From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp1 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id GJS3ADRdwV5bNwAA0tVLHw
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sun, 17 May 2020 15:50:12 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1 with LMTPS
	id sL46ODNdwV7ILgAAbx9fmQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sun, 17 May 2020 15:50:11 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 7E854940143
	for <larch@yhetil.org>; Sun, 17 May 2020 15:50:11 +0000 (UTC)
Received: from localhost ([::1]:52914 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1jaLYI-00077u-Fi
	for larch@yhetil.org; Sun, 17 May 2020 11:50:10 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:51282)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jaLYA-00077h-84
 for guix-patches@gnu.org; Sun, 17 May 2020 11:50:02 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:32809)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jaLY9-0005Ov-VD
 for guix-patches@gnu.org; Sun, 17 May 2020 11:50:01 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jaLY9-0005PW-T1
 for guix-patches@gnu.org; Sun, 17 May 2020 11:50:01 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#41363] knot-resolver: Enable reloading of policy files (add
 lua-cqueues)
Resent-From: Simon South <simon@simonsouth.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 17 May 2020 15:50:01 +0000
Resent-Message-ID: <handler.41363.B.158973056120731@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 41363
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: 
To: 41363@debbugs.gnu.org
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.158973056120731
 (code B ref -1); Sun, 17 May 2020 15:50:01 +0000
Received: (at submit) by debbugs.gnu.org; 17 May 2020 15:49:21 +0000
Received: from localhost ([127.0.0.1]:44353 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1jaLXV-0005OJ-4n
 for submit@debbugs.gnu.org; Sun, 17 May 2020 11:49:21 -0400
Received: from lists.gnu.org ([209.51.188.17]:33502)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <simon@simonsouth.net>) id 1jaKYM-0003kC-Hp
 for submit@debbugs.gnu.org; Sun, 17 May 2020 10:46:11 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:44118)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <simon@simonsouth.net>)
 id 1jaKYM-0003gb-A0
 for guix-patches@gnu.org; Sun, 17 May 2020 10:46:10 -0400
Received: from mailout.easymail.ca ([64.68.200.34]:49564)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <simon@simonsouth.net>)
 id 1jaKYK-0005Xu-RN
 for guix-patches@gnu.org; Sun, 17 May 2020 10:46:10 -0400
Received: from localhost (localhost [127.0.0.1])
 by mailout.easymail.ca (Postfix) with ESMTP id 413A2A0364
 for <guix-patches@gnu.org>; Sun, 17 May 2020 14:46:06 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at emo05-pco.easydns.vpn
Received: from mailout.easymail.ca ([127.0.0.1])
 by localhost (emo05-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ZdyfWjHuJUZO for <guix-patches@gnu.org>;
 Sun, 17 May 2020 14:46:06 +0000 (UTC)
Received: from mercury.simonsouth.net (unknown [108.162.141.195])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mailout.easymail.ca (Postfix) with ESMTPSA id 02DAFA033B
 for <guix-patches@gnu.org>; Sun, 17 May 2020 14:46:05 +0000 (UTC)
From: Simon South <simon@simonsouth.net>
Date: Sun, 17 May 2020 10:46:05 -0400
Message-ID: <878shqtyaa.fsf@mercury.simonsouth.net>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=64.68.200.34; envelope-from=simon@simonsouth.net; 
 helo=mailout.easymail.ca
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/17 10:46:06
X-ACL-Warn: Detected OS   = Linux 3.11 and newer
X-Spam_score_int: -41
X-Spam_score: -4.2
X-Spam_bar: ----
X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3,
 SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Mailman-Approved-At: Sun, 17 May 2020 11:49:20 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-Spam-Score: -2.3 (--)
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
X-Scanner: scn0
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Spam-Score: -1.01
X-TUID: Ic+Q0nClzYwU

This patch series enables the automatic reloading of response-policy
zone (RPZ) files by Knot Resolver. Specifically these patches

- Add package definitions for the cqueues Lua extension module and the
  luaossl module on which it relies, and

- Add lua5.1-cqueues as an input to knot-resolver.

With these changes applied, Knot Resolver can be configured with lines
like

    modules = { 'policy' }
    policy.add(policy.rpz(policy.DENY, '/etc/dns/blacklist.txt', true))

and it will automatically reload RPZ rules from /etc/dns/blacklist.txt
whenever that file changes. This makes it easy to use Knot Resolver to
block unwanted sites using a list of domains downloaded periodically
from the Internet.

I've tested these changes on x86-64 and aarch64. On x86-64 everything
works as expected.

On aarch64, the packages build and install fine but Knot Resolver fails
to load the configuration above with

    policy.lua:430: [poli] lua-cqueues required to watch and reload RPZ file

This is due to a known issue with LuaJIT on aarch64 (see e.g.
https://github.com/LuaJIT/LuaJIT/pull/230):

    $ ./pre-inst-env guix environment knot-resolver --ad-hoc knot-resolver
    $ $(head -n 3 `which kresd` | tail -n 2)  # set LUA_PATH, LUA_CPATH
    $ luajit -e 'require("cqueues")'
    luajit: bad light userdata pointer
    stack traceback:
            [C]: at 0xffffa556a960
            [C]: in function 'require'
            ...
    $

Otherwise (i.e. after changing "true" to "false" in the configuration
above) Knot Resolver continues to work as it did before, so I expect
existing users will not be affected.

I'll work on diagnosing the upstream bug but thought I'd submit these
patches in the meantime.

--
Simon South
simon@simonsouth.net