[Opendnssec-user] RE: New installation notes for Ubuntu (Beta5)

Rick Zijlker rick.zijlker at sidn.nl
Tue Nov 3 08:59:42 UTC 2009


Hey Rickard and Stephane,

 

Thanks for checking my notes. Lots of useful feedback. I have a few remarks which I placed inline.

 

Cheers,

Rick

 

From: Rickard Bellgrim [mailto:rickard.bellgrim at iis.se] 
Sent: maandag 2 november 2009 17:23
To: Rick Zijlker; opendnssec-user at lists.opendnssec.org
Subject: Re: New installation notes for Ubuntu (Beta5)

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

 

Thanks for your guide. 

 

Here are some of my comments.

 

No need for this if you run from the tarball:

        ~# apt-get install subversion

        ~# apt-get install autoconf

        ~# apt-get install automake

        ~# apt-get install libtool

        ~# apt-get install sun-java6-jre sun-java6-plugin sun-java6-fonts

 

*I used to install from trunk. That’s why I still had these included. Will add that to the note. *

 

This:

        ~# wget http://rubyforge.org/frs/download.php/65630/dnsruby-1.39.gem <http://rubyforge.org/frs/download.php/65630/dnsruby-1.39.gem> 

        ~# sudo gem install /usr/local/bin/dnsruby-1.39.gem

Is equal to:

        ~# gem install dnsruby

 

* “gem install dnsruby” hangs my Ubuntu image. At first it just took long, but later the system hung. That’s why I came up with this alternative method. * 

 

OpenDNSSEC default to these settings, so they are not needed:

        --sysconfdir=/etc --localstatedir=/var

 

Botan is not installed here:

        --with-botan=/usr/local/bin

but here (which is default)

        --with-botan=/usr/local

 

LDNS is not installed here:

        --with-ldns=/usr/local/bin

but here (which is default)

        --with-ldns=/usr/local

 

Are you sure that you want to install SoftHSM here:

        --prefix=/usr/local/bin/softhsm

and not here (then will your system find e.g. the softhsm tool and no need to change directory later on):

        --prefix=/usr/local

 

* I installed everything in /usr/local/bin . According to a linux guide I read /usr/local/bin is usually used to install applications. Not saying that’s a fact, I just followed that advice. This should not be any problem concerning functionality of OpenDNSSEC though since it’s supposed to be configurable. *

 

 

No need for:

        ~# export SOFTHSM_CONF=/etc/softhsm.conf

        ~# echo $SOFTHSM_CONF

The default location is this. SOFTHSM_CONF is for when you want to have the config in another location.

 

* Okay, I felt like this shouldn’t be empty but didn’t know the main purpose of the variable *

 

The work-around when initializing the token is not needed since you have installed 1.9.0.

 

The token table gives you no useful information. It only shows you the token label and the digested SO and user PIN. You probably want to have a look in the Attribute table. One question, why do you want to have a look in the token database? Why not use the PKCS#11 interface to check for information?

 

* The database check is some old note. Since I had quite some troubles installing due to keys not being found or HSM not being found (no slots) I was browsing the databases and noted the sqlite commands I used. I know now I can request key information by using ./ods-hsmutil . Is that what you mean by PKCS#11 interface? *

 

You do not need to generate the keys yourself. The system will do that for you.

 

* I had to generate them myself. When trying to sign after install and starting engines, I got the error message saying no keys available. Repositories were empty. *

 

More information can be found on http://trac.opendnssec.org/wiki/Signer/Using <http://trac.opendnssec.org/wiki/Signer/Using> 

 

 

// Rickard

 

 

 

 

-----Original Message-----
From: Stephane Bortzmeyer [mailto:bortzmeyer at nic.fr] 
Sent: maandag 2 november 2009 16:10
To: Rick Zijlker
Cc: opendnssec-user at lists.opendnssec.org
Subject: Re: New installation notes for Ubuntu (Beta5)

 

On Mon, Nov 02, 2009 at 03:54:51PM +0100,

 Rick Zijlker <rick.zijlker at sidn.nl> wrote 

 a message of 331 lines which said:

 

>     ~# apt-get install libxml2

>     ~# apt-get install libxml2-dev

 

libxml2-dev depends on libxml so installing the second is sufficient.

 

>     ~# apt-get install sqlite3

>     ~# apt-get install libsqlite3-dev

 

Same thing.

* Thanks, will keep it to installing only second *

 

> *ldns version 1.6.1 or later we download from NLNetLabs, and build

> ourselves:

 

Why? It exists in Ubuntu.

 

* I can’t find ldns in my default Ubunty image, where should it be located? *

 

 

> -----Ursprungligt meddelande-----

> Från: opendnssec-user-bounces at lists.opendnssec.org [mailto:opendnssec-

> user-bounces at lists.opendnssec.org] För Rick Zijlker

> Skickat: den 2 november 2009 15:55

> Till: opendnssec-user at lists.opendnssec.org

> Ämne: [Opendnssec-user] New installation notes for Ubuntu (Beta5)

> 

> Hey all,

> 

> 

> 

> During installing OpenDNSSEC on my Ubuntu image I encountered several

> issues and I made note of these issues. Right now OpenDNSSEC (beta 5)

> is successfully signing here and I would like to share my notes with

> everyone to offer an easy checklist of all dependencies and possible

> issues plus solutions. It won’t win any beauty contests but it could be

> helpful for some of you.

> 

> 

> 

> Some extra options like extra slots in softhsm are also described in

> this note.

> 

> 

> 

> Cheers,

> 

> Rick Zijlker

 

 

-----BEGIN PGP SIGNATURE-----

Version: 9.8.3 (Build 4028)

Charset: utf-8

 

wsBVAwUBSu8HW+CjgaNTdVjaAQh3kAgAiEMiJdu9SdCDlxTkEQeIINt+ZJmx2wqj

QLDj1yf0zPaxjDbAE/mAJSmdb+PAUi7NCy/V29idW4DqnZUmpJoxFOFeXtpBMg6f

qMpx3RPXm43iDz1XxST9KWM7q+EsS85MftCjQ5f6WeZr8FGVNKPp4GGE1x/ey3YV

PQHFP7cspOlgxBB3juDOqEKe+Ag9OLXZUioPLXcirmDX/RoyAs6K0pIKbz7r4TWB

JRAR3boJ28kslfcFXRGATDMhXMeUa9JXgZlMS4J6c6KAN2i4wYuXfIxPUHAGl+yu

8cubIIlp/TUXDRLDkc4i1azz+1hoeqSaUYJ/lG+MCKaS6ayWd2HrUQ==

=w2e+

-----END PGP SIGNATURE-----

 

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20091103/131325d7/attachment.htm>


More information about the Opendnssec-user mailing list