-
Type:
Support
-
Status: Closed
-
Priority:
Minor
-
Resolution: Won't Fix
-
Affects Version/s: OpenDNSSEC 1.4.2, SoftHSM 1.3.5
-
Fix Version/s: None
-
Component/s: Enforcer
-
Labels:None
-
Environment:
$ uname -a
FreeBSD kropotkin.example.org 10.0-ALPHA2 FreeBSD 10.0-ALPHA2 #0 r255751M: Sun Sep 22 02:22:35 EST 2013 agh@kropotkin.example.org:/usr/obj/corei7avx/usr/src/sys/AUXIO amd6
4$ cc --version
FreeBSD clang version 3.3 (tags/RELEASE_33/final 183502) 20130610
Target: x86_64-unknown-freebsd10.0
Thread model: posix$ c++ --version
FreeBSD clang version 3.3 (tags/RELEASE_33/final 183502) 20130610
Target: x86_64-unknown-freebsd10.0
Thread model: posix$ cat /etc/make.conf
WITH_PKGNG=YES
MAKE_JOBS_NUMBER=9
NO_PROFILE=true
#CPUTYPE?=corei7-avx
DEFAULT_VERSIONS=perl5=5.18
WITH_SSP=YES$ uname -a FreeBSD kropotkin.example.org 10.0-ALPHA2 FreeBSD 10.0-ALPHA2 #0 r255751M: Sun Sep 22 02:22:35 EST 2013 agh@kropotkin.example.org:/usr/obj/corei7avx/usr/src/sys/AUXIO amd6 4 $ cc --version FreeBSD clang version 3.3 (tags/RELEASE_33/final 183502) 20130610 Target: x86_64-unknown-freebsd10.0 Thread model: posix $ c++ --version FreeBSD clang version 3.3 (tags/RELEASE_33/final 183502) 20130610 Target: x86_64-unknown-freebsd10.0 Thread model: posix $ cat /etc/make.conf WITH_PKGNG=YES MAKE_JOBS_NUMBER=9 NO_PROFILE=true #CPUTYPE?=corei7-avx DEFAULT_VERSIONS=perl5=5.18 WITH_SSP=YES
New system + modified OpenDNSSEC configuration from previous working system. After initializing the SoftHSM repository I performed the following:
- ods-ksmutil setup
WARNING This will erase all data in the database; are you sure? [y/N] y
fixing permissions on file /usr/local/var/opendnssec/kasp.db
zonelist filename set to /usr/local/etc/opendnssec/zonelist.xml.
kasp filename set to /usr/local/etc/opendnssec/kasp.xml.
Repository SoftHSM found
No Maximum Capacity set.
RequireBackup NOT set; please make sure that you know the potential problems of using keys which are not recoverable
INFO: The XML in /usr/local/etc/opendnssec/conf.xml is valid
INFO: The XML in /usr/local/etc/opendnssec/zonelist.xml is valid
INFO: The XML in /usr/local/etc/opendnssec/kasp.xml is valid
WARNING: No policy named 'default' in /usr/local/etc/opendnssec/kasp.xml. This means you will need to refer explicitly to the policy for each zone
WARNING: In policy example.org, Y used in duration field for Keys/KSK Lifetime (P1Y) in /usr/local/etc/opendnssec/kasp.xml - this will be interpreted as 365 days
Policy example.org found
Info: converting P1Y to seconds; M interpreted as 31 days, Y interpreted as 365 days
Zone example.org found; policy set to example.org
Added zone example.org to database
- ods-control start
Starting enforcer...
OpenDNSSEC ods-enforcerd started (version 1.4.2), pid 10936
Could not start enforcer
#
There is nothing in /var/log/debug or /var/log/messages