all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues)
@ 2020-05-17 14:46 Simon South
  2020-05-17 16:09 ` [bug#41363] [PATCH 1/3] gnu: Add lua-ossl Simon South
                   ` (4 more replies)
  0 siblings, 5 replies; 11+ messages in thread
From: Simon South @ 2020-05-17 14:46 UTC (permalink / raw)
  To: 41363

This patch series enables the automatic reloading of response-policy
zone (RPZ) files by Knot Resolver. Specifically these patches

- Add package definitions for the cqueues Lua extension module and the
  luaossl module on which it relies, and

- Add lua5.1-cqueues as an input to knot-resolver.

With these changes applied, Knot Resolver can be configured with lines
like

    modules = { 'policy' }
    policy.add(policy.rpz(policy.DENY, '/etc/dns/blacklist.txt', true))

and it will automatically reload RPZ rules from /etc/dns/blacklist.txt
whenever that file changes. This makes it easy to use Knot Resolver to
block unwanted sites using a list of domains downloaded periodically
from the Internet.

I've tested these changes on x86-64 and aarch64. On x86-64 everything
works as expected.

On aarch64, the packages build and install fine but Knot Resolver fails
to load the configuration above with

    policy.lua:430: [poli] lua-cqueues required to watch and reload RPZ file

This is due to a known issue with LuaJIT on aarch64 (see e.g.
https://github.com/LuaJIT/LuaJIT/pull/230):

    $ ./pre-inst-env guix environment knot-resolver --ad-hoc knot-resolver
    $ $(head -n 3 `which kresd` | tail -n 2)  # set LUA_PATH, LUA_CPATH
    $ luajit -e 'require("cqueues")'
    luajit: bad light userdata pointer
    stack traceback:
            [C]: at 0xffffa556a960
            [C]: in function 'require'
            ...
    $

Otherwise (i.e. after changing "true" to "false" in the configuration
above) Knot Resolver continues to work as it did before, so I expect
existing users will not be affected.

I'll work on diagnosing the upstream bug but thought I'd submit these
patches in the meantime.

--
Simon South
simon@simonsouth.net




^ permalink raw reply	[flat|nested] 11+ messages in thread

* [bug#41363] [PATCH 1/3] gnu: Add lua-ossl.
  2020-05-17 14:46 [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues) Simon South
@ 2020-05-17 16:09 ` Simon South
  2020-05-17 16:09   ` [bug#41363] [PATCH 2/3] gnu: Add lua-cqueues Simon South
                     ` (2 more replies)
  2020-05-19 10:25 ` [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues) Simon South
                   ` (3 subsequent siblings)
  4 siblings, 3 replies; 11+ messages in thread
From: Simon South @ 2020-05-17 16:09 UTC (permalink / raw)
  To: 41363

* gnu/packages/lua.scm (make-lua-ossl): New function.
(lua-ossl, lua5.1-ossl, lua5.2-ossl): New variables.
---
 gnu/packages/lua.scm | 63 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)

diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index 181ce76559..147ed8d9f7 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -11,6 +11,7 @@
 ;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Fis Trivial <ybbs.daans@hotmail.com>
 ;;; Copyright © 2020 Nicolas Goaziou <mail@nicolasgoaziou.fr>
+;;; Copyright © 2020 Simon South <simon@simonsouth.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -38,6 +39,7 @@
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages m4)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages glib)
@@ -292,6 +294,67 @@ directory structure and file attributes.")
 (define-public lua5.2-filesystem
   (make-lua-filesystem "lua5.2-filesystem" lua-5.2))
 
+(define (make-lua-ossl name lua)
+  (package
+    (name name)
+    (version "20170903")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://25thandclement.com/~william/"
+                                  "projects/releases/luaossl-" version ".tgz"))
+              (sha256
+               (base32
+                "10392bvd0lzyibipblgiss09zlqh3a5zgqg1b9lgbybpqb9cv2k3"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       (let ((out (assoc-ref %outputs "out"))
+             (lua-api-version ,(version-major+minor (package-version lua))))
+         (list "CC=gcc"
+               "CFLAGS='-D HAVE_SYS_SYSCTL_H=0'" ; sys/sysctl.h is deprecated
+               (string-append "DESTDIR=" out)
+               (string-append "LUA_APIS=" lua-api-version)
+               "prefix="))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'check)
+         (add-after 'install 'check
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out"))
+                   (lua-version ,(version-major+minor (package-version lua))))
+               (setenv "LUA_CPATH"
+                       (string-append out "/lib/lua/" lua-version "/?.so;;"))
+               (setenv "LUA_PATH"
+                       (string-append out "/share/lua/" lua-version "/?.lua;;"))
+               (with-directory-excursion "regress"
+                 (for-each (lambda (f)
+                             (invoke "lua" f))
+                           (find-files "." "^[0-9].*\\.lua$"))))
+             #t)))))
+    (native-inputs
+     `(("m4", m4)))
+    (inputs
+     `(("lua" ,lua)
+       ("openssl" ,openssl)))
+    (home-page "https://25thandclement.com/~william/projects/luaossl.html")
+    (synopsis "OpenSSL bindings for Lua")
+    (description "The luaossl extension module for Lua provides comprehensive,
+low-level bindings to the OpenSSL library, including support for certificate and
+key management, key generation, signature verification, and deep bindings to the
+distinguished name, alternative name, and X.509v3 extension interfaces.  It also
+binds OpenSSL's bignum, message digest, HMAC, cipher, and CSPRNG interfaces.")
+    (license license:expat)))
+
+(define-public lua-ossl
+  (make-lua-ossl "lua-ossl" lua))
+
+(define-public lua5.1-ossl
+  (make-lua-ossl "lua5.1-ossl" lua-5.1))
+
+(define-public lua5.2-ossl
+  (make-lua-ossl "lua5.2-ossl" lua-5.2))
+
 (define (make-lua-sec name lua)
   (package
     (name name)
-- 
2.26.2





^ permalink raw reply related	[flat|nested] 11+ messages in thread

* [bug#41363] [PATCH 2/3] gnu: Add lua-cqueues.
  2020-05-17 16:09 ` [bug#41363] [PATCH 1/3] gnu: Add lua-ossl Simon South
@ 2020-05-17 16:09   ` Simon South
  2020-05-17 16:09   ` [bug#41363] [PATCH 3/3] gnu: knot-resolver: Enable automatic reloading of policy files Simon South
  2020-05-18 12:32   ` [bug#41363] [PATCH 1/3] gnu: Add lua-ossl Simon South
  2 siblings, 0 replies; 11+ messages in thread
From: Simon South @ 2020-05-17 16:09 UTC (permalink / raw)
  To: 41363

* gnu/packages/lua.scm (make-lua-cqueues): New function.
(lua-cqueues, lua5.1-cqueues, lua5.2-cqueues): New variables.
---
 gnu/packages/lua.scm | 106 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 106 insertions(+)

diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index 147ed8d9f7..958b317d62 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -403,6 +403,112 @@ secure session between the peers.")
 (define-public lua5.2-sec
   (make-lua-sec "lua5.2-sec" lua-5.2))
 
+(define (make-lua-cqueues name lua lua-ossl)
+  (package
+    (name name)
+    (version "20171014")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://25thandclement.com/~william/"
+                                  "projects/releases/cqueues-" version ".tgz"))
+              (sha256
+               (base32
+                "1dabhpn6r0hlln8vx9hxm34pfcm46qzgpb2apmziwg5z51fi4ksb"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (ice-9 string-fun))
+       #:make-flags
+       (let ((out (assoc-ref %outputs "out"))
+             (lua-api-version ,(version-major+minor (package-version lua))))
+         (list "CC=gcc"
+               (string-append "LUA_APIS=" lua-api-version)))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'check)
+         (replace 'install
+           (lambda* (#:key make-flags outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (apply invoke "make" "install"
+                      (append make-flags
+                              (list (string-append "DESTDIR=" out)
+                                    "prefix="))))))
+         (add-after 'install 'check
+           (lambda* (#:key inputs outputs make-flags #:allow-other-keys)
+             (let*
+                 ((lua-version ,(version-major+minor (package-version lua)))
+                  (env-suffix (if (equal? lua-version "5.1")
+                                  ""
+                                  (string-append
+                                   "_"
+                                   (string-replace-substring lua-version "." "_"))))
+
+                  (lua-ossl (assoc-ref inputs "lua-ossl"))
+                  (out (assoc-ref outputs "out"))
+
+                  (lua-cpath (lambda (p)
+                               (string-append p "/lib/lua/" lua-version "/?.so")))
+                  (lua-path (lambda (p)
+                              (string-append p "/share/lua/" lua-version "/?.lua"))))
+               ;; The test suite sets Lua-version-specific search-path variables
+               ;; when available so we must do the same, as these take
+               ;; precedence over the generic "LUA_CPATH" and "LUA_PATH"
+               (setenv (string-append "LUA_CPATH" env-suffix)
+                       (string-append
+                        (string-join (map lua-cpath (list out lua-ossl)) ";")
+                        ";;"))
+               (setenv (string-append "LUA_PATH" env-suffix)
+                       (string-append
+                        (string-join (map lua-path (list out lua-ossl)) ";")
+                        ";;"))
+
+               ;; Skip regression tests we expect to fail
+               (with-directory-excursion "regress"
+                 (for-each (lambda (f)
+                             (rename-file f (string-append f ".skip")))
+                           (append
+                            ;; Regression tests that require network
+                            ;; connectivity
+                            '("22-client-dtls.lua"
+                              "30-starttls-completion.lua"
+                              "62-noname.lua"
+                              "153-dns-resolvers.lua")
+
+                            ;; Regression tests that require LuaJIT
+                            '("44-resolvers-gc.lua"
+                              "51-join-defunct-thread.lua")
+
+                            ;; Regression tests that require Lua 5.3
+                            (if (not (equal? lua-version "5.3"))
+                                '("152-thread-integer-passing.lua")
+                                '()))))
+
+               (apply invoke "make" "check" make-flags)))))))
+    (native-inputs
+     `(("m4" ,m4)))
+    (inputs
+     `(("lua" ,lua)
+       ("openssl" ,openssl)))
+    (propagated-inputs
+     `(("lua-ossl" ,lua-ossl)))
+    (home-page "https://25thandclement.com/~william/projects/cqueues.html")
+    (synopsis "Event loop for Lua using continuation queues")
+    (description "The cqueues extension module for Lua implements an event loop
+that operates through the yielding and resumption of coroutines.  It is designed
+to be non-intrusive, composable, and embeddable within existing applications.")
+    (license license:expat)))
+
+(define-public lua-cqueues
+  (make-lua-cqueues "lua-cqueues" lua lua-ossl))
+
+(define-public lua5.1-cqueues
+  (make-lua-cqueues "lua5.1-cqueues" lua-5.1 lua5.1-ossl))
+
+(define-public lua5.2-cqueues
+  (make-lua-cqueues "lua5.2-cqueues" lua-5.2 lua5.2-ossl))
+
 (define-public lua-penlight
   (package
     (name "lua-penlight")
-- 
2.26.2





^ permalink raw reply related	[flat|nested] 11+ messages in thread

* [bug#41363] [PATCH 3/3] gnu: knot-resolver: Enable automatic reloading of policy files.
  2020-05-17 16:09 ` [bug#41363] [PATCH 1/3] gnu: Add lua-ossl Simon South
  2020-05-17 16:09   ` [bug#41363] [PATCH 2/3] gnu: Add lua-cqueues Simon South
@ 2020-05-17 16:09   ` Simon South
  2020-05-18 12:32   ` [bug#41363] [PATCH 1/3] gnu: Add lua-ossl Simon South
  2 siblings, 0 replies; 11+ messages in thread
From: Simon South @ 2020-05-17 16:09 UTC (permalink / raw)
  To: 41363

* gnu/packages/dns.scm (knot-resolver)[inputs]: Add lua5.1-cqueues.
---
 gnu/packages/dns.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 469ef7605d..fdf9ed9dea 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -723,8 +723,9 @@ synthesis, and on-the-fly re-configuration.")
        ("libuv" ,libuv)
        ("lmdb" ,lmdb)
        ("luajit" ,luajit)
-       ;; TODO: Add optional lua modules: basexx, cqueues and psl.
+       ;; TODO: Add optional lua modules: basexx and psl.
        ("lua-bitop" ,lua5.1-bitop)
+       ("lua-cqueues" ,lua5.1-cqueues)
        ("lua-filesystem" ,lua5.1-filesystem)
        ("lua-sec" ,lua5.1-sec)
        ("lua-socket" ,lua5.1-socket)))
-- 
2.26.2





^ permalink raw reply related	[flat|nested] 11+ messages in thread

* [bug#41363] [PATCH 1/3] gnu: Add lua-ossl.
  2020-05-17 16:09 ` [bug#41363] [PATCH 1/3] gnu: Add lua-ossl Simon South
  2020-05-17 16:09   ` [bug#41363] [PATCH 2/3] gnu: Add lua-cqueues Simon South
  2020-05-17 16:09   ` [bug#41363] [PATCH 3/3] gnu: knot-resolver: Enable automatic reloading of policy files Simon South
@ 2020-05-18 12:32   ` Simon South
  2 siblings, 0 replies; 11+ messages in thread
From: Simon South @ 2020-05-18 12:32 UTC (permalink / raw)
  To: 41363

[-- Attachment #1: Type: text/plain, Size: 131 bytes --]

luaossl doesn't actually require M4 to build, unlike cqueues.

Here's a replacement patch that omits M4 from the package inputs.



[-- Attachment #2: [PATCH 1/3] gnu: Add lua-ossl. --]
[-- Type: text/x-patch, Size: 3984 bytes --]

From 610918a771b84a081af24940ae94d35b1af7511e Mon Sep 17 00:00:00 2001
From: Simon South <simon@simonsouth.net>
Date: Fri, 15 May 2020 11:18:44 -0400
Subject: [PATCH 1/3] gnu: Add lua-ossl.
To: 41363@debbugs.gnu.org

* gnu/packages/lua.scm (make-lua-ossl): New function.
(lua-ossl, lua5.1-ossl, lua5.2-ossl): New variables.
---
 gnu/packages/lua.scm | 61 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index 181ce76559..defb7b68e6 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -11,6 +11,7 @@
 ;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Fis Trivial <ybbs.daans@hotmail.com>
 ;;; Copyright © 2020 Nicolas Goaziou <mail@nicolasgoaziou.fr>
+;;; Copyright © 2020 Simon South <simon@simonsouth.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -38,6 +39,7 @@
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages m4)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages glib)
@@ -292,6 +294,65 @@ directory structure and file attributes.")
 (define-public lua5.2-filesystem
   (make-lua-filesystem "lua5.2-filesystem" lua-5.2))
 
+(define (make-lua-ossl name lua)
+  (package
+    (name name)
+    (version "20170903")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://25thandclement.com/~william/"
+                                  "projects/releases/luaossl-" version ".tgz"))
+              (sha256
+               (base32
+                "10392bvd0lzyibipblgiss09zlqh3a5zgqg1b9lgbybpqb9cv2k3"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       (let ((out (assoc-ref %outputs "out"))
+             (lua-api-version ,(version-major+minor (package-version lua))))
+         (list "CC=gcc"
+               "CFLAGS='-D HAVE_SYS_SYSCTL_H=0'" ; sys/sysctl.h is deprecated
+               (string-append "DESTDIR=" out)
+               (string-append "LUA_APIS=" lua-api-version)
+               "prefix="))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'check)
+         (add-after 'install 'check
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out"))
+                   (lua-version ,(version-major+minor (package-version lua))))
+               (setenv "LUA_CPATH"
+                       (string-append out "/lib/lua/" lua-version "/?.so;;"))
+               (setenv "LUA_PATH"
+                       (string-append out "/share/lua/" lua-version "/?.lua;;"))
+               (with-directory-excursion "regress"
+                 (for-each (lambda (f)
+                             (invoke "lua" f))
+                           (find-files "." "^[0-9].*\\.lua$"))))
+             #t)))))
+    (inputs
+     `(("lua" ,lua)
+       ("openssl" ,openssl)))
+    (home-page "https://25thandclement.com/~william/projects/luaossl.html")
+    (synopsis "OpenSSL bindings for Lua")
+    (description "The luaossl extension module for Lua provides comprehensive,
+low-level bindings to the OpenSSL library, including support for certificate and
+key management, key generation, signature verification, and deep bindings to the
+distinguished name, alternative name, and X.509v3 extension interfaces.  It also
+binds OpenSSL's bignum, message digest, HMAC, cipher, and CSPRNG interfaces.")
+    (license license:expat)))
+
+(define-public lua-ossl
+  (make-lua-ossl "lua-ossl" lua))
+
+(define-public lua5.1-ossl
+  (make-lua-ossl "lua5.1-ossl" lua-5.1))
+
+(define-public lua5.2-ossl
+  (make-lua-ossl "lua5.2-ossl" lua-5.2))
+
 (define (make-lua-sec name lua)
   (package
     (name name)
-- 
2.26.2


^ permalink raw reply related	[flat|nested] 11+ messages in thread

* [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues)
  2020-05-17 14:46 [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues) Simon South
  2020-05-17 16:09 ` [bug#41363] [PATCH 1/3] gnu: Add lua-ossl Simon South
@ 2020-05-19 10:25 ` Simon South
  2020-05-29 19:36 ` Simon South
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 11+ messages in thread
From: Simon South @ 2020-05-19 10:25 UTC (permalink / raw)
  To: 41363

Simon South <simon@simonsouth.net> writes:
> This is due to a known issue with LuaJIT on aarch64...

Just realized the URIs I used for cqueues and luaossl are out-of-date
and this issue has been addressed in newer releases
(https://github.com/wahern/cqueues/pull/225).

I'll send updated patches shortly.

-- 
Simon South
simon@simonsouth.net




^ permalink raw reply	[flat|nested] 11+ messages in thread

* [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues)
  2020-05-17 14:46 [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues) Simon South
  2020-05-17 16:09 ` [bug#41363] [PATCH 1/3] gnu: Add lua-ossl Simon South
  2020-05-19 10:25 ` [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues) Simon South
@ 2020-05-29 19:36 ` Simon South
  2020-06-17 10:02 ` Ludovic Courtès
  2020-06-25 10:26 ` bug#41363: " Ludovic Courtès
  4 siblings, 0 replies; 11+ messages in thread
From: Simon South @ 2020-05-29 19:36 UTC (permalink / raw)
  To: 41363

[-- Attachment #1: Type: text/plain, Size: 1599 bytes --]

I'm posting updated patches here as a work-in-progress, in case anyone
else is interested. The patches are not yet ready to be applied.

The package definitions are pretty much complete (I believe), however
the regression tests for luajit-cqueues are failing for me on both
aarch64 and x86_64.

On aarch64, the test for issue #71 (only) fails with

    71-empty-cqueue: .......
    71-empty-cqueue: testing issue 71A
    71-empty-cqueue: 71A OK
    71-empty-cqueue: testing 71B
    71-empty-cqueue: setting alert on inner loop
    71-empty-cqueue: stepping inner loop
    71-empty-cqueue: polling inner loop
    71-empty-cqueue: stepping inner loop
    71-empty-cqueue: timeout before inner loop test completed

This test, along with the rest of the suite, passes fine if the stock
Lua 5.1 interpreter is used instead, which suggests a possible
regression in LuaJIT. (Building LuaJIT from the latest revision in its
source repository leads to the same error.)

On x86_64, that test passes but a different one fails:

    141-segfault-on-accept: OK
    PANIC: unprotected error in call to Lua API (attempt to call a thread value)

I've written to the authors of cqueues regarding the first issue but
have not received a response. I may try following up with LuaJIT's
author as a next step; a bit of analysis might reveal why these tests
are failing but my interest here is in getting a DNS server up and
running, not in learning Lua or diving into the internals of a compiler.

Perhaps someone more familiar with these libraries, language and tools
could help?

--
Simon South
ssouth@simonsouth.net


[-- Attachment #2: 0001-gnu-Add-luajit-ossl.patch --]
[-- Type: text/x-patch, Size: 5213 bytes --]

From d648ce07cd4828b4f2a848464a31efd76f00cb7c Mon Sep 17 00:00:00 2001
From: Simon South <simon@simonsouth.net>
Date: Fri, 15 May 2020 11:18:44 -0400
Subject: [PATCH 1/3] gnu: Add luajit-ossl.

* gnu/packages/lua.scm (make-lua-ossl): New function.
(luajit-ossl): New variable.
---
 gnu/packages/lua.scm | 82 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)

diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index 181ce76559..ab86e24bb9 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -11,6 +11,7 @@
 ;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Fis Trivial <ybbs.daans@hotmail.com>
 ;;; Copyright © 2020 Nicolas Goaziou <mail@nicolasgoaziou.fr>
+;;; Copyright © 2020 Simon South <simon@simonsouth.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -38,6 +39,7 @@
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages m4)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages glib)
@@ -292,6 +294,86 @@ directory structure and file attributes.")
 (define-public lua5.2-filesystem
   (make-lua-filesystem "lua5.2-filesystem" lua-5.2))
 
+(define (make-lua-ossl name lua)
+  (package
+    (name name)
+    (version "20190731")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/wahern/luaossl.git")
+                    (commit (string-append "rel-" version))))
+              (sha256
+               (base32
+                "03xmhy90qrby8pbwqdwy2xa7bk5jbpfzzrmpj83klzw7zkyf2k96"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (ice-9 popen)
+                  (ice-9 rdelim))
+       #:make-flags
+       (let ((out (assoc-ref %outputs "out"))
+             (lua-api-version ,(if (eq? lua luajit)
+                                   "5.1"
+                                   (version-major+minor
+                                    (package-version lua)))))
+         (list "CC=gcc"
+               "CFLAGS='-D HAVE_SYS_SYSCTL_H=0'" ; sys/sysctl.h is deprecated
+               (string-append "DESTDIR=" out)
+               (string-append "LUA_APIS=" lua-api-version)
+               "prefix="))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'check)
+         (add-after 'install 'check
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((lua-api-version ,(if (eq? lua luajit)
+                                          "5.1"
+                                          (version-major+minor
+                                           (package-version lua))))
+                    (lua-cpath (lambda (p)
+                                 (string-append p "/lib/lua/" lua-api-version
+                                                "/?.so")))
+                    (lua-path (lambda (p)
+                                (string-append p "/share/lua/" lua-api-version
+                                               "/?.lua")))
+                    (lua-interp (begin
+                                  (setenv "CC" "gcc")
+                                  (read-line
+                                   (open-pipe* OPEN_READ "mk/luapath" "lua"))))
+                    (out (assoc-ref outputs "out")))
+               (setenv "LUA_CPATH" (string-append (lua-cpath out) ";;"))
+               (setenv "LUA_PATH" (string-append (lua-path out) ";;"))
+
+               (with-directory-excursion "regress"
+                 (for-each (lambda (f)
+                             (invoke lua-interp f))
+                           (filter
+                            ;; Omit a test that requires lua-cqueues, as that
+                            ;; requires this package also
+                            (lambda (f)
+                              (not (equal? f "./148-custom-extensions.lua")))
+                            (find-files "." "^[0-9].*\\.lua$")))))
+             #t)))))
+    (inputs
+     `(("lua" ,lua)
+       ;; TODO: Support interpreters other than LuaJIT using luaffifb or a
+       ;; similar FFI-compatibility module
+       ("openssl" ,openssl)))
+    (home-page "https://25thandclement.com/~william/projects/luaossl.html")
+    (synopsis "OpenSSL bindings for Lua")
+    (description "The luaossl extension module for Lua provides comprehensive,
+low-level bindings to the OpenSSL library, including support for certificate and
+key management, key generation, signature verification, and deep bindings to the
+distinguished name, alternative name, and X.509v3 extension interfaces.  It also
+binds OpenSSL's bignum, message digest, HMAC, cipher, and CSPRNG interfaces.")
+    (license license:expat)))
+
+(define-public luajit-ossl
+  (make-lua-ossl "luajit-ossl" luajit))
+
 (define (make-lua-sec name lua)
   (package
     (name name)
-- 
2.26.2


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #3: 0002-gnu-Add-lua-cqueues.patch --]
[-- Type: text/x-patch, Size: 5778 bytes --]

From 0cf2c3b798071048d70c39d9f6697e8137e24251 Mon Sep 17 00:00:00 2001
From: Simon South <simon@simonsouth.net>
Date: Fri, 15 May 2020 18:18:51 -0400
Subject: [PATCH 2/3] gnu: Add lua-cqueues.

* gnu/packages/lua.scm (make-lua-cqueues): New function.
(luajit-cqueues): New variable.
---
 gnu/packages/lua.scm | 106 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 106 insertions(+)

diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index ab86e24bb9..dd14f7dd43 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -422,6 +422,112 @@ secure session between the peers.")
 (define-public lua5.2-sec
   (make-lua-sec "lua5.2-sec" lua-5.2))
 
+(define (make-lua-cqueues name lua lua-ossl)
+  (package
+    (name name)
+    (version "20190813")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/wahern/cqueues.git")
+                    (commit (string-append "rel-" version))))
+              (sha256
+               (base32
+                "0yin39cldhc1l6rr33nj2z8la6rvv0c70g47rkvjb7s0wy760ggz"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (ice-9 string-fun))
+       #:make-flags
+       (let ((lua-api-version ,(if (eq? lua luajit)
+                                   "5.1"
+                                   (version-major+minor (package-version lua)))))
+         (list "CC=gcc"
+               (string-append "LUA_APIS=" lua-api-version)))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'check)
+         (replace 'install
+           (lambda* (#:key make-flags outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (apply invoke "make" "install"
+                      (append make-flags
+                              (list (string-append "DESTDIR=" out)
+                                    "prefix="))))))
+         (add-after 'install 'check
+           (lambda* (#:key inputs make-flags outputs #:allow-other-keys)
+             (let* ((lua-api-version ,(if (eq? lua luajit)
+                                          "5.1"
+                                          (version-major+minor
+                                           (package-version lua))))
+                    (lua-cpath (lambda (p)
+                                 (string-append p "/lib/lua/" lua-api-version
+                                                "/?.so")))
+                    (lua-path (lambda (p)
+                                (string-append p "/share/lua/" lua-api-version
+                                               "/?.lua")))
+                    (env-suffix (if (equal? lua-api-version "5.1")
+                                    ""
+                                    (string-append
+                                     "_"
+                                     (string-replace-substring lua-api-version
+                                                               "." "_"))))
+                    (lua-ossl (assoc-ref inputs "lua-ossl"))
+                    (out (assoc-ref outputs "out")))
+               ;; The test suite sets Lua-version-specific search-path variables
+               ;; when available so we must do the same, as these take
+               ;; precedence over the generic "LUA_CPATH" and "LUA_PATH"
+               (setenv (string-append "LUA_CPATH" env-suffix)
+                       (string-append
+                        (string-join (map lua-cpath (list out lua-ossl)) ";")
+                        ";;"))
+               (setenv (string-append "LUA_PATH" env-suffix)
+                       (string-append
+                        (string-join (map lua-path (list out lua-ossl)) ";")
+                        ";;"))
+
+               ;; Skip regression tests we expect to fail
+               (with-directory-excursion "regress"
+                 (for-each (lambda (f)
+                             (rename-file f (string-append f ".skip")))
+                           (append
+                            ;; Tests that require network connectivity
+                            '("22-client-dtls.lua"
+                              "30-starttls-completion.lua"
+                              "62-noname.lua"
+                              "153-dns-resolvers.lua")
+
+                            ;; Tests that require LuaJIT
+                            (if ,(not (eq? lua luajit))
+                                '("44-resolvers-gc.lua"
+                                  "51-join-defunct-thread.lua")
+                                '())
+
+                            ;; Tests that require Lua 5.3
+                            (if (not (equal? lua-api-version "5.3"))
+                                '("152-thread-integer-passing.lua")
+                                '()))))
+
+               (apply invoke "make" "check" make-flags)))))))
+    (native-inputs
+     `(("m4" ,m4)))
+    (inputs
+     `(("lua" ,lua)
+       ("openssl" ,openssl)))
+    (propagated-inputs
+     `(("lua-ossl" ,lua-ossl)))
+    (home-page "https://25thandclement.com/~william/projects/cqueues.html")
+    (synopsis "Event loop for Lua using continuation queues")
+    (description "The cqueues extension module for Lua implements an event loop
+that operates through the yielding and resumption of coroutines.  It is designed
+to be non-intrusive, composable, and embeddable within existing applications.")
+    (license license:expat)))
+
+(define-public luajit-cqueues
+  (make-lua-cqueues "luajit-cqueues" luajit luajit-ossl))
+
 (define-public lua-penlight
   (package
     (name "lua-penlight")
-- 
2.26.2


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #4: 0003-gnu-knot-resolver-Enable-automatic-reloading-of-poli.patch --]
[-- Type: text/x-patch, Size: 1009 bytes --]

From c8b4d696c96a3dc81e84aa05a24220cbadf90809 Mon Sep 17 00:00:00 2001
From: Simon South <simon@simonsouth.net>
Date: Sat, 16 May 2020 14:35:27 -0400
Subject: [PATCH 3/3] gnu: knot-resolver: Enable automatic reloading of policy
 files.

* gnu/packages/dns.scm (knot-resolver)[inputs]: Add lua5.1-cqueues.
---
 gnu/packages/dns.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 7ff0501ab2..dea24cf7c9 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -723,8 +723,9 @@ synthesis, and on-the-fly re-configuration.")
        ("libuv" ,libuv)
        ("lmdb" ,lmdb)
        ("luajit" ,luajit)
-       ;; TODO: Add optional lua modules: basexx, cqueues and psl.
+       ;; TODO: Add optional lua modules: basexx and psl.
        ("lua-bitop" ,lua5.1-bitop)
+       ("lua-cqueues" ,lua5.1-cqueues)
        ("lua-filesystem" ,lua5.1-filesystem)
        ("lua-sec" ,lua5.1-sec)
        ("lua-socket" ,lua5.1-socket)))
-- 
2.26.2


^ permalink raw reply related	[flat|nested] 11+ messages in thread

* [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues)
  2020-05-17 14:46 [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues) Simon South
                   ` (2 preceding siblings ...)
  2020-05-29 19:36 ` Simon South
@ 2020-06-17 10:02 ` Ludovic Courtès
  2020-06-25 10:26 ` bug#41363: " Ludovic Courtès
  4 siblings, 0 replies; 11+ messages in thread
From: Ludovic Courtès @ 2020-06-17 10:02 UTC (permalink / raw)
  To: Simon South; +Cc: 41363, Julien Lepiller

Hi,

Julien, could you take a look at this patch series?  I figured you
probably know Knot better than I do.

  https://issues.guix.gnu.org/41363

Thanks in advance,
Ludo’.

Simon South <simon@simonsouth.net> skribis:

> This patch series enables the automatic reloading of response-policy
> zone (RPZ) files by Knot Resolver. Specifically these patches
>
> - Add package definitions for the cqueues Lua extension module and the
>   luaossl module on which it relies, and
>
> - Add lua5.1-cqueues as an input to knot-resolver.
>
> With these changes applied, Knot Resolver can be configured with lines
> like
>
>     modules = { 'policy' }
>     policy.add(policy.rpz(policy.DENY, '/etc/dns/blacklist.txt', true))
>
> and it will automatically reload RPZ rules from /etc/dns/blacklist.txt
> whenever that file changes. This makes it easy to use Knot Resolver to
> block unwanted sites using a list of domains downloaded periodically
> from the Internet.
>
> I've tested these changes on x86-64 and aarch64. On x86-64 everything
> works as expected.
>
> On aarch64, the packages build and install fine but Knot Resolver fails
> to load the configuration above with
>
>     policy.lua:430: [poli] lua-cqueues required to watch and reload RPZ file
>
> This is due to a known issue with LuaJIT on aarch64 (see e.g.
> https://github.com/LuaJIT/LuaJIT/pull/230):
>
>     $ ./pre-inst-env guix environment knot-resolver --ad-hoc knot-resolver
>     $ $(head -n 3 `which kresd` | tail -n 2)  # set LUA_PATH, LUA_CPATH
>     $ luajit -e 'require("cqueues")'
>     luajit: bad light userdata pointer
>     stack traceback:
>             [C]: at 0xffffa556a960
>             [C]: in function 'require'
>             ...
>     $
>
> Otherwise (i.e. after changing "true" to "false" in the configuration
> above) Knot Resolver continues to work as it did before, so I expect
> existing users will not be affected.
>
> I'll work on diagnosing the upstream bug but thought I'd submit these
> patches in the meantime.
>
> --
> Simon South
> simon@simonsouth.net




^ permalink raw reply	[flat|nested] 11+ messages in thread

* bug#41363: knot-resolver: Enable reloading of policy files (add lua-cqueues)
  2020-05-17 14:46 [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues) Simon South
                   ` (3 preceding siblings ...)
  2020-06-17 10:02 ` Ludovic Courtès
@ 2020-06-25 10:26 ` Ludovic Courtès
  2020-06-25 14:18   ` [bug#41363] " Simon South
  4 siblings, 1 reply; 11+ messages in thread
From: Ludovic Courtès @ 2020-06-25 10:26 UTC (permalink / raw)
  To: Simon South; +Cc: 41363-done

Hi Simon,

Simon South <simon@simonsouth.net> skribis:

> This patch series enables the automatic reloading of response-policy
> zone (RPZ) files by Knot Resolver. Specifically these patches
>
> - Add package definitions for the cqueues Lua extension module and the
>   luaossl module on which it relies, and
>
> - Add lua5.1-cqueues as an input to knot-resolver.
>
> With these changes applied, Knot Resolver can be configured with lines
> like
>
>     modules = { 'policy' }
>     policy.add(policy.rpz(policy.DENY, '/etc/dns/blacklist.txt', true))
>
> and it will automatically reload RPZ rules from /etc/dns/blacklist.txt
> whenever that file changes. This makes it easy to use Knot Resolver to
> block unwanted sites using a list of domains downloaded periodically
> from the Internet.
>
> I've tested these changes on x86-64 and aarch64. On x86-64 everything
> works as expected.

I went ahead and applied this patch series (builds fine on x86_64).

> On aarch64, the packages build and install fine but Knot Resolver fails
> to load the configuration above with
>
>     policy.lua:430: [poli] lua-cqueues required to watch and reload RPZ file
>
> This is due to a known issue with LuaJIT on aarch64 (see e.g.
> https://github.com/LuaJIT/LuaJIT/pull/230):
>
>     $ ./pre-inst-env guix environment knot-resolver --ad-hoc knot-resolver
>     $ $(head -n 3 `which kresd` | tail -n 2)  # set LUA_PATH, LUA_CPATH
>     $ luajit -e 'require("cqueues")'
>     luajit: bad light userdata pointer
>     stack traceback:
>             [C]: at 0xffffa556a960
>             [C]: in function 'require'
>             ...
>     $
>
> Otherwise (i.e. after changing "true" to "false" in the configuration
> above) Knot Resolver continues to work as it did before, so I expect
> existing users will not be affected.
>
> I'll work on diagnosing the upstream bug but thought I'd submit these
> patches in the meantime.

Should we disable the Lua dependency on AArch64?

Thank you, and apologies for the delay!

Ludo’.




^ permalink raw reply	[flat|nested] 11+ messages in thread

* [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues)
  2020-06-25 10:26 ` bug#41363: " Ludovic Courtès
@ 2020-06-25 14:18   ` Simon South
  2020-06-25 21:06     ` Ludovic Courtès
  0 siblings, 1 reply; 11+ messages in thread
From: Simon South @ 2020-06-25 14:18 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 41363-done

Ludovic Courtès <ludo@gnu.org> writes:
> Should we disable the Lua dependency on AArch64?

I'd leave it as-is (despite the confusing error message), since you can
work around the issue on AArch64 with a rebuilt kernel configured to use
39-bit virtual addresses rather than the default 48.

Plus I'm most of the way towards updated patches that use more recent
versions of cqueues and luaossl, which avoids the problem
altogether. This is still on my to-do list though not a priority at the
moment.

-- 
Simon South
simon@simonsouth.net




^ permalink raw reply	[flat|nested] 11+ messages in thread

* [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues)
  2020-06-25 14:18   ` [bug#41363] " Simon South
@ 2020-06-25 21:06     ` Ludovic Courtès
  0 siblings, 0 replies; 11+ messages in thread
From: Ludovic Courtès @ 2020-06-25 21:06 UTC (permalink / raw)
  To: Simon South; +Cc: 41363-done

Simon South <simon@simonsouth.net> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:
>> Should we disable the Lua dependency on AArch64?
>
> I'd leave it as-is (despite the confusing error message), since you can
> work around the issue on AArch64 with a rebuilt kernel configured to use
> 39-bit virtual addresses rather than the default 48.
>
> Plus I'm most of the way towards updated patches that use more recent
> versions of cqueues and luaossl, which avoids the problem
> altogether. This is still on my to-do list though not a priority at the
> moment.

OK, sounds good!

Thanks,
Ludo’.




^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2020-06-25 21:07 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-05-17 14:46 [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues) Simon South
2020-05-17 16:09 ` [bug#41363] [PATCH 1/3] gnu: Add lua-ossl Simon South
2020-05-17 16:09   ` [bug#41363] [PATCH 2/3] gnu: Add lua-cqueues Simon South
2020-05-17 16:09   ` [bug#41363] [PATCH 3/3] gnu: knot-resolver: Enable automatic reloading of policy files Simon South
2020-05-18 12:32   ` [bug#41363] [PATCH 1/3] gnu: Add lua-ossl Simon South
2020-05-19 10:25 ` [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues) Simon South
2020-05-29 19:36 ` Simon South
2020-06-17 10:02 ` Ludovic Courtès
2020-06-25 10:26 ` bug#41363: " Ludovic Courtès
2020-06-25 14:18   ` [bug#41363] " Simon South
2020-06-25 21:06     ` Ludovic Courtès

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.