Apparently some corner cases are not handled properly.
We need to fix these in follow-up patches.

fix some errors found by static analyzer

See merge request !446

Clang right now does not support cleanup attribute which is causing
false positives, so the check is now disabled.
https://bugs.llvm.org/show_bug.cgi?id=3888

At the same time I've enabled all other checkers to see what happens. We
need to go though them and disable them one-by-one if necessary.

this helps avoid false positive leaks caused by combination of
cleanup functions and goto

refs #291

attribute cleanup (auto_free) gets called when variable goes out of
scope, not on longjmp (in lua_error), so the variable never gets freed

Dockerfile: add static analysis tools

See merge request !444

daemon: TLS-handshake timeout timer was not properly activated; fix

See merge request !441

ci: add -Werror to CFLAGS, added clang build target

See merge request !432

this checks things such as inconsistent declarations and definitions

This supports linting of C code using clang-tidy to fix common
security and code quality issues early in the development workflow.
The benefit is that less time has to be spent in code reviews to
point out obvious problems, and ideally when the outstanding issues
are fixed, clang-tidy (and clang-format) can also be used to to
automatically fix basic problems and enforce common code style,
similarly to `go vet && go fmt` workflow.

fixup! CI: add Clang scan-build to the pipeline

See merge request !438

Forgot to `git add` Dockerfile with Clang tools.

Systemd modifications

See merge request !436

Tomas Krizek authored 7 years ago and Petr Špaček committed 7 years ago

The `knot-resolver` name is used for paths and user name. Creating a
systemd alias with the same name is user-friendly to end users who won't
have to remember another name (`kresd`).

Note: Systemd Alias is only created after service is enabled. Packagers
are thus advised to create symlinks for unit files during package installation
so users can use `knot-resolver` name right from the start.

Tomas Krizek authored 7 years ago and Petr Špaček committed 7 years ago

The /run directory is non-persistent. Use /var/cache/knot-resolver
as a persistent cache.

CI: add Clan scan build to pipeline

See merge request !437

For now error produced by scan-build are not fatal.
We need to fix these first.

systemd: drop WantedBy directive from kresd.service

See merge request !433

This directive is unnecessary in the .service file, and it also causes
a dependency cycle that systemd is obliged to break.

Since kresd is socket-activated, there is no need for the WantedBy
directive in the .service file itself.  As long as the .socket files
are installed, the service will run when it is used.

systemd: enable manual activation of kresd.service as non-root user

See merge request !434

To be able to bind to a well known port as a non-root user, the CAP_NET_BIND_SERVICE
capability is required.

outbound TCP connections sharing; TLS over outbound TCP connections

Closes #104

See merge request !379