Merge ~ahasenack/ubuntu/+source/bind9:disco-re-enable-eddsa-support into ubuntu/+source/bind9:ubuntu/disco-devel
Status: | Merged |
---|---|
Approved by: | Andreas Hasenack |
Approved revision: | e5673055341ef54b1223ebc17100389148c9bcbe |
Merged at revision: | e5673055341ef54b1223ebc17100389148c9bcbe |
Proposed branch: | ~ahasenack/ubuntu/+source/bind9:disco-re-enable-eddsa-support |
Merge into: | ubuntu/+source/bind9:ubuntu/disco-devel |
Diff against target: |
48 lines (+13/-2) 2 files modified
debian/changelog (+6/-0) debian/rules (+7/-2) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Christian Ehrhardt (community) | Approve | ||
Canonical Server | Pending | ||
Review via email: mp+366414@code.launchpad.net |
Description of the change
PPA with testing packages: https:/
sudo add-apt-repository ppa:ahasenack/
Re-enable eddsa support, which was disabled in the last merge from Debian. It will pull in openssl 1.1.1 (as opposed to just 1.1.0), and that's why it was disabled in Debian, albeit temporarily. This is a regression in Disco, and Eoan.
There are two tests that can be done: offline and online.
Offline test:
dnssec-keygen -a ED25519 example.com
That will fail with bind9 builds that do not have eddsa support.
Online test:
$ delv +dnssec +multiline @127.0.0.1 ed25519.nl
; fully validated
ed25519.nl. 3600 IN A 77.72.150.82
ed25519.nl. 3600 IN RRSIG A 15 2 3600 (
20190502000000 20190411000000 27662 ed25519.nl.
f7HjJcbvekr
nQjUxNcCvDW
It will either say "fully validated", as is the case above with a build that has eddsa support, or:
$ delv +dnssec +multiline @127.0.0.1 ed25519.nl
;; validating ed25519.nl/A: no valid signature found
; unsigned answer
ed25519.nl. 3600 IN A 77.72.150.82
ed25519.nl. 3200171710 IN RRSIG A 15 2 3600 (
20190502000000 20190411000000 27662 ed25519.nl.
f7HjJcbvekr
nQjUxNcCvDW
it will say "unsigned answer" and "no valid signature found".
Checked the bug, tests and SRU template - all LGTM