mirror of
https://github.com/systemd/systemd.git
synced 2025-01-10 05:18:17 +03:00
resolved: ignore DNSSEC= option when resolved is built without gcrypt (#6084)
Fixes #5583.
This commit is contained in:
Yu Watanabe
Zbigniew Jędrzejewski-Szmek
parent
a1bb2402cb
commit
42303dcb1a
@ -1326,6 +1326,11 @@ AC_ARG_WITH(default-dnssec,
|
|||||||
[DEFAULT_DNSSEC_MODE="$withval"],
|
[DEFAULT_DNSSEC_MODE="$withval"],
|
||||||
[DEFAULT_DNSSEC_MODE="allow-downgrade"])
|
[DEFAULT_DNSSEC_MODE="allow-downgrade"])
|
||||||
|
|
||||||
|
if test "x$have_gcrypt" = xno -a "x${DEFAULT_DNSSEC_MODE}" != xno ; then
|
||||||
|
AC_MSG_WARN(default-dnssec cannot be set to yes or allow-downgrade when gcrypt is disabled. Setting default-dnssec to no.)
|
||||||
|
DEFAULT_DNSSEC_MODE="no"
|
||||||
|
fi
|
||||||
|
|
||||||
AS_CASE("x${DEFAULT_DNSSEC_MODE}",
|
AS_CASE("x${DEFAULT_DNSSEC_MODE}",
|
||||||
[xno], [mode=DNSSEC_NO],
|
[xno], [mode=DNSSEC_NO],
|
||||||
[xyes], [mode=DNSSEC_YES],
|
[xyes], [mode=DNSSEC_YES],
|
||||||
|
|||||||
14
meson.build
14
meson.build
@ -603,11 +603,6 @@ kill_user_processes = get_option('default-kill-user-processes')
|
|||||||
conf.set10('KILL_USER_PROCESSES', kill_user_processes)
|
conf.set10('KILL_USER_PROCESSES', kill_user_processes)
|
||||||
substs.set('KILL_USER_PROCESSES', kill_user_processes ? 'yes' : 'no')
|
substs.set('KILL_USER_PROCESSES', kill_user_processes ? 'yes' : 'no')
|
||||||
|
|
||||||
default_dnssec = get_option('default-dnssec')
|
|
||||||
conf.set('DEFAULT_DNSSEC_MODE',
|
|
||||||
'DNSSEC_' + default_dnssec.underscorify().to_upper())
|
|
||||||
substs.set('DEFAULT_DNSSEC_MODE', default_dnssec)
|
|
||||||
|
|
||||||
dns_servers = get_option('dns-servers')
|
dns_servers = get_option('dns-servers')
|
||||||
conf.set_quoted('DNS_SERVERS', dns_servers)
|
conf.set_quoted('DNS_SERVERS', dns_servers)
|
||||||
substs.set('DNS_SERVERS', dns_servers)
|
substs.set('DNS_SERVERS', dns_servers)
|
||||||
@ -953,6 +948,15 @@ else
|
|||||||
libgpg_error = []
|
libgpg_error = []
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
default_dnssec = get_option('default-dnssec')
|
||||||
|
if default_dnssec != 'no' and not conf.get('HAVE_GCRYPT', false)
|
||||||
|
message('default-dnssec cannot be set to yes or allow-downgrade when gcrypt is disabled. Setting default-dnssec to no.')
|
||||||
|
default_dnssec = 'no'
|
||||||
|
endif
|
||||||
|
conf.set('DEFAULT_DNSSEC_MODE',
|
||||||
|
'DNSSEC_' + default_dnssec.underscorify().to_upper())
|
||||||
|
substs.set('DEFAULT_DNSSEC_MODE', default_dnssec)
|
||||||
|
|
||||||
want_importd = get_option('importd')
|
want_importd = get_option('importd')
|
||||||
if want_importd != 'false'
|
if want_importd != 'false'
|
||||||
have_deps = (conf.get('HAVE_LIBCURL', false) and
|
have_deps = (conf.get('HAVE_LIBCURL', false) and
|
||||||
|
|||||||
@ -246,6 +246,12 @@ int manager_parse_config_file(Manager *m) {
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef HAVE_GCRYPT
|
||||||
|
if (m->dnssec_mode != DNSSEC_NO) {
|
||||||
|
log_warning("DNSSEC option cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
|
||||||
|
m->dnssec_mode = DNSSEC_NO;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -313,6 +313,12 @@ void link_set_dnssec_mode(Link *l, DnssecMode mode) {
|
|||||||
|
|
||||||
assert(l);
|
assert(l);
|
||||||
|
|
||||||
|
#ifndef HAVE_GCRYPT
|
||||||
|
if (mode == DNSSEC_YES || mode == DNSSEC_ALLOW_DOWNGRADE)
|
||||||
|
log_warning("DNSSEC option for the link cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
|
||||||
|
return;
|
||||||
|
#endif
|
||||||
|
|
||||||
if (l->dnssec_mode == mode)
|
if (l->dnssec_mode == mode)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user