summaryrefslogtreecommitdiffstats
path: root/debian/patches
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/0001-Update-documentation-of-keyfile-ro.patch41
-rw-r--r--debian/patches/0002-avoid-invocations-of-git-during-make-installcheck.patch33
-rw-r--r--debian/patches/0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch24
-rw-r--r--debian/patches/series3
4 files changed, 101 insertions, 0 deletions
diff --git a/debian/patches/0001-Update-documentation-of-keyfile-ro.patch b/debian/patches/0001-Update-documentation-of-keyfile-ro.patch
new file mode 100644
index 0000000..c7089a6
--- /dev/null
+++ b/debian/patches/0001-Update-documentation-of-keyfile-ro.patch
@@ -0,0 +1,41 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Sat, 17 Feb 2018 15:52:20 -0500
+Subject: Update documentation of --keyfile-ro
+
+On Debian systems, we depend on the OS package management to update
+the dns root data. Make the documentation for running with this
+option less scary-sounding, as it is the default.
+---
+ doc/kresd.8.in | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/doc/kresd.8.in b/doc/kresd.8.in
+index 0fa8cc9..2a5485a 100644
+--- a/doc/kresd.8.in
++++ b/doc/kresd.8.in
+@@ -123,7 +123,7 @@ file at the default location (\fIconfig\fR). The syntax is
+ described in \fIdaemon/README.md\fR.
+ .TP
+ .B \-k\fI keyfile\fR, \fB\-\-keyfile=\fI<keyfile>
+-(Recommended!) Automatically managed root trust anchors file.
++Automatically managed root trust anchors file.
+ Root trust anchors in this file are managed using standard RFC 5011 (Automated Updates of DNS Security Trust Anchors).
+ Kresd needs write access to the directory containing the keyfile.
+
+@@ -134,9 +134,14 @@ The file contains DNSKEY/DS records in presentation format,
+ and is compatible with Unbound and BIND 9 root key files.
+ .TP
+ .B \-K\fI keyfile\fR, \fB\-\-keyfile\-ro=\fI<keyfile>
+-(Discouraged) Static root trust anchors file. The file is not updated by kresd. Use of this option is discouraged because it will break your installation when the trust anchor key changes!
++Static root trust anchors file. The file is not updated by
++kresd. Please ensure that any running kresd instances are restarted if
++the trust anchors change. (On Debian, kresd will be restarted
++automatically when the dns-root-data package updates
++/usr/share/dns/root.key, so nothing extra needs to be done unless you
++diverge from the default here.)
+
+-Default: "@KEYFILE_DEFAULT@" (can be empty if your distribution did not provide one)
++Default: "@KEYFILE_DEFAULT@"
+ .TP
+ .B \-m\fI path\fR, \fB\-\-moduledir=\fI<path>
+ Override the directory that is searched for modules. Default: @MODULEDIR@
diff --git a/debian/patches/0002-avoid-invocations-of-git-during-make-installcheck.patch b/debian/patches/0002-avoid-invocations-of-git-during-make-installcheck.patch
new file mode 100644
index 0000000..01639e5
--- /dev/null
+++ b/debian/patches/0002-avoid-invocations-of-git-during-make-installcheck.patch
@@ -0,0 +1,33 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Wed, 12 Sep 2018 09:47:35 -0400
+Subject: avoid invocations of git during "make installcheck"
+
+The continuous integration test suite was printing a warning to stderr
+because of an attempt to invoke git. The debian builds are done from
+tarballs, so invoking git wouldn't make sense anyway.
+---
+ tests/test_integration.mk | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_integration.mk b/tests/test_integration.mk
+index a5d36c3..9c0768c 100644
+--- a/tests/test_integration.mk
++++ b/tests/test_integration.mk
+@@ -4,7 +4,7 @@
+ # 1. Run tests from main Deckard repo (generic DNS tests)
+ # 2. Run tests from kresd repo (kresd-specific tests)
+
+-SUBMODULES_DIRTY := $(shell git submodule status --recursive | cut -c 1 | grep -q '[^ ]' && echo $$?)
++SUBMODULES_DIRTY :=
+ REAL_PREFIX=$(realpath $(PREFIX))
+ REAL_CURDIR=$(realpath $(CURDIR))
+
+@@ -12,7 +12,7 @@ REAL_CURDIR=$(realpath $(CURDIR))
+ deckard_DIR := $(TOPSRCDIR)/tests/deckard
+
+ $(deckard_DIR)/Makefile:
+- @git submodule update --init --recursive
++ touch $@
+
+ # this is necessary to avoid multiple parallel but independent runs
+ # of 'make depend' from $(deckard_DIR)/run.sh
diff --git a/debian/patches/0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch b/debian/patches/0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch
new file mode 100644
index 0000000..8d3d869
--- /dev/null
+++ b/debian/patches/0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch
@@ -0,0 +1,24 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Thu, 7 Mar 2019 14:36:33 -0500
+Subject: Avoid clobbering CXX flags when compiling lua-aho-corasick
+
+Without this patch, any externally-set CXXFLAGS are not passed through
+to the underlying C++ compiler.
+
+---
+ modules/policy/policy.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/policy/policy.mk b/modules/policy/policy.mk
+index 98c9f88..43964dd 100644
+--- a/modules/policy/policy.mk
++++ b/modules/policy/policy.mk
+@@ -7,7 +7,7 @@ $(call make_lua_module,policy)
+ policy-clean:
+ $(MAKE) -C $(AHOCORASICK_DIR) clean
+ $(AHOCORASICK_DIR)ahocorasick$(LIBEXT): $(AHOCORASICK_DIR)Makefile
+- $(MAKE) -C $(AHOCORASICK_DIR) ahocorasick$(LIBEXT) CXXFLAGS="$(lua_CFLAGS)"
++ $(MAKE) -C $(AHOCORASICK_DIR) ahocorasick$(LIBEXT) CXXFLAGS="$(lua_CFLAGS) $(CXXFLAGS)"
+
+ policy-install: ahocorasick-install
+ ahocorasick-install: $(AHOCORASICK_DIR)ahocorasick$(LIBEXT) $(DESTDIR)$(MODULEDIR)
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..815a16c
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,3 @@
+0001-Update-documentation-of-keyfile-ro.patch
+0002-avoid-invocations-of-git-during-make-installcheck.patch
+0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch