From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36073) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etqoS-00069A-Ng for guix-patches@gnu.org; Thu, 08 Mar 2018 03:22:10 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1etqoM-00043J-Q6 for guix-patches@gnu.org; Thu, 08 Mar 2018 03:22:08 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:42242) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1etqoM-000437-Lh for guix-patches@gnu.org; Thu, 08 Mar 2018 03:22:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1etqoM-0006IB-GN for guix-patches@gnu.org; Thu, 08 Mar 2018 03:22:02 -0500 Subject: [bug#30748] [PATCH] gnu: Add nsd. Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35925) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1etqnI-00062G-7t for guix-patches@gnu.org; Thu, 08 Mar 2018 03:20:57 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1etqnH-0003lC-2G for guix-patches@gnu.org; Thu, 08 Mar 2018 03:20:56 -0500 Received: from tobias.gr ([2001:470:cc92::1]:53476) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1etqnG-0003kL-Mv for guix-patches@gnu.org; Thu, 08 Mar 2018 03:20:54 -0500 Received: by tobias.gr (OpenSMTPD) with ESMTP id c885fcb4 for ; Thu, 8 Mar 2018 08:20:52 +0000 (UTC) Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 2f158e3d (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for ; Thu, 8 Mar 2018 08:20:49 +0000 (UTC) From: Tobias Geerinckx-Rice Date: Thu, 8 Mar 2018 09:20:50 +0100 Message-Id: <20180308082050.9855-1-me@tobias.gr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 30748@debbugs.gnu.org * gnu/packages/dns.scm (nsd): New public variable. --- Guix, Have this two-year-old patch I found. Kind regards, T G-R gnu/packages/dns.scm | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm index b0f6ddaec..b0649dc53 100644 --- a/gnu/packages/dns.scm +++ b/gnu/packages/dns.scm @@ -573,3 +573,71 @@ synthesis, and on-the-fly re-configuration.") license:lgpl2.0+ ; parts of scr/contrib/ucw license:public-domain ; src/contrib/fnv and possibly murmurhash3 license:gpl3+)))) ; everything else + +(define-public nsd + (package + (name "nsd") + (version "4.1.20") + (source + (origin + (method url-fetch) + (uri (string-append "https://www.nlnetlabs.nl/downloads/" + name "/" name "-" version ".tar.gz")) + (sha256 + (base32 + "04zph9zli3a0zx1sfphwbxx6f8whdxcjai6w0k7a565vgcfzd5wa")))) + (build-system gnu-build-system) + (inputs + `(("libevent" ,libevent) + ("openssl" ,openssl))) + (arguments + `(#:configure-flags + (list "--enable-pie" ; fully benefit from ASLR + "--enable-ratelimit" + "--enable-recvmmsg" + "--enable-relro-now" ; protect GOT and .dtor areas + "--disable-radix-tree" + (string-append "--with-libevent=" + (assoc-ref %build-inputs "libevent")) + (string-append "--with-ssl=" + (assoc-ref %build-inputs "openssl")) + "--with-configdir=/etc" + "--with-nsd_conf_file=/etc/nsd/nsd.conf" + "--with-logfile=/var/log/nsd.log" + "--with-pidfile=/var/db/nsd/nsd.pid" + "--with-dbfile=/var/db/nsd/nsd.db" + "--with-zonesdir=/etc/nsd" + "--with-xfrdfile=/var/db/nsd/xfrd.state" + "--with-zonelistfile=/var/db/nsd/zone.list") + #:phases + (modify-phases %standard-phases + (add-before 'configure 'patch-installation-paths + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (doc (string-append out "/share/doc/" ,name "-" ,version))) + (substitute* "Makefile.in" + (((string-append ".*\\$\\(DESTDIR\\)\\$\\(" + "(config|pid|xfr|db)dir" + "\\).*")) + "") + (("\\$\\(nsdconfigfile\\)\\.sample") + (string-append doc "/examples/$(nsdconfigfile).sample"))) + #t)))) + #:tests? #f)) ; no tests + (home-page "https://www.nlnetlabs.nl/projects/nsd/") + (synopsis "Authoritative DNS name server") + (description "@dfn{NSD}, short for Name Server Daemon, is an authoritative +name server for the Domain Name System (@dfn{DNS}). It aims to be a fast and +RFC-compliant nameserver. + +NSD uses zone information compiled via @command{zonec} into a binary database +file (@file{nsd.db}). This allows fast startup of the name service daemon and +allows syntax-structural errors in zone files to be flagged at compile time, +before being made available to NSD service itself. However, most traditional +BIND-style zone files can be directly imported into NSD without modification. + +The collection of programs and processes that make up NSD are designed so that +the daemon itself runs as a non-privileged user and can be easily configured to +run in a @code{chroot} jail, thus making any security flaws in NSD less likely +to result in system-wide compromise.") + (license (list license:bsd-3)))) -- 2.15.1