[Opendnssec-user] SQLite -> MySQL

Rick van Rein rick at openfortress.nl
Wed Apr 21 10:05:13 UTC 2010

Hello Rachid,


> the rpm spec i've send here, builds perfectly as far as i remember.

CentOS has more packages available than RHEL on which I'm building,
so I have to construct several underlying packages.  Working on that
now, it seems that SQLite is the only thing I still need to do.

You SQLite dependency does not mention the minimum version, so I turned
that into "sqlite >= 3.4.2" as demanded by ./configure:

checking for sqlite3.h... yes
checking for sqlite3_prepare_v2 in -lsqlite3... no
configure: error: Missing SQLite3 library v3.4.2 or greater
configure: error: ./configure failed for enforcer

I just got started with the build, so I have nothing worth showing yet.
For now, it's mainly thoughts and ideas that I have to share.

> i've rebuild it for 32bits arch few days ago. :)
> did you get any error while building opendnssec with my spec ?

Not yet, but any lessons learnt will be shared.  That's also behind
this posting -- things I ran into.

> if so let us know, so we can share and update the "official" opendnssec spec
> :)

I will surely share it, this is the best thing to do for all concerned.

I do have another idea about the package than what you did:  The auditor
is essentially an external component, and I do not want to include it
with the main RPM, because it introduces several dependencies.  For now,
I'm avoiding that with the --disable-auditor configure option.  It is
probably best if I/we split the source and build two packages for it.

> for the mysql view i'd be interested in helping if possible :-)

Thanks.  I suppose both databases are useful to some audiences:
SQLite works for locally signing people, probably the same ones who
also rely on SoftHSM.  For "business critical" signing, like our
setup that wants to run in high availability mode (yes, we did get
two HSMs with a PKCS #11 library that implements HA mode) it is more
likely that MySQL with replication is the right path.

Not sure how that would work, package-wise.  My current, short-sighted
aim is to build packages that work for our requirements, but I am
quite open to generally usable alternatives.  Ideally, installing
OpenDNSSEC would mean you needed to have one of the databases on your
system, right?


More information about the Opendnssec-user mailing list