diff --git a/nixos/modules/services/networking/kresd.nix b/nixos/modules/services/networking/kresd.nix index ca34ff9df4e..fc516c01230 100644 --- a/nixos/modules/services/networking/kresd.nix +++ b/nixos/modules/services/networking/kresd.nix @@ -80,8 +80,11 @@ in # Syntax depends on being IPv6 or IPv4. (iface: if elem ":" (stringToCharacters iface) then "[${iface}]:53" else "${iface}:53") cfg.interfaces; - socketConfig.ListenDatagram = listenStreams; - socketConfig.FreeBind = true; + socketConfig = { + ListenDatagram = listenStreams; + FreeBind = true; + FileDescriptorName = "dns"; + }; }; systemd.sockets.kresd-tls = mkIf (cfg.listenTLS != []) rec { diff --git a/pkgs/servers/dns/knot-resolver/default.nix b/pkgs/servers/dns/knot-resolver/default.nix index ce84bb7cb41..34791cfdd71 100644 --- a/pkgs/servers/dns/knot-resolver/default.nix +++ b/pkgs/servers/dns/knot-resolver/default.nix @@ -1,76 +1,77 @@ -{ stdenv, fetchurl, fetchpatch, runCommand, pkgconfig, hexdump, which -, knot-dns, luajit, libuv, lmdb, gnutls, nettle -, cmocka, systemd, dns-root-data, makeWrapper +{ stdenv, fetchurl +# native deps. +, runCommand, pkgconfig, meson, ninja, makeWrapper +# build+runtime deps. +, knot-dns, luajitPackages, libuv, gnutls, lmdb, systemd, dns-root-data +# test-only deps. +, cmocka, which, cacert , extraFeatures ? false /* catch-all if defaults aren't enough */ -, luajitPackages }: let # un-indented, over the whole file result = if extraFeatures then wrapped-full else unwrapped; -inherit (stdenv.lib) optional; +inherit (stdenv.lib) optional optionals concatStringsSep; +lua = luajitPackages; + +# FIXME: remove these usages once resolving +# https://github.com/NixOS/nixpkgs/pull/63108#issuecomment-508670438 +exportLuaPathsFor = luaPkgs: '' + export LUA_PATH='${ concatStringsSep ";" (map lua.getLuaPath luaPkgs)}' + export LUA_CPATH='${concatStringsSep ";" (map lua.getLuaCPath luaPkgs)}' +''; unwrapped = stdenv.mkDerivation rec { name = "knot-resolver-${version}"; - version = "3.2.1"; + version = "4.1.0"; src = fetchurl { url = "https://secure.nic.cz/files/knot-resolver/${name}.tar.xz"; - sha256 = "d1396888ec3a63f19dccdf2b7dbcb0d16a5d8642766824b47f4c21be90ce362b"; + sha256 = "2fe470f9bb1007667cdd448f758087244b7195a0234c2b100a9beeed0a2d3e68"; }; - patches = [ - (fetchpatch { - name = "support-libzscanner-2.8.diff"; - url = "https://gitlab.labs.nic.cz/knot/knot-resolver/commit/186f263.diff"; - sha256 = "19zqigvc7m2a4j6bk9whx7gj0v009568rz5qwk052z7pzfikr8mk"; - }) - ]; - - # Short-lived cross fix, as upstream is migrating to meson anyway. - postPatch = '' - substituteInPlace platform.mk --replace "objdump" "$OBJDUMP" - ''; - outputs = [ "out" "dev" ]; - configurePhase = "patchShebangs scripts/"; + preConfigure = '' + patchShebangs scripts/ + '' + + stdenv.lib.optionalString doInstallCheck (exportLuaPathsFor [ lua.cqueues lua.basexx ]); - nativeBuildInputs = [ pkgconfig which hexdump ]; + nativeBuildInputs = [ pkgconfig meson ninja ]; # http://knot-resolver.readthedocs.io/en/latest/build.html#requirements - buildInputs = [ knot-dns luajit libuv gnutls nettle lmdb ] - ++ optional stdenv.isLinux systemd # sd_notify + buildInputs = [ knot-dns lua.lua libuv gnutls lmdb ] + ++ optional stdenv.isLinux systemd # passing sockets, sd_notify ## optional dependencies; TODO: libedit, dnstap ; - checkInputs = [ cmocka ]; - - makeFlags = [ - "PREFIX=$(out)" - "ROOTHINTS=${dns-root-data}/root.hints" - "KEYFILE_DEFAULT=${dns-root-data}/root.ds" - ]; - CFLAGS = [ "-O2" "-DNDEBUG" ]; - - enableParallelBuilding = true; - - doCheck = true; - doInstallCheck = false; # FIXME - preInstallCheck = '' - patchShebangs tests/config/runtest.sh - ''; + mesonFlags = [ + "-Dkeyfile_default=${dns-root-data}/root.ds" + "-Droot_hints=${dns-root-data}/root.hints" + "-Dinstall_kresd_conf=disabled" # not really useful; examples are inside share/doc/ + "--default-library=static" # not used by anyone + ] + ++ optional doInstallCheck "-Dunit_tests=enabled" + ++ optional (doInstallCheck && !stdenv.isDarwin) "-Dconfig_tests=enabled" + #"-Dextra_tests=enabled" # not suitable as in-distro tests; many deps, too. + ; postInstall = '' - rm "$out"/etc/knot-resolver/root.hints # using system-wide instead + rm "$out"/lib/libkres.a + ''; + + # aarch64: see https://github.com/wahern/cqueues/issues/223 + doInstallCheck = with stdenv; hostPlatform == buildPlatform && !hostPlatform.isAarch64; + installCheckInputs = [ cmocka which cacert ]; + installCheckPhase = '' + meson test --print-errorlogs ''; meta = with stdenv.lib; { description = "Caching validating DNS resolver, from .cz domain registry"; homepage = https://knot-resolver.cz; license = licenses.gpl3Plus; - # Platforms using negative pointers for stack won't work ATM due to LuaJIT impl. - platforms = filter (p: p != "aarch64-linux") platforms.unix; + platforms = platforms.unix; maintainers = [ maintainers.vcunat /* upstream developer */ ]; }; }; @@ -93,11 +94,12 @@ wrapped-full = preferLocalBuild = true; allowSubstitutes = false; } - '' + (exportLuaPathsFor luaPkgs + + '' mkdir -p "$out"/{bin,share} makeWrapper '${unwrapped}/bin/kresd' "$out"/bin/kresd \ - --set LUA_PATH '${concatStringsSep ";" (map getLuaPath luaPkgs)}' \ - --set LUA_CPATH '${concatStringsSep ";" (map getLuaCPath luaPkgs)}' + --set LUA_PATH "$LUA_PATH" \ + --set LUA_CPATH "$LUA_CPATH" ln -sr '${unwrapped}/share/man' "$out"/share/ ln -sr "$out"/{bin,sbin} @@ -105,6 +107,6 @@ wrapped-full = echo "Checking that 'http' module loads, i.e. lua search paths work:" echo "modules.load('http')" > test-http.lua echo -e 'quit()' | env -i "$out"/bin/kresd -a 127.0.0.1#53535 -c test-http.lua - ''; + ''); in result