summaryrefslogtreecommitdiffstats
path: root/debian/patches
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/0001-avoid-git-version-inclusion-in-debian-packages.patch23
-rw-r--r--debian/patches/0002-zonefile-Verify-mtime-against-full-precision-timesta.patch129
-rw-r--r--debian/patches/0003-correct-kdig-documentation-about-no-crypto.patch39
-rw-r--r--debian/patches/series3
4 files changed, 194 insertions, 0 deletions
diff --git a/debian/patches/0001-avoid-git-version-inclusion-in-debian-packages.patch b/debian/patches/0001-avoid-git-version-inclusion-in-debian-packages.patch
new file mode 100644
index 0000000..1ed81bf
--- /dev/null
+++ b/debian/patches/0001-avoid-git-version-inclusion-in-debian-packages.patch
@@ -0,0 +1,23 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Fri, 2 Nov 2018 18:53:10 +0300
+Subject: avoid git version inclusion in debian packages
+
+---
+ m4/knot-version.m4 | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/m4/knot-version.m4 b/m4/knot-version.m4
+index 6e9158d..d4abe1d 100644
+--- a/m4/knot-version.m4
++++ b/m4/knot-version.m4
+@@ -11,9 +11,6 @@
+ ################################################################################
+
+ m4_define([knot_PATCH], m4_ifblank(knot_VERSION_PATCH, [dev], knot_VERSION_PATCH))dnl
+-m4_define([knot_GIT_HASH], m4_esyscmd_s(git rev-parse --short HEAD 2>/dev/null))dnl
+-m4_define([knot_GIT_TAG], m4_esyscmd_s(git describe --exact-match 2>/dev/null))dnl
+ m4_define([knot_TIMESTAMP], m4_esyscmd_s(date -u +'%s' 2>/dev/null))dnl
+-m4_define([knot_GIT_INFO], m4_ifblank(knot_GIT_TAG, m4_ifnblank(knot_GIT_HASH, .knot_TIMESTAMP.knot_GIT_HASH, []), []))dnl
+
+-m4_define([knot_PKG_VERSION], [knot_VERSION_MAJOR.knot_VERSION_MINOR.knot_PATCH]knot_GIT_INFO)dnl
++m4_define([knot_PKG_VERSION], [knot_VERSION_MAJOR.knot_VERSION_MINOR.knot_PATCH])dnl
diff --git a/debian/patches/0002-zonefile-Verify-mtime-against-full-precision-timesta.patch b/debian/patches/0002-zonefile-Verify-mtime-against-full-precision-timesta.patch
new file mode 100644
index 0000000..fa79f5d
--- /dev/null
+++ b/debian/patches/0002-zonefile-Verify-mtime-against-full-precision-timesta.patch
@@ -0,0 +1,129 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Fri, 22 Feb 2019 16:05:38 -0500
+Subject: zonefile: Verify mtime against full-precision timestamp
+
+We've just used 1-second granularity mtime to check if a file has
+changed.
+
+But if two updates happen within a calendar second, and knotd notices
+the first one and reloads the file, it might never notice the second
+change and continue serving the old file. We can see this happening
+in intermittent test suite failures in the debian continuous
+integration servers:
+
+ https://ci.debian.net/packages/k/knot/unstable/amd64
+
+Using nanosecond-granularity timestamps should make these problems go
+away.
+
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ src/knot/events/handlers/load.c | 6 ++++--
+ src/knot/zone/zone.c | 2 +-
+ src/knot/zone/zone.h | 2 +-
+ src/knot/zone/zonedb-load.c | 6 ++++--
+ src/knot/zone/zonefile.c | 4 ++--
+ src/knot/zone/zonefile.h | 2 +-
+ 6 files changed, 13 insertions(+), 9 deletions(-)
+
+diff --git a/src/knot/events/handlers/load.c b/src/knot/events/handlers/load.c
+index 7410d30..1f8f368 100644
+--- a/src/knot/events/handlers/load.c
++++ b/src/knot/events/handlers/load.c
+@@ -73,10 +73,12 @@ int event_load(conf_t *conf, zone_t *zone)
+
+ // If configured, attempt to load zonefile.
+ if (zf_from != ZONEFILE_LOAD_NONE) {
+- time_t mtime;
++ struct timespec mtime;
+ char *filename = conf_zonefile(conf, zone->name);
+ ret = zonefile_exists(filename, &mtime);
+- bool zonefile_unchanged = (zone->zonefile.exists && zone->zonefile.mtime == mtime);
++ bool zonefile_unchanged = (zone->zonefile.exists &&
++ zone->zonefile.mtime.tv_sec == mtime.tv_sec &&
++ zone->zonefile.mtime.tv_nsec == mtime.tv_nsec);
+ free(filename);
+ if (ret == KNOT_EOK) {
+ ret = zone_load_contents(conf, zone->name, &zf_conts);
+diff --git a/src/knot/zone/zone.c b/src/knot/zone/zone.c
+index efc0caa..0ec29f1 100644
+--- a/src/knot/zone/zone.c
++++ b/src/knot/zone/zone.c
+@@ -145,7 +145,7 @@ static int flush_journal(conf_t *conf, zone_t *zone, bool allow_empty_zone)
+
+ /* Update zone file attributes. */
+ zone->zonefile.exists = true;
+- zone->zonefile.mtime = st.st_mtime;
++ zone->zonefile.mtime = st.st_mtim;
+ zone->zonefile.serial = serial_to;
+ zone->zonefile.resigned = false;
+
+diff --git a/src/knot/zone/zone.h b/src/knot/zone/zone.h
+index 360e222..09c92cc 100644
+--- a/src/knot/zone/zone.h
++++ b/src/knot/zone/zone.h
+@@ -50,7 +50,7 @@ typedef struct zone
+
+ /*! \brief Zonefile parameters. */
+ struct {
+- time_t mtime;
++ struct timespec mtime;
+ uint32_t serial;
+ bool exists;
+ bool resigned;
+diff --git a/src/knot/zone/zonedb-load.c b/src/knot/zone/zonedb-load.c
+index a6e9834..f23b4b1 100644
+--- a/src/knot/zone/zonedb-load.c
++++ b/src/knot/zone/zonedb-load.c
+@@ -35,12 +35,14 @@ static bool zone_file_updated(conf_t *conf, const zone_t *old_zone,
+ assert(zone_name);
+
+ char *zonefile = conf_zonefile(conf, zone_name);
+- time_t mtime;
++ struct timespec mtime;
+ int ret = zonefile_exists(zonefile, &mtime);
+ free(zonefile);
+
+ return (ret == KNOT_EOK && old_zone != NULL &&
+- !(old_zone->zonefile.exists && old_zone->zonefile.mtime == mtime));
++ !(old_zone->zonefile.exists &&
++ old_zone->zonefile.mtime.tv_sec == mtime.tv_sec &&
++ old_zone->zonefile.mtime.tv_nsec == mtime.tv_nsec));
+ }
+
+ static zone_t *create_zone_from(const knot_dname_t *name, server_t *server)
+diff --git a/src/knot/zone/zonefile.c b/src/knot/zone/zonefile.c
+index 37fc90b..0e02d21 100644
+--- a/src/knot/zone/zonefile.c
++++ b/src/knot/zone/zonefile.c
+@@ -248,7 +248,7 @@ fail:
+ return NULL;
+ }
+
+-int zonefile_exists(const char *path, time_t *mtime)
++int zonefile_exists(const char *path, struct timespec *mtime)
+ {
+ if (path == NULL) {
+ return KNOT_EINVAL;
+@@ -260,7 +260,7 @@ int zonefile_exists(const char *path, time_t *mtime)
+ }
+
+ if (mtime != NULL) {
+- *mtime = zonefile_st.st_mtime;
++ *mtime = zonefile_st.st_mtim;
+ }
+
+ return KNOT_EOK;
+diff --git a/src/knot/zone/zonefile.h b/src/knot/zone/zonefile.h
+index 90283ee..9d0542e 100644
+--- a/src/knot/zone/zonefile.h
++++ b/src/knot/zone/zonefile.h
+@@ -79,7 +79,7 @@ zone_contents_t *zonefile_load(zloader_t *loader);
+ *
+ * \return KNOT_E*
+ */
+-int zonefile_exists(const char *path, time_t *mtime);
++int zonefile_exists(const char *path, struct timespec *mtime);
+
+ /*!
+ * \brief Write zone contents to zone file.
diff --git a/debian/patches/0003-correct-kdig-documentation-about-no-crypto.patch b/debian/patches/0003-correct-kdig-documentation-about-no-crypto.patch
new file mode 100644
index 0000000..02d2e15
--- /dev/null
+++ b/debian/patches/0003-correct-kdig-documentation-about-no-crypto.patch
@@ -0,0 +1,39 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Fri, 4 Jan 2019 15:14:32 -0500
+Subject: correct kdig documentation about +[no]crypto
+
+kdig displays cryptographic signatures and keys in base64 encoding,
+not in hexdump format.
+
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ doc/man/kdig.1in | 2 +-
+ doc/man_kdig.rst | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/doc/man/kdig.1in b/doc/man/kdig.1in
+index 8bb2d01..df2fb3c 100644
+--- a/doc/man/kdig.1in
++++ b/doc/man/kdig.1in
+@@ -159,7 +159,7 @@ Use the generic representation format when printing resource record types
+ and data.
+ .TP
+ \fB+\fP[\fBno\fP]\fBcrypto\fP
+-Display the DNSSEC keys and signatures values in hexdump, instead of omitting them.
++Display the DNSSEC keys and signatures values in base64, instead of omitting them.
+ .TP
+ \fB+\fP[\fBno\fP]\fBaaflag\fP
+ Set the AA flag.
+diff --git a/doc/man_kdig.rst b/doc/man_kdig.rst
+index c1b3961..7fa2db0 100644
+--- a/doc/man_kdig.rst
++++ b/doc/man_kdig.rst
+@@ -138,7 +138,7 @@ Options
+ and data.
+
+ **+**\ [\ **no**\ ]\ **crypto**
+- Display the DNSSEC keys and signatures values in hexdump, instead of omitting them.
++ Display the DNSSEC keys and signatures values in base64, instead of omitting them.
+
+ **+**\ [\ **no**\ ]\ **aaflag**
+ Set the AA flag.
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..404f14f
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,3 @@
+0001-avoid-git-version-inclusion-in-debian-packages.patch
+0002-zonefile-Verify-mtime-against-full-precision-timesta.patch
+0003-correct-kdig-documentation-about-no-crypto.patch