summaryrefslogtreecommitdiffstats
path: root/distro/deb
diff options
context:
space:
mode:
Diffstat (limited to 'distro/deb')
-rw-r--r--distro/deb/changelog6
-rw-r--r--distro/deb/clean2
-rw-r--r--distro/deb/compat1
-rw-r--r--distro/deb/control213
-rw-r--r--distro/deb/copyright193
-rw-r--r--distro/deb/docs1
-rw-r--r--distro/deb/knot-dnsutils.NEWS6
-rw-r--r--distro/deb/knot-dnsutils.install6
-rw-r--r--distro/deb/knot-doc.install1
-rw-r--r--distro/deb/knot-doc.links2
-rw-r--r--distro/deb/knot-host.NEWS6
-rw-r--r--distro/deb/knot-host.install2
-rw-r--r--distro/deb/knot.NEWS12
-rw-r--r--distro/deb/knot.dirs1
-rw-r--r--distro/deb/knot.init168
-rw-r--r--distro/deb/knot.install19
-rw-r--r--distro/deb/knot.maintscript1
-rw-r--r--distro/deb/knot.postinst16
-rw-r--r--distro/deb/knot.postrm18
-rw-r--r--distro/deb/knot.service20
-rw-r--r--distro/deb/knot.tmpfile3
-rw-r--r--distro/deb/libdnssec8.install1
-rw-r--r--distro/deb/libdnssec8.symbols92
-rw-r--r--distro/deb/libknot-dev.install3
-rw-r--r--distro/deb/libknot11.install1
-rw-r--r--distro/deb/libknot11.symbols220
-rw-r--r--distro/deb/libzscanner3.install1
-rw-r--r--distro/deb/libzscanner3.symbols11
-rw-r--r--distro/deb/not-installed1
-rwxr-xr-xdistro/deb/prepare-environment38
-rwxr-xr-xdistro/deb/rules95
-rw-r--r--distro/deb/source/format1
-rw-r--r--distro/deb/tests/control2
-rwxr-xr-xdistro/deb/tests/kdig11
-rw-r--r--distro/deb/ufw/knot4
-rw-r--r--distro/deb/watch4
36 files changed, 1182 insertions, 0 deletions
diff --git a/distro/deb/changelog b/distro/deb/changelog
new file mode 100644
index 0000000..285b69e
--- /dev/null
+++ b/distro/deb/changelog
@@ -0,0 +1,6 @@
+knot (__VERSION__-cznic.1) unstable; urgency=medium
+
+ * move changelog to OBS
+ * see NEWS or https://knot-dns.cz
+
+ -- Tomas Krizek <tomas.krizek@nic.cz> Tue, 21 Feb 2018 17:36:45 +0100
diff --git a/distro/deb/clean b/distro/deb/clean
new file mode 100644
index 0000000..b2a9f3f
--- /dev/null
+++ b/distro/deb/clean
@@ -0,0 +1,2 @@
+doc/modules
+.pybuild/
diff --git a/distro/deb/compat b/distro/deb/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/distro/deb/compat
@@ -0,0 +1 @@
+9
diff --git a/distro/deb/control b/distro/deb/control
new file mode 100644
index 0000000..eef687e
--- /dev/null
+++ b/distro/deb/control
@@ -0,0 +1,213 @@
+Source: knot
+Section: net
+Priority: optional
+Maintainer: Knot DNS <knot-dns@labs.nic.cz>
+Uploaders:
+ Tomas Krizek <tomas.krizek@nic.cz>,
+ Daniel Salzman <daniel.salzman@nic.cz>,
+Build-Depends-Indep:
+ python3-setuptools,
+ python3-sphinx,
+Build-Depends:
+ debhelper (>= 9),
+ dh-python,
+ libcap-ng-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386],
+ libedit-dev,
+ libelf-dev,
+ libfstrm-dev,
+ libgnutls28-dev,
+ libidn2-0-dev,
+ liblmdb-dev,
+ libmaxminddb-dev [!powerpcspe !sh4 !x32],
+ libnghttp2-dev,
+ libprotobuf-c-dev,
+ libsofthsm2 <!nocheck>,
+ libsystemd-dev [linux-any] | libsystemd-daemon-dev [linux-any],
+ libsystemd-dev [linux-any] | libsystemd-journal-dev [linux-any],
+ liburcu-dev (>= 0.4),
+ pkg-config,
+ protobuf-c-compiler,
+ python3-all,
+Standards-Version: 4.5.0
+Homepage: https://www.knot-dns.cz/
+Vcs-Browser: https://gitlab.nic.cz/knot/knot-dns
+Vcs-Git: https://gitlab.nic.cz/knot/knot-dns.git
+Rules-Requires-Root: no
+
+Package: knot
+Architecture: any
+Depends:
+ adduser,
+ libdnssec8 (= ${binary:Version}),
+ libknot11 (= ${binary:Version}),
+ libzscanner3 (= ${binary:Version}),
+ lsb-base (>= 3.0-6),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Pre-Depends:
+ ${misc:Pre-Depends},
+Suggests:
+ systemd,
+Description: Authoritative domain name server
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+
+Package: libknot11
+Architecture: any
+Multi-Arch: same
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libs
+Description: DNS shared library from Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides a DNS shared library used by Knot DNS and
+ Knot Resolver.
+
+Package: libzscanner3
+Architecture: any
+Multi-Arch: same
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libs
+Description: DNS zone-parsing shared library from Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides a fast zone parser shared library used by Knot
+ DNS and Knot Resolver.
+
+Package: libdnssec8
+Architecture: any
+Multi-Arch: same
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libs
+Description: DNSSEC shared library from Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides common DNSSEC shared library used by Knot DNS
+ and Knot Resolver.
+
+Package: libknot-dev
+Architecture: any
+Multi-Arch: same
+Depends:
+ libdnssec8 (= ${binary:Version}),
+ libgnutls28-dev,
+ libknot11 (= ${binary:Version}),
+ libzscanner3 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libdevel
+Description: Knot DNS shared library development files
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides development files for shared libraries from Knot DNS.
+
+Package: knot-dnsutils
+Architecture: any
+Depends:
+ libdnssec8 (= ${binary:Version}),
+ libknot11 (= ${binary:Version}),
+ libzscanner3 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: DNS clients provided with Knot DNS (kdig, knsupdate)
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package delivers various DNS client programs from Knot DNS.
+ .
+ - kdig - query a DNS server in various ways
+ - knsupdate - perform dynamic updates (See RFC2136)
+ - kxdpgun - send a DNS query stream over UDP to a DNS server
+ .
+ Those clients were designed to be almost 1:1 compatible with BIND dnsutils,
+ but they provide some enhancements, which are documented.
+ .
+ WARNING: knslookup is not provided as it is considered obsolete.
+
+Package: knot-host
+Architecture: any
+Depends:
+ libdnssec8 (= ${binary:Version}),
+ libknot11 (= ${binary:Version}),
+ libzscanner3 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: Version of 'host' bundled with Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides the 'host' program from Knot DNS. This program is
+ designed to be almost 1:1 compatible with BIND 9.x 'host' program.
+
+Package: knot-doc
+Architecture: all
+Multi-Arch: foreign
+Depends:
+ libjs-jquery,
+ libjs-underscore,
+ ${misc:Depends},
+Section: doc
+Description: Documentation for Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides various documents that are useful for
+ maintaining a working Knot DNS installation.
+
+Package: python3-libknot
+Architecture: all
+Depends:
+ ${misc:Depends},
+ ${python3:Depends},
+Section: python
+Description: Python bindings for libknot
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides Python bindings for the libknot shared library.
diff --git a/distro/deb/copyright b/distro/deb/copyright
new file mode 100644
index 0000000..27f681f
--- /dev/null
+++ b/distro/deb/copyright
@@ -0,0 +1,193 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Knot DNS
+Upstream-Contact: knot-dns@labs.nic.cz
+Source: https://secure.nic.cz/files/knot-dns/
+
+Files: *
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: m4/*
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 1996-2001, 2003-2015 Free Software Foundation, Inc.
+License: GPL-3+
+
+Files: install-sh
+Copyright: 1994 X Consortium
+License: MIT
+
+Files: debian/* distro/deb/*
+Copyright: 2011 Ondřej Surý <ondrej@debian.org>
+ 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: tests/tap/*
+Copyright: 2000-2001, 2004, 2006-2012 Russ Allbery <rra@stanford.edu>
+ 2006, 2007, 2008, 2013 The Board of Trustees of the Leland Stanford Junior University
+License: MIT
+
+Files: tests/tap/files.*
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: src/contrib/dnstap/*
+Copyright: 2014, Farsight Security, Inc. <software@farsightsecurity.com>
+ 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: src/contrib/libbpf/*
+Copyright: 2013-2015 Alexei Starovoitov <ast@kernel.org>
+ 2015 Wang Nan <wangnan0@huawei.com>
+ 2015 Huawei Inc.
+ 2017 Nicira, Inc.
+ 2019 Isovalent, Inc.
+ 2019 Netronome Systems, Inc.
+ 2003-2013 Thomas Graf <tgraf@suug.ch>
+ 2018-2019 Intel Corporation.
+ 2018-2019 Facebook
+License: LGPL-2.1
+
+Files: src/contrib/openbsd/siphash.*
+Copyright: 2013 Andre Oppermann <andre@FreeBSD.org>
+License: BSD-3-Clause
+
+Files: src/contrib/openbsd/strl*
+Copyright: 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+License: 0BSD
+
+Files: src/contrib/qp-trie/*
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2018 Tony Finch <dot@dotat.at>
+License: GPL-3+
+
+Files: src/contrib/ucw/*
+Copyright: 1997-2017 Martin Mares <mj@ucw.cz>
+ 2007 Pavel Charvat <pchar@ucw.cz>
+ 2012 Ondrej Filip <feela@network.cz>
+License: LGPL-2.0
+
+Files: src/contrib/ucw/heap.h
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: src/contrib/url-parser/*
+Copyright: Igor Sysoev
+Copyright: Nginx, Inc.
+Copyright: Joyent, Inc.
+License: MIT
+
+Files: src/contrib/vpool/*
+Copyright: 2006, 2008 Alexey Vatchenko <av@bsdua.org>
+License: 0BSD
+
+Files: tests-fuzz/main.c
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2017 Tim Ruehsen
+License: MIT
+
+License: GPL-3+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the full text of the GNU General Public License
+ version 3 can be found in the file `/usr/share/common-licenses/GPL-3'.
+
+License: LGPL-2.0
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+ .
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+ .
+ You should have received a copy of the GNU Library General Public
+ License along with this library; if not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ Boston, MA 02110-1301, USA.
+
+License: LGPL-2.1
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU Lesser General Public
+ License version 2.1 can be found in `/usr/share/common-licenses/LGPL-2.1'.
+
+License: 0BSD
+ Permission to use, copy, modify, and distribute this software for any
+ purpose with or without fee is hereby granted, provided that the above
+ copyright notice and this permission notice appear in all copies.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+License: BSD-3-Clause
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+ 1. Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ 3. Neither the name of the copyright holder nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: MIT
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ SOFTWARE.
diff --git a/distro/deb/docs b/distro/deb/docs
new file mode 100644
index 0000000..b43bf86
--- /dev/null
+++ b/distro/deb/docs
@@ -0,0 +1 @@
+README.md
diff --git a/distro/deb/knot-dnsutils.NEWS b/distro/deb/knot-dnsutils.NEWS
new file mode 100644
index 0000000..20045dc
--- /dev/null
+++ b/distro/deb/knot-dnsutils.NEWS
@@ -0,0 +1,6 @@
+knot (2.5.4-2) unstable; urgency=medium
+
+ The compatibility links with dig and nsupdate has been dropped
+ in favour of coinstallability with dnsutils (from BIND9).
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 18 Sep 2017 07:07:49 +0200
diff --git a/distro/deb/knot-dnsutils.install b/distro/deb/knot-dnsutils.install
new file mode 100644
index 0000000..1076236
--- /dev/null
+++ b/distro/deb/knot-dnsutils.install
@@ -0,0 +1,6 @@
+usr/bin/kdig
+usr/bin/knsupdate
+usr/sbin/kxdpgun
+usr/share/man/man1/kdig.1
+usr/share/man/man1/knsupdate.1
+usr/share/man/man8/kxdpgun.8
diff --git a/distro/deb/knot-doc.install b/distro/deb/knot-doc.install
new file mode 100644
index 0000000..c2a345d
--- /dev/null
+++ b/distro/deb/knot-doc.install
@@ -0,0 +1 @@
+usr/share/doc/knot/* /usr/share/doc/knot-doc/
diff --git a/distro/deb/knot-doc.links b/distro/deb/knot-doc.links
new file mode 100644
index 0000000..3949022
--- /dev/null
+++ b/distro/deb/knot-doc.links
@@ -0,0 +1,2 @@
+usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-doc/_static/jquery.js
+usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-doc/_static/underscore.js
diff --git a/distro/deb/knot-host.NEWS b/distro/deb/knot-host.NEWS
new file mode 100644
index 0000000..20045dc
--- /dev/null
+++ b/distro/deb/knot-host.NEWS
@@ -0,0 +1,6 @@
+knot (2.5.4-2) unstable; urgency=medium
+
+ The compatibility links with dig and nsupdate has been dropped
+ in favour of coinstallability with dnsutils (from BIND9).
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 18 Sep 2017 07:07:49 +0200
diff --git a/distro/deb/knot-host.install b/distro/deb/knot-host.install
new file mode 100644
index 0000000..fc5b4a3
--- /dev/null
+++ b/distro/deb/knot-host.install
@@ -0,0 +1,2 @@
+usr/bin/khost
+usr/share/man/man1/khost.1
diff --git a/distro/deb/knot.NEWS b/distro/deb/knot.NEWS
new file mode 100644
index 0000000..fa22ec4
--- /dev/null
+++ b/distro/deb/knot.NEWS
@@ -0,0 +1,12 @@
+knot (2.0.0-1) unstable; urgency=medium
+
+ The configuration file format has changed with Knot DNS 2.0 release.
+ The knot1to2 conversion tools has been provided for your convenience
+ and the package will automatically save the existing configuration
+ file to /var/backups/knot/<TIMESTAMP> directory and convert the
+ configuration file into the new format. The Knot DNS team worked
+ hard to make this transition as smooth as possible, but you are
+ strongly advised to check the results if everything went as
+ expected.
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 29 Jun 2015 10:36:08 +0200
diff --git a/distro/deb/knot.dirs b/distro/deb/knot.dirs
new file mode 100644
index 0000000..6e937aa
--- /dev/null
+++ b/distro/deb/knot.dirs
@@ -0,0 +1 @@
+var/lib/knot
diff --git a/distro/deb/knot.init b/distro/deb/knot.init
new file mode 100644
index 0000000..ec6e3f5
--- /dev/null
+++ b/distro/deb/knot.init
@@ -0,0 +1,168 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: knot
+# Required-Start: $network $local_fs $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: authoritative domain name server
+# Description: Knot DNS is a authoritative-only domain name server
+### END INIT INFO
+
+# Author: Ondřej Surý <ondrej@debian.org>
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Knot DNS server" # Introduce a short description here
+NAME=knotd # Introduce the short server's name here
+DAEMON=/usr/sbin/$NAME # Introduce the server's location here
+PIDFILE=/run/knot/knot.pid
+SCRIPTNAME=/etc/init.d/knot
+KNOTC=/usr/sbin/knotc
+
+# Exit if the package is not installed
+[ -x $DAEMON ] || exit 0
+
+KNOTD_ARGS="-c /etc/knot/knot.conf"
+
+# Read configuration variable file if it is present
+[ -r /etc/default/knot ] && . /etc/default/knot
+
+DAEMON_ARGS="-d $KNOTD_ARGS"
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+
+ $KNOTC status >/dev/null 2>/dev/null \
+ && return 1
+
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+
+ $KNOTC status >/dev/null 2>/dev/null \
+ || return 1
+
+ $KNOTC stop >/dev/null
+ RETVAL="$?"
+ [ $? = 1 ] && return 2
+
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return 0
+}
+
+do_reload() {
+ $KNOTC reload >/dev/null
+ return $?
+}
+
+do_tmpfiles() {
+ local type path mode user group age argument
+ if [ -r "$1" ]; then
+ if [ -x /bin/systemd-tmpfiles ]; then
+ /bin/systemd-tmpfiles --create "$1"
+ else
+ while read type path mode user group age argument; do
+ case "$type" in
+ d)
+ mkdir -p "$path";
+ chmod "$mode" "$path";
+ chown "$user:$group" "$path";
+ ;;
+ \#*)
+ ;;
+ *)
+ log_warning_msg "tmpfile.d type '$type' is not supported yet"
+ ;;
+ esac
+ done < "$1"
+ fi
+ else
+ log_warning_msg "tmpfiles.d file '$1' doesn't exist or is not readable"
+ fi
+}
+
+case "$1" in
+ start)
+ do_tmpfiles /usr/lib/tmpfiles.d/knot.conf
+ log_daemon_msg "Starting $DESC " "$NAME"
+ do_start
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ STATUS=$($KNOTC status 2>&1 >/dev/null)
+ RETVAL=$?
+ if [ $RETVAL = 0 ]; then
+ log_success_msg "$NAME is running"
+ else
+ log_failure_msg "$NAME is not running ($STATUS)"
+ fi
+ exit $RETVAL
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/distro/deb/knot.install b/distro/deb/knot.install
new file mode 100644
index 0000000..5e239a4
--- /dev/null
+++ b/distro/deb/knot.install
@@ -0,0 +1,19 @@
+debian/ufw/knot etc/ufw/applications.d/
+etc/knot/knot.conf
+usr/bin/knsec3hash
+usr/bin/kzonecheck
+usr/bin/kzonesign
+usr/sbin/kcatalogprint
+usr/sbin/keymgr
+usr/sbin/kjournalprint
+usr/sbin/knotc
+usr/sbin/knotd
+usr/share/man/man1/knsec3hash.1
+usr/share/man/man1/kzonecheck.1
+usr/share/man/man1/kzonesign.1
+usr/share/man/man5/knot.conf.5
+usr/share/man/man8/kcatalogprint.8
+usr/share/man/man8/keymgr.8
+usr/share/man/man8/kjournalprint.8
+usr/share/man/man8/knotc.8
+usr/share/man/man8/knotd.8
diff --git a/distro/deb/knot.maintscript b/distro/deb/knot.maintscript
new file mode 100644
index 0000000..42bc330
--- /dev/null
+++ b/distro/deb/knot.maintscript
@@ -0,0 +1 @@
+rm_conffile /etc/init/knot.conf 2.0.0-1~
diff --git a/distro/deb/knot.postinst b/distro/deb/knot.postinst
new file mode 100644
index 0000000..09a2982
--- /dev/null
+++ b/distro/deb/knot.postinst
@@ -0,0 +1,16 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = "configure" ]; then
+ if ! getent passwd knot > /dev/null; then
+ adduser --quiet --system --group --no-create-home --home /var/lib/knot knot
+ fi
+
+ dpkg-statoverride --list /var/lib/knot > /dev/null || dpkg-statoverride --update --add knot knot 0755 /var/lib/knot
+ dpkg-statoverride --list /etc/knot/knot.conf > /dev/null || dpkg-statoverride --update --add knot knot 0640 /etc/knot/knot.conf
+ dpkg-statoverride --list /etc/knot > /dev/null || dpkg-statoverride --update --add knot knot 0750 /etc/knot
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/distro/deb/knot.postrm b/distro/deb/knot.postrm
new file mode 100644
index 0000000..76dccba
--- /dev/null
+++ b/distro/deb/knot.postrm
@@ -0,0 +1,18 @@
+#!/bin/sh
+set -e
+
+if test "$1" = "purge"; then
+ spool=/var/lib/knot
+ rm -rf $spool/timers $spool/keys $spool/journal
+ rmdir $spool 2>/dev/null || true
+
+ dpkg-statoverride --remove /var/lib/knot >/dev/null 2>/dev/null || true
+ dpkg-statoverride --remove /etc/knot/knot.conf >/dev/null 2>/dev/null || true
+ dpkg-statoverride --remove /etc/knot >/dev/null 2>/dev/null || true
+
+ deluser --quiet knot > /dev/null || true
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/distro/deb/knot.service b/distro/deb/knot.service
new file mode 100644
index 0000000..750fadb
--- /dev/null
+++ b/distro/deb/knot.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=Knot DNS server
+Wants=network-online.target
+After=network-online.target
+Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8)
+
+[Service]
+Type=notify
+User=knot
+Group=knot
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP
+ExecStartPre=/usr/sbin/knotc conf-check
+ExecStart=/usr/sbin/knotd
+ExecReload=/usr/sbin/knotc reload
+Restart=on-abort
+LimitNOFILE=1048576
+
+[Install]
+WantedBy=multi-user.target
diff --git a/distro/deb/knot.tmpfile b/distro/deb/knot.tmpfile
new file mode 100644
index 0000000..edec729
--- /dev/null
+++ b/distro/deb/knot.tmpfile
@@ -0,0 +1,3 @@
+# tmpfiles.d(5) runtime directory for knot
+#Type Path Mode UID GID Age Argument
+ d /run/knot 0755 knot knot - -
diff --git a/distro/deb/libdnssec8.install b/distro/deb/libdnssec8.install
new file mode 100644
index 0000000..17a9fe6
--- /dev/null
+++ b/distro/deb/libdnssec8.install
@@ -0,0 +1 @@
+usr/lib/*/libdnssec.so.*
diff --git a/distro/deb/libdnssec8.symbols b/distro/deb/libdnssec8.symbols
new file mode 100644
index 0000000..5c243f0
--- /dev/null
+++ b/distro/deb/libdnssec8.symbols
@@ -0,0 +1,92 @@
+libdnssec.so.8 libdnssec8 #MINVER#
+ dnssec_algorithm_digest_support@Base 3.0.0
+ dnssec_algorithm_key_size_check@Base 3.0.0
+ dnssec_algorithm_key_size_default@Base 3.0.0
+ dnssec_algorithm_key_size_range@Base 3.0.0
+ dnssec_algorithm_key_support@Base 3.0.0
+ dnssec_algorithm_reproducible@Base 3.0.0
+ dnssec_binary_alloc@Base 3.0.0
+ dnssec_binary_cmp@Base 3.0.0
+ dnssec_binary_dup@Base 3.0.0
+ dnssec_binary_free@Base 3.0.0
+ dnssec_binary_from_base64@Base 3.0.0
+ dnssec_binary_resize@Base 3.0.0
+ dnssec_binary_to_base64@Base 3.0.0
+ dnssec_crypto_cleanup@Base 3.0.0
+ dnssec_crypto_init@Base 3.0.0
+ dnssec_crypto_reinit@Base 3.0.0
+ dnssec_key_can_sign@Base 3.0.0
+ dnssec_key_can_verify@Base 3.0.0
+ dnssec_key_clear@Base 3.0.0
+ dnssec_key_create_ds@Base 3.0.0
+ dnssec_key_dup@Base 3.0.0
+ dnssec_key_free@Base 3.0.0
+ dnssec_key_get_algorithm@Base 3.0.0
+ dnssec_key_get_dname@Base 3.0.0
+ dnssec_key_get_flags@Base 3.0.0
+ dnssec_key_get_keyid@Base 3.0.0
+ dnssec_key_get_keytag@Base 3.0.0
+ dnssec_key_get_protocol@Base 3.0.0
+ dnssec_key_get_pubkey@Base 3.0.0
+ dnssec_key_get_rdata@Base 3.0.0
+ dnssec_key_get_size@Base 3.0.0
+ dnssec_key_load_pkcs8@Base 3.0.0
+ dnssec_key_new@Base 3.0.0
+ dnssec_key_set_algorithm@Base 3.0.0
+ dnssec_key_set_dname@Base 3.0.0
+ dnssec_key_set_flags@Base 3.0.0
+ dnssec_key_set_protocol@Base 3.0.0
+ dnssec_key_set_pubkey@Base 3.0.0
+ dnssec_key_set_rdata@Base 3.0.0
+ dnssec_keyid_copy@Base 3.0.0
+ dnssec_keyid_equal@Base 3.0.0
+ dnssec_keyid_is_valid@Base 3.0.0
+ dnssec_keyid_normalize@Base 3.0.0
+ dnssec_keystore_close@Base 3.0.0
+ dnssec_keystore_deinit@Base 3.0.0
+ dnssec_keystore_generate@Base 3.0.0
+ dnssec_keystore_get_private@Base 3.0.0
+ dnssec_keystore_import@Base 3.0.0
+ dnssec_keystore_init@Base 3.0.0
+ dnssec_keystore_init_pkcs11@Base 3.0.0
+ dnssec_keystore_init_pkcs8@Base 3.0.0
+ dnssec_keystore_open@Base 3.0.0
+ dnssec_keystore_remove@Base 3.0.0
+ dnssec_keystore_set_private@Base 3.0.0
+ dnssec_keytag@Base 3.0.0
+ dnssec_nsec3_hash@Base 3.0.0
+ dnssec_nsec3_hash_length@Base 3.0.0
+ dnssec_nsec3_params_free@Base 3.0.0
+ dnssec_nsec3_params_from_rdata@Base 3.0.0
+ dnssec_nsec3_params_match@Base 3.0.0
+ dnssec_nsec_bitmap_add@Base 3.0.0
+ dnssec_nsec_bitmap_clear@Base 3.0.0
+ dnssec_nsec_bitmap_contains@Base 3.0.0
+ dnssec_nsec_bitmap_free@Base 3.0.0
+ dnssec_nsec_bitmap_new@Base 3.0.0
+ dnssec_nsec_bitmap_size@Base 3.0.0
+ dnssec_nsec_bitmap_write@Base 3.0.0
+ dnssec_pem_from_privkey@Base 3.0.0
+ dnssec_pem_from_x509@Base 3.0.0
+ dnssec_pem_to_privkey@Base 3.0.0
+ dnssec_pem_to_x509@Base 3.0.0
+ dnssec_random_binary@Base 3.0.0
+ dnssec_random_buffer@Base 3.0.0
+ dnssec_sign_add@Base 3.0.0
+ dnssec_sign_free@Base 3.0.0
+ dnssec_sign_init@Base 3.0.0
+ dnssec_sign_new@Base 3.0.0
+ dnssec_sign_verify@Base 3.0.0
+ dnssec_sign_write@Base 3.0.0
+ dnssec_strerror@Base 3.0.0
+ dnssec_tsig_add@Base 3.0.0
+ dnssec_tsig_algorithm_from_dname@Base 3.0.0
+ dnssec_tsig_algorithm_from_name@Base 3.0.0
+ dnssec_tsig_algorithm_size@Base 3.0.0
+ dnssec_tsig_algorithm_to_dname@Base 3.0.0
+ dnssec_tsig_algorithm_to_name@Base 3.0.0
+ dnssec_tsig_free@Base 3.0.0
+ dnssec_tsig_new@Base 3.0.0
+ dnssec_tsig_optimal_key_size@Base 3.0.0
+ dnssec_tsig_size@Base 3.0.0
+ dnssec_tsig_write@Base 3.0.0
diff --git a/distro/deb/libknot-dev.install b/distro/deb/libknot-dev.install
new file mode 100644
index 0000000..cb60d88
--- /dev/null
+++ b/distro/deb/libknot-dev.install
@@ -0,0 +1,3 @@
+usr/include/
+usr/lib/*/*.so
+usr/lib/*/pkgconfig/*
diff --git a/distro/deb/libknot11.install b/distro/deb/libknot11.install
new file mode 100644
index 0000000..f9b9f93
--- /dev/null
+++ b/distro/deb/libknot11.install
@@ -0,0 +1 @@
+usr/lib/*/libknot.so.*
diff --git a/distro/deb/libknot11.symbols b/distro/deb/libknot11.symbols
new file mode 100644
index 0000000..6df7711
--- /dev/null
+++ b/distro/deb/libknot11.symbols
@@ -0,0 +1,220 @@
+libknot.so.11 libknot11 #MINVER#
+ KNOT_DB_LMDB_DUPSORT@Base 3.0.0
+ KNOT_DB_LMDB_INTEGERKEY@Base 3.0.0
+ KNOT_DB_LMDB_MAPASYNC@Base 3.0.0
+ KNOT_DB_LMDB_NOSYNC@Base 3.0.0
+ KNOT_DB_LMDB_NOTLS@Base 3.0.0
+ KNOT_DB_LMDB_RDONLY@Base 3.0.0
+ KNOT_DB_LMDB_WRITEMAP@Base 3.0.0
+ KNOT_DUMP_STYLE_DEFAULT@Base 3.0.0
+ KNOT_XDP_PAYLOAD_OFFSET4@Base 3.0.0
+ KNOT_XDP_PAYLOAD_OFFSET6@Base 3.0.0
+ knot_ctl_accept@Base 3.0.0
+ knot_ctl_alloc@Base 3.0.0
+ knot_ctl_bind@Base 3.0.0
+ knot_ctl_close@Base 3.0.0
+ knot_ctl_connect@Base 3.0.0
+ knot_ctl_free@Base 3.0.0
+ knot_ctl_receive@Base 3.0.0
+ knot_ctl_send@Base 3.0.0
+ knot_ctl_set_timeout@Base 3.0.0
+ knot_ctl_unbind@Base 3.0.0
+ knot_db_lmdb_api@Base 3.0.0
+ knot_db_lmdb_del_exact@Base 3.0.0
+ knot_db_lmdb_get_mapsize@Base 3.0.0
+ knot_db_lmdb_get_path@Base 3.0.0
+ knot_db_lmdb_get_usage@Base 3.0.0
+ knot_db_lmdb_iter_del@Base 3.0.0
+ knot_db_lmdb_txn_begin@Base 3.0.0
+ knot_db_trie_api@Base 3.0.0
+ knot_dname_cmp@Base 3.0.0
+ knot_dname_copy@Base 3.0.0
+ knot_dname_free@Base 3.0.0
+ knot_dname_from_str@Base 3.0.0
+ knot_dname_in_bailiwick@Base 3.0.0
+ knot_dname_is_case_equal@Base 3.0.0
+ knot_dname_is_equal@Base 3.0.0
+ knot_dname_labels@Base 3.0.0
+ knot_dname_lf@Base 3.0.0
+ knot_dname_matched_labels@Base 3.0.0
+ knot_dname_prefixlen@Base 3.0.0
+ knot_dname_realsize@Base 3.0.0
+ knot_dname_replace_suffix@Base 3.0.0
+ knot_dname_size@Base 3.0.0
+ knot_dname_store@Base 3.0.0
+ knot_dname_to_lower@Base 3.0.0
+ knot_dname_to_str@Base 3.0.0
+ knot_dname_to_wire@Base 3.0.0
+ knot_dname_unpack@Base 3.0.0
+ knot_dname_wire_check@Base 3.0.0
+ knot_dnssec_alg_names@Base 3.0.0
+ knot_edns_add_option@Base 3.0.0
+ knot_edns_alignment_size@Base 3.0.0
+ knot_edns_chain_parse@Base 3.0.0
+ knot_edns_chain_size@Base 3.0.0
+ knot_edns_chain_write@Base 3.0.0
+ knot_edns_client_subnet_get_addr@Base 3.0.0
+ knot_edns_client_subnet_parse@Base 3.0.0
+ knot_edns_client_subnet_set_addr@Base 3.0.0
+ knot_edns_client_subnet_size@Base 3.0.0
+ knot_edns_client_subnet_write@Base 3.0.0
+ knot_edns_cookie_client_check@Base 3.0.0
+ knot_edns_cookie_client_generate@Base 3.0.0
+ knot_edns_cookie_parse@Base 3.0.0
+ knot_edns_cookie_server_check@Base 3.0.0
+ knot_edns_cookie_server_generate@Base 3.0.0
+ knot_edns_cookie_size@Base 3.0.0
+ knot_edns_cookie_write@Base 3.0.0
+ knot_edns_ede_strerr@Base 3.0.2
+ knot_edns_get_ext_rcode@Base 3.0.0
+ knot_edns_get_option@Base 3.0.0
+ knot_edns_get_options@Base 3.0.0
+ knot_edns_get_version@Base 3.0.0
+ knot_edns_init@Base 3.0.0
+ knot_edns_keepalive_parse@Base 3.0.0
+ knot_edns_keepalive_size@Base 3.0.0
+ knot_edns_keepalive_write@Base 3.0.0
+ knot_edns_reserve_option@Base 3.0.0
+ knot_edns_set_ext_rcode@Base 3.0.0
+ knot_edns_set_version@Base 3.0.0
+ knot_error_from_libdnssec@Base 3.0.0
+ knot_eth_name_from_addr@Base 3.0.0
+ knot_eth_queues@Base 3.0.0
+ knot_eth_xdp_mode@Base 3.0.2
+ knot_get_obsolete_rdata_descriptor@Base 3.0.0
+ knot_get_rdata_descriptor@Base 3.0.0
+ knot_naptr_header_size@Base 3.0.0
+ knot_opcode_names@Base 3.0.0
+ knot_opt_code_to_string@Base 3.0.0
+ knot_pkt_begin@Base 3.0.0
+ knot_pkt_clear@Base 3.0.0
+ knot_pkt_copy@Base 3.0.0
+ knot_pkt_ext_rcode@Base 3.0.0
+ knot_pkt_ext_rcode_name@Base 3.0.0
+ knot_pkt_free@Base 3.0.0
+ knot_pkt_init_response@Base 3.0.0
+ knot_pkt_new@Base 3.0.0
+ knot_pkt_parse@Base 3.0.0
+ knot_pkt_parse_question@Base 3.0.0
+ knot_pkt_put_question@Base 3.0.0
+ knot_pkt_put_rotate@Base 3.0.0
+ knot_pkt_reclaim@Base 3.0.0
+ knot_pkt_reserve@Base 3.0.0
+ knot_rcode_names@Base 3.0.0
+ knot_rdataset_add@Base 3.0.0
+ knot_rdataset_at@Base 3.0.0
+ knot_rdataset_clear@Base 3.0.0
+ knot_rdataset_copy@Base 3.0.0
+ knot_rdataset_eq@Base 3.0.0
+ knot_rdataset_intersect@Base 3.0.0
+ knot_rdataset_member@Base 3.0.0
+ knot_rdataset_merge@Base 3.0.0
+ knot_rdataset_subtract@Base 3.0.0
+ knot_rrclass_from_string@Base 3.0.0
+ knot_rrclass_to_string@Base 3.0.0
+ knot_rrset_add_rdata@Base 3.0.0
+ knot_rrset_clear@Base 3.0.0
+ knot_rrset_copy@Base 3.0.0
+ knot_rrset_equal@Base 3.0.0
+ knot_rrset_free@Base 3.0.0
+ knot_rrset_is_nsec3rel@Base 3.0.0
+ knot_rrset_new@Base 3.0.0
+ knot_rrset_rr_from_wire@Base 3.0.0
+ knot_rrset_rr_to_canonical@Base 3.0.0
+ knot_rrset_size@Base 3.0.0
+ knot_rrset_to_wire_extra@Base 3.0.0
+ knot_rrset_txt_dump@Base 3.0.0
+ knot_rrset_txt_dump_data@Base 3.0.0
+ knot_rrset_txt_dump_header@Base 3.0.0
+ knot_rrtype_additional_needed@Base 3.0.0
+ knot_rrtype_from_string@Base 3.0.0
+ knot_rrtype_is_dnssec@Base 3.0.0
+ knot_rrtype_is_metatype@Base 3.0.0
+ knot_rrtype_should_be_lowercased@Base 3.0.0
+ knot_rrtype_to_string@Base 3.0.0
+ knot_strerror@Base 3.0.0
+ knot_tsig_add@Base 3.0.0
+ knot_tsig_append@Base 3.0.0
+ knot_tsig_client_check@Base 3.0.0
+ knot_tsig_client_check_next@Base 3.0.0
+ knot_tsig_create_rdata@Base 3.0.0
+ knot_tsig_key_copy@Base 3.0.0
+ knot_tsig_key_deinit@Base 3.0.0
+ knot_tsig_key_init@Base 3.0.0
+ knot_tsig_key_init_file@Base 3.0.0
+ knot_tsig_key_init_str@Base 3.0.0
+ knot_tsig_rcode_names@Base 3.0.0
+ knot_tsig_rdata_alg@Base 3.0.0
+ knot_tsig_rdata_alg_name@Base 3.0.0
+ knot_tsig_rdata_error@Base 3.0.0
+ knot_tsig_rdata_fudge@Base 3.0.0
+ knot_tsig_rdata_is_ok@Base 3.0.0
+ knot_tsig_rdata_mac@Base 3.0.0
+ knot_tsig_rdata_mac_length@Base 3.0.0
+ knot_tsig_rdata_orig_id@Base 3.0.0
+ knot_tsig_rdata_other_data@Base 3.0.0
+ knot_tsig_rdata_other_data_length@Base 3.0.0
+ knot_tsig_rdata_set_fudge@Base 3.0.0
+ knot_tsig_rdata_set_mac@Base 3.0.0
+ knot_tsig_rdata_set_orig_id@Base 3.0.0
+ knot_tsig_rdata_set_other_data@Base 3.0.0
+ knot_tsig_rdata_set_time_signed@Base 3.0.0
+ knot_tsig_rdata_time_signed@Base 3.0.0
+ knot_tsig_rdata_tsig_timers_length@Base 3.0.0
+ knot_tsig_rdata_tsig_variables_length@Base 3.0.0
+ knot_tsig_server_check@Base 3.0.0
+ knot_tsig_sign@Base 3.0.0
+ knot_tsig_sign_next@Base 3.0.0
+ knot_tsig_wire_maxsize@Base 3.0.0
+ knot_tsig_wire_size@Base 3.0.0
+ knot_xdp_deinit@Base 3.0.0
+ knot_xdp_info@Base 3.0.0
+ knot_xdp_init@Base 3.0.0
+ knot_xdp_recv@Base 3.0.0
+ knot_xdp_recv_finish@Base 3.0.0
+ knot_xdp_send@Base 3.0.0
+ knot_xdp_send_alloc@Base 3.0.0
+ knot_xdp_send_finish@Base 3.0.0
+ knot_xdp_send_prepare@Base 3.0.0
+ knot_xdp_socket_fd@Base 3.0.0
+ yp_addr@Base 3.0.0
+ yp_addr_noport@Base 3.0.0
+ yp_addr_noport_to_bin@Base 3.0.0
+ yp_addr_noport_to_txt@Base 3.0.0
+ yp_addr_range_to_bin@Base 3.0.0
+ yp_addr_range_to_txt@Base 3.0.0
+ yp_addr_to_bin@Base 3.0.0
+ yp_addr_to_txt@Base 3.0.0
+ yp_base64_to_bin@Base 3.0.0
+ yp_base64_to_txt@Base 3.0.0
+ yp_bool_to_bin@Base 3.0.0
+ yp_bool_to_txt@Base 3.0.0
+ yp_deinit@Base 3.0.0
+ yp_dname_to_bin@Base 3.0.0
+ yp_dname_to_txt@Base 3.0.0
+ yp_format_id@Base 3.0.0
+ yp_format_key0@Base 3.0.0
+ yp_format_key1@Base 3.0.0
+ yp_hex_to_bin@Base 3.0.0
+ yp_hex_to_txt@Base 3.0.0
+ yp_init@Base 3.0.0
+ yp_int_to_bin@Base 3.0.0
+ yp_int_to_txt@Base 3.0.0
+ yp_item_to_bin@Base 3.0.0
+ yp_item_to_txt@Base 3.0.0
+ yp_option_to_bin@Base 3.0.0
+ yp_option_to_txt@Base 3.0.0
+ yp_parse@Base 3.0.0
+ yp_schema_check_deinit@Base 3.0.0
+ yp_schema_check_init@Base 3.0.0
+ yp_schema_check_parser@Base 3.0.0
+ yp_schema_check_str@Base 3.0.0
+ yp_schema_copy@Base 3.0.0
+ yp_schema_find@Base 3.0.0
+ yp_schema_free@Base 3.0.0
+ yp_schema_merge@Base 3.0.0
+ yp_schema_purge_dynamic@Base 3.0.0
+ yp_set_input_file@Base 3.0.0
+ yp_set_input_string@Base 3.0.0
+ yp_str_to_bin@Base 3.0.0
+ yp_str_to_txt@Base 3.0.0
diff --git a/distro/deb/libzscanner3.install b/distro/deb/libzscanner3.install
new file mode 100644
index 0000000..a8dc226
--- /dev/null
+++ b/distro/deb/libzscanner3.install
@@ -0,0 +1 @@
+usr/lib/*/libzscanner.so.*
diff --git a/distro/deb/libzscanner3.symbols b/distro/deb/libzscanner3.symbols
new file mode 100644
index 0000000..59def6b
--- /dev/null
+++ b/distro/deb/libzscanner3.symbols
@@ -0,0 +1,11 @@
+libzscanner.so.3 libzscanner3 #MINVER#
+ zs_deinit@Base 2.3.0
+ zs_errorname@Base 2.3.0
+ zs_init@Base 2.3.0
+ zs_parse_all@Base 2.3.0
+ zs_parse_record@Base 2.3.0
+ zs_set_input_file@Base 2.3.0
+ zs_set_input_string@Base 2.3.0
+ zs_set_processing@Base 2.3.0
+ zs_set_processing_comment@Base 2.8.0
+ zs_strerror@Base 2.3.0
diff --git a/distro/deb/not-installed b/distro/deb/not-installed
new file mode 100644
index 0000000..c928be1
--- /dev/null
+++ b/distro/deb/not-installed
@@ -0,0 +1 @@
+etc/knot/example.com.zone
diff --git a/distro/deb/prepare-environment b/distro/deb/prepare-environment
new file mode 100755
index 0000000..7176f5e
--- /dev/null
+++ b/distro/deb/prepare-environment
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -eu
+
+CONFFILE=${1:-/etc/knot/knot.conf}
+
+if [ ! -r $CONFFILE ]; then
+ echo "$CONFFILE doesn't exist or has wrong permissions."
+ exit 1;
+fi
+
+KNOT_RUNDIR=$(sed -ne "s/#.*$//;s/.*rundir: \"*\([^\";]*\\).*/\\1/p;" $CONFFILE)
+[ -z "$KNOT_RUNDIR" ] && KNOT_RUNDIR=/run/knot
+
+mkdir --parents "$KNOT_RUNDIR";
+
+KNOT_USER=$(sed -ne "s/#.*$//;s/.*user:[ \"]*\\([^\\:\"]*\\)[ \"]*/\\1/p;" $CONFFILE)
+
+if [ -n "$KNOT_USER" ]; then
+ if ! getent passwd $KNOT_USER >/dev/null; then
+ echo "Configured user '$KNOT_USER' doesn't exist."
+ exit 1
+ fi
+
+ KNOT_GROUP=$(sed -ne "s/#.*$//;s/.*user:[ \"]*[^\\:\"]*\\:\\([^\"]*\\)[ \"]*/\\1/p;" $CONFFILE)
+ if [ -z "$KNOT_GROUP" ]; then
+ KNOT_GROUP=$(getent group $(getent passwd "$KNOT_USER" | cut -f 4 -d :) | cut -f 1 -d :)
+ fi
+
+ if ! getent group $KNOT_GROUP >/dev/null; then
+ echo "Configured group '$KNOT_GROUP' doesn't exist."
+ exit 1
+ fi
+ chown --silent "$KNOT_USER:$KNOT_GROUP" "$KNOT_RUNDIR"
+ chmod 775 "$KNOT_RUNDIR"
+fi
+
+:
diff --git a/distro/deb/rules b/distro/deb/rules
new file mode 100755
index 0000000..6df6571
--- /dev/null
+++ b/distro/deb/rules
@@ -0,0 +1,95 @@
+#!/usr/bin/make -f
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -Wall -DNDEBUG
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+export DPKG_GENSYMBOLS_CHECK_LEVEL := 4
+export KNOT_SOFTHSM2_DSO = /usr/lib/softhsm/libsofthsm2.so
+
+include /usr/share/dpkg/default.mk
+
+ifeq (maint,$(filter $(DEB_BUILD_OPTIONS),maint))
+ FASTPARSER := --disable-fastparser
+else
+ FASTPARSER := --enable-fastparser
+endif
+
+ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),hurd-i386))
+ RECVMMSG:=--enable-recvmmsg=no
+else
+ RECVMMSG:=--enable-recvmmsg=yes
+endif
+
+ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),amd64 i386))
+ RUN_TEST :=
+else
+ RUN_TEST := -timeout --kill-after=5s 5m
+endif
+
+LIBKNOT_SYMBOLS := $(wildcard $(CURDIR)/debian/libknot*.symbols)
+
+PYBUILD = pybuild --dir python --dest-dir debian/python3-libknot
+
+%:
+ dh $@ \
+ --exclude=.la --exclude=example.com.zone \
+ --with python3
+
+override_dh_auto_configure:
+ dh_auto_configure -- \
+ --sysconfdir=/etc \
+ --localstatedir=/var/lib \
+ --libexecdir=/usr/lib/knot \
+ --with-rundir=/run/knot \
+ --with-moduledir=/usr/lib/$(DEB_HOST_MULTIARCH)/knot \
+ --with-storage=/var/lib/knot \
+ --enable-systemd=auto \
+ --enable-dnstap \
+ --with-module-dnstap=yes \
+ $(RECVMMSG) \
+ $(FASTPARSER) \
+ --disable-silent-rules \
+ --enable-xdp=yes \
+ --disable-static
+
+override_dh_auto_configure-indep:
+ $(PYBUILD) --configure
+
+override_dh_auto_build-indep:
+ dh_auto_build -- html
+ $(PYBUILD) --build
+
+override_dh_auto_install-arch:
+ dh_auto_install -- install
+ # rename knot.sample.conf to knot.conf
+ mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf
+ # Some workarounds for Debian Stretch and Ubuntu Xenial
+ @if [ -f "$(CURDIR)/debian/tmp/usr/sbin/kxdpgun" ]; then \
+ echo "Embedded XDP enabled"; \
+ elif [ -f "$(LIBKNOT_SYMBOLS)" ]; then \
+ echo "No XDP"; \
+ touch $(CURDIR)/debian/tmp/usr/share/man/man8/kxdpgun.8; \
+ printf '#!/bin/sh\n\necho "kxdpgun not available"\n' > $(CURDIR)/debian/tmp/usr/sbin/kxdpgun; \
+ sed -i -E '/knot_xdp_|knot_eth_|KNOT_XDP_/d' $(LIBKNOT_SYMBOLS); \
+ else \
+ echo "No XDP, no libknot symbols"; \
+ touch $(CURDIR)/debian/tmp/usr/share/man/man8/kxdpgun.8; \
+ printf '#!/bin/sh\n\necho "kxdpgun not available"\n' > $(CURDIR)/debian/tmp/usr/sbin/kxdpgun; \
+ fi
+
+override_dh_auto_install-indep:
+ dh_auto_install -- install-html
+ # rename knot.sample.conf to knot.conf
+ mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf
+ $(PYBUILD) --install
+
+override_dh_auto_test-indep:
+override_dh_auto_test-arch:
+ $(RUN_TEST) dh_auto_test
+
+override_dh_missing:
+ dh_missing --fail-missing
+
+override_dh_installchangelogs:
+ dh_installchangelogs NEWS
diff --git a/distro/deb/source/format b/distro/deb/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/distro/deb/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/distro/deb/tests/control b/distro/deb/tests/control
new file mode 100644
index 0000000..559a8f7
--- /dev/null
+++ b/distro/deb/tests/control
@@ -0,0 +1,2 @@
+Tests: kdig
+Depends: knot-dnsutils, ca-certificates
diff --git a/distro/deb/tests/kdig b/distro/deb/tests/kdig
new file mode 100755
index 0000000..a2f388e
--- /dev/null
+++ b/distro/deb/tests/kdig
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+expected=93.184.216.34
+answer=$(kdig +short +tls-ca +tls-hostname=dns.cmrg.net @dns.cmrg.net example.org)
+
+if [ "$answer" != "$expected" ]; then
+ printf "expected: %s\ngot: %s\n" "$expected" "$answer" >&2
+ kdig +tls-ca +tls-hostname=dns.cmrg.net @dns.cmrg.net example.org
+fi
diff --git a/distro/deb/ufw/knot b/distro/deb/ufw/knot
new file mode 100644
index 0000000..ee36916
--- /dev/null
+++ b/distro/deb/ufw/knot
@@ -0,0 +1,4 @@
+[Knot]
+title=Internet Domain Name Server
+description=The Knot DNS implements an Internet domain name server.
+ports=53
diff --git a/distro/deb/watch b/distro/deb/watch
new file mode 100644
index 0000000..a763cd4
--- /dev/null
+++ b/distro/deb/watch
@@ -0,0 +1,4 @@
+version=3
+opts=uversionmangle=s/-((alpha|beta|rc)\d*)$/~$1/,pgpsigurlmangle=s/$/.asc/,dversionmangle=s/\+hotfix// \
+https://secure.nic.cz/files/knot-dns/ \
+(?:|.*/)knot(?:[_\-]v?|)(\d\S*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz)