Gentoo LinuxでDNSサーバーを立てたとき、 bind インストール時に openssl の bindist USEフラグあたりでハマったのでメモ。
結果としては、 openssl と openssh のUSEフラグを -bindist 指定してリビルドすればインストールできた。
BIND入れようとすると、 berkdb を指定するためには dlz も必要と言われる。
localhost ~ # emerge -uav bind
These are the packages that would be merged, in order:
Calculating dependencies |
!!! Problem resolving dependencies for net-dns/bind
... done!
!!! The ebuild selected to satisfy "bind" has unmet requirements.
- net-dns/bind-9.9.4_p2::gentoo USE="berkdb ipv6 ssl -caps -dlz -doc -filter-aaaa -fixed-rrset -geoip -gost -gssapi -idn -ldap -mysql -odbc -postgres -python -rpz -rrl -sdb-ldap (-selinux) -static-libs -threads -urandom -xml"
The following REQUIRED_USE flag constraints are unsatisfied:
berkdb? ( dlz )
The above constraints are a subset of the following complete expression:
postgres? ( dlz ) berkdb? ( dlz ) mysql? ( dlz !threads ) odbc? ( dlz ) ldap? ( dlz ) sdb-ldap? ( dlz ) gost? ( ssl ) threads? ( caps )
なので dlz も指定する。
localhost ~ # flaggie +dlz bind
At argv[1]='+dlz': dlz seems to be an incorrect global flag
そうすると今度は openssl の bindist を外すように言われる。
localhost ~ # emerge -uav bind
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild R ] dev-libs/openssl-1.0.1e-r1 USE="(sse2) tls-heartbeat zlib -bindist* -gmp -kerberos -rfc3779 -static-libs {-test} -vanilla" 4,360 kB
[ebuild N ] net-dns/bind-9.9.4_p2 USE="berkdb dlz ipv6 ssl -caps -doc -filter-aaaa -fixed-rrset -geoip -gost -gssapi -idn -ldap -mysql -odbc -postgres -python -rpz -rrl -sdb-ldap (-selinux) -static-libs -threads -urandom -xml" 7,337 kB
Total: 2 packages (1 new, 1 reinstall), Size of downloads: 11,697 kB
The following USE changes are necessary to proceed:
(see "package.use" in the portage(5) man page for more details)
# required by net-dns/bind-9.9.4_p2[ssl]
# required by bind (argument)
=dev-libs/openssl-1.0.1e-r1 -bindist
Use --autounmask-write to write changes to config files (honoring
CONFIG_PROTECT). Carefully examine the list of proposed changes,
paying special attention to mask or keyword changes that may expose
experimental or unstable packages.
なので openssl から bindist を外してみると、今後は openssl-0.9.8y までバージョンが落とされて bind のビルドがコケる。。
localhost ~ # flaggie -bindist openssl
localhost ~ # emerge -uavq bind
[ebuild NS ] dev-libs/openssl-0.9.8y [1.0.1e-r1] USE="(sse2) zlib -bindist -gmp -kerberos {-test}"
[ebuild N ] net-dns/bind-9.9.4_p2 USE="berkdb dlz ipv6 ssl -caps -doc -filter-aaaa -fixed-rrset -geoip -gost -gssapi -idn -ldap -mysql -odbc -postgres -python -rpz -rrl -sdb-ldap (-selinux) -static-libs -threads -urandom -xml"
Would you like to merge these packages? [Yes/No]
>>> Verifying ebuild manifests
>>> Emerging (1 of 2) dev-libs/openssl-0.9.8y
>>> Installing (1 of 2) dev-libs/openssl-0.9.8y
>>> Emerging (2 of 2) net-dns/bind-9.9.4_p2
>>> Failed to emerge net-dns/bind-9.9.4_p2, Log file:
>>> '/var/tmp/portage/net-dns/bind-9.9.4_p2/temp/build.log'
>>> Jobs: 1 of 2 complete, 1 failed Load avg: 1.30, 0.68, 0.46
* Package: net-dns/bind-9.9.4_p2
* Repository: gentoo
* Maintainer: idl0r@gentoo.org
* USE: amd64 berkdb dlz elibc_glibc ipv6 kernel_linux ssl userland_GNU
* FEATURES: preserve-libs sandbox userpriv usersandbox
* Creating named group and user ...
* Adding group 'named' to your system ...
* - Groupid: 40
* Adding user 'named' to your system ...
* - Userid: 40
* - Shell: /sbin/nologin
* - Home: /etc/bind
* - Groups: named
* - GECOS: added by portage for bind
* - Creating /etc/bind in /
[ ok ]
* Running eautoreconf in '/var/tmp/portage/net-dns/bind-9.9.4_p2/work/bind-9.9.4-P2' ...
* Running libtoolize --install --copy --force ...
[ ok ]
* Running aclocal ...
[ ok ]
* Running autoconf ...
[ ok ]
* Running autoheader ...
[ ok ]
* Running elibtoolize in: bind-9.9.4-P2/
* Applying portage/1.2.0 patch ...
* Applying sed/1.5.6 patch ...
* Applying as-needed/2.4.2 patch ...
* Applying target-nm/2.4.2 patch ...
* Running elibtoolize in: bind-9.9.4-P2/contrib/idn/idnkit-1.0-src/
* Applying install-sh/1.5 patch ...
* Applying portage/1.3.3 patch ...
* Applying sed/1.5.6 patch ...
* Applying tmp/1.3.5 patch ...
* Applying uclibc-ltconf/1.3.0 patch ...
* Running elibtoolize in: bind-9.9.4-P2/contrib/nslint-2.1a3/
* Running elibtoolize in: bind-9.9.4-P2/contrib/query-loc-0.4.0/
* Running elibtoolize in: bind-9.9.4-P2/contrib/queryperf/
* Running elibtoolize in: bind-9.9.4-P2/contrib/zkt/
* Running elibtoolize in: bind-9.9.4-P2/unit/atf-src/
* Applying target-nm/2.4.2 patch ...
* Running elibtoolize in: bind-9.9.4-P2/unit/atf-src/admin/
* Applying portage/2.2 patch ...
* Applying sed/1.5.6 patch ...
* Applying as-needed/2.2.6 patch ...
include version 4.8
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking whether make sets $(MAKE)... yes
checking how to print strings... printf
checking for x86_64-pc-linux-gnu-gcc... x86_64-pc-linux-gnu-gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether x86_64-pc-linux-gnu-gcc accepts -g... yes
checking for x86_64-pc-linux-gnu-gcc option to accept ISO C89... none needed
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by x86_64-pc-linux-gnu-gcc... /usr/x86_64-pc-linux-gnu/bin/ld
checking if the linker (/usr/x86_64-pc-linux-gnu/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/x86_64-pc-linux-gnu-nm -B
checking the name lister (/usr/bin/x86_64-pc-linux-gnu-nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/x86_64-pc-linux-gnu/bin/ld option to reload object files... -r
checking for x86_64-pc-linux-gnu-objdump... x86_64-pc-linux-gnu-objdump
checking how to recognize dependent libraries... pass_all
checking for x86_64-pc-linux-gnu-dlltool... no
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for x86_64-pc-linux-gnu-ar... x86_64-pc-linux-gnu-ar
checking for archiver @FILE support... @
checking for x86_64-pc-linux-gnu-strip... x86_64-pc-linux-gnu-strip
checking for x86_64-pc-linux-gnu-ranlib... x86_64-pc-linux-gnu-ranlib
checking for gawk... gawk
checking command to parse /usr/bin/x86_64-pc-linux-gnu-nm -B output from x86_64-pc-linux-gnu-gcc object... ok
checking for sysroot... no
checking for x86_64-pc-linux-gnu-mt... no
checking for mt... no
checking if : is a manifest tool... no
checking how to run the C preprocessor... x86_64-pc-linux-gnu-gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if x86_64-pc-linux-gnu-gcc supports -fno-rtti -fno-exceptions... no
checking for x86_64-pc-linux-gnu-gcc option to produce PIC... -fPIC -DPIC
checking if x86_64-pc-linux-gnu-gcc PIC flag -fPIC -DPIC works... yes
checking if x86_64-pc-linux-gnu-gcc static flag -static works... yes
checking if x86_64-pc-linux-gnu-gcc supports -c -o file.o... yes
checking if x86_64-pc-linux-gnu-gcc supports -c -o file.o... (cached) yes
checking whether the x86_64-pc-linux-gnu-gcc linker (/usr/x86_64-pc-linux-gnu/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking whether ln -s works... yes
checking for ar... /usr/bin/ar
checking for etags... no
checking for emacs-etags... no
checking for perl5... no
checking for perl... /usr/bin/perl
disabled
checking for x86_64-pc-linux-gnu-gcc... (cached) x86_64-pc-linux-gnu-gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether x86_64-pc-linux-gnu-gcc accepts -g... (cached) yes
checking for x86_64-pc-linux-gnu-gcc option to accept ISO C89... (cached) none needed
checking for ANSI C header files... (cached) yes
checking for fcntl.h... yes
checking for regex.h... yes
checking for sys/time.h... yes
checking for unistd.h... (cached) yes
checking for sys/sockio.h... no
checking for sys/select.h... yes
checking for sys/param.h... yes
checking for sys/sysctl.h... yes
checking for net/if6.h... no
checking for an ANSI C-conforming const... yes
checking for inline... inline
checking for working volatile... yes
checking for sysctlbyname... no
checking for flexible array members... yes
checking for seteuid... yes
checking for setresuid... yes
checking for setegid... yes
checking for setresgid... yes
checking for static inline breakage... no
checking for size_t... yes
checking for ssize_t... yes
checking for uintptr_t... yes
checking for socklen_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking for long long... yes
checking for GCC noreturn attribute... yes
checking for struct lifconf... no
checking for kqueue... no
checking epoll support... yes
checking sys/devpoll.h usability... no
checking sys/devpoll.h presence... no
checking for sys/devpoll.h... no
checking devpoll.h usability... no
checking devpoll.h presence... no
checking for devpoll.h... no
checking if unistd.h or sys/types.h defines fd_set... yes
checking whether byte ordering is bigendian... no
checking for OpenSSL library... using OpenSSL from /usr/lib and /usr/include
checking whether linking with OpenSSL works... yes
checking whether linking with OpenSSL requires -ldl... no
checking OpenSSL library version... ok
checking for OpenSSL DSA support... yes
checking for EVP_sha256... yes
checking for EVP_sha384... yes
checking for EVP_sha512... yes
checking for OpenSSL ECDSA support... no
configure: error: ecdsa not supported
!!! Please attach the following file when seeking support:
!!! /var/tmp/portage/net-dns/bind-9.9.4_p2/work/bind-9.9.4-P2/config.log
* ERROR: net-dns/bind-9.9.4_p2::gentoo failed (configure phase):
* econf failed
*
* Call stack:
* ebuild.sh, line 93: Called src_configure
* environment, line 6365: Called econf '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-libtool' '--enable-full-report' '--disable-threads' '--with-dlopen' '--with-dlz-filesystem' '--with-dlz-stub' '--without-dlz-postgres' '--without-dlz-mysql' '--with-dlz-bdb' '--without-dlz-ldap' '--without-dlz-odbc' '--with-openssl=/usr' '--with-ecdsa' '--without-idn' '--enable-ipv6' '--without-libxml2' '--disable-newst
ats' '--without-gssapi' '--disable-rpz-nsip' '--disable-rpz-nsdname' '--disable-linux-caps' '--without-gost' '--disable-filter-aaaa' '--disable-fixed-rrset' '--disable-rrl' '--without-python' '--without-readline' '--with-randomdev=/dev/random'
* phase-helpers.sh, line 577: Called die
* The specific snippet of code:
* die "econf failed"
*
* If you need support, post the output of `emerge --info '=net-dns/bind-9.9.4_p2::gentoo'`,
* the complete build log and the output of `emerge -pqv '=net-dns/bind-9.9.4_p2::gentoo'`.
* The complete build log is located at '/var/tmp/portage/net-dns/bind-9.9.4_p2/temp/build.log'.
* The ebuild environment file is located at '/var/tmp/portage/net-dns/bind-9.9.4_p2/temp/environment'.
* Working directory: '/var/tmp/portage/net-dns/bind-9.9.4_p2/work/bind-9.9.4-P2'
* S: '/var/tmp/portage/net-dns/bind-9.9.4_p2/work/bind-9.9.4-P2'
* Messages for package dev-libs/openssl-0.9.8y:
* Removing lib{crypto,ssl}.so.0.9.8 to avoid collision with openssl-1
* Messages for package net-dns/bind-9.9.4_p2:
* ERROR: net-dns/bind-9.9.4_p2::gentoo failed (configure phase):
* econf failed
*
* Call stack:
* ebuild.sh, line 93: Called src_configure
* environment, line 6365: Called econf '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-libtool' '--enable-full-report' '--disable-threads' '--with-dlopen' '--with-dlz-filesystem' '--with-dlz-stub' '--without-dlz-postgres' '--without-dlz-mysql' '--with-dlz-bdb' '--without-dlz-ldap' '--without-dlz-odbc' '--with-openssl=/usr' '--with-ecdsa' '--without-idn' '--enable-ipv6' '--without-libxml2' '--disable-newst
ats' '--without-gssapi' '--disable-rpz-nsip' '--disable-rpz-nsdname' '--disable-linux-caps' '--without-gost' '--disable-filter-aaaa' '--disable-fixed-rrset' '--disable-rrl' '--without-python' '--without-readline' '--with-randomdev=/dev/random'
* phase-helpers.sh, line 577: Called die
* The specific snippet of code:
* die "econf failed"
*
* If you need support, post the output of `emerge --info '=net-dns/bind-9.9.4_p2::gentoo'`,
* the complete build log and the output of `emerge -pqv '=net-dns/bind-9.9.4_p2::gentoo'`.
* The complete build log is located at '/var/tmp/portage/net-dns/bind-9.9.4_p2/temp/build.log'.
* The ebuild environment file is located at '/var/tmp/portage/net-dns/bind-9.9.4_p2/temp/environment'.
* Working directory: '/var/tmp/portage/net-dns/bind-9.9.4_p2/work/bind-9.9.4-P2'
* S: '/var/tmp/portage/net-dns/bind-9.9.4_p2/work/bind-9.9.4-P2'
なら openssl のバージョンを明示的に指定して!…と思ったら今度は「 openssl の bindist 指定は openssh と合わせてね!」と言われ(てる気がす)る。
localhost ~ # emerge -avq =dev-libs/openssl-1.0.1e-r1
[ebuild R ] dev-libs/openssl-1.0.1e-r1 USE="(sse2) tls-heartbeat zlib -bindist* -gmp -kerberos -rfc3779 -static-libs {-test} -vanilla"
!!! Multiple package instances within a single package slot have been pulled
!!! into the dependency graph, resulting in a slot conflict:
dev-libs/openssl:0
(dev-libs/openssl-1.0.1e-r1::gentoo, installed) pulled in by
>=dev-libs/openssl-0.9.6d:0[bindist=] required by (net-misc/openssh-6.4_p1-r1::gentoo, installed)
(dev-libs/openssl-1.0.1e-r1::gentoo, ebuild scheduled for merge) pulled in by
(no parents that aren't satisfied by other packages in this slot)
!!! Enabling --newuse and --update might solve this conflict.
!!! If not, it might help emerge to give a more specific suggestion.
よし、ならば openssh も bindist 外そう。
localhost ~ # flaggie -bindist openssh
localhost ~ # emerge -NDavq system
[ebuild R ] dev-libs/openssl-1.0.1e-r1 USE="(sse2) tls-heartbeat zlib -bindist* -gmp -kerberos -rfc3779 -static-libs {-test} -vanilla"
[ebuild R ] net-misc/openssh-6.4_p1-r1 USE="hpn pam tcpd -X -X509 -bindist* -kerberos -ldap -ldns -libedit (-selinux) -skey -static"
Would you like to merge these packages? [Yes/No]
>>> Verifying ebuild manifests
>>> Emerging (1 of 2) dev-libs/openssl-1.0.1e-r1
>>> Installing (1 of 2) dev-libs/openssl-1.0.1e-r1
>>> Emerging (2 of 2) net-misc/openssh-6.4_p1-r1
>>> Installing (2 of 2) net-misc/openssh-6.4_p1-r1
>>> Jobs: 2 of 2 complete Load avg: 1.82, 1.26, 0.63
* Messages for package net-misc/openssh-6.4_p1-r1:
* Remember to merge your config files in /etc/ssh/ and then
* reload sshd: '/etc/init.d/sshd reload'.
これでやっとインストールできた。
localhost ~ # emerge -uavq bind
[ebuild N ] net-dns/bind-9.9.4_p2 USE="berkdb dlz ipv6 ssl -caps -doc -filter-aaaa -fixed-rrset -geoip -gost -gssapi -idn -ldap -mysql -odbc -postgres -python -rpz -rrl -sdb-ldap (-selinux) -static-libs -threads -urandom -xml"
Would you like to merge these packages? [Yes/No]
>>> Verifying ebuild manifests
>>> Emerging (1 of 1) net-dns/bind-9.9.4_p2
>>> Installing (1 of 1) net-dns/bind-9.9.4_p2
>>> Recording net-dns/bind in "world" favorites file...
>>> Jobs: 1 of 1 complete Load avg: 1.63, 1.35, 0.85
* Messages for package net-dns/bind-9.9.4_p2:
*
* NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache
* you may need to fix your named.conf!
*
* NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems
* To fix the permissions do:
* chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}
* chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
* chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
* chmod 0750 /etc/bind /var/bind/pri
* chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}
*