diff options
Diffstat (limited to '')
4 files changed, 194 insertions, 0 deletions
diff --git a/debian/patches/0001-avoid-git-version-inclusion-in-debian-packages.patch b/debian/patches/0001-avoid-git-version-inclusion-in-debian-packages.patch new file mode 100644 index 0000000..1ed81bf --- /dev/null +++ b/debian/patches/0001-avoid-git-version-inclusion-in-debian-packages.patch @@ -0,0 +1,23 @@ +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Fri, 2 Nov 2018 18:53:10 +0300 +Subject: avoid git version inclusion in debian packages + +--- + m4/knot-version.m4 | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/m4/knot-version.m4 b/m4/knot-version.m4 +index 6e9158d..d4abe1d 100644 +--- a/m4/knot-version.m4 ++++ b/m4/knot-version.m4 +@@ -11,9 +11,6 @@ + ################################################################################ + + m4_define([knot_PATCH], m4_ifblank(knot_VERSION_PATCH, [dev], knot_VERSION_PATCH))dnl +-m4_define([knot_GIT_HASH], m4_esyscmd_s(git rev-parse --short HEAD 2>/dev/null))dnl +-m4_define([knot_GIT_TAG], m4_esyscmd_s(git describe --exact-match 2>/dev/null))dnl + m4_define([knot_TIMESTAMP], m4_esyscmd_s(date -u +'%s' 2>/dev/null))dnl +-m4_define([knot_GIT_INFO], m4_ifblank(knot_GIT_TAG, m4_ifnblank(knot_GIT_HASH, .knot_TIMESTAMP.knot_GIT_HASH, []), []))dnl + +-m4_define([knot_PKG_VERSION], [knot_VERSION_MAJOR.knot_VERSION_MINOR.knot_PATCH]knot_GIT_INFO)dnl ++m4_define([knot_PKG_VERSION], [knot_VERSION_MAJOR.knot_VERSION_MINOR.knot_PATCH])dnl diff --git a/debian/patches/0002-zonefile-Verify-mtime-against-full-precision-timesta.patch b/debian/patches/0002-zonefile-Verify-mtime-against-full-precision-timesta.patch new file mode 100644 index 0000000..fa79f5d --- /dev/null +++ b/debian/patches/0002-zonefile-Verify-mtime-against-full-precision-timesta.patch @@ -0,0 +1,129 @@ +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Fri, 22 Feb 2019 16:05:38 -0500 +Subject: zonefile: Verify mtime against full-precision timestamp + +We've just used 1-second granularity mtime to check if a file has +changed. + +But if two updates happen within a calendar second, and knotd notices +the first one and reloads the file, it might never notice the second +change and continue serving the old file. We can see this happening +in intermittent test suite failures in the debian continuous +integration servers: + + https://ci.debian.net/packages/k/knot/unstable/amd64 + +Using nanosecond-granularity timestamps should make these problems go +away. + +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + src/knot/events/handlers/load.c | 6 ++++-- + src/knot/zone/zone.c | 2 +- + src/knot/zone/zone.h | 2 +- + src/knot/zone/zonedb-load.c | 6 ++++-- + src/knot/zone/zonefile.c | 4 ++-- + src/knot/zone/zonefile.h | 2 +- + 6 files changed, 13 insertions(+), 9 deletions(-) + +diff --git a/src/knot/events/handlers/load.c b/src/knot/events/handlers/load.c +index 7410d30..1f8f368 100644 +--- a/src/knot/events/handlers/load.c ++++ b/src/knot/events/handlers/load.c +@@ -73,10 +73,12 @@ int event_load(conf_t *conf, zone_t *zone) + + // If configured, attempt to load zonefile. + if (zf_from != ZONEFILE_LOAD_NONE) { +- time_t mtime; ++ struct timespec mtime; + char *filename = conf_zonefile(conf, zone->name); + ret = zonefile_exists(filename, &mtime); +- bool zonefile_unchanged = (zone->zonefile.exists && zone->zonefile.mtime == mtime); ++ bool zonefile_unchanged = (zone->zonefile.exists && ++ zone->zonefile.mtime.tv_sec == mtime.tv_sec && ++ zone->zonefile.mtime.tv_nsec == mtime.tv_nsec); + free(filename); + if (ret == KNOT_EOK) { + ret = zone_load_contents(conf, zone->name, &zf_conts); +diff --git a/src/knot/zone/zone.c b/src/knot/zone/zone.c +index efc0caa..0ec29f1 100644 +--- a/src/knot/zone/zone.c ++++ b/src/knot/zone/zone.c +@@ -145,7 +145,7 @@ static int flush_journal(conf_t *conf, zone_t *zone, bool allow_empty_zone) + + /* Update zone file attributes. */ + zone->zonefile.exists = true; +- zone->zonefile.mtime = st.st_mtime; ++ zone->zonefile.mtime = st.st_mtim; + zone->zonefile.serial = serial_to; + zone->zonefile.resigned = false; + +diff --git a/src/knot/zone/zone.h b/src/knot/zone/zone.h +index 360e222..09c92cc 100644 +--- a/src/knot/zone/zone.h ++++ b/src/knot/zone/zone.h +@@ -50,7 +50,7 @@ typedef struct zone + + /*! \brief Zonefile parameters. */ + struct { +- time_t mtime; ++ struct timespec mtime; + uint32_t serial; + bool exists; + bool resigned; +diff --git a/src/knot/zone/zonedb-load.c b/src/knot/zone/zonedb-load.c +index a6e9834..f23b4b1 100644 +--- a/src/knot/zone/zonedb-load.c ++++ b/src/knot/zone/zonedb-load.c +@@ -35,12 +35,14 @@ static bool zone_file_updated(conf_t *conf, const zone_t *old_zone, + assert(zone_name); + + char *zonefile = conf_zonefile(conf, zone_name); +- time_t mtime; ++ struct timespec mtime; + int ret = zonefile_exists(zonefile, &mtime); + free(zonefile); + + return (ret == KNOT_EOK && old_zone != NULL && +- !(old_zone->zonefile.exists && old_zone->zonefile.mtime == mtime)); ++ !(old_zone->zonefile.exists && ++ old_zone->zonefile.mtime.tv_sec == mtime.tv_sec && ++ old_zone->zonefile.mtime.tv_nsec == mtime.tv_nsec)); + } + + static zone_t *create_zone_from(const knot_dname_t *name, server_t *server) +diff --git a/src/knot/zone/zonefile.c b/src/knot/zone/zonefile.c +index 37fc90b..0e02d21 100644 +--- a/src/knot/zone/zonefile.c ++++ b/src/knot/zone/zonefile.c +@@ -248,7 +248,7 @@ fail: + return NULL; + } + +-int zonefile_exists(const char *path, time_t *mtime) ++int zonefile_exists(const char *path, struct timespec *mtime) + { + if (path == NULL) { + return KNOT_EINVAL; +@@ -260,7 +260,7 @@ int zonefile_exists(const char *path, time_t *mtime) + } + + if (mtime != NULL) { +- *mtime = zonefile_st.st_mtime; ++ *mtime = zonefile_st.st_mtim; + } + + return KNOT_EOK; +diff --git a/src/knot/zone/zonefile.h b/src/knot/zone/zonefile.h +index 90283ee..9d0542e 100644 +--- a/src/knot/zone/zonefile.h ++++ b/src/knot/zone/zonefile.h +@@ -79,7 +79,7 @@ zone_contents_t *zonefile_load(zloader_t *loader); + * + * \return KNOT_E* + */ +-int zonefile_exists(const char *path, time_t *mtime); ++int zonefile_exists(const char *path, struct timespec *mtime); + + /*! + * \brief Write zone contents to zone file. diff --git a/debian/patches/0003-correct-kdig-documentation-about-no-crypto.patch b/debian/patches/0003-correct-kdig-documentation-about-no-crypto.patch new file mode 100644 index 0000000..02d2e15 --- /dev/null +++ b/debian/patches/0003-correct-kdig-documentation-about-no-crypto.patch @@ -0,0 +1,39 @@ +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Fri, 4 Jan 2019 15:14:32 -0500 +Subject: correct kdig documentation about +[no]crypto + +kdig displays cryptographic signatures and keys in base64 encoding, +not in hexdump format. + +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + doc/man/kdig.1in | 2 +- + doc/man_kdig.rst | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/doc/man/kdig.1in b/doc/man/kdig.1in +index 8bb2d01..df2fb3c 100644 +--- a/doc/man/kdig.1in ++++ b/doc/man/kdig.1in +@@ -159,7 +159,7 @@ Use the generic representation format when printing resource record types + and data. + .TP + \fB+\fP[\fBno\fP]\fBcrypto\fP +-Display the DNSSEC keys and signatures values in hexdump, instead of omitting them. ++Display the DNSSEC keys and signatures values in base64, instead of omitting them. + .TP + \fB+\fP[\fBno\fP]\fBaaflag\fP + Set the AA flag. +diff --git a/doc/man_kdig.rst b/doc/man_kdig.rst +index c1b3961..7fa2db0 100644 +--- a/doc/man_kdig.rst ++++ b/doc/man_kdig.rst +@@ -138,7 +138,7 @@ Options + and data. + + **+**\ [\ **no**\ ]\ **crypto** +- Display the DNSSEC keys and signatures values in hexdump, instead of omitting them. ++ Display the DNSSEC keys and signatures values in base64, instead of omitting them. + + **+**\ [\ **no**\ ]\ **aaflag** + Set the AA flag. diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..404f14f --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,3 @@ +0001-avoid-git-version-inclusion-in-debian-packages.patch +0002-zonefile-Verify-mtime-against-full-precision-timesta.patch +0003-correct-kdig-documentation-about-no-crypto.patch |