distro/debian: use meson

parent 039b3c3c
knot-resolver (2.0.0-1) unstable; urgency=medium
Knot Resolver systemd service units are now templated, so that multiple
processes can run concurrently on multi-core systems. For a full
overview of the status of all the running daemons, use:
systemctl status system-kresd.slice
For more information about this setup, please see kresd.systemd(7).
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 03 Feb 2018 22:51:02 -0500
knot-resolver (1.1.0~git2016072900-1) unstable; urgency=medium
Knot Resolver now starts and runs under unprivileged user and uses a
socket activations to bind on the privileged ports. That means that if
you use anything more complicated than that you need to either override
the default service file with `systemd edit kresd.service` and
`systemd edit kresd.socket` to add more IP addresses, or just disable
it with `systemd mask kresd*.socket kresd.service` and provide your
own custom system service file tailored to your needs.
-- Ondřej Surý <ondrej@debian.org> Thu, 04 Aug 2016 09:04:53 +0200
Tracking upstream sources in git
--------------------------------
This debian package is tracked in the git "debian/master" branch at
https://salsa.debian.org/dns-team/knot-resolver, which
includes the commits from the upstream git repository at
https://gitlab.labs.nic.cz/knot/knot-resolver.git. When importing
upstream tarballs, make sure you've fetched from the upstream repo
before using "gbp import-orig" the tarball. We rely on
upstream-vcs-tag from debian/gbp.conf to link upstream git history
with new package history.
See Joey Hess's thoughts about why tracking upstream git history is
useful: https://joeyh.name/blog/entry/upstream_git_repositories/, as
well as DEP-14 for the branch-naming scheme:
http://dep.debian.net/deps/dep14/
Rebuilding epoch.js and epoch.css
---------------------------------
If you need to rebuild epoch.js and epoch.css using only tools
available in Debian, read gulpfile.js in d/missing-sources/epoch/ and
adjust following script if any files has been changed. You also need
to install ruby-sass, coffeescript and node-uglify
cat > build.sh << EOF
#!/bin/sh
coffee -b -c \
src/epoch.coffee \
src/core/context.coffee \
src/core/util.coffee \
src/core/d3.coffee \
src/core/format.coffee \
src/core/chart.coffee \
src/core/css.coffee \
src/data.coffee \
src/model.coffee \
src/basic.coffee \
src/basic/*.coffee \
src/time.coffee \
src/time/*.coffee \
src/adapters.coffee \
src/adapters/*.coffee
cat \
src/epoch.js \
src/core/context.js \
src/core/util.js \
src/core/d3.js \
src/core/format.js \
src/core/chart.js \
src/core/css.js \
src/data.js \
src/model.js \
src/basic.js \
src/basic/*.js \
src/time.js \
src/time/*.js \
src/adapters.js \
src/adapters/*.js \
> dist/js/epoch.js
uglifyjs dist/js/epoch.js > dist/js/epoch.min.js
sass -t compact sass/epoch.scss > dist/css/epoch.css
sass -t compressed sass/epoch.scss > dist/css/epoch.min.css
EOF
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Thu, 22 Feb 2018 13:25:27 -0800
doc/kresd.8
libkres.pc
lib/libkres.a
lib/libkres.so.9
build_deb/
doc/doxyxml/
doc/html/
......@@ -4,17 +4,10 @@ Priority: optional
Maintainer: Knot Resolver <knot-resolver@labs.nic.cz>
Uploaders:
Tomas Krizek <tomas.krizek@nic.cz>
Build-Depends-Indep:
doxygen,
python3-breathe,
python3-sphinx,
python3-sphinx-rtd-theme,
Build-Depends:
debhelper (>= 9~),
dns-root-data,
libcmocka-dev (>= 1.0.0),
libedit-dev,
libgeoip-dev,
libgnutls28-dev,
libknot-dev (>= 2.7.6),
liblmdb-dev,
......@@ -23,8 +16,12 @@ Build-Depends:
libuv1-dev,
luajit,
pkg-config,
meson,
doxygen,
python3-breathe,
python3-sphinx,
python3-sphinx-rtd-theme,
Homepage: https://www.knot-resolver.cz/
Rules-Requires-Root: no
Package: knot-resolver
Architecture: any
......@@ -35,6 +32,7 @@ Depends:
lua-sec,
lua-socket,
lua-cqueues,
systemd,
${misc:Depends},
${shlibs:Depends},
Recommends:
......
#!/bin/sh
# See init-d-script(5) for instructions on how to use this library.
#=============================================================================
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions
# PATH should only include /usr/* if it runs after the mountnfs.sh
# script. Scripts running before mountnfs.sh should remove the /usr/*
# entries.
PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
is_call_implemented() {
command -V $1 > /dev/null 2>&1
}
do_usage() {
if is_call_implemented do_reload ; then
echo "Usage: $SCRIPTNAME {start|stop|status|reload|restart|try-restart|force-reload}" >&2
else
echo "Usage: $SCRIPTNAME {start|stop|status|restart|try-restart|force-reload}" >&2
fi
}
call() {
cmd="$1"
shift
if is_call_implemented ${cmd}_override ; then
${cmd}_override "$@"
else
${cmd} "$@"
fi
}
#
# Function that starts the daemon/service
#
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
do_start_cmd() {
start-stop-daemon --start --quiet ${PIDFILE:+--pidfile ${PIDFILE}} \
$START_ARGS \
--startas $DAEMON --name $NAME --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet ${PIDFILE:+--pidfile ${PIDFILE}} \
$START_ARGS \
--startas $DAEMON --name $NAME --exec $DAEMON -- $DAEMON_ARGS \
|| return 2
# Add code here, if necessary, that waits for the process to be ready
# to handle requests from services started subsequently which depend
# on this one. As a last resort, sleep for some time.
}
do_start()
{
if is_call_implemented do_start_prepare ; then
call do_start_prepare
fi
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
call do_start_cmd
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
if is_call_implemented do_start_cleanup ; then
call do_start_cleanup
fi
}
#
# Function that stops the daemon/service
#
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
do_stop_cmd() {
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
$STOP_ARGS \
${PIDFILE:+--pidfile ${PIDFILE}} --name $NAME --exec $DAEMON
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \
$STOP_ARGS \
--exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return $RETVAL
}
do_stop()
{
if is_call_implemented do_stop_prepare ; then
call do_stop_prepare
fi
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
call do_stop_cmd
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
if is_call_implemented do_stop_cleanup ; then
call do_stop_cleanup
fi
}
do_restart() {
[ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME"
call do_stop_cmd
call do_start_cmd
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
}
do_force_reload() {
if is_call_implemented do_reload ; then
call do_reload
else
call do_restart
fi
}
# Enable this using
# alias do_reload=do_reload_sigusr1
do_reload_sigusr1() {
log_daemon_msg "Reloading $DESC configuration files" "$NAME"
start-stop-daemon --oknodo --stop --signal 1 --quiet \
--pidfile "$PIDFILE" --exec "$DAEMON"
log_end_msg $?
}
do_status() {
status_of_proc "$DAEMON" "$NAME" && return 0 || return $?
}
if [ "$DEBUG" = "true" ] ; then
set -x
fi
SCRIPTNAME=$1
scriptbasename="$(basename $1)"
if [ "$scriptbasename" != "init-d-script" ] ; then
script="$1"
shift
. $script
else
exit 0
fi
NAME=${NAME:=$(basename $DAEMON)}
DESC=${DESC:=$NAME}
# Do not use pid file if $PIDFILE is 'none'. Otherwise, generate from
# $NAME or use the value provided by the init.d script.
if [ none = "$PIDFILE" ] ; then
PIDFILE=
elif [ -z "$PIDFILE" ] ; then
PIDFILE=/var/run/$NAME.pid
fi
# Exit if the package is not installed
if [ none != "$DAEMON" ] && [ ! -x "$DAEMON" ] ; then
exit 0
fi
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
if [ -t 0 ] ; then # Be verbose when called from a terminal
VERBOSE=yes
fi
case "$1" in
start)
call do_start
;;
stop)
call do_stop
;;
status)
call do_status
;;
reload)
if is_call_implemented do_reload ; then
do_reload
else
call do_usage
exit 3
fi
;;
force-reload)
call do_force_reload
;;
restart)
call do_restart
;;
try-restart)
log_daemon_msg "Trying to restart $DESC" "$NAME"
if call do_status > /dev/null 2>&1 ; then
call do_restart
log_end_msg $?
else
log_progress_msg "is not running."
log_end_msg 1
fi
;;
'')
call do_usage
exit 3
;;
*)
if is_call_implemented do_unknown ; then
call do_unknown "$1"
exit 3
else
call do_usage
exit 3
fi
;;
esac
exit 0
......@@ -7,5 +7,5 @@ Abstract: Documentation for the Knot Resolver,
Section: Network/Communication
Format: HTML
Index: /usr/share/doc/knot-resolver/index.html
Files: /usr/share/doc/knot-resolver/*.html
Index: /usr/share/doc/knot-resolver/html/index.html
Files: /usr/share/doc/knot-resolver/html/*.html
doc/html/*
usr/share/doc/knot-resolver/html/*
usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-resolver/_static/jquery.js
usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-resolver/_static/underscore.js
usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-resolver/html/_static/jquery.js
usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-resolver/html/_static/underscore.js
usr/lib/knot-resolver/http.lua
usr/lib/knot-resolver/http/*.css
usr/lib/knot-resolver/http/*.ico
usr/lib/knot-resolver/http/*.js
usr/lib/knot-resolver/http/*.tpl
usr/lib/knot-resolver/http/*.woff2
usr/lib/knot-resolver/kres_modules/http*.lua
usr/lib/knot-resolver/kres_modules/prometheus.lua
usr/lib/knot-resolver/kres_modules/http/*.css
usr/lib/knot-resolver/kres_modules/http/*.ico
usr/lib/knot-resolver/kres_modules/http/*.js
usr/lib/knot-resolver/kres_modules/http/*.tpl
usr/lib/knot-resolver/kres_modules/http/*.woff2
/usr/share/javascript/bootstrap/css/bootstrap-theme.min.css /usr/lib/knot-resolver/http/bootstrap-theme.min.css
/usr/share/javascript/bootstrap/css/bootstrap.min.css /usr/lib/knot-resolver/http/bootstrap.min.css
/usr/share/javascript/bootstrap/js/bootstrap.min.js /usr/lib/knot-resolver/http/bootstrap.min.js
/usr/share/javascript/d3/d3.min.js /usr/lib/knot-resolver/http/d3.js
/usr/share/javascript/jquery/jquery.min.js /usr/lib/knot-resolver/http/jquery.js
usr/share/javascript/bootstrap/css/bootstrap-theme.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap-theme.min.css
usr/share/javascript/bootstrap/css/bootstrap.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap.min.css
usr/share/javascript/bootstrap/js/bootstrap.min.js usr/lib/knot-resolver/kres_modules/http/bootstrap.min.js
usr/share/javascript/d3/d3.min.js usr/lib/knot-resolver/kres_modules/http/d3.js
usr/share/javascript/jquery/jquery.min.js usr/lib/knot-resolver/kres_modules/http/jquery.js
/etc/knot-resolver
/usr/share/doc/knot-resolver/examples/
/var/lib/knot-resolver
usr/share/doc/knot-resolver/*
debian/init-d-script usr/lib/knot-resolver/
debian/kresd.conf etc/knot-resolver/
etc/knot-resolver/config.* /usr/share/doc/knot-resolver/examples/
distro/common/systemd/kresd-control@.socket lib/systemd/system/
distro/common/systemd/kresd-tls.socket lib/systemd/system/
distro/common/systemd/kresd.socket lib/systemd/system/
distro/common/systemd/kresd@.service lib/systemd/system/
distro/common/systemd/kresd.target lib/systemd/system/
distro/common/tmpfiles/knot-resolver.conf usr/lib/tmpfiles.d/
etc/knot-resolver/kresd.conf
usr/lib/systemd/system/* lib/systemd/system/
usr/lib/tmpfiles.d/knot-resolver.conf
usr/lib/knot-resolver/*.so
usr/lib/knot-resolver/basexx.lua
usr/lib/knot-resolver/daf.lua
usr/lib/knot-resolver/daf/
usr/lib/knot-resolver/detect_time_jump.lua
usr/lib/knot-resolver/detect_time_skew.lua
usr/lib/knot-resolver/dns64.lua
usr/lib/knot-resolver/etcd.lua
usr/lib/knot-resolver/experimental_dot_auth.lua
usr/lib/knot-resolver/graphite.lua
usr/lib/knot-resolver/http_trace.lua
usr/lib/knot-resolver/kres-gen.lua
usr/lib/knot-resolver/kres.lua
usr/lib/knot-resolver/policy.lua
usr/lib/knot-resolver/predict.lua
usr/lib/knot-resolver/prefill.lua
usr/lib/knot-resolver/priming.lua
usr/lib/knot-resolver/prometheus.lua
usr/lib/knot-resolver/rebinding.lua
usr/lib/knot-resolver/renumber.lua
usr/lib/knot-resolver/serve_stale.lua
usr/lib/knot-resolver/ta_sentinel.lua
usr/lib/knot-resolver/ta_signal_query.lua
usr/lib/knot-resolver/trust_anchors.lua
usr/lib/knot-resolver/view.lua
usr/lib/knot-resolver/workarounds.lua
usr/lib/knot-resolver/zonefile.lua
usr/lib/knot-resolver/*.lua
usr/lib/knot-resolver/kres_modules/*.so
usr/lib/knot-resolver/kres_modules/basexx.lua
usr/lib/knot-resolver/kres_modules/daf.lua
usr/lib/knot-resolver/kres_modules/daf/*
usr/lib/knot-resolver/kres_modules/detect_time_jump.lua
usr/lib/knot-resolver/kres_modules/detect_time_skew.lua
usr/lib/knot-resolver/kres_modules/dns64.lua
usr/lib/knot-resolver/kres_modules/etcd.lua
usr/lib/knot-resolver/kres_modules/experimental_dot_auth.lua
usr/lib/knot-resolver/kres_modules/graphite.lua
usr/lib/knot-resolver/kres_modules/policy.lua
usr/lib/knot-resolver/kres_modules/predict.lua
usr/lib/knot-resolver/kres_modules/prefill.lua
usr/lib/knot-resolver/kres_modules/priming.lua
usr/lib/knot-resolver/kres_modules/rebinding.lua
usr/lib/knot-resolver/kres_modules/renumber.lua
usr/lib/knot-resolver/kres_modules/serve_stale.lua
usr/lib/knot-resolver/kres_modules/ta_sentinel.lua
usr/lib/knot-resolver/kres_modules/ta_signal_query.lua
usr/lib/knot-resolver/kres_modules/view.lua
usr/lib/knot-resolver/kres_modules/workarounds.lua
usr/sbin/kresc
usr/sbin/kresd
# /etc/default/kresd
# This file is used only under sysvinit. If you use systemd and you
# want to modify the arguments with which kresd is invoked, you should
# instead use "systemctl edit kresd@.service" to override ExecStart=
# in the [Service] section (see kresd.systemd(7) for more details).
# For sysvinit users: KRESD_ARGS used to exist for historical reasons,
# but that variable is deprecated and may stop working at some point
# in the future. You are encouraged to merge any local changes into
# DAEMON_ARGS directly.
DAEMON_ARGS="--config=/etc/knot-resolver/kresd.conf --addr=127.0.0.1#53 --addr=::1#53 $KRESD_ARGS"
#!/bin/sh
# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing.
if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then
if [ -x /lib/init/init-d-script ]; then
set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script
else
set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /usr/lib/knot-resolver/init-d-script
fi
fi
### BEGIN INIT INFO
# Provides: kresd
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Knot Resolver
# Description: Knot Resolver
### END INIT INFO
# Author: Ondřej Surý <ondrej@debian.org>
NAME=kresd
DESC="Knot Resolver"
DAEMON=/usr/sbin/kresd
START_ARGS="--background --make-pidfile"
do_tmpfiles() {
local tmpfile type path mode user group age argument
tmpfile=/usr/lib/tmpfiles.d/$1.conf
if [ -r "$tmpfile" ]; then
if [ -x /bin/systemd-tmpfiles ]; then
/bin/systemd-tmpfiles --create "$tmpfile"
else
while read type path mode user group age argument; do
case "$type" in
d)
mkdir -p "$path";
chmod "$mode" "$path";
chown "$user:$group" "$path";
;;
L)
if [ ! -e "$path" ]; then ln -s "$argument" "$path"; fi
;;
\#*)
;;
*)
log_warning_msg "tmpfile.d type '$type' is not supported yet"
;;
esac
done < "$tmpfile"
fi
else
log_warning_msg "tmpfiles.d file '$1' doesn't exist or is not readable"
fi
}
do_start_prepare() {
do_tmpfiles knot-resolver
}
debian/tmp/usr/share/man/man8/kresd.8
distro/common/systemd/kresd.systemd.7
debian/tmp/usr/share/man/man7/kresd.systemd.7
......@@ -12,19 +12,12 @@ if [ "$1" = "triggered" ]; then
if [ "$2" = "/usr/share/dns/root.key" ]; then
# systemctl of the sub-services is the preferred method to restart
systemctl try-restart 'kresd@*.service' || true
# but if we are running sysvinit, we can try to restart that process anyway
# (kresd.service is masked on systems that use systemd)
invoke-rc.d kresd try-restart || true
fi
exit 0
fi
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -d /run/systemd/system ]; then
systemctl try-restart 'kresd@*.service' || true
else
invoke-rc.d kresd try-restart || true
fi
systemctl try-restart 'kresd@*.service' || true
fi
#DEBHELPER#
#!/bin/sh
set -e
if [ "$1" = "remove" ] && [ -x "/bin/systemctl" ]; then
if [ "$1" = "remove" ]; then
systemctl stop system-kresd.slice || true
fi
......
usr/lib/knot-resolver/http/LICENSE
usr/lib/knot-resolver/kres_modules/http/LICENSE
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sat, 17 Feb 2018 15:52:20 -0500
Subject: Update documentation of --keyfile-ro
On Debian systems, we depend on the OS package management to update
the dns root data. Make the documentation for running with this
option less scary-sounding, as it is the default.
---
doc/kresd.8.in | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/doc/kresd.8.in b/doc/kresd.8.in
index 266e9f0..6c5195b 100644
--- a/doc/kresd.8.in
+++ b/doc/kresd.8.in
@@ -123,7 +123,7 @@ file at the default location (\fIconfig\fR). The syntax is
described in \fIdaemon/README.md\fR.
.TP
.B \-k\fI keyfile\fR, \fB\-\-keyfile=\fI<keyfile>
-(Recommended!) Automatically managed root trust anchors file.
+Automatically managed root trust anchors file.
Root trust anchors in this file are managed using standard RFC 5011 (Automated Updates of DNS Security Trust Anchors).
Kresd needs write access to the directory containing the keyfile.
@@ -134,9 +134,14 @@ The file contains DNSKEY/DS records in presentation format,
and is compatible with Unbound and BIND 9 root key files.