diff options
Diffstat (limited to 'distro/deb')
36 files changed, 1182 insertions, 0 deletions
diff --git a/distro/deb/changelog b/distro/deb/changelog new file mode 100644 index 0000000..285b69e --- /dev/null +++ b/distro/deb/changelog @@ -0,0 +1,6 @@ +knot (__VERSION__-cznic.1) unstable; urgency=medium + + * move changelog to OBS + * see NEWS or https://knot-dns.cz + + -- Tomas Krizek <tomas.krizek@nic.cz> Tue, 21 Feb 2018 17:36:45 +0100 diff --git a/distro/deb/clean b/distro/deb/clean new file mode 100644 index 0000000..b2a9f3f --- /dev/null +++ b/distro/deb/clean @@ -0,0 +1,2 @@ +doc/modules +.pybuild/ diff --git a/distro/deb/compat b/distro/deb/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/distro/deb/compat @@ -0,0 +1 @@ +9 diff --git a/distro/deb/control b/distro/deb/control new file mode 100644 index 0000000..eef687e --- /dev/null +++ b/distro/deb/control @@ -0,0 +1,213 @@ +Source: knot +Section: net +Priority: optional +Maintainer: Knot DNS <knot-dns@labs.nic.cz> +Uploaders: + Tomas Krizek <tomas.krizek@nic.cz>, + Daniel Salzman <daniel.salzman@nic.cz>, +Build-Depends-Indep: + python3-setuptools, + python3-sphinx, +Build-Depends: + debhelper (>= 9), + dh-python, + libcap-ng-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], + libedit-dev, + libelf-dev, + libfstrm-dev, + libgnutls28-dev, + libidn2-0-dev, + liblmdb-dev, + libmaxminddb-dev [!powerpcspe !sh4 !x32], + libnghttp2-dev, + libprotobuf-c-dev, + libsofthsm2 <!nocheck>, + libsystemd-dev [linux-any] | libsystemd-daemon-dev [linux-any], + libsystemd-dev [linux-any] | libsystemd-journal-dev [linux-any], + liburcu-dev (>= 0.4), + pkg-config, + protobuf-c-compiler, + python3-all, +Standards-Version: 4.5.0 +Homepage: https://www.knot-dns.cz/ +Vcs-Browser: https://gitlab.nic.cz/knot/knot-dns +Vcs-Git: https://gitlab.nic.cz/knot/knot-dns.git +Rules-Requires-Root: no + +Package: knot +Architecture: any +Depends: + adduser, + libdnssec8 (= ${binary:Version}), + libknot11 (= ${binary:Version}), + libzscanner3 (= ${binary:Version}), + lsb-base (>= 3.0-6), + ${misc:Depends}, + ${shlibs:Depends}, +Pre-Depends: + ${misc:Pre-Depends}, +Suggests: + systemd, +Description: Authoritative domain name server + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + +Package: libknot11 +Architecture: any +Multi-Arch: same +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNS shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides a DNS shared library used by Knot DNS and + Knot Resolver. + +Package: libzscanner3 +Architecture: any +Multi-Arch: same +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNS zone-parsing shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides a fast zone parser shared library used by Knot + DNS and Knot Resolver. + +Package: libdnssec8 +Architecture: any +Multi-Arch: same +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Section: libs +Description: DNSSEC shared library from Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides common DNSSEC shared library used by Knot DNS + and Knot Resolver. + +Package: libknot-dev +Architecture: any +Multi-Arch: same +Depends: + libdnssec8 (= ${binary:Version}), + libgnutls28-dev, + libknot11 (= ${binary:Version}), + libzscanner3 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Section: libdevel +Description: Knot DNS shared library development files + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides development files for shared libraries from Knot DNS. + +Package: knot-dnsutils +Architecture: any +Depends: + libdnssec8 (= ${binary:Version}), + libknot11 (= ${binary:Version}), + libzscanner3 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: DNS clients provided with Knot DNS (kdig, knsupdate) + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package delivers various DNS client programs from Knot DNS. + . + - kdig - query a DNS server in various ways + - knsupdate - perform dynamic updates (See RFC2136) + - kxdpgun - send a DNS query stream over UDP to a DNS server + . + Those clients were designed to be almost 1:1 compatible with BIND dnsutils, + but they provide some enhancements, which are documented. + . + WARNING: knslookup is not provided as it is considered obsolete. + +Package: knot-host +Architecture: any +Depends: + libdnssec8 (= ${binary:Version}), + libknot11 (= ${binary:Version}), + libzscanner3 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: Version of 'host' bundled with Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides the 'host' program from Knot DNS. This program is + designed to be almost 1:1 compatible with BIND 9.x 'host' program. + +Package: knot-doc +Architecture: all +Multi-Arch: foreign +Depends: + libjs-jquery, + libjs-underscore, + ${misc:Depends}, +Section: doc +Description: Documentation for Knot DNS + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides various documents that are useful for + maintaining a working Knot DNS installation. + +Package: python3-libknot +Architecture: all +Depends: + ${misc:Depends}, + ${python3:Depends}, +Section: python +Description: Python bindings for libknot + Knot DNS is a fast, authoritative only, high performance, feature + full and open source name server. + . + Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ + registry and hence is well suited to run anything from the root + zone, the top-level domain, to many smaller standard domain names. + . + This package provides Python bindings for the libknot shared library. diff --git a/distro/deb/copyright b/distro/deb/copyright new file mode 100644 index 0000000..27f681f --- /dev/null +++ b/distro/deb/copyright @@ -0,0 +1,193 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Knot DNS +Upstream-Contact: knot-dns@labs.nic.cz +Source: https://secure.nic.cz/files/knot-dns/ + +Files: * +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: m4/* +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 1996-2001, 2003-2015 Free Software Foundation, Inc. +License: GPL-3+ + +Files: install-sh +Copyright: 1994 X Consortium +License: MIT + +Files: debian/* distro/deb/* +Copyright: 2011 Ondřej Surý <ondrej@debian.org> + 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: tests/tap/* +Copyright: 2000-2001, 2004, 2006-2012 Russ Allbery <rra@stanford.edu> + 2006, 2007, 2008, 2013 The Board of Trustees of the Leland Stanford Junior University +License: MIT + +Files: tests/tap/files.* +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/dnstap/* +Copyright: 2014, Farsight Security, Inc. <software@farsightsecurity.com> + 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/libbpf/* +Copyright: 2013-2015 Alexei Starovoitov <ast@kernel.org> + 2015 Wang Nan <wangnan0@huawei.com> + 2015 Huawei Inc. + 2017 Nicira, Inc. + 2019 Isovalent, Inc. + 2019 Netronome Systems, Inc. + 2003-2013 Thomas Graf <tgraf@suug.ch> + 2018-2019 Intel Corporation. + 2018-2019 Facebook +License: LGPL-2.1 + +Files: src/contrib/openbsd/siphash.* +Copyright: 2013 Andre Oppermann <andre@FreeBSD.org> +License: BSD-3-Clause + +Files: src/contrib/openbsd/strl* +Copyright: 1998 Todd C. Miller <Todd.Miller@courtesan.com> +License: 0BSD + +Files: src/contrib/qp-trie/* +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2018 Tony Finch <dot@dotat.at> +License: GPL-3+ + +Files: src/contrib/ucw/* +Copyright: 1997-2017 Martin Mares <mj@ucw.cz> + 2007 Pavel Charvat <pchar@ucw.cz> + 2012 Ondrej Filip <feela@network.cz> +License: LGPL-2.0 + +Files: src/contrib/ucw/heap.h +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +License: GPL-3+ + +Files: src/contrib/url-parser/* +Copyright: Igor Sysoev +Copyright: Nginx, Inc. +Copyright: Joyent, Inc. +License: MIT + +Files: src/contrib/vpool/* +Copyright: 2006, 2008 Alexey Vatchenko <av@bsdua.org> +License: 0BSD + +Files: tests-fuzz/main.c +Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + 2017 Tim Ruehsen +License: MIT + +License: GPL-3+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + . + On Debian systems, the full text of the GNU General Public License + version 3 can be found in the file `/usr/share/common-licenses/GPL-3'. + +License: LGPL-2.0 + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + . + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301, USA. + +License: LGPL-2.1 + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public License + along with this program; If not, see <http://www.gnu.org/licenses/>. + . + On Debian systems, the complete text of the GNU Lesser General Public + License version 2.1 can be found in `/usr/share/common-licenses/LGPL-2.1'. + +License: 0BSD + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +License: BSD-3-Clause + Redistribution and use in source and binary forms, with or without modification, + are permitted provided that the following conditions are met: + 1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + 3. Neither the name of the copyright holder nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + +License: MIT + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + . + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. diff --git a/distro/deb/docs b/distro/deb/docs new file mode 100644 index 0000000..b43bf86 --- /dev/null +++ b/distro/deb/docs @@ -0,0 +1 @@ +README.md diff --git a/distro/deb/knot-dnsutils.NEWS b/distro/deb/knot-dnsutils.NEWS new file mode 100644 index 0000000..20045dc --- /dev/null +++ b/distro/deb/knot-dnsutils.NEWS @@ -0,0 +1,6 @@ +knot (2.5.4-2) unstable; urgency=medium + + The compatibility links with dig and nsupdate has been dropped + in favour of coinstallability with dnsutils (from BIND9). + + -- Ondřej Surý <ondrej@debian.org> Mon, 18 Sep 2017 07:07:49 +0200 diff --git a/distro/deb/knot-dnsutils.install b/distro/deb/knot-dnsutils.install new file mode 100644 index 0000000..1076236 --- /dev/null +++ b/distro/deb/knot-dnsutils.install @@ -0,0 +1,6 @@ +usr/bin/kdig +usr/bin/knsupdate +usr/sbin/kxdpgun +usr/share/man/man1/kdig.1 +usr/share/man/man1/knsupdate.1 +usr/share/man/man8/kxdpgun.8 diff --git a/distro/deb/knot-doc.install b/distro/deb/knot-doc.install new file mode 100644 index 0000000..c2a345d --- /dev/null +++ b/distro/deb/knot-doc.install @@ -0,0 +1 @@ +usr/share/doc/knot/* /usr/share/doc/knot-doc/ diff --git a/distro/deb/knot-doc.links b/distro/deb/knot-doc.links new file mode 100644 index 0000000..3949022 --- /dev/null +++ b/distro/deb/knot-doc.links @@ -0,0 +1,2 @@ +usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-doc/_static/jquery.js +usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-doc/_static/underscore.js diff --git a/distro/deb/knot-host.NEWS b/distro/deb/knot-host.NEWS new file mode 100644 index 0000000..20045dc --- /dev/null +++ b/distro/deb/knot-host.NEWS @@ -0,0 +1,6 @@ +knot (2.5.4-2) unstable; urgency=medium + + The compatibility links with dig and nsupdate has been dropped + in favour of coinstallability with dnsutils (from BIND9). + + -- Ondřej Surý <ondrej@debian.org> Mon, 18 Sep 2017 07:07:49 +0200 diff --git a/distro/deb/knot-host.install b/distro/deb/knot-host.install new file mode 100644 index 0000000..fc5b4a3 --- /dev/null +++ b/distro/deb/knot-host.install @@ -0,0 +1,2 @@ +usr/bin/khost +usr/share/man/man1/khost.1 diff --git a/distro/deb/knot.NEWS b/distro/deb/knot.NEWS new file mode 100644 index 0000000..fa22ec4 --- /dev/null +++ b/distro/deb/knot.NEWS @@ -0,0 +1,12 @@ +knot (2.0.0-1) unstable; urgency=medium + + The configuration file format has changed with Knot DNS 2.0 release. + The knot1to2 conversion tools has been provided for your convenience + and the package will automatically save the existing configuration + file to /var/backups/knot/<TIMESTAMP> directory and convert the + configuration file into the new format. The Knot DNS team worked + hard to make this transition as smooth as possible, but you are + strongly advised to check the results if everything went as + expected. + + -- Ondřej Surý <ondrej@debian.org> Mon, 29 Jun 2015 10:36:08 +0200 diff --git a/distro/deb/knot.dirs b/distro/deb/knot.dirs new file mode 100644 index 0000000..6e937aa --- /dev/null +++ b/distro/deb/knot.dirs @@ -0,0 +1 @@ +var/lib/knot diff --git a/distro/deb/knot.init b/distro/deb/knot.init new file mode 100644 index 0000000..ec6e3f5 --- /dev/null +++ b/distro/deb/knot.init @@ -0,0 +1,168 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: knot +# Required-Start: $network $local_fs $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: authoritative domain name server +# Description: Knot DNS is a authoritative-only domain name server +### END INIT INFO + +# Author: Ondřej Surý <ondrej@debian.org> + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Knot DNS server" # Introduce a short description here +NAME=knotd # Introduce the short server's name here +DAEMON=/usr/sbin/$NAME # Introduce the server's location here +PIDFILE=/run/knot/knot.pid +SCRIPTNAME=/etc/init.d/knot +KNOTC=/usr/sbin/knotc + +# Exit if the package is not installed +[ -x $DAEMON ] || exit 0 + +KNOTD_ARGS="-c /etc/knot/knot.conf" + +# Read configuration variable file if it is present +[ -r /etc/default/knot ] && . /etc/default/knot + +DAEMON_ARGS="-d $KNOTD_ARGS" + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + $KNOTC status >/dev/null 2>/dev/null \ + && return 1 + + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + + $KNOTC status >/dev/null 2>/dev/null \ + || return 1 + + $KNOTC stop >/dev/null + RETVAL="$?" + [ $? = 1 ] && return 2 + + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return 0 +} + +do_reload() { + $KNOTC reload >/dev/null + return $? +} + +do_tmpfiles() { + local type path mode user group age argument + if [ -r "$1" ]; then + if [ -x /bin/systemd-tmpfiles ]; then + /bin/systemd-tmpfiles --create "$1" + else + while read type path mode user group age argument; do + case "$type" in + d) + mkdir -p "$path"; + chmod "$mode" "$path"; + chown "$user:$group" "$path"; + ;; + \#*) + ;; + *) + log_warning_msg "tmpfile.d type '$type' is not supported yet" + ;; + esac + done < "$1" + fi + else + log_warning_msg "tmpfiles.d file '$1' doesn't exist or is not readable" + fi +} + +case "$1" in + start) + do_tmpfiles /usr/lib/tmpfiles.d/knot.conf + log_daemon_msg "Starting $DESC " "$NAME" + do_start + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + status) + STATUS=$($KNOTC status 2>&1 >/dev/null) + RETVAL=$? + if [ $RETVAL = 0 ]; then + log_success_msg "$NAME is running" + else + log_failure_msg "$NAME is not running ($STATUS)" + fi + exit $RETVAL + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/distro/deb/knot.install b/distro/deb/knot.install new file mode 100644 index 0000000..5e239a4 --- /dev/null +++ b/distro/deb/knot.install @@ -0,0 +1,19 @@ +debian/ufw/knot etc/ufw/applications.d/ +etc/knot/knot.conf +usr/bin/knsec3hash +usr/bin/kzonecheck +usr/bin/kzonesign +usr/sbin/kcatalogprint +usr/sbin/keymgr +usr/sbin/kjournalprint +usr/sbin/knotc +usr/sbin/knotd +usr/share/man/man1/knsec3hash.1 +usr/share/man/man1/kzonecheck.1 +usr/share/man/man1/kzonesign.1 +usr/share/man/man5/knot.conf.5 +usr/share/man/man8/kcatalogprint.8 +usr/share/man/man8/keymgr.8 +usr/share/man/man8/kjournalprint.8 +usr/share/man/man8/knotc.8 +usr/share/man/man8/knotd.8 diff --git a/distro/deb/knot.maintscript b/distro/deb/knot.maintscript new file mode 100644 index 0000000..42bc330 --- /dev/null +++ b/distro/deb/knot.maintscript @@ -0,0 +1 @@ +rm_conffile /etc/init/knot.conf 2.0.0-1~ diff --git a/distro/deb/knot.postinst b/distro/deb/knot.postinst new file mode 100644 index 0000000..09a2982 --- /dev/null +++ b/distro/deb/knot.postinst @@ -0,0 +1,16 @@ +#!/bin/sh +set -e + +if [ "$1" = "configure" ]; then + if ! getent passwd knot > /dev/null; then + adduser --quiet --system --group --no-create-home --home /var/lib/knot knot + fi + + dpkg-statoverride --list /var/lib/knot > /dev/null || dpkg-statoverride --update --add knot knot 0755 /var/lib/knot + dpkg-statoverride --list /etc/knot/knot.conf > /dev/null || dpkg-statoverride --update --add knot knot 0640 /etc/knot/knot.conf + dpkg-statoverride --list /etc/knot > /dev/null || dpkg-statoverride --update --add knot knot 0750 /etc/knot +fi + +#DEBHELPER# + +exit 0 diff --git a/distro/deb/knot.postrm b/distro/deb/knot.postrm new file mode 100644 index 0000000..76dccba --- /dev/null +++ b/distro/deb/knot.postrm @@ -0,0 +1,18 @@ +#!/bin/sh +set -e + +if test "$1" = "purge"; then + spool=/var/lib/knot + rm -rf $spool/timers $spool/keys $spool/journal + rmdir $spool 2>/dev/null || true + + dpkg-statoverride --remove /var/lib/knot >/dev/null 2>/dev/null || true + dpkg-statoverride --remove /etc/knot/knot.conf >/dev/null 2>/dev/null || true + dpkg-statoverride --remove /etc/knot >/dev/null 2>/dev/null || true + + deluser --quiet knot > /dev/null || true +fi + +#DEBHELPER# + +exit 0 diff --git a/distro/deb/knot.service b/distro/deb/knot.service new file mode 100644 index 0000000..750fadb --- /dev/null +++ b/distro/deb/knot.service @@ -0,0 +1,20 @@ +[Unit] +Description=Knot DNS server +Wants=network-online.target +After=network-online.target +Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8) + +[Service] +Type=notify +User=knot +Group=knot +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP +ExecStartPre=/usr/sbin/knotc conf-check +ExecStart=/usr/sbin/knotd +ExecReload=/usr/sbin/knotc reload +Restart=on-abort +LimitNOFILE=1048576 + +[Install] +WantedBy=multi-user.target diff --git a/distro/deb/knot.tmpfile b/distro/deb/knot.tmpfile new file mode 100644 index 0000000..edec729 --- /dev/null +++ b/distro/deb/knot.tmpfile @@ -0,0 +1,3 @@ +# tmpfiles.d(5) runtime directory for knot +#Type Path Mode UID GID Age Argument + d /run/knot 0755 knot knot - - diff --git a/distro/deb/libdnssec8.install b/distro/deb/libdnssec8.install new file mode 100644 index 0000000..17a9fe6 --- /dev/null +++ b/distro/deb/libdnssec8.install @@ -0,0 +1 @@ +usr/lib/*/libdnssec.so.* diff --git a/distro/deb/libdnssec8.symbols b/distro/deb/libdnssec8.symbols new file mode 100644 index 0000000..5c243f0 --- /dev/null +++ b/distro/deb/libdnssec8.symbols @@ -0,0 +1,92 @@ +libdnssec.so.8 libdnssec8 #MINVER# + dnssec_algorithm_digest_support@Base 3.0.0 + dnssec_algorithm_key_size_check@Base 3.0.0 + dnssec_algorithm_key_size_default@Base 3.0.0 + dnssec_algorithm_key_size_range@Base 3.0.0 + dnssec_algorithm_key_support@Base 3.0.0 + dnssec_algorithm_reproducible@Base 3.0.0 + dnssec_binary_alloc@Base 3.0.0 + dnssec_binary_cmp@Base 3.0.0 + dnssec_binary_dup@Base 3.0.0 + dnssec_binary_free@Base 3.0.0 + dnssec_binary_from_base64@Base 3.0.0 + dnssec_binary_resize@Base 3.0.0 + dnssec_binary_to_base64@Base 3.0.0 + dnssec_crypto_cleanup@Base 3.0.0 + dnssec_crypto_init@Base 3.0.0 + dnssec_crypto_reinit@Base 3.0.0 + dnssec_key_can_sign@Base 3.0.0 + dnssec_key_can_verify@Base 3.0.0 + dnssec_key_clear@Base 3.0.0 + dnssec_key_create_ds@Base 3.0.0 + dnssec_key_dup@Base 3.0.0 + dnssec_key_free@Base 3.0.0 + dnssec_key_get_algorithm@Base 3.0.0 + dnssec_key_get_dname@Base 3.0.0 + dnssec_key_get_flags@Base 3.0.0 + dnssec_key_get_keyid@Base 3.0.0 + dnssec_key_get_keytag@Base 3.0.0 + dnssec_key_get_protocol@Base 3.0.0 + dnssec_key_get_pubkey@Base 3.0.0 + dnssec_key_get_rdata@Base 3.0.0 + dnssec_key_get_size@Base 3.0.0 + dnssec_key_load_pkcs8@Base 3.0.0 + dnssec_key_new@Base 3.0.0 + dnssec_key_set_algorithm@Base 3.0.0 + dnssec_key_set_dname@Base 3.0.0 + dnssec_key_set_flags@Base 3.0.0 + dnssec_key_set_protocol@Base 3.0.0 + dnssec_key_set_pubkey@Base 3.0.0 + dnssec_key_set_rdata@Base 3.0.0 + dnssec_keyid_copy@Base 3.0.0 + dnssec_keyid_equal@Base 3.0.0 + dnssec_keyid_is_valid@Base 3.0.0 + dnssec_keyid_normalize@Base 3.0.0 + dnssec_keystore_close@Base 3.0.0 + dnssec_keystore_deinit@Base 3.0.0 + dnssec_keystore_generate@Base 3.0.0 + dnssec_keystore_get_private@Base 3.0.0 + dnssec_keystore_import@Base 3.0.0 + dnssec_keystore_init@Base 3.0.0 + dnssec_keystore_init_pkcs11@Base 3.0.0 + dnssec_keystore_init_pkcs8@Base 3.0.0 + dnssec_keystore_open@Base 3.0.0 + dnssec_keystore_remove@Base 3.0.0 + dnssec_keystore_set_private@Base 3.0.0 + dnssec_keytag@Base 3.0.0 + dnssec_nsec3_hash@Base 3.0.0 + dnssec_nsec3_hash_length@Base 3.0.0 + dnssec_nsec3_params_free@Base 3.0.0 + dnssec_nsec3_params_from_rdata@Base 3.0.0 + dnssec_nsec3_params_match@Base 3.0.0 + dnssec_nsec_bitmap_add@Base 3.0.0 + dnssec_nsec_bitmap_clear@Base 3.0.0 + dnssec_nsec_bitmap_contains@Base 3.0.0 + dnssec_nsec_bitmap_free@Base 3.0.0 + dnssec_nsec_bitmap_new@Base 3.0.0 + dnssec_nsec_bitmap_size@Base 3.0.0 + dnssec_nsec_bitmap_write@Base 3.0.0 + dnssec_pem_from_privkey@Base 3.0.0 + dnssec_pem_from_x509@Base 3.0.0 + dnssec_pem_to_privkey@Base 3.0.0 + dnssec_pem_to_x509@Base 3.0.0 + dnssec_random_binary@Base 3.0.0 + dnssec_random_buffer@Base 3.0.0 + dnssec_sign_add@Base 3.0.0 + dnssec_sign_free@Base 3.0.0 + dnssec_sign_init@Base 3.0.0 + dnssec_sign_new@Base 3.0.0 + dnssec_sign_verify@Base 3.0.0 + dnssec_sign_write@Base 3.0.0 + dnssec_strerror@Base 3.0.0 + dnssec_tsig_add@Base 3.0.0 + dnssec_tsig_algorithm_from_dname@Base 3.0.0 + dnssec_tsig_algorithm_from_name@Base 3.0.0 + dnssec_tsig_algorithm_size@Base 3.0.0 + dnssec_tsig_algorithm_to_dname@Base 3.0.0 + dnssec_tsig_algorithm_to_name@Base 3.0.0 + dnssec_tsig_free@Base 3.0.0 + dnssec_tsig_new@Base 3.0.0 + dnssec_tsig_optimal_key_size@Base 3.0.0 + dnssec_tsig_size@Base 3.0.0 + dnssec_tsig_write@Base 3.0.0 diff --git a/distro/deb/libknot-dev.install b/distro/deb/libknot-dev.install new file mode 100644 index 0000000..cb60d88 --- /dev/null +++ b/distro/deb/libknot-dev.install @@ -0,0 +1,3 @@ +usr/include/ +usr/lib/*/*.so +usr/lib/*/pkgconfig/* diff --git a/distro/deb/libknot11.install b/distro/deb/libknot11.install new file mode 100644 index 0000000..f9b9f93 --- /dev/null +++ b/distro/deb/libknot11.install @@ -0,0 +1 @@ +usr/lib/*/libknot.so.* diff --git a/distro/deb/libknot11.symbols b/distro/deb/libknot11.symbols new file mode 100644 index 0000000..6df7711 --- /dev/null +++ b/distro/deb/libknot11.symbols @@ -0,0 +1,220 @@ +libknot.so.11 libknot11 #MINVER# + KNOT_DB_LMDB_DUPSORT@Base 3.0.0 + KNOT_DB_LMDB_INTEGERKEY@Base 3.0.0 + KNOT_DB_LMDB_MAPASYNC@Base 3.0.0 + KNOT_DB_LMDB_NOSYNC@Base 3.0.0 + KNOT_DB_LMDB_NOTLS@Base 3.0.0 + KNOT_DB_LMDB_RDONLY@Base 3.0.0 + KNOT_DB_LMDB_WRITEMAP@Base 3.0.0 + KNOT_DUMP_STYLE_DEFAULT@Base 3.0.0 + KNOT_XDP_PAYLOAD_OFFSET4@Base 3.0.0 + KNOT_XDP_PAYLOAD_OFFSET6@Base 3.0.0 + knot_ctl_accept@Base 3.0.0 + knot_ctl_alloc@Base 3.0.0 + knot_ctl_bind@Base 3.0.0 + knot_ctl_close@Base 3.0.0 + knot_ctl_connect@Base 3.0.0 + knot_ctl_free@Base 3.0.0 + knot_ctl_receive@Base 3.0.0 + knot_ctl_send@Base 3.0.0 + knot_ctl_set_timeout@Base 3.0.0 + knot_ctl_unbind@Base 3.0.0 + knot_db_lmdb_api@Base 3.0.0 + knot_db_lmdb_del_exact@Base 3.0.0 + knot_db_lmdb_get_mapsize@Base 3.0.0 + knot_db_lmdb_get_path@Base 3.0.0 + knot_db_lmdb_get_usage@Base 3.0.0 + knot_db_lmdb_iter_del@Base 3.0.0 + knot_db_lmdb_txn_begin@Base 3.0.0 + knot_db_trie_api@Base 3.0.0 + knot_dname_cmp@Base 3.0.0 + knot_dname_copy@Base 3.0.0 + knot_dname_free@Base 3.0.0 + knot_dname_from_str@Base 3.0.0 + knot_dname_in_bailiwick@Base 3.0.0 + knot_dname_is_case_equal@Base 3.0.0 + knot_dname_is_equal@Base 3.0.0 + knot_dname_labels@Base 3.0.0 + knot_dname_lf@Base 3.0.0 + knot_dname_matched_labels@Base 3.0.0 + knot_dname_prefixlen@Base 3.0.0 + knot_dname_realsize@Base 3.0.0 + knot_dname_replace_suffix@Base 3.0.0 + knot_dname_size@Base 3.0.0 + knot_dname_store@Base 3.0.0 + knot_dname_to_lower@Base 3.0.0 + knot_dname_to_str@Base 3.0.0 + knot_dname_to_wire@Base 3.0.0 + knot_dname_unpack@Base 3.0.0 + knot_dname_wire_check@Base 3.0.0 + knot_dnssec_alg_names@Base 3.0.0 + knot_edns_add_option@Base 3.0.0 + knot_edns_alignment_size@Base 3.0.0 + knot_edns_chain_parse@Base 3.0.0 + knot_edns_chain_size@Base 3.0.0 + knot_edns_chain_write@Base 3.0.0 + knot_edns_client_subnet_get_addr@Base 3.0.0 + knot_edns_client_subnet_parse@Base 3.0.0 + knot_edns_client_subnet_set_addr@Base 3.0.0 + knot_edns_client_subnet_size@Base 3.0.0 + knot_edns_client_subnet_write@Base 3.0.0 + knot_edns_cookie_client_check@Base 3.0.0 + knot_edns_cookie_client_generate@Base 3.0.0 + knot_edns_cookie_parse@Base 3.0.0 + knot_edns_cookie_server_check@Base 3.0.0 + knot_edns_cookie_server_generate@Base 3.0.0 + knot_edns_cookie_size@Base 3.0.0 + knot_edns_cookie_write@Base 3.0.0 + knot_edns_ede_strerr@Base 3.0.2 + knot_edns_get_ext_rcode@Base 3.0.0 + knot_edns_get_option@Base 3.0.0 + knot_edns_get_options@Base 3.0.0 + knot_edns_get_version@Base 3.0.0 + knot_edns_init@Base 3.0.0 + knot_edns_keepalive_parse@Base 3.0.0 + knot_edns_keepalive_size@Base 3.0.0 + knot_edns_keepalive_write@Base 3.0.0 + knot_edns_reserve_option@Base 3.0.0 + knot_edns_set_ext_rcode@Base 3.0.0 + knot_edns_set_version@Base 3.0.0 + knot_error_from_libdnssec@Base 3.0.0 + knot_eth_name_from_addr@Base 3.0.0 + knot_eth_queues@Base 3.0.0 + knot_eth_xdp_mode@Base 3.0.2 + knot_get_obsolete_rdata_descriptor@Base 3.0.0 + knot_get_rdata_descriptor@Base 3.0.0 + knot_naptr_header_size@Base 3.0.0 + knot_opcode_names@Base 3.0.0 + knot_opt_code_to_string@Base 3.0.0 + knot_pkt_begin@Base 3.0.0 + knot_pkt_clear@Base 3.0.0 + knot_pkt_copy@Base 3.0.0 + knot_pkt_ext_rcode@Base 3.0.0 + knot_pkt_ext_rcode_name@Base 3.0.0 + knot_pkt_free@Base 3.0.0 + knot_pkt_init_response@Base 3.0.0 + knot_pkt_new@Base 3.0.0 + knot_pkt_parse@Base 3.0.0 + knot_pkt_parse_question@Base 3.0.0 + knot_pkt_put_question@Base 3.0.0 + knot_pkt_put_rotate@Base 3.0.0 + knot_pkt_reclaim@Base 3.0.0 + knot_pkt_reserve@Base 3.0.0 + knot_rcode_names@Base 3.0.0 + knot_rdataset_add@Base 3.0.0 + knot_rdataset_at@Base 3.0.0 + knot_rdataset_clear@Base 3.0.0 + knot_rdataset_copy@Base 3.0.0 + knot_rdataset_eq@Base 3.0.0 + knot_rdataset_intersect@Base 3.0.0 + knot_rdataset_member@Base 3.0.0 + knot_rdataset_merge@Base 3.0.0 + knot_rdataset_subtract@Base 3.0.0 + knot_rrclass_from_string@Base 3.0.0 + knot_rrclass_to_string@Base 3.0.0 + knot_rrset_add_rdata@Base 3.0.0 + knot_rrset_clear@Base 3.0.0 + knot_rrset_copy@Base 3.0.0 + knot_rrset_equal@Base 3.0.0 + knot_rrset_free@Base 3.0.0 + knot_rrset_is_nsec3rel@Base 3.0.0 + knot_rrset_new@Base 3.0.0 + knot_rrset_rr_from_wire@Base 3.0.0 + knot_rrset_rr_to_canonical@Base 3.0.0 + knot_rrset_size@Base 3.0.0 + knot_rrset_to_wire_extra@Base 3.0.0 + knot_rrset_txt_dump@Base 3.0.0 + knot_rrset_txt_dump_data@Base 3.0.0 + knot_rrset_txt_dump_header@Base 3.0.0 + knot_rrtype_additional_needed@Base 3.0.0 + knot_rrtype_from_string@Base 3.0.0 + knot_rrtype_is_dnssec@Base 3.0.0 + knot_rrtype_is_metatype@Base 3.0.0 + knot_rrtype_should_be_lowercased@Base 3.0.0 + knot_rrtype_to_string@Base 3.0.0 + knot_strerror@Base 3.0.0 + knot_tsig_add@Base 3.0.0 + knot_tsig_append@Base 3.0.0 + knot_tsig_client_check@Base 3.0.0 + knot_tsig_client_check_next@Base 3.0.0 + knot_tsig_create_rdata@Base 3.0.0 + knot_tsig_key_copy@Base 3.0.0 + knot_tsig_key_deinit@Base 3.0.0 + knot_tsig_key_init@Base 3.0.0 + knot_tsig_key_init_file@Base 3.0.0 + knot_tsig_key_init_str@Base 3.0.0 + knot_tsig_rcode_names@Base 3.0.0 + knot_tsig_rdata_alg@Base 3.0.0 + knot_tsig_rdata_alg_name@Base 3.0.0 + knot_tsig_rdata_error@Base 3.0.0 + knot_tsig_rdata_fudge@Base 3.0.0 + knot_tsig_rdata_is_ok@Base 3.0.0 + knot_tsig_rdata_mac@Base 3.0.0 + knot_tsig_rdata_mac_length@Base 3.0.0 + knot_tsig_rdata_orig_id@Base 3.0.0 + knot_tsig_rdata_other_data@Base 3.0.0 + knot_tsig_rdata_other_data_length@Base 3.0.0 + knot_tsig_rdata_set_fudge@Base 3.0.0 + knot_tsig_rdata_set_mac@Base 3.0.0 + knot_tsig_rdata_set_orig_id@Base 3.0.0 + knot_tsig_rdata_set_other_data@Base 3.0.0 + knot_tsig_rdata_set_time_signed@Base 3.0.0 + knot_tsig_rdata_time_signed@Base 3.0.0 + knot_tsig_rdata_tsig_timers_length@Base 3.0.0 + knot_tsig_rdata_tsig_variables_length@Base 3.0.0 + knot_tsig_server_check@Base 3.0.0 + knot_tsig_sign@Base 3.0.0 + knot_tsig_sign_next@Base 3.0.0 + knot_tsig_wire_maxsize@Base 3.0.0 + knot_tsig_wire_size@Base 3.0.0 + knot_xdp_deinit@Base 3.0.0 + knot_xdp_info@Base 3.0.0 + knot_xdp_init@Base 3.0.0 + knot_xdp_recv@Base 3.0.0 + knot_xdp_recv_finish@Base 3.0.0 + knot_xdp_send@Base 3.0.0 + knot_xdp_send_alloc@Base 3.0.0 + knot_xdp_send_finish@Base 3.0.0 + knot_xdp_send_prepare@Base 3.0.0 + knot_xdp_socket_fd@Base 3.0.0 + yp_addr@Base 3.0.0 + yp_addr_noport@Base 3.0.0 + yp_addr_noport_to_bin@Base 3.0.0 + yp_addr_noport_to_txt@Base 3.0.0 + yp_addr_range_to_bin@Base 3.0.0 + yp_addr_range_to_txt@Base 3.0.0 + yp_addr_to_bin@Base 3.0.0 + yp_addr_to_txt@Base 3.0.0 + yp_base64_to_bin@Base 3.0.0 + yp_base64_to_txt@Base 3.0.0 + yp_bool_to_bin@Base 3.0.0 + yp_bool_to_txt@Base 3.0.0 + yp_deinit@Base 3.0.0 + yp_dname_to_bin@Base 3.0.0 + yp_dname_to_txt@Base 3.0.0 + yp_format_id@Base 3.0.0 + yp_format_key0@Base 3.0.0 + yp_format_key1@Base 3.0.0 + yp_hex_to_bin@Base 3.0.0 + yp_hex_to_txt@Base 3.0.0 + yp_init@Base 3.0.0 + yp_int_to_bin@Base 3.0.0 + yp_int_to_txt@Base 3.0.0 + yp_item_to_bin@Base 3.0.0 + yp_item_to_txt@Base 3.0.0 + yp_option_to_bin@Base 3.0.0 + yp_option_to_txt@Base 3.0.0 + yp_parse@Base 3.0.0 + yp_schema_check_deinit@Base 3.0.0 + yp_schema_check_init@Base 3.0.0 + yp_schema_check_parser@Base 3.0.0 + yp_schema_check_str@Base 3.0.0 + yp_schema_copy@Base 3.0.0 + yp_schema_find@Base 3.0.0 + yp_schema_free@Base 3.0.0 + yp_schema_merge@Base 3.0.0 + yp_schema_purge_dynamic@Base 3.0.0 + yp_set_input_file@Base 3.0.0 + yp_set_input_string@Base 3.0.0 + yp_str_to_bin@Base 3.0.0 + yp_str_to_txt@Base 3.0.0 diff --git a/distro/deb/libzscanner3.install b/distro/deb/libzscanner3.install new file mode 100644 index 0000000..a8dc226 --- /dev/null +++ b/distro/deb/libzscanner3.install @@ -0,0 +1 @@ +usr/lib/*/libzscanner.so.* diff --git a/distro/deb/libzscanner3.symbols b/distro/deb/libzscanner3.symbols new file mode 100644 index 0000000..59def6b --- /dev/null +++ b/distro/deb/libzscanner3.symbols @@ -0,0 +1,11 @@ +libzscanner.so.3 libzscanner3 #MINVER# + zs_deinit@Base 2.3.0 + zs_errorname@Base 2.3.0 + zs_init@Base 2.3.0 + zs_parse_all@Base 2.3.0 + zs_parse_record@Base 2.3.0 + zs_set_input_file@Base 2.3.0 + zs_set_input_string@Base 2.3.0 + zs_set_processing@Base 2.3.0 + zs_set_processing_comment@Base 2.8.0 + zs_strerror@Base 2.3.0 diff --git a/distro/deb/not-installed b/distro/deb/not-installed new file mode 100644 index 0000000..c928be1 --- /dev/null +++ b/distro/deb/not-installed @@ -0,0 +1 @@ +etc/knot/example.com.zone diff --git a/distro/deb/prepare-environment b/distro/deb/prepare-environment new file mode 100755 index 0000000..7176f5e --- /dev/null +++ b/distro/deb/prepare-environment @@ -0,0 +1,38 @@ +#!/bin/sh + +set -eu + +CONFFILE=${1:-/etc/knot/knot.conf} + +if [ ! -r $CONFFILE ]; then + echo "$CONFFILE doesn't exist or has wrong permissions." + exit 1; +fi + +KNOT_RUNDIR=$(sed -ne "s/#.*$//;s/.*rundir: \"*\([^\";]*\\).*/\\1/p;" $CONFFILE) +[ -z "$KNOT_RUNDIR" ] && KNOT_RUNDIR=/run/knot + +mkdir --parents "$KNOT_RUNDIR"; + +KNOT_USER=$(sed -ne "s/#.*$//;s/.*user:[ \"]*\\([^\\:\"]*\\)[ \"]*/\\1/p;" $CONFFILE) + +if [ -n "$KNOT_USER" ]; then + if ! getent passwd $KNOT_USER >/dev/null; then + echo "Configured user '$KNOT_USER' doesn't exist." + exit 1 + fi + + KNOT_GROUP=$(sed -ne "s/#.*$//;s/.*user:[ \"]*[^\\:\"]*\\:\\([^\"]*\\)[ \"]*/\\1/p;" $CONFFILE) + if [ -z "$KNOT_GROUP" ]; then + KNOT_GROUP=$(getent group $(getent passwd "$KNOT_USER" | cut -f 4 -d :) | cut -f 1 -d :) + fi + + if ! getent group $KNOT_GROUP >/dev/null; then + echo "Configured group '$KNOT_GROUP' doesn't exist." + exit 1 + fi + chown --silent "$KNOT_USER:$KNOT_GROUP" "$KNOT_RUNDIR" + chmod 775 "$KNOT_RUNDIR" +fi + +: diff --git a/distro/deb/rules b/distro/deb/rules new file mode 100755 index 0000000..6df6571 --- /dev/null +++ b/distro/deb/rules @@ -0,0 +1,95 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export DEB_CFLAGS_MAINT_APPEND = -Wall -DNDEBUG +export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed + +export DPKG_GENSYMBOLS_CHECK_LEVEL := 4 +export KNOT_SOFTHSM2_DSO = /usr/lib/softhsm/libsofthsm2.so + +include /usr/share/dpkg/default.mk + +ifeq (maint,$(filter $(DEB_BUILD_OPTIONS),maint)) + FASTPARSER := --disable-fastparser +else + FASTPARSER := --enable-fastparser +endif + +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),hurd-i386)) + RECVMMSG:=--enable-recvmmsg=no +else + RECVMMSG:=--enable-recvmmsg=yes +endif + +ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),amd64 i386)) + RUN_TEST := +else + RUN_TEST := -timeout --kill-after=5s 5m +endif + +LIBKNOT_SYMBOLS := $(wildcard $(CURDIR)/debian/libknot*.symbols) + +PYBUILD = pybuild --dir python --dest-dir debian/python3-libknot + +%: + dh $@ \ + --exclude=.la --exclude=example.com.zone \ + --with python3 + +override_dh_auto_configure: + dh_auto_configure -- \ + --sysconfdir=/etc \ + --localstatedir=/var/lib \ + --libexecdir=/usr/lib/knot \ + --with-rundir=/run/knot \ + --with-moduledir=/usr/lib/$(DEB_HOST_MULTIARCH)/knot \ + --with-storage=/var/lib/knot \ + --enable-systemd=auto \ + --enable-dnstap \ + --with-module-dnstap=yes \ + $(RECVMMSG) \ + $(FASTPARSER) \ + --disable-silent-rules \ + --enable-xdp=yes \ + --disable-static + +override_dh_auto_configure-indep: + $(PYBUILD) --configure + +override_dh_auto_build-indep: + dh_auto_build -- html + $(PYBUILD) --build + +override_dh_auto_install-arch: + dh_auto_install -- install + # rename knot.sample.conf to knot.conf + mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf + # Some workarounds for Debian Stretch and Ubuntu Xenial + @if [ -f "$(CURDIR)/debian/tmp/usr/sbin/kxdpgun" ]; then \ + echo "Embedded XDP enabled"; \ + elif [ -f "$(LIBKNOT_SYMBOLS)" ]; then \ + echo "No XDP"; \ + touch $(CURDIR)/debian/tmp/usr/share/man/man8/kxdpgun.8; \ + printf '#!/bin/sh\n\necho "kxdpgun not available"\n' > $(CURDIR)/debian/tmp/usr/sbin/kxdpgun; \ + sed -i -E '/knot_xdp_|knot_eth_|KNOT_XDP_/d' $(LIBKNOT_SYMBOLS); \ + else \ + echo "No XDP, no libknot symbols"; \ + touch $(CURDIR)/debian/tmp/usr/share/man/man8/kxdpgun.8; \ + printf '#!/bin/sh\n\necho "kxdpgun not available"\n' > $(CURDIR)/debian/tmp/usr/sbin/kxdpgun; \ + fi + +override_dh_auto_install-indep: + dh_auto_install -- install-html + # rename knot.sample.conf to knot.conf + mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf + $(PYBUILD) --install + +override_dh_auto_test-indep: +override_dh_auto_test-arch: + $(RUN_TEST) dh_auto_test + +override_dh_missing: + dh_missing --fail-missing + +override_dh_installchangelogs: + dh_installchangelogs NEWS diff --git a/distro/deb/source/format b/distro/deb/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/distro/deb/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/distro/deb/tests/control b/distro/deb/tests/control new file mode 100644 index 0000000..559a8f7 --- /dev/null +++ b/distro/deb/tests/control @@ -0,0 +1,2 @@ +Tests: kdig +Depends: knot-dnsutils, ca-certificates diff --git a/distro/deb/tests/kdig b/distro/deb/tests/kdig new file mode 100755 index 0000000..a2f388e --- /dev/null +++ b/distro/deb/tests/kdig @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +expected=93.184.216.34 +answer=$(kdig +short +tls-ca +tls-hostname=dns.cmrg.net @dns.cmrg.net example.org) + +if [ "$answer" != "$expected" ]; then + printf "expected: %s\ngot: %s\n" "$expected" "$answer" >&2 + kdig +tls-ca +tls-hostname=dns.cmrg.net @dns.cmrg.net example.org +fi diff --git a/distro/deb/ufw/knot b/distro/deb/ufw/knot new file mode 100644 index 0000000..ee36916 --- /dev/null +++ b/distro/deb/ufw/knot @@ -0,0 +1,4 @@ +[Knot] +title=Internet Domain Name Server +description=The Knot DNS implements an Internet domain name server. +ports=53 diff --git a/distro/deb/watch b/distro/deb/watch new file mode 100644 index 0000000..a763cd4 --- /dev/null +++ b/distro/deb/watch @@ -0,0 +1,4 @@ +version=3 +opts=uversionmangle=s/-((alpha|beta|rc)\d*)$/~$1/,pgpsigurlmangle=s/$/.asc/,dversionmangle=s/\+hotfix// \ +https://secure.nic.cz/files/knot-dns/ \ +(?:|.*/)knot(?:[_\-]v?|)(\d\S*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) |