[Opendnssec-user] Re: New installation notes for Ubuntu (Beta5)

Rickard Bellgrim rickard.bellgrim at iis.se
Tue Nov 3 10:17:28 UTC 2009

Hash: SHA256

> * I installed everything in /usr/local/bin . According to a linux guide
> I read /usr/local/bin is usually used to install applications. Not
> saying that’s a fact, I just followed that advice. This should not be
> any problem concerning functionality of OpenDNSSEC though since it’s
> supposed to be configurable. *

Yeah, /usr/local/bin is where the binaries usually gets installed. And this path is often configured in the OS, so that it know where to find the programs. This is so that you do not need to type the path to the binary when want to run it.

/usr/local/lib is where the libraries gets installed.

So if you use --prefix=/usr/local then will your binaries be installed in /usr/local/bin, your libraries in /usr/local/lib, etc.

OpenDNSSEC do work if you want to use another prefix than /usr/local, but you probably want a default set-up. But your structure will get a little bit odd if you use --prefix=/usr/local/bin, then you will get paths like /usr/local/bin/bin, /usr/local/bin/lib, etc.

(And --prefix=/usr/local is default)

> * The database check is some old note. Since I had quite some troubles
> installing due to keys not being found or HSM not being found (no
> slots)
> I was browsing the databases and noted the sqlite commands I used. I
> know now I can request key information by using ./ods-hsmutil . Is that
> what you mean by PKCS#11 interface? *

Yeah, ods-hsmutil uses the PKCS#11 interface to talk to the HSMs. And is thus freestanding from the OpenDNSSEC information structure. Since SoftHSM is only in software, you could do look in its database. But it should be sufficient to use the PKCS#11 interface.

> * I had to generate them myself. When trying to sign after install and
> starting engines, I got the error message saying no keys available.
> Repositories were empty. *

That was odd.

Since ods-enforcerd should generate keys in the HSM, than pass the key id over to the Signer Engine. Which uses the key with this id. Do you have a use-case so we can reproduce the problem?

// Rickard

Version: 9.8.3 (Build 4028)
Charset: utf-8


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20091103/296d6ebb/attachment.htm>

More information about the Opendnssec-user mailing list