[Opendnssec-user] RE: New installation notes for Ubuntu (Beta5)

Rick Zijlker rick.zijlker at sidn.nl
Tue Nov 3 08:59:42 UTC 2009

Hey Rickard and Stephane,


Thanks for checking my notes. Lots of useful feedback. I have a few remarks which I placed inline.





From: Rickard Bellgrim [mailto:rickard.bellgrim at iis.se] 
Sent: maandag 2 november 2009 17:23
To: Rick Zijlker; opendnssec-user at lists.opendnssec.org
Subject: Re: New installation notes for Ubuntu (Beta5)



Hash: SHA256


Thanks for your guide. 


Here are some of my comments.


No need for this if you run from the tarball:

        ~# apt-get install subversion

        ~# apt-get install autoconf

        ~# apt-get install automake

        ~# apt-get install libtool

        ~# apt-get install sun-java6-jre sun-java6-plugin sun-java6-fonts


*I used to install from trunk. That’s why I still had these included. Will add that to the note. *



        ~# wget http://rubyforge.org/frs/download.php/65630/dnsruby-1.39.gem <http://rubyforge.org/frs/download.php/65630/dnsruby-1.39.gem> 

        ~# sudo gem install /usr/local/bin/dnsruby-1.39.gem

Is equal to:

        ~# gem install dnsruby


* “gem install dnsruby” hangs my Ubuntu image. At first it just took long, but later the system hung. That’s why I came up with this alternative method. * 


OpenDNSSEC default to these settings, so they are not needed:

        --sysconfdir=/etc --localstatedir=/var


Botan is not installed here:


but here (which is default)



LDNS is not installed here:


but here (which is default)



Are you sure that you want to install SoftHSM here:


and not here (then will your system find e.g. the softhsm tool and no need to change directory later on):



* I installed everything in /usr/local/bin . According to a linux guide I read /usr/local/bin is usually used to install applications. Not saying that’s a fact, I just followed that advice. This should not be any problem concerning functionality of OpenDNSSEC though since it’s supposed to be configurable. *



No need for:

        ~# export SOFTHSM_CONF=/etc/softhsm.conf

        ~# echo $SOFTHSM_CONF

The default location is this. SOFTHSM_CONF is for when you want to have the config in another location.


* Okay, I felt like this shouldn’t be empty but didn’t know the main purpose of the variable *


The work-around when initializing the token is not needed since you have installed 1.9.0.


The token table gives you no useful information. It only shows you the token label and the digested SO and user PIN. You probably want to have a look in the Attribute table. One question, why do you want to have a look in the token database? Why not use the PKCS#11 interface to check for information?


* The database check is some old note. Since I had quite some troubles installing due to keys not being found or HSM not being found (no slots) I was browsing the databases and noted the sqlite commands I used. I know now I can request key information by using ./ods-hsmutil . Is that what you mean by PKCS#11 interface? *


You do not need to generate the keys yourself. The system will do that for you.


* I had to generate them myself. When trying to sign after install and starting engines, I got the error message saying no keys available. Repositories were empty. *


More information can be found on http://trac.opendnssec.org/wiki/Signer/Using <http://trac.opendnssec.org/wiki/Signer/Using> 



// Rickard





-----Original Message-----
From: Stephane Bortzmeyer [mailto:bortzmeyer at nic.fr] 
Sent: maandag 2 november 2009 16:10
To: Rick Zijlker
Cc: opendnssec-user at lists.opendnssec.org
Subject: Re: New installation notes for Ubuntu (Beta5)


On Mon, Nov 02, 2009 at 03:54:51PM +0100,

 Rick Zijlker <rick.zijlker at sidn.nl> wrote 

 a message of 331 lines which said:


>     ~# apt-get install libxml2

>     ~# apt-get install libxml2-dev


libxml2-dev depends on libxml so installing the second is sufficient.


>     ~# apt-get install sqlite3

>     ~# apt-get install libsqlite3-dev


Same thing.

* Thanks, will keep it to installing only second *


> *ldns version 1.6.1 or later we download from NLNetLabs, and build

> ourselves:


Why? It exists in Ubuntu.


* I can’t find ldns in my default Ubunty image, where should it be located? *



> -----Ursprungligt meddelande-----

> Från: opendnssec-user-bounces at lists.opendnssec.org [mailto:opendnssec-

> user-bounces at lists.opendnssec.org] För Rick Zijlker

> Skickat: den 2 november 2009 15:55

> Till: opendnssec-user at lists.opendnssec.org

> Ämne: [Opendnssec-user] New installation notes for Ubuntu (Beta5)


> Hey all,




> During installing OpenDNSSEC on my Ubuntu image I encountered several

> issues and I made note of these issues. Right now OpenDNSSEC (beta 5)

> is successfully signing here and I would like to share my notes with

> everyone to offer an easy checklist of all dependencies and possible

> issues plus solutions. It won’t win any beauty contests but it could be

> helpful for some of you.




> Some extra options like extra slots in softhsm are also described in

> this note.




> Cheers,


> Rick Zijlker




Version: 9.8.3 (Build 4028)

Charset: utf-8















-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20091103/131325d7/attachment.htm>

More information about the Opendnssec-user mailing list