diff --git a/net/pdns/Makefile b/net/pdns/Makefile index 2f8685db1..7b8075a7a 100644 --- a/net/pdns/Makefile +++ b/net/pdns/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pdns -PKG_VERSION:=4.1.13 +PKG_VERSION:=4.2.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/ -PKG_HASH:=e7ea9c628a03652d2ca9e048525d44ac5628a9fede45e510ff9ba756ae2f5f25 +PKG_HASH:=222007f25e25aad71ac7d8b7f1797a4bcb30781e456d74ed00396e53828a903a PKG_MAINTAINER:=James Taylor PKG_LICENCE:=GPL-2.0-only @@ -64,7 +64,7 @@ endef define Package/pdns-tools $(call Package/pdns/Default) TITLE:=Tools for DNS debugging by PowerDNS - DEPENDS+=+boost +boost-program_options +libopenssl +p11-kit +protobuf + DEPENDS+=+boost +boost-program_options +libcurl +libmbedtls +libopenssl +p11-kit +protobuf endef define Package/pdns-tools/description @@ -88,9 +88,26 @@ define Package/pdns-tools/description * saxfr: AXFR zones and show extra information endef +define Package/pdns-ixfrdist + $(call Package/pdns/Default) + TITLE:=Redistribute zones via AXFR and IXFR + DEPENDS+=+boost +boost-program_options +libopenssl +libyaml-cpp +p11-kit +protobuf +endef + +define Package/pdns-ixfrdist/description + PowerDNS is a versatile nameserver which supports a large number + of different backends ranging from simple zonefiles to relational + databases and load balancing/failover algorithms. + PowerDNS tries to emphasize speed and security. + + This package contains the ixfrdist tool that can redistribute multiple versions + of zones over AXFR and IXFR. This tool does not require any part of the + PowerDNS server components to work. +endef + define Package/pdns $(call Package/pdns/Default) - DEPENDS+=+boost +boost-program_options +liblua +libopenssl +libsodium +libsqlite3 +p11-kit + DEPENDS+=+boost +boost-program_options +libcurl +liblua +libopenssl +libsqlite3 +p11-kit endef define Package/pdns/config @@ -137,12 +154,14 @@ define DefinePdnsBackend endef endef +$(eval $(call DefinePdnsBackend,geoip,,libmaxminddb libyaml-cpp,,GeoIP)) $(eval $(call DefinePdnsBackend,mysql,,libmysqlclient,gmysql,MySQL)) $(eval $(call DefinePdnsBackend,odbc,,unixodbc,godbc,ODBC)) $(eval $(call DefinePdnsBackend,pgsql,,libpq,gpgsql,PostgreSQL)) $(eval $(call DefinePdnsBackend,sqlite3,,libsqlite3,gsqlite3,SQLite 3)) $(eval $(call DefinePdnsBackend,ldap,,libopenldap krb5-libs,,OpenLDAP)) $(eval $(call DefinePdnsBackend,lua,,lua liblua,,Lua)) +$(eval $(call DefinePdnsBackend,lua2,,lua liblua,,Lua2)) $(eval $(call DefinePdnsBackend,mydns,,libmysqlclient,,MyDNS)) $(eval $(call DefinePdnsBackend,pipe,,,,Pipe)) $(eval $(call DefinePdnsBackend,remote,,,,Remote)) @@ -161,8 +180,10 @@ CONFIGURE_ARGS+= \ --with-mysql-includes=$(STAGING_DIR)/usr \ $(if $(CONFIG_PACKAGE_pdns-tools),--enable-tools,) \ --with-protobuf \ - --enable-libsodium \ - --enable-experimental-pkcs11 + --without-libsodium \ + --enable-experimental-pkcs11 \ + --enable-lua-records \ + $(if $(CONFIG_PACKAGE_pdns-ixfrdist),--enable-ixfrdist,) define Package/pdns/install $(INSTALL_DIR) $(1)/etc/powerdns @@ -183,24 +204,33 @@ define Package/pdns/Default/install $(CP) $(PKG_INSTALL_DIR)/usr/lib/powerdns/pdns/lib$(PDNS_BACKEND_$(2)_LIB)backend.so $(1)/usr/lib/powerdns/pdns/ endef +define Package/pdns-ixfrdist/install + $(INSTALL_DIR) $(1)/etc/powerdns + $(CP) $(PKG_INSTALL_DIR)/etc/powerdns/ixfrdist.example.yml $(1)/etc/powerdns/ + $(INSTALL_DIR) $(1)/usr/bin + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ixfrdist $(1)/usr/bin/ +endef + define Package/pdns-tools/install $(INSTALL_DIR) $(1)/usr/bin - $(CP) $(PKG_INSTALL_DIR)/usr/bin/calidns $(1)/usr/bin/ - $(CP) $(PKG_INSTALL_DIR)/usr/bin/dnsbulktest $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/zone2ldap $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/bin/dnsgram $(1)/usr/bin/ - $(CP) $(PKG_INSTALL_DIR)/usr/bin/dnspcap2protobuf $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/bin/dnsreplay $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/bin/dnsscan $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/bin/dnsscope $(1)/usr/bin/ - $(CP) $(PKG_INSTALL_DIR)/usr/bin/dnstcpbench $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/bin/dnswasher $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/bin/dumresp $(1)/usr/bin/ - $(CP) $(PKG_INSTALL_DIR)/usr/bin/ixplore $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/pdns_notify $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/bin/nproxy $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/bin/nsec3dig $(1)/usr/bin/ - $(CP) $(PKG_INSTALL_DIR)/usr/bin/pdns_notify $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/bin/saxfr $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/stubquery $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ixplore $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/bin/sdig $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/calidns $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/dnsbulktest $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/dnstcpbench $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/dnspcap2protobuf $(1)/usr/bin/ endef define BuildPdnsBackend @@ -214,3 +244,4 @@ endef $(foreach backend,$(PDNS_BACKENDS),$(eval $(call BuildPdnsBackend,$(backend)))) $(eval $(call BuildPackage,pdns)) $(eval $(call BuildPackage,pdns-tools)) +$(eval $(call BuildPackage,pdns-ixfrdist)) diff --git a/net/pdns/files/pdns.conf-dist b/net/pdns/files/pdns.conf-dist index 96e09a550..84b75d3da 100644 --- a/net/pdns/files/pdns.conf-dist +++ b/net/pdns/files/pdns.conf-dist @@ -49,16 +49,6 @@ # # api-key= -################################# -# api-logfile Location of the server logfile (used by the REST API) -# -# api-logfile=/var/log/pdns.log - -################################# -# api-readonly Disallow data modification through the REST API when set -# -# api-readonly=no - ################################# # axfr-lower-serial Also AXFR a zone from a master with a lower serial # @@ -69,11 +59,21 @@ # # cache-ttl=20 +################################# +# carbon-instance If set overwrites the the instance name default +# +# carbon-instance=auth + ################################# # carbon-interval Number of seconds between carbon (graphite) updates # # carbon-interval=30 +################################# +# carbon-namespace If set overwrites the first part of the carbon string +# +# carbon-namespace=pdns + ################################# # carbon-ourname If set, overrides our reported hostname for carbon stats # @@ -109,6 +109,11 @@ # # daemon=no +################################# +# default-api-rectify Default API-RECTIFY value for zones +# +# default-api-rectify=yes + ################################# # default-ksk-algorithm Default KSK algorithm # @@ -155,7 +160,7 @@ # default-zsk-size=0 ################################# -# direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis +# direct-dnskey Fetch DNSKEY, CDS and CDNSKEY RRs from backend during DNSKEY or CDS/CDNSKEY synthesis # # direct-dnskey=no @@ -174,11 +179,6 @@ # # disable-syslog=no -################################# -# disable-tcp Do not listen to TCP queries -# -# disable-tcp=no - ################################# # distributor-threads Default number of Distributor (backend) threads to start # @@ -214,6 +214,11 @@ # # edns-subnet-processing=no +################################# +# enable-lua-records Process LUA records for all zones (metadata overrides this) +# +# enable-lua-records=no + ################################# # entropy-source If set, read entropy from this file # @@ -319,6 +324,11 @@ # # lua-prequery-script= +################################# +# lua-records-exec-limit LUA records scripts execution limit (instructions count). Values <= 0 mean no limit +# +# lua-records-exec-limit=1000 + ################################# # master Act as a master # @@ -399,11 +409,6 @@ # # only-notify=0.0.0.0/0,::/0 -################################# -# out-of-zone-additional-processing Do out of zone additional processing -# -# out-of-zone-additional-processing=yes - ################################# # outgoing-axfr-expand-alias Expand ALIAS records during outgoing AXFR # @@ -464,11 +469,21 @@ # # reuseport=no +################################# +# rng Specify the random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom. +# +# rng=auto + ################################# # security-poll-suffix Domain name from which to query security update notifications # # security-poll-suffix=secpoll.powerdns.com. +################################# +# send-signed-notify Send TSIG secured NOTIFY if TSIG key is configured for a domain +# +# send-signed-notify=yes + ################################# # server-id Returned when queried for 'id.server' TXT or NSID, defaults to hostname - disabled or custom # @@ -532,7 +547,7 @@ ################################# # superslave Act as a superslave # -# superslave=yes +# superslave=no ################################# # tcp-control-address If set, PowerDNS can be controlled over TCP on this address @@ -577,7 +592,7 @@ ################################# # udp-truncation-threshold Maximum UDP response size before we truncate # -# udp-truncation-threshold=1680 +# udp-truncation-threshold=1232 ################################# # version-string PowerDNS version in packets - full, anonymous, powerdns or custom @@ -599,6 +614,16 @@ # # webserver-allow-from=127.0.0.1,::1 +################################# +# webserver-loglevel Amount of logging in the webserver (none, normal, detailed) +# +# webserver-loglevel=normal + +################################# +# webserver-max-bodysize Webserver/API maximum request/response body size in megabytes +# +# webserver-max-bodysize=2 + ################################# # webserver-password Password required for accessing the webserver # diff --git a/net/pdns/patches/100-lua-hpp.patch b/net/pdns/patches/100-lua-hpp.patch deleted file mode 100644 index fa8ac1dad..000000000 --- a/net/pdns/patches/100-lua-hpp.patch +++ /dev/null @@ -1,60 +0,0 @@ ---- a/pdns/Makefile.am -+++ b/pdns/Makefile.am -@@ -54,7 +54,8 @@ - bindparser.h \ - named.conf.parsertest \ - delaypipe.hh delaypipe.cc \ -- pdns.service.in -+ pdns.service.in \ -+ lua_hpp.mk - - BUILT_SOURCES = \ - bind-dnssec.schema.sqlite3.sql.h \ -@@ -109,6 +108,12 @@ - - endif - -+if !HAVE_LUA_HPP -+BUILT_SOURCES += lua.hpp -+nodist_pdns_server_SOURCES = lua.hpp -+CLEANFILES += lua.hpp -+endif -+ - EXTRA_PROGRAMS = \ - calidns \ - comfun \ -@@ -1303,3 +1305,7 @@ - pdns.service \ - pdns@.service - endif -+ -+if !HAVE_LUA_HPP -+include lua_hpp.mk -+endif ---- /dev/null -+++ b/pdns/lua_hpp.mk -@@ -0,0 +1,6 @@ -+lua.hpp: -+ $(AM_V_GEN)echo 'extern "C" {' > $@ -+ @echo '#include "lua.h"' >> $@ -+ @echo '#include "lualib.h"' >> $@ -+ @echo '#include "lauxlib.h"' >> $@ -+ @echo '}' >> $@ ---- a/modules/luabackend/Makefile.am -+++ b/modules/luabackend/Makefile.am -@@ -15,5 +15,15 @@ - slave.cc \ - supermaster.cc - -+if !HAVE_LUA_HPP -+BUILT_SOURCES = lua.hpp -+nodist_libluabackend_la_SOURCES = lua.hpp -+CLEANFILES = lua.hpp -+endif -+ - libluabackend_la_LDFLAGS = -module -avoid-version - libluabackend_la_LIBADD = $(LUA_LIBS) -+ -+if !HAVE_LUA_HPP -+include ../../pdns/lua_hpp.mk -+endif diff --git a/net/pdns/patches/200-pdns-disable-pdns.conf-dist.patch b/net/pdns/patches/100-pdns-disable-pdns.conf-dist.patch similarity index 75% rename from net/pdns/patches/200-pdns-disable-pdns.conf-dist.patch rename to net/pdns/patches/100-pdns-disable-pdns.conf-dist.patch index 015efd7d7..bb9af15f5 100644 --- a/net/pdns/patches/200-pdns-disable-pdns.conf-dist.patch +++ b/net/pdns/patches/100-pdns-disable-pdns.conf-dist.patch @@ -1,22 +1,31 @@ --- a/pdns/Makefile.am +++ b/pdns/Makefile.am -@@ -68,11 +68,9 @@ +@@ -69,11 +69,9 @@ backends/gsql/gsqlbackend.gcda \ backends/gsql/gsqlbackend.gcno \ backends/gsql/gsqlbackend.gcov \ - dnsmessage.pb.cc dnsmessage.pb.h \ - pdns.conf-dist + dnsmessage.pb.cc dnsmessage.pb.h - + noinst_SCRIPTS = pdns.init -sysconf_DATA = pdns.conf-dist - + sbin_PROGRAMS = pdns_server bin_PROGRAMS = \ -@@ -1124,9 +1122,6 @@ +@@ -113,7 +111,7 @@ + bin_PROGRAMS += \ + ixfrdist + +-sysconf_DATA += \ ++sysconf_DATA = \ + ixfrdist.example.yml endif + +@@ -1256,9 +1254,6 @@ endif - + endif + -pdns.conf-dist: pdns_server - $(AM_V_GEN)./pdns_server --no-config --config 2>/dev/null > $@ - diff --git a/net/pdns/patches/300-libatomic-detect.patch b/net/pdns/patches/300-libatomic-detect.patch deleted file mode 100644 index 29881cc4f..000000000 --- a/net/pdns/patches/300-libatomic-detect.patch +++ /dev/null @@ -1,34 +0,0 @@ ---- a/m4/pdns_check_os.m4 -+++ b/m4/pdns_check_os.m4 -@@ -35,16 +35,21 @@ - AM_CONDITIONAL([HAVE_LINUX], [test "x$have_linux" = "xyes"]) - AM_CONDITIONAL([HAVE_SOLARIS], [test "x$have_solaris" = "xyes"]) - -- case "$host" in -- mips* | powerpc-* ) -- AC_MSG_CHECKING([whether the linker accepts -latomic]) -- LDFLAGS="-latomic $LDFLAGS" -- AC_LINK_IFELSE([m4_default([],[AC_LANG_PROGRAM()])], -- [AC_MSG_RESULT([yes])], -- [AC_MSG_ERROR([Unable to link against libatomic, cannot continue])] -- ) -- ;; -- esac -+ AC_MSG_CHECKING([whether -latomic is needed for __atomic builtins]) -+ AC_LINK_IFELSE( -+ [AC_LANG_PROGRAM([[#include ]], -+ [[uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);]] -+ )], -+ [AC_MSG_RESULT([no])], -+ [LIBS="$LIBS -latomic" -+ AC_LINK_IFELSE( -+ [AC_LANG_PROGRAM([[#include ]], -+ [[uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);]] -+ )], -+ [AC_MSG_RESULT([yes])], -+ [AC_MSG_FAILURE([libatomic needed, but linking with -latomic failed, cannot continue])] -+ )] -+ ) - - AC_SUBST(THREADFLAGS) - AC_SUBST([DYNLINKFLAGS], [-export-dynamic]) diff --git a/net/pdns/patches/400-gen-version.patch b/net/pdns/patches/400-gen-version.patch deleted file mode 100644 index 52d138f4b..000000000 --- a/net/pdns/patches/400-gen-version.patch +++ /dev/null @@ -1,43 +0,0 @@ ---- a/build-aux/gen-version -+++ b/build-aux/gen-version -@@ -1,39 +1,4 @@ - #!/bin/sh --VERSION="unknown" -- --DIRTY="" --git status | grep -q clean || DIRTY='.dirty' -- --# Special environment variable to signal that we are building a release, as this --# has consequences for the version number. --if [ "${IS_RELEASE}" = "YES" ]; then -- TAG="$(git describe --tags --exact-match 2> /dev/null | cut -d- -f 2-)" -- if [ -n "${TAG}" ]; then -- # We're on a tag -- echo "${TAG}${DIRTY}" > .version -- printf "${TAG}${DIRTY}" -- exit 0 -- fi -- echo 'This is not a tag, either tag this commit or do not set $IS_RELEASE' >&2 -- exit 1 --fi -- --# --# Generate the version number based on the branch --# --if [ ! -z "$(git rev-parse --abbrev-ref HEAD 2> /dev/null)" ]; then -- if $(git rev-parse --abbrev-ref HEAD | grep -q 'rel/'); then -- REL_TYPE="$(git rev-parse --abbrev-ref HEAD | cut -d/ -f 2 | cut -d- -f 1)" -- VERSION="$(git describe --match=${REL_TYPE}-* --tags --dirty=.dirty | cut -d- -f 2-)" -- else -- GIT_VERSION=$(git show --no-patch --format=format:%h HEAD) -- BRANCH=".$(git rev-parse --abbrev-ref HEAD | perl -p -e 's/[^[:alnum:]]//g;')" -- [ "${BRANCH}" = ".master" ] && BRANCH='' -- VERSION="0.0${BRANCH}.${PDNS_BUILD_NUMBER}g${GIT_VERSION}${DIRTY}" -- fi -- echo "$VERSION" > .version --elif [ -f .version ]; then -- VERSION="$(cat .version)" --fi -+VERSION="$(cat .version)" - - printf $VERSION diff --git a/net/pdns/patches/500-fix-uclibc-pretending-to-be-glibc.patch b/net/pdns/patches/500-fix-uclibc-pretending-to-be-glibc.patch deleted file mode 100644 index f3d10208e..000000000 --- a/net/pdns/patches/500-fix-uclibc-pretending-to-be-glibc.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 7ac0df2a59ddd6e92ede2bca590ec0c76eb67559 Mon Sep 17 00:00:00 2001 -From: James Taylor -Date: Tue, 25 Jun 2019 19:33:04 +1000 -Subject: [PATCH] auth: make sure we really are using glibc - -Make sure we're using glibc and not uclibc pretending to be glibc ---- - pdns/receiver.cc | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/pdns/receiver.cc b/pdns/receiver.cc -index e6686787b3..209db7af89 100644 ---- a/pdns/receiver.cc -+++ b/pdns/receiver.cc -@@ -354,7 +354,7 @@ static int guardian(int argc, char **argv) - } - } - --#ifdef __GLIBC__ -+#if defined(__GLIBC__) && !defined(__UCLIBC__) - #include - static void tbhandler(int num) - { -@@ -386,7 +386,7 @@ int main(int argc, char **argv) - s_programname="pdns"; - s_starttime=time(0); - --#ifdef __GLIBC__ -+#if defined(__GLIBC__) && !defined(__UCLIBC__) - signal(SIGSEGV,tbhandler); - signal(SIGFPE,tbhandler); - signal(SIGABRT,tbhandler); -@@ -450,7 +450,7 @@ int main(int argc, char **argv) - - // we really need to do work - either standalone or as an instance - --#ifdef __GLIBC__ -+#if defined(__GLIBC__) && !defined(__UCLIBC__) - if(!::arg().mustDo("traceback-handler")) { - g_log<