public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

dns-root-data: init at 2017-06-16

This commit is contained in:
Franz Pletz 2017-06-16 05:11:56 +02:00
parent f5a7ce1317
commit 3bb9954a6b
No known key found for this signature in database
GPG Key ID: 846FDED7792617B4
8 changed files with 57 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
pkgs/data/misc/dns-root-data/default.nix Normal file
View File

@ -0,0 +1,29 @@
{ stdenv, lib, fetchurl }:
let
rootHints = fetchurl {
url = "http://www.internic.net/domain/named.root";
sha256 = "1zf3ydn44z70gq1kd95lvk9cp68xlbl8vqpswqlhd30qafx6v6d1";
};
rootKey = ./root.key;
rootDs = ./root.ds;
in
stdenv.mkDerivation {
name = "dns-root-data-2017-07-11";
buildCommand = ''
mkdir $out
cp ${rootHints} $out/root.hints
cp ${rootKey} $out/root.key
cp ${rootDs} $out/root.ds
'';
meta = with lib; {
description = "DNS root data including root zone and DNSSEC key";
maintainers = with maintainers; [ fpletz ];
};
}

3
pkgs/data/misc/dns-root-data/root.ds Normal file
View File

@ -0,0 +1,3 @@
; created by unbound-anchor on Tue Jul 11 23:48:16 2017
. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D

2
pkgs/data/misc/dns-root-data/root.key Normal file
View File

@ -0,0 +1,2 @@
. 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=1 [ ADDPEND ]
. 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=2 [ VALID ]

9
pkgs/data/misc/dns-root-data/update-root-key.sh Executable file
View File

@ -0,0 +1,9 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p busybox unbound
TMP=`mktemp`
unbound-anchor -a $TMP
grep -Ev "^($$|;)" $TMP | sed -e 's/ ;;count=.*//' > root.key
rm $TMP
unbound-anchor -F -a root.ds

4
pkgs/development/libraries/gnutls/generic.nix
View File

@ -1,6 +1,7 @@
{ lib, fetchurl, stdenv, zlib, lzo, libtasn1, nettle, pkgconfig, lzip { lib, fetchurl, stdenv, zlib, lzo, libtasn1, nettle, pkgconfig, lzip
, guileBindings, guile, perl, gmp, autogen, libidn, p11_kit, libiconv , guileBindings, guile, perl, gmp, autogen, libidn, p11_kit, libiconv
, tpmSupport ? false, trousers, which, nettools, libunistring , tpmSupport ? false, trousers, which, nettools, libunistring
, unbound, dns-root-data
# Version dependent args # Version dependent args
, version, src, patches ? [], postPatch ? "", nativeBuildInputs ? [] , version, src, patches ? [], postPatch ? "", nativeBuildInputs ? []
@ -32,12 +33,13 @@ stdenv.mkDerivation {
++ [ ++ [
"--disable-dependency-tracking" "--disable-dependency-tracking"
"--enable-fast-install" "--enable-fast-install"
"--with-unbound-root-key-file=${dns-root-data}/root.key"
] ++ lib.optional guileBindings ] ++ lib.optional guileBindings
[ "--enable-guile" "--with-guile-site-dir=\${out}/share/guile/site" ]; [ "--enable-guile" "--with-guile-site-dir=\${out}/share/guile/site" ];
enableParallelBuilding = true; enableParallelBuilding = true;
buildInputs = [ lzo lzip libtasn1 libidn p11_kit zlib gmp autogen libunistring ] buildInputs = [ lzo lzip libtasn1 libidn p11_kit zlib gmp autogen libunistring unbound ]
++ lib.optional (stdenv.isFreeBSD || stdenv.isDarwin) libiconv ++ lib.optional (stdenv.isFreeBSD || stdenv.isDarwin) libiconv
++ lib.optional (tpmSupport && stdenv.isLinux) trousers ++ lib.optional (tpmSupport && stdenv.isLinux) trousers
++ lib.optional guileBindings guile ++ lib.optional guileBindings guile

9
pkgs/development/libraries/ldns/default.nix
View File

@ -1,4 +1,4 @@
{stdenv, fetchurl, openssl, perl}: {stdenv, fetchurl, openssl, perl, dns-root-data}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "ldns"; pname = "ldns";
@ -20,7 +20,12 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ perl ]; nativeBuildInputs = [ perl ];
buildInputs = [ openssl ]; buildInputs = [ openssl ];
configureFlags = [ "--with-ssl=${openssl.dev}" "--with-drill"]; configureFlags = [
"--with-ssl=${openssl.dev}"
"--with-trust-anchor=${dns-root-data}/root.key"
"--with-drill"
"--disable-gost"
];
postInstall = '' postInstall = ''
moveToOutput "bin/ldns-config" "$dev" moveToOutput "bin/ldns-config" "$dev"

3
pkgs/tools/networking/unbound/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, openssl, nettle, expat, libevent }: { stdenv, fetchurl, openssl, nettle, expat, libevent, dns-root-data }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "unbound-${version}"; name = "unbound-${version}";
@ -20,6 +20,7 @@ stdenv.mkDerivation rec {
"--localstatedir=/var" "--localstatedir=/var"
"--sysconfdir=/etc" "--sysconfdir=/etc"
"--sbindir=\${out}/bin" "--sbindir=\${out}/bin"
"--with-rootkey-file=${dns-root-data}/root.key"
"--enable-pie" "--enable-pie"
"--enable-relro-now" "--enable-relro-now"
]; ];

2
pkgs/top-level/all-packages.nix
View File

@ -12807,6 +12807,8 @@ with pkgs;
dina-font-pcf = callPackage ../data/fonts/dina-pcf { }; dina-font-pcf = callPackage ../data/fonts/dina-pcf { };
dns-root-data = callPackage ../data/misc/dns-root-data { };
docbook5 = callPackage ../data/sgml+xml/schemas/docbook-5.0 { }; docbook5 = callPackage ../data/sgml+xml/schemas/docbook-5.0 { };
docbook_sgml_dtd_31 = callPackage ../data/sgml+xml/schemas/sgml-dtd/docbook/3.1.nix { }; docbook_sgml_dtd_31 = callPackage ../data/sgml+xml/schemas/sgml-dtd/docbook/3.1.nix { };