From thozza at redhat.com  Wed Mar  1 11:58:37 2017
From: thozza at redhat.com (Tomas Hozza)
Date: Wed, 1 Mar 2017 12:58:37 +0100
Subject: [Dnssec-trigger] OpenSSL 1.1.0 incompatibility and git repo on
 GitHub
Message-ID: <4b421f94-7a9f-17b6-fc9f-1b0b2f464cf4@redhat.com>

Hello.

I updated dnssec-trigger in Fedora to the upstream version 0.13. While it compiles with OpenSSL 1.1.0, it does not work with it. We have a bug in Fedora for that https://bugzilla.redhat.com/show_bug.cgi?id=1427561. It seems that the fix has been already provided by Ondrej Sury as a pull request on GitHub - https://github.com/NLnetLabs/dnssec-trigger/pull/1. Would you please consider reviewing the changes and merging them?

Additionally I would like to ask if you ever considered moving away from SVN and using e.g. the GitHub repository as the main upstream source control? From my point of view, it would help to get contributions for the project. We could easily create pull requests to propose changes and one could connect it to a CI system, that would also test pull requests and the master itself. One of the engineers in my team (Martin Sehnoutka - https://github.com/msehnout/dnssec-trigger-fedora) is currently working on rewriting the configuration of forward zones for e.g. VPNs from the Python script to the daemon, so that the logic is in a single place. Martin is also working on some unit tests and a way to test dnssec-trigger daemon itself. I think having a repository on GitHub could help to have an automated CI taking advantage of any unit tests and integration tests.

Thanks.

Regards,
Tomas
-- 
Tomas Hozza
Associate Manager, Software Engineering - EMEA ENG Mainstream RHEL

PGP: 1D9F3C2D
UTC+1 (CET)
Red Hat Inc.                 http://cz.redhat.com


From alan at clegg.com  Wed Mar  1 13:00:46 2017
From: alan at clegg.com (Alan Clegg)
Date: Wed, 1 Mar 2017 08:00:46 -0500
Subject: [Dnssec-trigger] OpenSSL 1.1.0 incompatibility and git repo on
 GitHub
In-Reply-To: <4b421f94-7a9f-17b6-fc9f-1b0b2f464cf4@redhat.com>
References: <4b421f94-7a9f-17b6-fc9f-1b0b2f464cf4@redhat.com>
Message-ID: <a78987b6-fb38-43fb-8e2b-eb45ee816997@clegg.com>

On 3/1/17 6:58 AM, Tomas Hozza wrote:

> Additionally I would like to ask if you ever considered moving away
> from SVN and using e.g. the GitHub repository as the main upstream
> source control?

<< SIGH >>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/dnssec-trigger/attachments/20170301/5158e1e7/attachment.bin>

From thozza at redhat.com  Mon Mar  6 11:11:55 2017
From: thozza at redhat.com (Tomas Hozza)
Date: Mon,  6 Mar 2017 12:11:55 +0100
Subject: [Dnssec-trigger] [PATCH] Allow strings longer than 2 characters for
 the HTTP probe
Message-ID: <1488798715-2401-1-git-send-email-thozza@redhat.com>

Previously only content of lenght 2 or less characters was allowed for
the HTTP probe. The length was hardcoded and even if the strings from
the configuration and from the probe matched, the result was failure.

This could be reproduced e.g. with using the following line in the
configuration:

url: "http://httpstat.us/200 200 OK"

Signed-off-by: Tomas Hozza <thozza at redhat.com>
---
 riggerd/http.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/riggerd/http.c b/riggerd/http.c
index a08d629..b68e898 100644
--- a/riggerd/http.c
+++ b/riggerd/http.c
@@ -767,11 +767,17 @@ static int
 hg_check_data(ldns_buffer* data, char* result)
 {
 	char* s = (char*)ldns_buffer_begin(data);
+	size_t result_len = strlen(result);
+
 	while(isspace(*s))
 		s++;
-	if(strncmp(s, result, strlen(result)) != 0)
+	if(strncmp(s, result, result_len) != 0)
 		return 0;
-	s += 2;
+	/*
+	 * check that there is nothing else
+	 * than whitespaces after the expected string
+	 */
+	s += result_len;
 	while(isspace(*s))
 		s++;
 	if(*s != 0)
-- 
2.7.4



From jeremyrand at airmail.cc  Mon Mar 27 08:56:03 2017
From: jeremyrand at airmail.cc (Jeremy Rand)
Date: Mon, 27 Mar 2017 08:56:03 +0000
Subject: [Dnssec-trigger] libgcc_s_sjlj-1.dll
In-Reply-To: <587912C4.80301@nlnetlabs.nl>
References: <alpine.DEB.2.11.1701131549020.27231@delta.uni-mb.si>
 <587912C4.80301@nlnetlabs.nl>
Message-ID: <6037010b-e712-d328-6a63-0c59ad6a340c@airmail.cc>

wouter at nlnetlabs.nl (W.C.A. Wijngaards):
> Hi Ales,
> 
> On 13/01/17 16:02, Ales Casar wrote:
>> Hello!
> 
>> I have tried to install dnssec-trigger 0.13 on Windows Vista x64. 
>> Unfortunately with no success. Many (all?) .exe binaries crashed
>> during setup without any useful message. After some research of
>> EventLog and manual testing I think the problem is in missing
>> libgcc_s_sjlj-1.dll library. Then I've tried the same manual tests
>> also with previous version of dnssec-trigger 0.12, and there was no
>> such problems.
> 
>> Did perhaps maintainer of dnssec-trigger windows packages forgot
>> to include libgcc_s_sjlj-1.dll library into the package? Or should
>> I install some dependency before? If yes, which one? Or something 
>> completely different?
> 
> Yes the dependencies seem to have changed between the versions, here
> is a link to the package with the dll you refer to and
> libwinpthread-1.dll.
> 
> www.nlnetlabs.nl/~wouter/dnssec_trigger_setup_0.14_20170106_2.exe
> 
> Best regards, Wouter

Hi Wouter,

Will this fixed version be posted on the main Dnssec-Trigger website?
This would be useful for verifying its authenticity (e.g. via hashes
posted on the main website).

Cheers,
-Jeremy Rand

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/dnssec-trigger/attachments/20170327/2a826a76/attachment.bin>