diff options
57 files changed, 3494 insertions, 0 deletions
diff --git a/debian/TODO b/debian/TODO new file mode 100644 index 0000000..41ec2da --- /dev/null +++ b/debian/TODO @@ -0,0 +1,3 @@ + * add more autopkgtest tests + - set up and run an authoritative resolver + - validate the signatures diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..b08fe23 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1676 @@ +knot (3.2.6-1) unstable; urgency=medium + + * New upstream version 3.2.6 + * Remove patch included upstream + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Tue, 04 Apr 2023 13:54:46 +0200 + +knot (3.2.5-2) unstable; urgency=medium + + [ Daniel Salzman ] + * Update d/changelog: wrap long lines and fix typos + * Update d/*NEWS: remove outdated files + * Update d/knot.install: install D-Bus config to /usr/share/dbus-1/system.d/ + * Update d/control: remove inconsistent 'Multi-Arch: same' hinters + * Update d/copyright: update some years + + [ Jakub Ružička ] + * Add upstream patch fixing errors on modules load + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Tue, 28 Feb 2023 18:05:42 +0100 + +knot (3.2.5-1) unstable; urgency=medium + + * New upstream version 3.2.5 + + [ Daniel Salzman ] + * Update d/control: remove dependencies linux-libc-dev and libelf-dev + * Update d/control: update and unify xdp-dependent architecture exceptions + * Update d/libknot.symbols: update symbols files for non-xdp architectures + * Update d/control,rules: switch to external libngtcp2 + * Update d/control: switch from obsolete lsb-base to sysvinit-utils + * Update d/knot.init: fix RUNDIR creation without knot.tmpfiles + * Update d/knot.init: remove explicit knotd configuration specification + to be consistent with knotc + * Update d/knot.postinst: change ownership and permissions for /var/lib/knot, + /etc/knot, and /etc/knot/knot.conf + * Update d/knot.postrm: add missing directories to purge list in postrm script + * Update d/*.symbols: add Build-Depends-Package to libknot and libdnssec + + [ Jakub Ružička ] + * Update Standards-Version to 4.6.2 (no changes) + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Thu, 02 Feb 2023 13:37:42 +0100 + +knot (3.2.4-1) unstable; urgency=medium + + * New upstream version 3.2.4 + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Mon, 12 Dec 2022 11:52:06 +0100 + +knot (3.2.3-1) unstable; urgency=medium + + * New upstream version 3.2.3 + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Mon, 21 Nov 2022 14:31:59 +0100 + +knot (3.2.2-1) unstable; urgency=medium + + * New upstream version 3.2.2 + * Update libknot13.symbols + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Tue, 01 Nov 2022 12:40:19 +0000 + +knot (3.2.1-1) unstable; urgency=medium + + * New upstream version 3.2.1 + - Compatible with libbpf 1.0 (Closes: #1018911) + * Add Build-Depends: libxdp-dev where available + * Remove patch included upstream + * Update libknot13.symbols + * Update knot.service from upstream (Closes: #1019583) + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Mon, 12 Sep 2022 16:06:27 +0000 + +knot (3.2.0-3) unstable; urgency=medium + + * Add Breaks+Replaces for knot-dnssecutils (Closes: #1018944) + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Fri, 02 Sep 2022 13:31:57 +0000 + +knot (3.2.0-2) unstable; urgency=medium + + * Update libknot13 symbols for arches without XDP + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Thu, 01 Sep 2022 15:11:32 +0000 + +knot (3.2.0-1) unstable; urgency=medium + + [ Debian Janitor ] + * Avoid explicitly specifying -Wl,--as-needed linker flag. + * Remove constraints unnecessary since buster + + [ Jakub Ružička ] + * gbp: use upstream/3.2 branch + * Bump SONAMEs: libknot13, libdnssec9 + * New knot-dnssecutils subpackage + * Enable QUIC + * Update debian/copyright + * Sync descriptions with upstream package + * Bump Standards-Version to 4.6.1 + * Add d/patches/0001-tests-xdp-tcp-fix-under-32bit-platform.patch + * Update debian/tests + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Wed, 24 Aug 2022 11:22:33 +0000 + +knot (3.1.8-1) unstable; urgency=medium + + * new upstream version 3.1.8 + + [ Daniel Salzman ] + * d/tests/kdig: make the test more stable by using 1.1.1.1 resolver + * d/tests/kdig: skip the test if no internet access detected + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Thu, 28 Apr 2022 11:40:38 +0000 + +knot (3.1.7-1) unstable; urgency=medium + + * new upstream version 3.1.7 + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Wed, 30 Mar 2022 15:09:49 +0000 + +knot (3.1.6-1) unstable; urgency=medium + + * new upstream version 3.1.6 + * d/knot.install: add dbus config file + * d/copyright: update copyright for 2022 + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Thu, 10 Feb 2022 16:20:00 +0000 + +knot (3.1.5-1) unstable; urgency=medium + + * new upstream version 3.1.5 + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Tue, 04 Jan 2022 14:59:07 +0000 + +knot (3.1.4-1) unstable; urgency=medium + + * new upstream version 3.1.4 + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Thu, 04 Nov 2021 11:27:41 +0000 + +knot (3.1.3-2) unstable; urgency=medium + + * d/tests: add sleep to ensure the server is reloaded + + -- Daniel Salzman <daniel.salzman@nic.cz> Thu, 21 Oct 2021 13:31:44 +0000 + +knot (3.1.3-1) unstable; urgency=medium + + * new upstream version 3.1.3 + + [ Daniel Salzman ] + * tests: remove obsolete test for kasp_json2lmdb + * knot.postinst: fix lintian warning 'maintainer-script-supports-ancient-package-version' + * kasp_json2lmdb: remove unused and obsolete script + * get_kaspdb: remove unused and obsolete script + * get_user: remove unused and obsolete script + * control: remove no-longer-needed python dependencies + * TODO: update + * doc: fix lintian warnings 'embedded-javascript-library' + + [ Libor Peltan ] + * tests: add simple test of DNSSEC and keymgr + + [ Jakub Ružička ] + * d/copyright: add url-parser copyright + * d/control: add Multi-Arch: same to libknot-dev + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Tue, 19 Oct 2021 12:02:30 +0000 + +knot (3.1.2-1) unstable; urgency=medium + + * new upstream version 3.1.2 + * d/copyright: sync with upstream + * d/knot.maintscript: remove obsolete maintscript + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Wed, 08 Sep 2021 15:41:04 +0000 + +knot (3.1.1-6) unstable; urgency=medium + + * Source-only upload (try #2) + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Wed, 01 Sep 2021 22:44:55 +0000 + +knot (3.1.1-5) unstable; urgency=medium + + * Source-only upload to allow migration + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Wed, 01 Sep 2021 11:22:33 +0000 + +knot (3.1.1-4) unstable; urgency=medium + + * Upload to unstable + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Tue, 31 Aug 2021 13:13:13 +0000 + +knot (3.1.1-3) experimental; urgency=medium + + * Bump min symbol versions to 3.1.1 + * d/control: bump Standards-Version to 4.6.0 + * d/control: don't require libmnl-dev on archs without XDP + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Wed, 25 Aug 2021 10:42:42 +0000 + +knot (3.1.1-2) experimental; urgency=medium + + * Remove XDP-specific symbols from unsupported archs + * d/control: improve Multi-Arch hints + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Tue, 24 Aug 2021 11:11:11 +0000 + +knot (3.1.1-1) experimental; urgency=medium + + * new upstream version 3.1.1 + * d/tests: replace `which` with `command -v` + * d/knot.service: sync upstream improvements + * d/control: update Build-Depends + * Bump SONAMEs: libknot12, libzscanner4 + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Tue, 17 Aug 2021 16:20:00 +0000 + +knot (3.0.5-1) unstable; urgency=medium + + * new upstream version 3.0.5 + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Thu, 25 Mar 2021 13:37:00 +0100 + +knot (3.0.4-2) unstable; urgency=medium + + * Team upload. + * Source-only upload to allow migration. + + -- Santiago Ruano Rincón <santiago@debian.org> Thu, 04 Feb 2021 10:40:06 +0100 + +knot (3.0.4-1) unstable; urgency=medium + + * new upstream version 3.0.4 + - Fix segfault when generating new DNSSEC keys on duplicated zones + (Closes: #977101) + * move dnstap module to subpackage + * move geoip module to subpackage + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Thu, 21 Jan 2021 15:51:41 +0000 + +knot (3.0.3-1) unstable; urgency=medium + + [ Jakub Ružička ] + * new upstream version 3.0.3 + * d/patches: remove makefile patch included upstream + + [ Daniel Salzman ] + * Improve XDP mode activation + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Tue, 15 Dec 2020 07:08:10 -0500 + +knot (3.0.2-3) unstable; urgency=medium + + * Team upload. + * Disable xdp on armel. Create d/libknot11.symbols.armel accordingly. + * Disable fastparser on sh4. + * Add d/patches/0001-xdp-rework-Makefile.am-to-avoid-make-distcheck-issue.patch + (Closes: #973815) + * Remove build-deps not available on hurd and kfreebsds: libbpf-dev, + libelf-dev linux-libc-dev. Create symbols files accordingly. + + -- Santiago Ruano Rincón <santiago@debian.org> Thu, 10 Dec 2020 21:59:10 +0100 + +knot (3.0.2-2) unstable; urgency=low + + * Team upload. + * Add debian/salsa-ci.yml. + * d/tests/kdig: Add a fallback option to query on port 443 when 853 is + unreachable. + * Bump Standards-Version to 4.5.1. No changes needed + * Bump d/watch version to 4. No changes needed, but makes lintian happier + * Bump debhelper-compat to 13 + + -- Santiago Ruano Rincón <santiago@debian.org> Mon, 07 Dec 2020 16:00:37 +0100 + +knot (3.0.2-1) experimental; urgency=medium + + * New upstream version 3.0.2 + * debian/libknot11.symbols: add 2 new symbols + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Thu, 12 Nov 2020 09:46:41 -0500 + +knot (3.0.1-1) experimental; urgency=medium + + * New upstream version 3.0.1 + * Bump SONAMEs: libknot11, libdnssec8 + * debian/*.symbols: update symbols + * debian/*.install: add new files + * debian/docs: README is now README.md + * debian/knot.service: update from upstream + * debian/copyright: remove obsolete lmdb entry + * debian/control: update knot-dnsutils description + * debian/control: add build deps for XDP support + * debian/control: add build dep for DoH support + * debian/control: add myself to Uploaders + * debian/gbp.conf: use new upstream/3.0 branch + * debian/gbp.conf: use debian/experimental branch + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Thu, 22 Oct 2020 08:56:49 -0400 + +knot (2.9.6-1) unstable; urgency=medium + + * New upstream version 2.9.6 + + -- Jakub Ružička <jakub.ruzicka@nic.cz> Tue, 01 Sep 2020 16:30:41 +0200 + +knot (2.9.5-1) unstable; urgency=medium + + * New upstream version 2.9.5 (Closes: #961075) + + -- Robert Edmonds <edmonds@debian.org> Mon, 25 May 2020 23:16:17 -0400 + +knot (2.9.3-1) unstable; urgency=medium + + * new upstream version + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 05 Mar 2020 18:22:48 -0500 + +knot (2.9.2-5) unstable; urgency=medium + + * move Vcs-Git back to debian/master, since we are not in experimental + any more + * wrap-and-sort -ast + * move kzonecheck into knot-dnsutils (Closes: #925035) + * drop unnecessary empty plugin directory (fixed upstream) + * debhelper: bump to dh 12 + * include ${misc:Pre-Depends} for knot, to resolve + skip-systemd-native-flag-missing-pre-depends + * clean up .pybuild/ as well + * drop dbgsym migration + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 28 Feb 2020 17:53:33 -0500 + +knot (2.9.2-4) unstable; urgency=medium + + [ Robert Edmonds ] + * debian/control: Add ">= 5.1" version for python3-yaml build dependency (Closes: #949931) + + [ Ondřej Surý ] + * Upload to unstable + + -- Ondřej Surý <ondrej@debian.org> Fri, 21 Feb 2020 11:51:46 +0100 + +knot (2.9.2-3) experimental; urgency=medium + + * debian/rules: Run pybuild's configure step in + override_dh_auto_configure-indep + + -- Robert Edmonds <edmonds@debian.org> Sun, 26 Jan 2020 16:31:16 -0500 + +knot (2.9.2-2) experimental; urgency=medium + + * Build a python3-libknot package containing the libknot Python bindings + (Closes: #913701) + + -- Robert Edmonds <edmonds@debian.org> Sat, 25 Jan 2020 15:51:36 -0500 + +knot (2.9.2-1) experimental; urgency=medium + + * New upstream version 2.9.2 + + [ Daniel Kahn Gillmor ] + * d/control, d/gbp.conf: pointing to DEP-14 debian/experimental branch + (revert before releasing to unstable!) + + [ Robert Edmonds ] + * debian/gbp.conf: Set "upstream-branch = upstream/2.9" + * debian/patches/0002-zonefile-Verify-mtime-against-full-precision- + timesta.patch: Remove, applied upstream + * Bump SONAMEs: libknot10, libdnssec7, libzscanner3 + * debian/control: Drop Replaces/Breaks on knot-libs (<< 2.0.1-4) + * debian/control: Drop obsolete Replaces/Breaks on old library packages + * debian/rules: Set environment variable KNOT_VERSION_FORMAT=release + * debian/patches/0001-avoid-git-version-inclusion-in-debian- + packages.patch: Remove + * debian/*.symbols: Update symbol files for added/removed symbols in new + library SONAMEs + * debian/*.symbols: Bump minimum versions to 2.9.2 for all symbols + * debian/copyright: Fix path to src/contrib/vpool/* files + * debian/knot-doc.doc-base: Remove PDF registration + + -- Robert Edmonds <edmonds@debian.org> Fri, 24 Jan 2020 22:36:09 -0500 + +knot (2.7.8-1) unstable; urgency=medium + + * New upstream version 2.7.8 + + [ Daniel Salzman ] + * Remove resolved lintian-overrides + * Don't require libcap-ng-dev on kfreebsd-i386, kfreebsd-amd64, and + hurd-i386 + * Update copyright (Closes: #925905) + * Fix typo in copyright + * Don't include pdf to doc package + * Fix unsafe usage of yaml.load() (Closes: #933917) + + [ Diederik de Haas ] + * Remove knslookup from description as it is not provided. + + [ Santiago Ruano Rincón ] + * Revert changes about excluding pdf files in distro/deb/rules, moving + them to debian/rules (Closes: #933285) + + [ Robert Edmonds ] + * debian/gbp.conf: Set "upstream-branch = upstream/2.7" + * debian/gbp.conf: [import-orig] Also filter config.guess, config.sub + * debian/patches/0003-correct-kdig-documentation-about-no-crypto.patch: + Remove, applied upstream + * debian/control: Add myself to Uploaders + * debian/control: Bump Standards-Version to 4.5.0 (no changes) + * debian/copyright: Fix path to src/libdnssec/contrib/vpool/ files + + -- Robert Edmonds <edmonds@debian.org> Fri, 24 Jan 2020 19:48:01 -0500 + +knot (2.7.6-2) unstable; urgency=medium + + * add libsofthsm2 when testing for libdnssec/test_keystore_pkcs11 + * Check fine-grained timestamps on zonefiles. + * Correct documentation about key formats + * Standards-Version: bump to 4.3.0 (no changes needed) + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 22 Feb 2019 16:51:08 -0500 + +knot (2.7.6-1) unstable; urgency=medium + + * new upstream release + + -- Ondřej Surý <ondrej@debian.org> Fri, 08 Feb 2019 12:53:57 +0000 + +knot (2.7.4-1) unstable; urgency=medium + + * new upstream release + * drop patch applied upstream + * d/upstream/signing-key.asc: minimize OpenPGP certificate + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 14 Nov 2018 01:16:27 -0500 + +knot (2.7.3-3) unstable; urgency=medium + + * update build-deps and autopkgtest deps + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 08 Nov 2018 08:39:43 +0700 + +knot (2.7.3-2) unstable; urgency=medium + + * postinst: use runuser instead of su for safety and simplicity + * fix get_kaspdb and test it against shipped config (Closes: #912210) + * added Build-Depends-Package: libknot-dev to symbols files + * cleaner diffs: put dh args on separate lines + * added authoritative nameserver autopkgtest + * Avoid including git version in debian packages + * fix broken python + * fix up get_user + * autopkgtest: test upgrade/conversion tooling + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 07 Nov 2018 22:55:37 +0700 + +knot (2.7.3-1) unstable; urgency=medium + + * new upstream release + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 15 Oct 2018 17:21:51 -0400 + +knot (2.7.2-2) unstable; urgency=medium + + * d/rules: try moving DEB_HOST_ARCH check for -latomic + * mips and powerpc both appear to build fine without -latomic + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Aug 2018 16:07:02 -0400 + +knot (2.7.2-1) unstable; urgency=medium + + * new upstream release + * try to fix up architecture selection + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Aug 2018 10:34:56 -0400 + +knot (2.7.1-3) unstable; urgency=medium + + [ Daniel Salzman ] + * remove obsolete dependency libjansson-dev + * remove obsolete --with-bash-completions + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 27 Aug 2018 19:18:20 -0400 + +knot (2.7.1-2) unstable; urgency=medium + + * Standards-Version: bump to 4.2.1 (no changes needed) + * add -latomic to riscv64 arch as well + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 27 Aug 2018 19:06:08 -0400 + +knot (2.7.1-1) unstable; urgency=medium + + * new upstream release + * SONAME bumps: move to libknot8, libdnssec6, and libzscanner2 + * adopted pykeymgr from upstream, renaming to + /usr/lib/knot/kasp_json2lmdb + * ship manpages with dh_installman + * kjournalprint is now a shipped as a system administration utility + * avoid more autogened files on package import + * drop THANKS, no longer shipped upstream + * update symbols files + * Standards-Version: bump to 4.2.0 (no changes needed) + * clean up kdns-utils description + * added libcap-ng to build-deps + * move to libidn2 + * d/copyright: correct license of TAP sources + * added build-dep on libmaxminddb-dev for GeoIP module + * Only conditionally add -latomic based on the platform + * record notes about dynamic modules instead of static modules + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 24 Aug 2018 18:02:44 -0400 + +knot (2.6.8-2) unstable; urgency=medium + + * d/knot.NEWS: fix spelling (thanks, Lintian!) + * refresh patches + * Standards-Version: bump to 4.1.5 (no changes needed) + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 10 Jul 2018 16:14:48 -0400 + +knot (2.6.8-1) unstable; urgency=medium + + * New upstream version 2.6.8 + + -- Daniel Salzman <daniel.salzman@nic.cz> Tue, 10 Jul 2018 16:23:19 +0200 + +knot (2.6.7-2) unstable; urgency=medium + + * use knot@packages.debian.org as Maintainer (Closes: #899825) + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 24 May 2018 16:00:33 -0400 + +knot (2.6.7-1) unstable; urgency=medium + + * New upstream version 2.6.7 + + -- Daniel Salzman <daniel.salzman@nic.cz> Thu, 17 May 2018 13:18:22 +0200 + +knot (2.6.6-2) unstable; urgency=medium + + [ Daniel Salzman ] + * Remove already included patches + * Add new symbol to libknot7.symbols + * Update changelog for 2.6.6-1 release + + [ Daniel Kahn Gillmor ] + * standards-version: bump to 4.1.4 (no changes needed) + * clean up libknot7.symbols + * prepare debian release + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 23 Apr 2018 02:07:36 -0400 + +knot (2.6.5-3) unstable; urgency=medium + + * accept suggestions from the Multiarch hinter + * d/tests/control: rely on ca-certificates to validate the + DNS-over-TLS cert + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 25 Feb 2018 15:49:46 -0800 + +knot (2.6.5-2) unstable; urgency=medium + + * re-ship /usr/lib/$(DEB_HOST_MULTIARCH)/knot" (Closes: #891319) + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 25 Feb 2018 10:17:49 -0800 + +knot (2.6.5-1) unstable; urgency=medium + + * new upstream release + + [ Daniel Salzman ] + * Update uploaders and dependencies in the control file + * Downgrade 'Recommends' to 'Suggests' for systemd + * Update upstream signing key + + [ Daniel Kahn Gillmor ] + * wrap-and-sort -ast + * add myself to uploaders + * move to debhelper 11 + * Standards-Version: 4.1.3 (no changes needed) + * build-depend on python3-sphinx instead of python-sphinx + * d/gbp.conf: clean up, use DEP-14 + * dh11: apply --fail-missing only to dh_missing + * remove doc/modules symlink on clean + * Use python3 instead of python2 for helper functions + * use python3 for pykeymgr + * move knot from python 2 to python 3 + * Move python3-lmdb to Recommends + * d/TODO: note future debian packaging work + * knot-doc: use system jquery and underscore javascript + * include upstream VCS in git history + * d/control: add Rules-Requires-Root: no + * d/changelog: strip trailing whitespace + * ship upstream ChangeLog + * d/copyright: drop hat-trie, removed upstream + * d/*.NEWS: stop using asterisks + * stop declaring unnecessary dirs + * stop shipping /usr/lib/$(DEB_HOST_MULTIARCH)/knot + * add doc-base entry for knot-doc + * d/gbp.conf: improve cleanup during import-orig + * fix spelling errors in manpages + * info: fix direntry and category + * add really simple autopkgtest + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 22 Feb 2018 23:38:33 -0800 + +knot (2.6.4-1) unstable; urgency=medium + + * Update Vcs-* links to salsa.d.o + * New upstream version 2.6.4 + + -- Ondřej Surý <ondrej@debian.org> Thu, 04 Jan 2018 15:02:46 +0000 + +knot (2.6.3-1) unstable; urgency=medium + + * New upstream version 2.6.3 + + -- Ondřej Surý <ondrej@debian.org> Fri, 24 Nov 2017 15:33:43 +0000 + +knot (2.6.1-2) unstable; urgency=medium + + * Add Breaks/Replaces for libdnssec5/libknot7 to remedy botched 2.6.0-1 + upload (Closes: #881638) + + -- Ondřej Surý <ondrej@debian.org> Mon, 13 Nov 2017 19:58:35 +0000 + +knot (2.6.1-1) unstable; urgency=medium + + * New upstream version 2.6.1 + * Remove upstream patch for disabling TCP Fastopen + + -- Ondřej Surý <ondrej@debian.org> Sun, 12 Nov 2017 03:11:26 +0000 + +knot (2.6.0-3) unstable; urgency=medium + + * kdig: disable TCP Fastopen by default as it breaks TLS connection + (Closes: #879079) + + -- Ondřej Surý <ondrej@debian.org> Thu, 19 Oct 2017 08:22:18 +0000 + +knot (2.6.0-2) unstable; urgency=medium + + [ John Bond ] + * fix get_kasp and get_user to support unquoted ipv6 addresses + + -- Ondřej Surý <ondrej@debian.org> Thu, 05 Oct 2017 13:08:26 +0000 + +knot (2.6.0-1) unstable; urgency=medium + + * New upstream version 2.6.0 + * Enable strict symbols checking + * Bump libknot 6->7 and libdnssec 4->5 SONAMEs and update symbols files + + -- Ondřej Surý <ondrej@debian.org> Fri, 29 Sep 2017 19:46:41 +0200 + +knot (2.5.4-2) unstable; urgency=medium + + * Drop conflicting links to dig, nsupdate and host (Closes: #741645) + * Build-Depend on latexmk (Closes: #872203) + + -- Ondřej Surý <ondrej@debian.org> Mon, 18 Sep 2017 07:11:39 +0200 + +knot (2.5.4-1) unstable; urgency=medium + + * New upstream version 2.5.4 + + -- Ondřej Surý <ondrej@debian.org> Fri, 01 Sep 2017 09:03:02 +0200 + +knot (2.5.3-3) unstable; urgency=medium + + * Simple rebuild to make knot-doc arch:all again. + + -- Ondřej Surý <ondrej@debian.org> Wed, 26 Jul 2017 14:41:26 +0200 + +knot (2.5.3-2) unstable; urgency=medium + + * Disable dh-exec usage as #831786 breaks dh_install --fail-missing + (Closes: #869199) + + -- Ondřej Surý <ondrej@debian.org> Mon, 24 Jul 2017 10:26:09 +0200 + +knot (2.5.3-1) unstable; urgency=medium + + * New upstream version 2.5.3 + + -- Ondřej Surý <ondrej@debian.org> Sat, 15 Jul 2017 07:26:12 +0200 + +knot (2.5.2-1) unstable; urgency=medium + + * New upstream version 2.5.2 + * Remove all patches merged upstream + + -- Ondřej Surý <ondrej@debian.org> Fri, 23 Jun 2017 11:46:34 +0200 + +knot (2.5.1-4) unstable; urgency=medium + + * Create the modules M-A directory to workaround the bug that fails to + start knot when modules directory is missing + + -- Ondřej Surý <ondrej@debian.org> Thu, 15 Jun 2017 11:32:09 +0200 + +knot (2.5.1-3) unstable; urgency=medium + + * Enable dnstap module and set default moduledir to multiarch path + + -- Ondřej Surý <ondrej@debian.org> Thu, 15 Jun 2017 08:32:34 +0200 + +knot (2.5.1-2) unstable; urgency=medium + + * Explicitly exclude example.com.zone to support older debhelpers + * Add patch to fix duplicate section merging in the config + + -- Ondřej Surý <ondrej@debian.org> Fri, 09 Jun 2017 13:47:17 +0200 + +knot (2.5.1-1) unstable; urgency=medium + + * New upstream version 2.5.1 + * Remove upstream patches released as Knot DNS 2.5.1 + + -- Ondřej Surý <ondrej@debian.org> Wed, 07 Jun 2017 16:04:16 +0200 + +knot (2.5.0-2) unstable; urgency=medium + + * Add upstream patches to fix old DNSSEC installations + * Skip already converted kasp-db directories + * Install pykeymgr from upstream tarball + + -- Ondřej Surý <ondrej@debian.org> Wed, 07 Jun 2017 14:20:38 +0200 + +knot (2.5.0-1) unstable; urgency=medium + + * New upstream version 2.5.0 + * Update maintscript to use dh-exec and remove obsolete cruft + * Bump the package names for libknot and libdnssec to match new + SOVERSIONs + * Simplify d/rules overrides + * Remove not-installed files from d/*.install + * Install local copy of pykeymgr (not included in the source + distribution) + * Add python-lmdb for pykeymgr migration utility + + -- Ondřej Surý <ondrej@debian.org> Wed, 07 Jun 2017 11:03:22 +0200 + +knot (2.4.3-1) unstable; urgency=medium + + * New upstream version 2.4.3 + + -- Ondřej Surý <ondrej@debian.org> Tue, 11 Apr 2017 21:17:47 +0200 + +knot (2.4.2-1) unstable; urgency=medium + + * New upstream version 2.4.2 + + -- Ondřej Surý <ondrej@debian.org> Thu, 23 Mar 2017 11:47:52 +0100 + +knot (2.4.1-2) unstable; urgency=medium + + * Enable dnstap module + + -- Ondřej Surý <ondrej@debian.org> Mon, 27 Feb 2017 11:35:15 +0100 + +knot (2.4.1-1) unstable; urgency=medium + + * New upstream version 2.4.1 + + -- Ondřej Surý <ondrej@debian.org> Fri, 10 Feb 2017 13:54:24 +0100 + +knot (2.4.0-3) unstable; urgency=medium + + * Fix timeout call syntax in dh_auto_test invocation + + -- Ondřej Surý <ondrej@debian.org> Wed, 25 Jan 2017 15:10:04 +0100 + +knot (2.4.0-2) unstable; urgency=medium + + * Add -latomic to LDFLAGS to fix FTBFS on platforms that need it + + -- Ondřej Surý <ondrej@debian.org> Mon, 23 Jan 2017 11:41:59 +0100 + +knot (2.4.0-1) unstable; urgency=medium + + * Fix gbp.conf to be readable by git config --file debian/gbp.conf on Jessie + * New upstream version 2.4.0 + * Bump libknot SONAME 4->5 + * Update symbols files for 2.4.0 release + + -- Ondřej Surý <ondrej@debian.org> Fri, 20 Jan 2017 12:15:30 +0100 + +knot (2.3.3-1) unstable; urgency=medium + + [ Daniel Kahn Gillmor ] + * Use secure URLs where possible + * Clean up debian/copyright. + * Drop duplicate Source: lines (clears lintian binary-control-field-duplicates-source) + * Avoid using asterisk in NEWS (clears lintian debian-news-entry-uses-asterisk) + * Knot needs a dependency on lsb-base (clears lintian init.d-script-needs-depends-on-lsb-base) + * Filter auto-reconfed files out during future gbp import-orig operations + * debian/control: clean up Description: lines + * Added Documentation= to knot.service + + [ Ondřej Surý ] + * Imported Upstream version 2.3.3 + * Add kjournalprint to knot package + + -- Ondřej Surý <ondrej@debian.org> Thu, 08 Dec 2016 14:49:31 +0100 + +knot (2.3.2-1) unstable; urgency=medium + + * Imported Upstream version 2.3.2 + * Add new symbols to libknot4.symbols + + -- Ondřej Surý <ondrej@debian.org> Fri, 04 Nov 2016 11:31:33 +0100 + +knot (2.3.1-1) unstable; urgency=medium + + * Imported Upstream version 2.3.1 + * Bump libknot3 to libknot4 + * kzonecheck was moved to /usr/bin + + -- Ondřej Surý <ondrej@debian.org> Mon, 10 Oct 2016 12:01:41 +0200 + +knot (2.3.0-4) unstable; urgency=medium + + * Don't fail if there's no knot user defined + * Don't list explicit -c or -C path and let daemon figure it out + + -- Ondřej Surý <ondrej@debian.org> Thu, 15 Sep 2016 12:44:57 +0200 + +knot (2.3.0-3) unstable; urgency=medium + + * Ignore the test results if they don't finish within 5 minutes + * Correctly break/replace libzscanner0 that contained libzscanner.so.1 + + -- Ondřej Surý <ondrej@debian.org> Thu, 11 Aug 2016 08:49:25 +0200 + +knot (2.3.0-2) unstable; urgency=medium + + * Move examples to knot-doc package (fix arch-only FTBFS) + + -- Ondřej Surý <ondrej@debian.org> Wed, 10 Aug 2016 10:17:17 +0200 + +knot (2.3.0-1) unstable; urgency=medium + + * Imported Upstream version 2.3.0 + + Zone size limit restriction for DDNS, AXFR, and IXFR (CVE-2016-6171) + (Closes: #830809) + * Restructure d/rules so dh_install --fail-missing works again + * Upstream bumped SOVERSION to libknot3, libdnssec2 and libzscanner1 + + -- Ondřej Surý <ondrej@debian.org> Wed, 10 Aug 2016 09:16:35 +0200 + +knot (2.2.1-2) unstable; urgency=high + + * Add texlive-generic-extra to B-D for missing iftex.sty + (Closes: #829428) + + -- Ondřej Surý <ondrej@debian.org> Mon, 11 Jul 2016 11:47:34 +0200 + +knot (2.2.1-1) unstable; urgency=medium + + * Imported Upstream version 2.2.1 + + -- Ondřej Surý <ondrej@debian.org> Tue, 24 May 2016 17:48:16 +0200 + +knot (2.2.0-3) unstable; urgency=medium + + * knotc checkconf is not knotc conf-check (Closes: #823574) + + -- Ondřej Surý <ondrej@debian.org> Fri, 20 May 2016 14:22:11 +0200 + +knot (2.2.0-2) unstable; urgency=medium + + * Do dbgsym migration of debug symbols + + -- Ondřej Surý <ondrej@debian.org> Wed, 27 Apr 2016 17:43:59 +0200 + +knot (2.2.0-1) unstable; urgency=medium + + * confdb should be in /var/lib/knot/ by default + * Imported Upstream version 2.2.0 + * Add libedit-dev to Build-Depends + + -- Ondřej Surý <ondrej@debian.org> Wed, 27 Apr 2016 10:10:10 +0200 + +knot (2.1.1-2) unstable; urgency=medium + + * Add python to Depends and run wrap-and-sort -a + * Parse correct /etc/default/knot instead of /etc/default/knotd + + -- Ondřej Surý <ondrej@debian.org> Fri, 15 Apr 2016 17:18:02 +0200 + +knot (2.1.1-1) unstable; urgency=medium + + * Imported Upstream version 2.1.1 + + -- Ondřej Surý <ondrej@debian.org> Wed, 10 Feb 2016 20:01:44 +0100 + +knot (2.1.0-3) unstable; urgency=medium + + * Add small python helper programs to get values from knot.conf + + -- Ondřej Surý <ondrej@debian.org> Mon, 25 Jan 2016 12:44:00 +0100 + +knot (2.1.0-2) unstable; urgency=medium + + * Revert "Run keymgr init on every upgrade (just to be sure it happens)" + * Add support for relative directories in kasp-db + + -- Ondřej Surý <ondrej@debian.org> Thu, 14 Jan 2016 11:46:35 +0100 + +knot (2.1.0-1) unstable; urgency=medium + + * Set knot user home directory to /var/lib/knot + * Imported Upstream version 2.1.0 + * Run keymgr init on every upgrade (just to be sure it happens) + + -- Ondřej Surý <ondrej@debian.org> Thu, 14 Jan 2016 10:55:26 +0100 + +knot (2.1.0~rc1-55-gf227348-1) unstable; urgency=medium + + * Add libgnutls28-dev and libjansson-dev as dependencies to libknot-dev + to satisfy pkg-config requirements + * Imported Upstream version 2.1.0~rc1-55-gf227348 + * Automatically upgrade all KASP databases found in the configuration + and restart the server afterwards when upgrading from 2.0.x to 2.1.x + + -- Ondřej Surý <ondrej@debian.org> Wed, 13 Jan 2016 14:03:17 +0100 + +knot (2.1.0~rc1-52-gd80ce77-1) unstable; urgency=medium + + * Imported Upstream version 2.1.0~rc1-52-gd80ce77 + + -- Ondřej Surý <ondrej@debian.org> Tue, 12 Jan 2016 16:56:12 +0100 + +knot (2.0.2-1) unstable; urgency=medium + + * Imported Upstream version 2.0.2 + * Delete d/p/series as we carry no patches + + -- Ondřej Surý <ondrej@debian.org> Tue, 24 Nov 2015 19:59:56 +0100 + +knot (2.0.1-4) unstable; urgency=medium + + * Split knot-libs into individual library packages + * Add knot.default file and use it from systemd and init.d scripts + + -- Ondřej Surý <ondrej@debian.org> Mon, 05 Oct 2015 20:34:02 +0200 + +knot (2.0.1-3) unstable; urgency=medium + + * The upstart conffile ends with .conf, fix the stale conffile removal + + -- Ondřej Surý <ondrej@debian.org> Mon, 21 Sep 2015 13:54:42 +0200 + +knot (2.0.1-2) unstable; urgency=medium + + * Compile the production version with NDEBUG + * Remove stale upstart init script via dpkg-maintscript-helper rm_config + + -- Ondřej Surý <ondrej@debian.org> Mon, 14 Sep 2015 13:41:29 +0200 + +knot (2.0.1-1) unstable; urgency=medium + + * Imported Upstream version 2.0.1 + * Fix the do_tmpfiles() in sysvrc script (Courtesy of Daniel Baumann) + (Closes: #796921) + * Disable -pedantic as it causes errors to be thrown in the tests + + -- Ondřej Surý <ondrej@debian.org> Thu, 03 Sep 2015 10:56:16 +0200 + +knot (2.0.0-1+0) unstable; urgency=medium + + * Bump the version to workaround ~exp* higher than ~bpo* + + -- Ondřej Surý <ondrej@debian.org> Mon, 17 Aug 2015 15:05:37 +0200 + +knot (2.0.0-1) unstable; urgency=medium + + * New upstream version 2.0.0 + + Bugfixes: + - Fix lost NOTIFY message if received during zone transfer + - Disable fast zone parser when compiled in Clang (workaround for Clang bug) + - kdig: Record correct dnstap SocketProtocol when retrying over TCP + - kdig: Hide TSIG section with +noall + - Do not set AA flag for AXFR/IXFR queries + + Features: + - DNSSEC: separate library, switch to GnuTLS, new utilities + - DNSSEC: basic KASP support (generate initial keys, ZSK rollover) + - Configuration: New text format in YAML, binary store in LMDB + - Zone parser: Split long TXT/SPF strings into multiple strings + - kdig: Add generic dump style option (+generic) + - Try all master servers in multi-master environment + - Improved remotes and ACLs (multiple addresses, multiple keys) + - Basic support for zone file patterns (%s to substitute zone name) + - Disable zone file synchronization by setting 'zonefile_sync' to '-1' + - knsupdate: Add input prompt in interactive mode and 'quit' command + - knsupdate: Allow TSIG algorithm specification in interactive prompt + + Improvements: + - Zone dump: Do not write class for SOA record (unified with other RR types) + - Zone dump: Do not write master server address into the zone file + - Documentation: Manual pages are included in HTML and PDF + * Install knot1to2 configuration file conversion tool + * Automatically convert knot.conf with some safety-checks + * Add note about the conversion to debian/knot.NEWS + * Make the build libsystem-{daemon,journal}-dev friendly to allow Ubuntu + and backported builds + + -- Ondřej Surý <ondrej@debian.org> Mon, 17 Aug 2015 11:56:43 +0200 + +knot (2.0.0-1~exp2) experimental; urgency=medium + + * Update prepare-environment to match the new config file syntax + + -- Ondřej Surý <ondrej@debian.org> Thu, 30 Jul 2015 09:26:52 +0200 + +knot (2.0.0-1~exp1) experimental; urgency=medium + + * New upstream version 2.0.0 + + Bugfixes: + - Fix lost NOTIFY message if received during zone transfer + - Disable fast zone parser when compiled in Clang (workaround for Clang bug) + - kdig: Record correct dnstap SocketProtocol when retrying over TCP + - kdig: Hide TSIG section with +noall + - Do not set AA flag for AXFR/IXFR queries + + Features: + - DNSSEC: separate library, switch to GnuTLS, new utilities + - DNSSEC: basic KASP support (generate initial keys, ZSK rollover) + - Configuration: New text format in YAML, binary store in LMDB + - Zone parser: Split long TXT/SPF strings into multiple strings + - kdig: Add generic dump style option (+generic) + - Try all master servers in multi-master environment + - Improved remotes and ACLs (multiple addresses, multiple keys) + - Basic support for zone file patterns (%s to substitute zone name) + - Disable zone file synchronization by setting 'zonefile_sync' to '-1' + - knsupdate: Add input prompt in interactive mode and 'quit' command + - knsupdate: Allow TSIG algorithm specification in interactive prompt + + Improvements: + - Zone dump: Do not write class for SOA record (unified with other RR types) + - Zone dump: Do not write master server address into the zone file + - Documentation: Manual pages are included in HTML and PDF + * Install knot1to2 configuration file conversion tool + * Automatically convert knot.conf with some safety-checks + * Add note about the conversion to debian/knot.NEWS + * Make the build libsystem-{daemon,journal}-dev friendly to allow Ubuntu + and backported builds + + -- Ondřej Surý <ondrej@debian.org> Mon, 29 Jun 2015 10:40:45 +0200 + +knot (1.6.1-1) unstable; urgency=medium + + * New upstream version 1.6.1 + + -- Ondřej Surý <ondrej@debian.org> Tue, 30 Dec 2014 09:50:54 +0100 + +knot (1.6.0-1) unstable; urgency=medium + + * New upstream version 1.6.0 + * Switch to network-online.target to mitigate some network not-yet-ready races + * Recommend systemd due journald enabled logging (Closes: #766596) + + -- Ondřej Surý <ondrej@debian.org> Fri, 24 Oct 2014 12:41:32 +0200 + +knot (1.6.0~rc2-1) unstable; urgency=medium + + * New upstream version 1.6.0~rc2 + * Update patches for 1.6.0~rc2 release + + -- Ondřej Surý <ondrej@debian.org> Fri, 17 Oct 2014 17:32:30 +0200 + +knot (1.6.0~rc1-1) unstable; urgency=medium + + * New upstream version 1.6.0~rc1 + * Knot needs lmdb for persistent timers + + -- Ondřej Surý <ondrej@debian.org> Mon, 13 Oct 2014 23:06:56 +0200 + +knot (1.5.3-1) unstable; urgency=medium + + * Move knot-libs to Section: net (Closes: #760795) + * New upstream version 1.5.3 + + -- Ondřej Surý <ondrej@debian.org> Mon, 15 Sep 2014 17:00:08 +0200 + +knot (1.5.2-1) unstable; urgency=high + + * Update Vcs-Urls to point to anonscm.debian.org + * New upstream version 1.5.2 + + [CVE-2014-0486]: Fixed remote crash with crafted DNS message + * Update patches for 1.5.2 release + + -- Ondřej Surý <ondrej@debian.org> Mon, 08 Sep 2014 11:11:56 +0200 + +knot (1.5.1-3) unstable; urgency=high + + * More arch/indep build rules splitting to fix binary-arch-only builds + * Add lintian override to override warning about internal libraries in + knot-libs + + -- Ondřej Surý <ondrej@debian.org> Tue, 26 Aug 2014 09:43:05 +0200 + +knot (1.5.1-2) unstable; urgency=medium + + * Enable full hardening via debhelper >= 9 + * Enable IDN in knot-dnsutils and knot-host packages + * Enable systemd libraries only on linux-any + * Split arch and indep builds to build the documentation just once + * Drop ragel from build depends to allow arm64 builds + + -- Ondřej Surý <ondrej@debian.org> Mon, 25 Aug 2014 15:54:34 +0200 + +knot (1.5.1-1) unstable; urgency=medium + + * New upstream version 1.5.1 + * Enable systemd notification mechanism + * Enable systemd journal enhanced logging + + -- Ondřej Surý <ondrej@debian.org> Wed, 20 Aug 2014 10:45:18 +0200 + +knot (1.5.0-1) unstable; urgency=medium + + * New upstream version 1.5.0 + + Features: + - Pluggable query processing modules + - Synthetic IPv4/IPv6 reverse/forward records (optional module) + - dnstap support in both utilities & server (optional module) + - NOTIFY message support and new TSIG section in kdig + - Multi-master support + - edns-client-subnet support in kdig + - Optional asynchronous startup (config "asynchronous-start") + - DDNS forwarding reimplemented + + Improvements: + - Query processing and core functionality overhaul + - Performance and reduced memory footprint + - Faster zone events scheduling + - RFC compliant queries/responses in some corner cases + - Log messages + - New documentation (Sphinx) + - Transfer sizes logged in bytes if needed + - Logging outgoing NOTIFY messages + - Logging unauthorized incoming NOTIFYs + - Preempt task queue for faster reload + - Lazy zone file write after zone transfer (governed by "zonefile-sync") + + Bugfixes: + - Close zone transfer after SERVFAIL response + - Incremental to full zone transfer fallback, wrong log message + - Zone events corner cases, reload replanning + - Zone flush planning after bootstrap + - Incorrect incoming AXFR message sizes + - DDNS signing changes were freed too soon, posibility of stale data + - knotc remote control key handling + * Debian packaging: + + d/control: New documentation is using sphinx + + d/control: New knot-libs package containing internal shared libraries + + -- Ondřej Surý <ondrej@debian.org> Wed, 09 Jul 2014 13:08:26 +0200 + +knot (1.4.6+hotfix-1) unstable; urgency=medium + + * New upstream version 1.4.6+hotfix + + -- Ondřej Surý <ondrej@debian.org> Thu, 22 May 2014 15:39:07 +0200 + +knot (1.4.6-1) unstable; urgency=medium + + * New upstream version 1.4.6 + * Update patches for 1.4.6 release + + -- Ondřej Surý <ondrej@debian.org> Thu, 22 May 2014 13:15:14 +0200 + +knot (1.4.5-2) unstable; urgency=high + + * Re-upload to fix botched amd64 upload in 1.4.5-1 + + -- Ondřej Surý <ondrej@debian.org> Tue, 22 Apr 2014 14:58:30 +0200 + +knot (1.4.5-1) unstable; urgency=high + + * New upstream version 1.4.5 + + Fix possible weakness in TSIG signature checking + * Refresh patches for 1.4.5 release + * Use dh-autoreconf to regenerate autotools files + + -- Ondřej Surý <ondrej@debian.org> Mon, 14 Apr 2014 15:11:12 +0200 + +knot (1.4.4-1) unstable; urgency=medium + + * New upstream version 1.4.4 + + Server is logging remote control commands + + 'knotc reload' doesn't refresh unchanged zones + + 'knotc -f refresh' forces zone retransfer + + Fixed missing notifications after DDNS/automatic resign + + Zone is rebootstrapped if the zone file is unreadable + + Progressive bootstrap retry backoff + + Zone file parser now allows asterisk as part of the label + + Fix journal maximum entry size + + Sign DNSKEYs in non-apex nodes as regular RR sets + + Various spelling and typo fixes (Courtesy of Robert Edmonds) + + -- Ondřej Surý <ondrej@debian.org> Thu, 27 Mar 2014 15:49:54 +0100 + +knot (1.4.3-2) unstable; urgency=medium + + * Add support for autotools-dev and dh-systemd + * Enable parallel builds in dh invocation + + -- Ondřej Surý <ondrej@debian.org> Tue, 18 Feb 2014 13:44:13 +0100 + +knot (1.4.3-1) unstable; urgency=low + + * New upstream version 1.4.3 + + -- Ondřej Surý <ondrej@debian.org> Tue, 18 Feb 2014 13:03:42 +0100 + +knot (1.4.2-1) unstable; urgency=low + + * New upstream version 1.4.2 + * Update OpenSSL << 1.0.0 compatibility patch + + -- Ondřej Surý <ondrej@debian.org> Mon, 27 Jan 2014 16:14:33 +0100 + +knot (1.4.1-2) unstable; urgency=low + + * Add patch to remove the requirement for OpenSSL 1.0.0 to build on + Debian squeeze, be warned though that the OpenSSL before 1.0.0 might + manifest some threading errors and crashes, so you really should + upgrade your system to Debian wheezy. + + -- Ondřej Surý <ondrej@debian.org> Thu, 23 Jan 2014 16:53:03 +0100 + +knot (1.4.1-1) unstable; urgency=low + + * New upstream version 1.4.1 + + Empty APL record support + + 'zonestatus' when using immediate zone syncing + + Immediate zone syncing after reload + + Race condition writing time values to zone file + + Require OpenSSL >= 1.0.0 + * Don't use dh-autoreconf, upstream uses recent enough autotools + * Bump standards version to 3.9.5 + * Run the tests on every arch without the condition, but don't fail + anywhere + + -- Ondřej Surý <ondrej@debian.org> Mon, 13 Jan 2014 18:00:18 +0100 + +knot (1.4.0-1) unstable; urgency=low + + * New major upstream version 1.4.0 + + Experimental automatic DNSSEC signing + + Fastest ragel parser enabled by default + + Reduced memory usage + + Zone SOA SERIAL policies (INCREMENT, UNIXTIME) for DDNS and + automatic DNSSEC signing + + IDN support in Knot utilities (kdig, knsupdate, ...) + + DNSSEC: support for GOST algorithm + + Support for DNSSEC key pre-publication + * Remove PATH_MAX patch, it's already included in upstream + * Run the tests on all archs, but don't fail the build if the tests fail + on broken archs + * Update watch file to match (alpha|beta|rc)\d* versions + + -- Ondřej Surý <ondrej@debian.org> Mon, 06 Jan 2014 11:00:07 +0100 + +knot (1.4.0~rc2-1) experimental; urgency=low + + * New upstream version 1.4.0~rc2 + + -- Ondřej Surý <ondrej@debian.org> Fri, 13 Dec 2013 17:53:26 +0100 + +knot (1.4.0~rc1-1) experimental; urgency=low + + * Disable tests on GNU Hurd + * New upstream version 1.4.0~rc1 + + -- Ondřej Surý <ondrej@debian.org> Mon, 25 Nov 2013 16:19:27 +0100 + +knot (1.4.0~beta-1) experimental; urgency=low + + * New upstream version 1.4.0~beta + * Update patches for 1.4.0~beta release + * Disable fastparser since the ragel is broken in one test + * Add knsec3hash to knot package + + -- Ondřej Surý <ondrej@debian.org> Tue, 29 Oct 2013 12:25:49 +0100 + +knot (1.3.4-1) unstable; urgency=low + + * Disable tests on GNU Hurd + * New upstream version 1.3.4 + + -- Ondřej Surý <ondrej@debian.org> Fri, 13 Dec 2013 17:23:52 +0100 + +knot (1.3.3-1) unstable; urgency=low + + * New upstream version 1.3.3 + + -- Ondřej Surý <ondrej@debian.org> Mon, 28 Oct 2013 11:40:13 +0100 + +knot (1.3.2-3) unstable; urgency=low + + * Add ufw applications.d rule for Knot DNS + * Disable recvmmsg on GNU Hurd (since recvmmsg is not implemented on GNU + Hurd and will always fail) + * Enable fastparser (requires Ragel) + + -- Ondřej Surý <ondrej@debian.org> Fri, 11 Oct 2013 17:23:35 +0200 + +knot (1.3.2-2) unstable; urgency=low + + * Define #PATH_MAX to make GNU Hurd happy + * Don't enable LTO, it doesn't play well with debugging symbols + + -- Ondřej Surý <ondrej@debian.org> Sun, 06 Oct 2013 01:57:13 +0200 + +knot (1.3.2-1) unstable; urgency=low + + * New upstream version 1.3.2 + * Enable link-time-optimizations by default + + -- Ondřej Surý <ondrej@debian.org> Mon, 30 Sep 2013 15:04:01 +0200 + +knot (1.3.1-1) unstable; urgency=low + + * New upstream version 1.3.1 + * Add new debian/watch file (Courtesy of Debian QA) + * Bump standards to 3.9.4 + * Stop using /lib/init/vars.sh, we don't use $VERBOSE anymore anyway + * Drop syslog.target as it is not needed anymore + * Remove SSE detection patch as it was merged upstream + + -- Ondřej Surý <ondrej@debian.org> Tue, 27 Aug 2013 14:27:44 +0200 + +knot (1.3.0-2) unstable; urgency=low + + * Disable SSE detection in the packaged version of Knot DNS + + -- Ondřej Surý <ondrej@debian.org> Fri, 16 Aug 2013 13:04:39 +0200 + +knot (1.3.0-1) unstable; urgency=low + + * New upstream version 1.3.0 + * Remove upstream patch from 1.3.0~rc5-2 as it is included in + this release. + + -- Ondřej Surý <ondrej@debian.org> Mon, 05 Aug 2013 17:01:23 +0200 + +knot (1.3.0~rc5-2) unstable; urgency=low + + * Pull some pre 1.3.0 patches (mainly to test before release): + + Initialize secondary groups for user <user>.<group>. + + Reworked CH TXT records support (RFC 4892). + + Fixed inactive xfers may be disconnected depending on the previous + result. + + Add server starting information to log. + + -- Ondřej Surý <ondrej@debian.org> Mon, 05 Aug 2013 10:39:48 +0200 + +knot (1.3.0~rc5-1) unstable; urgency=low + + * New upstream version 1.3.0~rc5 + * Remove last upstream patch, all our changes have been merged. Yay\! + + -- Ondřej Surý <ondrej@debian.org> Mon, 29 Jul 2013 17:15:56 +0200 + +knot (1.3.0~rc4-2) unstable; urgency=low + + * Disable tests on big endian architectures (but the code still needs to + be fixed) + + -- Ondřej Surý <ondrej@debian.org> Tue, 23 Jul 2013 14:07:39 +0200 + +knot (1.3.0~rc4-1) unstable; urgency=low + + * New upstream version 1.3.0~rc4 + * Add upstream patch to honour CONFIG_DIR + * Remove now obsolete patch to run as knot:knot + * The knot/ is now added by upstream to @sysconfdir@ + + -- Ondřej Surý <ondrej@debian.org> Mon, 15 Jul 2013 15:15:05 +0200 + +knot (1.3.0~rc3-2) unstable; urgency=low + + * Add proper support for upstart and systemd along with sysvinit + * Add /usr/lib/knot/prepare-environment script which will parse + knot configuration file and properly create rundir and set + correct permissions to configured values in /etc/knot/knot.conf + * Remove /etc/default/knot since the values are now parsed + directly from the configuration file + * Add /var/lib/knot to knot.dirs, so it gets created on package + install + * Drop checking for $VERBOSE variable and properly log start/stop from + sysvinit script + + -- Ondřej Surý <ondrej@debian.org> Tue, 02 Jul 2013 13:08:33 +0200 + +knot (1.3.0~rc3-1) unstable; urgency=low + + * New upstream version 1.3.0~rc3 + * Packaging changes: + + Use --fail-missing to check for all new files + + Remove obsolete patches and update installed conffile with latest + options + + Don't install knot-zcompile as it is no more + + Install minimal example configuration file as /etc/knot/knot.conf + + Add --disable-silent-rules to configure invocation + + Add patch to fix missing $(DESTDIR) in src/Makefile.am + + Set --with-rundir and --with-storage to correct locations + + Run under knot:knot by default (create and delete knot user) + + Add knot-dnsutils and knot-host packages + + Add patch to move knot-{host,dnsutils} manpages to correct location + + Add samples/knot.{full,keys}.conf and example zone to examples. + * Add knot-doc package with generated documentation (PDF and HTML) + + -- Ondřej Surý <ondrej@debian.org> Fri, 28 Jun 2013 12:59:55 +0200 + +knot (1.2.0-2) unstable; urgency=low + + * /etc/init.d/knot now sources /etc/default/knot instead of + /etc/init.d/knotd (Closes: #707683) + * Pull upstream fix for pidfile creation before dropping priviledges + (Closes: #707685) + * Enable SSE2 support again (we will simply not support anything older + than Pentium M) + + -- Ondřej Surý <ondrej@debian.org> Wed, 26 Jun 2013 14:41:04 +0200 + +knot (1.2.0-1) unstable; urgency=low + + * Imported Upstream version 1.2.0 + + Final release. + + Some small memory leaks fixes. + + -- Ondřej Surý <ondrej@debian.org> Wed, 03 Apr 2013 09:16:25 +0200 + +knot (1.2.0~rc4-1) unstable; urgency=low + + * Imported Upstream version 1.2.0~rc4 + + knotc 'zonestatus' command + + Changing logfile ownership before dropping privileges + + knotc respects 'control' section from configuration + + RRL: resolved bucket collisions + + RRL: updated bucket mapping to conform RRL technical memo + + -- Ondřej Surý <ondrej@debian.org> Fri, 22 Mar 2013 15:35:50 +0100 + +knot (1.2.0~rc3-1) unstable; urgency=low + + * Imported Upstream version 1.2.0~rc3 + + New functionality: Response Rate Limiting as a response to + reflection DNS DDoS attacks in the wild + + Add missing RRSIG in ANY queries + + -- Ondřej Surý <ondrej@debian.org> Fri, 01 Mar 2013 13:24:28 +0100 + +knot (1.2~rc2-1) unstable; urgency=low + + * Imported Upstream version 1.2~rc2 + * Fix git location + * Update patches for 1.2 release + + -- Ondřej Surý <ondrej@debian.org> Mon, 18 Feb 2013 12:40:01 +0100 + +knot (1.1.3-1) unstable; urgency=low + + * Imported Upstream version 1.1.3 + + -- Ondřej Surý <ondrej@debian.org> Thu, 20 Dec 2012 10:50:41 +0100 + +knot (1.1.3~rc1-1) unstable; urgency=low + + * Imported Upstream version 1.1.3~rc1 + + Fixed answering DS queries (RRSIGs not together with DS, AA bit + missing). + + Fixed setting ARCOUNT in some error responses with EDNS enabled. + + Fixed crash when compiling zone zone with NSEC3PARAM but no NSEC3 + and semantic checks enabled. + + -- Ondřej Surý <ondrej@debian.org> Fri, 07 Dec 2012 11:19:35 +0100 + +knot (1.1.2-1) unstable; urgency=low + + * Imported Upstream version 1.1.2 + + -- Ondřej Surý <ondrej@debian.org> Wed, 21 Nov 2012 14:45:34 +0100 + +knot (1.1.2~rc1-1) unstable; urgency=low + + * Imported Upstream version 1.1.2~rc1 + * Update patches for new release + + -- Ondřej Surý <ondrej@debian.org> Wed, 14 Nov 2012 14:04:17 +0100 + +knot (1.1.1-1) unstable; urgency=low + + * Imported Upstream version 1.1.1 + * Update and remove obsolete patches for new release + + -- Ondřej Surý <ondrej@debian.org> Wed, 31 Oct 2012 10:42:09 +0100 + +knot (1.1.0-5) unstable; urgency=low + + * Disable SSE2 instruction set, might solve some strange crashes. + + -- Ondřej Surý <ondrej@debian.org> Wed, 10 Oct 2012 13:09:54 +0200 + +knot (1.1.0-4) unstable; urgency=low + + * Disable extra hardening via dpkg-buildflags, which is not needed + by debhelper 9, but breaks builds on squeeze + * Install man5 and knot.info documentation + + -- Ondřej Surý <ondrej@debian.org> Mon, 03 Sep 2012 16:43:26 +0200 + +knot (1.1.0-3) unstable; urgency=low + + * Bump dependency on debhelper >= 9 + * Bump standards version to 3.9.3 + * Fix installation of manpages to correct directories + + -- Ondřej Surý <ondrej@debian.org> Mon, 03 Sep 2012 16:02:11 +0200 + +knot (1.1.0-2) unstable; urgency=low + + * Disable AM_MAINTAINER_MODE and re-run autoreconf -fi + * Enable hardening build by default + * Update pidfile patch to 1.1.0 + * Cope with default MultiArch in dh_compat==9 and don't install + unittests* binaries + + -- Ondřej Surý <ondrej@debian.org> Mon, 03 Sep 2012 15:32:53 +0200 + +knot (1.1.0-1) unstable; urgency=low + + * Imported Upstream version 1.1.0 + - User manual now available. + - Optionally disable ANY queries for authoritative answers. + - Dropping identical records in zone and incoming transfers. + - Support for '/' in zone names. + - Generating journal from reloaded zone (EXPERIMENTAL). + - Outgoing-only interfaces in configuration file. + - Following DNAME if the synthetized name is in the same zone. + - IXFR-in optimized. + - Many zones loading optimized. + - Signing SOA with TSIG queries when checking zone version with master. + * Enable maintainer mode to generate version.texi as a workaround. + + -- Ondřej Surý <ondrej@debian.org> Fri, 31 Aug 2012 16:27:07 +0200 + +knot (1.0.6-1) unstable; urgency=low + + * Imported Upstream version 1.0.6 + - Add NSEC/NSEC3 for all wildcard CNAMEs in the response. + - Fixed potential problems with RCU synchronization. + + -- Ondřej Surý <ondrej@debian.org> Wed, 13 Jun 2012 15:31:52 +0200 + +knot (1.0.5-1) unstable; urgency=low + + * Imported Upstream version 1.0.5 + - Fixed bug with creating journal files which didn't get merged + by accident + + -- Ondřej Surý <ondrej@debian.org> Thu, 17 May 2012 12:25:27 +0200 + +knot (1.0.4-1) unstable; urgency=low + + * Imported Upstream version 1.0.4 + - Speed-up loading of many zones due parallelization + - Support for TLSA resource record (Type 52) + - New commands knotc checkzone and knotc refresh (forced update) + - Fixed responses to CNAME queries if the canonical name was also + an alias + - Fixed crash when NS or MX points to an alias + - Fixed crash when bootstraping/compiling a lot of zones + - Significant speed-up and memory usage reduction of IXFR-in + + -- Ondřej Surý <ondrej@debian.org> Wed, 16 May 2012 09:33:26 +0200 + +knot (1.0.3-1) unstable; urgency=low + + * Imported Upstream version 1.0.3 + - Fixed bug in non-EDNS0 queries over TCP + - Zone compilation time regression fixed + + -- Ondřej Surý <ondrej@debian.org> Wed, 18 Apr 2012 09:06:57 +0200 + +knot (1.0.2-1) unstable; urgency=low + + * Imported Upstream version 1.0.2 + - Bugfix release + + -- Ondřej Surý <ondrej@debian.org> Fri, 13 Apr 2012 16:09:11 +0200 + +knot (1.0.1-1) unstable; urgency=low + + * Imported Upstream version 1.0.1 + - Implemented jitter to REFRESH/RETRY timers + - Fixed problem with creating IXFR journal for bootstrapped zone + - Fixed race condition in processing NOTIFY/SOA queries + - Fixed improper assignment of TSIG algorithm type + + -- Ondřej Surý <ondrej@debian.org> Fri, 09 Mar 2012 20:18:37 +0100 + +knot (1.0.0-1) unstable; urgency=low + + * Imported Upstream version 1.0.0 + * Update pidfile patch + + -- Ondřej Surý <ondrej@debian.org> Wed, 29 Feb 2012 18:46:13 +0100 + +knot (1.0~rc1-1) unstable; urgency=low + + * Imported Upstream version 1.0~rc1 + * Move knotd.pid to /var/run where it belongs + + -- Ondřej Surý <ondrej@debian.org> Wed, 15 Feb 2012 21:12:56 +0100 + +knot (0.9.1-3) unstable; urgency=low + + * Install files into knot package (broken build after added debug + package) + + -- Ondřej Surý <ondrej@debian.org> Mon, 23 Jan 2012 15:01:42 +0100 + +knot (0.9.1-2) unstable; urgency=low + + * Build knot-dbg package with debug symbols + + -- Ondřej Surý <ondrej@debian.org> Mon, 23 Jan 2012 13:27:20 +0100 + +knot (0.9.1-1) unstable; urgency=low + + * Imported Upstream version 0.9.1 + + RRSet rotation functionality added + + New pseudo-random number generator (new BSD licensed) + + Fixed build on BSD + + Fixes in parsing and dumping of some RR types + * Add correct git-buildpackage configuration + * Update copyright for new PRNG + + -- Ondřej Surý <ondrej@debian.org> Sat, 21 Jan 2012 15:47:30 +0100 + +knot (0.9-1) unstable; urgency=low + + * Imported Upstream version 0.9 + + Add TSIG support + + Several smaller bugfixes + * Add correct git-buildpackage configuration + * Imported Upstream version 0.9.1 + * Update copyright for new PRNG + + -- Ondřej Surý <ondrej@debian.org> Sat, 21 Jan 2012 15:46:54 +0100 + +knot (0.8.1-1) unstable; urgency=low + + * Imported Upstream version 0.8.1 + + Correctly handle SPF resource records + + Fix wrong text dumping of unknown records. + + -- Ondřej Surý <ondrej@debian.org> Thu, 01 Dec 2011 16:27:44 +0100 + +knot (0.8-1) unstable; urgency=low + + * Initial release (Closes: #647461) + * Add some dependencies in the init.d script + * Add flex and bison to b-d + * Add versioned dependency on liburcu + * Daemonize on the start + * Update copyright file to include all licenses + + -- Ondřej Surý <ondrej@debian.org> Wed, 16 Nov 2011 07:14:55 +0100 diff --git a/debian/clean b/debian/clean new file mode 100644 index 0000000..b2a9f3f --- /dev/null +++ b/debian/clean @@ -0,0 +1,2 @@ +doc/modules +.pybuild/ diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..a6b805f --- /dev/null +++ b/debian/control @@ -0,0 +1,290 @@ +Source: knot +Section: net +Priority: optional +Maintainer: knot packagers <knot@packages.debian.org> +Uploaders: + Ondřej Surý <ondrej@debian.org>, + Daniel Salzman <daniel.salzman@nic.cz>, + Daniel Kahn Gillmor <dkg@fifthhorseman.net>, + Robert Edmonds <edmonds@debian.org>, + Jakub Ružička <jakub.ruzicka@nic.cz>, +Build-Depends-Indep: + python3-setuptools, + python3-sphinx, + texinfo, +Build-Depends: + autoconf, + automake, + debhelper-compat (= 13), + dh-python, + libbpf-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386 !alpha !arc !hppa !ia64 !m68k !powerpc !sh4 !sparc64 !x32], + libcap-ng-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], + libedit-dev, + libfstrm-dev, + libgnutls28-dev, + libidn2-dev, + liblmdb-dev, + libmaxminddb-dev, + libmnl-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386 !alpha !arc !hppa !ia64 !m68k !powerpc !sh4 !sparc64 !x32], + libnghttp2-dev, + libngtcp2-crypto-gnutls-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386 !alpha !arc !hppa !ia64 !m68k !powerpc !sh4 !sparc64 !x32], + libngtcp2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386 !alpha !arc !hppa !ia64 !m68k !powerpc !sh4 !sparc64 !x32], + libprotobuf-c-dev, + libsofthsm2 <!nocheck>, + libsystemd-dev [linux-any] | libsystemd-daemon-dev [linux-any], + libsystemd-dev [linux-any] | libsystemd-journal-dev [linux-any], + libtool, + liburcu-dev, + libxdp-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386 !alpha !arc !hppa !ia64 !m68k !powerpc !sh4 !sparc64 !x32], + pkg-config, + protobuf-c-compiler, + python3-all, +Standards-Version: 4.6.2 +Homepage: https://www.knot-dns.cz/ +Vcs-Browser: https://salsa.debian.org/dns-team/knot-dns +Vcs-Git: https://salsa.debian.org/dns-team/knot-dns.git +Rules-Requires-Root: no + +Package: knot +Architecture: any +Depends: + adduser, + libdnssec9 (= ${binary:Version}), + libknot13 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Pre-Depends: + ${misc:Pre-Depends}, +Breaks: + knot-dnsutils (<< 2.9.2-5), +Suggests: + systemd, +Description: Authoritative domain name server + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + +Package: libknot13 +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: Authoritative domain name server (shared library) + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides libknot shared library used by Knot DNS and + Knot Resolver. + +Package: libzscanner4 +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNS zone-parsing shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides a fast zone parser shared library used by Knot + DNS and Knot Resolver. + +Package: libdnssec9 +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNSSEC shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides common DNSSEC shared library used by Knot DNS + and Knot Resolver. + +Package: libknot-dev +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libgnutls28-dev, + libknot13 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Section: libdevel +Description: Knot DNS shared library development files + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides development files for internal common shared + libraries. + +Package: knot-dnsutils +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libknot13 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Breaks: + knot (<< 2.9.2-5), +Replaces: + knot (<< 2.9.2-5), +Description: Clients provided with Knot DNS (kdig, knsupdate, kxdpgun) + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package delivers various client programs related to DNS that are + derived from the Knot DNS source tree. + . + - kdig - query a DNS server in various ways + - knsupdate - perform dynamic updates (See RFC2136) + - kxdpgun - send a DNS query stream over UDP to a DNS server + . + Those clients were designed to be 1:1 compatible with BIND dnsutils, + but they provide some enhancements, which are documented in respective + manpages. + . + WARNING: knslookup is not provided as it is considered obsolete. + +Package: knot-dnssecutils +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libknot13 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Breaks: + knot (<< 3.2.0-1), + knot-dnsutils (<< 3.2.0-1), +Replaces: + knot (<< 3.2.0-1), + knot-dnsutils (<< 3.2.0-1), +Description: DNSSEC tools provided with Knot DNS (kzonecheck, kzonesign, knsec3hash) + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package delivers various DNSSEC tools from Knot DNS. + . + - kzonecheck + - kzonesign + - knsec3hash + +Package: knot-host +Architecture: any +Depends: + libdnssec9 (= ${binary:Version}), + libknot13 (= ${binary:Version}), + libzscanner4 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: Version of 'host' bundled with Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides the 'host' program in the form that is bundled + with the Knot DNS. The 'host' command is designed to be 1:1 + compatible with BIND 9.x 'host' program. + +Package: knot-module-dnstap +Architecture: any +Depends: + knot (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: dnstap module for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package contains dnstap module for logging DNS traffic. + +Package: knot-module-geoip +Architecture: any +Depends: + knot (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: geoip module for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package contains geoip module for geography-based responses. + +Package: knot-doc +Architecture: all +Multi-Arch: foreign +Depends: + libjs-jquery, + libjs-sphinxdoc, + libjs-underscore, + ${misc:Depends}, +Section: doc +Description: Documentation for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides various documents that are useful for + maintaining a working Knot DNS installation. + +Package: python3-libknot +Architecture: all +Depends: + ${misc:Depends}, + ${python3:Depends}, +Section: python +Description: Python bindings for libknot + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides Python bindings for the libknot shared library. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..4991fba --- /dev/null +++ b/debian/copyright @@ -0,0 +1,204 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Knot DNS +Upstream-Contact: knot-dns@labs.nic.cz +Source: https://secure.nic.cz/files/knot-dns/ + +Files: * +Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: m4/* +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 1996-2001, 2003-2015 Free Software Foundation, Inc. +License: GPL-3+ + +Files: install-sh +Copyright: 1994 X Consortium +License: MIT + +Files: debian/* distro/pkg/deb/* +Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2011 Ondřej Surý <ondrej@debian.org> +License: GPL-3+ + +Files: tests/tap/* +Copyright: 2000-2001, 2004, 2006-2012 Russ Allbery <rra@stanford.edu> + 2006, 2007, 2008, 2013 The Board of Trustees of the Leland Stanford Junior University +License: MIT + +Files: tests/tap/files.* +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/dnstap/* +Copyright: 2014, Farsight Security, Inc. <software@farsightsecurity.com> + 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/libbpf/* +Copyright: 2013-2015 Alexei Starovoitov <ast@kernel.org> + 2015 Wang Nan <wangnan0@huawei.com> + 2015 Huawei Inc. + 2017 Nicira, Inc. + 2019 Isovalent, Inc. + 2019 Netronome Systems, Inc. + 2003-2013 Thomas Graf <tgraf@suug.ch> + 2018-2019 Intel Corporation. + 2018-2019 Facebook +License: LGPL-2.1 + +Files: src/contrib/libngtcp2/* +Copyright: 2016-2023 ngtcp2 contributors + 2012-2017 nghttp2 contributors +License: MIT + +Files: src/contrib/openbsd/siphash.* +Copyright: 2013 Andre Oppermann <andre@FreeBSD.org> +License: BSD-3-Clause + +Files: src/contrib/openbsd/strl* +Copyright: 1998 Todd C. Miller <Todd.Miller@courtesan.com> +License: 0BSD + +Files: src/contrib/proxyv2/* +Copyright: 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2021 Fastly, Inc. +License: GPL-3+ + +Files: src/contrib/qp-trie/* +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2018 Tony Finch <dot@dotat.at> +License: GPL-3+ + +Files: src/contrib/ucw/* +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 1997-2017 Martin Mares <mj@ucw.cz> + 2007 Pavel Charvat <pchar@ucw.cz> + 2012 Ondrej Filip <feela@network.cz> +License: LGPL-2.0 + +Files: src/contrib/ucw/heap.h +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/url-parser/* +Copyright: 2020 Igor Sysoev + 2020 Nginx, Inc. + 2020 Joyent, Inc. +License: MIT + +Files: src/contrib/vpool/* +Copyright: 2006, 2008 Alexey Vatchenko <av@bsdua.org> +License: 0BSD + +Files: tests-fuzz/main.c +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2017 Tim Ruehsen +License: MIT + +License: GPL-3+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + . + On Debian systems, the full text of the GNU General Public License + version 3 can be found in the file `/usr/share/common-licenses/GPL-3'. + +License: LGPL-2.0 + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + . + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301, USA. + +License: LGPL-2.1 + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public License + along with this program; If not, see <http://www.gnu.org/licenses/>. + . + On Debian systems, the complete text of the GNU Lesser General Public + License version 2.1 can be found in `/usr/share/common-licenses/LGPL-2.1'. + +License: 0BSD + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +License: BSD-3-Clause + Redistribution and use in source and binary forms, with or without modification, + are permitted provided that the following conditions are met: + 1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + 3. Neither the name of the copyright holder nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + +License: MIT + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + . + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. diff --git a/debian/cz.nic.knotd.conf b/debian/cz.nic.knotd.conf new file mode 100644 index 0000000..50af87a --- /dev/null +++ b/debian/cz.nic.knotd.conf @@ -0,0 +1,9 @@ +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <policy user="knot"> + <allow own="cz.nic.knotd" /> + </policy> + <policy context="default"> + <allow receive_sender="cz.nic.knotd" /> + </policy> +</busconfig> diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..b43bf86 --- /dev/null +++ b/debian/docs @@ -0,0 +1 @@ +README.md diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..c84f441 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,30 @@ +[DEFAULT] +debian-branch = debian/master +pristine-tar = True +upstream-branch = upstream/3.2 +upstream-vcs-tag = v%(version)s + +[dch] +meta = 1 + +[import-orig] +filter = [ + 'configure', + '*/Makefile.in', + '*/*/Makefile.in', + '*/*/*/Makefile.in', + 'install-sh', + 'ltmain.sh', + 'm4/libtool.m4', + '/src/lib*/version.h', + 'INSTALL', + 'aclocal.m4', + 'ar-lib', + 'depcomp', + 'compile', + 'missing', + 'test-driver', + 'config.guess', + 'config.sub', + ] +filter-pristine-tar = False diff --git a/debian/knot-dnssecutils.install b/debian/knot-dnssecutils.install new file mode 100644 index 0000000..20009e8 --- /dev/null +++ b/debian/knot-dnssecutils.install @@ -0,0 +1,3 @@ +usr/bin/knsec3hash +usr/bin/kzonecheck +usr/bin/kzonesign diff --git a/debian/knot-dnssecutils.manpages b/debian/knot-dnssecutils.manpages new file mode 100644 index 0000000..913c4cb --- /dev/null +++ b/debian/knot-dnssecutils.manpages @@ -0,0 +1,3 @@ +usr/share/man/man1/knsec3hash.1 +usr/share/man/man1/kzonecheck.1 +usr/share/man/man1/kzonesign.1 diff --git a/debian/knot-dnsutils.install b/debian/knot-dnsutils.install new file mode 100644 index 0000000..e2f2a8a --- /dev/null +++ b/debian/knot-dnsutils.install @@ -0,0 +1,3 @@ +usr/bin/kdig +usr/bin/knsupdate +usr/sbin/kxdpgun diff --git a/debian/knot-dnsutils.manpages b/debian/knot-dnsutils.manpages new file mode 100644 index 0000000..67254d9 --- /dev/null +++ b/debian/knot-dnsutils.manpages @@ -0,0 +1,3 @@ +usr/share/man/man1/kdig.1 +usr/share/man/man1/knsupdate.1 +usr/share/man/man8/kxdpgun.8 diff --git a/debian/knot-doc.doc-base b/debian/knot-doc.doc-base new file mode 100644 index 0000000..bcd4e0f --- /dev/null +++ b/debian/knot-doc.doc-base @@ -0,0 +1,17 @@ +Document: knot +Title: Documentation for the Knot authoritative DNS server +Author: Knot DNS authors at CZ.NIC Labs (https://www.knot-dns.cz) +Abstract: Knot DNS is a high-performance open-source authoritative DNS server +Section: Network/Communication + +Format: HTML +Index: /usr/share/doc/knot-doc/index.html +Files: /usr/share/doc/knot-doc + +Format: Info +Files: /usr/share/info/knot.info.gz +Index: /usr/share/info/knot.info.gz + +Format: Text +Index: /usr/share/doc/knot-doc/_sources/index.rst.txt +Files: /usr/share/doc/knot-doc/_sources/ diff --git a/debian/knot-doc.install b/debian/knot-doc.install new file mode 100644 index 0000000..c19da52 --- /dev/null +++ b/debian/knot-doc.install @@ -0,0 +1,2 @@ +usr/share/doc/knot/* /usr/share/doc/knot-doc/ +usr/share/info diff --git a/debian/knot-doc.links b/debian/knot-doc.links new file mode 100644 index 0000000..1376b3a --- /dev/null +++ b/debian/knot-doc.links @@ -0,0 +1,5 @@ +usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-doc/_static/jquery.js +usr/share/javascript/sphinxdoc/1.0/doctools.js usr/share/doc/knot-doc/_static/doctools.js +usr/share/javascript/sphinxdoc/1.0/language_data.js usr/share/doc/knot-doc/_static/language_data.js +usr/share/javascript/sphinxdoc/1.0/searchtools.js usr/share/doc/knot-doc/_static/searchtools.js +usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-doc/_static/underscore.js diff --git a/debian/knot-host.install b/debian/knot-host.install new file mode 100644 index 0000000..51bacf0 --- /dev/null +++ b/debian/knot-host.install @@ -0,0 +1 @@ +usr/bin/khost diff --git a/debian/knot-host.manpages b/debian/knot-host.manpages new file mode 100644 index 0000000..4891e2c --- /dev/null +++ b/debian/knot-host.manpages @@ -0,0 +1 @@ +usr/share/man/man1/khost.1 diff --git a/debian/knot-module-dnstap.install b/debian/knot-module-dnstap.install new file mode 100644 index 0000000..983455e --- /dev/null +++ b/debian/knot-module-dnstap.install @@ -0,0 +1 @@ +usr/lib/*/knot/modules-*/dnstap.so diff --git a/debian/knot-module-geoip.install b/debian/knot-module-geoip.install new file mode 100644 index 0000000..16d87c3 --- /dev/null +++ b/debian/knot-module-geoip.install @@ -0,0 +1 @@ +usr/lib/*/knot/modules-*/geoip.so diff --git a/debian/knot.default b/debian/knot.default new file mode 100644 index 0000000..12d6cc5 --- /dev/null +++ b/debian/knot.default @@ -0,0 +1 @@ +KNOTD_ARGS="" diff --git a/debian/knot.dirs b/debian/knot.dirs new file mode 100644 index 0000000..6e937aa --- /dev/null +++ b/debian/knot.dirs @@ -0,0 +1 @@ +var/lib/knot diff --git a/debian/knot.init b/debian/knot.init new file mode 100644 index 0000000..3f8fcae --- /dev/null +++ b/debian/knot.init @@ -0,0 +1,149 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: knot +# Required-Start: $network $local_fs $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: authoritative domain name server +# Description: Knot DNS is a authoritative-only domain name server +### END INIT INFO + +# Author: Ondřej Surý <ondrej@debian.org> + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Knot DNS server" # Introduce a short description here +NAME=knotd # Introduce the short server's name here +DAEMON=/usr/sbin/$NAME # Introduce the server's location here +PIDFILE=/run/knot/knot.pid +SCRIPTNAME=/etc/init.d/knot +KNOTC=/usr/sbin/knotc +RUNDIR=/run/knot + +# Exit if the package is not installed +[ -x $DAEMON ] || exit 0 + +KNOTD_ARGS="" + +# Read configuration variable file if it is present +[ -r /etc/default/knot ] && . /etc/default/knot + +DAEMON_ARGS="-d $KNOTD_ARGS" + +# Define LSB log_* functions. +# Depend on sysvinit-utils (>= 2.96) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + $KNOTC status >/dev/null 2>/dev/null \ + && return 1 + + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + + $KNOTC status >/dev/null 2>/dev/null \ + || return 1 + + $KNOTC stop >/dev/null + RETVAL="$?" + [ $? = 1 ] && return 2 + + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return 0 +} + +do_reload() { + $KNOTC reload >/dev/null + return $? +} + +do_mkrundir() { + mkdir -p $RUNDIR + chmod 0755 $RUNDIR + chown knot:knot $RUNDIR +} + +case "$1" in + start) + do_mkrundir + log_daemon_msg "Starting $DESC " "$NAME" + do_start + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + status) + STATUS=$($KNOTC status 2>&1 >/dev/null) + RETVAL=$? + if [ $RETVAL = 0 ]; then + log_success_msg "$NAME is running" + else + log_failure_msg "$NAME is not running ($STATUS)" + fi + exit $RETVAL + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/knot.install b/debian/knot.install new file mode 100644 index 0000000..5c716fc --- /dev/null +++ b/debian/knot.install @@ -0,0 +1,8 @@ +debian/cz.nic.knotd.conf usr/share/dbus-1/system.d/ +debian/ufw/knot etc/ufw/applications.d/ +etc/knot/knot.conf +usr/sbin/kcatalogprint +usr/sbin/keymgr +usr/sbin/kjournalprint +usr/sbin/knotc +usr/sbin/knotd diff --git a/debian/knot.manpages b/debian/knot.manpages new file mode 100644 index 0000000..5d23e9f --- /dev/null +++ b/debian/knot.manpages @@ -0,0 +1,6 @@ +usr/share/man/man5/knot.conf.5 +usr/share/man/man8/kcatalogprint.8 +usr/share/man/man8/keymgr.8 +usr/share/man/man8/kjournalprint.8 +usr/share/man/man8/knotc.8 +usr/share/man/man8/knotd.8 diff --git a/debian/knot.postinst b/debian/knot.postinst new file mode 100644 index 0000000..da747c8 --- /dev/null +++ b/debian/knot.postinst @@ -0,0 +1,16 @@ +#!/bin/sh +set -e + +if [ "$1" = "configure" ]; then + if ! getent passwd knot > /dev/null; then + adduser --quiet --system --group --no-create-home --home /var/lib/knot knot + fi + + dpkg-statoverride --list /var/lib/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0770 /var/lib/knot + dpkg-statoverride --list /etc/knot/knot.conf >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0640 /etc/knot/knot.conf + dpkg-statoverride --list /etc/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0750 /etc/knot +fi + +#DEBHELPER# + +exit 0 diff --git a/debian/knot.postrm b/debian/knot.postrm new file mode 100644 index 0000000..14b3d69 --- /dev/null +++ b/debian/knot.postrm @@ -0,0 +1,21 @@ +#!/bin/sh +set -e + +if test "$1" = "purge"; then + state_dir=/var/lib/knot + for db_name in "catalog" "confdb" "journal" "keys" "timers"; do + rm -rf $state_dir/$db_name >/dev/null 2>&1 || true + done + rmdir $state_dir >/dev/null 2>&1 || true + [ -e $state_dir/* ] && echo "Notice: there are still data in ${state_dir}, please check." + + dpkg-statoverride --remove /var/lib/knot >/dev/null 2>&1 || true + dpkg-statoverride --remove /etc/knot/knot.conf >/dev/null 2>&1 || true + dpkg-statoverride --remove /etc/knot >/dev/null 2>&1 || true + + deluser --quiet knot >/dev/null 2>&1 || true +fi + +#DEBHELPER# + +exit 0 diff --git a/debian/knot.service b/debian/knot.service new file mode 100644 index 0000000..54ab197 --- /dev/null +++ b/debian/knot.service @@ -0,0 +1,31 @@ +[Unit] +Description=Knot DNS server +Wants=network-online.target +After=network-online.target +Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8) + +[Service] +EnvironmentFile=/etc/default/knot +Type=notify +User=knot +Group=knot +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP +ExecStartPre=/usr/sbin/knotc conf-check +ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE" $KNOTD_ARGS +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-abort +LimitNOFILE=1048576 +TimeoutStopSec=300 +# Extend the systemd startup timeout by this value (seconds) for each zone +Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180" +# Maximum size (MiB) of a configuration database +Environment="KNOT_CONF_MAX_SIZE=512" + +# Expected systemd >= v239 +RuntimeDirectory=knot +StateDirectory=knot +NoNewPrivileges=yes + +[Install] +WantedBy=multi-user.target diff --git a/debian/libdnssec9.install b/debian/libdnssec9.install new file mode 100644 index 0000000..17a9fe6 --- /dev/null +++ b/debian/libdnssec9.install @@ -0,0 +1 @@ +usr/lib/*/libdnssec.so.* diff --git a/debian/libdnssec9.symbols b/debian/libdnssec9.symbols new file mode 100644 index 0000000..c3ab2ed --- /dev/null +++ b/debian/libdnssec9.symbols @@ -0,0 +1,96 @@ +libdnssec.so.9 libdnssec9 #MINVER# +* Build-Depends-Package: libknot-dev + dnssec_algorithm_digest_support@Base 3.2.0 + dnssec_algorithm_key_size_check@Base 3.2.0 + dnssec_algorithm_key_size_default@Base 3.2.0 + dnssec_algorithm_key_size_range@Base 3.2.0 + dnssec_algorithm_key_support@Base 3.2.0 + dnssec_algorithm_reproducible@Base 3.2.0 + dnssec_binary_alloc@Base 3.2.0 + dnssec_binary_cmp@Base 3.2.0 + dnssec_binary_dup@Base 3.2.0 + dnssec_binary_free@Base 3.2.0 + dnssec_binary_from_base64@Base 3.2.0 + dnssec_binary_resize@Base 3.2.0 + dnssec_binary_to_base64@Base 3.2.0 + dnssec_crypto_cleanup@Base 3.2.0 + dnssec_crypto_init@Base 3.2.0 + dnssec_crypto_reinit@Base 3.2.0 + dnssec_digest@Base 3.2.0 + dnssec_digest_finish@Base 3.2.0 + dnssec_digest_init@Base 3.2.0 + dnssec_key_can_sign@Base 3.2.0 + dnssec_key_can_verify@Base 3.2.0 + dnssec_key_clear@Base 3.2.0 + dnssec_key_create_ds@Base 3.2.0 + dnssec_key_dup@Base 3.2.0 + dnssec_key_free@Base 3.2.0 + dnssec_key_get_algorithm@Base 3.2.0 + dnssec_key_get_dname@Base 3.2.0 + dnssec_key_get_flags@Base 3.2.0 + dnssec_key_get_keyid@Base 3.2.0 + dnssec_key_get_keytag@Base 3.2.0 + dnssec_key_get_protocol@Base 3.2.0 + dnssec_key_get_pubkey@Base 3.2.0 + dnssec_key_get_rdata@Base 3.2.0 + dnssec_key_get_size@Base 3.2.0 + dnssec_key_load_pkcs8@Base 3.2.0 + dnssec_key_new@Base 3.2.0 + dnssec_key_set_algorithm@Base 3.2.0 + dnssec_key_set_dname@Base 3.2.0 + dnssec_key_set_flags@Base 3.2.0 + dnssec_key_set_protocol@Base 3.2.0 + dnssec_key_set_pubkey@Base 3.2.0 + dnssec_key_set_rdata@Base 3.2.0 + dnssec_keyid_copy@Base 3.2.0 + dnssec_keyid_equal@Base 3.2.0 + dnssec_keyid_is_valid@Base 3.2.0 + dnssec_keyid_normalize@Base 3.2.0 + dnssec_keystore_close@Base 3.2.0 + dnssec_keystore_deinit@Base 3.2.0 + dnssec_keystore_generate@Base 3.2.0 + dnssec_keystore_get_private@Base 3.2.0 + dnssec_keystore_import@Base 3.2.0 + dnssec_keystore_init@Base 3.2.0 + dnssec_keystore_init_pkcs11@Base 3.2.0 + dnssec_keystore_init_pkcs8@Base 3.2.0 + dnssec_keystore_open@Base 3.2.0 + dnssec_keystore_remove@Base 3.2.0 + dnssec_keystore_set_private@Base 3.2.0 + dnssec_keytag@Base 3.2.0 + dnssec_nsec3_hash@Base 3.2.0 + dnssec_nsec3_hash_length@Base 3.2.0 + dnssec_nsec3_params_free@Base 3.2.0 + dnssec_nsec3_params_from_rdata@Base 3.2.0 + dnssec_nsec3_params_match@Base 3.2.0 + dnssec_nsec_bitmap_add@Base 3.2.0 + dnssec_nsec_bitmap_clear@Base 3.2.0 + dnssec_nsec_bitmap_contains@Base 3.2.0 + dnssec_nsec_bitmap_free@Base 3.2.0 + dnssec_nsec_bitmap_new@Base 3.2.0 + dnssec_nsec_bitmap_size@Base 3.2.0 + dnssec_nsec_bitmap_write@Base 3.2.0 + dnssec_pem_from_privkey@Base 3.2.0 + dnssec_pem_from_x509@Base 3.2.0 + dnssec_pem_to_privkey@Base 3.2.0 + dnssec_pem_to_x509@Base 3.2.0 + dnssec_random_binary@Base 3.2.0 + dnssec_random_buffer@Base 3.2.0 + dnssec_sign_add@Base 3.2.0 + dnssec_sign_free@Base 3.2.0 + dnssec_sign_init@Base 3.2.0 + dnssec_sign_new@Base 3.2.0 + dnssec_sign_verify@Base 3.2.0 + dnssec_sign_write@Base 3.2.0 + dnssec_strerror@Base 3.2.0 + dnssec_tsig_add@Base 3.2.0 + dnssec_tsig_algorithm_from_dname@Base 3.2.0 + dnssec_tsig_algorithm_from_name@Base 3.2.0 + dnssec_tsig_algorithm_size@Base 3.2.0 + dnssec_tsig_algorithm_to_dname@Base 3.2.0 + dnssec_tsig_algorithm_to_name@Base 3.2.0 + dnssec_tsig_free@Base 3.2.0 + dnssec_tsig_new@Base 3.2.0 + dnssec_tsig_optimal_key_size@Base 3.2.0 + dnssec_tsig_size@Base 3.2.0 + dnssec_tsig_write@Base 3.2.0 diff --git a/debian/libknot-dev.install b/debian/libknot-dev.install new file mode 100644 index 0000000..54f2635 --- /dev/null +++ b/debian/libknot-dev.install @@ -0,0 +1,4 @@ +usr/include/ +usr/lib/*/*.a +usr/lib/*/*.so +usr/lib/*/pkgconfig/* diff --git a/debian/libknot13.install b/debian/libknot13.install new file mode 100644 index 0000000..f9b9f93 --- /dev/null +++ b/debian/libknot13.install @@ -0,0 +1 @@ +usr/lib/*/libknot.so.* diff --git a/debian/libknot13.symbols b/debian/libknot13.symbols new file mode 100644 index 0000000..d4b2b45 --- /dev/null +++ b/debian/libknot13.symbols @@ -0,0 +1,265 @@ +libknot.so.13 libknot13 #MINVER# +* Build-Depends-Package: libknot-dev + KNOT_DB_LMDB_DUPSORT@Base 3.2.0 + KNOT_DB_LMDB_INTEGERKEY@Base 3.2.0 + KNOT_DB_LMDB_MAPASYNC@Base 3.2.0 + KNOT_DB_LMDB_NOSYNC@Base 3.2.0 + KNOT_DB_LMDB_NOTLS@Base 3.2.0 + KNOT_DB_LMDB_RDONLY@Base 3.2.0 + KNOT_DB_LMDB_WRITEMAP@Base 3.2.0 + KNOT_DUMP_STYLE_DEFAULT@Base 3.2.0 + knot_ctl_accept@Base 3.2.0 + knot_ctl_alloc@Base 3.2.0 + knot_ctl_bind@Base 3.2.0 + knot_ctl_close@Base 3.2.0 + knot_ctl_connect@Base 3.2.0 + knot_ctl_free@Base 3.2.0 + knot_ctl_receive@Base 3.2.0 + knot_ctl_send@Base 3.2.0 + knot_ctl_set_timeout@Base 3.2.0 + knot_ctl_unbind@Base 3.2.0 + knot_db_lmdb_api@Base 3.2.0 + knot_db_lmdb_del_exact@Base 3.2.0 + knot_db_lmdb_get_mapsize@Base 3.2.0 + knot_db_lmdb_get_path@Base 3.2.0 + knot_db_lmdb_get_usage@Base 3.2.0 + knot_db_lmdb_iter_del@Base 3.2.0 + knot_db_lmdb_txn_begin@Base 3.2.0 + knot_db_trie_api@Base 3.2.0 + knot_dname_cmp@Base 3.2.0 + knot_dname_copy@Base 3.2.0 + knot_dname_copy_lower@Base 3.2.0 + knot_dname_free@Base 3.2.0 + knot_dname_from_str@Base 3.2.0 + knot_dname_in_bailiwick@Base 3.2.0 + knot_dname_is_case_equal@Base 3.2.0 + knot_dname_is_equal@Base 3.2.0 + knot_dname_labels@Base 3.2.0 + knot_dname_lf@Base 3.2.0 + knot_dname_matched_labels@Base 3.2.0 + knot_dname_prefixlen@Base 3.2.0 + knot_dname_realsize@Base 3.2.0 + knot_dname_replace_suffix@Base 3.2.0 + knot_dname_size@Base 3.2.0 + knot_dname_store@Base 3.2.0 + knot_dname_to_lower@Base 3.2.0 + knot_dname_to_str@Base 3.2.0 + knot_dname_to_wire@Base 3.2.0 + knot_dname_unpack@Base 3.2.0 + knot_dname_wire_check@Base 3.2.0 + knot_dnssec_alg_names@Base 3.2.0 + knot_edns_add_option@Base 3.2.0 + knot_edns_alignment_size@Base 3.2.0 + knot_edns_chain_parse@Base 3.2.0 + knot_edns_chain_size@Base 3.2.0 + knot_edns_chain_write@Base 3.2.0 + knot_edns_client_subnet_get_addr@Base 3.2.0 + knot_edns_client_subnet_parse@Base 3.2.0 + knot_edns_client_subnet_set_addr@Base 3.2.0 + knot_edns_client_subnet_size@Base 3.2.0 + knot_edns_client_subnet_write@Base 3.2.0 + knot_edns_cookie_client_check@Base 3.2.0 + knot_edns_cookie_client_generate@Base 3.2.0 + knot_edns_cookie_parse@Base 3.2.0 + knot_edns_cookie_server_check@Base 3.2.0 + knot_edns_cookie_server_generate@Base 3.2.0 + knot_edns_cookie_size@Base 3.2.0 + knot_edns_cookie_write@Base 3.2.0 + knot_edns_ede_names@Base 3.2.0 + knot_edns_get_ext_rcode@Base 3.2.0 + knot_edns_get_option@Base 3.2.0 + knot_edns_get_options@Base 3.2.0 + knot_edns_get_version@Base 3.2.0 + knot_edns_init@Base 3.2.0 + knot_edns_keepalive_parse@Base 3.2.0 + knot_edns_keepalive_size@Base 3.2.0 + knot_edns_keepalive_write@Base 3.2.0 + knot_edns_reserve_option@Base 3.2.0 + knot_edns_set_ext_rcode@Base 3.2.0 + knot_edns_set_version@Base 3.2.0 + knot_error_from_libdnssec@Base 3.2.0 + knot_eth_mtu@Base 3.2.0 + knot_eth_name_from_addr@Base 3.2.0 + knot_eth_queues@Base 3.2.0 + knot_eth_rss@Base 3.2.0 + knot_eth_vlans@Base 3.2.2 + knot_eth_xdp_mode@Base 3.2.0 + knot_get_obsolete_rdata_descriptor@Base 3.2.0 + knot_get_rdata_descriptor@Base 3.2.0 + knot_naptr_header_size@Base 3.2.0 + knot_opcode_names@Base 3.2.0 + knot_opt_code_to_string@Base 3.2.0 + knot_pkt_begin@Base 3.2.0 + knot_pkt_clear@Base 3.2.0 + knot_pkt_copy@Base 3.2.0 + knot_pkt_ext_rcode@Base 3.2.0 + knot_pkt_ext_rcode_name@Base 3.2.0 + knot_pkt_free@Base 3.2.0 + knot_pkt_init_response@Base 3.2.0 + knot_pkt_new@Base 3.2.0 + knot_pkt_parse@Base 3.2.0 + knot_pkt_parse_question@Base 3.2.0 + knot_pkt_put_question@Base 3.2.0 + knot_pkt_put_rotate@Base 3.2.0 + knot_pkt_reclaim@Base 3.2.0 + knot_pkt_reserve@Base 3.2.0 + knot_probe_alloc@Base 3.2.0 + knot_probe_consume@Base 3.2.0 + knot_probe_data_set@Base 3.2.0 + knot_probe_fd@Base 3.2.0 + knot_probe_free@Base 3.2.0 + knot_probe_produce@Base 3.2.0 + knot_probe_set_consumer@Base 3.2.0 + knot_probe_set_producer@Base 3.2.0 + knot_probe_tcp_rtt@Base 3.2.0 + knot_rcode_names@Base 3.2.0 + knot_rdataset_add@Base 3.2.0 + knot_rdataset_at@Base 3.2.0 + knot_rdataset_clear@Base 3.2.0 + knot_rdataset_copy@Base 3.2.0 + knot_rdataset_eq@Base 3.2.0 + knot_rdataset_intersect@Base 3.2.0 + knot_rdataset_intersect2@Base 3.2.0 + knot_rdataset_member@Base 3.2.0 + knot_rdataset_merge@Base 3.2.0 + knot_rdataset_subset@Base 3.2.0 + knot_rdataset_subtract@Base 3.2.0 + knot_rrclass_from_string@Base 3.2.0 + knot_rrclass_to_string@Base 3.2.0 + knot_rrset_add_rdata@Base 3.2.0 + knot_rrset_clear@Base 3.2.0 + knot_rrset_copy@Base 3.2.0 + knot_rrset_equal@Base 3.2.0 + knot_rrset_free@Base 3.2.0 + knot_rrset_is_nsec3rel@Base 3.2.0 + knot_rrset_new@Base 3.2.0 + knot_rrset_rr_from_wire@Base 3.2.0 + knot_rrset_rr_to_canonical@Base 3.2.0 + knot_rrset_size@Base 3.2.0 + knot_rrset_to_wire_extra@Base 3.2.0 + knot_rrset_txt_dump@Base 3.2.0 + knot_rrset_txt_dump_data@Base 3.2.0 + knot_rrset_txt_dump_header@Base 3.2.0 + knot_rrtype_additional_needed@Base 3.2.0 + knot_rrtype_from_string@Base 3.2.0 + knot_rrtype_is_dnssec@Base 3.2.0 + knot_rrtype_is_metatype@Base 3.2.0 + knot_rrtype_should_be_lowercased@Base 3.2.0 + knot_rrtype_to_string@Base 3.2.0 + knot_strerror@Base 3.2.0 + knot_svcb_param_names@Base 3.2.0 + knot_tcp_cleanup@Base 3.2.0 + knot_tcp_inbuf_update@Base 3.2.0 + knot_tcp_outbufs_ack@Base 3.2.0 + knot_tcp_outbufs_add@Base 3.2.0 + knot_tcp_outbufs_can_send@Base 3.2.0 + knot_tcp_outbufs_usage@Base 3.2.0 + knot_tcp_recv@Base 3.2.0 + knot_tcp_reply_data@Base 3.2.0 + knot_tcp_send@Base 3.2.0 + knot_tcp_sweep@Base 3.2.0 + knot_tcp_table_free@Base 3.2.0 + knot_tcp_table_new@Base 3.2.0 + knot_tsig_add@Base 3.2.0 + knot_tsig_append@Base 3.2.0 + knot_tsig_client_check@Base 3.2.0 + knot_tsig_client_check_next@Base 3.2.0 + knot_tsig_create_rdata@Base 3.2.0 + knot_tsig_key_copy@Base 3.2.0 + knot_tsig_key_deinit@Base 3.2.0 + knot_tsig_key_init@Base 3.2.0 + knot_tsig_key_init_file@Base 3.2.0 + knot_tsig_key_init_str@Base 3.2.0 + knot_tsig_rcode_names@Base 3.2.0 + knot_tsig_rdata_alg@Base 3.2.0 + knot_tsig_rdata_alg_name@Base 3.2.0 + knot_tsig_rdata_error@Base 3.2.0 + knot_tsig_rdata_fudge@Base 3.2.0 + knot_tsig_rdata_is_ok@Base 3.2.0 + knot_tsig_rdata_mac@Base 3.2.0 + knot_tsig_rdata_mac_length@Base 3.2.0 + knot_tsig_rdata_orig_id@Base 3.2.0 + knot_tsig_rdata_other_data@Base 3.2.0 + knot_tsig_rdata_other_data_length@Base 3.2.0 + knot_tsig_rdata_set_fudge@Base 3.2.0 + knot_tsig_rdata_set_mac@Base 3.2.0 + knot_tsig_rdata_set_orig_id@Base 3.2.0 + knot_tsig_rdata_set_other_data@Base 3.2.0 + knot_tsig_rdata_set_time_signed@Base 3.2.0 + knot_tsig_rdata_time_signed@Base 3.2.0 + knot_tsig_rdata_tsig_timers_length@Base 3.2.0 + knot_tsig_rdata_tsig_variables_length@Base 3.2.0 + knot_tsig_server_check@Base 3.2.0 + knot_tsig_sign@Base 3.2.0 + knot_tsig_sign_next@Base 3.2.0 + knot_tsig_wire_maxsize@Base 3.2.0 + knot_tsig_wire_size@Base 3.2.0 + knot_xdp_deinit@Base 3.2.0 + knot_xdp_info@Base 3.2.0 + knot_xdp_init@Base 3.2.0 + knot_xdp_recv@Base 3.2.0 + knot_xdp_recv_finish@Base 3.2.0 + knot_xdp_reply_alloc@Base 3.2.0 + knot_xdp_send@Base 3.2.0 + knot_xdp_send_alloc@Base 3.2.0 + knot_xdp_send_finish@Base 3.2.0 + knot_xdp_send_free@Base 3.2.0 + knot_xdp_send_prepare@Base 3.2.0 + knot_xdp_socket_fd@Base 3.2.0 + knot_xquic_cleanup@Base 3.2.1 + knot_xquic_client@Base 3.2.0 + knot_xquic_conn_get_stream@Base 3.2.0 + knot_xquic_conn_rtt@Base 3.2.0 + knot_xquic_free_creds@Base 3.2.0 + knot_xquic_handle@Base 3.2.0 + knot_xquic_init_creds@Base 3.2.0 + knot_xquic_send@Base 3.2.0 + knot_xquic_session_load@Base 3.2.0 + knot_xquic_session_save@Base 3.2.0 + knot_xquic_stream_add_data@Base 3.2.0 + knot_xquic_stream_get_process@Base 3.2.0 + knot_xquic_table_free@Base 3.2.0 + knot_xquic_table_new@Base 3.2.0 + knot_xquic_table_rem@Base 3.2.0 + knot_xquic_table_sweep@Base 3.2.0 + yp_addr@Base 3.2.0 + yp_addr_noport@Base 3.2.0 + yp_addr_noport_to_bin@Base 3.2.0 + yp_addr_noport_to_txt@Base 3.2.0 + yp_addr_range_to_bin@Base 3.2.0 + yp_addr_range_to_txt@Base 3.2.0 + yp_addr_to_bin@Base 3.2.0 + yp_addr_to_txt@Base 3.2.0 + yp_base64_to_bin@Base 3.2.0 + yp_base64_to_txt@Base 3.2.0 + yp_bool_to_bin@Base 3.2.0 + yp_bool_to_txt@Base 3.2.0 + yp_deinit@Base 3.2.0 + yp_dname_to_bin@Base 3.2.0 + yp_dname_to_txt@Base 3.2.0 + yp_format_id@Base 3.2.0 + yp_format_key0@Base 3.2.0 + yp_format_key1@Base 3.2.0 + yp_hex_to_bin@Base 3.2.0 + yp_hex_to_txt@Base 3.2.0 + yp_init@Base 3.2.0 + yp_int_to_bin@Base 3.2.0 + yp_int_to_txt@Base 3.2.0 + yp_item_to_bin@Base 3.2.0 + yp_item_to_txt@Base 3.2.0 + yp_option_to_bin@Base 3.2.0 + yp_option_to_txt@Base 3.2.0 + yp_parse@Base 3.2.0 + yp_schema_check_deinit@Base 3.2.0 + yp_schema_check_init@Base 3.2.0 + yp_schema_check_parser@Base 3.2.0 + yp_schema_check_str@Base 3.2.0 + yp_schema_copy@Base 3.2.0 + yp_schema_find@Base 3.2.0 + yp_schema_free@Base 3.2.0 + yp_schema_merge@Base 3.2.0 + yp_schema_purge_dynamic@Base 3.2.0 + yp_set_input_file@Base 3.2.0 + yp_set_input_string@Base 3.2.0 + yp_str_to_bin@Base 3.2.0 + yp_str_to_txt@Base 3.2.0 diff --git a/debian/libknot13.symbols.alpha b/debian/libknot13.symbols.alpha new file mode 120000 index 0000000..a709262 --- /dev/null +++ b/debian/libknot13.symbols.alpha @@ -0,0 +1 @@ +libknot13.symbols.hurd-i386
\ No newline at end of file diff --git a/debian/libknot13.symbols.arc b/debian/libknot13.symbols.arc new file mode 120000 index 0000000..a709262 --- /dev/null +++ b/debian/libknot13.symbols.arc @@ -0,0 +1 @@ +libknot13.symbols.hurd-i386
\ No newline at end of file diff --git a/debian/libknot13.symbols.hppa b/debian/libknot13.symbols.hppa new file mode 120000 index 0000000..a709262 --- /dev/null +++ b/debian/libknot13.symbols.hppa @@ -0,0 +1 @@ +libknot13.symbols.hurd-i386
\ No newline at end of file diff --git a/debian/libknot13.symbols.hurd-i386 b/debian/libknot13.symbols.hurd-i386 new file mode 100644 index 0000000..45117e0 --- /dev/null +++ b/debian/libknot13.symbols.hurd-i386 @@ -0,0 +1,224 @@ +libknot.so.13 libknot13 #MINVER# +* Build-Depends-Package: libknot-dev + KNOT_DB_LMDB_DUPSORT@Base 3.2.0 + KNOT_DB_LMDB_INTEGERKEY@Base 3.2.0 + KNOT_DB_LMDB_MAPASYNC@Base 3.2.0 + KNOT_DB_LMDB_NOSYNC@Base 3.2.0 + KNOT_DB_LMDB_NOTLS@Base 3.2.0 + KNOT_DB_LMDB_RDONLY@Base 3.2.0 + KNOT_DB_LMDB_WRITEMAP@Base 3.2.0 + KNOT_DUMP_STYLE_DEFAULT@Base 3.2.0 + knot_ctl_accept@Base 3.2.0 + knot_ctl_alloc@Base 3.2.0 + knot_ctl_bind@Base 3.2.0 + knot_ctl_close@Base 3.2.0 + knot_ctl_connect@Base 3.2.0 + knot_ctl_free@Base 3.2.0 + knot_ctl_receive@Base 3.2.0 + knot_ctl_send@Base 3.2.0 + knot_ctl_set_timeout@Base 3.2.0 + knot_ctl_unbind@Base 3.2.0 + knot_db_lmdb_api@Base 3.2.0 + knot_db_lmdb_del_exact@Base 3.2.0 + knot_db_lmdb_get_mapsize@Base 3.2.0 + knot_db_lmdb_get_path@Base 3.2.0 + knot_db_lmdb_get_usage@Base 3.2.0 + knot_db_lmdb_iter_del@Base 3.2.0 + knot_db_lmdb_txn_begin@Base 3.2.0 + knot_db_trie_api@Base 3.2.0 + knot_dname_cmp@Base 3.2.0 + knot_dname_copy@Base 3.2.0 + knot_dname_copy_lower@Base 3.2.0 + knot_dname_free@Base 3.2.0 + knot_dname_from_str@Base 3.2.0 + knot_dname_in_bailiwick@Base 3.2.0 + knot_dname_is_case_equal@Base 3.2.0 + knot_dname_is_equal@Base 3.2.0 + knot_dname_labels@Base 3.2.0 + knot_dname_lf@Base 3.2.0 + knot_dname_matched_labels@Base 3.2.0 + knot_dname_prefixlen@Base 3.2.0 + knot_dname_realsize@Base 3.2.0 + knot_dname_replace_suffix@Base 3.2.0 + knot_dname_size@Base 3.2.0 + knot_dname_store@Base 3.2.0 + knot_dname_to_lower@Base 3.2.0 + knot_dname_to_str@Base 3.2.0 + knot_dname_to_wire@Base 3.2.0 + knot_dname_unpack@Base 3.2.0 + knot_dname_wire_check@Base 3.2.0 + knot_dnssec_alg_names@Base 3.2.0 + knot_edns_add_option@Base 3.2.0 + knot_edns_alignment_size@Base 3.2.0 + knot_edns_chain_parse@Base 3.2.0 + knot_edns_chain_size@Base 3.2.0 + knot_edns_chain_write@Base 3.2.0 + knot_edns_client_subnet_get_addr@Base 3.2.0 + knot_edns_client_subnet_parse@Base 3.2.0 + knot_edns_client_subnet_set_addr@Base 3.2.0 + knot_edns_client_subnet_size@Base 3.2.0 + knot_edns_client_subnet_write@Base 3.2.0 + knot_edns_cookie_client_check@Base 3.2.0 + knot_edns_cookie_client_generate@Base 3.2.0 + knot_edns_cookie_parse@Base 3.2.0 + knot_edns_cookie_server_check@Base 3.2.0 + knot_edns_cookie_server_generate@Base 3.2.0 + knot_edns_cookie_size@Base 3.2.0 + knot_edns_cookie_write@Base 3.2.0 + knot_edns_ede_names@Base 3.2.0 + knot_edns_get_ext_rcode@Base 3.2.0 + knot_edns_get_option@Base 3.2.0 + knot_edns_get_options@Base 3.2.0 + knot_edns_get_version@Base 3.2.0 + knot_edns_init@Base 3.2.0 + knot_edns_keepalive_parse@Base 3.2.0 + knot_edns_keepalive_size@Base 3.2.0 + knot_edns_keepalive_write@Base 3.2.0 + knot_edns_reserve_option@Base 3.2.0 + knot_edns_set_ext_rcode@Base 3.2.0 + knot_edns_set_version@Base 3.2.0 + knot_error_from_libdnssec@Base 3.2.0 + knot_get_obsolete_rdata_descriptor@Base 3.2.0 + knot_get_rdata_descriptor@Base 3.2.0 + knot_naptr_header_size@Base 3.2.0 + knot_opcode_names@Base 3.2.0 + knot_opt_code_to_string@Base 3.2.0 + knot_pkt_begin@Base 3.2.0 + knot_pkt_clear@Base 3.2.0 + knot_pkt_copy@Base 3.2.0 + knot_pkt_ext_rcode@Base 3.2.0 + knot_pkt_ext_rcode_name@Base 3.2.0 + knot_pkt_free@Base 3.2.0 + knot_pkt_init_response@Base 3.2.0 + knot_pkt_new@Base 3.2.0 + knot_pkt_parse@Base 3.2.0 + knot_pkt_parse_question@Base 3.2.0 + knot_pkt_put_question@Base 3.2.0 + knot_pkt_put_rotate@Base 3.2.0 + knot_pkt_reclaim@Base 3.2.0 + knot_pkt_reserve@Base 3.2.0 + knot_probe_alloc@Base 3.2.0 + knot_probe_consume@Base 3.2.0 + knot_probe_data_set@Base 3.2.0 + knot_probe_fd@Base 3.2.0 + knot_probe_free@Base 3.2.0 + knot_probe_produce@Base 3.2.0 + knot_probe_set_consumer@Base 3.2.0 + knot_probe_set_producer@Base 3.2.0 + knot_probe_tcp_rtt@Base 3.2.0 + knot_rcode_names@Base 3.2.0 + knot_rdataset_add@Base 3.2.0 + knot_rdataset_at@Base 3.2.0 + knot_rdataset_clear@Base 3.2.0 + knot_rdataset_copy@Base 3.2.0 + knot_rdataset_eq@Base 3.2.0 + knot_rdataset_intersect@Base 3.2.0 + knot_rdataset_intersect2@Base 3.2.0 + knot_rdataset_member@Base 3.2.0 + knot_rdataset_merge@Base 3.2.0 + knot_rdataset_subset@Base 3.2.0 + knot_rdataset_subtract@Base 3.2.0 + knot_rrclass_from_string@Base 3.2.0 + knot_rrclass_to_string@Base 3.2.0 + knot_rrset_add_rdata@Base 3.2.0 + knot_rrset_clear@Base 3.2.0 + knot_rrset_copy@Base 3.2.0 + knot_rrset_equal@Base 3.2.0 + knot_rrset_free@Base 3.2.0 + knot_rrset_is_nsec3rel@Base 3.2.0 + knot_rrset_new@Base 3.2.0 + knot_rrset_rr_from_wire@Base 3.2.0 + knot_rrset_rr_to_canonical@Base 3.2.0 + knot_rrset_size@Base 3.2.0 + knot_rrset_to_wire_extra@Base 3.2.0 + knot_rrset_txt_dump@Base 3.2.0 + knot_rrset_txt_dump_data@Base 3.2.0 + knot_rrset_txt_dump_header@Base 3.2.0 + knot_rrtype_additional_needed@Base 3.2.0 + knot_rrtype_from_string@Base 3.2.0 + knot_rrtype_is_dnssec@Base 3.2.0 + knot_rrtype_is_metatype@Base 3.2.0 + knot_rrtype_should_be_lowercased@Base 3.2.0 + knot_rrtype_to_string@Base 3.2.0 + knot_strerror@Base 3.2.0 + knot_svcb_param_names@Base 3.2.0 + knot_tcp_inbuf_update@Base 3.2.0 + knot_tcp_outbufs_ack@Base 3.2.0 + knot_tcp_outbufs_add@Base 3.2.0 + knot_tcp_outbufs_can_send@Base 3.2.0 + knot_tcp_outbufs_usage@Base 3.2.0 + knot_tsig_add@Base 3.2.0 + knot_tsig_append@Base 3.2.0 + knot_tsig_client_check@Base 3.2.0 + knot_tsig_client_check_next@Base 3.2.0 + knot_tsig_create_rdata@Base 3.2.0 + knot_tsig_key_copy@Base 3.2.0 + knot_tsig_key_deinit@Base 3.2.0 + knot_tsig_key_init@Base 3.2.0 + knot_tsig_key_init_file@Base 3.2.0 + knot_tsig_key_init_str@Base 3.2.0 + knot_tsig_rcode_names@Base 3.2.0 + knot_tsig_rdata_alg@Base 3.2.0 + knot_tsig_rdata_alg_name@Base 3.2.0 + knot_tsig_rdata_error@Base 3.2.0 + knot_tsig_rdata_fudge@Base 3.2.0 + knot_tsig_rdata_is_ok@Base 3.2.0 + knot_tsig_rdata_mac@Base 3.2.0 + knot_tsig_rdata_mac_length@Base 3.2.0 + knot_tsig_rdata_orig_id@Base 3.2.0 + knot_tsig_rdata_other_data@Base 3.2.0 + knot_tsig_rdata_other_data_length@Base 3.2.0 + knot_tsig_rdata_set_fudge@Base 3.2.0 + knot_tsig_rdata_set_mac@Base 3.2.0 + knot_tsig_rdata_set_orig_id@Base 3.2.0 + knot_tsig_rdata_set_other_data@Base 3.2.0 + knot_tsig_rdata_set_time_signed@Base 3.2.0 + knot_tsig_rdata_time_signed@Base 3.2.0 + knot_tsig_rdata_tsig_timers_length@Base 3.2.0 + knot_tsig_rdata_tsig_variables_length@Base 3.2.0 + knot_tsig_server_check@Base 3.2.0 + knot_tsig_sign@Base 3.2.0 + knot_tsig_sign_next@Base 3.2.0 + knot_tsig_wire_maxsize@Base 3.2.0 + knot_tsig_wire_size@Base 3.2.0 + yp_addr@Base 3.2.0 + yp_addr_noport@Base 3.2.0 + yp_addr_noport_to_bin@Base 3.2.0 + yp_addr_noport_to_txt@Base 3.2.0 + yp_addr_range_to_bin@Base 3.2.0 + yp_addr_range_to_txt@Base 3.2.0 + yp_addr_to_bin@Base 3.2.0 + yp_addr_to_txt@Base 3.2.0 + yp_base64_to_bin@Base 3.2.0 + yp_base64_to_txt@Base 3.2.0 + yp_bool_to_bin@Base 3.2.0 + yp_bool_to_txt@Base 3.2.0 + yp_deinit@Base 3.2.0 + yp_dname_to_bin@Base 3.2.0 + yp_dname_to_txt@Base 3.2.0 + yp_format_id@Base 3.2.0 + yp_format_key0@Base 3.2.0 + yp_format_key1@Base 3.2.0 + yp_hex_to_bin@Base 3.2.0 + yp_hex_to_txt@Base 3.2.0 + yp_init@Base 3.2.0 + yp_int_to_bin@Base 3.2.0 + yp_int_to_txt@Base 3.2.0 + yp_item_to_bin@Base 3.2.0 + yp_item_to_txt@Base 3.2.0 + yp_option_to_bin@Base 3.2.0 + yp_option_to_txt@Base 3.2.0 + yp_parse@Base 3.2.0 + yp_schema_check_deinit@Base 3.2.0 + yp_schema_check_init@Base 3.2.0 + yp_schema_check_parser@Base 3.2.0 + yp_schema_check_str@Base 3.2.0 + yp_schema_copy@Base 3.2.0 + yp_schema_find@Base 3.2.0 + yp_schema_free@Base 3.2.0 + yp_schema_merge@Base 3.2.0 + yp_schema_purge_dynamic@Base 3.2.0 + yp_set_input_file@Base 3.2.0 + yp_set_input_string@Base 3.2.0 + yp_str_to_bin@Base 3.2.0 + yp_str_to_txt@Base 3.2.0 diff --git a/debian/libknot13.symbols.ia64 b/debian/libknot13.symbols.ia64 new file mode 120000 index 0000000..a709262 --- /dev/null +++ b/debian/libknot13.symbols.ia64 @@ -0,0 +1 @@ +libknot13.symbols.hurd-i386
\ No newline at end of file diff --git a/debian/libknot13.symbols.kfreebsd-amd64 b/debian/libknot13.symbols.kfreebsd-amd64 new file mode 120000 index 0000000..a709262 --- /dev/null +++ b/debian/libknot13.symbols.kfreebsd-amd64 @@ -0,0 +1 @@ +libknot13.symbols.hurd-i386
\ No newline at end of file diff --git a/debian/libknot13.symbols.kfreebsd-i386 b/debian/libknot13.symbols.kfreebsd-i386 new file mode 120000 index 0000000..a709262 --- /dev/null +++ b/debian/libknot13.symbols.kfreebsd-i386 @@ -0,0 +1 @@ +libknot13.symbols.hurd-i386
\ No newline at end of file diff --git a/debian/libknot13.symbols.m68k b/debian/libknot13.symbols.m68k new file mode 120000 index 0000000..a709262 --- /dev/null +++ b/debian/libknot13.symbols.m68k @@ -0,0 +1 @@ +libknot13.symbols.hurd-i386
\ No newline at end of file diff --git a/debian/libknot13.symbols.powerpc b/debian/libknot13.symbols.powerpc new file mode 120000 index 0000000..a709262 --- /dev/null +++ b/debian/libknot13.symbols.powerpc @@ -0,0 +1 @@ +libknot13.symbols.hurd-i386
\ No newline at end of file diff --git a/debian/libknot13.symbols.sh4 b/debian/libknot13.symbols.sh4 new file mode 120000 index 0000000..a709262 --- /dev/null +++ b/debian/libknot13.symbols.sh4 @@ -0,0 +1 @@ +libknot13.symbols.hurd-i386
\ No newline at end of file diff --git a/debian/libknot13.symbols.sparc64 b/debian/libknot13.symbols.sparc64 new file mode 120000 index 0000000..a709262 --- /dev/null +++ b/debian/libknot13.symbols.sparc64 @@ -0,0 +1 @@ +libknot13.symbols.hurd-i386
\ No newline at end of file diff --git a/debian/libknot13.symbols.x32 b/debian/libknot13.symbols.x32 new file mode 120000 index 0000000..a709262 --- /dev/null +++ b/debian/libknot13.symbols.x32 @@ -0,0 +1 @@ +libknot13.symbols.hurd-i386
\ No newline at end of file diff --git a/debian/libzscanner4.install b/debian/libzscanner4.install new file mode 100644 index 0000000..a8dc226 --- /dev/null +++ b/debian/libzscanner4.install @@ -0,0 +1 @@ +usr/lib/*/libzscanner.so.* diff --git a/debian/libzscanner4.symbols b/debian/libzscanner4.symbols new file mode 100644 index 0000000..d918fb0 --- /dev/null +++ b/debian/libzscanner4.symbols @@ -0,0 +1,12 @@ +libzscanner.so.4 libzscanner4 #MINVER# +* Build-Depends-Package: libknot-dev + zs_deinit@Base 3.1.1 + zs_errorname@Base 3.1.1 + zs_init@Base 3.1.1 + zs_parse_all@Base 3.1.1 + zs_parse_record@Base 3.1.1 + zs_set_input_file@Base 3.1.1 + zs_set_input_string@Base 3.1.1 + zs_set_processing@Base 3.1.1 + zs_set_processing_comment@Base 3.1.1 + zs_strerror@Base 3.1.1 diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 0000000..c928be1 --- /dev/null +++ b/debian/not-installed @@ -0,0 +1 @@ +etc/knot/example.com.zone diff --git a/debian/prepare-environment b/debian/prepare-environment new file mode 100755 index 0000000..7176f5e --- /dev/null +++ b/debian/prepare-environment @@ -0,0 +1,38 @@ +#!/bin/sh + +set -eu + +CONFFILE=${1:-/etc/knot/knot.conf} + +if [ ! -r $CONFFILE ]; then + echo "$CONFFILE doesn't exist or has wrong permissions." + exit 1; +fi + +KNOT_RUNDIR=$(sed -ne "s/#.*$//;s/.*rundir: \"*\([^\";]*\\).*/\\1/p;" $CONFFILE) +[ -z "$KNOT_RUNDIR" ] && KNOT_RUNDIR=/run/knot + +mkdir --parents "$KNOT_RUNDIR"; + +KNOT_USER=$(sed -ne "s/#.*$//;s/.*user:[ \"]*\\([^\\:\"]*\\)[ \"]*/\\1/p;" $CONFFILE) + +if [ -n "$KNOT_USER" ]; then + if ! getent passwd $KNOT_USER >/dev/null; then + echo "Configured user '$KNOT_USER' doesn't exist." + exit 1 + fi + + KNOT_GROUP=$(sed -ne "s/#.*$//;s/.*user:[ \"]*[^\\:\"]*\\:\\([^\"]*\\)[ \"]*/\\1/p;" $CONFFILE) + if [ -z "$KNOT_GROUP" ]; then + KNOT_GROUP=$(getent group $(getent passwd "$KNOT_USER" | cut -f 4 -d :) | cut -f 1 -d :) + fi + + if ! getent group $KNOT_GROUP >/dev/null; then + echo "Configured group '$KNOT_GROUP' doesn't exist." + exit 1 + fi + chown --silent "$KNOT_USER:$KNOT_GROUP" "$KNOT_RUNDIR" + chmod 775 "$KNOT_RUNDIR" +fi + +: diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..c1eed95 --- /dev/null +++ b/debian/rules @@ -0,0 +1,111 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export DEB_CFLAGS_MAINT_APPEND = -Wall -DNDEBUG + +export DPKG_GENSYMBOLS_CHECK_LEVEL := 4 +export KNOT_SOFTHSM2_DSO = /usr/lib/softhsm/libsofthsm2.so +export KNOT_VERSION_FORMAT = release + +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),riscv64)) + export DEB_LDFLAGS_MAINT_APPEND += -latomic +endif + +include /usr/share/dpkg/default.mk + +ifeq (maint,$(filter $(DEB_BUILD_OPTIONS),maint)) + FASTPARSER := --disable-fastparser +else + FASTPARSER := --enable-fastparser +endif + +# To make it build on sh4. +# See https://buildd.debian.org/status/fetch.php?pkg=knot&arch=sh4&ver=3.0.2-2&stamp=1607372581&raw=0 +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),sh4)) + FASTPARSER := --disable-fastparser +else + FASTPARSER := --enable-fastparser +endif + +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),hurd-i386)) + RECVMMSG:=--enable-recvmmsg=no +else + RECVMMSG:=--enable-recvmmsg=yes +endif + +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),amd64 i386)) + RUN_TEST := +else + RUN_TEST := -timeout --kill-after=5s 5m +endif + +# MAJOR.MINOR version part +BASE_VERSION := $(shell echo $(DEB_VERSION) | sed 's/^\([^.]\+\.[^.]\+\).*/\1/') + +PYBUILD = pybuild --dir python --dest-dir debian/python3-libknot + +%: + dh $@ \ + --exclude=.la --exclude=example.com.zone \ + --with python3 + +override_dh_auto_configure: + echo confirming architecture... + echo 'arch:' $(DEB_HOST_ARCH) + echo 'filtered arch:' $(filter $(DEB_HOST_ARCH),mips powerpc riscv64) + echo 'DEB_LDFLAGS_MAINT_APPEND:' $(DEB_LDFLAGS_MAINT_APPEND) + echo done + dh_auto_configure -- \ + --sysconfdir=/etc \ + --localstatedir=/var/lib \ + --libexecdir=/usr/lib/knot \ + --with-rundir=/run/knot \ + --with-moduledir=/usr/lib/$(DEB_HOST_MULTIARCH)/knot/modules-$(BASE_VERSION) \ + --with-storage=/var/lib/knot \ + --enable-systemd=auto \ + --enable-dnstap \ + --with-module-dnstap=shared \ + --with-module-geoip=shared \ + $(RECVMMSG) \ + $(FASTPARSER) \ + --disable-silent-rules \ + --enable-quic + +override_dh_auto_configure-indep: + $(PYBUILD) --configure + +override_dh_auto_build-indep: + dh_auto_build -- info html + $(PYBUILD) --build + +override_dh_auto_install-arch: + dh_auto_install -- install + # rename knot.sample.conf to knot.conf + mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf + # Some workarounds where XDP is unavailable + @if [ -f "$(CURDIR)/debian/tmp/usr/sbin/kxdpgun" ]; then \ + echo "XDP enabled"; \ + else \ + echo "XDP disabled"; \ + touch $(CURDIR)/debian/tmp/usr/share/man/man8/kxdpgun.8; \ + printf '#!/bin/sh\n\necho "kxdpgun not available"\n' > $(CURDIR)/debian/tmp/usr/sbin/kxdpgun; \ + fi + +override_dh_auto_install-indep: + dh_auto_install -- install-info install-html + # rename knot.sample.conf to knot.conf + mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf + $(PYBUILD) --install + +override_dh_auto_test-indep: +override_dh_auto_test-arch: +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + $(RUN_TEST) dh_auto_test + $(MAKE) -C samples knot.sample.conf +endif + +override_dh_missing: + dh_missing --fail-missing + +override_dh_installchangelogs: + dh_installchangelogs NEWS diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml new file mode 100644 index 0000000..33c3a64 --- /dev/null +++ b/debian/salsa-ci.yml @@ -0,0 +1,4 @@ +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/tests/authoritative-server b/debian/tests/authoritative-server new file mode 100755 index 0000000..028dfbf --- /dev/null +++ b/debian/tests/authoritative-server @@ -0,0 +1,150 @@ +#!/bin/bash + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# 2018-11-02 +# License: GPLv3+ + +# error on exit +set -e +# for handling jobspecs: +set -m + +if [ -z "$AUTOPKGTEST_ARTIFACTS" ]; then + d="$(mktemp -d)" + remove="$d" +else + d="$AUTOPKGTEST_ARTIFACTS" +fi +ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}" +port="${PORT:-8123}" +knotc="${KNOTC:-/usr/sbin/knotc}" +knotd="${KNOTD:-/usr/sbin/knotd}" +keymgr="${KEYMGR:-/usr/sbin/keymgr}" +kdig="${KDIG:-$(command -v kdig)}" +kzonecheck="${KZONECHECK:-$(command -v kzonecheck)}" +test_address="${TEST_ADDRESS:-192.0.2.199}" + +declare -a knot_conf="--config=$d/knot.conf" +declare -a knot_args=("$knot_conf" --verbose) + +printf "%s + %s roundtrip tests\n------------\n workdir: %s\n IP addr: %s\n knot args: %s\n" "$knotd" "$kdig" "$d" "$ip" "${knot_args[*]}" + +section() { + printf "\n%s\n" "$1" + sed 's/./-/g' <<<"$1" +} + +cleanup () { + section "cleaning up" + find "$d" -ls + "${knotc}" "${knot_args[@]}" stop + wait %1 + tail -n +1 -v "$d"/*.err + if [ "$remove" ]; then + printf "\ncleaning up working directory %s\n" "$remove" + rm -rf "$remove" + fi +} +trap cleanup EXIT + +section "set up config file and zonefile" + +user=$(id -nu) +group=$(id -ng) +cat > "$d/knot.conf" <<EOF +server: + rundir: "$d" + listen: $ip@$port + user: $user:$group +database: + storage: "$d" +template: + - id: default + storage: "$d" + file: "%s.zone" +zone: + - domain: example.net + dnssec-signing: on +EOF + +cat > "$d/example.net.zone" <<EOF +@ 1D IN SOA a.ns hostmaster 2018103100 3h 15m 1w 1d +@ 1D IN NS a.ns.example.net. +@ 1D IN NS b.ns.example.net. +a.ns 1D IN A 192.0.2.1 +b.ns 1D IN A 192.0.2.2 +test 1D IN A $test_address +EOF + +find "$d" -maxdepth 1 -type f -print0 | xargs -0 tail -n +1 -v + +mkdir -p "${d}" + +section "kzonecheck'ing zonefile" +"${kzonecheck}" -v "$d/example.net.zone" + +section "launching knot" +"${knotd}" "${knot_args[@]}" 2> "$d/knotd.err" & + +# FIXME: this is an annoying poll -- would be better if we could be +# alerted when the daemon is done setting up the socket, but i don't +# want to "--daemonize" if i can avoid it because i want the shell to +# remain in direct supervision of all its processes +tried=0 +while [ $tried -lt 10 ] ; do + if "${knotc}" "${knot_args[@]}" status 2>&1; then + break; + fi + sleep 0.5 + tried=$(( $tried + 1 )) +done +if [ $tried -ge 10 ]; then + printf "failed to use %s\n" "${knotc}" >&2 + exit 1 +fi + +section "querying knot" +"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net +answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" +if ! [ "$answer" = "$test_address" ]; then + printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 + exit 1 +fi +answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" +if ! [ "$answer2" = "" ]; then + printf "test2.example.net gave unexpected answer!\n got: %s\n" "$answer2" >&2 + exit 1 +fi + +section "modifying zone" +printf "test2 1D IN A $test_address\n" >>"$d/example.net.zone" +sed -i 's/^@ 1D IN SOA.*/@ 1D IN SOA a.ns hostmaster 2018110100 3h 15m 1w 1d/' "$d/example.net.zone" +"${knotc}" "${knot_args[@]}" reload +sleep 1 + +section "querying again" +"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net +answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" +if ! [ "$answer" = "$test_address" ]; then + printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 + exit 1 +fi +answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" +if ! [ "$answer2" = "$test_address" ]; then + printf "test2.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer2" >&2 + exit 1 +fi + +section "querying DNSSEC" +"${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec +if ! "${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec 2>&1 | grep -q "RRSIG[[:space:]]*DNSKEY"; then + printf "DNSSEC query not successful" >&2 + exit 1 +fi + +section "listing keys with keymgr" +"${keymgr}" "$knot_conf" -e example.net. list +if ! "${keymgr}" "$knot_conf" -e example.net. list 2>&1 | grep -q "ksk=yes"; then + printf "keymgr did not list KSK as expected" >&2 + exit 1 +fi diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..e8b3dcb --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,13 @@ +Tests: kdig +Restrictions: skippable +Depends: + ca-certificates, + iputils-ping, + knot-dnsutils, + +Tests: authoritative-server +Depends: + findutils, + knot, + knot-dnsutils, + knot-dnssecutils, diff --git a/debian/tests/kdig b/debian/tests/kdig new file mode 100755 index 0000000..f1dbe5a --- /dev/null +++ b/debian/tests/kdig @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e + +# Skip the test if no internet access +ping -c1 1.1.1.1 2>&1 || exit 77 + +expected=198.41.0.4 +answer=$(kdig +short +tls-ca @1.1.1.1 -q a.root-servers.net. -t A 2>&1 || true) + +if [ "$answer" != "$expected" ]; then + printf "expected: %s\ngot: %s\n" "$expected" "$answer" >&2 + kdig -d +tls-ca @1.1.1.1 -q a.root-servers.net. -t A +fi diff --git a/debian/ufw/knot b/debian/ufw/knot new file mode 100644 index 0000000..ee36916 --- /dev/null +++ b/debian/ufw/knot @@ -0,0 +1,4 @@ +[Knot] +title=Internet Domain Name Server +description=The Knot DNS implements an Internet domain name server. +ports=53 diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..7935cee --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFljlBcBEACuCSBlN1vTS9eEDqowZcLAAF8NytcTlRjXTLWMQtjU+fXkz9Vz +10n9TIFj9Kcec0p0+8F+SowybecwhmYoUzhKI7S9M1ziUmaIhFs2KvZ1GzigE/W5 +L448P/7pugh875e1tIrkrbbcIp6+SxaLbgvXlFl630ILZl/gbYOa/Wk21sLu4RjQ +Y39oHb0WTiwPnKhdMdwlnxm6HeWkHzlvI9N8tlDc6oVnUfqVI8gUyExLnEYjDpZf +orTVgHRq6RNyfTRZkh8zRsXSTnJlk/bVEDW5i/VgIQugzkgpuTGWlCstryi/MRhe +NxU1YEUenT69okb96QStfr1J00n8L4VAs8V5IuFUcSc8UqSpB+LgERRTMRFo9IrE +XAW/gEKlEVR+501BvJ0/Qggxbgz4PEnKNaxXmAnykJzot2VDKTzrr26a9LnrT0GW +om9rg89Ih876PA53vUXBB+FWP9QOFDcOfz3nMjCrLbMzhTsAzrNFXxchzLq+66CL +qsQQytDVFpLI+X++sKRTOHkq6vV1bAPjlljrannLnn1y/DvkOOkiHOdYyjmR7Dfk +vxgcWh/3Gx4J9gipxZITOr7LamEYgHfElY/UWCtc1Vjt8Xvgt4dofDpvSwY9YzgR +WxJKC5ewYdqTCI+zxL1f0fjkeiRYNi959UMMjgdcY7Zpi8oPPQmlyBw15QARAQAB +tCZEYW5pZWwgU2Fsem1hbiA8ZGFuaWVsLnNhbHptYW5AbmljLmN6PokCPQQTAQoA +JwUCWWOUFwIbAwUJA8JnAAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAQu3r2 +/rvWq1+eEAClhOEK2MZOz+nwJSeX7iINKbw477Y+LSvYkKG81pve+xtblQEn7rI3 +cYnDrqlUb3bXdbMHujYrg1fPoccpCvf6d/JvlN6WXCE25R+GR6vxr6v7jycHdSOb +Fe4sTcwce6IViwiWiSizh4UCkz8285LjLcf3AnT2v6GJwHiZbPOeMQUNIRj6PEYL +SQsq0ZlqEx8LGKLTc5Ukrkoi4lN44SI1rzSwDPIqvlvrVnDXcDB8M7E2Ii51zU8/ +TVk920KeayUeCPxpmgQW3USI45NrE/jEgyodyxMGp5lg3OqzHT2wu9BVLWkQvTjF +fLfEsTay4K4kUSbYzbpS93b33J+I20rYLGBBYlTrN5417IgF6Bb8NzyrfVy1Wdqh +cggAEKX5EkOmZM8oduRxsHqiRLC/xKF8GqTo6t3GMS5i8RClNvmdq0WUkQUvld4b +OnXBCZ2QLbjV7sXjcr56ee+qdpiuRQjEidjHzpibcIBN8LVupVgXAZl9lsiBtoJX +OHsvSdU3VgGWnRGtzFjSHzl3TRPIsaVVqD7aCzQDfXDjrGlmhzgDfMwkqmBGgsku +8tSR3Ag0MRAouJFXiZrcM3XGeYVbHT6dt7UMAB27Xc5foc0kGRo5tzlK6rWG2sJI +lcQB7tKvwI/tE9lwJDjw+XNekEdIpcdcQ7mWa1COYkcYTre3oPmN+7kCDQRZY5QX +ARAA6RnxYG82/X+A49srgHR9yIxlHqSq6IhNn+iJQ5lpVpfeBItOG4NDu4Aq5X41 +pAJ3NKxsCPV62gEald/C7gJrTI5rag/87GYFFo6QRrwGsWVGORGs9G1pBF7ZZwhP +JwD3MeagGZNfWZzRxXefL1P3mrpO3etSEEwENHtCqEMP6x/JHh3SKonKAlL4xfj3 +F54aKj4upIcjxGBAJH8u66bN1GmYjstBzzbD4TWNTwfKgp15XxjrTgbThFy7CBoO +gcaApiYTPE7D5nB1+AyhGjnO3ZlNgy1ZIHVDFk6HEakaqKM9QlkJnZsB2+cTqXlV +0etmFQsedCg2sUier0hhIrEOOtGQbY1P+0vv+VRoaNym3ritl+70RG8WgrHNLMRH +VGeLRq3gOFnt+d/3h7meAKbORW/ZY30UpwthtlZYgciFzoDJCW8Be1i1X4toiUaM +kFh79jd7YTvZ87+P4DllC9MNsoq5cY/bHBNZYtXf7y6XqVqYo2IbFUR3VXKtzSN5 +eYm5YpFPczzmg1bNgl3i6WBcOF4EPEJEVjZ+u1r59NvfVLQ8XVh/QmLoG7x8oFcv +hWctMy17Vdm4qZjpSA+B1sQocehdra+xT+PWV0kcrYpsqwkYeFRQnJGqIupWHnot +qGOBNAyQWIcjK6K5y0CeioJZpNN5Oe5XloMXsYmgXsR+gTUAEQEAAYkCJQQYAQoA +DwUCWWOUFwIbDAUJA8JnAAAKCRAQu3r2/rvWq+IQD/9ikZ5MtdDOVLtULPqXXeP3 +6Oss2Ie4/4IQ7xkUZZ/Ujig0x1rW+d21o92VryH1s4K+nyCIW31rbtexK/0a54/w +Zyyjbqfh6Tgo9n3f5bMV9qyubb49cfTSKfgzoOkG8Xdc/TIO1IjWHy1NBDl8GWKJ +0QPYz78SCCkEFiVCAFBjuIQsoPqDKcZTs7k661w0A75ken88JJLgUgffZJRQK0i1 +dCw8kS4c2pqm24Q6d0AF5EdqXn2IFH82p49Pp5bRMY3LnibRL3Sq0xvXs7i5vY+o +JLuPAdomiGbdEbxcLytqQ2KitVdrGvrnZJxPs16m0uuTeM06krorDlgGBXFp5+Z9 +JbQpViHkVpLo+vf/GuT9WOWWH8gG0r14ZLVQTvCGXiAR4Aju7W5jPMPmVDJ+wMrD +cLta1Jv0U0+AnVe67mRXb0n5E/7kVshB3rfGzunPSlqT5kEiOXq6fJWB2l0lzCv0 +WtNuINmU9U3ap1oZBGSYl83vyuRUIlx61/tlnJvwseBL1FmASXOgfedCsxjHIlgF +SUeScLxnOSyap/4ePqZ0C76Nkvzx43SfM1LJUeCHwon0o+LZv2GlBmlEp6PbekRQ +Tz1hewLBbfAeXZRnwxvmkRqTP4DJCIVu2AE47+rbqVEjJZuEO4ORlkKoBdLOV3HN +xWbfbG7+n/h2cnUw3pqbHw== +=4CxJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..7cf9ea1 --- /dev/null +++ b/debian/watch @@ -0,0 +1,4 @@ +version=4 +opts=uversionmangle=s/-((alpha|beta|rc)\d*)$/~$1/,pgpsigurlmangle=s/$/.asc/,dversionmangle=s/\+hotfix// \ +https://secure.nic.cz/files/knot-dns/ \ +(?:|.*/)knot(?:[_\-]v?|)(\d\S*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) |