knot-resolver: 3.2.1 -> 4.0.0

https://lists.nic.cz/pipermail/knot-resolver-users/2019/000136.html

Similar commit worked fine for me, including the nixos service.
I'd like to still improve the service to support easy passing of sockets
to http module.

nixos/modules/services/networking/kresd.nix

@@ -80,8 +80,11 @@ in
         # Syntax depends on being IPv6 or IPv4.
         (iface: if elem ":" (stringToCharacters iface) then "[${iface}]:53" else "${iface}:53")
         cfg.interfaces;
-      socketConfig.ListenDatagram = listenStreams;
+      socketConfig = {
-      socketConfig.FreeBind = true;
+        ListenDatagram = listenStreams;
+        FreeBind = true;
+        FileDescriptorName = "dns";
+      };
     };
 
     systemd.sockets.kresd-tls = mkIf (cfg.listenTLS != []) rec {

pkgs/servers/dns/knot-resolver/default.nix

@@ -1,68 +1,70 @@
-{ stdenv, fetchurl, fetchpatch, runCommand, pkgconfig, hexdump, which
+{ stdenv, fetchurl
-, knot-dns, luajit, libuv, lmdb, gnutls, nettle
+# native deps.
-, cmocka, systemd, dns-root-data, makeWrapper
+, runCommand, pkgconfig, meson, ninja, makeWrapper
+# build+runtime deps.
+, knot-dns, luajitPackages, libuv, gnutls, lmdb, systemd, dns-root-data
+# test-only deps.
+, cmocka, which, cacert
 , extraFeatures ? false /* catch-all if defaults aren't enough */
-, luajitPackages
 }:
 let # un-indented, over the whole file
 
 result = if extraFeatures then wrapped-full else unwrapped;
 
-inherit (stdenv.lib) optional;
+inherit (stdenv.lib) optional optionals concatStringsSep;
+lua = luajitPackages;
+
+# FIXME: remove these usages once resolving
+# https://github.com/NixOS/nixpkgs/pull/63108#issuecomment-508670438
+exportLuaPathsFor = luaPkgs: ''
+  export LUA_PATH='${ concatStringsSep ";" (map lua.getLuaPath  luaPkgs)}'
+  export LUA_CPATH='${concatStringsSep ";" (map lua.getLuaCPath luaPkgs)}'
+'';
 
 unwrapped = stdenv.mkDerivation rec {
   name = "knot-resolver-${version}";
-  version = "3.2.1";
+  version = "4.0.0";
 
   src = fetchurl {
     url = "https://secure.nic.cz/files/knot-resolver/${name}.tar.xz";
-    sha256 = "d1396888ec3a63f19dccdf2b7dbcb0d16a5d8642766824b47f4c21be90ce362b";
+    sha256 = "37161d931e64535ce38c33b9635f06a43cd1541945bf2c79a55e37f230de1631";
   };
 
-  patches = [
-    (fetchpatch {
-      name = "support-libzscanner-2.8.diff";
-      url = "https://gitlab.labs.nic.cz/knot/knot-resolver/commit/186f263.diff";
-      sha256 = "19zqigvc7m2a4j6bk9whx7gj0v009568rz5qwk052z7pzfikr8mk";
-    })
-  ];
-
-  # Short-lived cross fix, as upstream is migrating to meson anyway.
-  postPatch = ''
-    substituteInPlace platform.mk --replace "objdump" "$OBJDUMP"
-  '';
-
   outputs = [ "out" "dev" ];
 
-  configurePhase = "patchShebangs scripts/";
+  preConfigure = ''
+    patchShebangs scripts/
+  ''
+    + stdenv.lib.optionalString doInstallCheck (exportLuaPathsFor [ lua.cqueues lua.basexx ]);
 
-  nativeBuildInputs = [ pkgconfig which hexdump ];
+  nativeBuildInputs = [ pkgconfig meson ninja ];
 
   # http://knot-resolver.readthedocs.io/en/latest/build.html#requirements
-  buildInputs = [ knot-dns luajit libuv gnutls nettle lmdb ]
+  buildInputs = [ knot-dns lua.lua libuv gnutls lmdb ]
-    ++ optional stdenv.isLinux systemd # sd_notify
+    ++ optional stdenv.isLinux systemd # passing sockets, sd_notify
     ## optional dependencies; TODO: libedit, dnstap
     ;
 
-  checkInputs = [ cmocka ];
+  mesonFlags = [
-
+    "-Dkeyfile_default=${dns-root-data}/root.ds"
-  makeFlags = [
+    "-Droot_hints=${dns-root-data}/root.hints"
-    "PREFIX=$(out)"
+    "-Dinstall_kresd_conf=disabled" # not really useful; examples are inside share/doc/
-    "ROOTHINTS=${dns-root-data}/root.hints"
+    "--default-library=static" # not used by anyone
-    "KEYFILE_DEFAULT=${dns-root-data}/root.ds"
+  ]
+  ++ optionals doInstallCheck [
+    "-Dunit_tests=enabled"
+    "-Dconfig_tests=enabled"
+    #"-Dextra_tests=enabled" # not suitable as in-distro tests; many deps, too.
   ];
-  CFLAGS = [ "-O2" "-DNDEBUG" ];
-
-  enableParallelBuilding = true;
-
-  doCheck = true;
-  doInstallCheck = false; # FIXME
-  preInstallCheck = ''
-    patchShebangs tests/config/runtest.sh
-  '';
 
   postInstall = ''
-    rm "$out"/etc/knot-resolver/root.hints # using system-wide instead
+    rm "$out"/lib/libkres.a
+  '';
+
+  doInstallCheck = stdenv.hostPlatform == stdenv.buildPlatform;
+  installCheckInputs = [ cmocka which cacert ];
+  installCheckPhase = ''
+    meson test --print-errorlogs
   '';
 
   meta = with stdenv.lib; {
@@ -93,11 +95,12 @@ wrapped-full =
     preferLocalBuild = true;
     allowSubstitutes = false;
   }
-  ''
+  (exportLuaPathsFor luaPkgs
+  + ''
     mkdir -p "$out"/{bin,share}
     makeWrapper '${unwrapped}/bin/kresd' "$out"/bin/kresd \
-      --set LUA_PATH  '${concatStringsSep ";" (map getLuaPath  luaPkgs)}' \
+      --set LUA_PATH  "$LUA_PATH" \
-      --set LUA_CPATH '${concatStringsSep ";" (map getLuaCPath luaPkgs)}'
+      --set LUA_CPATH "$LUA_CPATH"
 
     ln -sr '${unwrapped}/share/man' "$out"/share/
     ln -sr "$out"/{bin,sbin}
@@ -105,6 +108,6 @@ wrapped-full =
     echo "Checking that 'http' module loads, i.e. lua search paths work:"
     echo "modules.load('http')" > test-http.lua
     echo -e 'quit()' | env -i "$out"/bin/kresd -a 127.0.0.1#53535 -c test-http.lua
-  '';
+  '');
 
 in result