all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues)
@ 2020-05-17 14:46 Simon South
  2020-05-17 16:09 ` [bug#41363] [PATCH 1/3] gnu: Add lua-ossl Simon South
                   ` (4 more replies)
  0 siblings, 5 replies; 11+ messages in thread
From: Simon South @ 2020-05-17 14:46 UTC (permalink / raw)
  To: 41363

This patch series enables the automatic reloading of response-policy
zone (RPZ) files by Knot Resolver. Specifically these patches

- Add package definitions for the cqueues Lua extension module and the
  luaossl module on which it relies, and

- Add lua5.1-cqueues as an input to knot-resolver.

With these changes applied, Knot Resolver can be configured with lines
like

    modules = { 'policy' }
    policy.add(policy.rpz(policy.DENY, '/etc/dns/blacklist.txt', true))

and it will automatically reload RPZ rules from /etc/dns/blacklist.txt
whenever that file changes. This makes it easy to use Knot Resolver to
block unwanted sites using a list of domains downloaded periodically
from the Internet.

I've tested these changes on x86-64 and aarch64. On x86-64 everything
works as expected.

On aarch64, the packages build and install fine but Knot Resolver fails
to load the configuration above with

    policy.lua:430: [poli] lua-cqueues required to watch and reload RPZ file

This is due to a known issue with LuaJIT on aarch64 (see e.g.
https://github.com/LuaJIT/LuaJIT/pull/230):

    $ ./pre-inst-env guix environment knot-resolver --ad-hoc knot-resolver
    $ $(head -n 3 `which kresd` | tail -n 2)  # set LUA_PATH, LUA_CPATH
    $ luajit -e 'require("cqueues")'
    luajit: bad light userdata pointer
    stack traceback:
            [C]: at 0xffffa556a960
            [C]: in function 'require'
            ...
    $

Otherwise (i.e. after changing "true" to "false" in the configuration
above) Knot Resolver continues to work as it did before, so I expect
existing users will not be affected.

I'll work on diagnosing the upstream bug but thought I'd submit these
patches in the meantime.

--
Simon South
simon@simonsouth.net




^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2020-06-25 21:07 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-05-17 14:46 [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues) Simon South
2020-05-17 16:09 ` [bug#41363] [PATCH 1/3] gnu: Add lua-ossl Simon South
2020-05-17 16:09   ` [bug#41363] [PATCH 2/3] gnu: Add lua-cqueues Simon South
2020-05-17 16:09   ` [bug#41363] [PATCH 3/3] gnu: knot-resolver: Enable automatic reloading of policy files Simon South
2020-05-18 12:32   ` [bug#41363] [PATCH 1/3] gnu: Add lua-ossl Simon South
2020-05-19 10:25 ` [bug#41363] knot-resolver: Enable reloading of policy files (add lua-cqueues) Simon South
2020-05-29 19:36 ` Simon South
2020-06-17 10:02 ` Ludovic Courtès
2020-06-25 10:26 ` bug#41363: " Ludovic Courtès
2020-06-25 14:18   ` [bug#41363] " Simon South
2020-06-25 21:06     ` Ludovic Courtès

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.