mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
resolved: ignore DNSSEC= option when resolved is built without gcrypt (#6084)
Fixes #5583.
This commit is contained in:
parent
a1bb2402cb
commit
42303dcb1a
@ -1326,6 +1326,11 @@ AC_ARG_WITH(default-dnssec,
|
||||
[DEFAULT_DNSSEC_MODE="$withval"],
|
||||
[DEFAULT_DNSSEC_MODE="allow-downgrade"])
|
||||
|
||||
if test "x$have_gcrypt" = xno -a "x${DEFAULT_DNSSEC_MODE}" != xno ; then
|
||||
AC_MSG_WARN(default-dnssec cannot be set to yes or allow-downgrade when gcrypt is disabled. Setting default-dnssec to no.)
|
||||
DEFAULT_DNSSEC_MODE="no"
|
||||
fi
|
||||
|
||||
AS_CASE("x${DEFAULT_DNSSEC_MODE}",
|
||||
[xno], [mode=DNSSEC_NO],
|
||||
[xyes], [mode=DNSSEC_YES],
|
||||
|
14
meson.build
14
meson.build
@ -603,11 +603,6 @@ kill_user_processes = get_option('default-kill-user-processes')
|
||||
conf.set10('KILL_USER_PROCESSES', kill_user_processes)
|
||||
substs.set('KILL_USER_PROCESSES', kill_user_processes ? 'yes' : 'no')
|
||||
|
||||
default_dnssec = get_option('default-dnssec')
|
||||
conf.set('DEFAULT_DNSSEC_MODE',
|
||||
'DNSSEC_' + default_dnssec.underscorify().to_upper())
|
||||
substs.set('DEFAULT_DNSSEC_MODE', default_dnssec)
|
||||
|
||||
dns_servers = get_option('dns-servers')
|
||||
conf.set_quoted('DNS_SERVERS', dns_servers)
|
||||
substs.set('DNS_SERVERS', dns_servers)
|
||||
@ -953,6 +948,15 @@ else
|
||||
libgpg_error = []
|
||||
endif
|
||||
|
||||
default_dnssec = get_option('default-dnssec')
|
||||
if default_dnssec != 'no' and not conf.get('HAVE_GCRYPT', false)
|
||||
message('default-dnssec cannot be set to yes or allow-downgrade when gcrypt is disabled. Setting default-dnssec to no.')
|
||||
default_dnssec = 'no'
|
||||
endif
|
||||
conf.set('DEFAULT_DNSSEC_MODE',
|
||||
'DNSSEC_' + default_dnssec.underscorify().to_upper())
|
||||
substs.set('DEFAULT_DNSSEC_MODE', default_dnssec)
|
||||
|
||||
want_importd = get_option('importd')
|
||||
if want_importd != 'false'
|
||||
have_deps = (conf.get('HAVE_LIBCURL', false) and
|
||||
|
@ -246,6 +246,12 @@ int manager_parse_config_file(Manager *m) {
|
||||
return r;
|
||||
}
|
||||
|
||||
#ifndef HAVE_GCRYPT
|
||||
if (m->dnssec_mode != DNSSEC_NO) {
|
||||
log_warning("DNSSEC option cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
|
||||
m->dnssec_mode = DNSSEC_NO;
|
||||
}
|
||||
#endif
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
@ -313,6 +313,12 @@ void link_set_dnssec_mode(Link *l, DnssecMode mode) {
|
||||
|
||||
assert(l);
|
||||
|
||||
#ifndef HAVE_GCRYPT
|
||||
if (mode == DNSSEC_YES || mode == DNSSEC_ALLOW_DOWNGRADE)
|
||||
log_warning("DNSSEC option for the link cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
|
||||
return;
|
||||
#endif
|
||||
|
||||
if (l->dnssec_mode == mode)
|
||||
return;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user