diff --git a/net/knot-resolver/Config.in b/net/knot-resolver/Config.in new file mode 100644 index 000000000..082c88761 --- /dev/null +++ b/net/knot-resolver/Config.in @@ -0,0 +1,12 @@ +menu "Configuration" + config PACKAGE_knot-resolver_dnstap + bool "Build with dnstap support" + default n + help + knot-resolver dnstap module supports logging DNS responses + to a unix socket in dnstap format using fstrm framing library. + This logging is useful if you need effectivelly log all + DNS traffic. + The unix socket and the socket reader must be present before + starting resolver instances. +endmenu diff --git a/net/knot-resolver/Makefile b/net/knot-resolver/Makefile new file mode 100644 index 000000000..464754927 --- /dev/null +++ b/net/knot-resolver/Makefile @@ -0,0 +1,91 @@ +# +# Copyright (C) 2015-2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/) +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +PKG_RELRO_FULL:=0 + +include $(TOPDIR)/rules.mk + +PKG_NAME:=knot-resolver +PKG_VERSION:=5.2.1 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz +PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-resolver +PKG_HASH:=aa37b744c400f437acba7a54aebcbdbe722ece743d342cbc39f2dd8087f05826 + +PKG_MAINTAINER:=Jan Pavlinec +PKG_LICENSE:=GPL-3.0-later +PKG_LICENSE_FILES:=COPYING + +PKG_BUILD_DEPENDS:=meson/host +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk +include ../../devel/meson/meson.mk + +define Package/knot-resolver + SECTION:=net + CATEGORY:=Network + SUBMENU:=IP Addresses and Names + TITLE:=Knot DNS Resolver + URL:=https://www.knot-resolver.cz + DEPENDS=\ + +knot-libs \ + +knot-libzscanner \ + +libuv \ + +luajit \ + +luasec \ + +luasocket \ + +libstdcpp \ + +lmdb \ + PACKAGE_knot-resolver_dnstap:libfstrm \ + PACKAGE_knot-resolver_dnstap:libprotobuf-c \ + @(aarch64||mips64||mips64el||powerpc64||x86_64) + USERID:=kresd=3536:kresd=3536 +endef + +define Package/knot-resolver/description + The Knot Resolver is a caching full resolver + implementation, including both a resolver library and a daemon. +endef + +define Package/knot-resolver/config + source "$(SOURCE)/Config.in" +endef + +MESON_ARGS+= \ + $(if $(CONFIG_PACKAGE_knot-resolver_dnstap), -Ddnstap=enabled,-Ddnstap=disabled) \ + -Dcapng=disabled \ + -Dclient=disabled \ + -Dconfig_tests=disabled \ + -Ddnstap=disabled \ + -Ddoc=disabled \ + -Dinstall_kresd_conf=disabled \ + -Dinstall_root_keys=disabled \ + -Dkeyfile_default=/etc/knot-resolver/root.keys \ + -Dprefix=/usr \ + -Dunit_tests=disabled \ + -Dutils=disabled + +define Package/knot-resolver/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kresd $(1)/usr/sbin/ + + $(INSTALL_DIR) $(1)/usr/lib/knot-resolver + $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/knot-resolver/{*.lua,*.so} $(1)/usr/lib/knot-resolver/ + $(INSTALL_DIR) $(1)/usr/lib/knot-resolver/kres_modules + $(CP) $(PKG_INSTALL_DIR)/usr/lib/knot-resolver/kres_modules/{*.lua,*.so} $(1)/usr/lib/knot-resolver/kres_modules/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/kresd.init $(1)/etc/init.d/kresd + + $(INSTALL_DIR) $(1)/etc/knot-resolver + $(CP) $(PKG_INSTALL_DIR)/etc/knot-resolver/root.hints $(1)/etc/knot-resolver/ + $(CP) ./files/root.keys $(1)/etc/knot-resolver +endef + +$(eval $(call BuildPackage,knot-resolver)) diff --git a/net/knot-resolver/files/kresd.init b/net/knot-resolver/files/kresd.init new file mode 100755 index 000000000..18f09e18c --- /dev/null +++ b/net/knot-resolver/files/kresd.init @@ -0,0 +1,75 @@ +#!/bin/sh /etc/rc.common + +START=61 +STOP=00 + +USE_PROCD=1 +PROG=/usr/sbin/kresd +CONFIGFILE=/tmp/kresd/kresd.config +ROOTKEYFILE=/etc/knot-resolver/root.keys +DEFAULT_RUNDIR=/tmp/kresd +USERNAME=kresd +GROUP=kresd + +init_header() { + { + echo "--Automatically generated file; DO NOT EDIT" + echo "modules = {" + echo " 'hints > iterate'" + echo " , 'policy'" + if [ "$prefetch" \!= 0 ]; then + echo " , 'stats'" + echo " , predict = {" + echo " window = 30 -- 30 minutes sampling window" + echo " , period = 24*(60/30) -- track last 24 hours" + echo " }" + fi + echo "}" + echo "hints.use_nodata(true)" + } > $CONFIGFILE +} + +init_rootkey() { + { + echo "trust_anchors.remove('.')" + echo "trust_anchors.add_file('$ROOTKEYFILE', true)" + } >> $CONFIGFILE +} + +modify_rundir() { + local rundir + + #create rundir + rundir="$DEFAULT_RUNDIR" + + if [ ! -d "$rundir" ]; then + mkdir -p "$rundir" + fi + + if id "$1" >/dev/null 2>&1; then + chown -R $USERNAME:$GROUP "$rundir" + fi +} + +start_service() { + procd_open_instance + procd_set_param file /etc/config/resolver + procd_set_param command "$PROG" + procd_append_param command --noninteractive + procd_set_param respawn + modify_rundir + init_header + init_rootkey + + # knot-resolver config + procd_append_param command -c "$CONFIGFILE" + procd_append_param command -a "0.0.0.0#53" + procd_append_param command -a "::0#53" + procd_close_instance +} + +reload_service() +{ + stop + start +} diff --git a/net/knot-resolver/files/root.keys b/net/knot-resolver/files/root.keys new file mode 100644 index 000000000..6ee35a498 --- /dev/null +++ b/net/knot-resolver/files/root.keys @@ -0,0 +1 @@ +. IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d diff --git a/net/knot-resolver/patches/010-fix-lmdb.patch b/net/knot-resolver/patches/010-fix-lmdb.patch new file mode 100644 index 000000000..890c4a027 --- /dev/null +++ b/net/knot-resolver/patches/010-fix-lmdb.patch @@ -0,0 +1,20 @@ +This is just workaround. It should be removed after proper fixing in upstream. +Patch fixes problem with lmdb pkg config. It also adds workaround for get_option +which is now not propagated in OpenWrt meson host package. +--- a/meson.build ++++ b/meson.build +@@ -23,10 +23,10 @@ libknot = dependency('libknot', version: + libdnssec = dependency('libdnssec', version: knot_version) + libzscanner = dependency('libzscanner', version: knot_version) + libuv = dependency('libuv', version: '>=1.7') +-lmdb = dependency('lmdb', required: false) +-if not lmdb.found() # darwin workaround: missing pkgconfig +- lmdb = meson.get_compiler('c').find_library('lmdb') +-endif ++##lmdb = dependency('lmdb', required: false) ++##if not lmdb.found() # darwin workaround: missing pkgconfig ++lmdb = meson.get_compiler('c').find_library('lmdb') ++##endif + gnutls = dependency('gnutls') + luajit = dependency('luajit') + # NOTE avoid using link_args for luajit due to a macOS issue diff --git a/net/knot-resolver/patches/030-fix-policy-hack.patch b/net/knot-resolver/patches/030-fix-policy-hack.patch new file mode 100644 index 000000000..6d013a6cc --- /dev/null +++ b/net/knot-resolver/patches/030-fix-policy-hack.patch @@ -0,0 +1,13 @@ +This patch fixes the problem with forwarding in knot-resolver v4.3.0. +It reintroduces a fix which enables policy related hack (knot/knot-resolver#205 (comment 94566) ) +--- a/modules/policy/policy.lua ++++ b/modules/policy/policy.lua +@@ -985,7 +985,7 @@ policy.layer = { + if bit.band(state, bit.bor(kres.FAIL, kres.DONE)) ~= 0 then return state end + local qry = req:initial() -- same as :current() but more descriptive + return policy.evaluate(policy.rules, req, qry, state) +- or (special_names_optim(req, qry.sname) ++ or (true--special_names_optim(req, qry.sname) + and policy.evaluate(policy.special_names, req, qry, state)) + or state + end, diff --git a/net/knot-resolver/test.sh b/net/knot-resolver/test.sh new file mode 100644 index 000000000..001193970 --- /dev/null +++ b/net/knot-resolver/test.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +kresd --version | grep "$2"