It provides more information and the condition is typically
easier to read, too.

WARNING: You should add the boolean check kwarg to the run_command call.
         It currently defaults to false,
         but it will default to true in future releases of meson.
         See also: https://github.com/mesonbuild/meson/issues/9300

In almost all cases we already check the return code explicitly
and throw a more descriptive message than what would be the default.

Oto Šťáva authored 2 years ago and Vladimír Čunát committed 2 years ago

The nghttp2 documentation states that we must not send data from inside
of its callbacks. It may result in crashes.

I was diffing logs from different runs and got annoyed by the shuffles.

I'm really sorry about this.  It's my regression in 5.5.0 (!1225)

Practical consequence was that the RW transaction was held open
until that instance did something with cache (and thus closed),
so any other instance would be frozen in the meantime if doing
anything non-read-only with cache (e.g. startup).
https://lists.nic.cz/hyperkitty/list/knot-resolver-users@lists.nic.cz/thread/6DOXXOA6ACEUBVYPUY3T2MLGIHWOMV6M/

It's probably a bit more efficient, but this part of code should be
rarely used even on a resolver serving all in XDP.

Somehow I did this wrong when porting to libknot 3.1.

Oto Šťáva authored 3 years ago and Vladimír Čunát committed 3 years ago

Also change the return type of kr_pkt_has_dnssec() and lua's :dobit()

This reverts commit 0c9ea133 (!1226).

CI rp:fwd-tls6.udp-asan now repeatedly shows use-after-free.
That could be a serious issue, and this commit's feature
seems less important than the risk.  Let's revert until the issue
gets deeper investigation.

The new limit is over 68 years, so still completely meaningless.

Oto Šťáva authored 3 years ago and Vladimír Čunát committed 3 years ago

Targeted CIDs: 155456, 155962, 346121, 346123, 346124, 346125,
  346126, 346127, 346130, 346131, 346132, 346134, 346135, 346138,
  346140, 346145, 346146, 346149, 346152, 346154, 346156, 346157

lib/dnssec/nsec3.c change:
  apparently cleaning fallout from my (= vcunat's) commit b5cf6132

For old doh we added this in commit a34aa1ee;
with the new implementation we somehow forgot.

The typical DNSSEC problems should happen already when trying to
validate the DNSKEY set, so it's better to be more verbose there.

In the end I gave up on deduplicating with log_bogus_rrsig() code,
as it's different logging group, logging level, no kr_query, etc.