summaryrefslogtreecommitdiffstats
path: root/distro/pkg
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--distro/pkg/arch/PKGBUILD71
-rw-r--r--distro/pkg/deb/changelog6
-rw-r--r--distro/pkg/deb/clean3
-rw-r--r--distro/pkg/deb/compat1
-rw-r--r--distro/pkg/deb/control140
-rw-r--r--distro/pkg/deb/copyright440
-rw-r--r--distro/pkg/deb/knot-resolver-doc.doc-base11
-rw-r--r--distro/pkg/deb/knot-resolver-doc.docs3
-rw-r--r--distro/pkg/deb/knot-resolver-doc.links2
-rw-r--r--distro/pkg/deb/knot-resolver-module-dnstap.install1
-rw-r--r--distro/pkg/deb/knot-resolver-module-http.install7
-rw-r--r--distro/pkg/deb/knot-resolver-module-http.links5
-rw-r--r--distro/pkg/deb/knot-resolver-module-http.preinst26
-rw-r--r--distro/pkg/deb/knot-resolver.dirs2
-rw-r--r--distro/pkg/deb/knot-resolver.docs4
-rw-r--r--distro/pkg/deb/knot-resolver.install38
-rw-r--r--distro/pkg/deb/knot-resolver.links2
-rw-r--r--distro/pkg/deb/knot-resolver.manpages2
-rw-r--r--distro/pkg/deb/knot-resolver.postinst38
-rw-r--r--distro/pkg/deb/knot-resolver.postrm9
-rw-r--r--distro/pkg/deb/knot-resolver.preinst26
-rw-r--r--distro/pkg/deb/knot-resolver.triggers1
-rw-r--r--distro/pkg/deb/not-installed7
-rwxr-xr-xdistro/pkg/deb/rules51
-rw-r--r--distro/pkg/deb/source/format1
-rw-r--r--distro/pkg/nix/default.nix126
-rw-r--r--distro/pkg/nix/top-level.nix12
-rw-r--r--distro/pkg/rpm/knot-resolver.spec384
28 files changed, 1419 insertions, 0 deletions
diff --git a/distro/pkg/arch/PKGBUILD b/distro/pkg/arch/PKGBUILD
new file mode 100644
index 0000000..7eea556
--- /dev/null
+++ b/distro/pkg/arch/PKGBUILD
@@ -0,0 +1,71 @@
+# Maintainer: Tomas Krizek <tomas.krizek@nic.cz>
+# Contributor: Ondřej Surý <ondrej@sury.org>
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+pkgname=knot-resolver
+pkgver={{ version }}
+pkgrel={{ release }}
+pkgdesc='Caching DNSSEC-validating DNS resolver'
+arch=('x86_64' 'armv7h')
+url='https://www.knot-resolver.cz/'
+license=('GPL3')
+depends=(
+ 'dnssec-anchors'
+ 'gnutls'
+ 'knot'
+ 'libedit'
+ 'libuv'
+ 'lmdb'
+ 'luajit'
+ 'systemd'
+ 'libcap-ng'
+ 'libnghttp2'
+ 'jemalloc'
+)
+makedepends=(
+ 'cmocka'
+ 'meson'
+ 'systemd-libs'
+)
+optdepends=(
+ 'lua51-basexx: experimental_dot_auth module'
+ 'lua51-cqueues: http and dns64 module, policy.rpz() function'
+ 'lua51-http: http and prefill modules, trust_anchors bootstrap'
+ 'lua51-psl: policy.slice_randomize_psl() function'
+)
+backup=('etc/knot-resolver/kresd.conf')
+options=(debug strip)
+source=("knot-resolver-${pkgver}.tar.xz")
+sha256sums=('SKIP')
+
+build() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ meson build \
+ --buildtype=release \
+ --prefix=/usr \
+ --sbindir=bin \
+ -D keyfile_default=/etc/trusted-key.key \
+ -D systemd_files=enabled \
+ -D client=enabled \
+ -D install_kresd_conf=enabled \
+ -D malloc=jemalloc \
+ -D unit_tests=enabled
+ ninja -C build
+}
+
+check() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ meson test -C build
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ DESTDIR=${pkgdir} ninja -C build install
+
+ # add kresd.target to multi-user.target.wants to support enabling kresd services
+ install -d -m 0755 "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants"
+ ln -s ../kresd.target "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants/kresd.target"
+
+ # remove modules with missing dependencies
+ rm "${pkgdir}/usr/lib/knot-resolver/kres_modules/etcd.lua"
+}
diff --git a/distro/pkg/deb/changelog b/distro/pkg/deb/changelog
new file mode 100644
index 0000000..e1e7de9
--- /dev/null
+++ b/distro/pkg/deb/changelog
@@ -0,0 +1,6 @@
+knot-resolver ({{ version }}-cznic.{{ release }}) unstable; urgency=medium
+
+ * upstream package
+ * see NEWS or https://knot-resolver.cz
+
+ -- Jakub Ružička <jakub.ruzicka@nic.cz> {{ now }}
diff --git a/distro/pkg/deb/clean b/distro/pkg/deb/clean
new file mode 100644
index 0000000..3c2f3ba
--- /dev/null
+++ b/distro/pkg/deb/clean
@@ -0,0 +1,3 @@
+build_deb/
+doc/doxyxml/
+doc/html/
diff --git a/distro/pkg/deb/compat b/distro/pkg/deb/compat
new file mode 100644
index 0000000..b4de394
--- /dev/null
+++ b/distro/pkg/deb/compat
@@ -0,0 +1 @@
+11
diff --git a/distro/pkg/deb/control b/distro/pkg/deb/control
new file mode 100644
index 0000000..275dae5
--- /dev/null
+++ b/distro/pkg/deb/control
@@ -0,0 +1,140 @@
+Source: knot-resolver
+Section: net
+Priority: optional
+Maintainer: Knot Resolver <knot-resolver@labs.nic.cz>
+Build-Depends:
+ debhelper (>= 11~),
+ libcmocka-dev (>= 1.0.0),
+ libedit-dev,
+ libfstrm-dev,
+ libgnutls28-dev,
+ libknot-dev (>= 3.0.2),
+ liblmdb-dev,
+ libluajit-5.1-dev,
+ libnghttp2-dev,
+ libprotobuf-c-dev,
+ libsystemd-dev (>= 227) [linux-any],
+ libcap-ng-dev,
+ libuv1-dev,
+ libjemalloc-dev,
+ luajit,
+ pkg-config,
+ meson (>= 0.49),
+ doxygen,
+ protobuf-c-compiler,
+ python3-breathe,
+ python3-sphinx,
+ python3-sphinx-rtd-theme,
+ texinfo,
+ libssl-dev,
+Homepage: https://www.knot-resolver.cz/
+
+Package: knot-resolver
+Architecture: any
+Depends:
+ adduser,
+ dns-root-data,
+ systemd,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Replaces:
+ libkres9 (<< 3.2.1-2),
+Breaks:
+ libkres9 (<< 3.2.1-2),
+Recommends:
+ lua-basexx,
+ lua-cqueues,
+ lua-http,
+ lua-psl,
+Suggests:
+ knot-resolver-module-http,
+Description: caching, DNSSEC-validating DNS resolver
+ The Knot Resolver is a caching full resolver implementation
+ written in C and LuaJIT, including both a resolver library and a
+ daemon. Modular architecture of the library keeps the core tiny and
+ efficient, and provides a state-machine like API for
+ extensions. There are three built-in modules - iterator, cache,
+ validator, and many external.
+ .
+ The Lua modules, switchable and shareable cache, and fast FFI
+ bindings makes it great to tap into resolution process, or be used
+ for your recursive DNS service. It's the OpenResty of DNS.
+ .
+ The server adopts a different scaling strategy than the rest of the
+ DNS recursors - no threading, shared-nothing architecture (except
+ MVCC cache that may be shared). You can start and stop additional
+ nodes depending on the contention without downtime.
+
+Package: knot-resolver-dbg
+Architecture: any
+Depends: knot-resolver (= ${binary:Version}),
+ ${misc:Depends}
+Recommends: gdb
+Section: debug
+Priority: extra
+Description: Debug symbols for Knot Resolver
+ This package provides the debug symbols for Knot Resolver needed
+ for properly debugging errors in Knot Resolver with gdb.
+
+Package: knot-resolver-module-dnstap
+Architecture: any
+Multi-Arch: same
+Depends:
+ knot-resolver (= ${binary:Version}),
+ libfstrm0,
+ libprotobuf-c1,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: dnstap module for Knot Resolver
+ The Knot Resolver is a caching full resolver implementation
+ written in C and LuaJIT, including both a resolver library and a
+ daemon. Modular architecture of the library keeps the core tiny and
+ efficient, and provides a state-machine like API for
+ extensions. There are three built-in modules - iterator, cache,
+ validator, and many external.
+ .
+ This package contains dnstap module for logging DNS responses
+ to a unix socket in dnstap format.
+
+Package: knot-resolver-module-http
+Architecture: all
+Depends:
+ knot-resolver (= ${binary:Version}),
+ libjs-bootstrap,
+ libjs-d3,
+ libjs-jquery,
+ lua-cqueues (>= 20171014),
+ lua-http,
+ lua-mmdb,
+ systemd,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Breaks:
+ knot-resolver-module-tinyweb (<< 1.1.0~git20160713-1~),
+Description: HTTP module for Knot Resolver
+ The Knot Resolver is a caching full resolver implementation
+ written in C and LuaJIT, including both a resolver library and a
+ daemon. Modular architecture of the library keeps the core tiny and
+ efficient, and provides a state-machine like API for
+ extensions. There are three built-in modules - iterator, cache,
+ validator, and many external.
+ .
+ This package contains HTTP/2 module for local visualization of the
+ resolver cache and queries.
+
+Package: knot-resolver-doc
+Architecture: all
+Section: doc
+Depends:
+ libjs-jquery,
+ libjs-underscore,
+ ${misc:Depends},
+Description: Documentation for Knot Resolver
+ The Knot Resolver is a caching full resolver implementation
+ written in C and LuaJIT, including both a resolver library and a
+ daemon. Modular architecture of the library keeps the core tiny and
+ efficient, and provides a state-machine like API for
+ extensions. There are three built-in modules - iterator, cache,
+ validator, and many external.
+ .
+ This package contains Knot Resolver Documentation.
diff --git a/distro/pkg/deb/copyright b/distro/pkg/deb/copyright
new file mode 100644
index 0000000..96e23ca
--- /dev/null
+++ b/distro/pkg/deb/copyright
@@ -0,0 +1,440 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: knot-resolver
+Source: https://www.knot-resolver.cz/
+
+Files: *
+Copyright: CZ.NIC
+License: GPL-3.0+
+
+Files: contrib/ccan/asprintf/*
+Copyright: Rusty Russell
+License: Expat
+
+Files: contrib/ccan/compiler/*
+Copyright: Rusty Russell
+License: CC0
+
+Files: tests/config/tapered/*
+Copyright: 2012-2017, Peter Aronoff
+License: BSD-3-clause
+
+Files: contrib/lmdb/*
+Copyright: 1999-2003 The OpenLDAP Foundation
+License: OpenLDAP
+
+Files: tests/deckard/contrib/libfaketime/*
+Copyright: 2003-2017 Wolfgang Hommel
+License: GPL-2
+
+Files: tests/deckard/contrib/libswrap/*
+Copyright: 2005,2008 Jelmer Vernooij <jelmer@samba.org>
+ 2006-2009 Stefan Metzmacher <metze@samba.org>
+ 2013 Andreas Schneider <asn@samba.org>
+License: BSD-3-clause
+
+Files: contrib/murmurhash3/*
+Copyright: Austin Appleby
+License: CC0-1.0
+
+Files: debian/missing-sources/dygraph-combined.js
+ modules/http/static/dygraph-combined.js
+Copyright: 2006-2014 Dan Vanderkam <danvdk@gmail.com>
+ 2016 Paul Miller
+ 2011 Robert Konigsberg <konigsberg@google.com>
+ 2013 David Eberlein <david.eberlein@ch.sauter-bc.com>
+License: MIT
+
+Files: contrib/ucw/*
+Copyright: 1997-2015 Martin Mares
+ 2005-2014 Tomas Valla
+ 2006 Robert Spalek
+ 2007-2015 Pavel Charvat
+License: LGPL-2.1
+
+Files: contrib/ccan/json/*
+Copyright: 2011 Joey Adams
+License: Expat
+
+Files: modules/policy/lua-aho-corasick/*
+Copyright: 2013 CloudFlare, Inc.
+License: BSD-3-CloudFlare
+
+Files: modules/http/static/jquery.js
+Copyright: 2005-2011 John Resig, Brandon Aaron & Jörn Zaefferer
+License: GPL-2 or Expat
+
+Files: modules/http/static/d3.js
+ modules/http/static/topojson.js
+Copyright: 2010-2015 Michael Bostock
+License: BSD-3-clause
+
+Files: modules/http/static/epoch.*
+ debian/missing-sources/epoch/*
+ debian/missing-sources/epoch.*
+Copyright: 2014 Fastly, Inc.
+License: Expat
+
+Files: modules/http/static/datamaps.world.min.js
+Copyright: 2012 Mark DiMarco
+License: Expat
+
+Files: modules/http/static/bootstrap.min.css
+ modules/http/static/bootstrap.min.js
+ modules/http/static/bootstrap-theme.min.css
+ modules/http/static/glyphicons-halflings-regular.woff2
+Copyright: 2012-2016 Thomas Park
+ 2011-2015 Twitter, Inc.
+License: Expat
+
+Files: modules/http/static/selectize.bootstrap3.min.css
+ modules/http/static/selectize.min.css
+ modules/http/static/selectize.min.js
+Copyright: 2013–2015 Brian Reavis & contributors
+License: Apache-2.0
+
+Files: debian/*
+Copyright: 2015 Ondřej Surý <ondrej@debian.org>
+License: GPL-3.0+
+
+License: LGPL-2.1
+ This library is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of the
+ License, or (at your option) any later version.
+ .
+ This library is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/LGPL-2.1".
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ SOFTWARE.
+
+License: CC0
+ Statement of Purpose
+ .
+ The laws of most jurisdictions throughout the world automatically
+ confer exclusive Copyright and Related Rights (defined below) upon
+ the creator and subsequent owner(s) (each and all, an "owner") of an
+ original work of authorship and/or a database (each, a "Work").
+ .
+ Certain owners wish to permanently relinquish those rights to a Work
+ for the purpose of contributing to a commons of creative, cultural
+ and scientific works ("Commons") that the public can reliably and
+ without fear of later claims of infringement build upon, modify,
+ incorporate in other works, reuse and redistribute as freely as
+ possible in any form whatsoever and for any purposes, including
+ without limitation commercial purposes. These owners may contribute
+ to the Commons to promote the ideal of a free culture and the further
+ production of creative, cultural and scientific works, or to gain
+ reputation or greater distribution for their Work in part through the
+ use and efforts of others.
+ .
+ For these and/or other purposes and motivations, and without any
+ expectation of additional consideration or compensation, the person
+ associating CC0 with a Work (the "Affirmer"), to the extent that he
+ or she is an owner of Copyright and Related Rights in the Work,
+ voluntarily elects to apply CC0 to the Work and publicly distribute
+ the Work under its terms, with knowledge of his or her Copyright and
+ Related Rights in the Work and the meaning and intended legal effect
+ of CC0 on those rights.
+ .
+ 1. Copyright and Related Rights. A Work made available under CC0 may
+ be protected by copyright and related or neighboring rights
+ ("Copyright and Related Rights"). Copyright and Related Rights
+ include, but are not limited to, the following:
+ .
+ i. the right to reproduce, adapt, distribute, perform, display,
+ communicate, and translate a Work;
+ ii. moral rights retained by the original author(s) and/or
+ performer(s);
+ iii. publicity and privacy rights pertaining to a person's image or
+ likeness depicted in a Work;
+ iv. rights protecting against unfair competition in regards to a
+ Work, subject to the limitations in paragraph 4(a), below;
+ v. rights protecting the extraction, dissemination, use and reuse
+ of data in a Work;
+ vi. database rights (such as those arising under Directive 96/9/EC
+ of the European Parliament and of the Council of 11 March 1996
+ on the legal protection of databases, and under any national
+ implementation thereof, including any amended or successor
+ version of such directive); and
+ vii. other similar, equivalent or corresponding rights throughout
+ the world based on applicable law or treaty, and any national
+ implementations thereof.
+ .
+ 2. Waiver. To the greatest extent permitted by, but not in
+ contravention of, applicable law, Affirmer hereby overtly, fully,
+ permanently, irrevocably and unconditionally waives, abandons, and
+ surrenders all of Affirmer's Copyright and Related Rights and
+ associated claims and causes of action, whether now known or
+ unknown (including existing as well as future claims and causes of
+ action), in the Work (i) in all territories worldwide, (ii) for
+ the maximum duration provided by applicable law or treaty
+ (including future time extensions), (iii) in any current or future
+ medium and for any number of copies, and (iv) for any purpose
+ whatsoever, including without limitation commercial, advertising
+ or promotional purposes (the "Waiver"). Affirmer makes the Waiver
+ for the benefit of each member of the public at large and to the
+ detriment of Affirmer's heirs and successors, fully intending that
+ such Waiver shall not be subject to revocation, rescission,
+ cancellation, termination, or any other legal or equitable action
+ to disrupt the quiet enjoyment of the Work by the public as
+ contemplated by Affirmer's express Statement of Purpose.
+ .
+ 3. Public License Fallback. Should any part of the Waiver for any
+ reason be judged legally invalid or ineffective under applicable
+ law, then the Waiver shall be preserved to the maximum extent
+ permitted taking into account Affirmer's express Statement of
+ Purpose. In addition, to the extent the Waiver is so judged
+ Affirmer hereby grants to each affected person a royalty-free, non
+ transferable, non sublicensable, non exclusive, irrevocable and
+ unconditional license to exercise Affirmer's Copyright and Related
+ Rights in the Work (i) in all territories worldwide, (ii) for the
+ maximum duration provided by applicable law or treaty (including
+ future time extensions), (iii) in any current or future medium and
+ for any number of copies, and (iv) for any purpose whatsoever,
+ including without limitation commercial, advertising or
+ promotional purposes (the "License"). The License shall be deemed
+ effective as of the date CC0 was applied by Affirmer to the
+ Work. Should any part of the License for any reason be judged
+ legally invalid or ineffective under applicable law, such partial
+ invalidity or ineffectiveness shall not invalidate the remainder
+ of the License, and in such case Affirmer hereby affirms that he
+ or she will not (i) exercise any of his or her remaining Copyright
+ and Related Rights in the Work or (ii) assert any associated
+ claims and causes of action with respect to the Work, in either
+ case contrary to Affirmer's express Statement of Purpose.
+ .
+ 4. Limitations and Disclaimers.
+ .
+ a. No trademark or patent rights held by Affirmer are waived,
+ abandoned, surrendered, licensed or otherwise affected by this
+ document.
+ b. Affirmer offers the Work as-is and makes no representations or
+ warranties of any kind concerning the Work, express, implied,
+ statutory or otherwise, including without limitation warranties
+ of title, merchantability, fitness for a particular purpose, non
+ infringement, or the absence of latent or other defects,
+ accuracy, or the present or absence of errors, whether or not
+ discoverable, all to the greatest extent permissible under
+ applicable law.
+ c. Affirmer disclaims responsibility for clearing rights of other
+ persons that may apply to the Work or any use thereof, including
+ without limitation any person's Copyright and Related Rights in
+ the Work. Further, Affirmer disclaims responsibility for
+ obtaining any necessary consents, permissions or other rights
+ required for any use of the Work.
+ d. Affirmer understands and acknowledges that Creative Commons is
+ not a party to this document and has no duty or obligation with
+ respect to this CC0 or use of the Work.
+
+License: BSD-3-CloudFlare
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ .
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+ .
+ 3. Neither the name of CloudFlare, Inc. nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: BSD-3-clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ .
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ 3. Neither the name of the author nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
+
+License: GPL-2
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ .
+ On Debian systems, the complete text of the GNU General Public
+ License version 2 can be found in "/usr/share/common-licenses/GPL-2".
+
+License: Apache-2.0
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+ .
+ https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the full text of the Apache Software License version 2 can
+ be found in the file `/usr/share/common-licenses/Apache-2.0'.
+
+License: MIT
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ SOFTWARE.
+
+License: OpenLDAP
+ Redistribution and use of this software and associated documentation
+ ("Software"), with or without modification, are permitted provided
+ that the following conditions are met:
+ .
+ 1. Redistributions in source form must retain copyright statements
+ and notices,
+ .
+ 2. Redistributions in binary form must reproduce applicable copyright
+ statements and notices, this list of conditions, and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution, and
+ .
+ 3. Redistributions must contain a verbatim copy of this document.
+ .
+ The OpenLDAP Foundation may revise this license from time to time.
+ Each revision is distinguished by a version number. You may use
+ this Software under terms of this license revision or under the
+ terms of any subsequent revision of the license.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
+ CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
+ OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ .
+ The names of the authors and copyright holders must not be used in
+ advertising or otherwise to promote the sale, use or other dealing
+ in this Software without specific, written prior permission. Title
+ to copyright in this Software shall at all times remain with copyright
+ holders.
+ .
+ OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+License: CC0-1.0
+ This work is licensed under the "Creative Commons Zero" license.
+ .
+ On debian systems, a copy of the Creative Commons Zero license may be
+ found at /usr/share/common-licenses/CC0-1.0.
+
+License: public-domain
+ This work has been released into the public domain. The map
+ implementation builds off of prior public domain work from Dan
+ Bernstein (qhasm) and Adam Langley (critbit).
diff --git a/distro/pkg/deb/knot-resolver-doc.doc-base b/distro/pkg/deb/knot-resolver-doc.doc-base
new file mode 100644
index 0000000..9cd0fdf
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver-doc.doc-base
@@ -0,0 +1,11 @@
+Document: knot-resolver
+Title: Knot Resolver documentation
+Author: CZ.NIC labs
+Abstract: Documentation for the Knot Resolver,
+ including building from source, using the library,
+ and configuration and operation of the daemon.
+Section: Network/Communication
+
+Format: HTML
+Index: /usr/share/doc/knot-resolver/html/index.html
+Files: /usr/share/doc/knot-resolver/html/*.html
diff --git a/distro/pkg/deb/knot-resolver-doc.docs b/distro/pkg/deb/knot-resolver-doc.docs
new file mode 100644
index 0000000..c6f13d8
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver-doc.docs
@@ -0,0 +1,3 @@
+debian/tmp/usr/share/doc/knot-resolver/html/*
+debian/tmp/usr/share/info/knot-resolver.info
+debian/tmp/usr/share/info/knot-resolver-figures/*
diff --git a/distro/pkg/deb/knot-resolver-doc.links b/distro/pkg/deb/knot-resolver-doc.links
new file mode 100644
index 0000000..25e9584
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver-doc.links
@@ -0,0 +1,2 @@
+usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-resolver/html/_static/jquery.js
+usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-resolver/html/_static/underscore.js
diff --git a/distro/pkg/deb/knot-resolver-module-dnstap.install b/distro/pkg/deb/knot-resolver-module-dnstap.install
new file mode 100644
index 0000000..ae5404e
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver-module-dnstap.install
@@ -0,0 +1 @@
+usr/lib/knot-resolver/kres_modules/dnstap.so
diff --git a/distro/pkg/deb/knot-resolver-module-http.install b/distro/pkg/deb/knot-resolver-module-http.install
new file mode 100644
index 0000000..ffa04d0
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver-module-http.install
@@ -0,0 +1,7 @@
+usr/lib/knot-resolver/kres_modules/http*.lua
+usr/lib/knot-resolver/kres_modules/prometheus.lua
+usr/lib/knot-resolver/kres_modules/http/*.css
+usr/lib/knot-resolver/kres_modules/http/*.ico
+usr/lib/knot-resolver/kres_modules/http/*.js
+usr/lib/knot-resolver/kres_modules/http/*.tpl
+usr/lib/knot-resolver/kres_modules/http/*.woff2
diff --git a/distro/pkg/deb/knot-resolver-module-http.links b/distro/pkg/deb/knot-resolver-module-http.links
new file mode 100644
index 0000000..4963c5c
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver-module-http.links
@@ -0,0 +1,5 @@
+usr/share/javascript/bootstrap/css/bootstrap-theme.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap-theme.min.css
+usr/share/javascript/bootstrap/css/bootstrap.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap.min.css
+usr/share/javascript/bootstrap/js/bootstrap.min.js usr/lib/knot-resolver/kres_modules/http/bootstrap.min.js
+usr/share/javascript/d3/d3.min.js usr/lib/knot-resolver/kres_modules/http/d3.js
+usr/share/javascript/jquery/jquery.min.js usr/lib/knot-resolver/kres_modules/http/jquery.js
diff --git a/distro/pkg/deb/knot-resolver-module-http.preinst b/distro/pkg/deb/knot-resolver-module-http.preinst
new file mode 100644
index 0000000..c2bd87d
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver-module-http.preinst
@@ -0,0 +1,26 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-3.0-or-later
+set -e
+
+# upgrade-4-to-5
+if [ -f /lib/systemd/system/kresd-doh.socket ] ; then
+ export UPG_DIR=/var/lib/knot-resolver/.upgrade-4-to-5
+ mkdir -p ${UPG_DIR}
+ touch ${UPG_DIR}/.unfinished
+
+ for sock in kresd-webmgmt.socket kresd-doh.socket ; do
+ if systemctl is-enabled ${sock} 2>/dev/null | grep -qv masked ; then
+ systemctl show ${sock} -p Listen > ${UPG_DIR}/${sock}
+ case "$(systemctl show ${sock} -p BindIPv6Only)" in
+ *ipv6-only)
+ touch ${UPG_DIR}/${sock}.v6only
+ ;;
+ *default)
+ if cat /proc/sys/net/ipv6/bindv6only | grep -q 1 ; then
+ touch ${UPG_DIR}/${sock}.v6only
+ fi
+ ;;
+ esac
+ fi
+ done
+fi
diff --git a/distro/pkg/deb/knot-resolver.dirs b/distro/pkg/deb/knot-resolver.dirs
new file mode 100644
index 0000000..f8981d8
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver.dirs
@@ -0,0 +1,2 @@
+/var/lib/knot-resolver
+/var/cache/knot-resolver
diff --git a/distro/pkg/deb/knot-resolver.docs b/distro/pkg/deb/knot-resolver.docs
new file mode 100644
index 0000000..8e919d0
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver.docs
@@ -0,0 +1,4 @@
+debian/tmp/usr/share/doc/knot-resolver/AUTHORS
+debian/tmp/usr/share/doc/knot-resolver/COPYING
+debian/tmp/usr/share/doc/knot-resolver/NEWS
+debian/tmp/usr/share/doc/knot-resolver/examples
diff --git a/distro/pkg/deb/knot-resolver.install b/distro/pkg/deb/knot-resolver.install
new file mode 100644
index 0000000..7e4af15
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver.install
@@ -0,0 +1,38 @@
+etc/knot-resolver/kresd.conf
+usr/lib/systemd/system/kresd@.service lib/systemd/system/
+usr/lib/systemd/system/kres-cache-gc.service lib/systemd/system/
+usr/lib/systemd/system/kresd.target lib/systemd/system/
+usr/lib/*.so.*
+usr/lib/tmpfiles.d/knot-resolver.conf
+usr/lib/knot-resolver/*.so
+usr/lib/knot-resolver/*.lua
+usr/lib/knot-resolver/kres_modules/bogus_log.so
+usr/lib/knot-resolver/kres_modules/edns_keepalive.so
+usr/lib/knot-resolver/kres_modules/extended_error.so
+usr/lib/knot-resolver/kres_modules/hints.so
+usr/lib/knot-resolver/kres_modules/nsid.so
+usr/lib/knot-resolver/kres_modules/refuse_nord.so
+usr/lib/knot-resolver/kres_modules/stats.so
+usr/lib/knot-resolver/kres_modules/daf.lua
+usr/lib/knot-resolver/kres_modules/daf/*
+usr/lib/knot-resolver/kres_modules/detect_time_jump.lua
+usr/lib/knot-resolver/kres_modules/detect_time_skew.lua
+usr/lib/knot-resolver/kres_modules/dns64.lua
+usr/lib/knot-resolver/kres_modules/experimental_dot_auth.lua
+usr/lib/knot-resolver/kres_modules/graphite.lua
+usr/lib/knot-resolver/kres_modules/policy.lua
+usr/lib/knot-resolver/kres_modules/predict.lua
+usr/lib/knot-resolver/kres_modules/prefill.lua
+usr/lib/knot-resolver/kres_modules/priming.lua
+usr/lib/knot-resolver/kres_modules/rebinding.lua
+usr/lib/knot-resolver/kres_modules/renumber.lua
+usr/lib/knot-resolver/kres_modules/serve_stale.lua
+usr/lib/knot-resolver/kres_modules/ta_sentinel.lua
+usr/lib/knot-resolver/kres_modules/ta_signal_query.lua
+usr/lib/knot-resolver/kres_modules/ta_update.lua
+usr/lib/knot-resolver/kres_modules/view.lua
+usr/lib/knot-resolver/kres_modules/watchdog.lua
+usr/lib/knot-resolver/kres_modules/workarounds.lua
+usr/sbin/kresc
+usr/sbin/kresd
+usr/sbin/kres-cache-gc
diff --git a/distro/pkg/deb/knot-resolver.links b/distro/pkg/deb/knot-resolver.links
new file mode 100644
index 0000000..8196524
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver.links
@@ -0,0 +1,2 @@
+dev/null lib/systemd/system/kresd.service
+lib/systemd/system/kresd.target lib/systemd/system/multi-user.target.wants/kresd.target
diff --git a/distro/pkg/deb/knot-resolver.manpages b/distro/pkg/deb/knot-resolver.manpages
new file mode 100644
index 0000000..101a4ac
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver.manpages
@@ -0,0 +1,2 @@
+debian/tmp/usr/share/man/man8/kresd.8*
+debian/tmp/usr/share/man/man7/kresd.systemd.7*
diff --git a/distro/pkg/deb/knot-resolver.postinst b/distro/pkg/deb/knot-resolver.postinst
new file mode 100644
index 0000000..fb2bce2
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver.postinst
@@ -0,0 +1,38 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-3.0-or-later
+set -e
+
+# upgrade-4-to-5
+export UPG_DIR=/var/lib/knot-resolver/.upgrade-4-to-5
+if [ -f ${UPG_DIR}/.unfinished ] ; then
+ rm -f ${UPG_DIR}/.unfinished
+ kresd -c /usr/lib/knot-resolver/upgrade-4-to-5.lua >/dev/null 2>/dev/null
+ echo "\n !!! WARNING !!!"
+ echo "Knot Resolver configuration file requires manual upgrade.\n"
+ cat ${UPG_DIR}/kresd.conf.net 2>/dev/null
+fi
+
+if [ "$1" = "configure" ]; then
+ adduser --quiet --system --group --no-create-home --home /var/cache/knot-resolver knot-resolver
+fi
+
+# Restart any running kresd instances if the root key is updated.
+# Note: if knot-resolver upstream watches this file and reloads it
+# upon a change, we can and should remove this trigger.
+if [ "$1" = "triggered" ]; then
+ if [ "$2" = "/usr/share/dns/root.key" ]; then
+ # use daemon-reload to load any unit changes
+ systemctl daemon-reload || true
+ # systemctl of the sub-services is the preferred method to restart
+ systemctl try-restart 'kresd@*.service' kres-cache-gc.service || true
+ fi
+ exit 0
+fi
+
+if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
+ systemctl daemon-reload || true
+ systemd-tmpfiles --create /usr/lib/tmpfiles.d/knot-resolver.conf
+ systemctl try-restart 'kresd@*.service' kres-cache-gc.service || true
+fi
+
+#DEBHELPER#
diff --git a/distro/pkg/deb/knot-resolver.postrm b/distro/pkg/deb/knot-resolver.postrm
new file mode 100644
index 0000000..4c8a1ea
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver.postrm
@@ -0,0 +1,9 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-3.0-or-later
+set -e
+
+if [ "$1" = "remove" ]; then
+ systemctl stop system-kresd.slice || true
+fi
+
+#DEBHELPER#
diff --git a/distro/pkg/deb/knot-resolver.preinst b/distro/pkg/deb/knot-resolver.preinst
new file mode 100644
index 0000000..1f8f589
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver.preinst
@@ -0,0 +1,26 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-3.0-or-later
+set -e
+
+# upgrade-4-to-5
+if [ -f /lib/systemd/system/kresd.socket ] ; then
+ export UPG_DIR=/var/lib/knot-resolver/.upgrade-4-to-5
+ mkdir -p ${UPG_DIR}
+ touch ${UPG_DIR}/.unfinished
+
+ for sock in kresd.socket kresd-tls.socket ; do
+ if systemctl is-enabled ${sock} 2>/dev/null | grep -qv masked ; then
+ systemctl show ${sock} -p Listen > ${UPG_DIR}/${sock}
+ case "$(systemctl show ${sock} -p BindIPv6Only)" in
+ *ipv6-only)
+ touch ${UPG_DIR}/${sock}.v6only
+ ;;
+ *default)
+ if cat /proc/sys/net/ipv6/bindv6only | grep -q 1 ; then
+ touch ${UPG_DIR}/${sock}.v6only
+ fi
+ ;;
+ esac
+ fi
+ done
+fi
diff --git a/distro/pkg/deb/knot-resolver.triggers b/distro/pkg/deb/knot-resolver.triggers
new file mode 100644
index 0000000..e8d8246
--- /dev/null
+++ b/distro/pkg/deb/knot-resolver.triggers
@@ -0,0 +1 @@
+interest-noawait /usr/share/dns/root.key
diff --git a/distro/pkg/deb/not-installed b/distro/pkg/deb/not-installed
new file mode 100644
index 0000000..f527e79
--- /dev/null
+++ b/distro/pkg/deb/not-installed
@@ -0,0 +1,7 @@
+usr/lib/knot-resolver/kres_modules/http/LICENSE
+usr/lib/knot-resolver/kres_modules/etcd.lua
+debian/tmp/usr/share/doc/knot-resolver/html/.buildinfo
+usr/include/libkres/*.h
+usr/lib/*.so
+usr/lib/pkgconfig/libkres.pc
+usr/lib/sysusers.d/knot-resolver.conf
diff --git a/distro/pkg/deb/rules b/distro/pkg/deb/rules
new file mode 100755
index 0000000..c577476
--- /dev/null
+++ b/distro/pkg/deb/rules
@@ -0,0 +1,51 @@
+#!/usr/bin/make -f
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# see FEATURE AREAS in dpkg-buildflags(1)
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
+
+# see ENVIRONMENT in dpkg-buildflags(1)
+# package maintainers to append CFLAGS
+export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic -fno-omit-frame-pointer
+# package maintainers to append LDFLAGS
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/*
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/default.mk
+
+export ARCH=$(DEB_HOST_GNU_CPU)
+
+%:
+ dh $@
+
+override_dh_auto_build:
+ meson build_deb \
+ --buildtype=plain \
+ --prefix=/usr \
+ --libdir=lib \
+ -Ddoc=enabled \
+ -Dsystemd_files=enabled \
+ -Dclient=enabled \
+ -Ddnstap=enabled \
+ -Dkeyfile_default=/usr/share/dns/root.key \
+ -Droot_hints=/usr/share/dns/root.hints \
+ -Dinstall_kresd_conf=enabled \
+ -Dunit_tests=enabled \
+ -Dmalloc=jemalloc \
+ -Dc_args="$${CFLAGS}" \
+ -Dc_link_args="$${LDFLAGS}"
+ ninja -v -C build_deb
+ ninja -v -C build_deb doc
+
+override_dh_auto_install:
+ DESTDIR="${PWD}/debian/tmp" ninja -v -C build_deb install
+
+override_dh_auto_test:
+ meson test -C build_deb
+
+override_dh_missing:
+ dh_missing --fail-missing
+
+override_dh_strip:
+ dh_strip --dbg-package=knot-resolver-dbg
diff --git a/distro/pkg/deb/source/format b/distro/pkg/deb/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/distro/pkg/deb/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/distro/pkg/nix/default.nix b/distro/pkg/nix/default.nix
new file mode 100644
index 0000000..16c66d0
--- /dev/null
+++ b/distro/pkg/nix/default.nix
@@ -0,0 +1,126 @@
+{ lib, stdenv, fetchurl
+# native deps.
+, runCommand, pkg-config, meson, ninja, makeWrapper
+# build+runtime deps.
+, knot-dns, luajitPackages, libuv, gnutls, lmdb
+, jemalloc, systemd, libcap_ng, dns-root-data, nghttp2 # optionals, in principle
+# test-only deps.
+, cmocka, which, cacert
+, extraFeatures ? false /* catch-all if defaults aren't enough */
+}:
+let # un-indented, over the whole file
+
+result = if extraFeatures then wrapped-full else unwrapped;
+
+inherit (lib) optional optionals optionalString;
+lua = luajitPackages;
+
+unwrapped = stdenv.mkDerivation rec {
+ pname = "knot-resolver";
+ version = "{{ version }}";
+
+ src = fetchurl {
+ url = "https://secure.nic.cz/files/knot-resolver/${pname}-${version}.tar.xz";
+ sha256 = "{{ src_hash }}";
+ };
+
+ outputs = [ "out" "dev" ];
+
+ # Path fixups for the NixOS service.
+ postPatch = ''
+ patch meson.build <<EOF
+ @@ -50,2 +50,2 @@
+ -systemd_work_dir = prefix / get_option('localstatedir') / 'lib' / 'knot-resolver'
+ -systemd_cache_dir = prefix / get_option('localstatedir') / 'cache' / 'knot-resolver'
+ +systemd_work_dir = '/var/lib/knot-resolver'
+ +systemd_cache_dir = '/var/cache/knot-resolver'
+ EOF
+
+ # ExecStart can't be overwritten in overrides.
+ # We need that to use wrapped executable and correct config file.
+ sed '/^ExecStart=/d' -i systemd/kresd@.service.in
+ ''
+ # some tests have issues with network sandboxing, apparently
+ + optionalString doInstallCheck ''
+ echo 'os.exit(77)' > daemon/lua/trust_anchors.test/bootstrap.test.lua
+ sed -E '/^[[:blank:]]*test_(dstaddr|headers),?$/d' -i \
+ tests/config/doh2.test.lua modules/http/http_doh.test.lua
+ '';
+
+ preConfigure = ''
+ patchShebangs scripts/
+ '';
+
+ nativeBuildInputs = [ pkg-config meson ninja ];
+
+ # http://knot-resolver.readthedocs.io/en/latest/build.html#requirements
+ buildInputs = [ knot-dns lua.lua libuv gnutls lmdb ]
+ ++ optionals stdenv.isLinux [ systemd libcap_ng ]
+ ++ [ jemalloc nghttp2 ]
+ ## optional dependencies; TODO: dnstap
+ ;
+
+ mesonFlags = [
+ "-Dkeyfile_default=${dns-root-data}/root.ds"
+ "-Droot_hints=${dns-root-data}/root.hints"
+ "-Dinstall_kresd_conf=disabled" # not really useful; examples are inside share/doc/
+ "-Dmalloc=jemalloc"
+ "--default-library=static" # not used by anyone
+ ]
+ ++ optional doInstallCheck "-Dunit_tests=enabled"
+ ++ optional (doInstallCheck && !stdenv.isDarwin) "-Dconfig_tests=enabled"
+ ++ optional stdenv.isLinux "-Dsystemd_files=enabled" # used by NixOS service
+ #"-Dextra_tests=enabled" # not suitable as in-distro tests; many deps, too.
+ ;
+
+ postInstall = ''
+ rm "$out"/lib/libkres.a
+ rm "$out"/lib/knot-resolver/upgrade-4-to-5.lua # not meaningful on NixOS
+ '' + optionalString stdenv.targetPlatform.isLinux ''
+ rm -r "$out"/lib/sysusers.d/ # ATM more likely to harm than help
+ '';
+
+ doInstallCheck = with stdenv; hostPlatform == buildPlatform
+ && !(isDarwin && isAarch64); # avoid luarocks, as it's broken ATM on the platform
+ installCheckInputs = [ cmocka which cacert lua.cqueues lua.basexx lua.http ];
+ installCheckPhase = ''
+ meson test --print-errorlogs
+ '';
+
+ meta = with lib; {
+ description = "Caching validating DNS resolver, from .cz domain registry";
+ homepage = "https://knot-resolver.cz";
+ license = licenses.gpl3Plus;
+ platforms = platforms.unix;
+ maintainers = [ maintainers.vcunat /* upstream developer */ ];
+ };
+};
+
+wrapped-full = runCommand unwrapped.name
+ {
+ nativeBuildInputs = [ makeWrapper ];
+ buildInputs = with luajitPackages; [
+ # For http module, prefill module, trust anchor bootstrap.
+ # It brings lots of deps; some are useful elsewhere (e.g. cqueues).
+ http
+ # psl isn't in nixpkgs yet, but policy.slice_randomize_psl() seems not important.
+ ];
+ preferLocalBuild = true;
+ allowSubstitutes = false;
+ }
+ ''
+ mkdir -p "$out"/bin
+ makeWrapper '${unwrapped}/bin/kresd' "$out"/bin/kresd \
+ --set LUA_PATH "$LUA_PATH" \
+ --set LUA_CPATH "$LUA_CPATH"
+
+ ln -sr '${unwrapped}/share' "$out"/
+ ln -sr '${unwrapped}/lib' "$out"/ # useful in NixOS service
+ ln -sr "$out"/{bin,sbin}
+
+ echo "Checking that 'http' module loads, i.e. lua search paths work:"
+ echo "modules.load('http')" > test-http.lua
+ echo -e 'quit()' | env -i "$out"/bin/kresd -a 127.0.0.1#53535 -c test-http.lua
+ '';
+
+in result
diff --git a/distro/pkg/nix/top-level.nix b/distro/pkg/nix/top-level.nix
new file mode 100644
index 0000000..bdd3360
--- /dev/null
+++ b/distro/pkg/nix/top-level.nix
@@ -0,0 +1,12 @@
+with import <nixpkgs> {};
+
+(callPackage ./. {
+}).overrideAttrs (attrs: {
+ src = ./knot-resolver-{{ version }}.tar.xz;
+
+ # This just breaks in our GitLab CI (not locally and not on hydra.nixos.org)
+ installCheckPhase = ''
+ meson test --print-errorlogs --no-suite snowflake
+ '';
+})
+
diff --git a/distro/pkg/rpm/knot-resolver.spec b/distro/pkg/rpm/knot-resolver.spec
new file mode 100644
index 0000000..0a7e283
--- /dev/null
+++ b/distro/pkg/rpm/knot-resolver.spec
@@ -0,0 +1,384 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+%global _hardened_build 1
+%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}}
+
+%define GPG_CHECK 0
+%define repodir %{_builddir}/%{name}-%{version}
+%define NINJA ninja-build
+
+Name: knot-resolver
+Version: {{ version }}
+Release: cznic.{{ release }}%{?dist}
+Summary: Caching full DNS Resolver
+
+License: GPL-3.0-or-later
+URL: https://www.knot-resolver.cz/
+Source0: knot-resolver-%{version}.tar.xz
+
+# LuaJIT only on these arches
+%if 0%{?rhel} == 7
+# RHEL 7 does not have aarch64 LuaJIT
+ExclusiveArch: %{ix86} x86_64
+%else
+ExclusiveArch: %{arm} aarch64 %{ix86} x86_64
+%endif
+
+%if 0%{GPG_CHECK}
+Source1: knot-resolver-%{version}.tar.xz.asc
+# PGP keys used to sign upstream releases
+# Export with --armor using command from https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures
+# Don't forget to update %%prep section when adding/removing keys
+# This key is from: https://secure.nic.cz/files/knot-resolver/kresd-keyblock.asc
+Source100: kresd-keyblock.asc
+BuildRequires: gnupg2
+%endif
+
+BuildRequires: gcc
+BuildRequires: gcc-c++
+BuildRequires: meson
+BuildRequires: pkgconfig(cmocka)
+BuildRequires: pkgconfig(gnutls)
+BuildRequires: pkgconfig(libedit)
+BuildRequires: pkgconfig(libknot) >= 3.0.2
+BuildRequires: pkgconfig(libzscanner) >= 3.0.2
+BuildRequires: pkgconfig(libdnssec) >= 3.0.2
+BuildRequires: pkgconfig(libnghttp2)
+BuildRequires: pkgconfig(libsystemd)
+BuildRequires: pkgconfig(libcap-ng)
+BuildRequires: pkgconfig(libuv)
+BuildRequires: pkgconfig(luajit) >= 2.0
+BuildRequires: jemalloc-devel
+
+Requires: systemd
+Requires(post): systemd
+
+# dnstap module dependencies
+# SUSE is missing protoc-c protobuf compiler
+%if "x%{?suse_version}" == "x"
+BuildRequires: pkgconfig(libfstrm)
+BuildRequires: pkgconfig(libprotobuf-c)
+%endif
+
+# Distro-dependent dependencies
+%if 0%{?rhel} == 7
+BuildRequires: lmdb-devel
+# Lua 5.1 version of the libraries have different package names
+Requires: lua-basexx
+Requires: lua-psl
+Requires: lua-http
+Requires(pre): shadow-utils
+%endif
+%if 0%{?fedora} || 0%{?rhel} > 7
+BuildRequires: pkgconfig(lmdb)
+BuildRequires: python3-sphinx
+Requires: lua5.1-basexx
+Requires: lua5.1-cqueues
+Requires: lua5.1-http
+Recommends: lua5.1-psl
+Requires(pre): shadow-utils
+%endif
+
+# we do not build HTTP module on SuSE so the build requires is not needed
+%if "x%{?suse_version}" == "x"
+BuildRequires: openssl-devel
+%endif
+
+%if 0%{?suse_version}
+%define NINJA ninja
+BuildRequires: lmdb-devel
+BuildRequires: python3-Sphinx
+Requires(pre): shadow
+%endif
+
+%if "x%{?rhel}" == "x"
+# dependencies for doc package
+# NOTE: doc isn't possible to build on CentOS 7, 8
+# python2-sphinx is too old and python36-breathe is broken on CentOS 7
+# python3-breathe isn't available for CentOS 8 (yet? rhbz#1808766)
+BuildRequires: doxygen
+BuildRequires: python3-breathe
+BuildRequires: python3-sphinx_rtd_theme
+BuildRequires: texinfo
+%endif
+
+%description
+The Knot Resolver is a DNSSEC-enabled caching full resolver implementation
+written in C and LuaJIT, including both a resolver library and a daemon.
+Modular architecture of the library keeps the core tiny and efficient, and
+provides a state-machine like API for extensions.
+
+The package is pre-configured as local caching resolver.
+To start using it, start a single kresd instance:
+$ systemctl start kresd@1.service
+
+%package devel
+Summary: Development headers for Knot Resolver
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description devel
+The package contains development headers for Knot Resolver.
+
+%if "x%{?rhel}" == "x"
+%package doc
+Summary: Documentation for Knot Resolver
+BuildArch: noarch
+Requires: %{name} = %{version}-%{release}
+
+%description doc
+Documentation for Knot Resolver
+%endif
+
+%if "x%{?suse_version}" == "x"
+%package module-dnstap
+Summary: dnstap module for Knot Resolver
+Requires: %{name} = %{version}-%{release}
+
+%description module-dnstap
+dnstap module for Knot Resolver supports logging DNS responses to a unix socket
+in dnstap format using fstrm framing library. This logging is useful if you
+need effectively log all DNS traffic.
+%endif
+
+%if "x%{?suse_version}" == "x"
+%package module-http
+Summary: HTTP module for Knot Resolver
+Requires: %{name} = %{version}-%{release}
+%if 0%{?fedora} || 0%{?rhel} > 7
+Requires: lua5.1-http
+Requires: lua5.1-mmdb
+%else
+Requires: lua-http
+Requires: lua-mmdb
+%endif
+
+%description module-http
+HTTP module for Knot Resolver can serve as API endpoint for other modules or
+provide a web interface for local visualization of the resolver cache and
+queries. It can also serve DNS-over-HTTPS, but it is deprecated in favor of
+native C implementation, which doesn't require this package.
+%endif
+
+%prep
+%if 0%{GPG_CHECK}
+export GNUPGHOME=./gpg-keyring
+mkdir -m 700 ${GNUPGHOME}
+gpg2 --import %{SOURCE100}
+gpg2 --verify %{SOURCE1} %{SOURCE0}
+%endif
+%setup -q -n %{name}-%{version}
+
+%build
+CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" meson build_rpm \
+%if "x%{?rhel}" == "x"
+ -Ddoc=enabled \
+%endif
+ -Dsystemd_files=enabled \
+ -Dclient=enabled \
+%if "x%{?suse_version}" == "x"
+ -Ddnstap=enabled \
+%endif
+ -Dunit_tests=enabled \
+ -Dmanaged_ta=enabled \
+ -Dkeyfile_default="%{_sharedstatedir}/knot-resolver/root.keys" \
+ -Dinstall_root_keys=enabled \
+ -Dinstall_kresd_conf=enabled \
+ -Dmalloc=jemalloc \
+ --buildtype=plain \
+ --prefix="%{_prefix}" \
+ --sbindir="%{_sbindir}" \
+ --libdir="%{_libdir}" \
+ --includedir="%{_includedir}" \
+ --sysconfdir="%{_sysconfdir}" \
+
+%{NINJA} -v -C build_rpm
+%if "x%{?rhel}" == "x"
+%{NINJA} -v -C build_rpm doc
+%endif
+
+%check
+meson test -C build_rpm
+
+%install
+DESTDIR="${RPM_BUILD_ROOT}" %{NINJA} -v -C build_rpm install
+
+# add kresd.target to multi-user.target.wants to support enabling kresd services
+install -m 0755 -d %{buildroot}%{_unitdir}/multi-user.target.wants
+ln -s ../kresd.target %{buildroot}%{_unitdir}/multi-user.target.wants/kresd.target
+
+# remove modules with missing dependencies
+rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/etcd.lua
+
+# remove unused sysusers
+rm %{buildroot}%{_prefix}/lib/sysusers.d/knot-resolver.conf
+
+%if 0%{?suse_version}
+rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/experimental_dot_auth.lua
+rm -r %{buildroot}%{_libdir}/knot-resolver/kres_modules/http
+rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/http*.lua
+rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/prometheus.lua
+%endif
+
+# rename doc directory for centos 7, opensuse
+%if 0%{?suse_version} || 0%{?rhel} == 7
+install -m 755 -d %{buildroot}/%{_pkgdocdir}
+mv %{buildroot}/%{_datadir}/doc/%{name}/* %{buildroot}/%{_pkgdocdir}/
+%endif
+
+%pre
+getent group knot-resolver >/dev/null || groupadd -r knot-resolver
+getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysconfdir}/knot-resolver -s /sbin/nologin -c "Knot Resolver" knot-resolver
+
+%if "x%{?rhel}" == "x"
+# upgrade-4-to-5
+if [ -f %{_unitdir}/kresd.socket ] ; then
+ export UPG_DIR=%{_sharedstatedir}/knot-resolver/.upgrade-4-to-5
+ mkdir -p ${UPG_DIR}
+ touch ${UPG_DIR}/.unfinished
+
+ for sock in kresd.socket kresd-tls.socket kresd-webmgmt.socket kresd-doh.socket ; do
+ if systemctl is-enabled ${sock} 2>/dev/null | grep -qv masked ; then
+ systemctl show ${sock} -p Listen > ${UPG_DIR}/${sock}
+ case "$(systemctl show ${sock} -p BindIPv6Only)" in
+ *ipv6-only)
+ touch ${UPG_DIR}/${sock}.v6only
+ ;;
+ *default)
+ if cat /proc/sys/net/ipv6/bindv6only | grep -q 1 ; then
+ touch ${UPG_DIR}/${sock}.v6only
+ fi
+ ;;
+ esac
+ fi
+ done
+fi
+%endif
+
+
+%post
+# upgrade-4-to-5
+%if "x%{?rhel}" == "x"
+export UPG_DIR=%{_sharedstatedir}/knot-resolver/.upgrade-4-to-5
+if [ -f ${UPG_DIR}/.unfinished ] ; then
+ rm -f ${UPG_DIR}/.unfinished
+ kresd -c %{_libdir}/knot-resolver/upgrade-4-to-5.lua &>/dev/null
+ echo -e "\n !!! WARNING !!!"
+ echo -e "Knot Resolver configuration file requires manual upgrade.\n"
+ cat ${UPG_DIR}/kresd.conf.net 2>/dev/null
+fi
+%endif
+
+# 5.0.1 fix to force restart of kres-cache-gc.service, which was missing in systemd_postun_with_restart
+# TODO: remove once most users upgrade to 5.0.1+
+systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 2 ] ; then
+ systemctl try-restart kres-cache-gc.service >/dev/null 2>&1 || :
+fi
+
+# systemd_post macro is not needed for anything (calls systemctl preset)
+%tmpfiles_create %{_tmpfilesdir}/knot-resolver.conf
+%if "x%{?fedora}" == "x"
+/sbin/ldconfig
+%endif
+
+%preun
+%systemd_preun kres-cache-gc.service kresd.target
+
+%postun
+%systemd_postun_with_restart 'kresd@*.service' kres-cache-gc.service
+%if "x%{?fedora}" == "x"
+/sbin/ldconfig
+%endif
+
+%files
+%dir %{_pkgdocdir}
+%license %{_pkgdocdir}/COPYING
+%doc %{_pkgdocdir}/AUTHORS
+%doc %{_pkgdocdir}/NEWS
+%doc %{_pkgdocdir}/examples
+%dir %{_sysconfdir}/knot-resolver
+%config(noreplace) %{_sysconfdir}/knot-resolver/kresd.conf
+%config(noreplace) %{_sysconfdir}/knot-resolver/root.hints
+%{_sysconfdir}/knot-resolver/icann-ca.pem
+%attr(750,knot-resolver,knot-resolver) %dir %{_sharedstatedir}/knot-resolver
+%attr(640,knot-resolver,knot-resolver) %{_sharedstatedir}/knot-resolver/root.keys
+%{_unitdir}/kresd@.service
+%{_unitdir}/kres-cache-gc.service
+%{_unitdir}/kresd.target
+%dir %{_unitdir}/multi-user.target.wants
+%{_unitdir}/multi-user.target.wants/kresd.target
+%{_mandir}/man7/kresd.systemd.7.gz
+%{_tmpfilesdir}/knot-resolver.conf
+%ghost /run/%{name}
+%ghost %{_localstatedir}/cache/%{name}
+%attr(750,knot-resolver,knot-resolver) %dir %{_libdir}/%{name}
+%{_sbindir}/kresd
+%{_sbindir}/kresc
+%{_sbindir}/kres-cache-gc
+%{_libdir}/libkres.so.*
+%dir %{_libdir}/knot-resolver
+%{_libdir}/knot-resolver/*.so
+%{_libdir}/knot-resolver/*.lua
+%dir %{_libdir}/knot-resolver/kres_modules
+%{_libdir}/knot-resolver/kres_modules/bogus_log.so
+%{_libdir}/knot-resolver/kres_modules/edns_keepalive.so
+%{_libdir}/knot-resolver/kres_modules/extended_error.so
+%{_libdir}/knot-resolver/kres_modules/hints.so
+%{_libdir}/knot-resolver/kres_modules/nsid.so
+%{_libdir}/knot-resolver/kres_modules/refuse_nord.so
+%{_libdir}/knot-resolver/kres_modules/stats.so
+%{_libdir}/knot-resolver/kres_modules/daf
+%{_libdir}/knot-resolver/kres_modules/daf.lua
+%{_libdir}/knot-resolver/kres_modules/detect_time_jump.lua
+%{_libdir}/knot-resolver/kres_modules/detect_time_skew.lua
+%{_libdir}/knot-resolver/kres_modules/dns64.lua
+%if "x%{?suse_version}" == "x"
+%{_libdir}/knot-resolver/kres_modules/experimental_dot_auth.lua
+%endif
+%{_libdir}/knot-resolver/kres_modules/graphite.lua
+%{_libdir}/knot-resolver/kres_modules/policy.lua
+%{_libdir}/knot-resolver/kres_modules/predict.lua
+%{_libdir}/knot-resolver/kres_modules/prefill.lua
+%{_libdir}/knot-resolver/kres_modules/priming.lua
+%{_libdir}/knot-resolver/kres_modules/rebinding.lua
+%{_libdir}/knot-resolver/kres_modules/renumber.lua
+%{_libdir}/knot-resolver/kres_modules/serve_stale.lua
+%{_libdir}/knot-resolver/kres_modules/ta_sentinel.lua
+%{_libdir}/knot-resolver/kres_modules/ta_signal_query.lua
+%{_libdir}/knot-resolver/kres_modules/ta_update.lua
+%{_libdir}/knot-resolver/kres_modules/view.lua
+%{_libdir}/knot-resolver/kres_modules/watchdog.lua
+%{_libdir}/knot-resolver/kres_modules/workarounds.lua
+%{_mandir}/man8/kresd.8.gz
+
+%files devel
+%{_includedir}/libkres
+%{_libdir}/pkgconfig/libkres.pc
+%{_libdir}/libkres.so
+
+%if "x%{?rhel}" == "x"
+%files doc
+%dir %{_pkgdocdir}
+%doc %{_pkgdocdir}/html
+%doc %{_datadir}/info/knot-resolver.info*
+%dir %{_datadir}/info/knot-resolver-figures
+%doc %{_datadir}/info/knot-resolver-figures/*
+%endif
+
+%if "x%{?suse_version}" == "x"
+%files module-dnstap
+%{_libdir}/knot-resolver/kres_modules/dnstap.so
+%endif
+
+%if "x%{?suse_version}" == "x"
+%files module-http
+%{_libdir}/knot-resolver/debug_opensslkeylog.so
+%{_libdir}/knot-resolver/kres_modules/http
+%{_libdir}/knot-resolver/kres_modules/http*.lua
+%{_libdir}/knot-resolver/kres_modules/prometheus.lua
+%endif
+
+%changelog
+* {{ now }} Jakub Ružička <jakub.ruzicka@nic.cz> - {{ version }}-{{ release }}
+- upstream package
+- see NEWS or https://www.knot-resolver.cz/