[Pkg-dns-devel] Bug#859419: non-functional after installation (service fails to start)
Ondřej Surý
ondrej at sury.org
Mon May 8 13:17:01 UTC 2017
Control: severity -1 important
Hi,
this is not something really fixable without breaking existing user base
(for now).
The problem is that you need configured and initialized HSM store for
the keys, and that something the user must do manually, because he is
expected to provide his own HSM - and while softhsm2 is the most common
implementation used together with OpenDNSSEC, it's not the only one.
I could probably provide --no-start to dh_systemd_start invocation, but
doing that now inside the stretch freeze would be very disruptive (in my
opinion). It might be also fixed upstream to not exit violently when no
key store is configured, but just refuse to generate new keys and log
that prominently.
I have fixed the other two RC bugs, and I am lowering the severity on
this one, as this is how the OpenDNSSEC have worked since the beginning.
Cheers,
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu
More information about the pkg-dns-devel
mailing list