From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id eD18MmLq6V6FIQAA0tVLHw (envelope-from ) for ; Wed, 17 Jun 2020 10:03:14 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id KFNbLmLq6V6iCwAA1q6Kng (envelope-from ) for ; Wed, 17 Jun 2020 10:03:14 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 68E83940AF6 for ; Wed, 17 Jun 2020 10:03:14 +0000 (UTC) Received: from localhost ([::1]:45904 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jlUuX-0004zt-AV for larch@yhetil.org; Wed, 17 Jun 2020 06:03:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47856) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jlUuM-0004zh-6T for guix-patches@gnu.org; Wed, 17 Jun 2020 06:03:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:38857) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jlUuL-00032q-U7 for guix-patches@gnu.org; Wed, 17 Jun 2020 06:03:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jlUuL-0006b2-QP for guix-patches@gnu.org; Wed, 17 Jun 2020 06:03:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues) Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 17 Jun 2020 10:03:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41363 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Simon South Cc: 41363@debbugs.gnu.org, Julien Lepiller Received: via spool by 41363-submit@debbugs.gnu.org id=B41363.159238816225310 (code B ref 41363); Wed, 17 Jun 2020 10:03:01 +0000 Received: (at 41363) by debbugs.gnu.org; 17 Jun 2020 10:02:42 +0000 Received: from localhost ([127.0.0.1]:50396 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jlUu2-0006aA-F6 for submit@debbugs.gnu.org; Wed, 17 Jun 2020 06:02:42 -0400 Received: from eggs.gnu.org ([209.51.188.92]:33394) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jlUu0-0006Zx-D0 for 41363@debbugs.gnu.org; Wed, 17 Jun 2020 06:02:41 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:42782) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jlUtu-0002wl-So; Wed, 17 Jun 2020 06:02:34 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=40570 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jlUtu-0001Zt-GL; Wed, 17 Jun 2020 06:02:34 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <878shqtyaa.fsf@mercury.simonsouth.net> Date: Wed, 17 Jun 2020 12:02:33 +0200 In-Reply-To: <878shqtyaa.fsf@mercury.simonsouth.net> (Simon South's message of "Sun, 17 May 2020 10:46:05 -0400") Message-ID: <875zbqrow6.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -3.3 (---) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: qgE/EipdtEUE Hi, Julien, could you take a look at this patch series? I figured you probably know Knot better than I do. https://issues.guix.gnu.org/41363 Thanks in advance, Ludo=E2=80=99. Simon South skribis: > This patch series enables the automatic reloading of response-policy > zone (RPZ) files by Knot Resolver. Specifically these patches > > - Add package definitions for the cqueues Lua extension module and the > luaossl module on which it relies, and > > - Add lua5.1-cqueues as an input to knot-resolver. > > With these changes applied, Knot Resolver can be configured with lines > like > > modules =3D { 'policy' } > policy.add(policy.rpz(policy.DENY, '/etc/dns/blacklist.txt', true)) > > and it will automatically reload RPZ rules from /etc/dns/blacklist.txt > whenever that file changes. This makes it easy to use Knot Resolver to > block unwanted sites using a list of domains downloaded periodically > from the Internet. > > I've tested these changes on x86-64 and aarch64. On x86-64 everything > works as expected. > > On aarch64, the packages build and install fine but Knot Resolver fails > to load the configuration above with > > policy.lua:430: [poli] lua-cqueues required to watch and reload RPZ f= ile > > This is due to a known issue with LuaJIT on aarch64 (see e.g. > https://github.com/LuaJIT/LuaJIT/pull/230): > > $ ./pre-inst-env guix environment knot-resolver --ad-hoc knot-resolver > $ $(head -n 3 `which kresd` | tail -n 2) # set LUA_PATH, LUA_CPATH > $ luajit -e 'require("cqueues")' > luajit: bad light userdata pointer > stack traceback: > [C]: at 0xffffa556a960 > [C]: in function 'require' > ... > $ > > Otherwise (i.e. after changing "true" to "false" in the configuration > above) Knot Resolver continues to work as it did before, so I expect > existing users will not be affected. > > I'll work on diagnosing the upstream bug but thought I'd submit these > patches in the meantime. > > -- > Simon South > simon@simonsouth.net