Re: CVS commit: pkgsrc/net/ldns

[Havard Eidnes <he%NetBSD.org@localhost>]

>>> The default for LDNS_TRUST_ANCHOR_FILE is dubious, since we could use
>>> the unbound from -base, and we don't depend on net/unbound either.
>>> It can be overridden on the command line, though.
>>
>> So where does ldns look for a config file then?
>
> It doesn't really, it's a library: <https://github.com/NLnetLabs/ldns>
>
>> Or is this about looking for some other file that isn't an ldns config
>> file, and it's misusing autoconf sysconfdir for that?
>
> This - by default, it looks for a key file in unbound's config dir. 
> Arguably, it should use its own directory instead. Maybe the pkg 
> maintainer wants to chime in?

Well...  LDNS_TRUST_ANCHOR_FILE isn't set in the package
infrastructure files, so we end up with what configure.ac says
and does:

AC_ARG_WITH(trust-anchor, AC_HELP_STRING([--with-trust-anchor=KEYFILE], [Default location of the trust anchor file for drill and ldns-dane. [default=SYSCONFDIR/unbound/root.key]]), [
 AC_SUBST([LDNS_TRUST_ANCHOR_FILE], ["$withval"])
 AC_MSG_NOTICE([Default trust anchor: $withval])
],[
 AC_SUBST([LDNS_TRUST_ANCHOR_FILE], ["\$(sysconfdir)/unbound/root.key"])
])

It doesn't look like NetBSD's base system in netbsd-9 (or
netbsd-10?!?) installs a root.key file, the above is about as
good or bad as anything else, usability-wise, I would think.

And /etc/namedb/bind.keys has the wrong format, so can't be
used in it's place.

Regards,

- Håvard