summaryrefslogtreecommitdiffstats
path: root/distro/deb
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 00:55:53 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 00:55:53 +0000
commit3d0386f27ca66379acf50199e1d1298386eeeeb8 (patch)
treef87bd4a126b3a843858eb447e8fd5893c3ee3882 /distro/deb
parentInitial commit. (diff)
downloadknot-resolver-3d0386f27ca66379acf50199e1d1298386eeeeb8.tar.xz
knot-resolver-3d0386f27ca66379acf50199e1d1298386eeeeb8.zip
Adding upstream version 3.2.1.upstream/3.2.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'distro/deb')
-rw-r--r--distro/deb/NEWS23
-rw-r--r--distro/deb/README.source70
-rw-r--r--distro/deb/changelog6
-rw-r--r--distro/deb/clean4
-rw-r--r--distro/deb/compat1
-rw-r--r--distro/deb/control137
-rw-r--r--distro/deb/copyright448
-rw-r--r--distro/deb/docs1
-rwxr-xr-xdistro/deb/init-d-script239
-rw-r--r--distro/deb/knot-resolver-doc.doc-base11
-rw-r--r--distro/deb/knot-resolver-doc.docs1
-rw-r--r--distro/deb/knot-resolver-doc.links2
-rw-r--r--distro/deb/knot-resolver-module-http.install6
-rw-r--r--distro/deb/knot-resolver-module-http.links5
-rw-r--r--distro/deb/knot-resolver-module-tinyweb.install1
-rw-r--r--distro/deb/knot-resolver.dirs3
-rw-r--r--distro/deb/knot-resolver.install38
-rw-r--r--distro/deb/knot-resolver.kresd.default13
-rw-r--r--distro/deb/knot-resolver.kresd.init59
-rw-r--r--distro/deb/knot-resolver.links2
-rw-r--r--distro/deb/knot-resolver.manpages2
-rw-r--r--distro/deb/knot-resolver.postinst30
-rw-r--r--distro/deb/knot-resolver.postrm8
-rw-r--r--distro/deb/knot-resolver.triggers1
-rw-r--r--distro/deb/kresd.conf19
-rw-r--r--distro/deb/libkres-dev.install3
-rw-r--r--distro/deb/libkres9.install1
-rw-r--r--distro/deb/libkres9.symbols144
-rw-r--r--distro/deb/not-installed1
-rw-r--r--distro/deb/patches/0001-Update-documentation-of-keyfile-ro.patch41
-rw-r--r--distro/deb/patches/series1
-rwxr-xr-xdistro/deb/rules68
-rw-r--r--distro/deb/source/format1
-rw-r--r--distro/deb/tests/control2
34 files changed, 1392 insertions, 0 deletions
diff --git a/distro/deb/NEWS b/distro/deb/NEWS
new file mode 100644
index 0000000..e81403c
--- /dev/null
+++ b/distro/deb/NEWS
@@ -0,0 +1,23 @@
+knot-resolver (2.0.0-1) unstable; urgency=medium
+
+ Knot Resolver systemd service units are now templated, so that multiple
+ processes can run concurrently on multi-core systems. For a full
+ overview of the status of all the running daemons, use:
+
+ systemctl status system-kresd.slice
+
+ For more information about this setup, please see kresd.systemd(7).
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 03 Feb 2018 22:51:02 -0500
+
+knot-resolver (1.1.0~git2016072900-1) unstable; urgency=medium
+
+ Knot Resolver now starts and runs under unprivileged user and uses a
+ socket activations to bind on the privileged ports. That means that if
+ you use anything more complicated than that you need to either override
+ the default service file with `systemd edit kresd.service` and
+ `systemd edit kresd.socket` to add more IP addresses, or just disable
+ it with `systemd mask kresd*.socket kresd.service` and provide your
+ own custom system service file tailored to your needs.
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 04 Aug 2016 09:04:53 +0200
diff --git a/distro/deb/README.source b/distro/deb/README.source
new file mode 100644
index 0000000..657fc28
--- /dev/null
+++ b/distro/deb/README.source
@@ -0,0 +1,70 @@
+Tracking upstream sources in git
+--------------------------------
+
+This debian package is tracked in the git "debian/master" branch at
+https://salsa.debian.org/dns-team/knot-resolver, which
+includes the commits from the upstream git repository at
+https://gitlab.labs.nic.cz/knot/knot-resolver.git. When importing
+upstream tarballs, make sure you've fetched from the upstream repo
+before using "gbp import-orig" the tarball. We rely on
+upstream-vcs-tag from debian/gbp.conf to link upstream git history
+with new package history.
+
+See Joey Hess's thoughts about why tracking upstream git history is
+useful: https://joeyh.name/blog/entry/upstream_git_repositories/, as
+well as DEP-14 for the branch-naming scheme:
+http://dep.debian.net/deps/dep14/
+
+Rebuilding epoch.js and epoch.css
+---------------------------------
+
+ If you need to rebuild epoch.js and epoch.css using only tools
+ available in Debian, read gulpfile.js in d/missing-sources/epoch/ and
+ adjust following script if any files has been changed. You also need
+ to install ruby-sass, coffeescript and node-uglify
+
+cat > build.sh << EOF
+#!/bin/sh
+
+coffee -b -c \
+ src/epoch.coffee \
+ src/core/context.coffee \
+ src/core/util.coffee \
+ src/core/d3.coffee \
+ src/core/format.coffee \
+ src/core/chart.coffee \
+ src/core/css.coffee \
+ src/data.coffee \
+ src/model.coffee \
+ src/basic.coffee \
+ src/basic/*.coffee \
+ src/time.coffee \
+ src/time/*.coffee \
+ src/adapters.coffee \
+ src/adapters/*.coffee
+
+cat \
+ src/epoch.js \
+ src/core/context.js \
+ src/core/util.js \
+ src/core/d3.js \
+ src/core/format.js \
+ src/core/chart.js \
+ src/core/css.js \
+ src/data.js \
+ src/model.js \
+ src/basic.js \
+ src/basic/*.js \
+ src/time.js \
+ src/time/*.js \
+ src/adapters.js \
+ src/adapters/*.js \
+ > dist/js/epoch.js
+
+uglifyjs dist/js/epoch.js > dist/js/epoch.min.js
+
+sass -t compact sass/epoch.scss > dist/css/epoch.css
+sass -t compressed sass/epoch.scss > dist/css/epoch.min.css
+EOF
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Thu, 22 Feb 2018 13:25:27 -0800
diff --git a/distro/deb/changelog b/distro/deb/changelog
new file mode 100644
index 0000000..b0a6a3f
--- /dev/null
+++ b/distro/deb/changelog
@@ -0,0 +1,6 @@
+knot-resolver (__VERSION__-1) unstable; urgency=medium
+
+ * move changelog to OBS
+ * see NEWS or https://knot-resolver.cz
+
+ -- Tomas Krizek <tomas.krizek@nic.cz> Tue, 20 Feb 2018 19:36:45 +0100
diff --git a/distro/deb/clean b/distro/deb/clean
new file mode 100644
index 0000000..2ef7cbc
--- /dev/null
+++ b/distro/deb/clean
@@ -0,0 +1,4 @@
+doc/kresd.8
+libkres.pc
+lib/libkres.a
+lib/libkres.so.9
diff --git a/distro/deb/compat b/distro/deb/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/distro/deb/compat
@@ -0,0 +1 @@
+9
diff --git a/distro/deb/control b/distro/deb/control
new file mode 100644
index 0000000..012ff2b
--- /dev/null
+++ b/distro/deb/control
@@ -0,0 +1,137 @@
+Source: knot-resolver
+Section: net
+Priority: optional
+Maintainer: Knot Resolver <knot-resolver@labs.nic.cz>
+Uploaders:
+ Tomas Krizek <tomas.krizek@nic.cz>
+Build-Depends-Indep:
+ doxygen,
+ python3-breathe,
+ python3-sphinx,
+ python3-sphinx-rtd-theme,
+Build-Depends:
+ debhelper (>= 9~),
+ dns-root-data,
+ libcmocka-dev (>= 1.0.0),
+ libedit-dev,
+ libgeoip-dev,
+ libgnutls28-dev,
+ libknot-dev (>= 2.7.2),
+ liblmdb-dev,
+ libluajit-5.1-dev,
+ libsystemd-dev (>= 227) [linux-any],
+ libuv1-dev,
+ luajit,
+ pkg-config,
+Homepage: https://www.knot-resolver.cz/
+Rules-Requires-Root: no
+
+Package: knot-resolver
+Architecture: any
+Depends:
+ adduser,
+ dns-root-data,
+ libkres9 (= ${binary:Version}),
+ lua-sec,
+ lua-socket,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Recommends:
+ knot-resolver-module-http,
+Description: caching, DNSSEC-validating DNS resolver
+ The Knot Resolver is a caching full resolver implementation
+ written in C and LuaJIT, including both a resolver library and a
+ daemon. Modular architecture of the library keeps the core tiny and
+ efficient, and provides a state-machine like API for
+ extensions. There are three built-in modules - iterator, cache,
+ validator, and many external.
+ .
+ The Lua modules, switchable and shareable cache, and fast FFI
+ bindings makes it great to tap into resolution process, or be used
+ for your recursive DNS service. It's the OpenResty of DNS.
+ .
+ The server adopts a different scaling strategy than the rest of the
+ DNS recursors - no threading, shared-nothing architecture (except
+ MVCC cache that may be shared). You can start and stop additional
+ nodes depending on the contention without downtime.
+
+Package: knot-resolver-module-http
+Architecture: all
+Depends:
+ libjs-bootstrap,
+ libjs-d3,
+ libjs-jquery,
+ lua-http,
+ lua-mmdb,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Breaks:
+ knot-resolver-module-tinyweb (<< 1.1.0~git20160713-1~),
+Description: HTTP/2 module for Knot Resolver
+ The Knot Resolver is a caching full resolver implementation
+ written in C and LuaJIT, including both a resolver library and a
+ daemon. Modular architecture of the library keeps the core tiny and
+ efficient, and provides a state-machine like API for
+ extensions. There are three built-in modules - iterator, cache,
+ validator, and many external.
+ .
+ This package contains HTTP/2 module for local visualization of the
+ resolver cache and queries.
+
+Package: knot-resolver-doc
+Architecture: all
+Section: doc
+Depends:
+ libjs-jquery,
+ libjs-underscore,
+ ${misc:Depends},
+Description: Documentation for Knot Resolver
+ The Knot Resolver is a caching full resolver implementation
+ written in C and LuaJIT, including both a resolver library and a
+ daemon. Modular architecture of the library keeps the core tiny and
+ efficient, and provides a state-machine like API for
+ extensions. There are three built-in modules - iterator, cache,
+ validator, and many external.
+ .
+ This package contains Knot Resolver Documentation.
+
+Package: libkres9
+Architecture: any
+Section: libs
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Breaks:
+ knot-resolver (<< 3.2.0-1),
+Replaces:
+ knot-resolver (<< 3.2.0-1),
+Description: caching, DNSSEC-validating DNS resolver (shared library)
+ The Knot Resolver is a caching full resolver implementation
+ written in C and LuaJIT, including both a resolver library and a
+ daemon. Modular architecture of the library keeps the core tiny and
+ efficient, and provides a state-machine like API for
+ extensions.
+ .
+ This package contains the libkres shared library used by Knot
+ Resolver.
+
+Package: libkres-dev
+Architecture: any
+Section: libdevel
+Depends:
+ libkres9 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Breaks:
+ knot-resolver (<< 3.2.0-1),
+Replaces:
+ knot-resolver (<< 3.2.0-1),
+Description: caching, DNSSEC-validating DNS resolver (shared library development files)
+ The Knot Resolver is a caching full resolver implementation
+ written in C and LuaJIT, including both a resolver library and a
+ daemon. Modular architecture of the library keeps the core tiny and
+ efficient, and provides a state-machine like API for
+ extensions.
+ .
+ This package provides development files for use when building against
+ the libkres shared library.
diff --git a/distro/deb/copyright b/distro/deb/copyright
new file mode 100644
index 0000000..10ecbf3
--- /dev/null
+++ b/distro/deb/copyright
@@ -0,0 +1,448 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: knot-resolver
+Source: https://www.knot-resolver.cz/
+
+Files: *
+Copyright: 2015-2018 CZ.NIC
+License: GPL-3.0+
+
+Files: contrib/ccan/asprintf/*
+Copyright: Rusty Russell
+License: Expat
+
+Files: contrib/ccan/compiler/*
+ contrib/ccan/ilog/*
+Copyright: Rusty Russell
+License: CC0
+
+Files: tests/config/tapered/*
+Copyright: 2012-2017, Peter Aronoff
+License: BSD-3-clause
+
+Files: contrib/lmdb/*
+Copyright: 1999-2003 The OpenLDAP Foundation
+License: OpenLDAP
+
+Files: tests/deckard/contrib/libfaketime/*
+Copyright: 2003-2017 Wolfgang Hommel
+License: GPL-2
+
+Files: tests/deckard/contrib/libswrap/*
+Copyright: 2005,2008 Jelmer Vernooij <jelmer@samba.org>
+ 2006-2009 Stefan Metzmacher <metze@samba.org>
+ 2013 Andreas Schneider <asn@samba.org>
+License: BSD-3-clause
+
+Files: contrib/murmurhash3/*
+Copyright: Austin Appleby
+License: CC0-1.0
+
+Files: debian/missing-sources/dygraph-combined.js
+ modules/http/static/dygraph-combined.js
+Copyright: 2006-2014 Dan Vanderkam <danvdk@gmail.com>
+ 2016 Paul Miller
+ 2011 Robert Konigsberg <konigsberg@google.com>
+ 2013 David Eberlein <david.eberlein@ch.sauter-bc.com>
+License: MIT
+
+Files: contrib/ucw/*
+Copyright: 1997-2015 Martin Mares
+ 2005-2014 Tomas Valla
+ 2006 Robert Spalek
+ 2007-2015 Pavel Charvat
+License: LGPL-2.1
+
+Files: contrib/ccan/json/*
+Copyright: 2011 Joey Adams
+License: Expat
+
+Files: lib/generic/map.c lib/generic/map.h
+Copyright: Dan Bernstein
+ Jonas Gehring
+ Adam Langley
+ Marek Vavrusa
+License: public-domain
+
+Files: modules/policy/lua-aho-corasick/*
+Copyright: 2013 CloudFlare, Inc.
+License: BSD-3-CloudFlare
+
+Files: modules/http/static/jquery.js
+Copyright: 2005-2011 John Resig, Brandon Aaron & Jörn Zaefferer
+License: GPL-2 or Expat
+
+Files: modules/http/static/d3.js
+ modules/http/static/topojson.js
+Copyright: 2010-2015 Michael Bostock
+License: BSD-3-clause
+
+Files: modules/http/static/epoch.*
+ debian/missing-sources/epoch/*
+ debian/missing-sources/epoch.*
+Copyright: 2014 Fastly, Inc.
+License: Expat
+
+Files: modules/http/static/datamaps.world.min.js
+Copyright: 2012 Mark DiMarco
+License: Expat
+
+Files: modules/http/static/bootstrap.min.css
+ modules/http/static/bootstrap.min.js
+ modules/http/static/bootstrap-theme.min.css
+ modules/http/static/glyphicons-halflings-regular.woff2
+Copyright: 2012-2016 Thomas Park
+ 2011-2015 Twitter, Inc.
+License: Expat
+
+Files: modules/http/static/selectize.bootstrap3.min.css
+ modules/http/static/selectize.min.css
+ modules/http/static/selectize.min.js
+Copyright: 2013–2015 Brian Reavis & contributors
+License: Apache-2.0
+
+Files: debian/*
+Copyright: 2015 Ondřej Surý <ondrej@debian.org>
+License: GPL-3.0+
+
+License: LGPL-2.1
+ This library is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of the
+ License, or (at your option) any later version.
+ .
+ This library is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/LGPL-2.1".
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ SOFTWARE.
+
+License: CC0
+ Statement of Purpose
+ .
+ The laws of most jurisdictions throughout the world automatically
+ confer exclusive Copyright and Related Rights (defined below) upon
+ the creator and subsequent owner(s) (each and all, an "owner") of an
+ original work of authorship and/or a database (each, a "Work").
+ .
+ Certain owners wish to permanently relinquish those rights to a Work
+ for the purpose of contributing to a commons of creative, cultural
+ and scientific works ("Commons") that the public can reliably and
+ without fear of later claims of infringement build upon, modify,
+ incorporate in other works, reuse and redistribute as freely as
+ possible in any form whatsoever and for any purposes, including
+ without limitation commercial purposes. These owners may contribute
+ to the Commons to promote the ideal of a free culture and the further
+ production of creative, cultural and scientific works, or to gain
+ reputation or greater distribution for their Work in part through the
+ use and efforts of others.
+ .
+ For these and/or other purposes and motivations, and without any
+ expectation of additional consideration or compensation, the person
+ associating CC0 with a Work (the "Affirmer"), to the extent that he
+ or she is an owner of Copyright and Related Rights in the Work,
+ voluntarily elects to apply CC0 to the Work and publicly distribute
+ the Work under its terms, with knowledge of his or her Copyright and
+ Related Rights in the Work and the meaning and intended legal effect
+ of CC0 on those rights.
+ .
+ 1. Copyright and Related Rights. A Work made available under CC0 may
+ be protected by copyright and related or neighboring rights
+ ("Copyright and Related Rights"). Copyright and Related Rights
+ include, but are not limited to, the following:
+ .
+ i. the right to reproduce, adapt, distribute, perform, display,
+ communicate, and translate a Work;
+ ii. moral rights retained by the original author(s) and/or
+ performer(s);
+ iii. publicity and privacy rights pertaining to a person's image or
+ likeness depicted in a Work;
+ iv. rights protecting against unfair competition in regards to a
+ Work, subject to the limitations in paragraph 4(a), below;
+ v. rights protecting the extraction, dissemination, use and reuse
+ of data in a Work;
+ vi. database rights (such as those arising under Directive 96/9/EC
+ of the European Parliament and of the Council of 11 March 1996
+ on the legal protection of databases, and under any national
+ implementation thereof, including any amended or successor
+ version of such directive); and
+ vii. other similar, equivalent or corresponding rights throughout
+ the world based on applicable law or treaty, and any national
+ implementations thereof.
+ .
+ 2. Waiver. To the greatest extent permitted by, but not in
+ contravention of, applicable law, Affirmer hereby overtly, fully,
+ permanently, irrevocably and unconditionally waives, abandons, and
+ surrenders all of Affirmer's Copyright and Related Rights and
+ associated claims and causes of action, whether now known or
+ unknown (including existing as well as future claims and causes of
+ action), in the Work (i) in all territories worldwide, (ii) for
+ the maximum duration provided by applicable law or treaty
+ (including future time extensions), (iii) in any current or future
+ medium and for any number of copies, and (iv) for any purpose
+ whatsoever, including without limitation commercial, advertising
+ or promotional purposes (the "Waiver"). Affirmer makes the Waiver
+ for the benefit of each member of the public at large and to the
+ detriment of Affirmer's heirs and successors, fully intending that
+ such Waiver shall not be subject to revocation, rescission,
+ cancellation, termination, or any other legal or equitable action
+ to disrupt the quiet enjoyment of the Work by the public as
+ contemplated by Affirmer's express Statement of Purpose.
+ .
+ 3. Public License Fallback. Should any part of the Waiver for any
+ reason be judged legally invalid or ineffective under applicable
+ law, then the Waiver shall be preserved to the maximum extent
+ permitted taking into account Affirmer's express Statement of
+ Purpose. In addition, to the extent the Waiver is so judged
+ Affirmer hereby grants to each affected person a royalty-free, non
+ transferable, non sublicensable, non exclusive, irrevocable and
+ unconditional license to exercise Affirmer's Copyright and Related
+ Rights in the Work (i) in all territories worldwide, (ii) for the
+ maximum duration provided by applicable law or treaty (including
+ future time extensions), (iii) in any current or future medium and
+ for any number of copies, and (iv) for any purpose whatsoever,
+ including without limitation commercial, advertising or
+ promotional purposes (the "License"). The License shall be deemed
+ effective as of the date CC0 was applied by Affirmer to the
+ Work. Should any part of the License for any reason be judged
+ legally invalid or ineffective under applicable law, such partial
+ invalidity or ineffectiveness shall not invalidate the remainder
+ of the License, and in such case Affirmer hereby affirms that he
+ or she will not (i) exercise any of his or her remaining Copyright
+ and Related Rights in the Work or (ii) assert any associated
+ claims and causes of action with respect to the Work, in either
+ case contrary to Affirmer's express Statement of Purpose.
+ .
+ 4. Limitations and Disclaimers.
+ .
+ a. No trademark or patent rights held by Affirmer are waived,
+ abandoned, surrendered, licensed or otherwise affected by this
+ document.
+ b. Affirmer offers the Work as-is and makes no representations or
+ warranties of any kind concerning the Work, express, implied,
+ statutory or otherwise, including without limitation warranties
+ of title, merchantability, fitness for a particular purpose, non
+ infringement, or the absence of latent or other defects,
+ accuracy, or the present or absence of errors, whether or not
+ discoverable, all to the greatest extent permissible under
+ applicable law.
+ c. Affirmer disclaims responsibility for clearing rights of other
+ persons that may apply to the Work or any use thereof, including
+ without limitation any person's Copyright and Related Rights in
+ the Work. Further, Affirmer disclaims responsibility for
+ obtaining any necessary consents, permissions or other rights
+ required for any use of the Work.
+ d. Affirmer understands and acknowledges that Creative Commons is
+ not a party to this document and has no duty or obligation with
+ respect to this CC0 or use of the Work.
+
+License: BSD-3-CloudFlare
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ .
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+ .
+ 3. Neither the name of CloudFlare, Inc. nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: BSD-3-clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ .
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ 3. Neither the name of the author nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
+
+License: GPL-2
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ .
+ On Debian systems, the complete text of the GNU General Public
+ License version 2 can be found in "/usr/share/common-licenses/GPL-2".
+
+License: Apache-2.0
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+ .
+ https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the full text of the Apache Software License version 2 can
+ be found in the file `/usr/share/common-licenses/Apache-2.0'.
+
+License: MIT
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ SOFTWARE.
+
+License: OpenLDAP
+ Redistribution and use of this software and associated documentation
+ ("Software"), with or without modification, are permitted provided
+ that the following conditions are met:
+ .
+ 1. Redistributions in source form must retain copyright statements
+ and notices,
+ .
+ 2. Redistributions in binary form must reproduce applicable copyright
+ statements and notices, this list of conditions, and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution, and
+ .
+ 3. Redistributions must contain a verbatim copy of this document.
+ .
+ The OpenLDAP Foundation may revise this license from time to time.
+ Each revision is distinguished by a version number. You may use
+ this Software under terms of this license revision or under the
+ terms of any subsequent revision of the license.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
+ CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
+ OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ .
+ The names of the authors and copyright holders must not be used in
+ advertising or otherwise to promote the sale, use or other dealing
+ in this Software without specific, written prior permission. Title
+ to copyright in this Software shall at all times remain with copyright
+ holders.
+ .
+ OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+License: CC0-1.0
+ This work is licensed under the "Creative Commons Zero" license.
+ .
+ On debian systems, a copy of the Creative Commons Zero license may be
+ found at /usr/share/common-licenses/CC0-1.0.
+
+License: public-domain
+ This work has been released into the public domain. The map
+ implementation builds off of prior public domain work from Dan
+ Bernstein (qhasm) and Adam Langley (critbit).
diff --git a/distro/deb/docs b/distro/deb/docs
new file mode 100644
index 0000000..b43bf86
--- /dev/null
+++ b/distro/deb/docs
@@ -0,0 +1 @@
+README.md
diff --git a/distro/deb/init-d-script b/distro/deb/init-d-script
new file mode 100755
index 0000000..334dc32
--- /dev/null
+++ b/distro/deb/init-d-script
@@ -0,0 +1,239 @@
+#!/bin/sh
+# See init-d-script(5) for instructions on how to use this library.
+#=============================================================================
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh
+# script. Scripts running before mountnfs.sh should remove the /usr/*
+# entries.
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+export PATH
+
+is_call_implemented() {
+ command -V $1 > /dev/null 2>&1
+}
+
+do_usage() {
+ if is_call_implemented do_reload ; then
+ echo "Usage: $SCRIPTNAME {start|stop|status|reload|restart|try-restart|force-reload}" >&2
+ else
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|try-restart|force-reload}" >&2
+ fi
+}
+
+call() {
+ cmd="$1"
+ shift
+ if is_call_implemented ${cmd}_override ; then
+ ${cmd}_override "$@"
+ else
+ ${cmd} "$@"
+ fi
+}
+
+#
+# Function that starts the daemon/service
+#
+
+# Return
+# 0 if daemon has been started
+# 1 if daemon was already running
+# 2 if daemon could not be started
+do_start_cmd() {
+ start-stop-daemon --start --quiet ${PIDFILE:+--pidfile ${PIDFILE}} \
+ $START_ARGS \
+ --startas $DAEMON --name $NAME --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet ${PIDFILE:+--pidfile ${PIDFILE}} \
+ $START_ARGS \
+ --startas $DAEMON --name $NAME --exec $DAEMON -- $DAEMON_ARGS \
+ || return 2
+ # Add code here, if necessary, that waits for the process to be ready
+ # to handle requests from services started subsequently which depend
+ # on this one. As a last resort, sleep for some time.
+}
+
+do_start()
+{
+ if is_call_implemented do_start_prepare ; then
+ call do_start_prepare
+ fi
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ call do_start_cmd
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ if is_call_implemented do_start_cleanup ; then
+ call do_start_cleanup
+ fi
+}
+
+#
+# Function that stops the daemon/service
+#
+
+# Return
+# 0 if daemon has been stopped
+# 1 if daemon was already stopped
+# 2 if daemon could not be stopped
+# other if a failure occurred
+do_stop_cmd() {
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
+ $STOP_ARGS \
+ ${PIDFILE:+--pidfile ${PIDFILE}} --name $NAME --exec $DAEMON
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \
+ $STOP_ARGS \
+ --exec $DAEMON
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return $RETVAL
+}
+
+do_stop()
+{
+ if is_call_implemented do_stop_prepare ; then
+ call do_stop_prepare
+ fi
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ call do_stop_cmd
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ if is_call_implemented do_stop_cleanup ; then
+ call do_stop_cleanup
+ fi
+}
+
+do_restart() {
+ [ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME"
+ call do_stop_cmd
+ call do_start_cmd
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+}
+
+do_force_reload() {
+ if is_call_implemented do_reload ; then
+ call do_reload
+ else
+ call do_restart
+ fi
+}
+
+# Enable this using
+# alias do_reload=do_reload_sigusr1
+do_reload_sigusr1() {
+ log_daemon_msg "Reloading $DESC configuration files" "$NAME"
+ start-stop-daemon --oknodo --stop --signal 1 --quiet \
+ --pidfile "$PIDFILE" --exec "$DAEMON"
+ log_end_msg $?
+}
+
+do_status() {
+ status_of_proc "$DAEMON" "$NAME" && return 0 || return $?
+}
+
+if [ "$DEBUG" = "true" ] ; then
+ set -x
+fi
+
+SCRIPTNAME=$1
+scriptbasename="$(basename $1)"
+if [ "$scriptbasename" != "init-d-script" ] ; then
+ script="$1"
+ shift
+ . $script
+else
+ exit 0
+fi
+
+NAME=${NAME:=$(basename $DAEMON)}
+DESC=${DESC:=$NAME}
+
+# Do not use pid file if $PIDFILE is 'none'. Otherwise, generate from
+# $NAME or use the value provided by the init.d script.
+if [ none = "$PIDFILE" ] ; then
+ PIDFILE=
+elif [ -z "$PIDFILE" ] ; then
+ PIDFILE=/var/run/$NAME.pid
+fi
+
+# Exit if the package is not installed
+if [ none != "$DAEMON" ] && [ ! -x "$DAEMON" ] ; then
+ exit 0
+fi
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+if [ -t 0 ] ; then # Be verbose when called from a terminal
+ VERBOSE=yes
+fi
+
+case "$1" in
+ start)
+ call do_start
+ ;;
+ stop)
+ call do_stop
+ ;;
+ status)
+ call do_status
+ ;;
+ reload)
+ if is_call_implemented do_reload ; then
+ do_reload
+ else
+ call do_usage
+ exit 3
+ fi
+ ;;
+ force-reload)
+ call do_force_reload
+ ;;
+ restart)
+ call do_restart
+ ;;
+ try-restart)
+ log_daemon_msg "Trying to restart $DESC" "$NAME"
+ if call do_status > /dev/null 2>&1 ; then
+ call do_restart
+ log_end_msg $?
+ else
+ log_progress_msg "is not running."
+ log_end_msg 1
+ fi
+ ;;
+ '')
+ call do_usage
+ exit 3
+ ;;
+ *)
+ if is_call_implemented do_unknown ; then
+ call do_unknown "$1"
+ exit 3
+ else
+ call do_usage
+ exit 3
+ fi
+ ;;
+esac
+exit 0
diff --git a/distro/deb/knot-resolver-doc.doc-base b/distro/deb/knot-resolver-doc.doc-base
new file mode 100644
index 0000000..f82b8ba
--- /dev/null
+++ b/distro/deb/knot-resolver-doc.doc-base
@@ -0,0 +1,11 @@
+Document: knot-resolver
+Title: Knot Resolver documentation
+Author: CZ.NIC labs
+Abstract: Documentation for the Knot Resolver,
+ including building from source, using the library,
+ and configuration and operation of the daemon.
+Section: Network/Communication
+
+Format: HTML
+Index: /usr/share/doc/knot-resolver/index.html
+Files: /usr/share/doc/knot-resolver/*.html
diff --git a/distro/deb/knot-resolver-doc.docs b/distro/deb/knot-resolver-doc.docs
new file mode 100644
index 0000000..3ff7356
--- /dev/null
+++ b/distro/deb/knot-resolver-doc.docs
@@ -0,0 +1 @@
+doc/html/*
diff --git a/distro/deb/knot-resolver-doc.links b/distro/deb/knot-resolver-doc.links
new file mode 100644
index 0000000..4c7c74f
--- /dev/null
+++ b/distro/deb/knot-resolver-doc.links
@@ -0,0 +1,2 @@
+usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-resolver/_static/jquery.js
+usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-resolver/_static/underscore.js
diff --git a/distro/deb/knot-resolver-module-http.install b/distro/deb/knot-resolver-module-http.install
new file mode 100644
index 0000000..3c2d56b
--- /dev/null
+++ b/distro/deb/knot-resolver-module-http.install
@@ -0,0 +1,6 @@
+usr/lib/knot-resolver/http.lua
+usr/lib/knot-resolver/http/*.css
+usr/lib/knot-resolver/http/*.ico
+usr/lib/knot-resolver/http/*.js
+usr/lib/knot-resolver/http/*.tpl
+usr/lib/knot-resolver/http/*.woff2
diff --git a/distro/deb/knot-resolver-module-http.links b/distro/deb/knot-resolver-module-http.links
new file mode 100644
index 0000000..322529c
--- /dev/null
+++ b/distro/deb/knot-resolver-module-http.links
@@ -0,0 +1,5 @@
+/usr/share/javascript/bootstrap/css/bootstrap-theme.min.css /usr/lib/knot-resolver/http/bootstrap-theme.min.css
+/usr/share/javascript/bootstrap/css/bootstrap.min.css /usr/lib/knot-resolver/http/bootstrap.min.css
+/usr/share/javascript/bootstrap/js/bootstrap.min.js /usr/lib/knot-resolver/http/bootstrap.min.js
+/usr/share/javascript/d3/d3.min.js /usr/lib/knot-resolver/http/d3.js
+/usr/share/javascript/jquery/jquery.min.js /usr/lib/knot-resolver/http/jquery.js
diff --git a/distro/deb/knot-resolver-module-tinyweb.install b/distro/deb/knot-resolver-module-tinyweb.install
new file mode 100644
index 0000000..905241c
--- /dev/null
+++ b/distro/deb/knot-resolver-module-tinyweb.install
@@ -0,0 +1 @@
+usr/lib/knot-resolver/tinyweb/*
diff --git a/distro/deb/knot-resolver.dirs b/distro/deb/knot-resolver.dirs
new file mode 100644
index 0000000..472b32a
--- /dev/null
+++ b/distro/deb/knot-resolver.dirs
@@ -0,0 +1,3 @@
+/etc/knot-resolver
+/usr/share/doc/knot-resolver/examples/
+/var/lib/knot-resolver
diff --git a/distro/deb/knot-resolver.install b/distro/deb/knot-resolver.install
new file mode 100644
index 0000000..d6c9b10
--- /dev/null
+++ b/distro/deb/knot-resolver.install
@@ -0,0 +1,38 @@
+debian/init-d-script usr/lib/knot-resolver/
+debian/kresd.conf etc/knot-resolver/
+etc/knot-resolver/config.* /usr/share/doc/knot-resolver/examples/
+distro/common/systemd/kresd-control@.socket lib/systemd/system/
+distro/common/systemd/kresd-tls.socket lib/systemd/system/
+distro/common/systemd/kresd.socket lib/systemd/system/
+distro/common/systemd/kresd@.service lib/systemd/system/
+distro/common/systemd/kresd.target lib/systemd/system/
+distro/common/tmpfiles/knot-resolver.conf usr/lib/tmpfiles.d/
+usr/lib/knot-resolver/*.so
+usr/lib/knot-resolver/basexx.lua
+usr/lib/knot-resolver/daf.lua
+usr/lib/knot-resolver/daf/
+usr/lib/knot-resolver/detect_time_jump.lua
+usr/lib/knot-resolver/detect_time_skew.lua
+usr/lib/knot-resolver/dns64.lua
+usr/lib/knot-resolver/etcd.lua
+usr/lib/knot-resolver/experimental_dot_auth.lua
+usr/lib/knot-resolver/graphite.lua
+usr/lib/knot-resolver/http_trace.lua
+usr/lib/knot-resolver/kres-gen.lua
+usr/lib/knot-resolver/kres.lua
+usr/lib/knot-resolver/policy.lua
+usr/lib/knot-resolver/predict.lua
+usr/lib/knot-resolver/prefill.lua
+usr/lib/knot-resolver/priming.lua
+usr/lib/knot-resolver/prometheus.lua
+usr/lib/knot-resolver/rebinding.lua
+usr/lib/knot-resolver/renumber.lua
+usr/lib/knot-resolver/serve_stale.lua
+usr/lib/knot-resolver/ta_sentinel.lua
+usr/lib/knot-resolver/ta_signal_query.lua
+usr/lib/knot-resolver/trust_anchors.lua
+usr/lib/knot-resolver/view.lua
+usr/lib/knot-resolver/workarounds.lua
+usr/lib/knot-resolver/zonefile.lua
+usr/sbin/kresc
+usr/sbin/kresd
diff --git a/distro/deb/knot-resolver.kresd.default b/distro/deb/knot-resolver.kresd.default
new file mode 100644
index 0000000..f7c46e5
--- /dev/null
+++ b/distro/deb/knot-resolver.kresd.default
@@ -0,0 +1,13 @@
+# /etc/default/kresd
+
+# This file is used only under sysvinit. If you use systemd and you
+# want to modify the arguments with which kresd is invoked, you should
+# instead use "systemctl edit kresd@.service" to override ExecStart=
+# in the [Service] section (see kresd.systemd(7) for more details).
+
+# For sysvinit users: KRESD_ARGS used to exist for historical reasons,
+# but that variable is deprecated and may stop working at some point
+# in the future. You are encouraged to merge any local changes into
+# DAEMON_ARGS directly.
+
+DAEMON_ARGS="--config=/etc/knot-resolver/kresd.conf --addr=127.0.0.1#53 --addr=::1#53 $KRESD_ARGS"
diff --git a/distro/deb/knot-resolver.kresd.init b/distro/deb/knot-resolver.kresd.init
new file mode 100644
index 0000000..b1361fd
--- /dev/null
+++ b/distro/deb/knot-resolver.kresd.init
@@ -0,0 +1,59 @@
+#!/bin/sh
+# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing.
+if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then
+ if [ -x /lib/init/init-d-script ]; then
+ set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script
+ else
+ set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /usr/lib/knot-resolver/init-d-script
+ fi
+fi
+### BEGIN INIT INFO
+# Provides: kresd
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Knot Resolver
+# Description: Knot Resolver
+### END INIT INFO
+
+# Author: Ondřej Surý <ondrej@debian.org>
+
+NAME=kresd
+DESC="Knot Resolver"
+DAEMON=/usr/sbin/kresd
+START_ARGS="--background --make-pidfile"
+
+do_tmpfiles() {
+ local tmpfile type path mode user group age argument
+ tmpfile=/usr/lib/tmpfiles.d/$1.conf
+ if [ -r "$tmpfile" ]; then
+ if [ -x /bin/systemd-tmpfiles ]; then
+ /bin/systemd-tmpfiles --create "$tmpfile"
+ else
+ while read type path mode user group age argument; do
+ case "$type" in
+ d)
+ mkdir -p "$path";
+ chmod "$mode" "$path";
+ chown "$user:$group" "$path";
+ ;;
+ L)
+ if [ ! -e "$path" ]; then ln -s "$argument" "$path"; fi
+ ;;
+ \#*)
+ ;;
+ *)
+ log_warning_msg "tmpfile.d type '$type' is not supported yet"
+ ;;
+ esac
+ done < "$tmpfile"
+ fi
+ else
+ log_warning_msg "tmpfiles.d file '$1' doesn't exist or is not readable"
+ fi
+}
+
+do_start_prepare() {
+ do_tmpfiles knot-resolver
+}
diff --git a/distro/deb/knot-resolver.links b/distro/deb/knot-resolver.links
new file mode 100644
index 0000000..8196524
--- /dev/null
+++ b/distro/deb/knot-resolver.links
@@ -0,0 +1,2 @@
+dev/null lib/systemd/system/kresd.service
+lib/systemd/system/kresd.target lib/systemd/system/multi-user.target.wants/kresd.target
diff --git a/distro/deb/knot-resolver.manpages b/distro/deb/knot-resolver.manpages
new file mode 100644
index 0000000..9f97677
--- /dev/null
+++ b/distro/deb/knot-resolver.manpages
@@ -0,0 +1,2 @@
+debian/tmp/usr/share/man/man8/kresd.8
+distro/common/systemd/kresd.systemd.7
diff --git a/distro/deb/knot-resolver.postinst b/distro/deb/knot-resolver.postinst
new file mode 100644
index 0000000..7c4bc5b
--- /dev/null
+++ b/distro/deb/knot-resolver.postinst
@@ -0,0 +1,30 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = "configure" ]; then
+ adduser --quiet --system --group --no-create-home --home /var/cache/knot-resolver knot-resolver
+fi
+
+# Restart any running kresd instances if the root key is updated.
+# Note: if knot-resolver upstream watches this file and reloads it
+# upon a change, we can and should remove this trigger.
+if [ "$1" = "triggered" ]; then
+ if [ "$2" = "/usr/share/dns/root.key" ]; then
+ # systemctl of the sub-services is the preferred method to restart
+ systemctl try-restart 'kresd@*.service' || true
+ # but if we are running sysvinit, we can try to restart that process anyway
+ # (kresd.service is masked on systems that use systemd)
+ invoke-rc.d kresd try-restart || true
+ fi
+ exit 0
+fi
+
+if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
+ if [ -d /run/systemd/system ]; then
+ systemctl try-restart 'kresd@*.service' || true
+ else
+ invoke-rc.d kresd try-restart || true
+ fi
+fi
+
+#DEBHELPER#
diff --git a/distro/deb/knot-resolver.postrm b/distro/deb/knot-resolver.postrm
new file mode 100644
index 0000000..d67739e
--- /dev/null
+++ b/distro/deb/knot-resolver.postrm
@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = "remove" ] && [ -x "/bin/systemctl" ]; then
+ systemctl stop system-kresd.slice || true
+fi
+
+#DEBHELPER#
diff --git a/distro/deb/knot-resolver.triggers b/distro/deb/knot-resolver.triggers
new file mode 100644
index 0000000..e8d8246
--- /dev/null
+++ b/distro/deb/knot-resolver.triggers
@@ -0,0 +1 @@
+interest-noawait /usr/share/dns/root.key
diff --git a/distro/deb/kresd.conf b/distro/deb/kresd.conf
new file mode 100644
index 0000000..e452f0e
--- /dev/null
+++ b/distro/deb/kresd.conf
@@ -0,0 +1,19 @@
+-- vim:syntax=lua:
+-- Refer to manual: http://knot-resolver.readthedocs.org/en/latest/daemon.html#configuration
+
+-- Load useful modules
+modules = {
+ 'hints > iterate', -- Load /etc/hosts and allow custom root hints
+ 'stats', -- Track internal statistics
+ 'predict', -- Prefetch expiring/frequent records
+}
+
+-- See kresd.systemd(7) about configuring network interfaces when using systemd
+-- Listen on localhost (default)
+-- net = { '127.0.0.1', '::1' }
+
+-- To disable DNSSEC validation, uncomment the following line (not recommended)
+-- trust_anchors.keyfile_default = nil
+
+-- Cache size
+cache.size = 100 * MB
diff --git a/distro/deb/libkres-dev.install b/distro/deb/libkres-dev.install
new file mode 100644
index 0000000..d565b38
--- /dev/null
+++ b/distro/deb/libkres-dev.install
@@ -0,0 +1,3 @@
+usr/include/libkres/*.h
+usr/lib/*.so
+usr/lib/pkgconfig/libkres.pc
diff --git a/distro/deb/libkres9.install b/distro/deb/libkres9.install
new file mode 100644
index 0000000..093956b
--- /dev/null
+++ b/distro/deb/libkres9.install
@@ -0,0 +1 @@
+usr/lib/*.so.*
diff --git a/distro/deb/libkres9.symbols b/distro/deb/libkres9.symbols
new file mode 100644
index 0000000..444e333
--- /dev/null
+++ b/distro/deb/libkres9.symbols
@@ -0,0 +1,144 @@
+libkres.so.9 libkres9 #MINVER#
+ cache_api@Base 2.1.0
+ iterate_api@Base 2.1.0
+ kr_bitcmp@Base 2.1.0
+ kr_cache_clear@Base 2.1.0
+ kr_cache_close@Base 2.1.0
+ kr_cache_closest_apex@Base 3.1.0
+ kr_cache_emergency_file_to_remove@Base 3.1.0
+ kr_cache_insert_rr@Base 3.0.0
+ kr_cache_match@Base 3.1.0
+ kr_cache_materialize@Base 2.1.0
+ kr_cache_open@Base 2.1.0
+ kr_cache_peek_exact@Base 2.1.0
+ kr_cache_remove@Base 3.1.0
+ kr_cache_remove_subtree@Base 3.1.0
+ kr_cache_sync@Base 2.1.0
+ kr_cache_ttl@Base 2.1.0
+ kr_cdb_lmdb@Base 2.1.0
+ kr_crypto_cleanup@Base 2.1.0
+ kr_crypto_init@Base 2.1.0
+ kr_crypto_reinit@Base 2.1.0
+ kr_dnssec_key_ksk@Base 2.1.0
+ kr_dnssec_key_match@Base 2.1.0
+ kr_dnssec_key_revoked@Base 2.1.0
+ kr_dnssec_key_tag@Base 2.1.0
+ kr_dnssec_key_zsk@Base 2.1.0
+ kr_family_len@Base 2.1.0
+ kr_inaddr@Base 2.1.0
+ kr_inaddr_family@Base 2.1.0
+ kr_inaddr_len@Base 2.1.0
+ kr_inaddr_port@Base 2.1.0
+ kr_inaddr_set_port@Base 3.1.0
+ kr_inaddr_str@Base 2.1.0
+ kr_log_qverbose_impl@Base 3.2.0
+ kr_log_trace@Base 2.1.0
+ kr_log_verbose@Base 2.1.0
+ kr_make_query@Base 3.0.0
+ kr_memreserve@Base 2.1.0
+ kr_module_call@Base 2.1.0
+ kr_module_embedded@Base 2.1.0
+ kr_module_load@Base 2.1.0
+ kr_module_unload@Base 2.1.0
+ kr_now@Base 2.1.0
+ kr_nsrep_elect@Base 2.1.0
+ kr_nsrep_elect_addr@Base 2.1.0
+ kr_nsrep_set@Base 2.1.0
+ kr_nsrep_sort@Base 3.2.0
+ kr_nsrep_update_rep@Base 2.1.0
+ kr_nsrep_update_rtt@Base 2.1.0
+ kr_pkt_clear_payload@Base 2.1.0
+ kr_pkt_make_auth_header@Base 2.1.0
+ kr_pkt_put@Base 2.1.0
+ kr_pkt_qclass@Base 3.0.0
+ kr_pkt_qtype@Base 3.0.0
+ kr_pkt_recycle@Base 2.1.0
+ kr_qflags_clear@Base 2.1.0
+ kr_qflags_set@Base 2.1.0
+ kr_ranked_rrarray_add@Base 2.1.0
+ kr_resolve_begin@Base 2.1.0
+ kr_resolve_checkout@Base 2.1.0
+ kr_resolve_consume@Base 2.1.0
+ kr_resolve_finish@Base 2.1.0
+ kr_resolve_plan@Base 2.1.0
+ kr_resolve_pool@Base 2.1.0
+ kr_resolve_produce@Base 2.1.0
+ kr_rnd_buffered@Base 3.2.0
+ kr_rplan_deinit@Base 2.1.0
+ kr_rplan_empty@Base 2.1.0
+ kr_rplan_find_resolved@Base 2.1.0
+ kr_rplan_init@Base 2.1.0
+ kr_rplan_last@Base 2.1.0
+ kr_rplan_pop@Base 2.1.0
+ kr_rplan_push@Base 2.1.0
+ kr_rplan_push_empty@Base 2.1.0
+ kr_rplan_resolved@Base 2.1.0
+ kr_rplan_satisfies@Base 2.1.0
+ kr_rrkey@Base 2.1.0
+ kr_rrset_init@Base 3.0.0
+ kr_rrsig_sig_expiration@Base 3.0.0
+ kr_rrsig_sig_inception@Base 3.0.0
+ kr_rrsig_type_covered@Base 3.0.0
+ kr_sockaddr_cmp@Base 3.0.0
+ kr_sockaddr_len@Base 2.1.0
+ kr_straddr_family@Base 2.1.0
+ kr_straddr_join@Base 2.1.0
+ kr_straddr_socket@Base 2.1.0
+ kr_straddr_split@Base 2.1.0
+ kr_straddr_subnet@Base 2.1.0
+ kr_strcatdup@Base 2.1.0
+ kr_ta_add@Base 2.1.0
+ kr_ta_clear@Base 2.1.0
+ kr_ta_covers@Base 2.1.0
+ kr_ta_covers_qry@Base 2.1.0
+ kr_ta_del@Base 2.1.0
+ kr_ta_get@Base 2.1.0
+ kr_ta_get_longest_name@Base 2.1.0
+ kr_unpack_cache_key@Base 3.1.0
+ kr_verbose_set@Base 2.1.0
+ kr_verbose_status@Base 2.1.0
+ kr_zonecut_add@Base 3.2.0
+ kr_zonecut_copy@Base 2.1.0
+ kr_zonecut_copy_trust@Base 2.1.0
+ kr_zonecut_deinit@Base 2.1.0
+ kr_zonecut_del@Base 3.2.0
+ kr_zonecut_del_all@Base 2.1.0
+ kr_zonecut_find@Base 2.1.0
+ kr_zonecut_find_cached@Base 2.1.0
+ kr_zonecut_init@Base 2.1.0
+ kr_zonecut_is_empty@Base 3.0.0
+ kr_zonecut_move@Base 3.2.0
+ kr_zonecut_set@Base 2.1.0
+ kr_zonecut_set_sbelt@Base 2.1.0
+ lru_apply_impl@Base 2.1.0
+ lru_create_impl@Base 2.1.0
+ lru_free_items_impl@Base 2.1.0
+ lru_get_impl@Base 2.1.0
+ map_clear@Base 2.1.0
+ map_contains@Base 2.1.0
+ map_del@Base 2.1.0
+ map_get@Base 2.1.0
+ map_set@Base 2.1.0
+ map_walk_prefixed@Base 2.1.0
+ mm_realloc@Base 3.2.0
+ queue_deinit_impl@Base 3.1.0
+ queue_init_impl@Base 3.1.0
+ queue_push_head_impl@Base 3.1.0
+ queue_push_impl@Base 3.1.0
+ trie_clear@Base 3.0.0
+ trie_create@Base 3.0.0
+ trie_del@Base 3.0.0
+ trie_del_first@Base 3.1.0
+ trie_free@Base 3.0.0
+ trie_get_first@Base 3.1.0
+ trie_get_ins@Base 3.0.0
+ trie_get_leq@Base 3.1.0
+ trie_get_try@Base 3.0.0
+ trie_it_begin@Base 3.0.0
+ trie_it_finished@Base 3.0.0
+ trie_it_free@Base 3.0.0
+ trie_it_key@Base 3.0.0
+ trie_it_next@Base 3.0.0
+ trie_it_val@Base 3.0.0
+ trie_weight@Base 3.0.0
+ validate_api@Base 2.1.0
diff --git a/distro/deb/not-installed b/distro/deb/not-installed
new file mode 100644
index 0000000..590e3b2
--- /dev/null
+++ b/distro/deb/not-installed
@@ -0,0 +1 @@
+usr/lib/knot-resolver/http/LICENSE
diff --git a/distro/deb/patches/0001-Update-documentation-of-keyfile-ro.patch b/distro/deb/patches/0001-Update-documentation-of-keyfile-ro.patch
new file mode 100644
index 0000000..53e6bb3
--- /dev/null
+++ b/distro/deb/patches/0001-Update-documentation-of-keyfile-ro.patch
@@ -0,0 +1,41 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Sat, 17 Feb 2018 15:52:20 -0500
+Subject: Update documentation of --keyfile-ro
+
+On Debian systems, we depend on the OS package management to update
+the dns root data. Make the documentation for running with this
+option less scary-sounding, as it is the default.
+---
+ doc/kresd.8.in | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/doc/kresd.8.in b/doc/kresd.8.in
+index 266e9f0..6c5195b 100644
+--- a/doc/kresd.8.in
++++ b/doc/kresd.8.in
+@@ -123,7 +123,7 @@ file at the default location (\fIconfig\fR). The syntax is
+ described in \fIdaemon/README.md\fR.
+ .TP
+ .B \-k\fI keyfile\fR, \fB\-\-keyfile=\fI<keyfile>
+-(Recommended!) Automatically managed root trust anchors file.
++Automatically managed root trust anchors file.
+ Root trust anchors in this file are managed using standard RFC 5011 (Automated Updates of DNS Security Trust Anchors).
+ Kresd needs write access to the directory containing the keyfile.
+
+@@ -134,9 +134,14 @@ The file contains DNSKEY/DS records in presentation format,
+ and is compatible with Unbound and BIND 9 root key files.
+ .TP
+ .B \-K\fI keyfile\fR, \fB\-\-keyfile\-ro=\fI<keyfile>
+-(Discouraged) Static root trust anchors file. The file is not updated by kresd. Use of this option is discouraged because it will break your installation when the trust anchor key changes!
++Static root trust anchors file. The file is not updated by
++kresd. Please ensure that any running kresd instances are restarted if
++the trust anchors change. (On Debian, kresd will be restarted
++automatically when the dns-root-data package updates
++/usr/share/dns/root.key, so nothing extra needs to be done unless you
++diverge from the default here.)
+
+-Default: "@KEYFILE_DEFAULT@" (can be empty if your distribution did not provide one)
++Default: "@KEYFILE_DEFAULT@"
+ .TP
+ .B \-m\fI path\fR, \fB\-\-moduledir=\fI<path>
+ Override the directory that is searched for modules. Default: @MODULEDIR@
diff --git a/distro/deb/patches/series b/distro/deb/patches/series
new file mode 100644
index 0000000..5f6f9b5
--- /dev/null
+++ b/distro/deb/patches/series
@@ -0,0 +1 @@
+0001-Update-documentation-of-keyfile-ro.patch
diff --git a/distro/deb/rules b/distro/deb/rules
new file mode 100755
index 0000000..758f30c
--- /dev/null
+++ b/distro/deb/rules
@@ -0,0 +1,68 @@
+#!/usr/bin/make -f
+
+# see FEATURE AREAS in dpkg-buildflags(1)
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
+
+# see ENVIRONMENT in dpkg-buildflags(1)
+# package maintainers to append CFLAGS
+export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic -fno-omit-frame-pointer
+# package maintainers to append LDFLAGS
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/*
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/default.mk
+
+export ARCH=$(DEB_HOST_GNU_CPU)
+export PREFIX=/usr
+export MODULEDIR=/usr/lib/knot-resolver
+export ETCDIR=/etc/knot-resolver
+
+RUN_TESTS := yes
+ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),hurd-i386 mips mipsel ppc64 ppc64el armel armhf arm64 kfreebsd-amd64 kfreebsd-i386))
+ $(warning Disabling checks on $(DEB_HOST_ARCH))
+ RUN_TESTS := no
+endif
+
+%:
+ dh $@
+
+override_dh_auto_clean-indep:
+ dh_auto_clean -- doc-clean http-clean
+
+override_dh_auto_build-arch:
+ CFLAGS="$${CFLAGS} -DNDEBUG" dh_auto_build -- V=1 BUILDMODE=static lib
+ CFLAGS="$${CFLAGS} -DNDEBUG" dh_auto_build -- V=1 \
+ ROOTHINTS=/usr/share/dns/root.hints \
+ KEYFILE_DEFAULT=/usr/share/dns/root.key
+
+override_dh_auto_build-indep:
+ dh_auto_build -- V=1 http
+ dh_auto_build -- V=1 doc-doxygen
+ cd doc && sphinx-build -b html -D html_theme=nature . html
+
+override_dh_auto_install-arch:
+ dh_auto_install --destdir=debian/tmp -- V=1 KEYFILE_DEFAULT=/usr/share/dns/root.key
+ rm -f debian/tmp/etc/knot-resolver/root.hints debian/tmp/etc/knot-resolver/icann-ca.pem
+
+override_dh_auto_install-indep:
+# install just the http/2 module
+ make http-install DESTDIR=debian/tmp V=1
+
+override_dh_installinit:
+ dh_installinit -pknot-resolver --name=kresd --no-start
+
+override_dh_installsystemd:
+ dh_installsystemd -pknot-resolver --name=kresd kresd-tls.socket kresd.socket
+
+override_dh_auto_test-indep:
+override_dh_auto_test-arch:
+ifeq ($(RUN_TESTS),yes)
+ dh_auto_test -- V=1
+endif
+
+override_dh_missing:
+ dh_missing --fail-missing
+
+override_dh_installchangelogs:
+ dh_installchangelogs NEWS
diff --git a/distro/deb/source/format b/distro/deb/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/distro/deb/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/distro/deb/tests/control b/distro/deb/tests/control
new file mode 100644
index 0000000..be666d7
--- /dev/null
+++ b/distro/deb/tests/control
@@ -0,0 +1,2 @@
+Test-Command: make installcheck
+Depends: @, @builddeps@