aboutsummaryrefslogtreecommitdiffstats
path: root/community/knot-resolver/APKBUILD
blob: ad63c27305066562792495bdbeda4e1863e5f507 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: tcely <knot-resolver+aports@tcely.33mail.com>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=knot-resolver
pkgver=5.2.1
pkgrel=0
pkgdesc="Minimalistic caching DNS resolver implementation"
url="https://www.knot-resolver.cz/"
arch="all !x86 !armhf !armv7"  # limited by knot
license="GPL-3.0-or-later"
pkgusers="kresd"
pkggroups="kresd"
depends="dns-root-hints dnssec-root lua5.1-cqueues lua5.1-http"
_depends_dnstap="$pkgname=$pkgver-r$pkgrel"
_depends_http="$pkgname=$pkgver-r$pkgrel lua5.1-mmdb"
_depends_dnstap_dev="fstrm-dev protobuf-dev protobuf-c-dev"
depends_dev="
	knot-dev>=2.8.0
	libedit-dev
	libuv-dev>=1.7
	luajit-dev>=2.0
	$_depends_dnstap_dev
	"
depends_static="$pkgname-dev=$pkgver-r$pkgrel"
makedepends="
	$depends_dev
	bash
	cmake
	gnutls-dev
	libcap
	libcap-ng-dev
	lmdb-dev
	luacheck
	meson>=0.46
	ninja
	pkgconf
	py3-flake8
	"
checkdepends="cmocka-dev"
install="
	$pkgname.pre-install
	$pkgname.post-upgrade
	$pkgname-openrc.pre-upgrade
	$pkgname-openrc.post-upgrade
	"
subpackages="
	$pkgname-mod-http:http:noarch
	$pkgname-mod-dnstap:dnstap
	$pkgname-libs-static
	$pkgname-dev
	$pkgname-dbg
	$pkgname-doc
	$pkgname-openrc
	"
source="https://secure.nic.cz/files/knot-resolver/knot-resolver-$pkgver.tar.xz
	kresd.confd
	kresd.initd
	kres-cache-gc.initd
	kres-cache-gc.confd
	"

# secfixes:
#   5.1.1-r0:
#     - CVE-2020-12667
#   4.3.0-r0:
#     - CVE-2019-19331
#   4.1.0-r0:
#     - CVE-2019-10190
#     - CVE-2019-10191
#   2.3.0-r0:
#     - CVE-2018-1110

build() {
	# strict-aliasing breaks stats module - variable "sa" in stats.c:495 is 0x0.
	# (https://gitlab.labs.nic.cz/knot/knot-resolver/blob/v4.2.2/modules/stats/stats.c#L495)
	export CFLAGS="$CFLAGS -fno-strict-aliasing"

	abuild-meson \
		--default-library=both \
		-Dclient=enabled \
		-Dgroup="$pkggroups" \
		-Dinstall_kresd_conf=enabled \
		-Dunit_tests=enabled \
		-Duser="$pkgusers" \
		-Droot_hints=/usr/share/dns-root-hints/named.root \
		-Dmanaged_ta=disabled \
		-Dkeyfile_default=/usr/share/dnssec-root/trusted-key.key \
		build

	meson compile ${JOBS:+-j ${JOBS}} -C build
}

check() {
	meson test -C build
}

package() {
	DESTDIR="$pkgdir" meson install --no-rebuild -C build

	cd "$pkgdir"

	# net_bind_service - required to bind to well-known ports
	# setpcap - when available, resd drops any extra privileges after the
	#   daemon successfully start
	setcap 'cap_net_bind_service,cap_setpcap=+ep' ./usr/sbin/kresd

	# These are useless on non-systemd distro.
	rm ./usr/lib/knot-resolver/distro-preconfig.lua
	rm ./usr/lib/knot-resolver/upgrade-4-to-5.lua

	install -m 755 -D "$srcdir"/kresd.initd ./etc/init.d/kresd
	install -m 644 -D "$srcdir"/kresd.confd ./etc/conf.d/kresd
	install -m 755 -D "$srcdir"/kres-cache-gc.initd ./etc/init.d/kres-cache-gc
	install -m 644 -D "$srcdir"/kres-cache-gc.confd ./etc/conf.d/kres-cache-gc

	install -d -m 750 -o kresd -g kresd ./var/cache/knot-resolver
}

http() {
	pkgdesc="Knot Resolver - HTTP/2 services"
	depends="$_depends_http"

	local moddir="usr/lib/$pkgname/kres_modules"

	mkdir -p "$subpkgdir"/$moddir
	mv "$pkgdir"/$moddir/http* "$subpkgdir"/$moddir/
}

dnstap() {
	pkgdesc="Knot Resolver - dnstap logging"
	depends="$_depends_dnstap"

	local moddir="usr/lib/$pkgname/kres_modules"

	mkdir -p "$subpkgdir"/$moddir
	mv "$pkgdir"/$moddir/dnstap.so "$subpkgdir"/$moddir/
}

_gpg_signature_extensions="asc"
_gpgfingerprints="
	good:BE26 EBB9 CBE0 59B3 910C  A35B CE8D D6A1 A50A 21E4
	good:4A8B A48C 2AED 933B D495  C509 A1FB A5F7 EF8C 4869
	B600 6460 B60A 80E7 8206  2449 E747 DF1F 9575 A3AA
	"

sha512sums="cf5bf5d6cdd336a0bc2fedc70730f58c31f79a37bccda46b3d45e4a34a79851e517445c427d3bb625ad6d2ad9f104e3176c04969bd44ee717457f5738937050c  knot-resolver-5.2.1.tar.xz
3df654ade6d8d0f584425090cae038e2ab67e99748f33a936f9401f2ac91b3364a3db34d9b16468a13909530b23665318ab9046e363cf0efd0a9f1e0b4678a96  kresd.confd
7c5ec1c90e90dc5b603cc6ce718ef858ee44aca38100d97d1e346cd74f3f41a0fc9dd2260938741c5c9a880031dc5eee1430d187ca47675fc41ef2c92619197d  kresd.initd
a1e4af78ad8df36feb41619ac63aa8505cb68b434a3e01c8929f69759f5a6abe9667a6d5738928ff67daaccab58e5fecd49ce4ff439674f1e073982042a907fd  kres-cache-gc.initd
ad017f54aaa214862a67c8242efe9fa56dc66a8ac0012cc0f4eb981d6fd631b250378602f8f5af9916fff071d9a60d1e588e07458f8d891d19787c3b5d48cdb5  kres-cache-gc.confd"