Commit c04ddf16 authored by Tomas Krizek's avatar Tomas Krizek

Merge branch 'packaging-improvements' into 'master'

Packaging improvements

Closes #323

See merge request knot/knot-resolver!540
parents 71d1dab1 08731cf1
From fff3b5513a48e225fa8fa49899ba1f376552fa99 Mon Sep 17 00:00:00 2001
From: Tomas Krizek <>
Date: Tue, 27 Feb 2018 18:05:08 +0100
Subject: [PATCH] Update documentation of --keyfile-ro
From: Daniel Kahn Gillmor <>
Date: Sat, 17 Feb 2018 15:52:20 -0500
Subject: Update documentation of --keyfile-ro
On Debian systems, we depend on the OS package management to update
the dns root data. Make the documentation for running with this
option less scary-sounding, as it is the default.
doc/ | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
doc/ | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/doc/ b/doc/
index 266e9f05..05a9dd67 100644
index 266e9f0..6c5195b 100644
--- a/doc/
+++ b/doc/
@@ -123,7 +123,7 @@ file at the default location (\fIconfig\fR). The syntax is
......@@ -23,21 +22,20 @@ index 266e9f05..05a9dd67 100644
Root trust anchors in this file are managed using standard RFC 5011 (Automated Updates of DNS Security Trust Anchors).
Kresd needs write access to the directory containing the keyfile.
@@ -134,9 +134,12 @@ The file contains DNSKEY/DS records in presentation format,
@@ -134,9 +134,14 @@ The file contains DNSKEY/DS records in presentation format,
and is compatible with Unbound and BIND 9 root key files.
.B \-K\fI keyfile\fR, \fB\-\-keyfile\-ro=\fI<keyfile>
-(Discouraged) Static root trust anchors file. The file is not updated by kresd. Use of this option is discouraged because it will break your installation when the trust anchor key changes!
+Static root trust anchors file. The file is not updated by
+kresd. Please ensure that any running kresd instances are restarted if
+the trust anchors change. (On Debian, this should happen automatically
+on upgrade of the dns-root-data package).
+the trust anchors change. (On Debian, kresd will be restarted
+automatically when the dns-root-data package updates
+/usr/share/dns/root.key, so nothing extra needs to be done unless you
+diverge from the default here.)
-Default: "@KEYFILE_DEFAULT@" (can be empty if your distribution did not provide one)
.B \-m\fI path\fR, \fB\-\-moduledir=\fI<path>
Override the directory that is searched for modules. Default: @MODULEDIR@
From: Daniel Kahn Gillmor <>
Date: Sun, 12 Nov 2017 14:03:31 +0800
Subject: avoid shipping duplicate root.hints and icann-ca.pem
etc/ | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Index: knot-resolver/etc/
--- knot-resolver.orig/etc/
+++ knot-resolver/etc/
@@ -1,9 +1,9 @@
-etc_SOURCES := icann-ca.pem \
+etc_SOURCES := \
config.cluster \
config.isp \
config.personal \
- config.splitview \
- root.hints
+ config.splitview
etc-install: $(DESTDIR)$(ETCDIR)
$(INSTALL) -m 0644 $(addprefix etc/,$(etc_SOURCES)) $(DESTDIR)$(ETCDIR)
......@@ -43,6 +43,8 @@ override_dh_auto_build-indep:
dh_auto_install --destdir=debian/tmp -- V=1
rm debian/tmp/etc/knot-resolver/icann-ca.pem
rm debian/tmp/etc/knot-resolver/root.hints
# install just the http/2 module
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment