net-dns/knot: fix automagic for pkcs11

Bug: https://bugs.gentoo.org/967060 Signed-off-by: Nicolas PARLANT <nicolas.parlant@parhuet.fr> Part-of: https://github.com/gentoo/gentoo/pull/44918 Signed-off-by: Sam James <sam@gentoo.org>
2025-12-07 00:04:45 +03:00 · 2025-12-05 11:32:25 +01:00 · 2025-12-05 11:32:25 +01:00 · 916fc7b338
commit 916fc7b338
parent 2bea379d24
3 changed files with 52 additions and 0 deletions
--- a/net-dns/knot/files/knot-3.5.2-fix_automagic_pkcs11.patch
+++ b/net-dns/knot/files/knot-3.5.2-fix_automagic_pkcs11.patch
@ -0,0 +1,40 @@
+PR merged https://gitlab.nic.cz/knot/knot-dns/-/merge_requests/1830.patch
+remove automagic for PKCS #11 support
+add a option pkcs11 to handle this
+--- a/configure.ac
+++ b/configure.ac
+@@ -151,9 +151,9 @@ PKG_CHECK_MODULES([gnutls], [gnutls >= 3.6.10], [
+     CFLAGS="$CFLAGS $gnutls_CFLAGS"
+     LIBS="$LIBS $gnutls_LIBS"
+ 
+-    AC_CHECK_FUNC([gnutls_pkcs11_copy_pubkey], [enable_pkcs11=yes], [enable_pkcs11=no])
+-    AS_IF([test "$enable_pkcs11" = yes],
+-        [AC_DEFINE([ENABLE_PKCS11], [1], [PKCS #11 support available])])
+    AC_CHECK_FUNC([gnutls_pkcs11_copy_pubkey],
+        [AC_DEFINE([HAVE_GNUTLS_PKCS11], [1], [gnutls_pkcs11_copy_pubkey available])
+         gnutls_pkcs11=yes], [gnutls_pkcs11=no])
+ 
+     AC_CHECK_DECL([GNUTLS_SIGN_EDDSA_ED448],
+         [AC_DEFINE([HAVE_ED448], [1], [GnuTLS ED448 support available])
+@@ -170,7 +170,21 @@ PKG_CHECK_MODULES([gnutls], [gnutls >= 3.6.10], [
+ ], [
+     AS_IF([test "$enable_redis" != "module"], [AC_MSG_ERROR([GnuTLS library not found])])
+ ])
+# PKCS11 support
+AC_ARG_ENABLE([pkcs11],
+   AS_HELP_STRING([--enable-pkcs11=auto|yes|no], [Support PKCS #11 [default=auto]]),
+   [], [enable_pkcs11=auto])
+
+AS_CASE([$enable_pkcs11],
+   [auto], [AS_IF([test "$gnutls_pkcs11" = "yes"], [enable_pkcs11=yes], [enable_pkcs11=no])],
+   [yes],  [AS_IF([test "$gnutls_pkcs11" = "yes"], [enable_pkcs11=yes], [
+     AC_MSG_ERROR([PKCS11 not available])])],
+   [no], [],
+   [*], [AC_MSG_ERROR([Invalid value of --enable-pkcs11.])]
+)
+ AM_CONDITIONAL([ENABLE_PKCS11], [test "$enable_pkcs11" = "yes"])
+AS_IF([test "$enable_pkcs11" != "no"], [
+  AC_DEFINE([ENABLE_PKCS11], [1], [Define to 1 to enable PKCS #11 support using GnuTLS])])
+ 
+ AC_ARG_ENABLE([recvmmsg],
+    AS_HELP_STRING([--enable-recvmmsg=auto|yes|no], [enable recvmmsg() network API [default=auto]]),
--- a/net-dns/knot/knot-3.4.9-r1.ebuild
+++ b/net-dns/knot/knot-3.4.9-r1.ebuild
@ -100,6 +100,11 @@ BDEPEND="
 	verify-sig? ( sec-keys/openpgp-keys-knot )
 "

+PATCHES=(
+	# PR 1830 merged
+	"${FILESDIR}"/${PN}-3.5.2-fix_automagic_pkcs11.patch
+)
+
 VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/${PN}.asc

 # Used to check cpuset_t in sched.h with NetBSD.
@ -146,6 +151,7 @@ src_configure() {
 		$(use_enable fastparser)
 		$(use_enable geoip maxminddb)
 		$(use_with idn libidn)
+		$(use_enable pkcs11)
 		$(use_enable quic)
 		$(use_enable systemd)
 		$(use_enable utils utilities)
--- a/net-dns/knot/knot-3.5.2-r1.ebuild
+++ b/net-dns/knot/knot-3.5.2-r1.ebuild
@ -108,6 +108,11 @@ VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/${PN}.asc
 # False positive because linux have sched.h too but with cpu_set_t
 QA_CONFIG_IMPL_DECL_SKIP=( cpuset_create cpuset_destroy )

+PATCHES=(
+	# PR 1830 merged
+	"${FILESDIR}"/${PN}-3.5.2-fix_automagic_pkcs11.patch
+)
+
 python_check_deps() {
 	use doc || return 0
 	python_has_version "dev-python/sphinx[${PYTHON_USEDEP}]" \
@ -148,6 +153,7 @@ src_configure() {
 		$(use_enable fastparser)
 		$(use_enable geoip maxminddb)
 		$(use_with idn libidn)
+		$(use_enable pkcs11)
 		$(use_enable quic)
 		$(use_enable redis redis $(usex daemon client))
 		$(use_enable systemd)