Merge !1402: packaging changes and improvements for v6

distro/pkg/deb/compat

-9
+12

distro/pkg/deb/control

@@ -3,7 +3,7 @@ Section: net
 Priority: optional
 Maintainer: Knot Resolver <knot-resolver@labs.nic.cz>
 Build-Depends:
- debhelper (>= 9~),
+ debhelper (>= 12~),
  dh-python,
  libcmocka-dev (>= 1.0.0),
  libedit-dev,
@@ -28,7 +28,30 @@ Build-Depends:
  libssl-dev,
 Homepage: https://www.knot-resolver.cz/
 
-Package: knot-resolver
+Package: knot-resolver-manager
+Architecture: all
+Provides:
+ knot-resolver6,
+Depends:
+ knot-resolver-core (= ${binary:Version}),
+ python3-aiohttp,
+ python3-jinja2,
+ python3-yaml,
+ python3-prometheus-client,
+ supervisor,
+ ${misc:Depends},
+ ${python3:Depends},
+Section: python
+Description: caching, DNSSEC-validating DNS resolver - config manager
+ Knot Resolver is a caching full resolver implementation written in C and
+ LuaJIT, including both a resolver library and a daemon.
+ .
+ This package contains Knot Resolver Manager - a configuration tool for Knot
+ Resolver. The Manager hides the complexity of running several independent
+ resolver processes while ensuring zero-downtime reconfiguration with YAML/JSON
+ declarative configuration and an optional HTTP API for dynamic changes.
+
+Package: knot-resolver-core
 Architecture: any
 Depends:
  adduser,
@@ -36,10 +59,10 @@ Depends:
  systemd,
  ${misc:Depends},
  ${shlibs:Depends},
-Replaces:
-  libkres9 (<< 3.2.1-2),
 Breaks:
-  libkres9 (<< 3.2.1-2),
+ knot-resolver (<< 6),
+Replaces:
+ knot-resolver (<< 6),
 Recommends:
  lua-basexx,
  lua-cqueues,
@@ -47,8 +70,8 @@ Recommends:
  lua-psl,
 Suggests:
  knot-resolver-module-http,
-Description: caching, DNSSEC-validating DNS resolver
- The Knot Resolver is a caching full resolver implementation
+Description: caching, DNSSEC-validating DNS resolver - core binaries
+ Knot Resolver is a caching full resolver implementation
  written in C and LuaJIT, including both a resolver library and a
  daemon. Modular architecture of the library keeps the core tiny and
  efficient, and provides a state-machine like API for
@@ -63,14 +86,17 @@ Description: caching, DNSSEC-validating DNS resolver
  DNS recursors - no threading, shared-nothing architecture (except
  MVCC cache that may be shared). You can start and stop additional
  nodes depending on the contention without downtime.
+ .
+ This package contains the core resolver binaries.
 
-Package: knot-resolver-dbg
+Package: knot-resolver-core-dbg
 Architecture: any
-Depends: knot-resolver (= ${binary:Version}),
-         ${misc:Depends}
+Depends:
+ knot-resolver-core (= ${binary:Version}),
+ ${misc:Depends}
 Recommends: gdb
 Section: debug
-Priority: extra
+Priority: optional
 Description: Debug symbols for Knot Resolver
  This package provides the debug symbols for Knot Resolver needed
  for properly debugging errors in Knot Resolver with gdb.
@@ -79,7 +105,7 @@ Package: knot-resolver-module-dnstap
 Architecture: any
 Multi-Arch: same
 Depends:
- knot-resolver (= ${binary:Version}),
+ knot-resolver-core (= ${binary:Version}),
  libfstrm0,
  libprotobuf-c1,
  ${misc:Depends},
@@ -98,7 +124,7 @@ Description: dnstap module for Knot Resolver
 Package: knot-resolver-module-http
 Architecture: all
 Depends:
- knot-resolver (= ${binary:Version}),
+ knot-resolver-core (= ${binary:Version}),
  libjs-bootstrap,
  libjs-d3,
  libjs-jquery,
@@ -120,17 +146,3 @@ Description: HTTP module for Knot Resolver
  .
  This package contains HTTP/2 module for local visualization of the
  resolver cache and queries.
-
-Package: python3-knot-resolver-manager
-Architecture: all
-Provides: knot-resolver-manager
-Depends:
- knot-resolver (= ${binary:Version}),
- ${misc:Depends},
- ${python3:Depends},
-Section: python
-Description: Configuration tool for Knot Resolver
- Knot Resolver Manager is a configuration tool for Knot Resolver. The Manager
- hides the complexity of running several independent resolver processes while
- ensuring zero-downtime reconfiguration with YAML/JSON declarative
- configuration and an optional HTTP API for dynamic changes.

distro/pkg/deb/knot-resolver.postinst → distro/pkg/deb/knot-resolver-core.postinst

@@ -2,33 +2,10 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 set -e
 
-# upgrade-4-to-5
-export UPG_DIR=/var/lib/knot-resolver/.upgrade-4-to-5
-if [ -f ${UPG_DIR}/.unfinished ] ; then
-       rm -f ${UPG_DIR}/.unfinished
-       kresd -c /usr/lib/knot-resolver/upgrade-4-to-5.lua >/dev/null 2>/dev/null
-       echo "\n   !!! WARNING !!!"
-       echo "Knot Resolver configuration file requires manual upgrade.\n"
-       cat ${UPG_DIR}/kresd.conf.net 2>/dev/null
-fi
-
 if [ "$1" = "configure" ]; then
     adduser --quiet --system --group --no-create-home --home /var/cache/knot-resolver knot-resolver
 fi
 
-# Restart any running kresd instances if the root key is updated.
-# Note: if knot-resolver upstream watches this file and reloads it
-# upon a change, we can and should remove this trigger.
-if [ "$1" = "triggered" ]; then
-    if [ "$2" = "/usr/share/dns/root.key" ]; then
-        # use daemon-reload to load any unit changes
-        systemctl daemon-reload || true
-        # systemctl of the sub-services is the preferred method to restart
-        systemctl try-restart 'kresd@*.service' kres-cache-gc.service || true
-    fi
-    exit 0
-fi
-
 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
     systemctl daemon-reload || true
     systemd-tmpfiles --create /usr/lib/tmpfiles.d/knot-resolver.conf

distro/pkg/deb/knot-resolver.postrm → distro/pkg/deb/knot-resolver-core.postrm

@@ -3,7 +3,7 @@
 set -e
 
 if [ "$1" = "remove" ]; then
-    systemctl stop system-kresd.slice || true
+    deb-systemd-invoke stop system-kresd.slice || true
 fi
 
 #DEBHELPER#

distro/pkg/deb/knot-resolver-module-http.preinst

-#!/bin/sh
-# SPDX-License-Identifier: GPL-3.0-or-later
-set -e
-
-# upgrade-4-to-5
-if [ -f /lib/systemd/system/kresd-doh.socket ] ; then
-       export UPG_DIR=/var/lib/knot-resolver/.upgrade-4-to-5
-       mkdir -p ${UPG_DIR}
-       touch ${UPG_DIR}/.unfinished
-
-       for sock in kresd-webmgmt.socket kresd-doh.socket ; do
-               if systemctl is-enabled ${sock} 2>/dev/null | grep -qv masked ; then
-                       systemctl show ${sock} -p Listen > ${UPG_DIR}/${sock}
-                       case "$(systemctl show ${sock} -p BindIPv6Only)" in
-                       *ipv6-only)
-                               touch ${UPG_DIR}/${sock}.v6only
-                               ;;
-                       *default)
-                               if cat /proc/sys/net/ipv6/bindv6only | grep -q 1 ; then
-                                       touch ${UPG_DIR}/${sock}.v6only
-                               fi
-                               ;;
-                       esac
-               fi
-       done
-fi

distro/pkg/deb/knot-resolver.preinst

-#!/bin/sh
-# SPDX-License-Identifier: GPL-3.0-or-later
-set -e
-
-# upgrade-4-to-5
-if [ -f /lib/systemd/system/kresd.socket ] ; then
-       export UPG_DIR=/var/lib/knot-resolver/.upgrade-4-to-5
-       mkdir -p ${UPG_DIR}
-       touch ${UPG_DIR}/.unfinished
-
-       for sock in kresd.socket kresd-tls.socket ; do
-               if systemctl is-enabled ${sock} 2>/dev/null | grep -qv masked ; then
-                       systemctl show ${sock} -p Listen > ${UPG_DIR}/${sock}
-                       case "$(systemctl show ${sock} -p BindIPv6Only)" in
-                       *ipv6-only)
-                               touch ${UPG_DIR}/${sock}.v6only
-                               ;;
-                       *default)
-                               if cat /proc/sys/net/ipv6/bindv6only | grep -q 1 ; then
-                                       touch ${UPG_DIR}/${sock}.v6only
-                               fi
-                               ;;
-                       esac
-               fi
-       done
-fi

distro/pkg/deb/knot-resolver.triggers

-interest-noawait /usr/share/dns/root.key

distro/pkg/deb/rules

@@ -11,6 +11,7 @@ export DEB_CFLAGS_MAINT_APPEND  = -Wall -pedantic -fno-omit-frame-pointer
 export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
 
 export PYBUILD_NAME=knot_resolver_manager
+export PYBUILD_DESTDIR=debian/knot-resolver-manager/
 
 # see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/*
 DPKG_EXPORT_BUILDFLAGS = 1
@@ -43,9 +44,9 @@ override_dh_auto_build:
 override_dh_auto_install:
 	DESTDIR="${PWD}/debian/tmp" ninja -v -C build_deb install
 	dh_auto_install --buildsystem=pybuild --sourcedirectory manager
-	install -m 644 -D $(CURDIR)/manager/etc/knot-resolver/config.yml $(CURDIR)/debian/tmp/etc/knot-resolver/config.yml
-	install -m 644 -D $(CURDIR)/manager/shell-completion/client.bash $(CURDIR)/debian/tmp/usr/share/bash-completion/completions/kresctl
-	install -m 644 -D $(CURDIR)/manager/shell-completion/client.fish $(CURDIR)/debian/tmp/usr/share/fish/completions/kresctl.fish
+	install -m 644 -D manager/etc/knot-resolver/config.yml debian/tmp/etc/knot-resolver/config.yml
+	install -m 644 -D manager/shell-completion/client.bash debian/tmp/usr/share/bash-completion/completions/kresctl
+	install -m 644 -D manager/shell-completion/client.fish debian/tmp/usr/share/fish/completions/kresctl.fish
 
 override_dh_auto_test:
 	meson test -C build_deb
@@ -54,4 +55,4 @@ override_dh_missing:
 	dh_missing --fail-missing
 
 override_dh_strip:
-	dh_strip --dbg-package=knot-resolver-dbg
+	dh_strip --dbg-package=knot-resolver-core-dbg

distro/pkg/nix/default.nix

@@ -75,7 +75,6 @@ unwrapped = stdenv.mkDerivation rec {
 
   postInstall = ''
     rm "$out"/lib/libkres.a
-    rm "$out"/lib/knot-resolver/upgrade-4-to-5.lua # not meaningful on NixOS
   '' + optionalString stdenv.targetPlatform.isLinux ''
     rm -r "$out"/lib/sysusers.d/ # ATM more likely to harm than help
   '';

distro/pkg/rpm/knot-resolver.spec

@@ -15,15 +15,6 @@ Summary:        Caching full DNS Resolver
 License:        GPL-3.0-or-later
 URL:            https://www.knot-resolver.cz/
 Source0:        knot-resolver-%{version}.tar.xz
-
-# LuaJIT only on these arches
-%if 0%{?rhel} == 7
-# RHEL 7 does not have aarch64 LuaJIT
-ExclusiveArch:	%{ix86} x86_64
-%else
-ExclusiveArch:	%{arm} aarch64 %{ix86} x86_64
-%endif
-
 %if 0%{GPG_CHECK}
 Source1:        knot-resolver-%{version}.tar.xz.asc
 # PGP keys used to sign upstream releases
@@ -34,6 +25,20 @@ Source100:      kresd-keyblock.asc
 BuildRequires:  gnupg2
 %endif
 
+%description
+The Knot Resolver is a DNSSEC-enabled caching full resolver implementation
+written in C and LuaJIT, including both a resolver library and a daemon.
+Modular architecture of the library keeps the core tiny and efficient, and
+provides a state-machine like API for extensions.
+
+
+%package core
+Summary:        Caching full DNS Resolver - core binaries
+Conflicts:      knot-resolver < 6
+
+# LuaJIT only on these arches
+ExclusiveArch:	%{arm} aarch64 %{ix86} x86_64
+
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
 BuildRequires:  meson
@@ -90,7 +95,7 @@ BuildRequires:  lmdb-devel
 Requires(pre):  shadow
 %endif
 
-%description
+%description core
 The Knot Resolver is a DNSSEC-enabled caching full resolver implementation
 written in C and LuaJIT, including both a resolver library and a daemon.
 Modular architecture of the library keeps the core tiny and efficient, and
@@ -102,7 +107,7 @@ $ systemctl start kresd@1.service
 
 %package devel
 Summary:        Development headers for Knot Resolver
-Requires:       %{name}%{?_isa} = %{version}-%{release}
+Requires:       %{name}-core%{?_isa} = %{version}-%{release}
 
 %description devel
 The package contains development headers for Knot Resolver.
@@ -110,7 +115,7 @@ The package contains development headers for Knot Resolver.
 %if "x%{?suse_version}" == "x"
 %package module-dnstap
 Summary:        dnstap module for Knot Resolver
-Requires:       %{name} = %{version}-%{release}
+Requires:       %{name}-core = %{version}-%{release}
 
 %description module-dnstap
 dnstap module for Knot Resolver supports logging DNS responses to a unix socket
@@ -121,7 +126,7 @@ need effectively log all DNS traffic.
 %if "x%{?suse_version}" == "x"
 %package module-http
 Summary:        HTTP module for Knot Resolver
-Requires:       %{name} = %{version}-%{release}
+Requires:       %{name}-core = %{version}-%{release}
 %if 0%{?fedora} || 0%{?rhel} > 7
 Requires:       lua5.1-http
 Requires:       lua5.1-mmdb
@@ -137,9 +142,10 @@ queries. It can also serve DNS-over-HTTPS, but it is deprecated in favor of
 native C implementation, which doesn't require this package.
 %endif
 
-%package -n python3-knot-resolver-manager
+%package -n knot-resolver-manager
 Summary:        Configuration tool for Knot Resolver
-Requires:       %{name} = %{version}-%{release}
+Provides:       knot-resolver6 = %{version}-%{release}
+Requires:       %{name}-core = %{version}-%{release}
 %if 0%{?rhel} == 8
 Requires:       python3
 Requires:       python3-pyyaml
@@ -157,7 +163,7 @@ Requires:		python3-prometheus_client
 Requires:		supervisor
 %endif
 
-%description -n python3-knot-resolver-manager
+%description -n knot-resolver-manager
 Knot Resolver Manager is a configuration tool for Knot Resolver. The Manager
 hides the complexity of running several independent resolver processes while
 ensuring zero-downtime reconfiguration with YAML/JSON declarative
@@ -198,9 +204,6 @@ pushd manager
 %py3_build
 popd
 
-%check
-meson test -C build_rpm
-
 %install
 DESTDIR="${RPM_BUILD_ROOT}" %{NINJA} -v -C build_rpm install
 
@@ -236,72 +239,28 @@ install -m 644 -D shell-completion/client.fish %{buildroot}%{_datarootdir}/fish/
 
 popd
 
-%pre
+%pre core
 getent group knot-resolver >/dev/null || groupadd -r knot-resolver
 getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysconfdir}/knot-resolver -s /sbin/nologin -c "Knot Resolver" knot-resolver
 
-%if "x%{?rhel}" == "x"
-# upgrade-4-to-5
-if [ -f %{_unitdir}/kresd.socket ] ; then
-	export UPG_DIR=%{_sharedstatedir}/knot-resolver/.upgrade-4-to-5
-	mkdir -p ${UPG_DIR}
-	touch ${UPG_DIR}/.unfinished
-
-	for sock in kresd.socket kresd-tls.socket kresd-webmgmt.socket kresd-doh.socket ; do
-		if systemctl is-enabled ${sock} 2>/dev/null | grep -qv masked ; then
-			systemctl show ${sock} -p Listen > ${UPG_DIR}/${sock}
-			case "$(systemctl show ${sock} -p BindIPv6Only)" in
-			*ipv6-only)
-				touch ${UPG_DIR}/${sock}.v6only
-				;;
-			*default)
-				if cat /proc/sys/net/ipv6/bindv6only | grep -q 1 ; then
-					touch ${UPG_DIR}/${sock}.v6only
-				fi
-				;;
-			esac
-		fi
-	done
-fi
-%endif
-
-
-%post
-# upgrade-4-to-5
-%if "x%{?rhel}" == "x"
-export UPG_DIR=%{_sharedstatedir}/knot-resolver/.upgrade-4-to-5
-if [ -f ${UPG_DIR}/.unfinished ] ; then
-	rm -f ${UPG_DIR}/.unfinished
-	kresd -c %{_libdir}/knot-resolver/upgrade-4-to-5.lua &>/dev/null
-	echo -e "\n   !!! WARNING !!!"
-	echo -e "Knot Resolver configuration file requires manual upgrade.\n"
-	cat ${UPG_DIR}/kresd.conf.net 2>/dev/null
-fi
-%endif
-
-# 5.0.1 fix to force restart of kres-cache-gc.service, which was missing in systemd_postun_with_restart
-# TODO: remove once most users upgrade to 5.0.1+
-systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 2 ] ; then
-        systemctl try-restart kres-cache-gc.service >/dev/null 2>&1 || :
-fi
-
+%post core
 # systemd_post macro is not needed for anything (calls systemctl preset)
 %tmpfiles_create %{_tmpfilesdir}/knot-resolver.conf
 %if "x%{?fedora}" == "x"
 /sbin/ldconfig
 %endif
 
-%preun
+%preun core
 %systemd_preun kres-cache-gc.service kresd.target
 
-%postun
+%postun core
 %systemd_postun_with_restart 'kresd@*.service' kres-cache-gc.service
 %if "x%{?fedora}" == "x"
 /sbin/ldconfig
 %endif
 
-%files
+
+%files core
 %dir %{_pkgdocdir}
 %license %{_pkgdocdir}/COPYING
 %doc %{_pkgdocdir}/AUTHORS
@@ -327,7 +286,6 @@ fi
 %{_sbindir}/kresc
 %{_sbindir}/kres-cache-gc
 %{_libdir}/libkres.so.*
-%dir %{_libdir}/knot-resolver
 %{_libdir}/knot-resolver/*.so
 %{_libdir}/knot-resolver/*.lua
 %dir %{_libdir}/knot-resolver/kres_modules
@@ -381,7 +339,7 @@ fi
 %{_libdir}/knot-resolver/kres_modules/prometheus.lua
 %endif
 
-%files -n python3-knot-resolver-manager
+%files -n knot-resolver-manager
 %{python3_sitearch}/knot_resolver_manager*
 %{_sysconfdir}/knot-resolver/config.yml
 %{_unitdir}/knot-resolver.service

manager/tests/packaging/systemd_service.sh

@@ -5,8 +5,8 @@ set -e
 
 # check for root
 if test "$(id -u)" -ne 0; then
-    echo "Must be run as root"
-    exit 1
+	echo "Must be run as root"
+	exit 1
 fi
 
 # We will be starting a systemd service, but another tests might do the same
@@ -17,8 +17,14 @@ trap "systemctl stop knot-resolver.service" EXIT
 if ! systemctl start knot-resolver.service; then
 	echo
 	echo "Failed to start service, here is its status:"
-	systemctl status knot-resolver.service
-	
+	systemctl status knot-resolver.service || true
+	echo
+	echo "knot-resolver.service:"
+	systemctl cat knot-resolver.service || true
+	echo
+	echo "Checking service user using \`id knot-resolver\`:"
+	id knot-resolver
+	exit 1
 else
 	# check that the resolvers are actually running
 	kdig @127.0.0.1 nic.cz

meson.build

@@ -4,7 +4,7 @@ project(
   'knot-resolver',
   ['c', 'cpp'],
   license: 'GPLv3+',
-  version: '6.0.0a1',
+  version: '6.0.1',
   default_options: ['c_std=gnu11', 'b_ndebug=true'],
   meson_version: '>=0.49',
 )

scripts/make-archive.sh

@@ -11,11 +11,14 @@ cd "$(dirname ${0})/.."
 
 if ! git describe --tags --exact-match; then
     # devel version
-    GIT_HASH=$(git rev-parse --short HEAD )
-    TIMESTAMP=$(date -u +'%s' 2>/dev/null)
+    VERSION_TAG=$(git tag --merged HEAD --sort=-taggerdate | head -1)
+    VERSION=${VERSION_TAG#v}
+    GIT_HASH=$(git rev-parse --short=6 HEAD)
+    N_COMMITS=$(git rev-list $VERSION_TAG.. --count)
+    FULL_VERSION="$VERSION.dev$N_COMMITS+$GIT_HASH"
 
     # modify and commit meson.build
-    sed -i "s/^\(\s*version\s*:\s*'\)\([^']\+\)\('.*\)/\1\2.$TIMESTAMP.$GIT_HASH\3/" meson.build
+    sed -i "s/^\(\s*version\s*:\s*'\)\([^']\+\)\('.*\)/\1$FULL_VERSION\3/" meson.build
 
     : changed version in meson.build, changes must be committed to git
     git add meson.build
@@ -33,6 +36,14 @@ rm -rf build_dist ||:
 meson build_dist
 ninja -C build_dist dist
 
-# print path to generated tarball
-set +o xtrace
-find "${PWD}/build_dist/meson-dist/" -name "knot-resolver-*.tar.xz"
+# copy tarball to apkg path
+DIST_ARCHIVE=$(find "build_dist/meson-dist/" -name "knot-resolver-*.tar.xz")
+APKG_ARCHIVE="pkg/archives/dev/$(basename $DIST_ARCHIVE)"
+mkdir -p pkg/archives/dev
+cp "$DIST_ARCHIVE" "$APKG_ARCHIVE"
+
+# remove build directory
+rm -rf build_dist ||:
+
+# print path to generated tarball as expected by apkg
+echo "$APKG_ARCHIVE"