diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:55:53 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:55:53 +0000 |
commit | 3d0386f27ca66379acf50199e1d1298386eeeeb8 (patch) | |
tree | f87bd4a126b3a843858eb447e8fd5893c3ee3882 /distro/deb | |
parent | Initial commit. (diff) | |
download | knot-resolver-3d0386f27ca66379acf50199e1d1298386eeeeb8.tar.xz knot-resolver-3d0386f27ca66379acf50199e1d1298386eeeeb8.zip |
Adding upstream version 3.2.1.upstream/3.2.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'distro/deb')
34 files changed, 1392 insertions, 0 deletions
diff --git a/distro/deb/NEWS b/distro/deb/NEWS new file mode 100644 index 0000000..e81403c --- /dev/null +++ b/distro/deb/NEWS @@ -0,0 +1,23 @@ +knot-resolver (2.0.0-1) unstable; urgency=medium + + Knot Resolver systemd service units are now templated, so that multiple + processes can run concurrently on multi-core systems. For a full + overview of the status of all the running daemons, use: + + systemctl status system-kresd.slice + + For more information about this setup, please see kresd.systemd(7). + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 03 Feb 2018 22:51:02 -0500 + +knot-resolver (1.1.0~git2016072900-1) unstable; urgency=medium + + Knot Resolver now starts and runs under unprivileged user and uses a + socket activations to bind on the privileged ports. That means that if + you use anything more complicated than that you need to either override + the default service file with `systemd edit kresd.service` and + `systemd edit kresd.socket` to add more IP addresses, or just disable + it with `systemd mask kresd*.socket kresd.service` and provide your + own custom system service file tailored to your needs. + + -- Ondřej Surý <ondrej@debian.org> Thu, 04 Aug 2016 09:04:53 +0200 diff --git a/distro/deb/README.source b/distro/deb/README.source new file mode 100644 index 0000000..657fc28 --- /dev/null +++ b/distro/deb/README.source @@ -0,0 +1,70 @@ +Tracking upstream sources in git +-------------------------------- + +This debian package is tracked in the git "debian/master" branch at +https://salsa.debian.org/dns-team/knot-resolver, which +includes the commits from the upstream git repository at +https://gitlab.labs.nic.cz/knot/knot-resolver.git. When importing +upstream tarballs, make sure you've fetched from the upstream repo +before using "gbp import-orig" the tarball. We rely on +upstream-vcs-tag from debian/gbp.conf to link upstream git history +with new package history. + +See Joey Hess's thoughts about why tracking upstream git history is +useful: https://joeyh.name/blog/entry/upstream_git_repositories/, as +well as DEP-14 for the branch-naming scheme: +http://dep.debian.net/deps/dep14/ + +Rebuilding epoch.js and epoch.css +--------------------------------- + + If you need to rebuild epoch.js and epoch.css using only tools + available in Debian, read gulpfile.js in d/missing-sources/epoch/ and + adjust following script if any files has been changed. You also need + to install ruby-sass, coffeescript and node-uglify + +cat > build.sh << EOF +#!/bin/sh + +coffee -b -c \ + src/epoch.coffee \ + src/core/context.coffee \ + src/core/util.coffee \ + src/core/d3.coffee \ + src/core/format.coffee \ + src/core/chart.coffee \ + src/core/css.coffee \ + src/data.coffee \ + src/model.coffee \ + src/basic.coffee \ + src/basic/*.coffee \ + src/time.coffee \ + src/time/*.coffee \ + src/adapters.coffee \ + src/adapters/*.coffee + +cat \ + src/epoch.js \ + src/core/context.js \ + src/core/util.js \ + src/core/d3.js \ + src/core/format.js \ + src/core/chart.js \ + src/core/css.js \ + src/data.js \ + src/model.js \ + src/basic.js \ + src/basic/*.js \ + src/time.js \ + src/time/*.js \ + src/adapters.js \ + src/adapters/*.js \ + > dist/js/epoch.js + +uglifyjs dist/js/epoch.js > dist/js/epoch.min.js + +sass -t compact sass/epoch.scss > dist/css/epoch.css +sass -t compressed sass/epoch.scss > dist/css/epoch.min.css +EOF + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Thu, 22 Feb 2018 13:25:27 -0800 diff --git a/distro/deb/changelog b/distro/deb/changelog new file mode 100644 index 0000000..b0a6a3f --- /dev/null +++ b/distro/deb/changelog @@ -0,0 +1,6 @@ +knot-resolver (__VERSION__-1) unstable; urgency=medium + + * move changelog to OBS + * see NEWS or https://knot-resolver.cz + + -- Tomas Krizek <tomas.krizek@nic.cz> Tue, 20 Feb 2018 19:36:45 +0100 diff --git a/distro/deb/clean b/distro/deb/clean new file mode 100644 index 0000000..2ef7cbc --- /dev/null +++ b/distro/deb/clean @@ -0,0 +1,4 @@ +doc/kresd.8 +libkres.pc +lib/libkres.a +lib/libkres.so.9 diff --git a/distro/deb/compat b/distro/deb/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/distro/deb/compat @@ -0,0 +1 @@ +9 diff --git a/distro/deb/control b/distro/deb/control new file mode 100644 index 0000000..012ff2b --- /dev/null +++ b/distro/deb/control @@ -0,0 +1,137 @@ +Source: knot-resolver +Section: net +Priority: optional +Maintainer: Knot Resolver <knot-resolver@labs.nic.cz> +Uploaders: + Tomas Krizek <tomas.krizek@nic.cz> +Build-Depends-Indep: + doxygen, + python3-breathe, + python3-sphinx, + python3-sphinx-rtd-theme, +Build-Depends: + debhelper (>= 9~), + dns-root-data, + libcmocka-dev (>= 1.0.0), + libedit-dev, + libgeoip-dev, + libgnutls28-dev, + libknot-dev (>= 2.7.2), + liblmdb-dev, + libluajit-5.1-dev, + libsystemd-dev (>= 227) [linux-any], + libuv1-dev, + luajit, + pkg-config, +Homepage: https://www.knot-resolver.cz/ +Rules-Requires-Root: no + +Package: knot-resolver +Architecture: any +Depends: + adduser, + dns-root-data, + libkres9 (= ${binary:Version}), + lua-sec, + lua-socket, + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: + knot-resolver-module-http, +Description: caching, DNSSEC-validating DNS resolver + The Knot Resolver is a caching full resolver implementation + written in C and LuaJIT, including both a resolver library and a + daemon. Modular architecture of the library keeps the core tiny and + efficient, and provides a state-machine like API for + extensions. There are three built-in modules - iterator, cache, + validator, and many external. + . + The Lua modules, switchable and shareable cache, and fast FFI + bindings makes it great to tap into resolution process, or be used + for your recursive DNS service. It's the OpenResty of DNS. + . + The server adopts a different scaling strategy than the rest of the + DNS recursors - no threading, shared-nothing architecture (except + MVCC cache that may be shared). You can start and stop additional + nodes depending on the contention without downtime. + +Package: knot-resolver-module-http +Architecture: all +Depends: + libjs-bootstrap, + libjs-d3, + libjs-jquery, + lua-http, + lua-mmdb, + ${misc:Depends}, + ${shlibs:Depends}, +Breaks: + knot-resolver-module-tinyweb (<< 1.1.0~git20160713-1~), +Description: HTTP/2 module for Knot Resolver + The Knot Resolver is a caching full resolver implementation + written in C and LuaJIT, including both a resolver library and a + daemon. Modular architecture of the library keeps the core tiny and + efficient, and provides a state-machine like API for + extensions. There are three built-in modules - iterator, cache, + validator, and many external. + . + This package contains HTTP/2 module for local visualization of the + resolver cache and queries. + +Package: knot-resolver-doc +Architecture: all +Section: doc +Depends: + libjs-jquery, + libjs-underscore, + ${misc:Depends}, +Description: Documentation for Knot Resolver + The Knot Resolver is a caching full resolver implementation + written in C and LuaJIT, including both a resolver library and a + daemon. Modular architecture of the library keeps the core tiny and + efficient, and provides a state-machine like API for + extensions. There are three built-in modules - iterator, cache, + validator, and many external. + . + This package contains Knot Resolver Documentation. + +Package: libkres9 +Architecture: any +Section: libs +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Breaks: + knot-resolver (<< 3.2.0-1), +Replaces: + knot-resolver (<< 3.2.0-1), +Description: caching, DNSSEC-validating DNS resolver (shared library) + The Knot Resolver is a caching full resolver implementation + written in C and LuaJIT, including both a resolver library and a + daemon. Modular architecture of the library keeps the core tiny and + efficient, and provides a state-machine like API for + extensions. + . + This package contains the libkres shared library used by Knot + Resolver. + +Package: libkres-dev +Architecture: any +Section: libdevel +Depends: + libkres9 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Breaks: + knot-resolver (<< 3.2.0-1), +Replaces: + knot-resolver (<< 3.2.0-1), +Description: caching, DNSSEC-validating DNS resolver (shared library development files) + The Knot Resolver is a caching full resolver implementation + written in C and LuaJIT, including both a resolver library and a + daemon. Modular architecture of the library keeps the core tiny and + efficient, and provides a state-machine like API for + extensions. + . + This package provides development files for use when building against + the libkres shared library. diff --git a/distro/deb/copyright b/distro/deb/copyright new file mode 100644 index 0000000..10ecbf3 --- /dev/null +++ b/distro/deb/copyright @@ -0,0 +1,448 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: knot-resolver +Source: https://www.knot-resolver.cz/ + +Files: * +Copyright: 2015-2018 CZ.NIC +License: GPL-3.0+ + +Files: contrib/ccan/asprintf/* +Copyright: Rusty Russell +License: Expat + +Files: contrib/ccan/compiler/* + contrib/ccan/ilog/* +Copyright: Rusty Russell +License: CC0 + +Files: tests/config/tapered/* +Copyright: 2012-2017, Peter Aronoff +License: BSD-3-clause + +Files: contrib/lmdb/* +Copyright: 1999-2003 The OpenLDAP Foundation +License: OpenLDAP + +Files: tests/deckard/contrib/libfaketime/* +Copyright: 2003-2017 Wolfgang Hommel +License: GPL-2 + +Files: tests/deckard/contrib/libswrap/* +Copyright: 2005,2008 Jelmer Vernooij <jelmer@samba.org> + 2006-2009 Stefan Metzmacher <metze@samba.org> + 2013 Andreas Schneider <asn@samba.org> +License: BSD-3-clause + +Files: contrib/murmurhash3/* +Copyright: Austin Appleby +License: CC0-1.0 + +Files: debian/missing-sources/dygraph-combined.js + modules/http/static/dygraph-combined.js +Copyright: 2006-2014 Dan Vanderkam <danvdk@gmail.com> + 2016 Paul Miller + 2011 Robert Konigsberg <konigsberg@google.com> + 2013 David Eberlein <david.eberlein@ch.sauter-bc.com> +License: MIT + +Files: contrib/ucw/* +Copyright: 1997-2015 Martin Mares + 2005-2014 Tomas Valla + 2006 Robert Spalek + 2007-2015 Pavel Charvat +License: LGPL-2.1 + +Files: contrib/ccan/json/* +Copyright: 2011 Joey Adams +License: Expat + +Files: lib/generic/map.c lib/generic/map.h +Copyright: Dan Bernstein + Jonas Gehring + Adam Langley + Marek Vavrusa +License: public-domain + +Files: modules/policy/lua-aho-corasick/* +Copyright: 2013 CloudFlare, Inc. +License: BSD-3-CloudFlare + +Files: modules/http/static/jquery.js +Copyright: 2005-2011 John Resig, Brandon Aaron & Jörn Zaefferer +License: GPL-2 or Expat + +Files: modules/http/static/d3.js + modules/http/static/topojson.js +Copyright: 2010-2015 Michael Bostock +License: BSD-3-clause + +Files: modules/http/static/epoch.* + debian/missing-sources/epoch/* + debian/missing-sources/epoch.* +Copyright: 2014 Fastly, Inc. +License: Expat + +Files: modules/http/static/datamaps.world.min.js +Copyright: 2012 Mark DiMarco +License: Expat + +Files: modules/http/static/bootstrap.min.css + modules/http/static/bootstrap.min.js + modules/http/static/bootstrap-theme.min.css + modules/http/static/glyphicons-halflings-regular.woff2 +Copyright: 2012-2016 Thomas Park + 2011-2015 Twitter, Inc. +License: Expat + +Files: modules/http/static/selectize.bootstrap3.min.css + modules/http/static/selectize.min.css + modules/http/static/selectize.min.js +Copyright: 2013–2015 Brian Reavis & contributors +License: Apache-2.0 + +Files: debian/* +Copyright: 2015 Ondřej Surý <ondrej@debian.org> +License: GPL-3.0+ + +License: LGPL-2.1 + This library is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + . + This library is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this library. If not, see <https://www.gnu.org/licenses/>. + . + On Debian systems, the complete text of the GNU General + Public License version 3 can be found in "/usr/share/common-licenses/LGPL-2.1". + +License: GPL-3.0+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + . + On Debian systems, the complete text of the GNU General + Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + . + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + +License: CC0 + Statement of Purpose + . + The laws of most jurisdictions throughout the world automatically + confer exclusive Copyright and Related Rights (defined below) upon + the creator and subsequent owner(s) (each and all, an "owner") of an + original work of authorship and/or a database (each, a "Work"). + . + Certain owners wish to permanently relinquish those rights to a Work + for the purpose of contributing to a commons of creative, cultural + and scientific works ("Commons") that the public can reliably and + without fear of later claims of infringement build upon, modify, + incorporate in other works, reuse and redistribute as freely as + possible in any form whatsoever and for any purposes, including + without limitation commercial purposes. These owners may contribute + to the Commons to promote the ideal of a free culture and the further + production of creative, cultural and scientific works, or to gain + reputation or greater distribution for their Work in part through the + use and efforts of others. + . + For these and/or other purposes and motivations, and without any + expectation of additional consideration or compensation, the person + associating CC0 with a Work (the "Affirmer"), to the extent that he + or she is an owner of Copyright and Related Rights in the Work, + voluntarily elects to apply CC0 to the Work and publicly distribute + the Work under its terms, with knowledge of his or her Copyright and + Related Rights in the Work and the meaning and intended legal effect + of CC0 on those rights. + . + 1. Copyright and Related Rights. A Work made available under CC0 may + be protected by copyright and related or neighboring rights + ("Copyright and Related Rights"). Copyright and Related Rights + include, but are not limited to, the following: + . + i. the right to reproduce, adapt, distribute, perform, display, + communicate, and translate a Work; + ii. moral rights retained by the original author(s) and/or + performer(s); + iii. publicity and privacy rights pertaining to a person's image or + likeness depicted in a Work; + iv. rights protecting against unfair competition in regards to a + Work, subject to the limitations in paragraph 4(a), below; + v. rights protecting the extraction, dissemination, use and reuse + of data in a Work; + vi. database rights (such as those arising under Directive 96/9/EC + of the European Parliament and of the Council of 11 March 1996 + on the legal protection of databases, and under any national + implementation thereof, including any amended or successor + version of such directive); and + vii. other similar, equivalent or corresponding rights throughout + the world based on applicable law or treaty, and any national + implementations thereof. + . + 2. Waiver. To the greatest extent permitted by, but not in + contravention of, applicable law, Affirmer hereby overtly, fully, + permanently, irrevocably and unconditionally waives, abandons, and + surrenders all of Affirmer's Copyright and Related Rights and + associated claims and causes of action, whether now known or + unknown (including existing as well as future claims and causes of + action), in the Work (i) in all territories worldwide, (ii) for + the maximum duration provided by applicable law or treaty + (including future time extensions), (iii) in any current or future + medium and for any number of copies, and (iv) for any purpose + whatsoever, including without limitation commercial, advertising + or promotional purposes (the "Waiver"). Affirmer makes the Waiver + for the benefit of each member of the public at large and to the + detriment of Affirmer's heirs and successors, fully intending that + such Waiver shall not be subject to revocation, rescission, + cancellation, termination, or any other legal or equitable action + to disrupt the quiet enjoyment of the Work by the public as + contemplated by Affirmer's express Statement of Purpose. + . + 3. Public License Fallback. Should any part of the Waiver for any + reason be judged legally invalid or ineffective under applicable + law, then the Waiver shall be preserved to the maximum extent + permitted taking into account Affirmer's express Statement of + Purpose. In addition, to the extent the Waiver is so judged + Affirmer hereby grants to each affected person a royalty-free, non + transferable, non sublicensable, non exclusive, irrevocable and + unconditional license to exercise Affirmer's Copyright and Related + Rights in the Work (i) in all territories worldwide, (ii) for the + maximum duration provided by applicable law or treaty (including + future time extensions), (iii) in any current or future medium and + for any number of copies, and (iv) for any purpose whatsoever, + including without limitation commercial, advertising or + promotional purposes (the "License"). The License shall be deemed + effective as of the date CC0 was applied by Affirmer to the + Work. Should any part of the License for any reason be judged + legally invalid or ineffective under applicable law, such partial + invalidity or ineffectiveness shall not invalidate the remainder + of the License, and in such case Affirmer hereby affirms that he + or she will not (i) exercise any of his or her remaining Copyright + and Related Rights in the Work or (ii) assert any associated + claims and causes of action with respect to the Work, in either + case contrary to Affirmer's express Statement of Purpose. + . + 4. Limitations and Disclaimers. + . + a. No trademark or patent rights held by Affirmer are waived, + abandoned, surrendered, licensed or otherwise affected by this + document. + b. Affirmer offers the Work as-is and makes no representations or + warranties of any kind concerning the Work, express, implied, + statutory or otherwise, including without limitation warranties + of title, merchantability, fitness for a particular purpose, non + infringement, or the absence of latent or other defects, + accuracy, or the present or absence of errors, whether or not + discoverable, all to the greatest extent permissible under + applicable law. + c. Affirmer disclaims responsibility for clearing rights of other + persons that may apply to the Work or any use thereof, including + without limitation any person's Copyright and Related Rights in + the Work. Further, Affirmer disclaims responsibility for + obtaining any necessary consents, permissions or other rights + required for any use of the Work. + d. Affirmer understands and acknowledges that Creative Commons is + not a party to this document and has no duty or obligation with + respect to this CC0 or use of the Work. + +License: BSD-3-CloudFlare + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + . + 3. Neither the name of CloudFlare, Inc. nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-3-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + 3. Neither the name of the author nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + + +License: GPL-2 + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + . + On Debian systems, the complete text of the GNU General Public + License version 2 can be found in "/usr/share/common-licenses/GPL-2". + +License: Apache-2.0 + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the full text of the Apache Software License version 2 can + be found in the file `/usr/share/common-licenses/Apache-2.0'. + +License: MIT + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + . + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + +License: OpenLDAP + Redistribution and use of this software and associated documentation + ("Software"), with or without modification, are permitted provided + that the following conditions are met: + . + 1. Redistributions in source form must retain copyright statements + and notices, + . + 2. Redistributions in binary form must reproduce applicable copyright + statements and notices, this list of conditions, and the following + disclaimer in the documentation and/or other materials provided + with the distribution, and + . + 3. Redistributions must contain a verbatim copy of this document. + . + The OpenLDAP Foundation may revise this license from time to time. + Each revision is distinguished by a version number. You may use + this Software under terms of this license revision or under the + terms of any subsequent revision of the license. + . + THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS + CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT + SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) + OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + . + The names of the authors and copyright holders must not be used in + advertising or otherwise to promote the sale, use or other dealing + in this Software without specific, written prior permission. Title + to copyright in this Software shall at all times remain with copyright + holders. + . + OpenLDAP is a registered trademark of the OpenLDAP Foundation. + +License: CC0-1.0 + This work is licensed under the "Creative Commons Zero" license. + . + On debian systems, a copy of the Creative Commons Zero license may be + found at /usr/share/common-licenses/CC0-1.0. + +License: public-domain + This work has been released into the public domain. The map + implementation builds off of prior public domain work from Dan + Bernstein (qhasm) and Adam Langley (critbit). diff --git a/distro/deb/docs b/distro/deb/docs new file mode 100644 index 0000000..b43bf86 --- /dev/null +++ b/distro/deb/docs @@ -0,0 +1 @@ +README.md diff --git a/distro/deb/init-d-script b/distro/deb/init-d-script new file mode 100755 index 0000000..334dc32 --- /dev/null +++ b/distro/deb/init-d-script @@ -0,0 +1,239 @@ +#!/bin/sh +# See init-d-script(5) for instructions on how to use this library. +#============================================================================= +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +# PATH should only include /usr/* if it runs after the mountnfs.sh +# script. Scripts running before mountnfs.sh should remove the /usr/* +# entries. +PATH=/sbin:/usr/sbin:/bin:/usr/bin +export PATH + +is_call_implemented() { + command -V $1 > /dev/null 2>&1 +} + +do_usage() { + if is_call_implemented do_reload ; then + echo "Usage: $SCRIPTNAME {start|stop|status|reload|restart|try-restart|force-reload}" >&2 + else + echo "Usage: $SCRIPTNAME {start|stop|status|restart|try-restart|force-reload}" >&2 + fi +} + +call() { + cmd="$1" + shift + if is_call_implemented ${cmd}_override ; then + ${cmd}_override "$@" + else + ${cmd} "$@" + fi +} + +# +# Function that starts the daemon/service +# + +# Return +# 0 if daemon has been started +# 1 if daemon was already running +# 2 if daemon could not be started +do_start_cmd() { + start-stop-daemon --start --quiet ${PIDFILE:+--pidfile ${PIDFILE}} \ + $START_ARGS \ + --startas $DAEMON --name $NAME --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet ${PIDFILE:+--pidfile ${PIDFILE}} \ + $START_ARGS \ + --startas $DAEMON --name $NAME --exec $DAEMON -- $DAEMON_ARGS \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +do_start() +{ + if is_call_implemented do_start_prepare ; then + call do_start_prepare + fi + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + call do_start_cmd + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + if is_call_implemented do_start_cleanup ; then + call do_start_cleanup + fi +} + +# +# Function that stops the daemon/service +# + +# Return +# 0 if daemon has been stopped +# 1 if daemon was already stopped +# 2 if daemon could not be stopped +# other if a failure occurred +do_stop_cmd() { + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \ + $STOP_ARGS \ + ${PIDFILE:+--pidfile ${PIDFILE}} --name $NAME --exec $DAEMON + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \ + $STOP_ARGS \ + --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return $RETVAL +} + +do_stop() +{ + if is_call_implemented do_stop_prepare ; then + call do_stop_prepare + fi + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + call do_stop_cmd + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + if is_call_implemented do_stop_cleanup ; then + call do_stop_cleanup + fi +} + +do_restart() { + [ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME" + call do_stop_cmd + call do_start_cmd + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac +} + +do_force_reload() { + if is_call_implemented do_reload ; then + call do_reload + else + call do_restart + fi +} + +# Enable this using +# alias do_reload=do_reload_sigusr1 +do_reload_sigusr1() { + log_daemon_msg "Reloading $DESC configuration files" "$NAME" + start-stop-daemon --oknodo --stop --signal 1 --quiet \ + --pidfile "$PIDFILE" --exec "$DAEMON" + log_end_msg $? +} + +do_status() { + status_of_proc "$DAEMON" "$NAME" && return 0 || return $? +} + +if [ "$DEBUG" = "true" ] ; then + set -x +fi + +SCRIPTNAME=$1 +scriptbasename="$(basename $1)" +if [ "$scriptbasename" != "init-d-script" ] ; then + script="$1" + shift + . $script +else + exit 0 +fi + +NAME=${NAME:=$(basename $DAEMON)} +DESC=${DESC:=$NAME} + +# Do not use pid file if $PIDFILE is 'none'. Otherwise, generate from +# $NAME or use the value provided by the init.d script. +if [ none = "$PIDFILE" ] ; then + PIDFILE= +elif [ -z "$PIDFILE" ] ; then + PIDFILE=/var/run/$NAME.pid +fi + +# Exit if the package is not installed +if [ none != "$DAEMON" ] && [ ! -x "$DAEMON" ] ; then + exit 0 +fi + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh +if [ -t 0 ] ; then # Be verbose when called from a terminal + VERBOSE=yes +fi + +case "$1" in + start) + call do_start + ;; + stop) + call do_stop + ;; + status) + call do_status + ;; + reload) + if is_call_implemented do_reload ; then + do_reload + else + call do_usage + exit 3 + fi + ;; + force-reload) + call do_force_reload + ;; + restart) + call do_restart + ;; + try-restart) + log_daemon_msg "Trying to restart $DESC" "$NAME" + if call do_status > /dev/null 2>&1 ; then + call do_restart + log_end_msg $? + else + log_progress_msg "is not running." + log_end_msg 1 + fi + ;; + '') + call do_usage + exit 3 + ;; + *) + if is_call_implemented do_unknown ; then + call do_unknown "$1" + exit 3 + else + call do_usage + exit 3 + fi + ;; +esac +exit 0 diff --git a/distro/deb/knot-resolver-doc.doc-base b/distro/deb/knot-resolver-doc.doc-base new file mode 100644 index 0000000..f82b8ba --- /dev/null +++ b/distro/deb/knot-resolver-doc.doc-base @@ -0,0 +1,11 @@ +Document: knot-resolver +Title: Knot Resolver documentation +Author: CZ.NIC labs +Abstract: Documentation for the Knot Resolver, + including building from source, using the library, + and configuration and operation of the daemon. +Section: Network/Communication + +Format: HTML +Index: /usr/share/doc/knot-resolver/index.html +Files: /usr/share/doc/knot-resolver/*.html diff --git a/distro/deb/knot-resolver-doc.docs b/distro/deb/knot-resolver-doc.docs new file mode 100644 index 0000000..3ff7356 --- /dev/null +++ b/distro/deb/knot-resolver-doc.docs @@ -0,0 +1 @@ +doc/html/* diff --git a/distro/deb/knot-resolver-doc.links b/distro/deb/knot-resolver-doc.links new file mode 100644 index 0000000..4c7c74f --- /dev/null +++ b/distro/deb/knot-resolver-doc.links @@ -0,0 +1,2 @@ +usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-resolver/_static/jquery.js +usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-resolver/_static/underscore.js diff --git a/distro/deb/knot-resolver-module-http.install b/distro/deb/knot-resolver-module-http.install new file mode 100644 index 0000000..3c2d56b --- /dev/null +++ b/distro/deb/knot-resolver-module-http.install @@ -0,0 +1,6 @@ +usr/lib/knot-resolver/http.lua +usr/lib/knot-resolver/http/*.css +usr/lib/knot-resolver/http/*.ico +usr/lib/knot-resolver/http/*.js +usr/lib/knot-resolver/http/*.tpl +usr/lib/knot-resolver/http/*.woff2 diff --git a/distro/deb/knot-resolver-module-http.links b/distro/deb/knot-resolver-module-http.links new file mode 100644 index 0000000..322529c --- /dev/null +++ b/distro/deb/knot-resolver-module-http.links @@ -0,0 +1,5 @@ +/usr/share/javascript/bootstrap/css/bootstrap-theme.min.css /usr/lib/knot-resolver/http/bootstrap-theme.min.css +/usr/share/javascript/bootstrap/css/bootstrap.min.css /usr/lib/knot-resolver/http/bootstrap.min.css +/usr/share/javascript/bootstrap/js/bootstrap.min.js /usr/lib/knot-resolver/http/bootstrap.min.js +/usr/share/javascript/d3/d3.min.js /usr/lib/knot-resolver/http/d3.js +/usr/share/javascript/jquery/jquery.min.js /usr/lib/knot-resolver/http/jquery.js diff --git a/distro/deb/knot-resolver-module-tinyweb.install b/distro/deb/knot-resolver-module-tinyweb.install new file mode 100644 index 0000000..905241c --- /dev/null +++ b/distro/deb/knot-resolver-module-tinyweb.install @@ -0,0 +1 @@ +usr/lib/knot-resolver/tinyweb/* diff --git a/distro/deb/knot-resolver.dirs b/distro/deb/knot-resolver.dirs new file mode 100644 index 0000000..472b32a --- /dev/null +++ b/distro/deb/knot-resolver.dirs @@ -0,0 +1,3 @@ +/etc/knot-resolver +/usr/share/doc/knot-resolver/examples/ +/var/lib/knot-resolver diff --git a/distro/deb/knot-resolver.install b/distro/deb/knot-resolver.install new file mode 100644 index 0000000..d6c9b10 --- /dev/null +++ b/distro/deb/knot-resolver.install @@ -0,0 +1,38 @@ +debian/init-d-script usr/lib/knot-resolver/ +debian/kresd.conf etc/knot-resolver/ +etc/knot-resolver/config.* /usr/share/doc/knot-resolver/examples/ +distro/common/systemd/kresd-control@.socket lib/systemd/system/ +distro/common/systemd/kresd-tls.socket lib/systemd/system/ +distro/common/systemd/kresd.socket lib/systemd/system/ +distro/common/systemd/kresd@.service lib/systemd/system/ +distro/common/systemd/kresd.target lib/systemd/system/ +distro/common/tmpfiles/knot-resolver.conf usr/lib/tmpfiles.d/ +usr/lib/knot-resolver/*.so +usr/lib/knot-resolver/basexx.lua +usr/lib/knot-resolver/daf.lua +usr/lib/knot-resolver/daf/ +usr/lib/knot-resolver/detect_time_jump.lua +usr/lib/knot-resolver/detect_time_skew.lua +usr/lib/knot-resolver/dns64.lua +usr/lib/knot-resolver/etcd.lua +usr/lib/knot-resolver/experimental_dot_auth.lua +usr/lib/knot-resolver/graphite.lua +usr/lib/knot-resolver/http_trace.lua +usr/lib/knot-resolver/kres-gen.lua +usr/lib/knot-resolver/kres.lua +usr/lib/knot-resolver/policy.lua +usr/lib/knot-resolver/predict.lua +usr/lib/knot-resolver/prefill.lua +usr/lib/knot-resolver/priming.lua +usr/lib/knot-resolver/prometheus.lua +usr/lib/knot-resolver/rebinding.lua +usr/lib/knot-resolver/renumber.lua +usr/lib/knot-resolver/serve_stale.lua +usr/lib/knot-resolver/ta_sentinel.lua +usr/lib/knot-resolver/ta_signal_query.lua +usr/lib/knot-resolver/trust_anchors.lua +usr/lib/knot-resolver/view.lua +usr/lib/knot-resolver/workarounds.lua +usr/lib/knot-resolver/zonefile.lua +usr/sbin/kresc +usr/sbin/kresd diff --git a/distro/deb/knot-resolver.kresd.default b/distro/deb/knot-resolver.kresd.default new file mode 100644 index 0000000..f7c46e5 --- /dev/null +++ b/distro/deb/knot-resolver.kresd.default @@ -0,0 +1,13 @@ +# /etc/default/kresd + +# This file is used only under sysvinit. If you use systemd and you +# want to modify the arguments with which kresd is invoked, you should +# instead use "systemctl edit kresd@.service" to override ExecStart= +# in the [Service] section (see kresd.systemd(7) for more details). + +# For sysvinit users: KRESD_ARGS used to exist for historical reasons, +# but that variable is deprecated and may stop working at some point +# in the future. You are encouraged to merge any local changes into +# DAEMON_ARGS directly. + +DAEMON_ARGS="--config=/etc/knot-resolver/kresd.conf --addr=127.0.0.1#53 --addr=::1#53 $KRESD_ARGS" diff --git a/distro/deb/knot-resolver.kresd.init b/distro/deb/knot-resolver.kresd.init new file mode 100644 index 0000000..b1361fd --- /dev/null +++ b/distro/deb/knot-resolver.kresd.init @@ -0,0 +1,59 @@ +#!/bin/sh +# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing. +if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then + if [ -x /lib/init/init-d-script ]; then + set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script + else + set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /usr/lib/knot-resolver/init-d-script + fi +fi +### BEGIN INIT INFO +# Provides: kresd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Knot Resolver +# Description: Knot Resolver +### END INIT INFO + +# Author: Ondřej Surý <ondrej@debian.org> + +NAME=kresd +DESC="Knot Resolver" +DAEMON=/usr/sbin/kresd +START_ARGS="--background --make-pidfile" + +do_tmpfiles() { + local tmpfile type path mode user group age argument + tmpfile=/usr/lib/tmpfiles.d/$1.conf + if [ -r "$tmpfile" ]; then + if [ -x /bin/systemd-tmpfiles ]; then + /bin/systemd-tmpfiles --create "$tmpfile" + else + while read type path mode user group age argument; do + case "$type" in + d) + mkdir -p "$path"; + chmod "$mode" "$path"; + chown "$user:$group" "$path"; + ;; + L) + if [ ! -e "$path" ]; then ln -s "$argument" "$path"; fi + ;; + \#*) + ;; + *) + log_warning_msg "tmpfile.d type '$type' is not supported yet" + ;; + esac + done < "$tmpfile" + fi + else + log_warning_msg "tmpfiles.d file '$1' doesn't exist or is not readable" + fi +} + +do_start_prepare() { + do_tmpfiles knot-resolver +} diff --git a/distro/deb/knot-resolver.links b/distro/deb/knot-resolver.links new file mode 100644 index 0000000..8196524 --- /dev/null +++ b/distro/deb/knot-resolver.links @@ -0,0 +1,2 @@ +dev/null lib/systemd/system/kresd.service +lib/systemd/system/kresd.target lib/systemd/system/multi-user.target.wants/kresd.target diff --git a/distro/deb/knot-resolver.manpages b/distro/deb/knot-resolver.manpages new file mode 100644 index 0000000..9f97677 --- /dev/null +++ b/distro/deb/knot-resolver.manpages @@ -0,0 +1,2 @@ +debian/tmp/usr/share/man/man8/kresd.8 +distro/common/systemd/kresd.systemd.7 diff --git a/distro/deb/knot-resolver.postinst b/distro/deb/knot-resolver.postinst new file mode 100644 index 0000000..7c4bc5b --- /dev/null +++ b/distro/deb/knot-resolver.postinst @@ -0,0 +1,30 @@ +#!/bin/sh +set -e + +if [ "$1" = "configure" ]; then + adduser --quiet --system --group --no-create-home --home /var/cache/knot-resolver knot-resolver +fi + +# Restart any running kresd instances if the root key is updated. +# Note: if knot-resolver upstream watches this file and reloads it +# upon a change, we can and should remove this trigger. +if [ "$1" = "triggered" ]; then + if [ "$2" = "/usr/share/dns/root.key" ]; then + # systemctl of the sub-services is the preferred method to restart + systemctl try-restart 'kresd@*.service' || true + # but if we are running sysvinit, we can try to restart that process anyway + # (kresd.service is masked on systems that use systemd) + invoke-rc.d kresd try-restart || true + fi + exit 0 +fi + +if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then + if [ -d /run/systemd/system ]; then + systemctl try-restart 'kresd@*.service' || true + else + invoke-rc.d kresd try-restart || true + fi +fi + +#DEBHELPER# diff --git a/distro/deb/knot-resolver.postrm b/distro/deb/knot-resolver.postrm new file mode 100644 index 0000000..d67739e --- /dev/null +++ b/distro/deb/knot-resolver.postrm @@ -0,0 +1,8 @@ +#!/bin/sh +set -e + +if [ "$1" = "remove" ] && [ -x "/bin/systemctl" ]; then + systemctl stop system-kresd.slice || true +fi + +#DEBHELPER# diff --git a/distro/deb/knot-resolver.triggers b/distro/deb/knot-resolver.triggers new file mode 100644 index 0000000..e8d8246 --- /dev/null +++ b/distro/deb/knot-resolver.triggers @@ -0,0 +1 @@ +interest-noawait /usr/share/dns/root.key diff --git a/distro/deb/kresd.conf b/distro/deb/kresd.conf new file mode 100644 index 0000000..e452f0e --- /dev/null +++ b/distro/deb/kresd.conf @@ -0,0 +1,19 @@ +-- vim:syntax=lua: +-- Refer to manual: http://knot-resolver.readthedocs.org/en/latest/daemon.html#configuration + +-- Load useful modules +modules = { + 'hints > iterate', -- Load /etc/hosts and allow custom root hints + 'stats', -- Track internal statistics + 'predict', -- Prefetch expiring/frequent records +} + +-- See kresd.systemd(7) about configuring network interfaces when using systemd +-- Listen on localhost (default) +-- net = { '127.0.0.1', '::1' } + +-- To disable DNSSEC validation, uncomment the following line (not recommended) +-- trust_anchors.keyfile_default = nil + +-- Cache size +cache.size = 100 * MB diff --git a/distro/deb/libkres-dev.install b/distro/deb/libkres-dev.install new file mode 100644 index 0000000..d565b38 --- /dev/null +++ b/distro/deb/libkres-dev.install @@ -0,0 +1,3 @@ +usr/include/libkres/*.h +usr/lib/*.so +usr/lib/pkgconfig/libkres.pc diff --git a/distro/deb/libkres9.install b/distro/deb/libkres9.install new file mode 100644 index 0000000..093956b --- /dev/null +++ b/distro/deb/libkres9.install @@ -0,0 +1 @@ +usr/lib/*.so.* diff --git a/distro/deb/libkres9.symbols b/distro/deb/libkres9.symbols new file mode 100644 index 0000000..444e333 --- /dev/null +++ b/distro/deb/libkres9.symbols @@ -0,0 +1,144 @@ +libkres.so.9 libkres9 #MINVER# + cache_api@Base 2.1.0 + iterate_api@Base 2.1.0 + kr_bitcmp@Base 2.1.0 + kr_cache_clear@Base 2.1.0 + kr_cache_close@Base 2.1.0 + kr_cache_closest_apex@Base 3.1.0 + kr_cache_emergency_file_to_remove@Base 3.1.0 + kr_cache_insert_rr@Base 3.0.0 + kr_cache_match@Base 3.1.0 + kr_cache_materialize@Base 2.1.0 + kr_cache_open@Base 2.1.0 + kr_cache_peek_exact@Base 2.1.0 + kr_cache_remove@Base 3.1.0 + kr_cache_remove_subtree@Base 3.1.0 + kr_cache_sync@Base 2.1.0 + kr_cache_ttl@Base 2.1.0 + kr_cdb_lmdb@Base 2.1.0 + kr_crypto_cleanup@Base 2.1.0 + kr_crypto_init@Base 2.1.0 + kr_crypto_reinit@Base 2.1.0 + kr_dnssec_key_ksk@Base 2.1.0 + kr_dnssec_key_match@Base 2.1.0 + kr_dnssec_key_revoked@Base 2.1.0 + kr_dnssec_key_tag@Base 2.1.0 + kr_dnssec_key_zsk@Base 2.1.0 + kr_family_len@Base 2.1.0 + kr_inaddr@Base 2.1.0 + kr_inaddr_family@Base 2.1.0 + kr_inaddr_len@Base 2.1.0 + kr_inaddr_port@Base 2.1.0 + kr_inaddr_set_port@Base 3.1.0 + kr_inaddr_str@Base 2.1.0 + kr_log_qverbose_impl@Base 3.2.0 + kr_log_trace@Base 2.1.0 + kr_log_verbose@Base 2.1.0 + kr_make_query@Base 3.0.0 + kr_memreserve@Base 2.1.0 + kr_module_call@Base 2.1.0 + kr_module_embedded@Base 2.1.0 + kr_module_load@Base 2.1.0 + kr_module_unload@Base 2.1.0 + kr_now@Base 2.1.0 + kr_nsrep_elect@Base 2.1.0 + kr_nsrep_elect_addr@Base 2.1.0 + kr_nsrep_set@Base 2.1.0 + kr_nsrep_sort@Base 3.2.0 + kr_nsrep_update_rep@Base 2.1.0 + kr_nsrep_update_rtt@Base 2.1.0 + kr_pkt_clear_payload@Base 2.1.0 + kr_pkt_make_auth_header@Base 2.1.0 + kr_pkt_put@Base 2.1.0 + kr_pkt_qclass@Base 3.0.0 + kr_pkt_qtype@Base 3.0.0 + kr_pkt_recycle@Base 2.1.0 + kr_qflags_clear@Base 2.1.0 + kr_qflags_set@Base 2.1.0 + kr_ranked_rrarray_add@Base 2.1.0 + kr_resolve_begin@Base 2.1.0 + kr_resolve_checkout@Base 2.1.0 + kr_resolve_consume@Base 2.1.0 + kr_resolve_finish@Base 2.1.0 + kr_resolve_plan@Base 2.1.0 + kr_resolve_pool@Base 2.1.0 + kr_resolve_produce@Base 2.1.0 + kr_rnd_buffered@Base 3.2.0 + kr_rplan_deinit@Base 2.1.0 + kr_rplan_empty@Base 2.1.0 + kr_rplan_find_resolved@Base 2.1.0 + kr_rplan_init@Base 2.1.0 + kr_rplan_last@Base 2.1.0 + kr_rplan_pop@Base 2.1.0 + kr_rplan_push@Base 2.1.0 + kr_rplan_push_empty@Base 2.1.0 + kr_rplan_resolved@Base 2.1.0 + kr_rplan_satisfies@Base 2.1.0 + kr_rrkey@Base 2.1.0 + kr_rrset_init@Base 3.0.0 + kr_rrsig_sig_expiration@Base 3.0.0 + kr_rrsig_sig_inception@Base 3.0.0 + kr_rrsig_type_covered@Base 3.0.0 + kr_sockaddr_cmp@Base 3.0.0 + kr_sockaddr_len@Base 2.1.0 + kr_straddr_family@Base 2.1.0 + kr_straddr_join@Base 2.1.0 + kr_straddr_socket@Base 2.1.0 + kr_straddr_split@Base 2.1.0 + kr_straddr_subnet@Base 2.1.0 + kr_strcatdup@Base 2.1.0 + kr_ta_add@Base 2.1.0 + kr_ta_clear@Base 2.1.0 + kr_ta_covers@Base 2.1.0 + kr_ta_covers_qry@Base 2.1.0 + kr_ta_del@Base 2.1.0 + kr_ta_get@Base 2.1.0 + kr_ta_get_longest_name@Base 2.1.0 + kr_unpack_cache_key@Base 3.1.0 + kr_verbose_set@Base 2.1.0 + kr_verbose_status@Base 2.1.0 + kr_zonecut_add@Base 3.2.0 + kr_zonecut_copy@Base 2.1.0 + kr_zonecut_copy_trust@Base 2.1.0 + kr_zonecut_deinit@Base 2.1.0 + kr_zonecut_del@Base 3.2.0 + kr_zonecut_del_all@Base 2.1.0 + kr_zonecut_find@Base 2.1.0 + kr_zonecut_find_cached@Base 2.1.0 + kr_zonecut_init@Base 2.1.0 + kr_zonecut_is_empty@Base 3.0.0 + kr_zonecut_move@Base 3.2.0 + kr_zonecut_set@Base 2.1.0 + kr_zonecut_set_sbelt@Base 2.1.0 + lru_apply_impl@Base 2.1.0 + lru_create_impl@Base 2.1.0 + lru_free_items_impl@Base 2.1.0 + lru_get_impl@Base 2.1.0 + map_clear@Base 2.1.0 + map_contains@Base 2.1.0 + map_del@Base 2.1.0 + map_get@Base 2.1.0 + map_set@Base 2.1.0 + map_walk_prefixed@Base 2.1.0 + mm_realloc@Base 3.2.0 + queue_deinit_impl@Base 3.1.0 + queue_init_impl@Base 3.1.0 + queue_push_head_impl@Base 3.1.0 + queue_push_impl@Base 3.1.0 + trie_clear@Base 3.0.0 + trie_create@Base 3.0.0 + trie_del@Base 3.0.0 + trie_del_first@Base 3.1.0 + trie_free@Base 3.0.0 + trie_get_first@Base 3.1.0 + trie_get_ins@Base 3.0.0 + trie_get_leq@Base 3.1.0 + trie_get_try@Base 3.0.0 + trie_it_begin@Base 3.0.0 + trie_it_finished@Base 3.0.0 + trie_it_free@Base 3.0.0 + trie_it_key@Base 3.0.0 + trie_it_next@Base 3.0.0 + trie_it_val@Base 3.0.0 + trie_weight@Base 3.0.0 + validate_api@Base 2.1.0 diff --git a/distro/deb/not-installed b/distro/deb/not-installed new file mode 100644 index 0000000..590e3b2 --- /dev/null +++ b/distro/deb/not-installed @@ -0,0 +1 @@ +usr/lib/knot-resolver/http/LICENSE diff --git a/distro/deb/patches/0001-Update-documentation-of-keyfile-ro.patch b/distro/deb/patches/0001-Update-documentation-of-keyfile-ro.patch new file mode 100644 index 0000000..53e6bb3 --- /dev/null +++ b/distro/deb/patches/0001-Update-documentation-of-keyfile-ro.patch @@ -0,0 +1,41 @@ +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Sat, 17 Feb 2018 15:52:20 -0500 +Subject: Update documentation of --keyfile-ro + +On Debian systems, we depend on the OS package management to update +the dns root data. Make the documentation for running with this +option less scary-sounding, as it is the default. +--- + doc/kresd.8.in | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/doc/kresd.8.in b/doc/kresd.8.in +index 266e9f0..6c5195b 100644 +--- a/doc/kresd.8.in ++++ b/doc/kresd.8.in +@@ -123,7 +123,7 @@ file at the default location (\fIconfig\fR). The syntax is + described in \fIdaemon/README.md\fR. + .TP + .B \-k\fI keyfile\fR, \fB\-\-keyfile=\fI<keyfile> +-(Recommended!) Automatically managed root trust anchors file. ++Automatically managed root trust anchors file. + Root trust anchors in this file are managed using standard RFC 5011 (Automated Updates of DNS Security Trust Anchors). + Kresd needs write access to the directory containing the keyfile. + +@@ -134,9 +134,14 @@ The file contains DNSKEY/DS records in presentation format, + and is compatible with Unbound and BIND 9 root key files. + .TP + .B \-K\fI keyfile\fR, \fB\-\-keyfile\-ro=\fI<keyfile> +-(Discouraged) Static root trust anchors file. The file is not updated by kresd. Use of this option is discouraged because it will break your installation when the trust anchor key changes! ++Static root trust anchors file. The file is not updated by ++kresd. Please ensure that any running kresd instances are restarted if ++the trust anchors change. (On Debian, kresd will be restarted ++automatically when the dns-root-data package updates ++/usr/share/dns/root.key, so nothing extra needs to be done unless you ++diverge from the default here.) + +-Default: "@KEYFILE_DEFAULT@" (can be empty if your distribution did not provide one) ++Default: "@KEYFILE_DEFAULT@" + .TP + .B \-m\fI path\fR, \fB\-\-moduledir=\fI<path> + Override the directory that is searched for modules. Default: @MODULEDIR@ diff --git a/distro/deb/patches/series b/distro/deb/patches/series new file mode 100644 index 0000000..5f6f9b5 --- /dev/null +++ b/distro/deb/patches/series @@ -0,0 +1 @@ +0001-Update-documentation-of-keyfile-ro.patch diff --git a/distro/deb/rules b/distro/deb/rules new file mode 100755 index 0000000..758f30c --- /dev/null +++ b/distro/deb/rules @@ -0,0 +1,68 @@ +#!/usr/bin/make -f + +# see FEATURE AREAS in dpkg-buildflags(1) +export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie + +# see ENVIRONMENT in dpkg-buildflags(1) +# package maintainers to append CFLAGS +export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic -fno-omit-frame-pointer +# package maintainers to append LDFLAGS +export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed + +# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/* +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/default.mk + +export ARCH=$(DEB_HOST_GNU_CPU) +export PREFIX=/usr +export MODULEDIR=/usr/lib/knot-resolver +export ETCDIR=/etc/knot-resolver + +RUN_TESTS := yes +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),hurd-i386 mips mipsel ppc64 ppc64el armel armhf arm64 kfreebsd-amd64 kfreebsd-i386)) + $(warning Disabling checks on $(DEB_HOST_ARCH)) + RUN_TESTS := no +endif + +%: + dh $@ + +override_dh_auto_clean-indep: + dh_auto_clean -- doc-clean http-clean + +override_dh_auto_build-arch: + CFLAGS="$${CFLAGS} -DNDEBUG" dh_auto_build -- V=1 BUILDMODE=static lib + CFLAGS="$${CFLAGS} -DNDEBUG" dh_auto_build -- V=1 \ + ROOTHINTS=/usr/share/dns/root.hints \ + KEYFILE_DEFAULT=/usr/share/dns/root.key + +override_dh_auto_build-indep: + dh_auto_build -- V=1 http + dh_auto_build -- V=1 doc-doxygen + cd doc && sphinx-build -b html -D html_theme=nature . html + +override_dh_auto_install-arch: + dh_auto_install --destdir=debian/tmp -- V=1 KEYFILE_DEFAULT=/usr/share/dns/root.key + rm -f debian/tmp/etc/knot-resolver/root.hints debian/tmp/etc/knot-resolver/icann-ca.pem + +override_dh_auto_install-indep: +# install just the http/2 module + make http-install DESTDIR=debian/tmp V=1 + +override_dh_installinit: + dh_installinit -pknot-resolver --name=kresd --no-start + +override_dh_installsystemd: + dh_installsystemd -pknot-resolver --name=kresd kresd-tls.socket kresd.socket + +override_dh_auto_test-indep: +override_dh_auto_test-arch: +ifeq ($(RUN_TESTS),yes) + dh_auto_test -- V=1 +endif + +override_dh_missing: + dh_missing --fail-missing + +override_dh_installchangelogs: + dh_installchangelogs NEWS diff --git a/distro/deb/source/format b/distro/deb/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/distro/deb/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/distro/deb/tests/control b/distro/deb/tests/control new file mode 100644 index 0000000..be666d7 --- /dev/null +++ b/distro/deb/tests/control @@ -0,0 +1,2 @@ +Test-Command: make installcheck +Depends: @, @builddeps@ |