knot-resolver: add new package

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>

net/knot-resolver/Config.in

@@ -0,0 +1,12 @@
+menu "Configuration"
+	config PACKAGE_knot-resolver_dnstap
+		bool "Build with dnstap support"
+		default n
+		help
+			knot-resolver dnstap module supports logging DNS responses
+			to a unix socket in dnstap format using fstrm framing library.
+			This logging is useful if you need effectivelly log all
+			DNS traffic.
+			The unix socket and the socket reader must be present before
+			starting resolver instances.
+endmenu

net/knot-resolver/Makefile

@@ -0,0 +1,91 @@
+#
+# Copyright (C) 2015-2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+PKG_RELRO_FULL:=0
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=knot-resolver
+PKG_VERSION:=5.2.1
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-resolver
+PKG_HASH:=aa37b744c400f437acba7a54aebcbdbe722ece743d342cbc39f2dd8087f05826
+
+PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec@nic.cz>
+PKG_LICENSE:=GPL-3.0-later
+PKG_LICENSE_FILES:=COPYING
+
+PKG_BUILD_DEPENDS:=meson/host
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+include ../../devel/meson/meson.mk
+
+define Package/knot-resolver
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  TITLE:=Knot DNS Resolver
+  URL:=https://www.knot-resolver.cz
+  DEPENDS=\
+    +knot-libs \
+    +knot-libzscanner \
+    +libuv \
+    +luajit \
+    +luasec \
+    +luasocket \
+    +libstdcpp \
+    +lmdb \
+    PACKAGE_knot-resolver_dnstap:libfstrm \
+    PACKAGE_knot-resolver_dnstap:libprotobuf-c \
+    @(aarch64||mips64||mips64el||powerpc64||x86_64)
+  USERID:=kresd=3536:kresd=3536
+endef
+
+define Package/knot-resolver/description
+  The Knot Resolver is a caching full resolver
+  implementation, including both a resolver library and a daemon.
+endef
+
+define Package/knot-resolver/config
+	source "$(SOURCE)/Config.in"
+endef
+
+MESON_ARGS+= \
+	$(if $(CONFIG_PACKAGE_knot-resolver_dnstap), -Ddnstap=enabled,-Ddnstap=disabled) \
+	-Dcapng=disabled \
+	-Dclient=disabled \
+	-Dconfig_tests=disabled \
+	-Ddnstap=disabled \
+	-Ddoc=disabled \
+	-Dinstall_kresd_conf=disabled \
+	-Dinstall_root_keys=disabled \
+	-Dkeyfile_default=/etc/knot-resolver/root.keys \
+	-Dprefix=/usr \
+	-Dunit_tests=disabled \
+	-Dutils=disabled
+
+define Package/knot-resolver/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kresd $(1)/usr/sbin/
+
+	$(INSTALL_DIR) $(1)/usr/lib/knot-resolver
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/knot-resolver/{*.lua,*.so} $(1)/usr/lib/knot-resolver/
+	$(INSTALL_DIR) $(1)/usr/lib/knot-resolver/kres_modules
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/knot-resolver/kres_modules/{*.lua,*.so} $(1)/usr/lib/knot-resolver/kres_modules/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/kresd.init $(1)/etc/init.d/kresd
+
+	$(INSTALL_DIR) $(1)/etc/knot-resolver
+	$(CP) $(PKG_INSTALL_DIR)/etc/knot-resolver/root.hints $(1)/etc/knot-resolver/
+	$(CP) ./files/root.keys $(1)/etc/knot-resolver
+endef
+
+$(eval $(call BuildPackage,knot-resolver))

net/knot-resolver/files/kresd.init

@@ -0,0 +1,75 @@
+#!/bin/sh /etc/rc.common
+
+START=61
+STOP=00
+
+USE_PROCD=1
+PROG=/usr/sbin/kresd
+CONFIGFILE=/tmp/kresd/kresd.config
+ROOTKEYFILE=/etc/knot-resolver/root.keys
+DEFAULT_RUNDIR=/tmp/kresd
+USERNAME=kresd
+GROUP=kresd
+
+init_header() {
+	{
+	echo "--Automatically generated file; DO NOT EDIT"
+	echo "modules = {"
+	echo "    'hints > iterate'"
+	echo "  , 'policy'"
+	if [ "$prefetch" \!= 0 ]; then
+		echo "  , 'stats'"
+		echo "  , predict = {"
+		echo "        window = 30 -- 30 minutes sampling window"
+		echo "      , period = 24*(60/30) -- track last 24 hours"
+		echo "  }"
+	fi
+	echo "}"
+	echo "hints.use_nodata(true)"
+	} > $CONFIGFILE
+}
+
+init_rootkey() {
+	{
+	echo "trust_anchors.remove('.')"
+	echo "trust_anchors.add_file('$ROOTKEYFILE', true)"
+	} >> $CONFIGFILE
+}
+
+modify_rundir() {
+	local rundir
+
+	#create rundir
+	rundir="$DEFAULT_RUNDIR"
+
+	if [ ! -d "$rundir" ]; then
+		mkdir -p "$rundir"
+	fi
+
+	if id "$1" >/dev/null 2>&1; then
+		chown -R $USERNAME:$GROUP "$rundir"
+	fi
+}
+
+start_service() {
+	procd_open_instance
+	procd_set_param file /etc/config/resolver
+	procd_set_param command "$PROG"
+	procd_append_param command --noninteractive
+	procd_set_param respawn
+	modify_rundir
+	init_header
+	init_rootkey
+
+	# knot-resolver config
+	procd_append_param command -c "$CONFIGFILE"
+	procd_append_param command -a "0.0.0.0#53"
+	procd_append_param command -a "::0#53"
+	procd_close_instance
+}
+
+reload_service()
+{
+	stop
+	start
+}

net/knot-resolver/files/root.keys

@@ -0,0 +1 @@
+. IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d

net/knot-resolver/patches/010-fix-lmdb.patch

@@ -0,0 +1,20 @@
+This is just workaround. It should be removed after proper fixing in upstream.
+Patch fixes problem with lmdb pkg config. It also adds workaround for get_option
+which is now not propagated in OpenWrt meson host package.
+--- a/meson.build
++++ b/meson.build
+@@ -23,10 +23,10 @@ libknot = dependency('libknot', version:
+ libdnssec = dependency('libdnssec', version: knot_version)
+ libzscanner = dependency('libzscanner', version: knot_version)
+ libuv = dependency('libuv', version: '>=1.7')
+-lmdb = dependency('lmdb', required: false)
+-if not lmdb.found()  # darwin workaround: missing pkgconfig
+-  lmdb = meson.get_compiler('c').find_library('lmdb')
+-endif
++##lmdb = dependency('lmdb', required: false)
++##if not lmdb.found()  # darwin workaround: missing pkgconfig
++lmdb = meson.get_compiler('c').find_library('lmdb')
++##endif
+ gnutls = dependency('gnutls')
+ luajit = dependency('luajit')
+ # NOTE avoid using link_args for luajit due to a macOS issue

net/knot-resolver/patches/030-fix-policy-hack.patch

@@ -0,0 +1,13 @@
+This patch fixes the problem with forwarding in knot-resolver v4.3.0.
+It reintroduces a fix which enables  policy related hack (knot/knot-resolver#205 (comment 94566) )
+--- a/modules/policy/policy.lua
++++ b/modules/policy/policy.lua
+@@ -985,7 +985,7 @@ policy.layer = {
+ 		if bit.band(state, bit.bor(kres.FAIL, kres.DONE)) ~= 0 then return state end
+ 		local qry = req:initial() -- same as :current() but more descriptive
+ 		return policy.evaluate(policy.rules, req, qry, state)
+-			or (special_names_optim(req, qry.sname)
++			or (true--special_names_optim(req, qry.sname)
+ 					and policy.evaluate(policy.special_names, req, qry, state))
+ 			or state
+ 	end,

net/knot-resolver/test.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+kresd --version | grep "$2"