If kresd is configured to listen using TLS, but it has no credentials,
it should fall back to generating ephemeral credentials and using
them.

It stores the ephemerally-generated secret key in the same directory
as the cache, using the name "ephemeral_key.pem".  If the cache
persists, then the key will too, even if the daemon dies.  This means
that any set of daemons that share a cache will also share an
ephemeral secret key.

The ephemeral X.509 certificate that corresponds to the key will be
automatically generated (self-signed), will have a lifetime of about
90 days (matching Let's Encrypt policy).  The ephemeral cert is
never written to disk; it is always dynamically-generated by kresd.

This should make it very easy to get DNS-over-TLS working in
opportunistic mode.

Vladimír Čunát authored 8 years ago and Ondřej Surý committed 8 years ago

Motivation: maintaining these by hand in kres.lua is tricky, as just
inserting or reordering the structures can do anything and isn't
detected in general.  For example, `rr_array_t::at` has always
"missed a star".

A couple libknot structure fields have apparently changed name since
the old definitions were written; in most cases I renamed them in *.lua.

The file daemon/lua/kres-gen.lua will be regenerated only if explicitly
deleted.  That requires building with debug symbols and gdb on $PATH.

This reverts commit 64f80706.
TL;DR: it brought almost no benefits AFAIK and potential for problems.

The "portable bytecode" produced by luajit isn't compatible when
(lib)luajit version changes or when some build-time configuration of it
changes.  If you mix these up, kresd fails to start.

It seems a bit cleaner, though impact on size and load speed should not
be noticeable.  We simply install most of the lua code, as before, and I
assume that we *do* want to keep that visibility, at least by default.
Suggested on !57.

This saves a few kilobytes in the executable.
Also, the name XXD seemed no longer suitable,
as it does lua-specific cleaning.

and set libknot_SONAME and libzscanner_SONAME as lua literals.

Remove now obsolete libpath lua function - use find_soname from
platform.mk to define <arg>_SONAME, add lua_pushliteral to
daemon/engine.c and add -D to daemon/daemon.mk for any new library
loaded from Lua.

addition to previous generic socket activation

fixes #11

* PIE,RELRO+NOW and other security features enabled
* support for both static/dynamic builds with BUILDMODE
* dynamic library is ABI-versioned, starting at 1
* pkg-config file is installed

this is needed to make sure it always compiles with PIC

this allows to override any dstdir variable without
patching config.mk

amalgamated build concatenates all files into a single .c file to
allow compiler see all symbols and produce possibly smaller code.
for binary distributions this is what you want, as it's faster but
may consume more memory during compilation.
it however cannot do incremental builds.

todo: active refresh

this is a first step of leaning towards LuaJIT.
the FFI bindings are much faster, simpler and don’t abort traces

daemon core scripting engine is still going to support interpreted Lua, but modules requiring library bindings (such as ‘block’) will require LuaJIT for FFI

also some cleanup and version bump to Q2

the worker now creates a resolution context copy,
and keeps it if the query requires iterative queries.
the worker_exec() is now a reentrant function that gets
called with incoming data until the resolution is done,
and it sends the answer

example:
modules.hints = ‘{“input”:”/etc/hosts”}’
.. is equal to ..
modules.load(‘hints’)
hints.config(‘{“input”:”/etc/hosts”}’)