Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
No results found
Show changes
Commits on Source (7328)
Hide whitespace changes
Inline Side-by-side
Showing
with 1610 additions and 115 deletions
.clang-tidy 0 → 100644
View file @ 8c3183c5
---
Checks: |-
bugprone-*,
cert-*,
google-readability-casting,
misc-*,
readability-*,
-bugprone-assignment-in-if-condition,
-bugprone-branch-clone,
-bugprone-easily-swappable-parameters,
-bugprone-inc-dec-in-conditions,
-bugprone-multi-level-implicit-pointer-conversion,
-bugprone-narrowing-conversions,
-bugprone-not-null-terminated-result,
-bugprone-sizeof-expression,
-bugprone-suspicious-string-compare,
-cert-dcl03-c,
-cert-dcl16-c,
-clang-analyzer-deadcode.DeadStores,
-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,
-clang-analyzer-unix.Malloc,
-clang-analyzer-valist.Uninitialized,
-clang-analyzer-optin.core.EnumCastOutOfRange,
-misc-include-cleaner,
-misc-macro-parentheses,
-misc-no-recursion,
-misc-static-assert,
-misc-unused-parameters,
-readability-avoid-nested-conditional-operator,
-readability-avoid-unconditional-preprocessor-if,
-readability-braces-*,
-readability-cognitive-complexity,
-readability-else-after-return,
-readability-function-cognitive-complexity,
-readability-identifier-length,
-readability-isolate-declaration,
-readability-magic-numbers,
-readability-non-const-parameter,
-readability-redundant-declaration,
-readability-uppercase-literal-suffix,
-clang-analyzer-core.UndefinedBinaryOperatorResult
# TODO: remove `-clang-analyzer-core.UndefinedBinaryOperatorResult` when we
# upgrade to Clang >=18 (it's a false positive )
WarningsAsErrors: |-
cert-*,
clang-analyzer-*,
misc-*,
readability-*,
-readability-non-const-parameter,
HeaderFilterRegex: 'contrib/ucw/*.h'
CheckOptions:
- key: readability-identifier-naming
value: 'lower_case'
- key: readability-function-size.StatementThreshold
value: '400'
- key: readability-function-size.LineThreshold
value: '500'
.dir-locals.el
View file @ 8c3183c5
;; emacs local configuration settings for knot-resolver source
;; surmised by dkg on 2016-04-02 23:46:50-0300
;; SPDX-License-Identifier: GPL-3.0-or-later
((c-mode
(indent-tabs-mode . t)
......
.gitattributes 0 → 100644
View file @ 8c3183c5
*.c diff=cpp
*.cpp diff=cpp
.github/workflows/macOS.yaml 0 → 100644
View file @ 8c3183c5
name: macOS
on: push
jobs:
build-test:
name: Build & unit tests & sanity check
runs-on: macOS-latest
strategy:
matrix:
knot-version: ['3.3']
steps:
- name: Checkout resolver code
uses: actions/checkout@v2
with:
submodules: true
- name: Install dependecies from brew
run:
brew install cmocka luajit libuv lmdb meson nghttp2 autoconf automake m4 libtool pkg-config
- name: Install libknot from sources
env:
KNOT_DNS_VERSION: ${{ matrix.knot-version }}
run: |
git clone -b ${KNOT_DNS_VERSION} https://gitlab.nic.cz/knot/knot-dns.git
cd knot-dns
autoreconf -fi
./configure --prefix=${HOME}/.local/usr --disable-static --disable-fastparser --disable-documentation --disable-daemon --disable-utilities --with-lmdb=no
make -j2 install
cd ..
- name: Build resolver
run: |
export PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:${HOME}/.local/usr/lib/pkgconfig"
meson build_darwin --default-library=static --buildtype=debugoptimized --prefix=${HOME}/.local/usr -Dc_args='-fno-omit-frame-pointer'
ninja -C build_darwin -v install
- name: Run unit tests
env:
MALLOC_CHECK_: 3
MALLOC_PERTURB_: 223
run: meson test -C build_darwin --suite unit
- name: Run kresd
env:
MALLOC_CHECK_: 3
MALLOC_PERTURB_: 223
run: |
export DYLD_FALLBACK_LIBRARY_PATH="${DYLD_FALLBACK_LIBRARY_PATH}:${HOME}/.local/usr/lib/"
echo "quit()" | ${HOME}/.local/usr/sbin/kresd -a 127.0.0.1@53535 .
.gitignore
View file @ 8c3183c5
*.o
**/__pycache__/
*.6
*.Plo
*.a
*.so
*.so.*
*.db
*.dylib
*.dylib.*
*.lo
*.gcda
*.gcno
*.gcov
*.info
*.junit.xml
*.la
*.Plo
*.swp
*~
*.d
*.db
*.out
*.6
*.lo
*.log
*.inc
*.mdb
*.gcno
*.gcda
*.gcov
*.o
*.out
*.so
*.so.*
*.swp
*~
.coverage
.deps
.dirstamp
.libs
.deps
_obj
.mypy_cache
.pytest_cache
/.build*/
/.cache
/.install_dev
/aclocal.m4
/ar-lib
/autom4te.cache/*
/config.log
/bench/bench_lru
/build*/
/compile
/compile_commands.json
/config.guess
/config.h
/config.log
/config.status
/config.guess
/config.sub
/configure
/ar-lib
/libtool
/missing
/compile
/control
/coverage
/coverage.stats
/daemon/kresd
/daemon/lua/*.inc
/daemon/lua/trust_anchors.lua
/depcomp
/dist
/distro/tests/*/.vagrant
/doc/**/.doctrees
/doc/**/doxyxml
/doc/html
/doc/kresd.8
/doc/texinfo
/doc/_static/schema_doc*
/doc/config-schema-body.md
/ephemeral_key.pem
/install-sh
/stamp-h1
/aclocal.m4
/libkres.pc
/libtool
/ltmain.sh
/ylwrap
/doc/doxyxml
/doc/html
/daemon/kresd
/missing
/modules/dnstap/dnstap.pb-c.d
/pkg
/self.crt
/self.key
/stamp-h1
/tags
/tests/dnstap/src/dnstap-test/go.sum
/tests/pytests/*/tcproxy
/tests/pytests/*/tlsproxy
/tests/pytests/pytests.*.html
/tests/pytests/*.junit.xml
/tests/test_array
/tests/test_lru
/tests/test_map
/tests/test_module
/tests/test_pack
/tests/test_set
/tests/test_utils
/tests/test_zonecut
/ylwrap
_obj
kresd.amalg.c
libkres.amalg.c
/doc/kresd.8
/libkres.pc
luacov.*.out
poetry.lock
.gitlab-ci.manager.yml 0 → 100644
View file @ 8c3183c5
stages:
- check
default:
image: $IMAGE_PREFIX/manager:$IMAGE_TAG
before_script:
- poetry --version
- poetry env use $PYTHON_INTERPRETER
tags:
- docker
- linux
- amd64
examples:py3.12:
stage: check
script:
- poetry install --all-extras --only main,dev
- poe examples
variables:
PYTHON_INTERPRETER: python3.12
check:py3.12:
stage: check
script:
- poetry install --all-extras --only main,dev,lint
- poe check
variables:
PYTHON_INTERPRETER: python3.12
format:py3.12:
stage: check
script:
- poetry install --all-extras --only main,dev,lint
- poe format
variables:
PYTHON_INTERPRETER: python3.12
lint:py3.12:
stage: check
script:
- poetry install --all-extras --only main,dev,lint
- poe lint
variables:
PYTHON_INTERPRETER: python3.12
.unit: &unit
stage: check
script:
- poetry install --all-extras --only main,dev,test
- poe test
# the following command makes sure that the source root of the coverage file is at $gitroot
- poetry run bash -c "coverage combine .coverage; coverage xml"
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: coverage.xml
junit: unit.junit.xml
paths:
- unit.junit.xml
unit:py3.8:
<<: *unit
variables:
PYTHON_INTERPRETER: python3.8
unit:py3.9:
<<: *unit
variables:
PYTHON_INTERPRETER: python3.9
unit:py3.10:
<<: *unit
variables:
PYTHON_INTERPRETER: python3.10
unit:py3.11:
<<: *unit
variables:
PYTHON_INTERPRETER: python3.11
unit:py3.12:
<<: *unit
variables:
PYTHON_INTERPRETER: python3.12
unit:py3.13:
<<: *unit
variables:
PYTHON_INTERPRETER: python3.13
.gitlab-ci.yml 0 → 100644
View file @ 8c3183c5
# SPDX-License-Identifier: GPL-3.0-or-later
# vim:foldmethod=marker
variables:
DEBIAN_FRONTEND: noninteractive
LC_ALL: C.UTF-8
GIT_SUBMODULE_STRATEGY: recursive
GIT_STRATEGY: clone # sometimes unclean submodule dirs otherwise
RESPDIFF_PRIORITY: 5
DISTROTEST_PRIORITY: 6
RESPDIFF_COUNT: 1
RESPDIFF_FORCE: 0
RESPERF_FORCE: 0
KNOT_VERSION: '3.3'
LIBKRES_ABI: 9
LIBKRES_NAME: libkres
MESON_TEST: meson test -C build_ci* -t 4 --print-errorlogs
PREFIX: $CI_PROJECT_DIR/.local
EMAIL: 'ci@nic'
# IMAGE_TAG is a Git branch/tag name from https://gitlab.nic.cz/knot/knot-resolver-ci
# In general, keep it pointing to a tag - use a branch only for development.
# More info in the knot-resolver-ci repository.
IMAGE_TAG: 'v20240924'
IMAGE_PREFIX: '$CI_REGISTRY/knot/knot-resolver-ci'
image: $IMAGE_PREFIX/debian12-knot_3_3:$IMAGE_TAG
default:
interruptible: true
tags:
- docker
- linux
- amd64
stages:
- build
- sanity
- test
- respdiff
- deploy
- pkg
# https://docs.gitlab.com/ce/ci/jobs/job_control.html#select-different-runner-tags-for-each-parallel-matrix-job
.multi_platform: &multi_platform
parallel:
matrix:
- PLATFORM: [ amd64, arm64 ]
tags: # some will override this part
- ${PLATFORM}
- docker
- linux
.common: &common
except:
refs:
- master@knot/knot-resolver
- master@knot/security/knot-resolver
- tags
variables:
- $SKIP_CI == "1"
tags:
- docker
- linux
- amd64
# Tests which decided to skip themselves get orange non-failure.
allow_failure:
exit_codes:
- 77
.after_build: &after_build
<<: *common
needs:
- build-stable
before_script:
# meson detects changes and performs useless rebuild; hide the log
- ninja -C build_ci* &>/dev/null
- rm build_ci*/meson-logs/testlog*.txt # start with clean testlog
artifacts:
when: always
# The deckard-specific parts are a little messy, but they're hard to separate in YAML.
paths:
- build_ci*/meson-logs/testlog*.txt
- tmpdeckard*
- build_ci*/meson-logs/integration.deckard.junit.xml
reports:
junit: build_ci*/meson-logs/integration.deckard.junit.xml
.after_build_arch: &after_build_arch
<<: *after_build
image: $IMAGE_PREFIX/arch:$IMAGE_TAG
needs:
- build-arch
.nodep: &nodep
<<: *common
needs: []
# build {{{
.build: &build
<<: *common
stage: build
artifacts:
when: always
paths:
- .local
- build_ci*
- pkg
reports:
junit: build_ci*/meson-logs/testlog.junit.xml
before_script:
- "echo \"PATH: $PATH\""
- "echo \"Using Python at: $(which python)\""
after_script:
- ci/fix-meson-junit.sh build_ci*/meson-logs/testlog.junit.xml
archive:
<<: *build
except: null
script:
- apkg make-archive
build-arch:
<<: *build
image: $IMAGE_PREFIX/arch:$IMAGE_TAG
script:
- meson build_ci_arch --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true
- ninja -C build_ci_arch
- ninja -C build_ci_arch install >/dev/null
- ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite snowflake
build-stable:
<<: *build
script:
- meson build_ci_stable --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true -Dextra_tests=enabled -Dbench=enabled
- ninja -C build_ci_stable
- ninja -C build_ci_stable install >/dev/null
- ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite snowflake
# This is currently the same as stable - uncomment this once Knot 3.4 is
# released and we are building against that, to keep sanity-checking the 3.3
# support.
#
#build-deb12-knot33:
# <<: *build
# image: $IMAGE_PREFIX/debian12-knot_3_3:$IMAGE_TAG
# script:
# - meson build_ci_deb12_knot33 --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true -Dextra_tests=enabled
# - ninja -C build_ci_deb12_knot33
# - ninja -C build_ci_deb12_knot33 install >/dev/null
# - ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite snowflake
build-deb12-knot-master:
<<: *build
image: $IMAGE_PREFIX/debian12-knot_master:$IMAGE_TAG
script:
- meson build_ci_deb12_knot_master --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true -Dextra_tests=enabled
- ninja -C build_ci_deb12_knot_master
- ninja -C build_ci_deb12_knot_master install >/dev/null
- ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite snowflake
allow_failure: true
build-stable-asan-gcc:
<<: *build
script:
- CFLAGS=-fno-sanitize-recover=all meson build_ci_asan_gcc --prefix=$PREFIX -Dmalloc=jemalloc -Db_sanitize=address,undefined -Dextra_tests=enabled
- ninja -C build_ci_asan_gcc
- ninja -C build_ci_asan_gcc install >/dev/null
- MESON_TESTTHREADS=1 ${MESON_TEST} --suite unit --suite dnstap --no-suite skip_asan --no-suite snowflake
- MESON_TESTTHREADS=1 ASAN_OPTIONS=detect_leaks=0 ${MESON_TEST} --suite config --no-suite skip_asan --no-suite snowflake
# TODO: Clang sanitizer seems to be broken in the current version of Debian. Use
# GCC above and maybe re-enable the Clang one once we update at some point.
#build-stable-asan-clang:
# <<: *build
# script:
# # issues with UBSan and ASan in CI:
# # - `ahocorasick.so` causes C++ problems
# # - `--default-library=shared` causes link problems
# - CC=clang CXX=clang++ CFLAGS=-fno-sanitize-recover=all CXXFLAGS=-fno-sanitize=undefined meson build_ci_asan_clang --default-library=static --prefix=$PREFIX -Dmalloc=jemalloc -Db_sanitize=address,undefined -Dextra_tests=enabled
# - ninja -C build_ci_asan_clang
# - ninja -C build_ci_asan_clang install >/dev/null
# # TODO _leaks: not sure what exactly is wrong in leak detection on config tests
# # TODO skip_asan: all three of these disappear locally when using gcc 9.1 (except some leaks)
# - MESON_TESTTHREADS=1 ASAN_OPTIONS=detect_leaks=0 ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite skip_asan --no-suite snowflake
build:macOS:
<<: *nodep
image: python:3-alpine
only:
refs:
- branches@knot/knot-resolver
stage: build
when: delayed
start_in: 3 minutes # allow some time for mirroring, job creation
script:
- pip3 install -U requests
- python3 ./ci/gh_actions.py ${CI_COMMIT_REF_NAME} ${CI_COMMIT_SHA}
.docker: &docker
<<: *nodep
except: null
image: docker:latest
variables:
DOCKER_HUB_REGISTRY: cznic/knot-resolver
GITLAB_REGISTRY: ${CI_REGISTRY}/knot/knot-resolver/cross-platform
tags:
- amd64
- dind
docker:build:
<<: *docker
<<: *multi_platform
stage: build
except:
- tags
script:
- docker buildx build --no-cache -t knot-resolver:${PLATFORM} .
after_script:
- docker rmi --force knot-resolver:${PLATFORM}
- docker rmi $(docker images -f "dangling=true" -q)
tags:
- ${PLATFORM}
- dind
docker:build:cross-platform:
<<: *docker
stage: build
only:
- master@knot/knot-resolver
- tags
before_script:
- >
docker buildx create
--name kres-builder
--driver docker-container
--bootstrap --use
- echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin
script:
- >
docker buildx build
--no-cache
--platform linux/amd64,linux/arm64/v8,linux/arm/v7
--provenance=false
--pull
--push
--tag ${GITLAB_REGISTRY}:${CI_COMMIT_REF_NAME}
.
docker:test:cross-platform:
<<: *docker
<<: *multi_platform
stage: test
only:
- tags
- master@knot/knot-resolver
needs:
- docker:build:cross-platform
image:
name: ${GITLAB_REGISTRY}:${CI_COMMIT_REF_NAME}
entrypoint: [""]
before_script:
- apt-get update
- apt-get -y install knot-dnsutils curl git
- /usr/bin/knot-resolver -c /etc/knot-resolver/config.yaml > knot-resolver.log &
script:
# check that the resolver responds to queries
- kdig nic.cz @localhost#53
- kdig +tcp nic.cz @localhost#53
- kdig +tls nic.cz @localhost#853
- kdig +https nic.cz @localhost#443
# run some packaging tests
- tests/packaging/kresctl.sh
- tests/packaging/interactive/etag.sh
- tests/packaging/interactive/schema.sh
- tests/packaging/interactive/reload.sh
- tests/packaging/interactive/metrics.sh
- tests/packaging/interactive/cache-clear.sh
- tests/packaging/interactive/workers.sh
- kresctl stop
artifacts:
when: always
paths:
- knot-resolver.log
tags:
- docker
- ${PLATFORM}
dockerhub:deploy:
<<: *docker
stage: deploy
when: manual
only:
- tags
needs:
- docker:test:cross-platform
before_script:
- echo "$DOCKER_HUB_TOKEN" | docker login -u $DOCKER_HUB_USER --password-stdin
script:
- >
docker buildx imagetools create
-t ${DOCKER_HUB_REGISTRY}:${CI_COMMIT_REF_NAME}
-t ${DOCKER_HUB_REGISTRY}:6
${GITLAB_REGISTRY}:${CI_COMMIT_REF_NAME}
# }}}
# sanity {{{
.sanity: &sanity
<<: *nodep
stage: sanity
authors:
<<: *sanity
only:
refs:
- /^release.*$/
script:
- LC_ALL=en_US.UTF-8 scripts/update-authors.sh
news:
<<: *sanity
only:
refs:
- /^release.*$/
script:
- head -n 1 NEWS | grep -q $(date +%Y-%m-%d)
trivial_checks: # aggregated to save some processing
<<: *sanity
script:
- ci/no_assert_check.sh
- ci/deckard_commit_check.sh
lint:luacheck:
<<: *sanity
script:
- meson build_ci_lint &>/dev/null
- ninja -C build_ci* luacheck
lint:pedantic:
<<: *after_build
stage: sanity
script:
- meson build_pedantic_gcc -Dwerror=true -Dc_args='-Wpedantic' -Dextra_tests=enabled
- ninja -C build_pedantic_gcc
- >
CC=clang CXX=clang++ meson build_pedantic_clang -Dwerror=true -Dextra_tests=enabled -Dc_args='
-Wpedantic -Wno-newline-eof -Wno-gnu-zero-variadic-macro-arguments -Wno-gnu-folding-constant'
- ninja -C build_pedantic_clang
lint:tidy:
<<: *after_build_arch
stage: sanity
script:
- ninja -C build_ci* tidy
# Coverity reference: https://www.synopsys.com/blogs/software-security/integrating-coverity-scan-with-gitlab-ci/
lint:coverity:
<<: *sanity
image: $IMAGE_PREFIX/coverity:$IMAGE_TAG
only:
refs:
- nightly@knot/knot-resolver
- coverity@knot/knot-resolver
script:
- meson build_ci_cov --prefix=$PREFIX
- /opt/cov-analysis/bin/cov-build --dir cov-int ninja -C build_ci_cov
- tar cfz cov-int.tar.gz cov-int
- curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
--form token=$COVERITY_SCAN_TOKEN --form email="knot-resolver@labs.nic.cz"
--form file=@cov-int.tar.gz --form version="`git describe --tags`"
--form description="`git describe --tags` / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID"
--fail-with-body
.kres-gen: &kres-gen
<<: *sanity
script:
- meson build_ci_lib --prefix=$PREFIX -Dkres_gen_test=false
- ninja -C build_ci_lib daemon/kresd
- ninja -C build_ci_lib kres-gen
- git diff --quiet || (git diff; exit 1)
kres-gen-33:
<<: *kres-gen
image: $IMAGE_PREFIX/debian12-knot_3_3:$IMAGE_TAG
root.hints:
<<: *sanity
only:
refs:
- /^release.*$/
script:
- scripts/update-root-hints.sh
ci-image-is-tag:
<<: *sanity
image: alpine:3
variables:
GIT_STRATEGY: none
script:
- apk add git
- (
git ls-remote --tags --exit-code
https://gitlab.nic.cz/knot/knot-resolver-ci.git
refs/tags/$IMAGE_TAG
&& echo "Everything is OK!"
)
|| (echo "'$IMAGE_TAG' is not a tag (probably a branch). Make sure to set it to a tag in production!"; exit 2)
# }}}
# test {{{
.test_flaky: &test_flaky
<<: *after_build
stage: test
retry:
max: 1
when:
- script_failure
deckard:
<<: *test_flaky
# Deckard won't work with jemalloc due to a faketime bug:
# https://github.com/wolfcw/libfaketime/issues/130
only: # trigger job only in repos under our control (privileged runner required)
- branches@knot/knot-resolver
- branches@knot/security/knot-resolver
tags:
- privileged
- amd64
variables:
TMPDIR: $CI_PROJECT_DIR
script:
- ${MESON_TEST} --suite integration
respdiff:basic:
<<: *after_build
stage: test
needs:
- build-stable-asan-gcc
script:
- ulimit -n "$(ulimit -Hn)" # applies only for kresd ATM
- ./ci/respdiff/start-resolvers.sh
- ./ci/respdiff/run-respdiff-tests.sh udp
- $PREFIX/sbin/kres-cache-gc -c . -u 0 # simple GC sanity check
- cat results/respdiff.txt
- echo 'test if mismatch rate < 1.0 %'
- grep -q '^target disagrees.*0\.[0-9][0-9] %' results/respdiff.txt
after_script:
- killall --wait kresd
artifacts:
when: always
paths:
- kresd.log*
- results/*.txt
- results/*.png
- results/respdiff.db/data.mdb*
- ./*.info
test:valgrind:
<<: *test_flaky
script:
- >
${MESON_TEST}
--suite unit
--suite config
--no-suite skip_valgrind
--no-suite snowflake
--wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp"
- >
MESON_TESTTHREADS=1 ${MESON_TEST}
--no-suite skip_valgrind
--wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp"
--suite snowflake
manager:
stage: test
needs: []
trigger:
include: .gitlab-ci.manager.yml
strategy: depend
except:
refs:
- master@knot/knot-resolver
- master@knot/security/knot-resolver
- tags
variables:
- $SKIP_CI == "1"
pytests:
<<: *test_flaky
needs:
- build-stable-asan-gcc
artifacts:
when: always
paths:
- build_ci*/meson-logs/testlog*.txt
- tests/pytests/*.html
- tests/pytests/*.junit.xml
reports: # Can't have multiple junit XMLs?
junit: tests/pytests/pytests.parallel.junit.xml
script:
- ${MESON_TEST} --suite pytests
# }}}
# respdiff {{{
.condor: &condor
<<: *common
tags:
- condor
needs: []
only: # trigger job only in repos under our control
- branches@knot/knot-resolver
- branches@knot/security/knot-resolver
# The set of respdiff+resperf jobs takes over two hours to execute.
when: manual
.respdiff: &respdiff
<<: *condor
stage: respdiff
script:
- git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPDIFF_FORCE -gt 0 || exit 77
- test ! -f /var/tmp/respdiff-jobs/buffer/buffer_$RESPDIFF_TEST_stats.json || test $RESPDIFF_FORCE -gt 0 || ( echo "Reference unstable, try again in ~3h or use RESPDIFF_FORCE=1."; exit 1 )
- export LABEL=gl$(date +%s)
- export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
- export TESTDIR="$COMMITDIR/$RESPDIFF_TEST"
- ln -s $COMMITDIR respdiff_commitdir
- >
sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
-p $RESPDIFF_PRIORITY
-c $RESPDIFF_COUNT
$(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
"$(git rev-parse --short HEAD)" -l $LABEL -t $RESPDIFF_TEST --knot-branch=$KNOT_VERSION
--respdiff-stats /var/tmp/respdiff-jobs/ref_current/*_${RESPDIFF_TEST}_stats.json)
- for f in $TESTDIR/*.json; do test -s "$f" || (cat $TESTDIR/*stderr*; cat $TESTDIR/j*_docker.txt; exit 1); done
- sudo -u respdiff /var/opt/respdiff/contrib/job_manager/plot_ref.sh $TESTDIR/.. /var/tmp/respdiff-jobs/ref_current $RESPDIFF_TEST
after_script:
- 'cp -t . respdiff_commitdir/$RESPDIFF_TEST/j* ||:'
- 'cp -t . respdiff_commitdir/*$RESPDIFF_TEST*.png ||:'
- 'cat respdiff_commitdir/$RESPDIFF_TEST/*histogram.tar.gz | tar -xf - -i ||:'
artifacts:
when: always
expire_in: 1 week
paths:
- ./j*
- ./*.png
- ./*histogram/*
fwd-tls6-kresd.udp6:
<<: *respdiff
variables:
RESPDIFF_TEST: shortlist.fwd-tls6-kresd.udp6
fwd-udp6-kresd.udp6:
<<: *respdiff
variables:
RESPDIFF_TEST: shortlist.fwd-udp6-kresd.udp6
iter.udp6:
<<: *respdiff
variables:
RESPDIFF_TEST: shortlist.iter.udp6
iter.tls6:
<<: *respdiff
variables:
RESPDIFF_TEST: shortlist.iter.tls6
fwd-udp6-unbound.udp6:
<<: *respdiff
variables:
RESPDIFF_TEST: shortlist.fwd-udp6-unbound.udp6
fwd-udp6-unbound.tcp6:
<<: *respdiff
variables:
RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tcp6
fwd-udp6-unbound.tls6:
<<: *respdiff
variables:
RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tls6
.resperf: &resperf
<<: *condor
stage: respdiff
script:
- git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPERF_FORCE -gt 0 || exit 77
- export LABEL=gl$(date +%s)
- export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
- export TESTDIR="$COMMITDIR/$RESPERF_TEST"
- ln -s $COMMITDIR resperf_commitdir
- >
sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
$(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
"$(git rev-parse --short HEAD)" -l $LABEL --asan -t $RESPERF_TEST --knot-branch=$KNOT_VERSION)
- export EXITCODE=$(cat $TESTDIR/j*_exitcode)
- if [[ "$EXITCODE" == "0" ]]; then cat $TESTDIR/j*_resperf.txt; else cat $TESTDIR/j*_docker.txt; fi
- exit $EXITCODE
after_script:
- 'cp -t . resperf_commitdir/$RESPERF_TEST/j* ||:'
artifacts:
when: always
expire_in: 1 week
paths:
- ./j*
rp:fwd-tls6.udp-asan:
<<: *resperf
variables:
RESPERF_TEST: resperf.fwd-tls6.udp
rp:fwd-udp6.udp-asan:
<<: *resperf
variables:
RESPERF_TEST: resperf.fwd-udp6.udp
rp:iter.udp-asan:
<<: *resperf
variables:
RESPERF_TEST: resperf.iter.udp
# }}}
# deploy {{{
# copy snapshot of current master to nightly branch for further processing
# (this is workaround for missing complex conditions for job limits in Gitlab)
nightly:copy:
stage: deploy
needs: []
only:
variables:
- $CREATE_NIGHTLY == "1"
refs:
- master@knot/knot-resolver
script:
- 'tmp_file=$(mktemp)'
# delete nightly branch
- 'STATUS=$(curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" -s -o ${tmp_file} -w "%{http_code}" "https://gitlab.nic.cz/api/v4/projects/147/repository/branches/nightly/unprotect")'
- '[ "x${STATUS}" == "x200" ] || { cat ${tmp_file}; rm ${tmp_file}; exit 1; }'
# no output from DELETE command
- 'STATUS=$(curl --request DELETE --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" -s -o ${tmp_file} -w "%{http_code}" "https://gitlab.nic.cz/api/v4/projects/147/repository/branches/nightly")'
# recreate nightly branch from current master
- 'STATUS=$(curl --request POST --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" -s -o ${tmp_file} -w "%{http_code}" "https://gitlab.nic.cz/api/v4/projects/147/repository/branches?branch=nightly&ref=master")'
- '[ "x${STATUS}" == "x201" ] || { cat ${tmp_file}; rm ${tmp_file}; exit 1; }'
- 'STATUS=$(curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" -s -o ${tmp_file} -w "%{http_code}" "https://gitlab.nic.cz/api/v4/projects/147/repository/branches/nightly/protect")'
- '[ "x${STATUS}" == "x200" ] || { cat ${tmp_file}; rm ${tmp_file}; exit 1; }'
- 'rm ${tmp_file}'
obs:trigger: &obs_trigger
stage: deploy
only:
variables:
- $OBS_REPO
dependencies: # wait for previous stages to finish
- archive
environment:
name: OBS/$OBS_REPO
url: https://build.opensuse.org/package/show/home:CZ-NIC:$OBS_REPO/knot-resolver
tags:
- condor
allow_failure: false # required to make when: manual action blocking
script:
- python3 -m venv ./venv
- source ./venv/bin/activate
- pip install --upgrade pip
- pip install apkg
- scripts/ci/make-obs.sh
- echo y | scripts/ci/build-in-obs.sh $OBS_REPO
obs:release:
<<: *obs_trigger
only:
- tags
variables:
OBS_REPO: knot-resolver-latest
when: manual
obs:odvr:
<<: *obs_trigger
stage: pkg # last stage to ensure it doesn't block anything
only:
- tags
variables:
OBS_REPO: knot-resolver-odvr
when: manual
# }}}
# pkg {{{
.pkg_deb_extras: &pkg_deb_extras
before_script:
- apt update
.enable_repo_build: &enable_repo_build
before_script:
- ./scripts/ci/enable-repo-cznic-labs.sh knot-dns
.pkg_test: &pkg_test
stage: pkg
needs:
- pkg:make-archive
tags:
- lxc
- amd64
script:
# make sure the archive from pkg:make-archive is available
- apkg info cache | grep archive/dev
- apkg install --build-dep
- apkg test --test-dep
after_script:
- journalctl -u knot-resolver.service
artifacts:
expire_in: 1 week
paths:
- pkg/pkgs/
.pkg_test_user: &pkg_test_user
<<: *pkg_test
script:
- apkg info cache | grep archive/dev
- apkg build-dep --test-dep
- apkg make-archive
- chgrp -R test .
- chmod -R g+rwX .
- find -type d -exec chmod g+s {} +
- git config core.sharedRepository group
- sudo -u test git config --global --add safe.directory '*'
- sudo -u test apkg build
- apkg install
- apkg test
.pkg_test_deb: &pkg_test_deb
<<: *pkg_test
<<: *pkg_deb_extras
pkg:make-archive:
# archive is created once and reused in other pkg jobs
<<: *pkg_deb_extras
stage: pkg
image: $CI_REGISTRY/packaging/apkg/full/ubuntu-24.04
tags:
- lxc
- amd64
needs: []
artifacts:
paths:
- pkg/
script:
- apkg build-dep
- apkg make-archive
pkg:debian-13:
<<: *pkg_test_deb
image: $CI_REGISTRY/packaging/apkg/full/debian-13
pkg:debian-12:
<<: *pkg_test_deb
<<: *enable_repo_build
image: $CI_REGISTRY/packaging/apkg/full/debian-12
pkg:debian-11:
<<: *pkg_test_deb
<<: *enable_repo_build
image: $CI_REGISTRY/packaging/apkg/full/debian-11
pkg:ubuntu-25.04:
<<: *pkg_test_deb
image: $CI_REGISTRY/packaging/apkg/full/ubuntu-25.04
pkg:ubuntu-24.10:
<<: *pkg_test_deb
image: $CI_REGISTRY/packaging/apkg/full/ubuntu-24.10
pkg:ubuntu-24.04:
<<: *pkg_test_deb
image: $CI_REGISTRY/packaging/apkg/full/ubuntu-24.04
pkg:ubuntu-22.04:
<<: *pkg_test_deb
<<: *enable_repo_build
image: $CI_REGISTRY/packaging/apkg/full/ubuntu-22.04
pkg:ubuntu-20.04:
<<: *pkg_test_deb
<<: *enable_repo_build
image: $CI_REGISTRY/packaging/apkg/full/ubuntu-20.04
pkg:fedora-41:
<<: *pkg_test
image: $CI_REGISTRY/packaging/apkg/full/fedora-41
pkg:fedora-40:
<<: *pkg_test
image: $CI_REGISTRY/packaging/apkg/full/fedora-40
pkg:alma-9:
<<: *pkg_test
image: $CI_REGISTRY/packaging/apkg/full/alma-9
before_script:
# python-watchdog is not included in the official Alma 9 packages
# install it using PyPi just for testing
- pip3 install watchdog
pkg:arch:
<<: *pkg_test_user
image: $CI_REGISTRY/packaging/apkg/full/arch
before_script:
# prometheus and watchdog are optional dependencies, but our `apkg test` needs them
- pacman -Syu --noconfirm python-prometheus_client python-watchdog
# RHEL 8 derivatives would need more work due to *default* python being old
#pkg:rocky-8:
# <<: *pkg_test
# image: $CI_REGISTRY/packaging/apkg/full/rocky-8
# Leap 15.4 would need more work due to *default* python being old
#pkg:opensuse-15.4:
# <<: *pkg_test
# <<: *enable_repo_build
# image: $CI_REGISTRY/packaging/apkg/full/opensuse-15.4
# allow_failure: true # SUSE is always special
# }}}
# docs: {{{
docs:build:
stage: build
needs: []
script:
- git submodule update --init --recursive
- pip3 install -U -r doc/requirements.txt
- pip3 install -U sphinx_rtd_theme
- meson build_doc -Ddoc=enabled
- ninja -C build_doc doc
artifacts:
paths:
- doc/html
# This job deploys the Knot Resolver documentation into a development
# environment, which may be found at
# <https://gitlab.nic.cz/knot/knot-resolver/-/environments/folders/docs-develop>.
# The actual URL is found in the `environment.url` property, where
# $CI_PROJECT_NAMESPACE will be "knot" on the upstream GitLab.
docs:develop:
stage: deploy
needs:
- docs:build
except:
refs:
- tags
script:
- echo "Propagating artifacts into develop environment"
artifacts:
paths:
- doc/html
environment:
name: docs-develop/$CI_COMMIT_REF_NAME
url: https://www.knot-resolver.cz/documentation/artifacts/$CI_JOB_ID/index.html
# This job deploys the Knot Resolver documentation into a release environment,
# which may be found at
# <https://gitlab.nic.cz/knot/knot-resolver/-/environments/folders/docs-release>.
# The actual URL is found in the `environment.url` property, where
# $CI_PROJECT_NAMESPACE will be "knot" on the upstream GitLab.
# The job requires the `DOCS_ENV_NAME` variable to be set by the user.
docs:release:
stage: deploy
needs:
- docs:build
only:
refs:
- tags
script: echo "Propagating artifacts into release environment"
artifacts:
paths:
- doc/html
environment:
name: docs-release/$CI_COMMIT_TAG
url: https://www.knot-resolver.cz/documentation/artifacts/$CI_JOB_ID/index.html
# This job deploys the current docs as <https://knot.pages.nic.cz/knot-resolver>
pages:
stage: deploy
needs:
- docs:build
script: mv doc/html public
when: manual
artifacts:
paths:
- public
# This job pushes the Knot Resolver documentation into a new branch of the
# `websites/knot-resolver.cz` repository.
docs:website:
stage: deploy
needs:
- docs:build
when: manual
variables:
script:
- "SRC_COMMIT_REF=\"$CI_COMMIT_TAG$CI_COMMIT_BRANCH$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME\""
- "git clone \"https://gitlab-ci-token:$WEBSITE_DOCS_CI_TOKEN@$CI_SERVER_HOST:$CI_SERVER_PORT/websites/knot-resolver.cz.git\" website"
- "cp --recursive --verbose \"doc/html\" \"website/content/documentation/$SRC_COMMIT_REF\""
- cd website
- "git checkout -b \"docs/$SRC_COMMIT_REF\""
- "git add \"content/documentation/$SRC_COMMIT_REF\""
- "git commit -m \"docs: $SRC_COMMIT_REF\""
- "git push --force --set-upstream origin \"docs/$SRC_COMMIT_REF\""
# }}}
.gitmodules
View file @ 8c3183c5
[submodule "tests/deckard"]
path = tests/deckard
url = https://gitlab.labs.nic.cz/knot/deckard.git
[submodule "tests/integration/deckard"]
path = tests/integration/deckard
url = https://gitlab.nic.cz/knot/deckard.git
[submodule "modules/policy/lua-aho-corasick"]
path = modules/policy/lua-aho-corasick
url = https://gitlab.nic.cz/knot/3rdparty/lua-aho-corasick.git
[submodule "tests/config/tapered"]
path = tests/config/tapered
url = https://gitlab.nic.cz/knot/3rdparty/lua-tapered.git
.luacheckrc 0 → 100644
View file @ 8c3183c5
-- SPDX-License-Identifier: GPL-3.0-or-later
std = 'luajit'
new_read_globals = {
'cache',
'eval_cmd',
'event',
'help',
'_hint_root_file',
'hostname',
'map',
'modules',
'net',
'package_version',
'quit',
'resolve',
'ta_update',
'fromjson',
'todname',
'tojson',
'user',
'worker',
'kluautil_list_dir',
-- Sandbox declarations
'kB',
'MB',
'GB',
'sec',
'second',
'minute',
'min',
'hour',
'day',
'panic',
'log',
'log_error',
'log_warn',
'log_info',
'log_debug',
'log_fmt',
'log_qry',
'log_req',
'log_level',
'log_target',
'log_groups',
'LOG_CRIT',
'LOG_ERR',
'LOG_WARNING',
'LOG_NOTICE',
'LOG_INFO',
'LOG_DEBUG',
'mode',
'reorder_RR',
'option',
'env',
'debugging',
'kres',
'libknot_SONAME',
'libzscanner_SONAME',
'table_print',
'_ENV',
}
new_globals = {
-- Modules are allowed to be set and accessed from global namespace
'policy',
'view',
'stats',
'http',
'trust_anchors',
'bogus_log',
}
-- Luacheck < 0.18 doesn't support new_read_globals
for _, v in ipairs(new_read_globals) do
table.insert(new_globals, v)
end
exclude_files = {
'modules/policy/lua-aho-corasick', -- Vendored
'tests/config/tapered',
'build*/**', -- build outputs
'pkg/**', -- packaging outputs
}
-- Ignore some pedantic checks
ignore = {
'4.1/err', -- Shadowing err
'4.1/.', -- Shadowing one letter variables
}
-- Sandbox can set global variables
files['**/daemon/lua'].ignore = {'111', '121', '122'}
files['**/daemon/lua/kres-gen-*.lua'].ignore = {'631'} -- Allow overly long lines
-- Tests and scripts can use global variables
files['scripts'].ignore = {'111', '112', '113'}
files['tests'].ignore = {'111', '112', '113'}
files['**/utils/upgrade'].ignore = {'111', '112', '113'}
files['**/modules/**/*.test.lua'].ignore = {'111', '112', '113', '121', '122'}
files['**/daemon/**/*.test.lua'].ignore = {'111', '112', '113', '121', '122'}
.mailmap 0 → 100644
View file @ 8c3183c5
Aleš Mrázek <ales.mrazek@nic.cz>
Alex Forster <aforster@cloudflare.com>
Ali Asad Lotia <ali.asad.lotia@gmail.com>
Anbang Wen <anbang@cloudflare.com> <xofyarg@gmail.com>
Anbang Wen <anbang@cloudflare.com> <anb@dev.null>
Andreas Rammhold <andreas@rammhold.de>
Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Salzman <daniel.salzman@nic.cz>
daurnimator <quae@daurnimator.com>
David Beitey <david@davidjb.com>
Grigorii Demidov <grigorii.demidov@nic.cz>
Hasnat <hasnat.ullah@gmail.com>
Jiří Helebrant <jiri.helebrant@nic.cz> <helb@helb.cz>
Ivana Krumlová <ivana.krumlova@nic.cz>
Jakub Ružička <jakub.ruzicka@nic.cz>
Jan Hák <jan.hak@nic.cz>
Jan Holuša <jan.holusa@nic.cz>
Jan Pavlinec <jan.pavlinec@nic.cz>
Jan Včelák <jan.vcelak@nic.cz> <jv@fcelda.cz>
Jan Včelák <jan.vcelak@nic.cz>
Jayson Reis <santosdosreis@gmail.com>
Jonathan Coetzee <jon@thancoetzee.com>
Josh Soref <jsoref@users.noreply.github.com>
Karel Slaný <karel.slany@nic.cz>
Libor Peltan <libor.peltan@nic.cz>
Lukáš Ježek <lukas.jezek@nic.cz>
Manu Bretelle <chantr4@gmail.com>
Marek Vavruša <mvavrusa@cloudflare.com> Marek Vavrusa <marek@vavrusa.com>
Marek Vavruša <mvavrusa@cloudflare.com> Marek Vavruša <mvavrusa@cloudflare.com>
Marek Vavruša <mvavrusa@cloudflare.com> Marek Vavruša <marek.vavrusa@nic.cz>
Marek Vavruša <mvavrusa@cloudflare.com> <marek@vavrusa.com>
Marek Vavruša <mvavrusa@cloudflare.com> <marek.vavrusa@nic.cz>
Michal Karm Babáček <karm@email.cz>
Michal Lupečka <mlupecka@nic.cz>
Ondřej Surý <ondrej.sury@nic.cz> <ondrej@sury.org>
Oto Šťáva <oto.stava@nic.cz> <oto.stava@gmail.com>
Paul Hoffman <paul.hoffman@icann.org> <phoffman@proper.com>
Paul Hoffman <paul.hoffman@icann.org>
Pavel Doležal <pavel.dolezal@nic.cz>
Pavel Valach <valach.pavel@gmail.com>
Petr Špaček <petr.spacek@nic.cz>
rickhg12hs <rickhg12hs@users.noreply.github.com>
Robert Šefr <robert.sefr@outlook.com>
SH <sh@analogic.cz>
Simon South <simon@simonsouth.net>
Štěpán Balážik <stepan@balazik.cz> <stepan.balazik@nic.cz>
Štěpán Kotek <stepan.kotek@nic.cz> Stepan Kotek <stepan.kotek@nic.cz>
Štěpán Kotek <stepan.kotek@nic.cz> <stepan.kotek@gmail.com>
The Gitter Badger <badger@gitter.im>
Tomáš Hozza <thozza@redhat.com>
Tomáš Křížek <tomas.krizek@nic.cz>
Ulrich Wisser <ulrich.wisser@iis.se>
Leo Vandewoestijne <github@unicycle.net>
<vaclav.sraier@nic.cz> <git@vakabus.cz>
Václav Šraier <vaclav.sraier@nic.cz>
Vicky Shrestha <vicky@cloudflare.com> <vicky@geeks.net.np>
Vítězslav Kříž <vitezslav.kriz@nic.cz>
Vladimír Čunát <vladimir.cunat@nic.cz> <vcunat@gmail.com>
.python-version 0 → 100644
View file @ 8c3183c5
3.8.20
3.9.20
3.10.15
3.11.10
3.12.6
3.13.0
.readthedocs.yaml 0 → 100644
View file @ 8c3183c5
version: 2
build:
os: ubuntu-22.04
tools:
python: "3.11"
sphinx:
configuration: doc/conf.py
python:
install:
- requirements: doc/requirements.txt
formats:
- pdf
- epub
.travis.yml deleted 100644 → 0
View file @ aecffe74
language: c
os:
- linux
- osx
compiler:
- clang
notifications:
email:
on_success: change
on_failure: change
slack:
rooms: cznic:xNJmvHU2xu2aGtN7Y2eqHKoD
on_success: change
on_failure: change
webhooks:
urls: https://webhooks.gitter.im/e/66485d8f591942052faa
on_success: always
on_failure: always
matrix:
fast_finish: true
allow_failures:
- os: osx
env:
global:
- PKG_CONFIG_PATH="${HOME}/.local/lib/pkgconfig"
- PATH="${HOME}/.local/bin:/usr/local/bin:${PATH}"
- CFLAGS="-O2 -g -fno-omit-frame-pointer -DDEBUG"
- LD_LIBRARY_PATH="${HOME}/.local/lib"
- DYLD_LIBRARY_PATH="${HOME}/.local/lib"
- MALLOC_CHECK_=3
- MALLOC_PERTURB_=223
before_script:
- ./scripts/bootstrap-depends.sh ${HOME}/.local
script:
- make -j2 install check V=1 COVERAGE=1 PREFIX=${HOME}/.local
- ./daemon/kresd -h
- ./daemon/kresd -V
- echo "quit()" | ./daemon/kresd -a 127.0.0.1#53535 .
- make -j2 check-integration COVERAGE=1 PREFIX=${HOME}/.local
after_success:
- test $TRAVIS_OS_NAME = linux && coveralls -i lib -i daemon -x ".c" --gcov-options '\-lp'
sudo: false
cache:
directories:
- ${HOME}/.local
- ${HOME}/.cache/pip
before_cache:
- rm -f ${HOME}/.local/sbin/kresd
- rm -f ${HOME}/.local/lib/libkres.*
- rm -rf ${HOME}/.local/include/libkres
- rm -rf ${HOME}/.local/lib/kdns_modules
ARCHITECTURE.md 0 → 100644
View file @ 8c3183c5
# Inner architecture of the manager
![architecture diagram](docs/img/manager_architecture_diagram.svg)
## API
The API server is implemented using [`aiohttp`](https://docs.aiohttp.org/en/stable/). This framework provides the application skeleton and manages application runtime. The manager is actually a normal web application with the slight difference that we don't save the data in a database but rather modify systems state.
## Data processing
From the web framework, we receive data as simple strings. After this step, we return a fully typed object with valid configuration (or an exception with an error).
### Parsing
We currently support YAML and JSON and decide based on `Content-Type` header (JSON being the default if no `Content-Type` header is provided). We use the Python's [build-in JSON parser](https://docs.python.org/3/library/json.html) and [`PyYAML`](https://pyyaml.org/).
### Schema and type validation
The parsing step returns a dict-like object, which does not provide any guarantees about it's content. We map the values from this object to a proper class object based on Python's native type annotations. The code to do this is custom made, no libraries needed.
### Normalization
After we move the configuration to the typed objects, we need to normalize its values for further use. For example, all `auto` values should be replaced by real infered values. The result of this step is yet another typed object, but different than the input one so that we can statically distinguish between normalized and not-normalized config data.
## Actual manager
The actual core of the whole application is originally named the manager. It keeps a high-level view of the systems state and performs all necessary operations to change the state to the desired one. It does not interact with the system directly, majority of interactions are hidden behing abstract backends.
Every other part of the processing pipeline is fully concurrent. The manager is a place where synchronization happens.
## Backends
The Knot Resolver Manager supports several backends, more specifically several service managers that can run our workers. The main one being `systemd` has several variants, so that it can run even without privileges. The other currently supported option is `supervisord`.
The used backend is chosen automatically on startup based on available privileges and other running software. This decision can be overriden manually using a command line option.
# Partial config updates
The pipeline described above works well when the user provides full configuration through the API. However, some users might want to make only partial changes as it allows several independent client applications to change different parts of the config independently without explicit synchronization on their part.
When a user submits a partial config, we parse it and change the last used config accordingly. The change happens before the normalization step as that is the first step modifing provided data.
\ No newline at end of file
AUTHORS
View file @ 8c3183c5
Marek Vavrusa <marek@vavrusa.com>
Ondřej Surý <ondrej.sury@nic.cz>
Jan Vcelak <jan.vcelak@nic.cz>
Grigorii Demidov <grigorii.demidov@nic.cz>
Karel Slany <karel.slany@nic.cz>
Knot Resolver was conceived and is being developed
by research department of CZ.NIC, the CZ TLD operator.
Over the years many organizations and individuals contributed to the project.
Special thanks belongs to following organizations:
- Comcast
- Cloudflare
- ICANN
People who contributed commits to our Git repo are:
Aleš Mrázek <ales.mrazek@nic.cz>
Alex Forster <aforster@cloudflare.com>
Ali Asad Lotia <ali.asad.lotia@gmail.com>
Anbang Wen <anbang@cloudflare.com>
Andreas Rammhold <andreas@rammhold.de>
Christophe Nowicki <cscm@csquad.org>
Christopher Ng <facboy@gmail.com>
cronfy <cronfy@gmail.com>
Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Salzman <daniel.salzman@nic.cz>
daurnimator <quae@daurnimator.com>
David Beitey <david@davidjb.com>
Felix Yan <felixonmars@archlinux.org>
Frantisek Tobias <frantisek.tobias@nic.cz>
Grigorii Demidov <grigorii.demidov@nic.cz>
Hasnat <hasnat.ullah@gmail.com>
Héctor Molinero Fernández <hector@molinero.dev>
Ivana Krumlová <ivana.krumlova@nic.cz>
Jakub Jirutka <jakub@jirutka.cz>
Jakub Ružička <jakub.ruzicka@nic.cz>
Jan Hák <jan.hak@nic.cz>
Jan Holuša <jan.holusa@nic.cz>
Jan Pavlinec <jan.pavlinec@nic.cz>
Jan Včelák <jan.vcelak@nic.cz>
Jayson Reis <santosdosreis@gmail.com>
Jiří Helebrant <jiri.helebrant@nic.cz>
Jonathan Coetzee <jon@thancoetzee.com>
Josh Soref <jsoref@users.noreply.github.com>
Karel Slaný <karel.slany@nic.cz>
Kirill A. Korinsky <kirill@korins.ky>
Konstantin Amelichev <kostya.amelichev@gmail.com>
Ladislav Lhotka <ladislav.lhotka@nic.cz>
Leo Vandewoestijne <github@unicycle.net>
Libor Peltan <libor.peltan@nic.cz>
Lukáš Ježek <lukas.jezek@nic.cz>
Lukáš Ondráček <lukas.ondracek@nic.cz>
Manu Bretelle <chantr4@gmail.com>
Marek Vavruša <mvavrusa@cloudflare.com>
menakite <29005531+menakite@users.noreply.github.com>
Michal Karm Babáček <karm@email.cz>
Michal Lupečka <mlupecka@nic.cz>
Ondřej Surý <ondrej.sury@nic.cz>
Oto Šťáva <oto.stava@nic.cz>
Paul Hoffman <paul.hoffman@icann.org>
Pavel Doležal <pavel.dolezal@nic.cz>
Pavel Valach <valach.pavel@gmail.com>
Tomas Hozza <thozza@redhat.com>
Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Peter Keresztes Schmidt <carbenium@outlook.com>
Petr Špaček <petr.spacek@nic.cz>
realPy <t3sla@v-ip.fr>
rickhg12hs <rickhg12hs@users.noreply.github.com>
Robert Šefr <robert.sefr@outlook.com>
SH <sh@analogic.cz>
Simon South <simon@simonsouth.net>
Štěpán Balážik <stepan@balazik.cz>
Štěpán Kotek <stepan.kotek@nic.cz>
The Gitter Badger <badger@gitter.im>
Tomáš Hozza <thozza@redhat.com>
Tomáš Křížek <tomas.krizek@nic.cz>
Tom Herbers <mail@tomherbers.de>
Ulrich Wisser <ulrich.wisser@iis.se>
Václav Šraier <vaclav.sraier@nic.cz>
Vicky Shrestha <vicky@cloudflare.com>
Vítězslav Kříž <vitezslav.kriz@nic.cz>
Vladimír Čunát <vladimir.cunat@nic.cz>
Knot Resolver source tree also bundles code and content published by:
Austin Appleby <aappleby@gmail.com>
Dan Vanderkam <danvdk@gmail.com>
Jonathan Allard <jonathan@allard.io>
Joseph A. Adams <joeyadams3.14159@gmail.com>
Mark DiMarco <mark.dimarco@gmail.com>
Michael Bostock <mike@ocks.org>
Rusty Russell <rusty@rustcorp.com.au>
Thomas Park <thomas@thomaspark.co>
Vincent Bernat <vincent@bernat.im>
Fastly
jQuery Foundation
Knot DNS contributors
Twitter
United Computer Wizards
Thanks to everyone who knowingly or unknowingly contributed!
CONTRIBUTING.md 0 → 100644
View file @ 8c3183c5
Contributing
============
Please file issues and merge requests against the upstream repository:
[https://gitlab.nic.cz/knot/knot-resolver](https://gitlab.nic.cz/knot/knot-resolver)
Opening a merge request on gitlab.nic.cz
----------------------------------------
Unfortunately, due to administrative policy, forking is disabled by default. To
be able to fork, please send us an e-mail with your username to knot-resolver@labs.nic.cz
We apologize for the inconvenience and if you can't be bothered, please
consider alternate ways of contributing, such as:
- Opening a pull request on [github.com](https://github.com/CZ-NIC/knot-resolver).
We'll take care of it and move it to our upstream.
- Sending a patch to the users list: knot-resolver-users@lists.nic.cz
COPYING
View file @ 8c3183c5
Unless specifically indicated otherwise in a file or directory,
files are licensed under GNU GPL license either version 3, or
(at your option) any later version.
SPDX-License-Identifier: GPL-3.0-or-later
SPDX-URL: https://spdx.org/licenses/GPL-3.0-or-later.html
License-Text:
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
......
ChangeLog deleted 100644 → 0
View file @ aecffe74
# Change Log
All notable changes to this project will be documented in this file.
## Unreleased changes
* N/A
## 1.1.0
* RFC7873 DNS Cookies
* RFC7858 DNS over TLS
* HTTP/2 web interface, RESTful API
* Metrics exported in Prometheus
* DNS firewall module
* Explicit CNAME target fetching in strict mode
* Query minimisation improvements
* Improved integration with systemd
## 1.0.0
* First release
CodingStyle
View file @ 8c3183c5
......@@ -2,4 +2,4 @@
Linux kernel [coding style][lkstyle], same practices for API documentation.
[lkstyle]: https://www.kernel.org/doc/Documentation/CodingStyle
[lkstyle]: https://www.kernel.org/doc/Documentation/process/coding-style.rst
Dockerfile 0 → 100644
View file @ 8c3183c5
# SPDX-License-Identifier: GPL-3.0-or-later
# Intermediate container for build
FROM debian:12 AS build
ENV OBS_REPO=knot-resolver-latest
ENV DISTROTEST_REPO=Debian_12
RUN apt-get update -qq && \
apt-get -qqq -y install \
apt-transport-https ca-certificates wget \
pipx devscripts && \
pipx install apkg
RUN wget -O /usr/share/keyrings/cznic-labs-pkg.gpg https://pkg.labs.nic.cz/gpg && \
echo "deb [signed-by=/usr/share/keyrings/cznic-labs-pkg.gpg] https://pkg.labs.nic.cz/knot-resolver bookworm main" \
> /etc/apt/sources.list.d/cznic-labs-knot-resolver.list && \
apt-get update -qq
COPY . /source
RUN cd /source && \
export PATH="$PATH:/root/.local/bin" && \
git submodule update --init --recursive && \
git config --global user.name "Docker Build" && \
git config --global user.email docker-build@knot-resolver && \
\
# Replace 'knot-resolver' user and group with 'root'
# in meson_options.tx and python/knot_resolver/constants.py.
# This is needed for the file/directory permissions validation
# and then for the proper functioning of the resolver.
sed s/knot-resolver/root/g -i meson_options.txt && \
sed 's/USER.*/USER = "root"/g' -i python/knot_resolver/constants.py && \
sed 's/GROUP.*/GROUP = "root"/g' -i python/knot_resolver/constants.py && \
git commit -a -m TMP && \
\
/root/.local/bin/apkg build-dep -y && \
/root/.local/bin/apkg build
# Real container
FROM debian:12-slim AS runtime
ENV OBS_REPO=knot-resolver-latest
ENV DISTROTEST_REPO=Debian_12
RUN apt-get update -qq && \
apt-get -qqq -y install apt-transport-https ca-certificates
COPY --from=build \
/usr/share/keyrings/cznic-labs-pkg.gpg \
/usr/share/keyrings/cznic-labs-pkg.gpg
COPY --from=build \
/etc/apt/sources.list.d/cznic-labs-knot-resolver.list \
/etc/apt/sources.list.d/cznic-labs-knot-resolver.list
RUN apt-get update -qq && \
apt-get upgrade -qq
COPY --from=build /source/pkg/pkgs/debian-12 /pkg
# install resolver, minimize image and prepare config directory
RUN apt-get install -y /pkg/*/*.deb && \
rm -r /pkg && \
apt-get remove -y -qq curl gnupg2 && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
COPY etc/config/config.example.docker.yaml /etc/knot-resolver/config.yaml
LABEL cz.knot-resolver.vendor="CZ.NIC"
LABEL maintainer="knot-resolver-users@lists.nic.cz"
# Export plain DNS, DoT, DoH and management interface
EXPOSE 53/UDP 53/TCP 443/TCP 853/TCP 5000/TCP
# Prepare shared config
VOLUME /etc/knot-resolver
# Prepare shared cache
VOLUME /var/cache/knot-resolver
ENTRYPOINT ["/usr/bin/knot-resolver"]
CMD ["-c", "/etc/knot-resolver/config.yaml"]