No problems have been observed on the FreeBSD GitLab CI runner during
the burn-in period, when FreeBSD jobs needed to be triggered manually.
Thus, make the FreeBSD jobs run automatically along other GitLab CI
jobs.
`/usr/share/sgml/docbook/xsl-stylesheets` and `/usr/share/dblatex` are
places where docbook-style-xsl and, respectively, dblatex packages on
Red Hat systems put their XSL templates. Unless we hint this place it
has to be added to `./configure` manually (`--with-docbook-xsl=...`):
https://src.fedoraproject.org/rpms/bind/blob/master/f/bind.spec#_691.
On Fedora 30:
Before
```
./configure
...
checking for Docbook-XSL path... auto
checking for html/docbook.xsl... "not found"
checking for xhtml/docbook.xsl... "not found"
checking for manpages/docbook.xsl... "not found"
checking for html/chunk.xsl... "not found"
checking for xhtml/chunk.xsl... "not found"
checking for html/chunktoc.xsl... "not found"
checking for xhtml/chunktoc.xsl... "not found"
checking for html/maketoc.xsl... "not found"
checking for xhtml/maketoc.xsl... "not found"
checking for xsl/docbook.xsl... "not found"
checking for xsl/latex_book_fast.xsl... "not found"
```
After:
```
./configure
...
checking for Docbook-XSL path... auto
checking for html/docbook.xsl... /usr/share/sgml/docbook/xsl-stylesheets/html/docbook.xsl
checking for xhtml/docbook.xsl... /usr/share/sgml/docbook/xsl-stylesheets/xhtml/docbook.xsl
checking for manpages/docbook.xsl... /usr/share/sgml/docbook/xsl-stylesheets/manpages/docbook.xsl
checking for html/chunk.xsl... /usr/share/sgml/docbook/xsl-stylesheets/html/chunk.xsl
checking for xhtml/chunk.xsl... /usr/share/sgml/docbook/xsl-stylesheets/xhtml/chunk.xsl
checking for html/chunktoc.xsl... /usr/share/sgml/docbook/xsl-stylesheets/html/chunktoc.xsl
checking for xhtml/chunktoc.xsl... /usr/share/sgml/docbook/xsl-stylesheets/xhtml/chunktoc.xsl
checking for html/maketoc.xsl... /usr/share/sgml/docbook/xsl-stylesheets/html/maketoc.xsl
checking for xhtml/maketoc.xsl... /usr/share/sgml/docbook/xsl-stylesheets/xhtml/maketoc.xsl
checking for xsl/docbook.xsl... /usr/share/dblatex/xsl/docbook.xsl
checking for xsl/latex_book_fast.xsl... /usr/share/dblatex/xsl/latex_book_fast.xsl
```
* CKR_CRYPTOKI_ALREADY_INITIALIZED: This value can only be returned by
`C_Initialize`. It means that the Cryptoki library has already been
initialized (by a previous call to `C_Initialize` which did not have a
matching `C_Finalize` call).
* CKR_FUNCTION_NOT_SUPPORTED: The requested function is not supported by this
Cryptoki library. Even unsupported functions in the Cryptoki API should have a
“stub” in the library; this stub should simply return the value
CKR_FUNCTION_NOT_SUPPORTED.
* CKR_LIBRARY_LOAD_FAILED: The Cryptoki library could not load a dependent
shared library.
The OASIS pkcs11.h header has a restrictive license. Replace the
pkcs11.h pkcs11f.h and pkcs11t.h headers with pkcs11.h from p11-kit.
For source distribution, the license for the OASIS headers itself
doesn't pose any licensing problem when combined with MPL license, but
it possibly creates problem for downstream distributors of BIND 9.
The isc_refcount_decrement() was either used as:
if (isc_refcount_decrement() == 1) { destroy(); }
or
if (isc_refcount_decrement() != 1) { return; } destroy();
This commits eradicates the last usage of the later, so the code is unified to
use the former.
Fixing typos, typographical glitches. Added backticks around binaries,
modules, and libraries so it's more consistent. Added a paragraph with
ISC Security Policy.
Ensure BIND can be tested on FreeBSD in GitLab to more quickly catch
build and test errors on that operating system. Make the relevant jobs
optional until the CI environment supporting them is deemed stable
enough for continuous use.
FreeBSD jobs are run using the Custom executor feature of GitLab Runner.
Unlike the Docker executor, the Custom executor does not support the
"image" option and thus some way of informing the runner about the OS
version to use for a given job is necessary. Arguably the simplest way
of doing that without a lot of code duplication in .gitlab-ci.yml would
be to use a YAML template with a "variables" block specifying the
desired FreeBSD release to use, but including such a template in a job
definition would cause issues in case other variables also needed to be
set for that job (e.g. CFLAGS or EXTRA_CONFIGURE for build jobs). Thus,
only one FreeBSD YAML template is defined instead and the Custom
executor scripts on FreeBSD runners extract the OS version to use from
the CI job name. This allows .gitlab-ci.yml variables to be defined for
FreeBSD jobs in the same way as for Docker-based jobs.
Currently, the lib/dns/tests/tkey_test unit test is only run when the
linker supports the --wrap option. However, linker support for that
option is only needed for static builds. As a result, the unit test
mentioned before is not being run everywhere it can be run as even for
builds done using --with-libtool, the test is not run unless the linker
supports the --wrap option.
Tweak preprocessor directives in lib/dns/tests/tkey_test.c so that this
test is run:
- for all builds using --with-libtool,
- for static builds done using a linker supporting the --wrap option.
Weak symbols are handled differently by different dynamic linkers. With
glibc, lib/dns/tests/tkey_test works as expected no matter whether
--with-libtool is used or not: __attribute__((weak)) prevents a static
build from failing and it just so happens that the desired symbols are
picked at runtime for dynamic builds. However, with BSD libc, the
libdns functions called from lib/dns/tests/tkey_test.c use the "real"
memory allocation functions from libisc, thus breaking that unit test.
(Note: similar behavior can be reproduced with glibc by setting the
LD_DYNAMIC_WEAK environment variable.)
The simplest way to make lib/dns/tests/tkey_test work reliably is to
drop all uses of __attribute__((weak)) in it - this way, the memory
functions inside lib/dns/tests/tkey_test.c will always be used instead
of the "real" libisc ones for dynamic builds. However, this would not
work with static builds as it would result in multiple strong symbols
with the same name being present in a single binary.
Work around the problem by only compiling in the overriding definitions
of memory functions when building using --with-libtool. For static
builds, keep relying on the --wrap linker option for replacing calls to
the functions we are interested in.
When kyua is called without the --logfile command line option, the log
file is created at a default location which is derived from the HOME
environment variable. On FreeBSD GitLab CI runners, /home is a
read-only directory and thus kyua invocations not using the --logfile
option fail when HOME is set to something beneath /home. Set --logfile
to /dev/null for all kyua invocations whose logs are irrelevant in order
to prevent kyua failures caused by HOME being non-writable.
For newer versions of Xcode, "xcode-select --install" no longer installs
system headers into /usr/include (instead, they are installed in the
Xcode directory tree), so do not mention that path in the macOS section
of README to prevent confusion.
Previously the libisc allocator had ability to run unlocked when threading was
disabled. As the threading is now always on, remove the ISC_MEMFLAG_NOLOCK
memory flag as it serves no purpose.
The isc_mem_createx() function was only used in the tests to eliminate using the
default flags (which as of writing this commit message was ISC_MEMFLAG_INTERNAL
and ISC_MEMFLAG_FILL). This commit removes the isc_mem_createx() function from
the public API.
