Re: security/gnutls: link against libunbound for DANE support (patch)

[N <ng0%n0.is@localhost>]

J. Lewis Muir transcribed 1.2K bytes:
> On 09/18, N wrote:
> > J. Lewis Muir transcribed 829 bytes:
> > > On 09/16, ng0 wrote:
> > > > In a set of software I work on, we highly prefer GnuTLS built
> > > > against libunbound to get DANE functionality. Right now this
> > > > pulls in at least unbound (and flex via unbound).
> > > > There are plans to eventually not depend on unbound for this
> > > > in GnuTLS itself.
> > > 
> > > What does Unbound have to do with this?
> > 
> > libunbound is required to build this, if you read the build-system of
> > GnuTLS and open tickets like https://gitlab.com/gnutls/gnutls/issues/21
> > 
> > Without the right dependencies in place, GnuTLS does not build this.
> 
> Got it.  Thanks for the explanation!
> 
> That seems weird to have a library package depend on a non-library
> package.  It seems like it would be better if there were a libunbound
> package that provided the unbound library and that both the unbound
> and the gnutls package could depend on.  But then you have the pain of
> splitting the unbound package, and as you said upthread, "there are
> plans to eventually not depend on unbound for this in GnuTLS itself," so
> maybe it's not worth the trouble and your proposed solution is the best.

I don't contribute to GnuTLS, so I don't know when they will get to it.
However you make a good point - we could still try and split out
libunbound if it is possible - it could be that you need a configured
unbound.. admittedly I never tested this (only packaged it for 3
package managers) in detail, so I would have to ask around and/or
read more.
 
> Regards,
> 
> Lewis