meeting is scheduled for: Date: Tuesday 29 April 2014 Time: 14:00-15:00 CEST, 13:00-14:00 BST, 20:00-21:00 CST, 12:00-13:00 UTC Sara. -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenDNSSEC meeting.ics Type: text/calendar Size: 710 bytes Desc: not available URL: -------------- next part -------------- On 7 Apr 2014, at 12:06, Sara Dickinson wrote: > Hi All, > > We have a team meeting scheduled for tomorrow > > Date: Tuesday 8 April 2014 > Time: 14:00-15:00 CEST, 13:00-14:00 BST, 20:00-21:00 CST, 12:00-13:00 UTC > Method: Teamspeak (https://wiki.opendnssec.org/display/OpenDNSSEC/Conference+call+details) > Agenda: https://wiki.opendnssec.org/display/OpenDNSSEC/2014-04-08+Agenda > > Sara. > > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From sara at sinodun.com Tue Apr 8 14:56:12 2014 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 8 Apr 2014 15:56:12 +0100 Subject: [Opendnssec-develop] RE: PR emails Message-ID: <4C074B18-C975-483A-95D0-C760E8E0498F@sinodun.com> Hi Jerry, Really minor nit, but in the email notifications of pull requests would it be possible to modify the format to be something like like: [opendnssec/PR] (#XXX) Pull request command i.e add PR and move the pull request number to the start to make this easier to see in email headers. Thanks Sara. From jerry at opendnssec.org Tue Apr 8 14:59:27 2014 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 8 Apr 2014 16:59:27 +0200 Subject: [Opendnssec-develop] Re: PR emails In-Reply-To: <4C074B18-C975-483A-95D0-C760E8E0498F@sinodun.com> References: <4C074B18-C975-483A-95D0-C760E8E0498F@sinodun.com> Message-ID: <3322249225081723165@unknownmsgid> Nope, email are sent by GitHub not us. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ On 8 apr 2014, at 16:56, Sara Dickinson wrote: Hi Jerry, Really minor nit, but in the email notifications of pull requests would it be possible to modify the format to be something like like: [opendnssec/PR] (#XXX) Pull request command i.e add PR and move the pull request number to the start to make this easier to see in email headers. Thanks Sara. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Roland.vanRijswijk at surfnet.nl Tue Apr 8 19:02:59 2014 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk - Deij) Date: Tue, 08 Apr 2014 15:02:59 -0400 Subject: [Opendnssec-develop] Confluence/JIRA host updated to fix OpenSSL Message-ID: <534447E3.6090301@surfnet.nl> Hi all, Just to let you know I've updated OpenSSL on our Confluence/JIRA host and restarted all services. Cheers, Roland -- -- Roland M. van Rijswijk - Deij -- SURFnet bv -- w: http://www.surfnet.nl/en/ -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From sara at sinodun.com Fri Apr 11 11:38:44 2014 From: sara at sinodun.com (Sara Dickinson) Date: Fri, 11 Apr 2014 12:38:44 +0100 Subject: [Opendnssec-develop] Fwd: [Opendnssec-maintainers] OpenDNSSEC 1.4.5rc1 release candidate References: Message-ID: <01597E93-4DA3-4F92-9076-2566FE5C8791@sinodun.com> Hi All, I?m not aware of any issues with the release candidate so would like to go ahead with the full release of 1.4.5 today. Jerry - can you please make a tarball when convenient? Sara Begin forwarded message: > From: Sara Dickinson > Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.5rc1 release candidate > Date: 4 April 2014 18:10:29 BST > To: opendnssec-maintainers at lists.opendnssec.org > Cc: Opd Dev > > All, > > Version 1.4.5rc1 of OpenDNSSEC is now available. This is a release candidate for testing purposes: > > OpenDNSSEC 1.4.5rc1 > ------------------------------- > > Bugfixes: > * OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key > generation. > * OPENDNSSEC-609: ods-ksmutil: 'key list' command fails with error in 1.4.4 > on MySQL. Reported by Mark Elkins > > Download: > * https://dist.opendnssec.org/source/testing/opendnssec-1.4.5rc1.tar.gz > * https://dist.opendnssec.org/source/testing/opendnssec-1.4.5rc1.tar.gz.sig > * Checksum: SHA1 6cafb6d912f68db578139529c2aaaedf15e6d4da > * Checksum: SHA256 2b579687131428038d2dc671cd78cf9b5605e1b8ecd258fc90fb7b77c12a034f > > > A full OpenDNSSEC 1.4.5 release is planned for Friday 11th April. > > //OpenDNSSEC team > > _______________________________________________ > Opendnssec-maintainers mailing list > Opendnssec-maintainers at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-maintainers From jerry at opendnssec.org Fri Apr 11 12:42:11 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Fri, 11 Apr 2014 14:42:11 +0200 Subject: [Opendnssec-develop] Fwd: [Opendnssec-maintainers] OpenDNSSEC 1.4.5rc1 release candidate In-Reply-To: <01597E93-4DA3-4F92-9076-2566FE5C8791@sinodun.com> References: <01597E93-4DA3-4F92-9076-2566FE5C8791@sinodun.com> Message-ID: <1397220131.31852.0.camel@what> On fre, 2014-04-11 at 12:38 +0100, Sara Dickinson wrote: > Jerry - can you please make a tarball when convenient? Starting with it now. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 660 bytes Desc: This is a digitally signed message part URL: From jerry at opendnssec.org Fri Apr 11 13:19:03 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Fri, 11 Apr 2014 15:19:03 +0200 Subject: [Opendnssec-develop] Fwd: [Opendnssec-maintainers] OpenDNSSEC 1.4.5rc1 release candidate In-Reply-To: <1397220131.31852.0.camel@what> References: <01597E93-4DA3-4F92-9076-2566FE5C8791@sinodun.com> <1397220131.31852.0.camel@what> Message-ID: <1397222343.15794.1.camel@what> https://dist.opendnssec.org/source/opendnssec-1.4.5.tar.gz https://dist.opendnssec.org/source/opendnssec-1.4.5.tar.gz.sig SHA1 da2d97669a7688321ea563e0a512531d932f19d6 SHA256 c4d4366497ab096c6887c51f7518d546a0419a44dfad1f57d4ec9e67bb95019b -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 660 bytes Desc: This is a digitally signed message part URL: From sara at sinodun.com Fri Apr 11 15:11:29 2014 From: sara at sinodun.com (Sara Dickinson) Date: Fri, 11 Apr 2014 16:11:29 +0100 Subject: [Opendnssec-develop] OpenDNSSEC 1.4.5 Message-ID: <3CACEEA8-8DFD-4FF7-8B38-5C592C548BFE@sinodun.com> All, Version 1.4.5 of OpenDNSSEC is now available. This is the latest stable release. Bugfixes: * OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key generation. * OPENDNSSEC-609: ods-ksmutil: 'key list' command fails with error in 1.4.4 on MySQL. Reported by Mark Elkins Documentation: * http://wiki.opendnssec.org/display/DOCS Download: * https://dist.opendnssec.org/source/opendnssec-1.4.5.tar.gz * https://dist.opendnssec.org/source/opendnssec-1.4.5.tar.gz.sig * Checksum SHA1: da2d97669a7688321ea563e0a512531d932f19d6 * Checksum SHA256: c4d4366497ab096c6887c51f7518d546a0419a44dfad1f57d4ec9e67bb95019b //OpenDNSSEC team From rickard at opendnssec.org Tue Apr 15 08:04:25 2014 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 15 Apr 2014 10:04:25 +0200 Subject: [Opendnssec-develop] Finishing SoftHSMv2 Message-ID: Hi We do not have many issues left on SoftHSMv2 before we can make the final release. I have finished most of the issues, but I would like some help on the final ones. Jerry: * SOFTHSM-40 - Enable jenkins testing on solaris t2000 sparc 64 for SoftHSMv2 * SOFTHSM-74 - Make Jenkins run tests with OpenSSL * SOFTHSM-77 - Test suite .o files eats a lot of space Francis: * SOFTHSM-59 - Chase memory leaks * SOFTHSM-64 - Compile on Windows Someone: * SOFTHSM-66 - Attribute handling when using multiple threads * SOFTHSM-86 - SoftHSMv2 performance slightly disappointing I have been looking at the two last ones, but I have not found any obvious way forward. Maybe Roland or Francis could have a look at this? // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry at opendnssec.org Tue Apr 15 08:11:30 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Tue, 15 Apr 2014 10:11:30 +0200 Subject: [Opendnssec-develop] Finishing SoftHSMv2 In-Reply-To: References: Message-ID: <1397549490.19004.19.camel@what> On tis, 2014-04-15 at 10:04 +0200, Rickard Bellgrim wrote: > Jerry: > > * SOFTHSM-40 - Enable jenkins testing on solaris t2000 sparc 64 for > SoftHSMv2 > > * SOFTHSM-74 - Make Jenkins run tests with OpenSSL > > * SOFTHSM-77 - Test suite .o files eats a lot of space I can't spare any time for this, busy with OpenDNSSEC 2.0 for the next month or more. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 660 bytes Desc: This is a digitally signed message part URL: From Roland.vanRijswijk at surfnet.nl Fri Apr 18 18:34:14 2014 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk - Deij) Date: Fri, 18 Apr 2014 20:34:14 +0200 Subject: [Opendnssec-develop] Finishing SoftHSMv2 In-Reply-To: References: Message-ID: <53517026.3000703@surfnet.nl> Hi Rickard, Rickard Bellgrim wrote: > * SOFTHSM-66 - Attribute handling when using multiple threads > > * SOFTHSM-86 - SoftHSMv2 performance slightly disappointing > > > I have been looking at the two last ones, but I have not found any > obvious way forward. Maybe Roland or Francis could have a look at this? I'm slightly strapped for time at the moment, and won't reasonably have time to dive into that before mid June :(. It's really great news that we are near a final release so if this is still open by that time I will strive to look into it. Cheers, Roland -- -- Roland M. van Rijswijk - Deij -- SURFnet bv -- w: http://www.surfnet.nl/en/ -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From fdupont at isc.org Sun Apr 20 14:41:13 2014 From: fdupont at isc.org (Francis Dupont) Date: Sun, 20 Apr 2014 14:41:13 +0000 Subject: [Opendnssec-develop] Re: Finishing SoftHSMv2 In-Reply-To: References: Message-ID: <20140420144113.EEA25216C31@bikeshed.isc.org> Rickard Bellgrim writes: > > Francis: > > * SOFTHSM-59 - Chase memory leaks => IMHO this one is not closed just because it was not finished (i.e., there still are some memory leaks) but as it cannot be (some leaks are very hard or impossible to fix, e.g., OpenSSL ERR) I suggest toi fix it. > * SOFTHSM-64 - Compile on Windows => I did a similar thing for bind 9.10 using a perl script to configure a lot of options but perl was already required. I can propose the same for SoftHSMv2 on WIN32 but this would add a new requirement (i.e., perl or python). Unfortunately there is no other required external tools from OpenSSL (which requires perl) or Botan (which requires python), and it should take some time to do both (or does someone want to help? It is just a trivial argument decode and substitution in project files) Thanks Francis Dupont PS: I have some free time (Eastern holidays). From sara at sinodun.com Tue Apr 22 14:24:52 2014 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 22 Apr 2014 15:24:52 +0100 Subject: [Opendnssec-develop] RE: 1.3.17 release candidate Message-ID: Hi All, I would like to try and target a release candidate for 1.3.17 for the end of this week if possible. The current content of this release is listed in the sprint: https://issues.opendnssec.org/secure/RapidBoard.jspa?rapidView=10&selectedIssue=OPENDNSSEC-586&sprint=8 - the two outstanding issues 591 and 586 should be closed by the end of this week - Matthijs: can you please confirm you are happy to close and release 515 and 550? - if anyone has any other issues they would like to nominate for inclusion in 1.3.17 then please let me know asap - Jerry: can you please confirm you are available on Friday to do a release candidate? Regards Sara. From matthijs at nlnetlabs.nl Tue Apr 22 14:34:49 2014 From: matthijs at nlnetlabs.nl (Matthijs Mekking) Date: Tue, 22 Apr 2014 16:34:49 +0200 Subject: [Opendnssec-develop] RE: 1.3.17 release candidate In-Reply-To: References: Message-ID: <53567E09.2050001@nlnetlabs.nl> On 04/22/2014 04:24 PM, Sara Dickinson wrote: > - Matthijs: can you please confirm you are happy to close and release 515 and 550? They were both accepted (pull 49) so I closed them. Best regards, Matthijs From jerry at opendnssec.org Tue Apr 22 14:47:38 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Tue, 22 Apr 2014 16:47:38 +0200 Subject: [Opendnssec-develop] RE: 1.3.17 release candidate In-Reply-To: References: Message-ID: <1398178058.9445.2.camel@what> On tis, 2014-04-22 at 15:24 +0100, Sara Dickinson wrote: > - Jerry: can you please confirm you are available on Friday to do a release candidate? So far, yes. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 660 bytes Desc: This is a digitally signed message part URL: From sara at sinodun.com Fri Apr 25 07:34:17 2014 From: sara at sinodun.com (Sara Dickinson) Date: Fri, 25 Apr 2014 08:34:17 +0100 Subject: [Opendnssec-develop] 1.3.17 release candidate In-Reply-To: References: Message-ID: <7C7D08E7-47AE-48FE-B4FA-A723FF03D1E7@sinodun.com> Hi All, Thanks for the responses. All issues are now closed so if there are no objections I would like to go ahead with 1.3.17rc1 today. Regards Sara. On 22 Apr 2014, at 15:24, Sara Dickinson wrote: > Hi All, > > I would like to try and target a release candidate for 1.3.17 for the end of this week if possible. The current content of this release is listed in the sprint: > > https://issues.opendnssec.org/secure/RapidBoard.jspa?rapidView=10&selectedIssue=OPENDNSSEC-586&sprint=8 > > - the two outstanding issues 591 and 586 should be closed by the end of this week > - Matthijs: can you please confirm you are happy to close and release 515 and 550? > - if anyone has any other issues they would like to nominate for inclusion in 1.3.17 then please let me know asap > - Jerry: can you please confirm you are available on Friday to do a release candidate? > > Regards > > Sara. > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From jerry at opendnssec.org Mon Apr 28 10:42:29 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Mon, 28 Apr 2014 12:42:29 +0200 Subject: [Opendnssec-develop] 1.3.17 release candidate In-Reply-To: <7C7D08E7-47AE-48FE-B4FA-A723FF03D1E7@sinodun.com> References: <7C7D08E7-47AE-48FE-B4FA-A723FF03D1E7@sinodun.com> Message-ID: <1398681749.29452.4.camel@what> https://dist.opendnssec.org/source/testing/opendnssec-1.3.17rc1.tar.gz https://dist.opendnssec.org/source/testing/opendnssec-1.3.17rc1.tar.gz.sig SHA1 89f7c3b734080ef0472bcf39e11801b20d305e8d SHA256 0a38bd01a4aee2328b1129621c979eef72e6ed8fce6f39da6f53b8485eb658cd -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 643 bytes Desc: This is a digitally signed message part URL: From sara at sinodun.com Mon Apr 28 14:28:38 2014 From: sara at sinodun.com (Sara Dickinson) Date: Mon, 28 Apr 2014 15:28:38 +0100 Subject: [Opendnssec-develop] OpenDNSSEC 1.3.17rc1 release candidate Message-ID: <834A8E83-905B-40E8-A4DC-5D1E7FC97ED9@sinodun.com> All, Version 1.3.17rc1 of OpenDNSSEC is now available. This is a release candidate for testing purposes: OpenDNSSEC 1.3.17rc1 ??????????? Updates: * SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public key directly if SkipPublicKey is used [OPENDNSSEC-575]. * Signer Engine: log serial of signed zone in STATS line. * OPENDNSSEC-550: Signer Engine: Put NSEC3 records on empty non-terminals derived from unsigned delegations (be compatible with servers that are incompatible with RFC 5155 errata 3441). * OPENDNSSEC-569: Build compatibility with SoftHSMv2. * Signer Engine: Examine unsigned zone checks for SOA RRset existence. * OPENDNSSEC-591: ods-ksmutil: Extend 'key list' command with options to filter on key type and state. This allows keys in the GENERATE and DEAD state to be output. Bugfixes: * SUPPORT-116: ods-ksmutil key import. Date validation fails on certain dates [OPENDNSSEC-589]. * OPENDNSSEC-481: libhsm: Fix an off-by-one length check error. * OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects. * OPENDNSSEC-515: Signer Engine: Don't replace tabs in RRs with whitespace. * OPENDNSSEC-538: libhsm: Possible memory corruption in hsm_get_slot_id. * Signer Engine: Fix a race condition when stopping daemon. * OPENDNSSEC-586: enforcer & ods-ksmutil: Improve logging on key creation and alloctaion. * OPENDNSSEC-588: ods-ksmutil: Exported value of in 'policy export' output could be wrong on MySQL. Download: * https://dist.opendnssec.org/source/testing/opendnssec-1.3.17rc1.tar.gz * https://dist.opendnssec.org/source/testing/opendnssec-1.3.17rc1.tar.gz.sig * Checksum SHA1: 89f7c3b734080ef0472bcf39e11801b20d305e8d * Checksum SHA256: 0a38bd01a4aee2328b1129621c979eef72e6ed8fce6f39da6f53b8485eb658cd A full OpenDNSSEC 1.3.17 release is planned for Tuesday 6th May //OpenDNSSEC team From sara at sinodun.com Mon Apr 28 15:58:02 2014 From: sara at sinodun.com (Sara Dickinson) Date: Mon, 28 Apr 2014 16:58:02 +0100 Subject: [Opendnssec-develop] RE: Team meeting - Tuesday 29 Apr 2014 @ 14:00 CEST Message-ID: <5D10CE51-1DAF-414F-93DF-90EB0EE67CC2@sinodun.com> Hi All, We have a team meeting scheduled for tomorrow Date: Tuesday 29 April 2014 Time: 14:00-15:00 CEST, 13:00-14:00 BST, 20:00-21:00 CST, 12:00-13:00 UTC Method: Teamspeak (https://wiki.opendnssec.org/display/OpenDNSSEC/Conference+call+details) Agenda: https://wiki.opendnssec.org/display/OpenDNSSEC/2014-04-29+Agenda Sara. From sara at sinodun.com Tue Apr 29 14:23:28 2014 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 29 Apr 2014 15:23:28 +0100 Subject: Fwd: [Opendnssec-develop] Team meeting - Tuesday 29 Apr 2014 @ 14:00 CEST References: <5D10CE51-1DAF-414F-93DF-90EB0EE67CC2@sinodun.com> Message-ID: <5634E038-02CF-4911-93C2-5E8559379F68@sinodun.com> All, The minutes from the meeting today are available online for review: https://wiki.opendnssec.org/display/OpenDNSSEC/2014-04-29+Minutes The next meeting is scheduled for: Date: Tuesday 20 May 2014 Time: 14:00-15:00 CEST, 13:00-14:00 BST, 20:00-21:00 CST, 12:00-13:00 UTC Jakob - can you please confirm that you can make this as I think you should be involved in the 2.0 section of the call? Sara. -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenDNSSEC meeting.ics Type: text/calendar Size: 710 bytes Desc: not available URL: -------------- next part -------------- Begin forwarded message: > From: Sara Dickinson > Subject: [Opendnssec-develop] RE: Team meeting - Tuesday 29 Apr 2014 @ 14:00 CEST > Date: 28 April 2014 16:58:02 BST > To: Opd Dev > > Hi All, > > We have a team meeting scheduled for tomorrow > > Date: Tuesday 29 April 2014 > Time: 14:00-15:00 CEST, 13:00-14:00 BST, 20:00-21:00 CST, 12:00-13:00 UTC > Method: Teamspeak (https://wiki.opendnssec.org/display/OpenDNSSEC/Conference+call+details) > Agenda: https://wiki.opendnssec.org/display/OpenDNSSEC/2014-04-29+Agenda > > Sara. > > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From sara at sinodun.com Tue Apr 29 14:24:13 2014 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 29 Apr 2014 15:24:13 +0100 Subject: [Opendnssec-develop] RE: Postponement of 2.0.0a4 release Message-ID: <7C772EAC-D89B-400E-8CF8-E92FD1585E3E@sinodun.com> Hi All, It was announced in the team meeting today that the planned 2.0.0a4 release has been postponed. Yuri discovered a bug with the transaction handling in Protobuf which he and Jerry felt was serious enough to postpone the release completely until after the database re-factor. Yuri - for the record could you give some details of the problem and why this hadn?t been seen until now? My understanding is that there is now no timeline for the next release of 2.0 since estimates are not available for how long the database re-factor will take. Jakob - there is still a 2.0.0a4 sprint open in JIRA. Do you plan to close this and create another sprint for the re-factor work? If so I can give you a hand with this. Sara. From yuri at nlnetlabs.nl Tue Apr 29 18:05:06 2014 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Tue, 29 Apr 2014 20:05:06 +0200 Subject: [Opendnssec-develop] RE: Postponement of 2.0.0a4 release In-Reply-To: <7C772EAC-D89B-400E-8CF8-E92FD1585E3E@sinodun.com> References: <7C772EAC-D89B-400E-8CF8-E92FD1585E3E@sinodun.com> Message-ID: <535FE9D2.30906@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, I'll summarize the events of the past few weeks for the record here. Initially Sara an I planned to fix up the last sprint which included documentation and interface work and release it as an a4. Thereafter I would concentrate on porting the tests to the ng branch and release it as an a5, after which I would work together with Jerry making the DB change. Everything for the a4 sprint was done and I did some additional manual testing. There I found that after a 'rollover list' the 'enforce' command would time out. I could trace it to 'something fails with the transactions' but not fix it in a reasonable time. Consulting Jakob and Jerry we decided to make the DB switch a priority. thereby avoiding having to fix this bug at all. It is unclear why we didn't notice it before, but once observed it took me quite a while to reproduce reliably. Probably because there isn't even a usecase where one would have to call 'enforce'. Still it indicates a problem with the current implementation. Then events passed quickly, Jerry had I had a 2 day meeting in Amsterdam to kick of DB change. First day we discussed the data model, identified problems and fixed them. We've discussed how to support future alternative database backends. On the second day we started coding to get a few basic usecases in ODS. We have a 'policy list' and a 'resalt'. Thereby testing reading and writing to the DB including transaction handling. So far this seems to work flawlessly. For Sqlite, mysql is not implemented at the moment. What is currently happening: - - Yuri is one by one converting the enforcer modules to the new backend. Thereby weeding out the c++ parts (only the orm layer was C++ really) - - Jerry is making some provisions to support non transactional/sql databases then will work to replace the XML handling of the orm code. After this we should be on par with the nearly released a4 minus Mysql support. I (gu)estimate this could be perhaps in the week after RIPE. Then we will implement MySQL, and pick up where we left converting tests. The current state of affairs can be found at https://github.com/jelu/opendnssec/tree/dbx //Yuri -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlNf6dEACgkQI3PTR4mhavjyjACeKSbCn3uyIeyy2aoLWjpVU7Dy TY4AoItRZTR5XzaPNqz/UyVM4gM3oI2T =oyTL -----END PGP SIGNATURE----- From jerry at opendnssec.org Tue Apr 29 19:52:31 2014 From: jerry at opendnssec.org (=?UTF-8?Q?Jerry_Lundstr=C3=B6m?=) Date: Tue, 29 Apr 2014 21:52:31 +0200 Subject: [Opendnssec-develop] RE: Postponement of 2.0.0a4 release In-Reply-To: <535FE9D2.30906@nlnetlabs.nl> References: <7C772EAC-D89B-400E-8CF8-E92FD1585E3E@sinodun.com> <535FE9D2.30906@nlnetlabs.nl> Message-ID: <5486026608653289256@unknownmsgid> On 29 apr 2014, at 20:05, Yuri Schaeffer wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is unclear why we didn't notice it before, but once observed it took me quite a while to reproduce reliably. Probably because there isn't even a usecase where one would have to call 'enforce'. Still it indicates a problem with the current implementation. This isnt really that strange. We currently just test "the happy path", meaning that we have a path of execution that we run and expect a specific result in each step which is more or less success. For example: 1. Run list 2. Grep in list 3. Add to list 4. Grep in list for new entry What happened when you tested is that you started another path within a path and it failed badly :( Now with the error that emerged I saw no point to dig deeper into it. It is actually really easy to abuse transactions. I can explain why in more detail if anyone wants to know over TS or something similar. Then we will implement MySQL, and pick up where we left converting tests. MySQL is not a biggy, its so similar to SQLite that you can mostly say that if it works in one it will work to 98% on the other. And the implementation time is very short. The current state of affairs can be found at https://github.com/jelu/opendnssec/tree/dbx We will merge the PR when we have it on par of the current code to not break functionality. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: