summaryrefslogtreecommitdiffstats
path: root/distro
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--distro/arch/PKGBUILD69
-rw-r--r--distro/deb/changelog6
-rw-r--r--distro/deb/clean3
-rw-r--r--distro/deb/compat1
-rw-r--r--distro/deb/control141
-rw-r--r--distro/deb/copyright447
-rw-r--r--distro/deb/knot-resolver-doc.doc-base11
-rw-r--r--distro/deb/knot-resolver-doc.docs1
-rw-r--r--distro/deb/knot-resolver-doc.info2
-rw-r--r--distro/deb/knot-resolver-doc.links2
-rw-r--r--distro/deb/knot-resolver-module-dnstap.install1
-rw-r--r--distro/deb/knot-resolver-module-http.install7
-rw-r--r--distro/deb/knot-resolver-module-http.links5
-rw-r--r--distro/deb/knot-resolver-module-http.preinst26
-rw-r--r--distro/deb/knot-resolver.dirs2
-rw-r--r--distro/deb/knot-resolver.docs4
-rw-r--r--distro/deb/knot-resolver.install37
-rw-r--r--distro/deb/knot-resolver.links2
-rw-r--r--distro/deb/knot-resolver.manpages2
-rw-r--r--distro/deb/knot-resolver.postinst38
-rw-r--r--distro/deb/knot-resolver.postrm9
-rw-r--r--distro/deb/knot-resolver.preinst26
-rw-r--r--distro/deb/knot-resolver.triggers1
-rw-r--r--distro/deb/not-installed7
-rwxr-xr-xdistro/deb/rules50
-rw-r--r--distro/deb/source/format1
-rw-r--r--distro/rpm/knot-resolver.spec383
-rw-r--r--distro/tests/.ansible.cfg8
-rw-r--r--distro/tests/README.md42
-rw-r--r--distro/tests/ansible-roles/knot_resolver/defaults/main.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml10
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml10
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml8
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/main.yaml69
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml16
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml15
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml9
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml24
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml4
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml8
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml8
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml8
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml7
-rw-r--r--distro/tests/ansible-roles/obs_repos/defaults/main.yaml4
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/CentOS.yaml13
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/Debian.yaml15
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/Fedora.yaml8
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/Ubuntu.yaml14
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/main.yaml12
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Leap.yaml19
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Tumbleweed.yaml13
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/CentOS.yaml3
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/Debian_10.yaml3
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/Debian_9.yaml3
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/Fedora.yaml3
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/Ubuntu.yaml3
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/openSUSE_Leap.yaml3
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/openSUSE_Tumbleweed.yaml3
-rw-r--r--distro/tests/centos7/Vagrantfile30
l---------distro/tests/centos7/ansible.cfg1
-rw-r--r--distro/tests/centos8/Vagrantfile30
l---------distro/tests/centos8/ansible.cfg1
-rw-r--r--distro/tests/debian10/Vagrantfile28
l---------distro/tests/debian10/ansible.cfg1
-rw-r--r--distro/tests/debian9/Vagrantfile27
l---------distro/tests/debian9/ansible.cfg1
-rw-r--r--distro/tests/fedora32/Vagrantfile30
l---------distro/tests/fedora32/ansible.cfg1
-rw-r--r--distro/tests/fedora33/Vagrantfile30
l---------distro/tests/fedora33/ansible.cfg1
-rw-r--r--distro/tests/knot-resolver-pkgtest.yaml13
-rw-r--r--distro/tests/leap15/Vagrantfile29
l---------distro/tests/leap15/ansible.cfg1
-rw-r--r--distro/tests/repos.yaml4
-rwxr-xr-xdistro/tests/test-distro.sh26
-rw-r--r--distro/tests/ubuntu1604/Vagrantfile30
l---------distro/tests/ubuntu1604/ansible.cfg1
-rw-r--r--distro/tests/ubuntu1804/Vagrantfile30
l---------distro/tests/ubuntu1804/ansible.cfg1
-rw-r--r--distro/tests/ubuntu2004/Vagrantfile30
l---------distro/tests/ubuntu2004/ansible.cfg1
-rw-r--r--distro/tests/ubuntu2010/Vagrantfile31
l---------distro/tests/ubuntu2010/ansible.cfg1
88 files changed, 2064 insertions, 0 deletions
diff --git a/distro/arch/PKGBUILD b/distro/arch/PKGBUILD
new file mode 100644
index 0000000..7b3cfe4
--- /dev/null
+++ b/distro/arch/PKGBUILD
@@ -0,0 +1,69 @@
+# Maintainer: Tomas Krizek <tomas.krizek@nic.cz>
+# Contributor: Ondřej Surý <ondrej@sury.org>
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+pkgname=knot-resolver
+pkgver=__VERSION__
+pkgrel=1
+pkgdesc='Caching DNSSEC-validating DNS resolver'
+arch=('x86_64' 'armv7h')
+url='https://www.knot-resolver.cz/'
+license=('GPL3')
+depends=(
+ 'dnssec-anchors'
+ 'gnutls'
+ 'knot'
+ 'libedit'
+ 'libuv'
+ 'lmdb'
+ 'luajit'
+ 'systemd'
+ 'libcap-ng'
+ 'libnghttp2'
+)
+makedepends=(
+ 'cmocka'
+ 'meson'
+ 'systemd-libs'
+)
+optdepends=(
+ 'lua51-basexx: experimental_dot_auth module'
+ 'lua51-cqueues: http and dns64 module, policy.rpz() function'
+ 'lua51-http: http and prefill modules, trust_anchors bootstrap'
+ 'lua51-psl: policy.slice_randomize_psl() function'
+)
+backup=('etc/knot-resolver/kresd.conf')
+options=(debug strip)
+source=("knot-resolver_${pkgver}.orig.tar.xz")
+sha256sums=('SKIP')
+
+build() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ meson build \
+ --buildtype=release \
+ --prefix=/usr \
+ --sbindir=bin \
+ -D keyfile_default=/etc/trusted-key.key \
+ -D systemd_files=enabled \
+ -D client=enabled \
+ -D install_kresd_conf=enabled \
+ -D unit_tests=enabled
+ ninja -C build
+}
+
+check() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ meson test -C build
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ DESTDIR=${pkgdir} ninja -C build install
+
+ # add kresd.target to multi-user.target.wants to support enabling kresd services
+ install -d -m 0755 "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants"
+ ln -s ../kresd.target "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants/kresd.target"
+
+ # remove modules with missing dependencies
+ rm "${pkgdir}/usr/lib/knot-resolver/kres_modules/etcd.lua"
+}
diff --git a/distro/deb/changelog b/distro/deb/changelog
new file mode 100644
index 0000000..4d6f28b
--- /dev/null
+++ b/distro/deb/changelog
@@ -0,0 +1,6 @@
+knot-resolver (__VERSION__-cznic.1) unstable; urgency=medium
+
+ * move changelog to OBS
+ * see NEWS or https://knot-resolver.cz
+
+ -- Tomas Krizek <tomas.krizek@nic.cz> Tue, 20 Feb 2018 19:36:45 +0100
diff --git a/distro/deb/clean b/distro/deb/clean
new file mode 100644
index 0000000..3c2f3ba
--- /dev/null
+++ b/distro/deb/clean
@@ -0,0 +1,3 @@
+build_deb/
+doc/doxyxml/
+doc/html/
diff --git a/distro/deb/compat b/distro/deb/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/distro/deb/compat
@@ -0,0 +1 @@
+9
diff --git a/distro/deb/control b/distro/deb/control
new file mode 100644
index 0000000..1fbc93c
--- /dev/null
+++ b/distro/deb/control
@@ -0,0 +1,141 @@
+Source: knot-resolver
+Section: net
+Priority: optional
+Maintainer: Knot Resolver <knot-resolver@labs.nic.cz>
+Uploaders:
+ Tomas Krizek <tomas.krizek@nic.cz>
+Build-Depends:
+ debhelper (>= 9~),
+ libcmocka-dev (>= 1.0.0),
+ libedit-dev,
+ libfstrm-dev,
+ libgnutls28-dev,
+ libknot-dev (>= 2.9),
+ liblmdb-dev,
+ libluajit-5.1-dev,
+ libnghttp2-dev,
+ libprotobuf-c-dev,
+ libsystemd-dev (>= 227) [linux-any],
+ libcap-ng-dev,
+ libuv1-dev,
+ luajit,
+ pkg-config,
+ meson (>= 0.49),
+ doxygen,
+ protobuf-c-compiler,
+ python3-breathe,
+ python3-sphinx,
+ python3-sphinx-rtd-theme,
+ texinfo,
+ libssl-dev,
+Homepage: https://www.knot-resolver.cz/
+
+Package: knot-resolver
+Architecture: any
+Depends:
+ adduser,
+ dns-root-data,
+ systemd,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Replaces:
+ libkres9 (<< 3.2.1-2),
+Breaks:
+ libkres9 (<< 3.2.1-2),
+Recommends:
+ lua-basexx,
+ lua-cqueues,
+ lua-http,
+ lua-psl,
+Suggests:
+ knot-resolver-module-http,
+Description: caching, DNSSEC-validating DNS resolver
+ The Knot Resolver is a caching full resolver implementation
+ written in C and LuaJIT, including both a resolver library and a
+ daemon. Modular architecture of the library keeps the core tiny and
+ efficient, and provides a state-machine like API for
+ extensions. There are three built-in modules - iterator, cache,
+ validator, and many external.
+ .
+ The Lua modules, switchable and shareable cache, and fast FFI
+ bindings makes it great to tap into resolution process, or be used
+ for your recursive DNS service. It's the OpenResty of DNS.
+ .
+ The server adopts a different scaling strategy than the rest of the
+ DNS recursors - no threading, shared-nothing architecture (except
+ MVCC cache that may be shared). You can start and stop additional
+ nodes depending on the contention without downtime.
+
+Package: knot-resolver-dbg
+Architecture: any
+Depends: knot-resolver (= ${binary:Version}),
+ ${misc:Depends}
+Recommends: gdb
+Section: debug
+Priority: extra
+Description: Debug symbols for Knot Resolver
+ This package provides the debug symbols for Knot Resolver needed
+ for properly debugging errors in Knot Resolver with gdb.
+
+Package: knot-resolver-module-dnstap
+Architecture: any
+Multi-Arch: same
+Depends:
+ knot-resolver (= ${binary:Version}),
+ libfstrm0,
+ libprotobuf-c1,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: dnstap module for Knot Resolver
+ The Knot Resolver is a caching full resolver implementation
+ written in C and LuaJIT, including both a resolver library and a
+ daemon. Modular architecture of the library keeps the core tiny and
+ efficient, and provides a state-machine like API for
+ extensions. There are three built-in modules - iterator, cache,
+ validator, and many external.
+ .
+ This package contains dnstap module for logging DNS responses
+ to a unix socket in dnstap format.
+
+Package: knot-resolver-module-http
+Architecture: all
+Depends:
+ knot-resolver (= ${binary:Version}),
+ libjs-bootstrap,
+ libjs-d3,
+ libjs-jquery,
+ lua-cqueues (>= 20171014),
+ lua-http,
+ lua-mmdb,
+ systemd,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Breaks:
+ knot-resolver-module-tinyweb (<< 1.1.0~git20160713-1~),
+Description: HTTP module for Knot Resolver
+ The Knot Resolver is a caching full resolver implementation
+ written in C and LuaJIT, including both a resolver library and a
+ daemon. Modular architecture of the library keeps the core tiny and
+ efficient, and provides a state-machine like API for
+ extensions. There are three built-in modules - iterator, cache,
+ validator, and many external.
+ .
+ This package contains HTTP/2 module for local visualization of the
+ resolver cache and queries.
+
+Package: knot-resolver-doc
+Architecture: all
+Section: doc
+Depends:
+ libjs-jquery,
+ libjs-underscore,
+ ${misc:Depends},
+Description: Documentation for Knot Resolver
+ The Knot Resolver is a caching full resolver implementation
+ written in C and LuaJIT, including both a resolver library and a
+ daemon. Modular architecture of the library keeps the core tiny and
+ efficient, and provides a state-machine like API for
+ extensions. There are three built-in modules - iterator, cache,
+ validator, and many external.
+ .
+ This package contains Knot Resolver Documentation.
diff --git a/distro/deb/copyright b/distro/deb/copyright
new file mode 100644
index 0000000..8b8bf2b
--- /dev/null
+++ b/distro/deb/copyright
@@ -0,0 +1,447 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: knot-resolver
+Source: https://www.knot-resolver.cz/
+
+Files: *
+Copyright: 2015-2018 CZ.NIC
+License: GPL-3.0+
+
+Files: contrib/ccan/asprintf/*
+Copyright: Rusty Russell
+License: Expat
+
+Files: contrib/ccan/compiler/*
+Copyright: Rusty Russell
+License: CC0
+
+Files: tests/config/tapered/*
+Copyright: 2012-2017, Peter Aronoff
+License: BSD-3-clause
+
+Files: contrib/lmdb/*
+Copyright: 1999-2003 The OpenLDAP Foundation
+License: OpenLDAP
+
+Files: tests/deckard/contrib/libfaketime/*
+Copyright: 2003-2017 Wolfgang Hommel
+License: GPL-2
+
+Files: tests/deckard/contrib/libswrap/*
+Copyright: 2005,2008 Jelmer Vernooij <jelmer@samba.org>
+ 2006-2009 Stefan Metzmacher <metze@samba.org>
+ 2013 Andreas Schneider <asn@samba.org>
+License: BSD-3-clause
+
+Files: contrib/murmurhash3/*
+Copyright: Austin Appleby
+License: CC0-1.0
+
+Files: debian/missing-sources/dygraph-combined.js
+ modules/http/static/dygraph-combined.js
+Copyright: 2006-2014 Dan Vanderkam <danvdk@gmail.com>
+ 2016 Paul Miller
+ 2011 Robert Konigsberg <konigsberg@google.com>
+ 2013 David Eberlein <david.eberlein@ch.sauter-bc.com>
+License: MIT
+
+Files: contrib/ucw/*
+Copyright: 1997-2015 Martin Mares
+ 2005-2014 Tomas Valla
+ 2006 Robert Spalek
+ 2007-2015 Pavel Charvat
+License: LGPL-2.1
+
+Files: contrib/ccan/json/*
+Copyright: 2011 Joey Adams
+License: Expat
+
+Files: lib/generic/map.c lib/generic/map.h
+Copyright: Dan Bernstein
+ Jonas Gehring
+ Adam Langley
+ Marek Vavrusa
+License: public-domain
+
+Files: modules/policy/lua-aho-corasick/*
+Copyright: 2013 CloudFlare, Inc.
+License: BSD-3-CloudFlare
+
+Files: modules/http/static/jquery.js
+Copyright: 2005-2011 John Resig, Brandon Aaron & Jörn Zaefferer
+License: GPL-2 or Expat
+
+Files: modules/http/static/d3.js
+ modules/http/static/topojson.js
+Copyright: 2010-2015 Michael Bostock
+License: BSD-3-clause
+
+Files: modules/http/static/epoch.*
+ debian/missing-sources/epoch/*
+ debian/missing-sources/epoch.*
+Copyright: 2014 Fastly, Inc.
+License: Expat
+
+Files: modules/http/static/datamaps.world.min.js
+Copyright: 2012 Mark DiMarco
+License: Expat
+
+Files: modules/http/static/bootstrap.min.css
+ modules/http/static/bootstrap.min.js
+ modules/http/static/bootstrap-theme.min.css
+ modules/http/static/glyphicons-halflings-regular.woff2
+Copyright: 2012-2016 Thomas Park
+ 2011-2015 Twitter, Inc.
+License: Expat
+
+Files: modules/http/static/selectize.bootstrap3.min.css
+ modules/http/static/selectize.min.css
+ modules/http/static/selectize.min.js
+Copyright: 2013–2015 Brian Reavis & contributors
+License: Apache-2.0
+
+Files: debian/*
+Copyright: 2015 Ondřej Surý <ondrej@debian.org>
+License: GPL-3.0+
+
+License: LGPL-2.1
+ This library is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of the
+ License, or (at your option) any later version.
+ .
+ This library is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/LGPL-2.1".
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ SOFTWARE.
+
+License: CC0
+ Statement of Purpose
+ .
+ The laws of most jurisdictions throughout the world automatically
+ confer exclusive Copyright and Related Rights (defined below) upon
+ the creator and subsequent owner(s) (each and all, an "owner") of an
+ original work of authorship and/or a database (each, a "Work").
+ .
+ Certain owners wish to permanently relinquish those rights to a Work
+ for the purpose of contributing to a commons of creative, cultural
+ and scientific works ("Commons") that the public can reliably and
+ without fear of later claims of infringement build upon, modify,
+ incorporate in other works, reuse and redistribute as freely as
+ possible in any form whatsoever and for any purposes, including
+ without limitation commercial purposes. These owners may contribute
+ to the Commons to promote the ideal of a free culture and the further
+ production of creative, cultural and scientific works, or to gain
+ reputation or greater distribution for their Work in part through the
+ use and efforts of others.
+ .
+ For these and/or other purposes and motivations, and without any
+ expectation of additional consideration or compensation, the person
+ associating CC0 with a Work (the "Affirmer"), to the extent that he
+ or she is an owner of Copyright and Related Rights in the Work,
+ voluntarily elects to apply CC0 to the Work and publicly distribute
+ the Work under its terms, with knowledge of his or her Copyright and
+ Related Rights in the Work and the meaning and intended legal effect
+ of CC0 on those rights.
+ .
+ 1. Copyright and Related Rights. A Work made available under CC0 may
+ be protected by copyright and related or neighboring rights
+ ("Copyright and Related Rights"). Copyright and Related Rights
+ include, but are not limited to, the following:
+ .
+ i. the right to reproduce, adapt, distribute, perform, display,
+ communicate, and translate a Work;
+ ii. moral rights retained by the original author(s) and/or
+ performer(s);
+ iii. publicity and privacy rights pertaining to a person's image or
+ likeness depicted in a Work;
+ iv. rights protecting against unfair competition in regards to a
+ Work, subject to the limitations in paragraph 4(a), below;
+ v. rights protecting the extraction, dissemination, use and reuse
+ of data in a Work;
+ vi. database rights (such as those arising under Directive 96/9/EC
+ of the European Parliament and of the Council of 11 March 1996
+ on the legal protection of databases, and under any national
+ implementation thereof, including any amended or successor
+ version of such directive); and
+ vii. other similar, equivalent or corresponding rights throughout
+ the world based on applicable law or treaty, and any national
+ implementations thereof.
+ .
+ 2. Waiver. To the greatest extent permitted by, but not in
+ contravention of, applicable law, Affirmer hereby overtly, fully,
+ permanently, irrevocably and unconditionally waives, abandons, and
+ surrenders all of Affirmer's Copyright and Related Rights and
+ associated claims and causes of action, whether now known or
+ unknown (including existing as well as future claims and causes of
+ action), in the Work (i) in all territories worldwide, (ii) for
+ the maximum duration provided by applicable law or treaty
+ (including future time extensions), (iii) in any current or future
+ medium and for any number of copies, and (iv) for any purpose
+ whatsoever, including without limitation commercial, advertising
+ or promotional purposes (the "Waiver"). Affirmer makes the Waiver
+ for the benefit of each member of the public at large and to the
+ detriment of Affirmer's heirs and successors, fully intending that
+ such Waiver shall not be subject to revocation, rescission,
+ cancellation, termination, or any other legal or equitable action
+ to disrupt the quiet enjoyment of the Work by the public as
+ contemplated by Affirmer's express Statement of Purpose.
+ .
+ 3. Public License Fallback. Should any part of the Waiver for any
+ reason be judged legally invalid or ineffective under applicable
+ law, then the Waiver shall be preserved to the maximum extent
+ permitted taking into account Affirmer's express Statement of
+ Purpose. In addition, to the extent the Waiver is so judged
+ Affirmer hereby grants to each affected person a royalty-free, non
+ transferable, non sublicensable, non exclusive, irrevocable and
+ unconditional license to exercise Affirmer's Copyright and Related
+ Rights in the Work (i) in all territories worldwide, (ii) for the
+ maximum duration provided by applicable law or treaty (including
+ future time extensions), (iii) in any current or future medium and
+ for any number of copies, and (iv) for any purpose whatsoever,
+ including without limitation commercial, advertising or
+ promotional purposes (the "License"). The License shall be deemed
+ effective as of the date CC0 was applied by Affirmer to the
+ Work. Should any part of the License for any reason be judged
+ legally invalid or ineffective under applicable law, such partial
+ invalidity or ineffectiveness shall not invalidate the remainder
+ of the License, and in such case Affirmer hereby affirms that he
+ or she will not (i) exercise any of his or her remaining Copyright
+ and Related Rights in the Work or (ii) assert any associated
+ claims and causes of action with respect to the Work, in either
+ case contrary to Affirmer's express Statement of Purpose.
+ .
+ 4. Limitations and Disclaimers.
+ .
+ a. No trademark or patent rights held by Affirmer are waived,
+ abandoned, surrendered, licensed or otherwise affected by this
+ document.
+ b. Affirmer offers the Work as-is and makes no representations or
+ warranties of any kind concerning the Work, express, implied,
+ statutory or otherwise, including without limitation warranties
+ of title, merchantability, fitness for a particular purpose, non
+ infringement, or the absence of latent or other defects,
+ accuracy, or the present or absence of errors, whether or not
+ discoverable, all to the greatest extent permissible under
+ applicable law.
+ c. Affirmer disclaims responsibility for clearing rights of other
+ persons that may apply to the Work or any use thereof, including
+ without limitation any person's Copyright and Related Rights in
+ the Work. Further, Affirmer disclaims responsibility for
+ obtaining any necessary consents, permissions or other rights
+ required for any use of the Work.
+ d. Affirmer understands and acknowledges that Creative Commons is
+ not a party to this document and has no duty or obligation with
+ respect to this CC0 or use of the Work.
+
+License: BSD-3-CloudFlare
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ .
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+ .
+ 3. Neither the name of CloudFlare, Inc. nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: BSD-3-clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ .
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ 3. Neither the name of the author nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
+
+License: GPL-2
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ .
+ On Debian systems, the complete text of the GNU General Public
+ License version 2 can be found in "/usr/share/common-licenses/GPL-2".
+
+License: Apache-2.0
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+ .
+ https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the full text of the Apache Software License version 2 can
+ be found in the file `/usr/share/common-licenses/Apache-2.0'.
+
+License: MIT
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ SOFTWARE.
+
+License: OpenLDAP
+ Redistribution and use of this software and associated documentation
+ ("Software"), with or without modification, are permitted provided
+ that the following conditions are met:
+ .
+ 1. Redistributions in source form must retain copyright statements
+ and notices,
+ .
+ 2. Redistributions in binary form must reproduce applicable copyright
+ statements and notices, this list of conditions, and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution, and
+ .
+ 3. Redistributions must contain a verbatim copy of this document.
+ .
+ The OpenLDAP Foundation may revise this license from time to time.
+ Each revision is distinguished by a version number. You may use
+ this Software under terms of this license revision or under the
+ terms of any subsequent revision of the license.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
+ CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
+ OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ .
+ The names of the authors and copyright holders must not be used in
+ advertising or otherwise to promote the sale, use or other dealing
+ in this Software without specific, written prior permission. Title
+ to copyright in this Software shall at all times remain with copyright
+ holders.
+ .
+ OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+License: CC0-1.0
+ This work is licensed under the "Creative Commons Zero" license.
+ .
+ On debian systems, a copy of the Creative Commons Zero license may be
+ found at /usr/share/common-licenses/CC0-1.0.
+
+License: public-domain
+ This work has been released into the public domain. The map
+ implementation builds off of prior public domain work from Dan
+ Bernstein (qhasm) and Adam Langley (critbit).
diff --git a/distro/deb/knot-resolver-doc.doc-base b/distro/deb/knot-resolver-doc.doc-base
new file mode 100644
index 0000000..9cd0fdf
--- /dev/null
+++ b/distro/deb/knot-resolver-doc.doc-base
@@ -0,0 +1,11 @@
+Document: knot-resolver
+Title: Knot Resolver documentation
+Author: CZ.NIC labs
+Abstract: Documentation for the Knot Resolver,
+ including building from source, using the library,
+ and configuration and operation of the daemon.
+Section: Network/Communication
+
+Format: HTML
+Index: /usr/share/doc/knot-resolver/html/index.html
+Files: /usr/share/doc/knot-resolver/html/*.html
diff --git a/distro/deb/knot-resolver-doc.docs b/distro/deb/knot-resolver-doc.docs
new file mode 100644
index 0000000..baa81f7
--- /dev/null
+++ b/distro/deb/knot-resolver-doc.docs
@@ -0,0 +1 @@
+debian/tmp/usr/share/doc/knot-resolver/html/*
diff --git a/distro/deb/knot-resolver-doc.info b/distro/deb/knot-resolver-doc.info
new file mode 100644
index 0000000..2283d88
--- /dev/null
+++ b/distro/deb/knot-resolver-doc.info
@@ -0,0 +1,2 @@
+debian/tmp/usr/share/info/knot-resolver.info
+debian/tmp/usr/share/info/knot-resolver-figures/*
diff --git a/distro/deb/knot-resolver-doc.links b/distro/deb/knot-resolver-doc.links
new file mode 100644
index 0000000..25e9584
--- /dev/null
+++ b/distro/deb/knot-resolver-doc.links
@@ -0,0 +1,2 @@
+usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-resolver/html/_static/jquery.js
+usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-resolver/html/_static/underscore.js
diff --git a/distro/deb/knot-resolver-module-dnstap.install b/distro/deb/knot-resolver-module-dnstap.install
new file mode 100644
index 0000000..ae5404e
--- /dev/null
+++ b/distro/deb/knot-resolver-module-dnstap.install
@@ -0,0 +1 @@
+usr/lib/knot-resolver/kres_modules/dnstap.so
diff --git a/distro/deb/knot-resolver-module-http.install b/distro/deb/knot-resolver-module-http.install
new file mode 100644
index 0000000..ffa04d0
--- /dev/null
+++ b/distro/deb/knot-resolver-module-http.install
@@ -0,0 +1,7 @@
+usr/lib/knot-resolver/kres_modules/http*.lua
+usr/lib/knot-resolver/kres_modules/prometheus.lua
+usr/lib/knot-resolver/kres_modules/http/*.css
+usr/lib/knot-resolver/kres_modules/http/*.ico
+usr/lib/knot-resolver/kres_modules/http/*.js
+usr/lib/knot-resolver/kres_modules/http/*.tpl
+usr/lib/knot-resolver/kres_modules/http/*.woff2
diff --git a/distro/deb/knot-resolver-module-http.links b/distro/deb/knot-resolver-module-http.links
new file mode 100644
index 0000000..4963c5c
--- /dev/null
+++ b/distro/deb/knot-resolver-module-http.links
@@ -0,0 +1,5 @@
+usr/share/javascript/bootstrap/css/bootstrap-theme.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap-theme.min.css
+usr/share/javascript/bootstrap/css/bootstrap.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap.min.css
+usr/share/javascript/bootstrap/js/bootstrap.min.js usr/lib/knot-resolver/kres_modules/http/bootstrap.min.js
+usr/share/javascript/d3/d3.min.js usr/lib/knot-resolver/kres_modules/http/d3.js
+usr/share/javascript/jquery/jquery.min.js usr/lib/knot-resolver/kres_modules/http/jquery.js
diff --git a/distro/deb/knot-resolver-module-http.preinst b/distro/deb/knot-resolver-module-http.preinst
new file mode 100644
index 0000000..c2bd87d
--- /dev/null
+++ b/distro/deb/knot-resolver-module-http.preinst
@@ -0,0 +1,26 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-3.0-or-later
+set -e
+
+# upgrade-4-to-5
+if [ -f /lib/systemd/system/kresd-doh.socket ] ; then
+ export UPG_DIR=/var/lib/knot-resolver/.upgrade-4-to-5
+ mkdir -p ${UPG_DIR}
+ touch ${UPG_DIR}/.unfinished
+
+ for sock in kresd-webmgmt.socket kresd-doh.socket ; do
+ if systemctl is-enabled ${sock} 2>/dev/null | grep -qv masked ; then
+ systemctl show ${sock} -p Listen > ${UPG_DIR}/${sock}
+ case "$(systemctl show ${sock} -p BindIPv6Only)" in
+ *ipv6-only)
+ touch ${UPG_DIR}/${sock}.v6only
+ ;;
+ *default)
+ if cat /proc/sys/net/ipv6/bindv6only | grep -q 1 ; then
+ touch ${UPG_DIR}/${sock}.v6only
+ fi
+ ;;
+ esac
+ fi
+ done
+fi
diff --git a/distro/deb/knot-resolver.dirs b/distro/deb/knot-resolver.dirs
new file mode 100644
index 0000000..f8981d8
--- /dev/null
+++ b/distro/deb/knot-resolver.dirs
@@ -0,0 +1,2 @@
+/var/lib/knot-resolver
+/var/cache/knot-resolver
diff --git a/distro/deb/knot-resolver.docs b/distro/deb/knot-resolver.docs
new file mode 100644
index 0000000..8e919d0
--- /dev/null
+++ b/distro/deb/knot-resolver.docs
@@ -0,0 +1,4 @@
+debian/tmp/usr/share/doc/knot-resolver/AUTHORS
+debian/tmp/usr/share/doc/knot-resolver/COPYING
+debian/tmp/usr/share/doc/knot-resolver/NEWS
+debian/tmp/usr/share/doc/knot-resolver/examples
diff --git a/distro/deb/knot-resolver.install b/distro/deb/knot-resolver.install
new file mode 100644
index 0000000..1e770bb
--- /dev/null
+++ b/distro/deb/knot-resolver.install
@@ -0,0 +1,37 @@
+etc/knot-resolver/kresd.conf
+usr/lib/systemd/system/kresd@.service lib/systemd/system/
+usr/lib/systemd/system/kres-cache-gc.service lib/systemd/system/
+usr/lib/systemd/system/kresd.target lib/systemd/system/
+usr/lib/*.so.*
+usr/lib/tmpfiles.d/knot-resolver.conf
+usr/lib/knot-resolver/*.so
+usr/lib/knot-resolver/*.lua
+usr/lib/knot-resolver/kres_modules/bogus_log.so
+usr/lib/knot-resolver/kres_modules/edns_keepalive.so
+usr/lib/knot-resolver/kres_modules/hints.so
+usr/lib/knot-resolver/kres_modules/nsid.so
+usr/lib/knot-resolver/kres_modules/refuse_nord.so
+usr/lib/knot-resolver/kres_modules/stats.so
+usr/lib/knot-resolver/kres_modules/daf.lua
+usr/lib/knot-resolver/kres_modules/daf/*
+usr/lib/knot-resolver/kres_modules/detect_time_jump.lua
+usr/lib/knot-resolver/kres_modules/detect_time_skew.lua
+usr/lib/knot-resolver/kres_modules/dns64.lua
+usr/lib/knot-resolver/kres_modules/experimental_dot_auth.lua
+usr/lib/knot-resolver/kres_modules/graphite.lua
+usr/lib/knot-resolver/kres_modules/policy.lua
+usr/lib/knot-resolver/kres_modules/predict.lua
+usr/lib/knot-resolver/kres_modules/prefill.lua
+usr/lib/knot-resolver/kres_modules/priming.lua
+usr/lib/knot-resolver/kres_modules/rebinding.lua
+usr/lib/knot-resolver/kres_modules/renumber.lua
+usr/lib/knot-resolver/kres_modules/serve_stale.lua
+usr/lib/knot-resolver/kres_modules/ta_sentinel.lua
+usr/lib/knot-resolver/kres_modules/ta_signal_query.lua
+usr/lib/knot-resolver/kres_modules/ta_update.lua
+usr/lib/knot-resolver/kres_modules/view.lua
+usr/lib/knot-resolver/kres_modules/watchdog.lua
+usr/lib/knot-resolver/kres_modules/workarounds.lua
+usr/sbin/kresc
+usr/sbin/kresd
+usr/sbin/kres-cache-gc
diff --git a/distro/deb/knot-resolver.links b/distro/deb/knot-resolver.links
new file mode 100644
index 0000000..8196524
--- /dev/null
+++ b/distro/deb/knot-resolver.links
@@ -0,0 +1,2 @@
+dev/null lib/systemd/system/kresd.service
+lib/systemd/system/kresd.target lib/systemd/system/multi-user.target.wants/kresd.target
diff --git a/distro/deb/knot-resolver.manpages b/distro/deb/knot-resolver.manpages
new file mode 100644
index 0000000..101a4ac
--- /dev/null
+++ b/distro/deb/knot-resolver.manpages
@@ -0,0 +1,2 @@
+debian/tmp/usr/share/man/man8/kresd.8*
+debian/tmp/usr/share/man/man7/kresd.systemd.7*
diff --git a/distro/deb/knot-resolver.postinst b/distro/deb/knot-resolver.postinst
new file mode 100644
index 0000000..fb2bce2
--- /dev/null
+++ b/distro/deb/knot-resolver.postinst
@@ -0,0 +1,38 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-3.0-or-later
+set -e
+
+# upgrade-4-to-5
+export UPG_DIR=/var/lib/knot-resolver/.upgrade-4-to-5
+if [ -f ${UPG_DIR}/.unfinished ] ; then
+ rm -f ${UPG_DIR}/.unfinished
+ kresd -c /usr/lib/knot-resolver/upgrade-4-to-5.lua >/dev/null 2>/dev/null
+ echo "\n !!! WARNING !!!"
+ echo "Knot Resolver configuration file requires manual upgrade.\n"
+ cat ${UPG_DIR}/kresd.conf.net 2>/dev/null
+fi
+
+if [ "$1" = "configure" ]; then
+ adduser --quiet --system --group --no-create-home --home /var/cache/knot-resolver knot-resolver
+fi
+
+# Restart any running kresd instances if the root key is updated.
+# Note: if knot-resolver upstream watches this file and reloads it
+# upon a change, we can and should remove this trigger.
+if [ "$1" = "triggered" ]; then
+ if [ "$2" = "/usr/share/dns/root.key" ]; then
+ # use daemon-reload to load any unit changes
+ systemctl daemon-reload || true
+ # systemctl of the sub-services is the preferred method to restart
+ systemctl try-restart 'kresd@*.service' kres-cache-gc.service || true
+ fi
+ exit 0
+fi
+
+if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
+ systemctl daemon-reload || true
+ systemd-tmpfiles --create /usr/lib/tmpfiles.d/knot-resolver.conf
+ systemctl try-restart 'kresd@*.service' kres-cache-gc.service || true
+fi
+
+#DEBHELPER#
diff --git a/distro/deb/knot-resolver.postrm b/distro/deb/knot-resolver.postrm
new file mode 100644
index 0000000..4c8a1ea
--- /dev/null
+++ b/distro/deb/knot-resolver.postrm
@@ -0,0 +1,9 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-3.0-or-later
+set -e
+
+if [ "$1" = "remove" ]; then
+ systemctl stop system-kresd.slice || true
+fi
+
+#DEBHELPER#
diff --git a/distro/deb/knot-resolver.preinst b/distro/deb/knot-resolver.preinst
new file mode 100644
index 0000000..1f8f589
--- /dev/null
+++ b/distro/deb/knot-resolver.preinst
@@ -0,0 +1,26 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-3.0-or-later
+set -e
+
+# upgrade-4-to-5
+if [ -f /lib/systemd/system/kresd.socket ] ; then
+ export UPG_DIR=/var/lib/knot-resolver/.upgrade-4-to-5
+ mkdir -p ${UPG_DIR}
+ touch ${UPG_DIR}/.unfinished
+
+ for sock in kresd.socket kresd-tls.socket ; do
+ if systemctl is-enabled ${sock} 2>/dev/null | grep -qv masked ; then
+ systemctl show ${sock} -p Listen > ${UPG_DIR}/${sock}
+ case "$(systemctl show ${sock} -p BindIPv6Only)" in
+ *ipv6-only)
+ touch ${UPG_DIR}/${sock}.v6only
+ ;;
+ *default)
+ if cat /proc/sys/net/ipv6/bindv6only | grep -q 1 ; then
+ touch ${UPG_DIR}/${sock}.v6only
+ fi
+ ;;
+ esac
+ fi
+ done
+fi
diff --git a/distro/deb/knot-resolver.triggers b/distro/deb/knot-resolver.triggers
new file mode 100644
index 0000000..e8d8246
--- /dev/null
+++ b/distro/deb/knot-resolver.triggers
@@ -0,0 +1 @@
+interest-noawait /usr/share/dns/root.key
diff --git a/distro/deb/not-installed b/distro/deb/not-installed
new file mode 100644
index 0000000..f527e79
--- /dev/null
+++ b/distro/deb/not-installed
@@ -0,0 +1,7 @@
+usr/lib/knot-resolver/kres_modules/http/LICENSE
+usr/lib/knot-resolver/kres_modules/etcd.lua
+debian/tmp/usr/share/doc/knot-resolver/html/.buildinfo
+usr/include/libkres/*.h
+usr/lib/*.so
+usr/lib/pkgconfig/libkres.pc
+usr/lib/sysusers.d/knot-resolver.conf
diff --git a/distro/deb/rules b/distro/deb/rules
new file mode 100755
index 0000000..3445b8c
--- /dev/null
+++ b/distro/deb/rules
@@ -0,0 +1,50 @@
+#!/usr/bin/make -f
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# see FEATURE AREAS in dpkg-buildflags(1)
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
+
+# see ENVIRONMENT in dpkg-buildflags(1)
+# package maintainers to append CFLAGS
+export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic -fno-omit-frame-pointer
+# package maintainers to append LDFLAGS
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/*
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/default.mk
+
+export ARCH=$(DEB_HOST_GNU_CPU)
+
+%:
+ dh $@
+
+override_dh_auto_build:
+ meson build_deb \
+ --buildtype=plain \
+ --prefix=/usr \
+ --libdir=lib \
+ -Ddoc=enabled \
+ -Dsystemd_files=enabled \
+ -Dclient=enabled \
+ -Ddnstap=enabled \
+ -Dkeyfile_default=/usr/share/dns/root.key \
+ -Droot_hints=/usr/share/dns/root.hints \
+ -Dinstall_kresd_conf=enabled \
+ -Dunit_tests=enabled \
+ -Dc_args="$${CFLAGS}" \
+ -Dc_link_args="$${LDFLAGS}"
+ ninja -v -C build_deb
+ ninja -v -C build_deb doc
+
+override_dh_auto_install:
+ DESTDIR="${PWD}/debian/tmp" ninja -v -C build_deb install
+
+override_dh_auto_test:
+ meson test -C build_deb
+
+override_dh_missing:
+ dh_missing --fail-missing
+
+override_dh_strip:
+ dh_strip --dbg-package=knot-resolver-dbg
diff --git a/distro/deb/source/format b/distro/deb/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/distro/deb/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/distro/rpm/knot-resolver.spec b/distro/rpm/knot-resolver.spec
new file mode 100644
index 0000000..ef4c867
--- /dev/null
+++ b/distro/rpm/knot-resolver.spec
@@ -0,0 +1,383 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+%global _hardened_build 1
+%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}}
+
+%define GPG_CHECK 0
+%define VERSION __VERSION__
+%define repodir %{_builddir}/%{name}-%{version}
+%define NINJA ninja-build
+
+Name: knot-resolver
+Version: %{VERSION}
+Release: cznic.1%{?dist}
+Summary: Caching full DNS Resolver
+
+License: GPL-3.0-or-later
+URL: https://www.knot-resolver.cz/
+Source0: knot-resolver_%{version}.orig.tar.xz
+
+# LuaJIT only on these arches
+%if 0%{?rhel} == 7
+# RHEL 7 does not have aarch64 LuaJIT
+ExclusiveArch: %{ix86} x86_64
+%else
+ExclusiveArch: %{arm} aarch64 %{ix86} x86_64
+%endif
+
+%if 0%{GPG_CHECK}
+Source1: knot-resolver-%{version}.tar.xz.asc
+# PGP keys used to sign upstream releases
+# Export with --armor using command from https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures
+# Don't forget to update %%prep section when adding/removing keys
+Source100: gpgkey-B6006460B60A80E782062449E747DF1F9575A3AA.gpg.asc
+Source101: gpgkey-BE26EBB9CBE059B3910CA35BCE8DD6A1A50A21E4.gpg.asc
+Source102: gpgkey-4A8BA48C2AED933BD495C509A1FBA5F7EF8C4869.gpg.asc
+BuildRequires: gnupg2
+%endif
+
+BuildRequires: gcc
+BuildRequires: gcc-c++
+BuildRequires: meson
+BuildRequires: pkgconfig(cmocka)
+BuildRequires: pkgconfig(gnutls)
+BuildRequires: pkgconfig(libedit)
+BuildRequires: pkgconfig(libknot) >= 2.9
+BuildRequires: pkgconfig(libzscanner) >= 2.9
+BuildRequires: pkgconfig(libdnssec) >= 2.9
+BuildRequires: pkgconfig(libnghttp2)
+BuildRequires: pkgconfig(libsystemd)
+BuildRequires: pkgconfig(libcap-ng)
+BuildRequires: pkgconfig(libuv)
+BuildRequires: pkgconfig(luajit) >= 2.0
+
+Requires: systemd
+Requires(post): systemd
+
+# dnstap module dependencies
+# SUSE is missing protoc-c protobuf compiler
+%if "x%{?suse_version}" == "x"
+BuildRequires: pkgconfig(libfstrm)
+BuildRequires: pkgconfig(libprotobuf-c)
+%endif
+
+# Distro-dependent dependencies
+%if 0%{?rhel} == 7
+BuildRequires: lmdb-devel
+# Lua 5.1 version of the libraries have different package names
+Requires: lua-basexx
+Requires: lua-psl
+Requires: lua-http
+Requires(pre): shadow-utils
+%endif
+%if 0%{?fedora} || 0%{?rhel} > 7
+BuildRequires: pkgconfig(lmdb)
+BuildRequires: python3-sphinx
+Requires: lua5.1-basexx
+Requires: lua5.1-cqueues
+Requires: lua5.1-http
+Recommends: lua5.1-psl
+Requires(pre): shadow-utils
+%endif
+
+# we do not build HTTP module on SuSE so the build requires is not needed
+%if "x%{?suse_version}" == "x"
+BuildRequires: openssl-devel
+%endif
+
+%if 0%{?suse_version}
+%define NINJA ninja
+BuildRequires: lmdb-devel
+BuildRequires: python3-Sphinx
+Requires(pre): shadow
+%endif
+
+%if "x%{?rhel}" == "x"
+# dependencies for doc package
+# NOTE: doc isn't possible to build on CentOS 7, 8
+# python2-sphinx is too old and python36-breathe is broken on CentOS 7
+# python3-breathe isn't available for CentOS 8 (yet? rhbz#1808766)
+BuildRequires: doxygen
+BuildRequires: python3-breathe
+BuildRequires: python3-sphinx_rtd_theme
+BuildRequires: texinfo
+%endif
+
+%description
+The Knot Resolver is a DNSSEC-enabled caching full resolver implementation
+written in C and LuaJIT, including both a resolver library and a daemon.
+Modular architecture of the library keeps the core tiny and efficient, and
+provides a state-machine like API for extensions.
+
+The package is pre-configured as local caching resolver.
+To start using it, start a single kresd instance:
+$ systemctl start kresd@1.service
+
+%package devel
+Summary: Development headers for Knot Resolver
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description devel
+The package contains development headers for Knot Resolver.
+
+%if "x%{?rhel}" == "x"
+%package doc
+Summary: Documentation for Knot Resolver
+BuildArch: noarch
+Requires: %{name} = %{version}-%{release}
+
+%description doc
+Documentation for Knot Resolver
+%endif
+
+%if "x%{?suse_version}" == "x"
+%package module-dnstap
+Summary: dnstap module for Knot Resolver
+Requires: %{name} = %{version}-%{release}
+
+%description module-dnstap
+dnstap module for Knot Resolver supports logging DNS responses to a unix socket
+in dnstap format using fstrm framing library. This logging is useful if you
+need effectivelly log all DNS traffic.
+%endif
+
+%if "x%{?suse_version}" == "x"
+%package module-http
+Summary: HTTP module for Knot Resolver
+Requires: %{name} = %{version}-%{release}
+%if 0%{?fedora} || 0%{?rhel} > 7
+Requires: lua5.1-http
+Requires: lua5.1-mmdb
+%else
+Requires: lua-http
+Requires: lua-mmdb
+%endif
+
+%description module-http
+HTTP module for Knot Resolver can serve as API endpoint for other modules or
+provide a web interface for local visualization of the resolver cache and
+queries. It can also serve DNS-over-HTTPS, but it is deprecated in favor of
+native C implementation, which doesn't require this package.
+%endif
+
+%prep
+%if 0%{GPG_CHECK}
+export GNUPGHOME=./gpg-keyring
+mkdir ${GNUPGHOME}
+gpg2 --import %{SOURCE100} %{SOURCE101} %{SOURCE102}
+gpg2 --verify %{SOURCE1} %{SOURCE0}
+%endif
+%setup -q -n %{name}-%{version}
+
+%build
+CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" meson build_rpm \
+%if "x%{?rhel}" == "x"
+ -Ddoc=enabled \
+%endif
+ -Dsystemd_files=enabled \
+ -Dclient=enabled \
+%if "x%{?suse_version}" == "x"
+ -Ddnstap=enabled \
+%endif
+ -Dunit_tests=enabled \
+ -Dmanaged_ta=enabled \
+ -Dkeyfile_default="%{_sharedstatedir}/knot-resolver/root.keys" \
+ -Dinstall_root_keys=enabled \
+ -Dinstall_kresd_conf=enabled \
+ --buildtype=plain \
+ --prefix="%{_prefix}" \
+ --sbindir="%{_sbindir}" \
+ --libdir="%{_libdir}" \
+ --includedir="%{_includedir}" \
+ --sysconfdir="%{_sysconfdir}" \
+
+%{NINJA} -v -C build_rpm
+%if "x%{?rhel}" == "x"
+%{NINJA} -v -C build_rpm doc
+%endif
+
+%check
+meson test -C build_rpm
+
+%install
+DESTDIR="${RPM_BUILD_ROOT}" %{NINJA} -v -C build_rpm install
+
+# add kresd.target to multi-user.target.wants to support enabling kresd services
+install -m 0755 -d %{buildroot}%{_unitdir}/multi-user.target.wants
+ln -s ../kresd.target %{buildroot}%{_unitdir}/multi-user.target.wants/kresd.target
+
+# remove modules with missing dependencies
+rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/etcd.lua
+
+# remove unused sysusers
+rm %{buildroot}%{_prefix}/lib/sysusers.d/knot-resolver.conf
+
+%if 0%{?suse_version}
+rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/experimental_dot_auth.lua
+rm -r %{buildroot}%{_libdir}/knot-resolver/kres_modules/http
+rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/http*.lua
+rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/prometheus.lua
+%endif
+
+# rename doc directory for centos 7, opensuse
+%if 0%{?suse_version} || 0%{?rhel} == 7
+install -m 755 -d %{buildroot}/%{_pkgdocdir}
+mv %{buildroot}/%{_datadir}/doc/%{name}/* %{buildroot}/%{_pkgdocdir}/
+%endif
+
+%pre
+getent group knot-resolver >/dev/null || groupadd -r knot-resolver
+getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysconfdir}/knot-resolver -s /sbin/nologin -c "Knot Resolver" knot-resolver
+
+%if "x%{?rhel}" == "x"
+# upgrade-4-to-5
+if [ -f %{_unitdir}/kresd.socket ] ; then
+ export UPG_DIR=%{_sharedstatedir}/knot-resolver/.upgrade-4-to-5
+ mkdir -p ${UPG_DIR}
+ touch ${UPG_DIR}/.unfinished
+
+ for sock in kresd.socket kresd-tls.socket kresd-webmgmt.socket kresd-doh.socket ; do
+ if systemctl is-enabled ${sock} 2>/dev/null | grep -qv masked ; then
+ systemctl show ${sock} -p Listen > ${UPG_DIR}/${sock}
+ case "$(systemctl show ${sock} -p BindIPv6Only)" in
+ *ipv6-only)
+ touch ${UPG_DIR}/${sock}.v6only
+ ;;
+ *default)
+ if cat /proc/sys/net/ipv6/bindv6only | grep -q 1 ; then
+ touch ${UPG_DIR}/${sock}.v6only
+ fi
+ ;;
+ esac
+ fi
+ done
+fi
+%endif
+
+
+%post
+# upgrade-4-to-5
+%if "x%{?rhel}" == "x"
+export UPG_DIR=%{_sharedstatedir}/knot-resolver/.upgrade-4-to-5
+if [ -f ${UPG_DIR}/.unfinished ] ; then
+ rm -f ${UPG_DIR}/.unfinished
+ kresd -c %{_libdir}/knot-resolver/upgrade-4-to-5.lua &>/dev/null
+ echo -e "\n !!! WARNING !!!"
+ echo -e "Knot Resolver configuration file requires manual upgrade.\n"
+ cat ${UPG_DIR}/kresd.conf.net 2>/dev/null
+fi
+%endif
+
+# 5.0.1 fix to force restart of kres-cache-gc.service, which was missing in systemd_postun_with_restart
+# TODO: remove once most users upgrade to 5.0.1+
+systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 2 ] ; then
+ systemctl try-restart kres-cache-gc.service >/dev/null 2>&1 || :
+fi
+
+# systemd_post macro is not needed for anything (calls systemctl preset)
+%tmpfiles_create %{_tmpfilesdir}/knot-resolver.conf
+%if "x%{?fedora}" == "x"
+/sbin/ldconfig
+%endif
+
+%preun
+%systemd_preun kres-cache-gc.service kresd.target
+
+%postun
+%systemd_postun_with_restart 'kresd@*.service' kres-cache-gc.service
+%if "x%{?fedora}" == "x"
+/sbin/ldconfig
+%endif
+
+%files
+%dir %{_pkgdocdir}
+%license %{_pkgdocdir}/COPYING
+%doc %{_pkgdocdir}/AUTHORS
+%doc %{_pkgdocdir}/NEWS
+%doc %{_pkgdocdir}/examples
+%dir %{_sysconfdir}/knot-resolver
+%config(noreplace) %{_sysconfdir}/knot-resolver/kresd.conf
+%config(noreplace) %{_sysconfdir}/knot-resolver/root.hints
+%{_sysconfdir}/knot-resolver/icann-ca.pem
+%attr(750,knot-resolver,knot-resolver) %dir %{_sharedstatedir}/knot-resolver
+%attr(640,knot-resolver,knot-resolver) %{_sharedstatedir}/knot-resolver/root.keys
+%{_unitdir}/kresd@.service
+%{_unitdir}/kres-cache-gc.service
+%{_unitdir}/kresd.target
+%dir %{_unitdir}/multi-user.target.wants
+%{_unitdir}/multi-user.target.wants/kresd.target
+%{_mandir}/man7/kresd.systemd.7.gz
+%{_tmpfilesdir}/knot-resolver.conf
+%ghost /run/%{name}
+%ghost %{_localstatedir}/cache/%{name}
+%attr(750,knot-resolver,knot-resolver) %dir %{_libdir}/%{name}
+%{_sbindir}/kresd
+%{_sbindir}/kresc
+%{_sbindir}/kres-cache-gc
+%{_libdir}/libkres.so.*
+%dir %{_libdir}/knot-resolver
+%{_libdir}/knot-resolver/*.so
+%{_libdir}/knot-resolver/*.lua
+%dir %{_libdir}/knot-resolver/kres_modules
+%{_libdir}/knot-resolver/kres_modules/bogus_log.so
+%{_libdir}/knot-resolver/kres_modules/edns_keepalive.so
+%{_libdir}/knot-resolver/kres_modules/hints.so
+%{_libdir}/knot-resolver/kres_modules/nsid.so
+%{_libdir}/knot-resolver/kres_modules/refuse_nord.so
+%{_libdir}/knot-resolver/kres_modules/stats.so
+%{_libdir}/knot-resolver/kres_modules/daf
+%{_libdir}/knot-resolver/kres_modules/daf.lua
+%{_libdir}/knot-resolver/kres_modules/detect_time_jump.lua
+%{_libdir}/knot-resolver/kres_modules/detect_time_skew.lua
+%{_libdir}/knot-resolver/kres_modules/dns64.lua
+%if "x%{?suse_version}" == "x"
+%{_libdir}/knot-resolver/kres_modules/experimental_dot_auth.lua
+%endif
+%{_libdir}/knot-resolver/kres_modules/graphite.lua
+%{_libdir}/knot-resolver/kres_modules/policy.lua
+%{_libdir}/knot-resolver/kres_modules/predict.lua
+%{_libdir}/knot-resolver/kres_modules/prefill.lua
+%{_libdir}/knot-resolver/kres_modules/priming.lua
+%{_libdir}/knot-resolver/kres_modules/rebinding.lua
+%{_libdir}/knot-resolver/kres_modules/renumber.lua
+%{_libdir}/knot-resolver/kres_modules/serve_stale.lua
+%{_libdir}/knot-resolver/kres_modules/ta_sentinel.lua
+%{_libdir}/knot-resolver/kres_modules/ta_signal_query.lua
+%{_libdir}/knot-resolver/kres_modules/ta_update.lua
+%{_libdir}/knot-resolver/kres_modules/view.lua
+%{_libdir}/knot-resolver/kres_modules/watchdog.lua
+%{_libdir}/knot-resolver/kres_modules/workarounds.lua
+%{_mandir}/man8/kresd.8.gz
+
+%files devel
+%{_includedir}/libkres
+%{_libdir}/pkgconfig/libkres.pc
+%{_libdir}/libkres.so
+
+%if "x%{?rhel}" == "x"
+%files doc
+%dir %{_pkgdocdir}
+%doc %{_pkgdocdir}/html
+%doc %{_datadir}/info/knot-resolver.info*
+%dir %{_datadir}/info/knot-resolver-figures
+%doc %{_datadir}/info/knot-resolver-figures/*
+%endif
+
+%if "x%{?suse_version}" == "x"
+%files module-dnstap
+%{_libdir}/knot-resolver/kres_modules/dnstap.so
+%endif
+
+%if "x%{?suse_version}" == "x"
+%files module-http
+%{_libdir}/knot-resolver/debug_opensslkeylog.so
+%{_libdir}/knot-resolver/kres_modules/http
+%{_libdir}/knot-resolver/kres_modules/http*.lua
+%{_libdir}/knot-resolver/kres_modules/prometheus.lua
+%endif
+
+%changelog
+* Fri Feb 16 2018 Tomas Krizek <tomas.krizek@nic.cz> - 2.1.0-1
+- see NEWS or https://www.knot-resolver.cz/
+- move spec file to upstream
diff --git a/distro/tests/.ansible.cfg b/distro/tests/.ansible.cfg
new file mode 100644
index 0000000..eef2015
--- /dev/null
+++ b/distro/tests/.ansible.cfg
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+[defaults]
+
+# additional paths to search for roles in, colon separated
+roles_path = ../ansible-roles
+interpreter_python = auto
+stdout_callback=debug
diff --git a/distro/tests/README.md b/distro/tests/README.md
new file mode 100644
index 0000000..08a951d
--- /dev/null
+++ b/distro/tests/README.md
@@ -0,0 +1,42 @@
+Requirements
+------------
+
+- ansible
+- vagrant
+- libvirt (+vagrant-libvirt) / virtualbox
+
+Usage
+-----
+
+`vagrant up` command is configured to trigger ansible provisioning
+which configures OBS repository, installs the knot-resolver package,
+starts the kresd@1 service and finally attempts to use it to resolve
+a domain name. It also tests that DNSSEC validation is turned on.
+
+By default, the *knot-resolver-devel* repo (for knot-resolver) along
+with *knot-resoler-latest* (for knot) is used. To test only the
+*knot-resolver-latest* repo, set it in `repos.yaml` (or use the
+test-distro.sh script which overwrites this file). If you're running
+tests in parallel, they all HAVE TO use the same repo(s).
+
+Run the following command for every distro (aka directory with
+Vagrantfile):
+
+```
+./test-distro.sh knot-resolver-devel debian9
+```
+
+or
+
+```
+./test-distro.sh knot-resolver-testing debian9
+```
+
+or
+
+```
+./test-distro.sh knot-resolver-latest debian9
+```
+
+At the end of the test, the package version that was tested is
+printed out. Make sure you're testing what you intended to.
diff --git a/distro/tests/ansible-roles/knot_resolver/defaults/main.yaml b/distro/tests/ansible-roles/knot_resolver/defaults/main.yaml
new file mode 100644
index 0000000..0860c26
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/defaults/main.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+repos:
+ - knot-resolver-latest
+distro: "{{ ansible_distribution | replace(' ', '_') }}"
+update_packages: false
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml
new file mode 100644
index 0000000..817b117
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml
@@ -0,0 +1,10 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: dnstap_config set up kresd.conf
+ blockinfile:
+ marker: -- {mark} ANSIBLE MANAGED BLOCK
+ block: |
+ modules.load('dnstap')
+ assert(dnstap)
+ path: /etc/knot-resolver/kresd.conf
+ insertbefore: BOF
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml
new file mode 100644
index 0000000..1da1789
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml
@@ -0,0 +1,10 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh_config set up kresd.conf
+ blockinfile:
+ marker: -- {mark} ANSIBLE MANAGED BLOCK
+ block: |
+ net.listen('127.0.0.1', 44353, { kind = 'doh' })
+ modules.load('http')
+ path: /etc/knot-resolver/kresd.conf
+ insertbefore: BOF
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml
new file mode 100644
index 0000000..eebca20
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh2_config set up kresd.conf
+ blockinfile:
+ marker: -- {mark} ANSIBLE MANAGED BLOCK
+ block: |
+ net.listen('127.0.0.1', 44354, { kind = 'doh2' })
+ path: /etc/knot-resolver/kresd.conf
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml
new file mode 100644
index 0000000..921df1b
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml
@@ -0,0 +1,69 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Include distribution specific vars
+ include_vars: "{{ distro }}.yaml"
+
+- name: Update all packages
+ package:
+ name: '*'
+ state: latest
+ when: update_packages|bool
+
+- name: Install packages
+ package:
+ name: "{{ packages }}"
+ state: latest
+
+- name: Always print package version at the end
+ block:
+
+ - include: restart_kresd.yaml
+
+ - include: test_udp.yaml
+ - include: test_tcp.yaml
+ - include: test_tls.yaml
+ - include: test_dnssec.yaml
+
+ - include: test_kres_cache_gc.yaml
+
+ - name: Test DoH (new implementation)
+ block:
+ - include: configure_doh2.yaml
+ - include: restart_kresd.yaml
+ - include: test_doh2.yaml
+
+ - name: Test DoH (legacy)
+ block:
+ - name: Install knot-resolver-module-http
+ package:
+ name: knot-resolver-module-http
+ state: latest
+
+ - include: configure_doh.yaml
+ when: ansible_distribution in ["CentOS", "Fedora", "Debian", "Ubuntu"]
+
+ - include: restart_kresd.yaml
+ - include: test_doh.yaml
+ when: distro in ["Fedora", "Debian", "CentOS"] or (distro == "Ubuntu" and ansible_distribution_major_version|int >= 18)
+
+ - name: Test dnstap module
+ block:
+ - name: Install knot-resolver-module-dnstap
+ package:
+ name: knot-resolver-module-dnstap
+ state: latest
+ - include: configure_dnstap.yaml
+ - include: restart_kresd.yaml
+ when: distro in ["Fedora", "Debian", "CentOS", "Ubuntu"]
+
+ always:
+
+ - name: Get installed package version
+ shell: "{{ show_package_version }}"
+ args:
+ warn: false
+ register: package_version
+
+ - name: Show installed version
+ debug:
+ var: package_version.stdout
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml
new file mode 100644
index 0000000..00dbf5d
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml
@@ -0,0 +1,16 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- block:
+ - name: Restart kresd@1.service
+ service:
+ name: kresd@1.service
+ state: restarted
+ rescue:
+ - name: Get kresd@1.service journal
+ shell: journalctl -u kresd@1 --since -20s
+ register: journal
+ - name: Print journal
+ debug:
+ var: journal
+ - name: Restart kresd@*.service failed, see log above
+ shell: /bin/false
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml
new file mode 100644
index 0000000..52bbbb2
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml
@@ -0,0 +1,15 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: dnssec_test bogussig.bad-dnssec.wb.sidnlabs.nl. +cd returns NOERROR
+ tags:
+ - test
+ shell: kdig +cd @127.0.0.1 bogussig.bad-dnssec.wb.sidnlabs.nl.
+ register: res
+ failed_when: '"status: NOERROR" not in res.stdout'
+
+- name: dnssec_test bogussig.bad-dnssec.wb.sidnlabs.nl. returns SERVFAIL
+ tags:
+ - test
+ shell: kdig @127.0.0.1 bogussig.bad-dnssec.wb.sidnlabs.nl.
+ register: res
+ failed_when: '"status: SERVFAIL" not in res.stdout'
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml
new file mode 100644
index 0000000..2c200e1
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml
@@ -0,0 +1,9 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh_test query localhost. A
+ get_url:
+ url: https://127.0.0.1:44353/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB
+ sha256sum: e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008
+ dest: /tmp/doh_test
+ mode: 0644
+ validate_certs: false
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml
new file mode 100644
index 0000000..32cf295
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml
@@ -0,0 +1,24 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh2_test check kdig https support
+ shell: kdig --help | grep -q '+\S*https'
+ register: kdig_https
+ ignore_errors: true
+
+- name: doh2_test query localhost. A
+ # use curl instead of ansible builtins (get_url/uri)
+ # because they currently use unsupported HTTP/1.1
+ shell: |
+ curl -k -o /tmp/doh_test https://127.0.0.1:44354/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB
+ echo "e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008 /tmp/doh_test" > /tmp/doh_test.sha256
+ sha256sum --check /tmp/doh_test.sha256
+ args:
+ # disable warning about using curl - we know what we're doing
+ warn: false
+ when: kdig_https is failed
+
+- name: doh2_test kdig localhost. A
+ shell: |
+ kdig @127.0.0.1 -p 44354 +https nic.cz || exit 1
+ kdig @127.0.0.1 -p 44354 +https-get nic.cz || exit 2
+ when: kdig_https is succeeded
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml
new file mode 100644
index 0000000..3a7c9c9
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml
@@ -0,0 +1,4 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: check kres-cache-gc.service is active
+ shell: systemctl is-active -q kres-cache-gc.service
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml
new file mode 100644
index 0000000..1af18fd
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: tcp_test resolve nic.cz
+ tags:
+ - test
+ shell: kdig +tcp @127.0.0.1 nic.cz
+ register: res
+ failed_when: '"status: NOERROR" not in res.stdout'
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml
new file mode 100644
index 0000000..c780657
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: tls_test resolve nic.cz
+ tags:
+ - test
+ shell: kdig +tls @127.0.0.1 nic.cz
+ register: res
+ failed_when: '"status: NOERROR" not in res.stdout'
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml
new file mode 100644
index 0000000..64023ff
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: udp_test resolve nic.cz
+ tags:
+ - test
+ shell: kdig @127.0.0.1 nic.cz
+ register: res
+ failed_when: '"status: NOERROR" not in res.stdout'
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml b/distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml
new file mode 100644
index 0000000..d69cb13
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-utils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml
new file mode 100644
index 0000000..bcdc37a
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: dpkg -s knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-dnsutils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml
new file mode 100644
index 0000000..d69cb13
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-utils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml
new file mode 100644
index 0000000..bcdc37a
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: dpkg -s knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-dnsutils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml
new file mode 100644
index 0000000..d69cb13
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-utils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml
new file mode 100644
index 0000000..39d5ef0
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml
@@ -0,0 +1,7 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+update_packages: true
+packages:
+ - knot-resolver
+ - knot-utils
diff --git a/distro/tests/ansible-roles/obs_repos/defaults/main.yaml b/distro/tests/ansible-roles/obs_repos/defaults/main.yaml
new file mode 100644
index 0000000..05ffcb6
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/defaults/main.yaml
@@ -0,0 +1,4 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_distro: "{{ ansible_distribution | replace(' ', '_') }}"
+obs_repofile_url: "https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/{{ obs_repo_version }}/home:CZ-NIC:{{ item }}.repo"
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/CentOS.yaml b/distro/tests/ansible-roles/obs_repos/tasks/CentOS.yaml
new file mode 100644
index 0000000..fecfbea
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/CentOS.yaml
@@ -0,0 +1,13 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Install EPEL
+ yum:
+ name: epel-release
+ state: present
+
+- name: Download repo file(s)
+ get_url:
+ url: "{{ obs_repofile_url }}"
+ dest: /etc/yum.repos.d/home:CZ-NIC:{{ item }}.repo
+ mode: 0644
+ with_items: "{{ repos }}"
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/Debian.yaml b/distro/tests/ansible-roles/obs_repos/tasks/Debian.yaml
new file mode 100644
index 0000000..6220f89
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/Debian.yaml
@@ -0,0 +1,15 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Add upstream package signing key
+ get_url:
+ url: https://gitlab.nic.cz/knot/knot-resolver-release/raw/master/cznic-obs.gpg.asc
+ dest: /etc/apt/trusted.gpg.d/cznic-obs.gpg.asc
+ mode: 0644
+
+- name: Add OBS repo(s)
+ apt_repository:
+ repo: >
+ deb http://download.opensuse.org/repositories/home:/CZ-NIC:/{{ item }}/{{ obs_repo_version }}/ /
+ state: present
+ update_cache: true
+ with_items: "{{ repos }}"
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/Fedora.yaml b/distro/tests/ansible-roles/obs_repos/tasks/Fedora.yaml
new file mode 100644
index 0000000..520e057
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/Fedora.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Download repo file(s)
+ get_url:
+ url: "{{ obs_repofile_url }}"
+ dest: "/etc/yum.repos.d/home:CZ-NIC:{{ item }}.repo"
+ mode: 0644
+ with_items: "{{ repos }}"
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/Ubuntu.yaml b/distro/tests/ansible-roles/obs_repos/tasks/Ubuntu.yaml
new file mode 100644
index 0000000..ba424c4
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/Ubuntu.yaml
@@ -0,0 +1,14 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Add upstream package signing key
+ apt_key:
+ url: https://gitlab.nic.cz/knot/knot-resolver-release/raw/master/cznic-obs.gpg.asc
+ state: present
+
+- name: Add OBS repo(s)
+ apt_repository:
+ repo: >
+ deb http://download.opensuse.org/repositories/home:/CZ-NIC:/{{ item }}/{{ obs_repo_version }}/ /
+ state: present
+ update_cache: true
+ with_items: "{{ repos }}"
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/main.yaml b/distro/tests/ansible-roles/obs_repos/tasks/main.yaml
new file mode 100644
index 0000000..47976f9
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/main.yaml
@@ -0,0 +1,12 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Include Debian specific vars
+ include_vars: "{{ obs_distro }}_{{ ansible_distribution_major_version }}.yaml"
+ when: obs_distro == "Debian"
+
+- name: Include distribution specific vars
+ include_vars: "{{ obs_distro }}.yaml"
+ when: obs_distro != "Debian"
+
+- name: Configure upstream reporitories
+ include: "{{ obs_distro }}.yaml"
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Leap.yaml b/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Leap.yaml
new file mode 100644
index 0000000..84ab5a9
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Leap.yaml
@@ -0,0 +1,19 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Install python-xml dependency for zypper_repository
+ shell: zypper install -y python-xml
+ args:
+ warn: false
+
+- name: Add upstream repo(s)
+ zypper_repository:
+ repo: "{{ obs_repofile_url }}"
+ state: present
+ disable_gpg_check: true # auto_import_keys is broken
+ with_items: "{{ repos }}"
+
+- name: Refresh all repositories
+ zypper_repository:
+ repo: '*'
+ runrefresh: true
+ failed_when: false
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Tumbleweed.yaml b/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Tumbleweed.yaml
new file mode 100644
index 0000000..c063014
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Tumbleweed.yaml
@@ -0,0 +1,13 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Add upstream repo(s)
+ zypper_repository:
+ repo: "{{ obs_repofile_url }}"
+ state: present
+ disable_gpg_check: true # auto_import_keys is broken
+ with_items: "{{ repos }}"
+
+- name: Refresh all repositories
+ zypper_repository:
+ repo: '*'
+ runrefresh: true
diff --git a/distro/tests/ansible-roles/obs_repos/vars/CentOS.yaml b/distro/tests/ansible-roles/obs_repos/vars/CentOS.yaml
new file mode 100644
index 0000000..22b4795
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/CentOS.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_major_version }}_EPEL"
diff --git a/distro/tests/ansible-roles/obs_repos/vars/Debian_10.yaml b/distro/tests/ansible-roles/obs_repos/vars/Debian_10.yaml
new file mode 100644
index 0000000..5db857e
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/Debian_10.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_major_version }}"
diff --git a/distro/tests/ansible-roles/obs_repos/vars/Debian_9.yaml b/distro/tests/ansible-roles/obs_repos/vars/Debian_9.yaml
new file mode 100644
index 0000000..21cce25
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/Debian_9.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_major_version }}.0"
diff --git a/distro/tests/ansible-roles/obs_repos/vars/Fedora.yaml b/distro/tests/ansible-roles/obs_repos/vars/Fedora.yaml
new file mode 100644
index 0000000..5db857e
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/Fedora.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_major_version }}"
diff --git a/distro/tests/ansible-roles/obs_repos/vars/Ubuntu.yaml b/distro/tests/ansible-roles/obs_repos/vars/Ubuntu.yaml
new file mode 100644
index 0000000..4e5cd2c
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/Ubuntu.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "x{{ obs_distro }}_{{ ansible_distribution_version }}"
diff --git a/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Leap.yaml b/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Leap.yaml
new file mode 100644
index 0000000..7dbd7d8
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Leap.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_version }}"
diff --git a/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Tumbleweed.yaml b/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Tumbleweed.yaml
new file mode 100644
index 0000000..d875db7
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Tumbleweed.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "{{ obs_distro }}"
diff --git a/distro/tests/centos7/Vagrantfile b/distro/tests/centos7/Vagrantfile
new file mode 100644
index 0000000..2358be3
--- /dev/null
+++ b/distro/tests/centos7/Vagrantfile
@@ -0,0 +1,30 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+#
+
+Vagrant.configure(2) do |config|
+
+ config.vm.box = "centos/7"
+ config.vm.synced_folder ".", "/vagrant", disabled: true
+
+ config.vm.define "centos7_knot-resolver" do |machine|
+ machine.vm.provision "ansible" do |ansible|
+ ansible.playbook = "../knot-resolver-pkgtest.yaml"
+ ansible.extra_vars = {
+ ansible_python_interpreter: "/usr/bin/python2"
+ }
+ end
+ end
+
+ config.vm.provider :libvirt do |libvirt|
+ libvirt.cpus = 1
+ libvirt.memory = 1024
+ end
+
+ config.vm.provider :virtualbox do |vbox|
+ vbox.cpus = 1
+ vbox.memory = 1024
+ end
+
+end
diff --git a/distro/tests/centos7/ansible.cfg b/distro/tests/centos7/ansible.cfg
new file mode 120000
index 0000000..f80698e
--- /dev/null
+++ b/distro/tests/centos7/ansible.cfg
@@ -0,0 +1 @@
+../.ansible.cfg \ No newline at end of file
diff --git a/distro/tests/centos8/Vagrantfile b/distro/tests/centos8/Vagrantfile
new file mode 100644
index 0000000..e5b8f01
--- /dev/null
+++ b/distro/tests/centos8/Vagrantfile
@@ -0,0 +1,30 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+#
+
+Vagrant.configure(2) do |config|
+
+ config.vm.box = "centos/8"
+ config.vm.synced_folder ".", "/vagrant", disabled: true
+
+ config.vm.define "centos8_knot-resolver" do |machine|
+ machine.vm.provision "ansible" do |ansible|
+ ansible.playbook = "../knot-resolver-pkgtest.yaml"
+ ansible.extra_vars = {
+ ansible_python_interpreter: "/usr/libexec/platform-python"
+ }
+ end
+ end
+
+ config.vm.provider :libvirt do |libvirt|
+ libvirt.cpus = 1
+ libvirt.memory = 1024
+ end
+
+ config.vm.provider :virtualbox do |vbox|
+ vbox.cpus = 1
+ vbox.memory = 1024
+ end
+
+end
diff --git a/distro/tests/centos8/ansible.cfg b/distro/tests/centos8/ansible.cfg
new file mode 120000
index 0000000..f80698e
--- /dev/null
+++ b/distro/tests/centos8/ansible.cfg
@@ -0,0 +1 @@
+../.ansible.cfg \ No newline at end of file
diff --git a/distro/tests/debian10/Vagrantfile b/distro/tests/debian10/Vagrantfile
new file mode 100644
index 0000000..7f51f1a
--- /dev/null
+++ b/distro/tests/debian10/Vagrantfile
@@ -0,0 +1,28 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+#
+
+Vagrant.configure(2) do |config|
+
+ # debian/buster64 requires manual intervention for apt update as of 2019-07-18
+ config.vm.box = "generic/debian10"
+ config.vm.synced_folder ".", "/vagrant", disabled: true
+
+ config.vm.define "debian10_knot-resolver" do |machine|
+ machine.vm.provision "ansible" do |ansible|
+ ansible.playbook = "../knot-resolver-pkgtest.yaml"
+ end
+ end
+
+ config.vm.provider :libvirt do |libvirt|
+ libvirt.cpus = 1
+ libvirt.memory = 1024
+ end
+
+ config.vm.provider :virtualbox do |vbox|
+ vbox.cpus = 1
+ vbox.memory = 1024
+ end
+
+end
diff --git a/distro/tests/debian10/ansible.cfg b/distro/tests/debian10/ansible.cfg
new file mode 120000
index 0000000..f80698e
--- /dev/null
+++ b/distro/tests/debian10/ansible.cfg
@@ -0,0 +1 @@
+../.ansible.cfg \ No newline at end of file
diff --git a/distro/tests/debian9/Vagrantfile b/distro/tests/debian9/Vagrantfile
new file mode 100644
index 0000000..c4b6a24
--- /dev/null
+++ b/distro/tests/debian9/Vagrantfile
@@ -0,0 +1,27 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+#
+
+Vagrant.configure(2) do |config|
+
+ config.vm.box = "debian/stretch64"
+ config.vm.synced_folder ".", "/vagrant", disabled: true
+
+ config.vm.define "debian9_knot-resolver" do |machine|
+ machine.vm.provision "ansible" do |ansible|
+ ansible.playbook = "../knot-resolver-pkgtest.yaml"
+ end
+ end
+
+ config.vm.provider :libvirt do |libvirt|
+ libvirt.cpus = 1
+ libvirt.memory = 1024
+ end
+
+ config.vm.provider :virtualbox do |vbox|
+ vbox.cpus = 1
+ vbox.memory = 1024
+ end
+
+end
diff --git a/distro/tests/debian9/ansible.cfg b/distro/tests/debian9/ansible.cfg
new file mode 120000
index 0000000..f80698e
--- /dev/null
+++ b/distro/tests/debian9/ansible.cfg
@@ -0,0 +1 @@
+../.ansible.cfg \ No newline at end of file
diff --git a/distro/tests/fedora32/Vagrantfile b/distro/tests/fedora32/Vagrantfile
new file mode 100644
index 0000000..c784c65
--- /dev/null
+++ b/distro/tests/fedora32/Vagrantfile
@@ -0,0 +1,30 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+#
+
+Vagrant.configure(2) do |config|
+
+ config.vm.box = "fedora/32-cloud-base"
+ config.vm.synced_folder ".", "/vagrant", disabled: true
+
+ config.vm.define "fedora32_knot-resolver" do |machine|
+ machine.vm.provision "ansible" do |ansible|
+ ansible.playbook = "../knot-resolver-pkgtest.yaml"
+ ansible.extra_vars = {
+ ansible_python_interpreter: "/usr/bin/python3",
+ }
+ end
+ end
+
+ config.vm.provider :libvirt do |libvirt|
+ libvirt.cpus = 1
+ libvirt.memory = 1024
+ end
+
+ config.vm.provider :virtualbox do |vbox|
+ vbox.cpus = 1
+ vbox.memory = 1024
+ end
+
+end
diff --git a/distro/tests/fedora32/ansible.cfg b/distro/tests/fedora32/ansible.cfg
new file mode 120000
index 0000000..f80698e
--- /dev/null
+++ b/distro/tests/fedora32/ansible.cfg
@@ -0,0 +1 @@
+../.ansible.cfg \ No newline at end of file
diff --git a/distro/tests/fedora33/Vagrantfile b/distro/tests/fedora33/Vagrantfile
new file mode 100644
index 0000000..7971439
--- /dev/null
+++ b/distro/tests/fedora33/Vagrantfile
@@ -0,0 +1,30 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+#
+
+Vagrant.configure(2) do |config|
+
+ config.vm.box = "fedora/33-cloud-base"
+ config.vm.synced_folder ".", "/vagrant", disabled: true
+
+ config.vm.define "fedora33_knot-resolver" do |machine|
+ machine.vm.provision "ansible" do |ansible|
+ ansible.playbook = "../knot-resolver-pkgtest.yaml"
+ ansible.extra_vars = {
+ ansible_python_interpreter: "/usr/bin/python3",
+ }
+ end
+ end
+
+ config.vm.provider :libvirt do |libvirt|
+ libvirt.cpus = 1
+ libvirt.memory = 1024
+ end
+
+ config.vm.provider :virtualbox do |vbox|
+ vbox.cpus = 1
+ vbox.memory = 1024
+ end
+
+end
diff --git a/distro/tests/fedora33/ansible.cfg b/distro/tests/fedora33/ansible.cfg
new file mode 120000
index 0000000..f80698e
--- /dev/null
+++ b/distro/tests/fedora33/ansible.cfg
@@ -0,0 +1 @@
+../.ansible.cfg \ No newline at end of file
diff --git a/distro/tests/knot-resolver-pkgtest.yaml b/distro/tests/knot-resolver-pkgtest.yaml
new file mode 100644
index 0000000..83545bb
--- /dev/null
+++ b/distro/tests/knot-resolver-pkgtest.yaml
@@ -0,0 +1,13 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- hosts: all
+
+ remote_user: root
+ become: true
+
+ vars_files:
+ - repos.yaml
+
+ roles:
+ - obs_repos
+ - knot_resolver
diff --git a/distro/tests/leap15/Vagrantfile b/distro/tests/leap15/Vagrantfile
new file mode 100644
index 0000000..a2f7646
--- /dev/null
+++ b/distro/tests/leap15/Vagrantfile
@@ -0,0 +1,29 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+#
+
+Vagrant.configure(2) do |config|
+
+ config.vm.box = "generic/opensuse15"
+
+ config.vm.synced_folder ".", "/vagrant", disabled: true
+
+ config.vm.define "leap15_knot-resolver" do |machine|
+ machine.vm.provision "ansible" do |ansible|
+ ansible.playbook = "../knot-resolver-pkgtest.yaml"
+ end
+ end
+
+ config.vm.provider :libvirt do |libvirt|
+ libvirt.cpus = 1
+ libvirt.memory = 1024
+ libvirt.disk_bus = "sata"
+ end
+
+ config.vm.provider :virtualbox do |vbox|
+ vbox.cpus = 1
+ vbox.memory = 1024
+ end
+
+end
diff --git a/distro/tests/leap15/ansible.cfg b/distro/tests/leap15/ansible.cfg
new file mode 120000
index 0000000..f80698e
--- /dev/null
+++ b/distro/tests/leap15/ansible.cfg
@@ -0,0 +1 @@
+../.ansible.cfg \ No newline at end of file
diff --git a/distro/tests/repos.yaml b/distro/tests/repos.yaml
new file mode 100644
index 0000000..bd4bedd
--- /dev/null
+++ b/distro/tests/repos.yaml
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+repos:
+ - knot-resolver-latest
+ - knot-resolver-devel
diff --git a/distro/tests/test-distro.sh b/distro/tests/test-distro.sh
new file mode 100755
index 0000000..55b75d0
--- /dev/null
+++ b/distro/tests/test-distro.sh
@@ -0,0 +1,26 @@
+#!/bin/bash -x
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# ./test-distro.sh {obs_repo} {distro}
+# Example usage: ./test-distro.sh knot-resolver-devel debian9
+
+pkgtestdir="$(dirname ${0})"
+repofile="$pkgtestdir/repos.yaml"
+
+distro=$2
+repo=$1
+
+# Select repos
+echo -e "repos:\n - $repo" > $repofile
+if [ "$repo" == "knot-resolver-devel" ]; then
+ # get Knot DNS from knot-resolver-latest
+ echo -e ' - knot-resolver-latest' >> $repofile
+fi
+
+pushd "$pkgtestdir/$distro"
+vagrant destroy -f &>/dev/null
+vagrant up
+ret=$?
+vagrant destroy -f &>/dev/null
+popd
+exit $ret
diff --git a/distro/tests/ubuntu1604/Vagrantfile b/distro/tests/ubuntu1604/Vagrantfile
new file mode 100644
index 0000000..6d22501
--- /dev/null
+++ b/distro/tests/ubuntu1604/Vagrantfile
@@ -0,0 +1,30 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+#
+
+Vagrant.configure(2) do |config|
+
+ config.vm.box = "generic/ubuntu1604"
+ config.vm.synced_folder ".", "/vagrant", disabled: true
+
+ config.vm.define "ubuntu1604_knot-resolver" do |machine|
+ machine.vm.provision "ansible" do |ansible|
+ ansible.playbook = "../knot-resolver-pkgtest.yaml"
+ ansible.extra_vars = {
+ ansible_python_interpreter: "/usr/bin/python3"
+ }
+ end
+ end
+
+ config.vm.provider :libvirt do |libvirt|
+ libvirt.cpus = 1
+ libvirt.memory = 1024
+ end
+
+ config.vm.provider :virtualbox do |vbox|
+ vbox.cpus = 1
+ vbox.memory = 1024
+ end
+
+end
diff --git a/distro/tests/ubuntu1604/ansible.cfg b/distro/tests/ubuntu1604/ansible.cfg
new file mode 120000
index 0000000..f80698e
--- /dev/null
+++ b/distro/tests/ubuntu1604/ansible.cfg
@@ -0,0 +1 @@
+../.ansible.cfg \ No newline at end of file
diff --git a/distro/tests/ubuntu1804/Vagrantfile b/distro/tests/ubuntu1804/Vagrantfile
new file mode 100644
index 0000000..5c53895
--- /dev/null
+++ b/distro/tests/ubuntu1804/Vagrantfile
@@ -0,0 +1,30 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+#
+
+Vagrant.configure(2) do |config|
+
+ config.vm.box = "generic/ubuntu1804"
+ config.vm.synced_folder ".", "/vagrant", disabled: true
+
+ config.vm.define "ubuntu1804_knot-resolver" do |machine|
+ machine.vm.provision "ansible" do |ansible|
+ ansible.playbook = "../knot-resolver-pkgtest.yaml"
+ ansible.extra_vars = {
+ ansible_python_interpreter: "/usr/bin/python3"
+ }
+ end
+ end
+
+ config.vm.provider :libvirt do |libvirt|
+ libvirt.cpus = 1
+ libvirt.memory = 1024
+ end
+
+ config.vm.provider :virtualbox do |vbox|
+ vbox.cpus = 1
+ vbox.memory = 1024
+ end
+
+end
diff --git a/distro/tests/ubuntu1804/ansible.cfg b/distro/tests/ubuntu1804/ansible.cfg
new file mode 120000
index 0000000..f80698e
--- /dev/null
+++ b/distro/tests/ubuntu1804/ansible.cfg
@@ -0,0 +1 @@
+../.ansible.cfg \ No newline at end of file
diff --git a/distro/tests/ubuntu2004/Vagrantfile b/distro/tests/ubuntu2004/Vagrantfile
new file mode 100644
index 0000000..3d5c40a
--- /dev/null
+++ b/distro/tests/ubuntu2004/Vagrantfile
@@ -0,0 +1,30 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+#
+
+Vagrant.configure(2) do |config|
+
+ config.vm.box = "generic/ubuntu2004"
+ config.vm.synced_folder ".", "/vagrant", disabled: true
+
+ config.vm.define "ubuntu2004_knot-resolver" do |machine|
+ machine.vm.provision "ansible" do |ansible|
+ ansible.playbook = "../knot-resolver-pkgtest.yaml"
+ ansible.extra_vars = {
+ ansible_python_interpreter: "/usr/bin/python3"
+ }
+ end
+ end
+
+ config.vm.provider :libvirt do |libvirt|
+ libvirt.cpus = 1
+ libvirt.memory = 1024
+ end
+
+ config.vm.provider :virtualbox do |vbox|
+ vbox.cpus = 1
+ vbox.memory = 1024
+ end
+
+end
diff --git a/distro/tests/ubuntu2004/ansible.cfg b/distro/tests/ubuntu2004/ansible.cfg
new file mode 120000
index 0000000..f80698e
--- /dev/null
+++ b/distro/tests/ubuntu2004/ansible.cfg
@@ -0,0 +1 @@
+../.ansible.cfg \ No newline at end of file
diff --git a/distro/tests/ubuntu2010/Vagrantfile b/distro/tests/ubuntu2010/Vagrantfile
new file mode 100644
index 0000000..c9020a3
--- /dev/null
+++ b/distro/tests/ubuntu2010/Vagrantfile
@@ -0,0 +1,31 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+#
+
+Vagrant.configure(2) do |config|
+
+ # TODO: switch to generic/ubuntu2010 when available (has libvirt box)
+ config.vm.box = "ubuntu/groovy64"
+ config.vm.synced_folder ".", "/vagrant", disabled: true
+
+ config.vm.define "ubuntu2010_knot-resolver" do |machine|
+ machine.vm.provision "ansible" do |ansible|
+ ansible.playbook = "../knot-resolver-pkgtest.yaml"
+ ansible.extra_vars = {
+ ansible_python_interpreter: "/usr/bin/python3"
+ }
+ end
+ end
+
+ config.vm.provider :libvirt do |libvirt|
+ libvirt.cpus = 1
+ libvirt.memory = 1024
+ end
+
+ config.vm.provider :virtualbox do |vbox|
+ vbox.cpus = 1
+ vbox.memory = 1024
+ end
+
+end
diff --git a/distro/tests/ubuntu2010/ansible.cfg b/distro/tests/ubuntu2010/ansible.cfg
new file mode 120000
index 0000000..f80698e
--- /dev/null
+++ b/distro/tests/ubuntu2010/ansible.cfg
@@ -0,0 +1 @@
+../.ansible.cfg \ No newline at end of file