.clang-tidy

+---
+Checks: |-
+  bugprone-*,
+  cert-*,
+  google-readability-casting,
+  misc-*,
+  readability-*,
+
+  -bugprone-assignment-in-if-condition,
+  -bugprone-branch-clone,
+  -bugprone-easily-swappable-parameters,
+  -bugprone-inc-dec-in-conditions,
+  -bugprone-multi-level-implicit-pointer-conversion,
+  -bugprone-narrowing-conversions,
+  -bugprone-not-null-terminated-result,
+  -bugprone-sizeof-expression,
+  -bugprone-suspicious-string-compare,
+  -cert-dcl03-c,
+  -cert-dcl16-c,
+  -clang-analyzer-deadcode.DeadStores,
+  -clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,
+  -clang-analyzer-unix.Malloc,
+  -clang-analyzer-valist.Uninitialized,
+  -clang-analyzer-optin.core.EnumCastOutOfRange,
+  -misc-include-cleaner,
+  -misc-macro-parentheses,
+  -misc-no-recursion,
+  -misc-static-assert,
+  -misc-unused-parameters,
+  -readability-avoid-nested-conditional-operator,
+  -readability-avoid-unconditional-preprocessor-if,
+  -readability-braces-*,
+  -readability-cognitive-complexity,
+  -readability-else-after-return,
+  -readability-function-cognitive-complexity,
+  -readability-identifier-length,
+  -readability-isolate-declaration,
+  -readability-magic-numbers,
+  -readability-non-const-parameter,
+  -readability-redundant-declaration,
+  -readability-uppercase-literal-suffix,
+  -clang-analyzer-core.UndefinedBinaryOperatorResult
+
+# TODO: remove `-clang-analyzer-core.UndefinedBinaryOperatorResult` when we
+# upgrade to Clang >=18 (it's a false positive )
+
+WarningsAsErrors: |-
+  cert-*,
+  clang-analyzer-*,
+  misc-*,
+  readability-*,
+  -readability-non-const-parameter,
+
+HeaderFilterRegex: 'contrib/ucw/*.h'
+CheckOptions:
+  - key:             readability-identifier-naming
+    value:           'lower_case'
+  - key:             readability-function-size.StatementThreshold
+    value:           '400'
+  - key:             readability-function-size.LineThreshold
+    value:           '500'

.dir-locals.el

+;; emacs local configuration settings for knot-resolver source
+;; surmised by dkg on 2016-04-02 23:46:50-0300
+;; SPDX-License-Identifier: GPL-3.0-or-later
+
+((c-mode
+  (indent-tabs-mode . t)
+  (tab-width . 8)
+  (c-basic-offset . 8)
+  (c-file-style . "linux"))
+ )

.gitattributes

+*.c	diff=cpp
+*.cpp	diff=cpp

.github/workflows/macOS.yaml

+name: macOS
+
+on: push
+
+jobs:
+  build-test:
+    name: Build & unit tests & sanity check
+    runs-on: macOS-latest
+    strategy:
+      matrix:
+        knot-version: ['3.3']
+
+    steps:
+      - name: Checkout resolver code
+        uses: actions/checkout@v2
+        with:
+          submodules: true
+
+      - name: Install dependecies from brew
+        run:
+          brew install cmocka luajit libuv lmdb meson nghttp2 autoconf automake m4 libtool pkg-config
+
+      - name: Install libknot from sources
+        env:
+          KNOT_DNS_VERSION: ${{ matrix.knot-version }}
+        run: |
+          git clone -b ${KNOT_DNS_VERSION} https://gitlab.nic.cz/knot/knot-dns.git
+          cd knot-dns
+          autoreconf -fi
+          ./configure --prefix=${HOME}/.local/usr --disable-static --disable-fastparser --disable-documentation --disable-daemon --disable-utilities --with-lmdb=no
+          make -j2 install
+          cd ..
+
+      - name: Build resolver
+        run: |
+          export PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:${HOME}/.local/usr/lib/pkgconfig"
+          meson build_darwin --default-library=static --buildtype=debugoptimized --prefix=${HOME}/.local/usr -Dc_args='-fno-omit-frame-pointer'
+          ninja -C build_darwin -v install
+
+      - name: Run unit tests
+        env:
+          MALLOC_CHECK_: 3
+          MALLOC_PERTURB_: 223
+        run: meson test -C build_darwin --suite unit
+
+      - name: Run kresd
+        env:
+          MALLOC_CHECK_: 3
+          MALLOC_PERTURB_: 223
+        run: |
+          export DYLD_FALLBACK_LIBRARY_PATH="${DYLD_FALLBACK_LIBRARY_PATH}:${HOME}/.local/usr/lib/"
+          echo "quit()" | ${HOME}/.local/usr/sbin/kresd -a 127.0.0.1@53535 .

.gitignore

-*.o
+**/__pycache__/
+*.6
+*.Plo
 *.a
-*.so
-*.so.*
+*.db
 *.dylib
 *.dylib.*
-*.lo
+*.gcda
+*.gcno
+*.gcov
+*.info
+*.junit.xml
 *.la
-*.in
-*.Plo
-*.swp
-*.d
-*.db
-*.out
-*.6
+*.lo
 *.log
-*.inc
 *.mdb
-*.gcno
-*.gcda
-*.gcov
+*.o
+*.out
+*.so
+*.so.*
+*.swp
+*~
+.coverage
+.deps
 .dirstamp
 .libs
-.deps
-_obj
-tmp*
+.mypy_cache
+.pytest_cache
+/.build*/
+/.cache
+/.install_dev
+/aclocal.m4
+/ar-lib
 /autom4te.cache/*
-/config.log
+/bench/bench_lru
+/build*/
+/compile
+/compile_commands.json
+/config.guess
 /config.h
+/config.log
 /config.status
-/config.guess
 /config.sub
 /configure
-/ar-lib
-/libtool
-/missing
-/compile
+/control
+/coverage
+/coverage.stats
+/daemon/kresd
+/daemon/lua/*.inc
+/daemon/lua/trust_anchors.lua
 /depcomp
+/dist
+/distro/tests/*/.vagrant
+/doc/**/.doctrees
+/doc/**/doxyxml
+/doc/html
+/doc/kresd.8
+/doc/texinfo
+/doc/_static/schema_doc*
+/doc/config-schema-body.md
+/ephemeral_key.pem
 /install-sh
-/stamp-h1
-/aclocal.m4
+/libkres.pc
+/libtool
 /ltmain.sh
-/ylwrap
-/doc/doxyxml
-/doc/html
-/daemon/kresd
+/missing
+/modules/dnstap/dnstap.pb-c.d
+/pkg
+/self.crt
+/self.key
+/stamp-h1
+/tags
+/tests/dnstap/src/dnstap-test/go.sum
+/tests/pytests/*/tcproxy
+/tests/pytests/*/tlsproxy
+/tests/pytests/pytests.*.html
+/tests/pytests/*.junit.xml
 /tests/test_array
+/tests/test_lru
 /tests/test_map
 /tests/test_module
 /tests/test_pack
 /tests/test_set
 /tests/test_utils
 /tests/test_zonecut
+/ylwrap
+_obj
+kresd.amalg.c
+libkres.amalg.c
+luacov.*.out
+poetry.lock

.gitlab-ci.manager.yml

+stages:
+  - check
+
+default:
+  image: $IMAGE_PREFIX/manager:$IMAGE_TAG
+  before_script:
+    - poetry --version
+    - poetry env use $PYTHON_INTERPRETER
+  tags:
+    - docker
+    - linux
+    - amd64
+
+examples:py3.12:
+  stage: check
+  script:
+    - poetry install --all-extras --only main,dev
+    - poe examples
+  variables:
+    PYTHON_INTERPRETER: python3.12
+
+check:py3.12:
+  stage: check
+  script:
+    - poetry install --all-extras --only main,dev,lint
+    - poe check
+  variables:
+    PYTHON_INTERPRETER: python3.12
+
+format:py3.12:
+  stage: check
+  script:
+    - poetry install --all-extras --only main,dev,lint
+    - poe format
+  variables:
+    PYTHON_INTERPRETER: python3.12
+
+lint:py3.12:
+  stage: check
+  script:
+    - poetry install --all-extras --only main,dev,lint
+    - poe lint
+  variables:
+    PYTHON_INTERPRETER: python3.12
+
+.unit: &unit
+  stage: check
+  script:
+    - poetry install --all-extras --only main,dev,test
+    - poe test
+    # the following command makes sure that the source root of the coverage file is at $gitroot
+    - poetry run bash -c "coverage combine .coverage; coverage xml"
+  artifacts:
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+      junit: unit.junit.xml
+    paths:
+      - unit.junit.xml
+
+unit:py3.8:
+  <<: *unit
+  variables:
+    PYTHON_INTERPRETER: python3.8
+
+unit:py3.9:
+  <<: *unit
+  variables:
+    PYTHON_INTERPRETER: python3.9
+
+unit:py3.10:
+  <<: *unit
+  variables:
+    PYTHON_INTERPRETER: python3.10
+
+unit:py3.11:
+  <<: *unit
+  variables:
+    PYTHON_INTERPRETER: python3.11
+
+unit:py3.12:
+  <<: *unit
+  variables:
+    PYTHON_INTERPRETER: python3.12
+
+unit:py3.13:
+  <<: *unit
+  variables:
+    PYTHON_INTERPRETER: python3.13

.gitmodules

-[submodule "contrib/socket_wrapper"]
-	path = contrib/socket_wrapper
-	url = git://git.samba.org/socket_wrapper.git
-[submodule "contrib/libfaketime"]
-	path = contrib/libfaketime
-	url = https://github.com/wolfcw/libfaketime.git
+[submodule "tests/integration/deckard"]
+	path = tests/integration/deckard
+	url = https://gitlab.nic.cz/knot/deckard.git
+[submodule "modules/policy/lua-aho-corasick"]
+	path = modules/policy/lua-aho-corasick
+	url = https://gitlab.nic.cz/knot/3rdparty/lua-aho-corasick.git
+[submodule "tests/config/tapered"]
+	path = tests/config/tapered
+	url = https://gitlab.nic.cz/knot/3rdparty/lua-tapered.git

.luacheckrc

+-- SPDX-License-Identifier: GPL-3.0-or-later
+std = 'luajit'
+new_read_globals = {
+	'cache',
+	'eval_cmd',
+	'event',
+	'help',
+	'_hint_root_file',
+	'hostname',
+	'map',
+	'modules',
+	'net',
+	'package_version',
+	'quit',
+	'resolve',
+	'ta_update',
+	'fromjson',
+	'todname',
+	'tojson',
+	'user',
+	'worker',
+	'kluautil_list_dir',
+	-- Sandbox declarations
+	'kB',
+	'MB',
+	'GB',
+	'sec',
+	'second',
+	'minute',
+	'min',
+	'hour',
+	'day',
+	'panic',
+	'log',
+	'log_error',
+	'log_warn',
+	'log_info',
+	'log_debug',
+	'log_fmt',
+	'log_qry',
+	'log_req',
+	'log_level',
+	'log_target',
+	'log_groups',
+	'LOG_CRIT',
+	'LOG_ERR',
+	'LOG_WARNING',
+	'LOG_NOTICE',
+	'LOG_INFO',
+	'LOG_DEBUG',
+	'mode',
+	'reorder_RR',
+	'option',
+	'env',
+	'debugging',
+	'kres',
+	'libknot_SONAME',
+	'libzscanner_SONAME',
+	'table_print',
+	'_ENV',
+}
+
+new_globals = {
+	-- Modules are allowed to be set and accessed from global namespace
+	'policy',
+	'view',
+	'stats',
+	'http',
+	'trust_anchors',
+	'bogus_log',
+}
+
+-- Luacheck < 0.18 doesn't support new_read_globals
+for _, v in ipairs(new_read_globals) do
+	table.insert(new_globals, v)
+end
+
+exclude_files = {
+	'modules/policy/lua-aho-corasick', -- Vendored
+	'tests/config/tapered',
+	'build*/**', -- build outputs
+	'pkg/**', -- packaging outputs
+}
+
+-- Ignore some pedantic checks
+ignore = {
+	'4.1/err', -- Shadowing err
+	'4.1/.',   -- Shadowing one letter variables
+}
+
+-- Sandbox can set global variables
+files['**/daemon/lua'].ignore = {'111', '121', '122'}
+files['**/daemon/lua/kres-gen-*.lua'].ignore = {'631'} -- Allow overly long lines
+-- Tests and scripts can use global variables
+files['scripts'].ignore = {'111', '112', '113'}
+files['tests'].ignore = {'111', '112', '113'}
+files['**/utils/upgrade'].ignore = {'111', '112', '113'}
+files['**/modules/**/*.test.lua'].ignore = {'111', '112', '113', '121', '122'}
+files['**/daemon/**/*.test.lua'].ignore = {'111', '112', '113', '121', '122'}

.mailmap

+Aleš Mrázek <ales.mrazek@nic.cz>
+Alex Forster <aforster@cloudflare.com>
+Ali Asad Lotia <ali.asad.lotia@gmail.com>
+Anbang Wen <anbang@cloudflare.com> <xofyarg@gmail.com>
+Anbang Wen <anbang@cloudflare.com> <anb@dev.null>
+Andreas Rammhold <andreas@rammhold.de>
+Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Daniel Salzman <daniel.salzman@nic.cz>
+daurnimator <quae@daurnimator.com>
+David Beitey <david@davidjb.com>
+Grigorii Demidov <grigorii.demidov@nic.cz>
+Hasnat <hasnat.ullah@gmail.com>
+Jiří Helebrant <jiri.helebrant@nic.cz> <helb@helb.cz>
+Ivana Krumlová <ivana.krumlova@nic.cz>
+Jakub Ružička <jakub.ruzicka@nic.cz>
+Jan Hák <jan.hak@nic.cz>
+Jan Holuša <jan.holusa@nic.cz>
+Jan Pavlinec <jan.pavlinec@nic.cz>
+Jan Včelák <jan.vcelak@nic.cz> <jv@fcelda.cz>
+Jan Včelák <jan.vcelak@nic.cz>
+Jayson Reis <santosdosreis@gmail.com>
+Jonathan Coetzee <jon@thancoetzee.com>
+Josh Soref <jsoref@users.noreply.github.com>
+Karel Slaný <karel.slany@nic.cz>
+Libor Peltan <libor.peltan@nic.cz>
+Lukáš Ježek <lukas.jezek@nic.cz>
+Manu Bretelle <chantr4@gmail.com>
+Marek Vavruša <mvavrusa@cloudflare.com> Marek Vavrusa <marek@vavrusa.com>
+Marek Vavruša <mvavrusa@cloudflare.com> Marek Vavruša <mvavrusa@cloudflare.com>
+Marek Vavruša <mvavrusa@cloudflare.com> Marek Vavruša <marek.vavrusa@nic.cz>
+Marek Vavruša <mvavrusa@cloudflare.com> <marek@vavrusa.com>
+Marek Vavruša <mvavrusa@cloudflare.com> <marek.vavrusa@nic.cz>
+Michal Karm Babáček <karm@email.cz>
+Michal Lupečka <mlupecka@nic.cz>
+Ondřej Surý <ondrej.sury@nic.cz> <ondrej@sury.org>
+Oto Šťáva <oto.stava@nic.cz> <oto.stava@gmail.com>
+Paul Hoffman <paul.hoffman@icann.org> <phoffman@proper.com>
+Paul Hoffman <paul.hoffman@icann.org>
+Pavel Doležal <pavel.dolezal@nic.cz>
+Pavel Valach <valach.pavel@gmail.com>
+Petr Špaček <petr.spacek@nic.cz>
+rickhg12hs <rickhg12hs@users.noreply.github.com>
+Robert Šefr <robert.sefr@outlook.com>
+SH <sh@analogic.cz>
+Simon South <simon@simonsouth.net>
+Štěpán Balážik <stepan@balazik.cz> <stepan.balazik@nic.cz>
+Štěpán Kotek <stepan.kotek@nic.cz> Stepan Kotek <stepan.kotek@nic.cz>
+Štěpán Kotek <stepan.kotek@nic.cz> <stepan.kotek@gmail.com>
+The Gitter Badger <badger@gitter.im>
+Tomáš Hozza <thozza@redhat.com>
+Tomáš Křížek <tomas.krizek@nic.cz>
+Ulrich Wisser <ulrich.wisser@iis.se>
+Leo Vandewoestijne <github@unicycle.net>
+<vaclav.sraier@nic.cz> <git@vakabus.cz>
+Václav Šraier <vaclav.sraier@nic.cz>
+Vicky Shrestha <vicky@cloudflare.com> <vicky@geeks.net.np>
+Vítězslav Kříž <vitezslav.kriz@nic.cz>
+Vladimír Čunát <vladimir.cunat@nic.cz> <vcunat@gmail.com>

.python-version

+3.8.20
+3.9.20
+3.10.15
+3.11.10
+3.12.6
+3.13.0

.readthedocs.yaml

+version: 2
+
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.11"
+
+sphinx:
+  configuration: doc/conf.py
+
+python:
+  install:
+    - requirements: doc/requirements.txt
+
+formats:
+  - pdf
+  - epub

.travis.yml

-language: c
-os:
-    - linux
-    - osx
-compiler:
-    - clang
-notifications:
-    email:
-        on_success: change
-        on_failure: change
-    slack:
-        rooms: cznic:xNJmvHU2xu2aGtN7Y2eqHKoD
-        on_success: change
-        on_failure: change
-    webhooks:
-        urls: https://webhooks.gitter.im/e/66485d8f591942052faa
-        on_success: always
-        on_failure: always
-matrix:
-    fast_finish: true
-    allow_failures:
-        - os: osx
-env:
-    global:
-        - PKG_CONFIG_PATH="${HOME}/.local/lib/pkgconfig"
-        - PATH="${HOME}/.local/bin:/usr/local/bin:${PATH}"
-        - CFLAGS="${CFLAGS} -O0 -g -fPIC"
-        - LD_LIBRARY_PATH="${HOME}/.local/lib"
-        - DYLD_LIBRARY_PATH="${HOME}/.local/lib"
-        - SOCKET_WRAPPER_DIR="${HOME}/test-dir"
-before_script:
-    - ./scripts/bootstrap-depends.sh ${HOME}/.local
-    - mkdir ${SOCKET_WRAPPER_DIR}
-script:
-    - make -j2 install COVERAGE=1 PREFIX=${HOME}/.local
-    - ./daemon/kresd -h
-    - make check COVERAGE=1 PREFIX=${HOME}/.local
-after_success:
-    - test $TRAVIS_OS_NAME = linux && coveralls -i lib -i daemon -x ".c" --gcov-options '\-lp'
-sudo: false
-cache:
-    directories:
-    - ${HOME}/.local
-    - ${HOME}/.cache/pip
-before_cache:
-    - rm -f ${HOME}/.local/bin/kresd
-    - rm -f ${HOME}/.local/lib/libkres.a
-    - rm -rf ${HOME}/.local/include/libkres
-    - rm -rf ${HOME}/.local/lib/kdns_modules

ARCHITECTURE.md

+# Inner architecture of the manager
+
+![architecture diagram](docs/img/manager_architecture_diagram.svg)
+
+## API
+
+The API server is implemented using [`aiohttp`](https://docs.aiohttp.org/en/stable/). This framework provides the application skeleton and manages application runtime. The manager is actually a normal web application with the slight difference that we don't save the data in a database but rather modify systems state.
+
+## Data processing
+
+From the web framework, we receive data as simple strings. After this step, we return a fully typed object with valid configuration (or an exception with an error).
+
+### Parsing
+
+We currently support YAML and JSON and decide based on `Content-Type` header (JSON being the default if no `Content-Type` header is provided). We use the Python's [build-in JSON parser](https://docs.python.org/3/library/json.html) and [`PyYAML`](https://pyyaml.org/).
+
+### Schema and type validation
+
+The parsing step returns a dict-like object, which does not provide any guarantees about it's content. We map the values from this object to a proper class object based on Python's native type annotations. The code to do this is custom made, no libraries needed.
+
+### Normalization
+
+After we move the configuration to the typed objects, we need to normalize its values for further use. For example, all `auto` values should be replaced by real infered values. The result of this step is yet another typed object, but different than the input one so that we can statically distinguish between normalized and not-normalized config data.
+
+## Actual manager
+
+The actual core of the whole application is originally named the manager. It keeps a high-level view of the systems state and performs all necessary operations to change the state to the desired one. It does not interact with the system directly, majority of interactions are hidden behing abstract backends.
+
+Every other part of the processing pipeline is fully concurrent. The manager is a place where synchronization happens.
+
+## Backends
+
+The Knot Resolver Manager supports several backends, more specifically several service managers that can run our workers. The main one being `systemd` has several variants, so that it can run even without privileges. The other currently supported option is `supervisord`.
+
+The used backend is chosen automatically on startup based on available privileges and other running software. This decision can be overriden manually using a command line option.
+
+# Partial config updates
+
+The pipeline described above works well when the user provides full configuration through the API. However, some users might want to make only partial changes as it allows several independent client applications to change different parts of the config independently without explicit synchronization on their part.
+
+When a user submits a partial config, we parse it and change the last used config accordingly. The change happens before the normalization step as that is the first step modifing provided data.
\ No newline at end of file

AUTHORS

-marek.vavrusa@nic.cz
-jan.vcelak@nic.cz
+Knot Resolver was conceived and is being developed
+by research department of CZ.NIC, the CZ TLD operator.
+
+Over the years many organizations and individuals contributed to the project.
+Special thanks belongs to following organizations:
+- Comcast
+- Cloudflare
+- ICANN
+
+People who contributed commits to our Git repo are:
+Aleš Mrázek <ales.mrazek@nic.cz>
+Alex Forster <aforster@cloudflare.com>
+Ali Asad Lotia <ali.asad.lotia@gmail.com>
+Anbang Wen <anbang@cloudflare.com>
+Andreas Rammhold <andreas@rammhold.de>
+Christophe Nowicki <cscm@csquad.org>
+Christopher Ng <facboy@gmail.com>
+cronfy <cronfy@gmail.com>
+Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Daniel Salzman <daniel.salzman@nic.cz>
+daurnimator <quae@daurnimator.com>
+David Beitey <david@davidjb.com>
+Felix Yan <felixonmars@archlinux.org>
+Frantisek Tobias <frantisek.tobias@nic.cz>
+Grigorii Demidov <grigorii.demidov@nic.cz>
+Hasnat <hasnat.ullah@gmail.com>
+Héctor Molinero Fernández <hector@molinero.dev>
+Ivana Krumlová <ivana.krumlova@nic.cz>
+Jakub Jirutka <jakub@jirutka.cz>
+Jakub Ružička <jakub.ruzicka@nic.cz>
+Jan Hák <jan.hak@nic.cz>
+Jan Holuša <jan.holusa@nic.cz>
+Jan Pavlinec <jan.pavlinec@nic.cz>
+Jan Včelák <jan.vcelak@nic.cz>
+Jayson Reis <santosdosreis@gmail.com>
+Jiří Helebrant <jiri.helebrant@nic.cz>
+Jonathan Coetzee <jon@thancoetzee.com>
+Josh Soref <jsoref@users.noreply.github.com>
+Karel Slaný <karel.slany@nic.cz>
+Kirill A. Korinsky <kirill@korins.ky>
+Konstantin Amelichev <kostya.amelichev@gmail.com>
+Ladislav Lhotka <ladislav.lhotka@nic.cz>
+Leo Vandewoestijne <github@unicycle.net>
+Libor Peltan <libor.peltan@nic.cz>
+Lukáš Ježek <lukas.jezek@nic.cz>
+Lukáš Ondráček <lukas.ondracek@nic.cz>
+Manu Bretelle <chantr4@gmail.com>
+Marek Vavruša <mvavrusa@cloudflare.com>
+menakite <29005531+menakite@users.noreply.github.com>
+Michal Karm Babáček <karm@email.cz>
+Michal Lupečka <mlupecka@nic.cz>
+Ondřej Surý <ondrej.sury@nic.cz>
+Oto Šťáva <oto.stava@nic.cz>
+Paul Hoffman <paul.hoffman@icann.org>
+Pavel Doležal <pavel.dolezal@nic.cz>
+Pavel Valach <valach.pavel@gmail.com>
+Peter Keresztes Schmidt <carbenium@outlook.com>
+Petr Špaček <petr.spacek@nic.cz>
+realPy <t3sla@v-ip.fr>
+rickhg12hs <rickhg12hs@users.noreply.github.com>
+Robert Šefr <robert.sefr@outlook.com>
+SH <sh@analogic.cz>
+Simon South <simon@simonsouth.net>
+Štěpán Balážik <stepan@balazik.cz>
+Štěpán Kotek <stepan.kotek@nic.cz>
+The Gitter Badger <badger@gitter.im>
+Tomáš Hozza <thozza@redhat.com>
+Tomáš Křížek <tomas.krizek@nic.cz>
+Tom Herbers <mail@tomherbers.de>
+Ulrich Wisser <ulrich.wisser@iis.se>
+Václav Šraier <vaclav.sraier@nic.cz>
+Vicky Shrestha <vicky@cloudflare.com>
+Vítězslav Kříž <vitezslav.kriz@nic.cz>
+Vladimír Čunát <vladimir.cunat@nic.cz>
+
+Knot Resolver source tree also bundles code and content published by:
+Austin Appleby <aappleby@gmail.com>
+Dan Vanderkam <danvdk@gmail.com>
+Jonathan Allard <jonathan@allard.io>
+Joseph A. Adams <joeyadams3.14159@gmail.com>
+Mark DiMarco <mark.dimarco@gmail.com>
+Michael Bostock <mike@ocks.org>
+Rusty Russell <rusty@rustcorp.com.au>
+Thomas Park <thomas@thomaspark.co>
+Vincent Bernat <vincent@bernat.im>
+Fastly
+jQuery Foundation
+Knot DNS contributors
+Twitter
+United Computer Wizards
+
+Thanks to everyone who knowingly or unknowingly contributed!

CONTRIBUTING.md

+Contributing
+============
+
+Please file issues and merge requests against the upstream repository:
+
+[https://gitlab.nic.cz/knot/knot-resolver](https://gitlab.nic.cz/knot/knot-resolver)
+
+Opening a merge request on gitlab.nic.cz
+----------------------------------------
+
+Unfortunately, due to administrative policy, forking is disabled by default. To
+be able to fork, please send us an e-mail with your username to knot-resolver@labs.nic.cz
+
+We apologize for the inconvenience and if you can't be bothered, please
+consider alternate ways of contributing, such as:
+
+- Opening a pull request on [github.com](https://github.com/CZ-NIC/knot-resolver).
+  We'll take care of it and move it to our upstream.
+- Sending a patch to the users list: knot-resolver-users@lists.nic.cz

COPYING

+Unless specifically indicated otherwise in a file or directory,
+files are licensed under GNU GPL license either version 3, or
+(at your option) any later version.
+
+SPDX-License-Identifier: GPL-3.0-or-later
+SPDX-URL: https://spdx.org/licenses/GPL-3.0-or-later.html
+License-Text:
+
                     GNU GENERAL PUBLIC LICENSE
                        Version 3, 29 June 2007
 
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -645,7 +653,7 @@ the "copyright" line and a pointer to where the full notice is found.
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 Also add information on how to contact you by electronic and paper mail.
 
@@ -664,14 +672,14 @@ might be different; for a GUI interface, you would use an "about box".
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
+<https://www.gnu.org/licenses/>.
 
   The GNU General Public License does not permit incorporating your program
 into proprietary programs.  If your program is a subroutine library, you
 may consider it more useful to permit linking proprietary applications with
 the library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
+<https://www.gnu.org/philosophy/why-not-lgpl.html>.
 
   In addition, as a special exception, the copyright holders give
 permission to link the code of portions of this program with the

ChangeLog

-# Change Log
-All notable changes to this project will be documented in this file.
-
-## [Unreleased][unreleased]
-### Changed
-
-- Written documentation
-- Resolver daemon with scriptable interface
-- Resolver library with basic interface
-- Pluggable modules written in C/Go

CodingStyle

@@ -2,4 +2,4 @@
 
 Linux kernel [coding style][lkstyle], same practices for API documentation.
 
-[lkstyle]: https://www.kernel.org/doc/Documentation/CodingStyle
+[lkstyle]: https://www.kernel.org/doc/Documentation/process/coding-style.rst

Dockerfile

+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Intermediate container for build
+FROM debian:12 AS build
+
+ENV OBS_REPO=knot-resolver-latest
+ENV DISTROTEST_REPO=Debian_12
+
+RUN apt-get update -qq && \
+	apt-get -qqq -y install \
+		apt-transport-https ca-certificates wget \
+		pipx devscripts && \
+	pipx install apkg
+
+RUN wget -O /usr/share/keyrings/cznic-labs-pkg.gpg https://pkg.labs.nic.cz/gpg && \
+	echo "deb [signed-by=/usr/share/keyrings/cznic-labs-pkg.gpg] https://pkg.labs.nic.cz/knot-resolver bookworm main" \
+		> /etc/apt/sources.list.d/cznic-labs-knot-resolver.list && \
+	apt-get update -qq
+
+COPY . /source
+
+RUN cd /source && \
+	export PATH="$PATH:/root/.local/bin" && \
+	git submodule update --init --recursive && \
+	git config --global user.name "Docker Build" && \
+	git config --global user.email docker-build@knot-resolver && \
+	\
+	# Replace 'knot-resolver' user and group with 'root'
+	# in meson_options.tx and python/knot_resolver/constants.py.
+	# This is needed for the file/directory permissions validation
+	# and then for the proper functioning of the resolver.
+	sed s/knot-resolver/root/g -i meson_options.txt && \
+	sed 's/USER.*/USER = "root"/g' -i python/knot_resolver/constants.py && \
+	sed 's/GROUP.*/GROUP = "root"/g' -i python/knot_resolver/constants.py && \
+	git commit -a -m TMP && \
+	\
+	/root/.local/bin/apkg build-dep -y && \
+	/root/.local/bin/apkg build
+
+# Real container
+FROM debian:12-slim AS runtime
+
+ENV OBS_REPO=knot-resolver-latest
+ENV DISTROTEST_REPO=Debian_12
+
+RUN apt-get update -qq && \
+	apt-get -qqq -y install apt-transport-https ca-certificates
+
+COPY --from=build \
+	/usr/share/keyrings/cznic-labs-pkg.gpg \
+	/usr/share/keyrings/cznic-labs-pkg.gpg
+COPY --from=build \
+	/etc/apt/sources.list.d/cznic-labs-knot-resolver.list \
+	/etc/apt/sources.list.d/cznic-labs-knot-resolver.list
+
+RUN apt-get update -qq && \
+	apt-get upgrade -qq
+
+COPY --from=build /source/pkg/pkgs/debian-12 /pkg
+
+# install resolver, minimize image and prepare config directory
+RUN apt-get install -y /pkg/*/*.deb && \
+	rm -r /pkg && \
+	apt-get remove -y -qq curl gnupg2 && \
+	apt-get autoremove -y && \
+	apt-get clean && \
+	rm -rf /var/lib/apt/lists/*
+
+COPY etc/config/config.example.docker.yaml /etc/knot-resolver/config.yaml
+
+LABEL cz.knot-resolver.vendor="CZ.NIC"
+LABEL maintainer="knot-resolver-users@lists.nic.cz"
+
+# Export plain DNS, DoT, DoH and management interface
+EXPOSE 53/UDP 53/TCP 443/TCP 853/TCP 5000/TCP
+
+# Prepare shared config
+VOLUME /etc/knot-resolver
+# Prepare shared cache
+VOLUME /var/cache/knot-resolver
+
+ENTRYPOINT ["/usr/bin/knot-resolver"]
+CMD ["-c", "/etc/knot-resolver/config.yaml"]