LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

unbound: refactor build options to select switches 

The two unique packages "Unbound light" and "Unbound heavy"
were not working well due to the fact that Unbound is mostly
its library. Tools and helpers would crash. Instead a reasonable
default Unbound is built. Also up select options like python
are added. libevent and libpthreads are options to down select.

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
lilik-openwrt-22.03
Eric Luehrsen 4 years ago
parent
e2fe9bda3d
commit
8e0b2d344e
4 changed files with 85 additions and 76 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -2
      net/libreswan/Makefile
  2. +62
    -73
      net/unbound/Makefile
  3. +5
    -0
      net/unbound/files/README.md
  4. +16
    -1
      net/unbound/files/unbound.sh

+ 2
- 2
net/libreswan/Makefile View File

@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=libreswan PKG_NAME:=libreswan
PKG_VERSION:=3.32 PKG_VERSION:=3.32
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://download.libreswan.org/ PKG_SOURCE_URL:=https://download.libreswan.org/
@ -45,7 +45,7 @@ $(call Package/libreswan/Default)
+kmod-crypto-aead +kmod-crypto-authenc +kmod-crypto-gcm \ +kmod-crypto-aead +kmod-crypto-authenc +kmod-crypto-gcm \
+kmod-crypto-hash +kmod-crypto-rng +kmod-ip-vti +kmod-ipsec \ +kmod-crypto-hash +kmod-crypto-rng +kmod-ip-vti +kmod-ipsec \
+kmod-ipsec4 +kmod-ipt-ipsec +libevent2 +libevent2-pthreads \ +kmod-ipsec4 +kmod-ipt-ipsec +libevent2 +libevent2-pthreads \
+libldns +librt +libunbound-heavy +nss-utils +nspr +libcap-ng
+libldns +librt +libunbound +nss-utils +nspr +libcap-ng
PROVIDES:=openswan PROVIDES:=openswan
CONFLICTS:=strongswan CONFLICTS:=strongswan
TITLE+= IPsec Server TITLE+= IPsec Server


+ 62
- 73
net/unbound/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=unbound PKG_NAME:=unbound
PKG_VERSION:=1.10.1 PKG_VERSION:=1.10.1
PKG_RELEASE:=3
PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound
@ -24,6 +24,13 @@ PKG_BUILD_PARALLEL:=1
PKG_FIXUP:=autoreconf PKG_FIXUP:=autoreconf
PKG_INSTALL:=1 PKG_INSTALL:=1
PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_libunbound_dnscrypt \
CONFIG_PACKAGE_libunbound_ipset \
CONFIG_PACKAGE_libunbound_libevent \
CONFIG_PACKAGE_libunbound_libpthread \
CONFIG_PACKAGE_libunbound_pythonmodule \
CONFIG_PACKAGE_libunbound_subnet
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
define Package/unbound/Default define Package/unbound/Default
@ -38,63 +45,34 @@ endef
define Package/unbound-daemon define Package/unbound-daemon
$(call Package/unbound/Default) $(call Package/unbound/Default)
TITLE+= (daemon, light traffic)
DEPENDS+= +libunbound-light
VARIANT:=light
TITLE+= (daemon)
DEPENDS+= +libunbound
endef endef
define Package/unbound-daemon/description define Package/unbound-daemon/description
This package contains the Unbound daemon with basic includes
necessary to meet the needs of UCI/LuCI configuration optoins.
This package contains the Unbound daemon including 'libevent', 'libmnl', and
'libpthread' to better handle large networks with heavy query loads. Options
are available under libraries/network/libunbound to custom trim Unbound for
smaller targets.
endef endef
define Package/unbound-daemon-heavy
$(call Package/unbound/Default)
TITLE+= (daemon, heavy traffic)
URL:=https://nlnetlabs.nl/documentation/unbound/howto-optimise
DEPENDS+= +libunbound-heavy +libpthread +libevent2 +libevent2-pthreads +libmnl
VARIANT:=heavy
PROVIDES:=unbound-daemon
endef
define Package/unbound-daemon-heavy/description
This package contains the Unbound daemon including 'libevent' and
'libpthread' to better handle large networks with heavy query loads.
It also offers ipset support.
endef
define Package/libunbound-light
define Package/libunbound
$(call Package/unbound/Default) $(call Package/unbound/Default)
SECTION:=libs SECTION:=libs
CATEGORY:=Libraries CATEGORY:=Libraries
SUBMENU:=Networking SUBMENU:=Networking
TITLE+= (library, light traffic)
VARIANT:=light
PROVIDES:=libunbound
DEFAULT_VARIANT:=1
TITLE+= (library)
DEPENDS+=+PACKAGE_libunbound_dnscrypt:libsodium \
+PACKAGE_libunbound_ipset:libmnl \
+PACKAGE_libunbound_libevent:libevent2 \
+PACKAGE_libunbound_libpthread:libpthread \
+PACKAGE_libunbound_pythonmodule:python3-base
endef endef
define Package/libunbound-light/description
This package contains the Unbound shared library with basic includes
necessary to meet the needs of UCI/LuCI configuration options.
endef
define Package/libunbound-heavy
$(call Package/unbound/Default)
SECTION:=libs
CATEGORY:=Libraries
SUBMENU:=Networking
TITLE+= (library, heavy traffic)
URL:=https://nlnetlabs.nl/documentation/unbound/howto-optimise
DEPENDS+= +libpthread +libevent2 +libevent2-pthreads +libmnl
VARIANT:=heavy
PROVIDES:=libunbound
endef
define Package/libunbound-heavy/description
This package contains the Unbound shared library including 'libevent' and
'libpthread' to better handle large networks with heavy query loads. It
also offers ipset support.
define Package/libunbound/description
This package contains the Unbound library including 'libevent', 'libmnl', and
'libpthread' to better handle large networks with heavy query loads. Options
are available to custom trim Unbound for smaller targets.
endef endef
define Package/unbound-anchor define Package/unbound-anchor
@ -147,6 +125,29 @@ define Package/unbound-host/description
This package contains the Unbound DNS lookup utility. This package contains the Unbound DNS lookup utility.
endef endef
define Package/libunbound/config
if PACKAGE_libunbound
config PACKAGE_libunbound_dnscrypt
bool "Build with DNSCRYPT support."
default n
config PACKAGE_libunbound_ipset
bool "Build with IPSET (libmnl) support."
default y
config PACKAGE_libunbound_libevent
bool "Build with expanded network resource (libevent) support."
default y
config PACKAGE_libunbound_libpthread
bool "Build with POSIX threading (libpthread) support."
default y
config PACKAGE_libunbound_pythonmodule
bool "Build with PYTHON module for prototyping and data analysis."
default n
config PACKAGE_libunbound_subnet
bool "Build with SUBNET cache module support."
default n
endif
endef
CONFIGURE_ARGS += \ CONFIGURE_ARGS += \
--disable-dsa \ --disable-dsa \
--disable-gost \ --disable-gost \
@ -159,21 +160,17 @@ CONFIGURE_ARGS += \
--with-user=unbound \ --with-user=unbound \
--with-run-dir=/var/lib/unbound \ --with-run-dir=/var/lib/unbound \
--with-conf-file=/var/lib/unbound/unbound.conf \ --with-conf-file=/var/lib/unbound/unbound.conf \
--with-pidfile=/var/run/unbound.pid
ifeq ($(BUILD_VARIANT),heavy)
CONFIGURE_ARGS += \
--enable-ipset \
--with-pthreads \
--with-libevent="$(STAGING_DIR)/usr" \
--with-libmnl="$(STAGING_DIR)/usr" \
--enable-event-api
else
CONFIGURE_ARGS += \
--without-pthreads \
--without-solaris-threads \
--without-libevent
endif
--with-pidfile=/var/run/unbound.pid \
$(if $(CONFIG_PACKAGE_libunbound_dnscrypt), \
--enable-dnscrypt --with-libsodium="$(STAGING_DIR)/usr",) \
$(if $(CONFIG_PACKAGE_libunbound_ipset), \
--enable-ipset --with-libmnl="$(STAGING_DIR)/usr",) \
$(if $(CONFIG_PACKAGE_libunbound_libevent), \
--enable-event-api --with-libevent="$(STAGING_DIR)/usr",--without-libevent) \
$(if $(CONFIG_PACKAGE_libunbound_libpthread), \
--with-pthreads,--without-pthreads --without-solaris-threads) \
$(if $(CONFIG_PACKAGE_libunbound_python),--with-pythonmodule,) \
$(if $(CONFIG_PACKAGE_libunbound_subnet),--enable-subnet,) \
define Package/unbound-daemon/conffiles define Package/unbound-daemon/conffiles
/etc/config/unbound /etc/config/unbound
@ -182,14 +179,12 @@ define Package/unbound-daemon/conffiles
/etc/unbound/unbound_srv.conf /etc/unbound/unbound_srv.conf
endef endef
Package/unbound-daemon-heavy/conffiles = $(Package/unbound-daemon/conffiles)
define Build/InstallDev define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/lib $(INSTALL_DIR) $(1)/usr/lib
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libunbound.{so*,a,la} $(1)/usr/lib/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libunbound.{so*,a,la} $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/include $(INSTALL_DIR) $(1)/usr/include
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/unbound.h $(1)/usr/include/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/unbound.h $(1)/usr/include/
ifeq ($(BUILD_VARIANT),heavy)
ifneq ($(CONFIG_PACKAGE_libunbound_libevent),)
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/unbound-event.h $(1)/usr/include/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/unbound-event.h $(1)/usr/include/
endif endif
endef endef
@ -221,15 +216,11 @@ define Package/unbound-daemon/install
$(INSTALL_DATA) ./files/unbound.sh $(1)/usr/lib/unbound/unbound.sh $(INSTALL_DATA) ./files/unbound.sh $(1)/usr/lib/unbound/unbound.sh
endef endef
Package/unbound-daemon-heavy/install = $(Package/unbound-daemon/install)
define Package/libunbound-light/install
define Package/libunbound/install
$(INSTALL_DIR) $(1)/usr/lib $(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libunbound.so.* $(1)/usr/lib/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libunbound.so.* $(1)/usr/lib/
endef endef
Package/libunbound-heavy/install = $(Package/libunbound-light/install)
define Package/unbound-anchor/install define Package/unbound-anchor/install
$(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/unbound-anchor $(1)/usr/sbin/ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/unbound-anchor $(1)/usr/sbin/
@ -256,9 +247,7 @@ define Package/unbound-host/install
endef endef
$(eval $(call BuildPackage,unbound-daemon)) $(eval $(call BuildPackage,unbound-daemon))
$(eval $(call BuildPackage,unbound-daemon-heavy))
$(eval $(call BuildPackage,libunbound-light))
$(eval $(call BuildPackage,libunbound-heavy))
$(eval $(call BuildPackage,libunbound))
$(eval $(call BuildPackage,unbound-anchor)) $(eval $(call BuildPackage,unbound-anchor))
$(eval $(call BuildPackage,unbound-checkconf)) $(eval $(call BuildPackage,unbound-checkconf))
$(eval $(call BuildPackage,unbound-control)) $(eval $(call BuildPackage,unbound-control))


+ 5
- 0
net/unbound/files/README.md View File

@ -190,6 +190,11 @@ config zone
list zone_name '.' list zone_name '.'
``` ```
## Optional Compile Switches
Unbound can be changed by toggling switches within `make menuconfig` Libraries/Network/libunbound. Disable libevent, libpthread, and ipset to attempt to gain performance and size on small single core targets. These downgrade options are well tested, but they are not needed unless Unbound will not fit. Take care before enabling subnetcache, dnscrypt, and python options. These enhancements are not fully tested within OpenWrt and python is a large dependency. These enhancements are default off and they do not have UCI. You will need to use the files `/etc/unbound/unbound_srv.conf` and `/etc/unbound/unbound_ext.conf` to configure these modules. The `server:` clause line `module: subnetcache validator python iterator` will be filled out if the modules are compiled in.
Note: if you use python, then you will need to manual configure and you cannot use chroot. The scripts are not yet enhanced enough to set up the directory binding.
## Complete List of UCI Options ## Complete List of UCI Options
**/etc/config/unbound**: **/etc/config/unbound**:
``` ```


+ 16
- 1
net/unbound/files/unbound.sh View File

@ -547,7 +547,7 @@ unbound_zone() {
############################################################################## ##############################################################################
unbound_conf() { unbound_conf() {
local rt_mem rt_conn rt_buff modulestring domain ifsubnet
local rt_mem rt_conn rt_buff modulestring domain ifsubnet moduleopts
{ {
# server: for this whole function # server: for this whole function
@ -768,9 +768,17 @@ unbound_conf() {
# Assembly of module-config: options is tricky; order matters # Assembly of module-config: options is tricky; order matters
moduleopts="$( /usr/sbin/unbound -V )"
modulestring="iterator" modulestring="iterator"
case $moduleopts in
*with-python*)
modulestring="python $modulestring"
;;
esac
if [ "$UB_B_DNSSEC" -gt 0 ] ; then if [ "$UB_B_DNSSEC" -gt 0 ] ; then
if [ "$UB_B_NTP_BOOT" -gt 0 ] ; then if [ "$UB_B_NTP_BOOT" -gt 0 ] ; then
# DNSSEC chicken and egg with getting NTP time # DNSSEC chicken and egg with getting NTP time
@ -789,6 +797,13 @@ unbound_conf() {
fi fi
case $moduleopts in
*enable-subnet*)
modulestring="subnetcache $modulestring"
;;
esac
if [ "$UB_B_DNS64" -gt 0 ] ; then if [ "$UB_B_DNS64" -gt 0 ] ; then
echo " dns64-prefix: $UB_IP_DNS64" >> $UB_CORE_CONF echo " dns64-prefix: $UB_IP_DNS64" >> $UB_CORE_CONF


Write Preview
Loading…
Cancel
Save