diff options
Diffstat (limited to '')
4 files changed, 101 insertions, 0 deletions
diff --git a/debian/patches/0001-Update-documentation-of-keyfile-ro.patch b/debian/patches/0001-Update-documentation-of-keyfile-ro.patch new file mode 100644 index 0000000..c7089a6 --- /dev/null +++ b/debian/patches/0001-Update-documentation-of-keyfile-ro.patch @@ -0,0 +1,41 @@ +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Sat, 17 Feb 2018 15:52:20 -0500 +Subject: Update documentation of --keyfile-ro + +On Debian systems, we depend on the OS package management to update +the dns root data. Make the documentation for running with this +option less scary-sounding, as it is the default. +--- + doc/kresd.8.in | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/doc/kresd.8.in b/doc/kresd.8.in +index 0fa8cc9..2a5485a 100644 +--- a/doc/kresd.8.in ++++ b/doc/kresd.8.in +@@ -123,7 +123,7 @@ file at the default location (\fIconfig\fR). The syntax is + described in \fIdaemon/README.md\fR. + .TP + .B \-k\fI keyfile\fR, \fB\-\-keyfile=\fI<keyfile> +-(Recommended!) Automatically managed root trust anchors file. ++Automatically managed root trust anchors file. + Root trust anchors in this file are managed using standard RFC 5011 (Automated Updates of DNS Security Trust Anchors). + Kresd needs write access to the directory containing the keyfile. + +@@ -134,9 +134,14 @@ The file contains DNSKEY/DS records in presentation format, + and is compatible with Unbound and BIND 9 root key files. + .TP + .B \-K\fI keyfile\fR, \fB\-\-keyfile\-ro=\fI<keyfile> +-(Discouraged) Static root trust anchors file. The file is not updated by kresd. Use of this option is discouraged because it will break your installation when the trust anchor key changes! ++Static root trust anchors file. The file is not updated by ++kresd. Please ensure that any running kresd instances are restarted if ++the trust anchors change. (On Debian, kresd will be restarted ++automatically when the dns-root-data package updates ++/usr/share/dns/root.key, so nothing extra needs to be done unless you ++diverge from the default here.) + +-Default: "@KEYFILE_DEFAULT@" (can be empty if your distribution did not provide one) ++Default: "@KEYFILE_DEFAULT@" + .TP + .B \-m\fI path\fR, \fB\-\-moduledir=\fI<path> + Override the directory that is searched for modules. Default: @MODULEDIR@ diff --git a/debian/patches/0002-avoid-invocations-of-git-during-make-installcheck.patch b/debian/patches/0002-avoid-invocations-of-git-during-make-installcheck.patch new file mode 100644 index 0000000..01639e5 --- /dev/null +++ b/debian/patches/0002-avoid-invocations-of-git-during-make-installcheck.patch @@ -0,0 +1,33 @@ +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Wed, 12 Sep 2018 09:47:35 -0400 +Subject: avoid invocations of git during "make installcheck" + +The continuous integration test suite was printing a warning to stderr +because of an attempt to invoke git. The debian builds are done from +tarballs, so invoking git wouldn't make sense anyway. +--- + tests/test_integration.mk | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/test_integration.mk b/tests/test_integration.mk +index a5d36c3..9c0768c 100644 +--- a/tests/test_integration.mk ++++ b/tests/test_integration.mk +@@ -4,7 +4,7 @@ + # 1. Run tests from main Deckard repo (generic DNS tests) + # 2. Run tests from kresd repo (kresd-specific tests) + +-SUBMODULES_DIRTY := $(shell git submodule status --recursive | cut -c 1 | grep -q '[^ ]' && echo $$?) ++SUBMODULES_DIRTY := + REAL_PREFIX=$(realpath $(PREFIX)) + REAL_CURDIR=$(realpath $(CURDIR)) + +@@ -12,7 +12,7 @@ REAL_CURDIR=$(realpath $(CURDIR)) + deckard_DIR := $(TOPSRCDIR)/tests/deckard + + $(deckard_DIR)/Makefile: +- @git submodule update --init --recursive ++ touch $@ + + # this is necessary to avoid multiple parallel but independent runs + # of 'make depend' from $(deckard_DIR)/run.sh diff --git a/debian/patches/0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch b/debian/patches/0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch new file mode 100644 index 0000000..8d3d869 --- /dev/null +++ b/debian/patches/0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch @@ -0,0 +1,24 @@ +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Thu, 7 Mar 2019 14:36:33 -0500 +Subject: Avoid clobbering CXX flags when compiling lua-aho-corasick + +Without this patch, any externally-set CXXFLAGS are not passed through +to the underlying C++ compiler. + +--- + modules/policy/policy.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/policy/policy.mk b/modules/policy/policy.mk +index 98c9f88..43964dd 100644 +--- a/modules/policy/policy.mk ++++ b/modules/policy/policy.mk +@@ -7,7 +7,7 @@ $(call make_lua_module,policy) + policy-clean: + $(MAKE) -C $(AHOCORASICK_DIR) clean + $(AHOCORASICK_DIR)ahocorasick$(LIBEXT): $(AHOCORASICK_DIR)Makefile +- $(MAKE) -C $(AHOCORASICK_DIR) ahocorasick$(LIBEXT) CXXFLAGS="$(lua_CFLAGS)" ++ $(MAKE) -C $(AHOCORASICK_DIR) ahocorasick$(LIBEXT) CXXFLAGS="$(lua_CFLAGS) $(CXXFLAGS)" + + policy-install: ahocorasick-install + ahocorasick-install: $(AHOCORASICK_DIR)ahocorasick$(LIBEXT) $(DESTDIR)$(MODULEDIR) diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..815a16c --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,3 @@ +0001-Update-documentation-of-keyfile-ro.patch +0002-avoid-invocations-of-git-during-make-installcheck.patch +0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch |