[Opendnssec-user] Re: Packaging OpenDNSSEC for Debian
Ondřej Surý
ondrej at sury.org
Wed Jan 27 12:52:06 UTC 2010
Hi Rick,
On Wed, Jan 27, 2010 at 09:05, Rick van Rein <rick at openfortress.nl> wrote:
> Hello Ondrej,
>
> You are packaging OpenDNSSEC for Debian, right?
>
> Just out of curiosity:
>
> 1) Are you going to use the /etc/alternatives/ framework to select the
> PKCS #11 implementation, and provide SoftHSM as a suggested
> implementation package for that? (I don't know if there is a
> libpkcs11.so alternative in common use on Debian.)
Nope. It's done via opendnssec configuration. But maybe it's not a bad
idea to talk to OpenSC maintainer about providing
/usr/lib/libpkcs11.so alternative.
> 2) Not everybody wants to run the auditor as part of OpenDNSSEC. Are you
> packaging it separately? If so, the ideal would of course be to have
> the auditor automatically incorporated into OpenDNSSEC's workflow,
> but only when it is installed. Are you finding sufficient facilities
> to setup such variations as gently as they can be?
OpenDNSSEC will be split into these source packages:
Already done and uploaded:
opendnssec-conf
opendnssec-auditor
softhsm
To be done:
opendnssec-enforcer (opendnssec-enforcerd, libksm-sqlite & libksm-mysql)
libhsm
opendnssec-signer (opendnssec-signer, opendnssec-(signer)-tools)
meta-opendnssec (opendnssec meta package which install everything)
I am planning to just "Recommend:" opendnssec-auditor.
libhsm will just recommend libsofthsm (since you can have proprietary
libpkcs11.so installed)
There could be some changes as I go through those tools (like
opendnssec-auditor needs to Depend on opendnssec-conf, etc.)
Ondrej
--
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/
More information about the Opendnssec-user
mailing list