* [bug#27419] [PATCH] gnu: Add unbound. @ 2017-06-18 12:51 Gregor Giesen 2017-06-19 12:14 ` Ludovic Courtès 0 siblings, 1 reply; 6+ messages in thread From: Gregor Giesen @ 2017-06-18 12:51 UTC (permalink / raw) To: 27419 [-- Attachment #1: Type: text/plain, Size: 79 bytes --] Hi, I have added 'unbound', a recurse only caching DNS server. Best, Gregor [-- Attachment #2: 0001-gnu-Add-unbound.patch --] [-- Type: text/plain, Size: 6820 bytes --] From fac67e33fe0501ddcad3a1e75f20b4954f36834b Mon Sep 17 00:00:00 2001 From: Gregor Giesen <giesen@zaehlwerk.net> Date: Sun, 18 Jun 2017 14:27:34 +0200 Subject: [PATCH 1/1] gnu: Add unbound. * gnu/packages/dns.scm (unbound): New variable. --- gnu/packages/dns.scm | 146 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 146 insertions(+) diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm index 2e4d8fd18..d0d8319ce 100644 --- a/gnu/packages/dns.scm +++ b/gnu/packages/dns.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com> +;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net> ;;; ;;; This file is part of GNU Guix. ;;; @@ -31,6 +32,7 @@ #:use-module (gnu packages databases) #:use-module (gnu packages crypto) #:use-module (gnu packages datastructures) + #:use-module (gnu packages flex) #:use-module (gnu packages glib) #:use-module (gnu packages groff) #:use-module (gnu packages groff) @@ -42,12 +44,16 @@ #:use-module (gnu packages nettle) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages protobuf) + #:use-module (gnu packages python) + #:use-module (gnu packages swig) #:use-module (gnu packages tls) #:use-module (gnu packages web) #:use-module (gnu packages xml) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix utils) #:use-module (guix build-system gnu)) (define-public dnsmasq @@ -275,6 +281,146 @@ asynchronous fashion.") (license:non-copyleft "file://LICENSE") ; includes.h license:openssl)))) +(define-public unbound + (package + (name "unbound") + (version "1.6.3") + (source + (origin + (method url-fetch) + (uri (string-append "https://www.unbound.net/downloads/unbound-" + version ".tar.gz")) + (sha256 + (base32 + "0pw4m4z5qspsagxzbjb61xq5bhd57amw26xqvqzi6b8d3mf6azjc")))) + (build-system gnu-build-system) + (outputs '("out" "python")) + (inputs + `(("expat" ,expat) + ("flex" ,flex) + ("libevent" ,libevent) + ("protobuf" ,protobuf) + ("python" ,python-3) + ("python-wrapper" ,python-wrapper) + ("openssl" ,openssl) + ("swig" ,swig))) + (arguments + `(#:configure-flags + (list (string-append + "--with-ssl=" (assoc-ref %build-inputs "openssl")) + (string-append + "--with-libevent=" (assoc-ref %build-inputs "libevent")) + (string-append + "--with-libexpat=" (assoc-ref %build-inputs "expat")) + "--with-pythonmodule" "--with-pyunbound") + #:phases + (modify-phases + %standard-phases + (add-after 'configure 'fix-python-site-package-path + ;; Move python modules into their own output. + (lambda* (#:key outputs #:allow-other-keys) + (let ((pyout (assoc-ref outputs "python")) + (ver ,(version-major+minor (package-version python)))) + (substitute* "Makefile" + (("^PYTHON_SITE_PKG=.*$") + (string-append + "PYTHON_SITE_PKG=" + pyout "/lib/python-" ver "/site-packages\n")))))) + (add-before 'check 'fix-missing-nss-for-tests + (lambda* (#:key inputs outputs #:allow-other-keys) + (use-modules (guix build utils)) + (let* ((source (assoc-ref %build-inputs "source")) + (gcc (assoc-ref %build-inputs "gcc"))) + (call-with-output-file "/tmp/nss_preload.c" + (lambda (port) + (display "#include <stdlib.h> +#include <string.h> +#include <strings.h> + +#include <netdb.h> + +struct protoent *getprotobyname(const char *name) { + struct protoent *p = malloc(sizeof(struct protoent)); + p->p_aliases = malloc(sizeof(char*)); + if (strcasecmp(name, \"tcp\") == 0) { + p->p_name = \"tcp\"; + p->p_proto = 6; + p->p_aliases[0] = \"TCP\"; + } else if (strcasecmp(name, \"udp\") == 0) { + p->p_name = \"udp\"; + p->p_proto = 17; + p->p_aliases[0] = \"UDP\"; + } else + p = NULL; + return p; +} + +struct protoent *getprotobynumber(int proto) { + struct protoent *p = malloc(sizeof(struct protoent)); + p->p_aliases = malloc(sizeof(char*)); + switch(proto) { + case 6: + p->p_name = \"tcp\"; + p->p_proto = 6; + p->p_aliases[0] = \"TCP\"; + break; + case 17: + p->p_name = \"udp\"; + p->p_proto = 17; + p->p_aliases[0] = \"UDP\"; + break; + default: + p = NULL; + break; + } + return p; +} + +struct servent *getservbyname(const char *name, const char *proto) { + struct servent *s = malloc(sizeof(struct servent)); + char* buf = malloc((strlen(proto)+1)*sizeof(char)); + strcpy(buf, proto); + s->s_aliases = malloc(sizeof(char*)); + s->s_aliases[0] = NULL; + if (strcasecmp(name, \"domain\") == 0) { + s->s_name = \"domain\"; + s->s_port = htons(53); + s->s_proto = buf; + } else + s = NULL; + return s; +} + +struct servent *getservbyport(int port, const char *proto) { + char buf[32]; + struct servent *s = malloc(sizeof(struct servent)); + strcpy(buf, proto); + s->s_aliases = malloc(sizeof(char*)); + s->s_aliases[0] = NULL; + switch(port) { + case 53: + s->s_name = \"domain\"; + s->s_port = 53; + s->s_proto = \"udp\"; + break; + default: + s = NULL; + break; + } + return s; +}" port))) + (system* (string-append gcc "/bin/gcc") + "-shared" "-fPIC" "-o" "/tmp/nss_preload.so" + "/tmp/nss_preload.c") + (substitute* "Makefile" + (("./unittest") + "LD_PRELOAD=/tmp/nss_preload.so ./unittest")))))))) + (home-page "https://www.unbound.net") + (synopsis "Validating, recursive, and caching DNS resolver") + (description + "Unbound is a recursive-only caching DNS server which can perform DNSSEC validation of results. It implements only a minimal amount of authoritative service to prevent leakage to the root nameservers: forward lookups for localhost, reverse for 127.0.0.1 and ::1, and NXDOMAIN for zones served by AS112. Stub and forward zones are supported.") + (license license:bsd-3))) + (define-public yadifa (package (name "yadifa") -- 2.13.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#27419] [PATCH] gnu: Add unbound. 2017-06-18 12:51 [bug#27419] [PATCH] gnu: Add unbound Gregor Giesen @ 2017-06-19 12:14 ` Ludovic Courtès 2017-06-19 16:38 ` Gregor Giesen 0 siblings, 1 reply; 6+ messages in thread From: Ludovic Courtès @ 2017-06-19 12:14 UTC (permalink / raw) To: Gregor Giesen; +Cc: 27419 Hi Gregor, Gregor Giesen <giesen@zaehlwerk.net> skribis: > From fac67e33fe0501ddcad3a1e75f20b4954f36834b Mon Sep 17 00:00:00 2001 > From: Gregor Giesen <giesen@zaehlwerk.net> > Date: Sun, 18 Jun 2017 14:27:34 +0200 > Subject: [PATCH 1/1] gnu: Add unbound. > > * gnu/packages/dns.scm (unbound): New variable. Nice! Overall LGTM, so I’m commenting on minor issues: > + (outputs '("out" "python")) > + (inputs > + `(("expat" ,expat) > + ("flex" ,flex) > + ("libevent" ,libevent) > + ("protobuf" ,protobuf) > + ("python" ,python-3) > + ("python-wrapper" ,python-wrapper) > + ("openssl" ,openssl) > + ("swig" ,swig))) I think SWIG should go to ‘native-inputs’ because it’s only used at build time. > + (modify-phases > + %standard-phases I would make this a single line. :-) > + (add-after 'configure 'fix-python-site-package-path > + ;; Move python modules into their own output. > + (lambda* (#:key outputs #:allow-other-keys) > + (let ((pyout (assoc-ref outputs "python")) > + (ver ,(version-major+minor (package-version python)))) > + (substitute* "Makefile" > + (("^PYTHON_SITE_PKG=.*$") > + (string-append > + "PYTHON_SITE_PKG=" > + pyout "/lib/python-" ver "/site-packages\n")))))) Please make sure the phase explicitly returns #t to indicate success. > + (add-before 'check 'fix-missing-nss-for-tests > + (lambda* (#:key inputs outputs #:allow-other-keys) > + (use-modules (guix build utils)) The ‘use-modules’ line is not needed. > + (let* ((source (assoc-ref %build-inputs "source")) > + (gcc (assoc-ref %build-inputs "gcc"))) > + (call-with-output-file "/tmp/nss_preload.c" > + (lambda (port) > + (display "#include <stdlib.h> As discussed on help-guix, I would prefer using ‘substitute*’ to modify all the unit tests. That would reduce complexity and be potentially more robust. Does that sound feasible without much hassle? > + (substitute* "Makefile" > + (("./unittest") > + "LD_PRELOAD=/tmp/nss_preload.so ./unittest")))))))) Also return #t. > + (home-page "https://www.unbound.net") > + (synopsis "Validating, recursive, and caching DNS resolver") > + (description > + "Unbound is a recursive-only caching DNS server which can perform DNSSEC validation of results. It implements only a minimal amount of authoritative service to prevent leakage to the root nameservers: forward lookups for localhost, reverse for 127.0.0.1 and ::1, and NXDOMAIN for zones served by AS112. Stub and forward zones are supported.") Please wrap lines to 80 chars as ‘guix lint’ should suggest. Also you can write @code{127.0.0.1} and @code{::1}. That’s it, thank you for this first package! Ludo’. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#27419] [PATCH] gnu: Add unbound. 2017-06-19 12:14 ` Ludovic Courtès @ 2017-06-19 16:38 ` Gregor Giesen 2017-06-20 20:08 ` bug#27419: " Ludovic Courtès 0 siblings, 1 reply; 6+ messages in thread From: Gregor Giesen @ 2017-06-19 16:38 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 27419 [-- Attachment #1: Type: text/plain, Size: 1433 bytes --] Dear Ludo’, many thanks for the feedback! I have fixed the minor issues you mentioned. On Mon, Jun 19, 2017 at 02:14:29PM +0200, Ludovic Courtès wrote: > > + (outputs '("out" "python")) > > + (inputs > > + `(("expat" ,expat) > > + ("flex" ,flex) > > + ("libevent" ,libevent) > > + ("protobuf" ,protobuf) > > + ("python" ,python-3) > > + ("python-wrapper" ,python-wrapper) > > + ("openssl" ,openssl) > > + ("swig" ,swig))) > > I think SWIG should go to ‘native-inputs’ because it’s only used at > build time. Right, and I also moved ‘flex’ there. > > + (let* ((source (assoc-ref %build-inputs "source")) > > + (gcc (assoc-ref %build-inputs "gcc"))) > > + (call-with-output-file "/tmp/nss_preload.c" > > + (lambda (port) > > + (display "#include <stdlib.h> > > As discussed on help-guix, I would prefer using ‘substitute*’ to modify > all the unit tests. That would reduce complexity and be potentially > more robust. Does that sound feasible without much hassle? Substituting is not not an option since after changing a record in the test data one would have to create (cryptographically) new matching RRSIG records otherwise the test would still fail. > That’s it, thank you for this first package! Thanks again for your help! Attached is the modified patch. Best, Gregor [-- Attachment #2: 0001-gnu-Add-unbound.patch --] [-- Type: text/plain, Size: 7486 bytes --] From 509b07d745dbe852259370cd7fbe0a6cfdcee9d7 Mon Sep 17 00:00:00 2001 From: Gregor Giesen <giesen@zaehlwerk.net> Date: Sun, 18 Jun 2017 14:27:34 +0200 Subject: [PATCH 1/1] gnu: Add unbound. * gnu/packages/dns.scm (unbound): New variable. --- gnu/packages/dns.scm | 164 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 164 insertions(+) diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm index 2e4d8fd18..fabae9796 100644 --- a/gnu/packages/dns.scm +++ b/gnu/packages/dns.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com> +;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net> ;;; ;;; This file is part of GNU Guix. ;;; @@ -31,6 +32,7 @@ #:use-module (gnu packages databases) #:use-module (gnu packages crypto) #:use-module (gnu packages datastructures) + #:use-module (gnu packages flex) #:use-module (gnu packages glib) #:use-module (gnu packages groff) #:use-module (gnu packages groff) @@ -42,12 +44,16 @@ #:use-module (gnu packages nettle) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages protobuf) + #:use-module (gnu packages python) + #:use-module (gnu packages swig) #:use-module (gnu packages tls) #:use-module (gnu packages web) #:use-module (gnu packages xml) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix utils) #:use-module (guix build-system gnu)) (define-public dnsmasq @@ -275,6 +281,164 @@ asynchronous fashion.") (license:non-copyleft "file://LICENSE") ; includes.h license:openssl)))) +(define-public unbound + (package + (name "unbound") + (version "1.6.3") + (source + (origin + (method url-fetch) + (uri (string-append "https://www.unbound.net/downloads/unbound-" + version ".tar.gz")) + (sha256 + (base32 + "0pw4m4z5qspsagxzbjb61xq5bhd57amw26xqvqzi6b8d3mf6azjc")))) + (build-system gnu-build-system) + (outputs '("out" "python")) + (native-inputs + `(("flex" ,flex) + ("swig" ,swig))) + (inputs + `(("expat" ,expat) + ("libevent" ,libevent) + ("protobuf" ,protobuf) + ("python" ,python-3) + ("python-wrapper" ,python-wrapper) + ("openssl" ,openssl))) + (arguments + `(#:configure-flags + (list (string-append + "--with-ssl=" (assoc-ref %build-inputs "openssl")) + (string-append + "--with-libevent=" (assoc-ref %build-inputs "libevent")) + (string-append + "--with-libexpat=" (assoc-ref %build-inputs "expat")) + "--with-pythonmodule" "--with-pyunbound") + #:phases + (modify-phases %standard-phases + (add-after 'configure 'fix-python-site-package-path + ;; Move python modules into their own output. + (lambda* (#:key outputs #:allow-other-keys) + (let ((pyout (assoc-ref outputs "python")) + (ver ,(version-major+minor (package-version python)))) + (substitute* "Makefile" + (("^PYTHON_SITE_PKG=.*$") + (string-append + "PYTHON_SITE_PKG=" + pyout "/lib/python-" ver "/site-packages\n")))) + #t)) + (add-before 'check 'fix-missing-nss-for-tests + ;; Unfortunately, the package's unittests involve some checks + ;; looking up protocols and services which are not provided + ;; by the minimalistic build environment, in particular, + ;; /etc/protocols and /etc/services are missing. + ;; Also, after plain substitution of protocol and service names + ;; in the test data, the tests still fail because the + ;; corresponding Resource Records have been signed by + ;; RRSIG records. + ;; The following LD_PRELOAD library overwrites the glibc + ;; functions ‘get{proto,serv}byname’, ‘getprotobynumber’ and + ;; ‘getservbyport’ providing the few records required for the + ;; unit tests to pass. + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((source (assoc-ref %build-inputs "source")) + (gcc (assoc-ref %build-inputs "gcc"))) + (call-with-output-file "/tmp/nss_preload.c" + (lambda (port) + (display "#include <stdlib.h> +#include <string.h> +#include <strings.h> + +#include <netdb.h> + +struct protoent *getprotobyname(const char *name) { + struct protoent *p = malloc(sizeof(struct protoent)); + p->p_aliases = malloc(sizeof(char*)); + if (strcasecmp(name, \"tcp\") == 0) { + p->p_name = \"tcp\"; + p->p_proto = 6; + p->p_aliases[0] = \"TCP\"; + } else if (strcasecmp(name, \"udp\") == 0) { + p->p_name = \"udp\"; + p->p_proto = 17; + p->p_aliases[0] = \"UDP\"; + } else + p = NULL; + return p; +} + +struct protoent *getprotobynumber(int proto) { + struct protoent *p = malloc(sizeof(struct protoent)); + p->p_aliases = malloc(sizeof(char*)); + switch(proto) { + case 6: + p->p_name = \"tcp\"; + p->p_proto = 6; + p->p_aliases[0] = \"TCP\"; + break; + case 17: + p->p_name = \"udp\"; + p->p_proto = 17; + p->p_aliases[0] = \"UDP\"; + break; + default: + p = NULL; + break; + } + return p; +} + +struct servent *getservbyname(const char *name, const char *proto) { + struct servent *s = malloc(sizeof(struct servent)); + char* buf = malloc((strlen(proto)+1)*sizeof(char)); + strcpy(buf, proto); + s->s_aliases = malloc(sizeof(char*)); + s->s_aliases[0] = NULL; + if (strcasecmp(name, \"domain\") == 0) { + s->s_name = \"domain\"; + s->s_port = htons(53); + s->s_proto = buf; + } else + s = NULL; + return s; +} + +struct servent *getservbyport(int port, const char *proto) { + char buf[32]; + struct servent *s = malloc(sizeof(struct servent)); + strcpy(buf, proto); + s->s_aliases = malloc(sizeof(char*)); + s->s_aliases[0] = NULL; + switch(port) { + case 53: + s->s_name = \"domain\"; + s->s_port = 53; + s->s_proto = \"udp\"; + break; + default: + s = NULL; + break; + } + return s; +}" port))) + (system* (string-append gcc "/bin/gcc") + "-shared" "-fPIC" "-o" "/tmp/nss_preload.so" + "/tmp/nss_preload.c") + ;; The preload library only affects the unittests. + (substitute* "Makefile" + (("./unittest") + "LD_PRELOAD=/tmp/nss_preload.so ./unittest"))) + #t))))) + (home-page "https://www.unbound.net") + (synopsis "Validating, recursive, and caching DNS resolver") + (description + "Unbound is a recursive-only caching DNS server which can perform DNSSEC +validation of results. It implements only a minimal amount of authoritative +service to prevent leakage to the root nameservers: forward lookups for +localhost, reverse for @code{127.0.0.1} and @code{::1}, and NXDOMAIN for zones +served by AS112. Stub and forward zones are supported.") + (license license:bsd-3))) + (define-public yadifa (package (name "yadifa") -- 2.13.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* bug#27419: [PATCH] gnu: Add unbound. 2017-06-19 16:38 ` Gregor Giesen @ 2017-06-20 20:08 ` Ludovic Courtès 2017-06-20 20:27 ` [bug#27419] " Gregor Giesen 0 siblings, 1 reply; 6+ messages in thread From: Ludovic Courtès @ 2017-06-20 20:08 UTC (permalink / raw) To: Gregor Giesen; +Cc: 27419-done Hi Gregor, Gregor Giesen <giesen@zaehlwerk.net> skribis: > From 509b07d745dbe852259370cd7fbe0a6cfdcee9d7 Mon Sep 17 00:00:00 2001 > From: Gregor Giesen <giesen@zaehlwerk.net> > Date: Sun, 18 Jun 2017 14:27:34 +0200 > Subject: [PATCH 1/1] gnu: Add unbound. > > * gnu/packages/dns.scm (unbound): New variable. [...] > + (license license:bsd-3))) On closer inspection it turns out to be <https://directory.fsf.org/wiki/License:BSD_4Clause> so I changed that to ‘bsd-4’. Applied with this change, thank you! “guix build unbound --rounds=2 -K” shows differences in libunbound.a. Perhaps we should simply remove it? Ludo’. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#27419] [PATCH] gnu: Add unbound. 2017-06-20 20:08 ` bug#27419: " Ludovic Courtès @ 2017-06-20 20:27 ` Gregor Giesen 2017-06-21 8:19 ` Ludovic Courtès 0 siblings, 1 reply; 6+ messages in thread From: Gregor Giesen @ 2017-06-20 20:27 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 27419 Dear Ludo’, On Tue, Jun 20, 2017 at 10:08:42PM +0200, Ludovic Courtès wrote: > > + (license license:bsd-3))) > > On closer inspection it turns out to be > <https://directory.fsf.org/wiki/License:BSD_4Clause> so I changed that > to ‘bsd-4’. sorry, my bad! > Applied with this change, thank you! > > “guix build unbound --rounds=2 -K” shows differences in libunbound.a. > Perhaps we should simply remove it? Yes, I don't think we need it. We could simply add "--disable-static" to the #:configure-flags. Best, Gregor ^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#27419] [PATCH] gnu: Add unbound. 2017-06-20 20:27 ` [bug#27419] " Gregor Giesen @ 2017-06-21 8:19 ` Ludovic Courtès 0 siblings, 0 replies; 6+ messages in thread From: Ludovic Courtès @ 2017-06-21 8:19 UTC (permalink / raw) To: Gregor Giesen; +Cc: 27419 Hi, Gregor Giesen <giesen@zaehlwerk.net> skribis: >> “guix build unbound --rounds=2 -K” shows differences in libunbound.a. >> Perhaps we should simply remove it? > Yes, I don't think we need it. We could simply add "--disable-static" to > the #:configure-flags. Sounds good to me, I’ve committed this change. Thanks, Ludo’. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-06-21 8:20 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-06-18 12:51 [bug#27419] [PATCH] gnu: Add unbound Gregor Giesen 2017-06-19 12:14 ` Ludovic Courtès 2017-06-19 16:38 ` Gregor Giesen 2017-06-20 20:08 ` bug#27419: " Ludovic Courtès 2017-06-20 20:27 ` [bug#27419] " Gregor Giesen 2017-06-21 8:19 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).