Deb: Load DNSSEC Keys from disk by default

author Pieter Lexis <pieter.lexis@powerdns.com>

Tue, 15 Oct 2019 12:31:18 +0000 (14:31 +0200)

committer Pieter Lexis <pieter.lexis@powerdns.com>

Fri, 25 Oct 2019 07:21:22 +0000 (09:21 +0200)
author Pieter Lexis <pieter.lexis@powerdns.com>
Tue, 15 Oct 2019 12:31:18 +0000 (14:31 +0200)
committer Pieter Lexis <pieter.lexis@powerdns.com>
Fri, 25 Oct 2019 07:21:22 +0000 (09:21 +0200)
diff --git a/builder-support/debian/recursor/debian-buster/lua-config/rootkeys.lua b/builder-support/debian/recursor/debian-buster/lua-config/rootkeys.lua

new file mode 100644 (file)

index 0000000..bba18fd
--- /dev/null
+++ b/builder-support/debian/recursor/debian-buster/lua-config/rootkeys.lua
@@ -0,0 +1,3 @@
+-- readTrustAnchorsFromFile reads the DNSSEC trust anchors from the provided file
+-- and reloads it every 24 hours.
+readTrustAnchorsFromFile("/usr/share/dns/root.key")
diff --git a/builder-support/debian/recursor/debian-buster/pdns-recursor.dirs b/builder-support/debian/recursor/debian-buster/pdns-recursor.dirs

new file mode 100644 (file)

index 0000000..1e7acad
--- /dev/null
+++ b/builder-support/debian/recursor/debian-buster/pdns-recursor.dirs
@@ -0,0 +1 @@
+etc/powerdns/recursor.d
diff --git a/builder-support/debian/recursor/debian-buster/recursor.lua b/builder-support/debian/recursor/debian-buster/recursor.lua

new file mode 100644 (file)

index 0000000..1d670a5
--- /dev/null
+++ b/builder-support/debian/recursor/debian-buster/recursor.lua
@@ -0,0 +1,7 @@
+-- Debian default Lua configuration file for PowerDNS Recursor
+
+-- Load DNSSEC root keys from dns-root-data package.
+-- Note: If you provide your own Lua configuration file, consider
+-- running rootkeys.lua too.
+dofile("/usr/share/pdns-recursor/lua-config/rootkeys.lua")
+
diff --git a/builder-support/debian/recursor/debian-buster/rules b/builder-support/debian/recursor/debian-buster/rules

index 8cfcfa518e0830b1f4c8adbbcc2416c0294b153a..59e60b8081bb2fe21cf643779438c9a6d112c2d2 100755 (executable)
--- a/builder-support/debian/recursor/debian-buster/rules
+++ b/builder-support/debian/recursor/debian-buster/rules
@@ -39,10 +39,15 @@ override_dh_auto_configure:
  
  override_dh_auto_install:
         dh_auto_install
+       install -d debian/pdns-recursor/usr/share/pdns-recursor/lua-config
+       install -m 644 -t debian/pdns-recursor/usr/share/pdns-recursor/lua-config debian/lua-config/rootkeys.lua
+       install -m 644 -t debian/pdns-recursor/etc/powerdns debian/recursor.lua
         rm -f debian/pdns-recursor/etc/powerdns/recursor.conf-dist
         ./pdns_recursor --no-config --config | sed \
                 -e 's!# config-dir=.*!config-dir=/etc/powerdns!' \
+               -e 's!# include-dir=.*!&\ninclude-dir=/etc/powerdns/recursor.d!' \
                 -e 's!# local-address=.*!local-address=127.0.0.1!' \
+               -e 's!# lua-config-file=.*!lua-config-file=/etc/powerdns/recursor.lua!' \
                 -e 's!# quiet=.*!quiet=yes!' \
                 -e 's!# setgid=.*!setgid=pdns!' \
                 -e 's!# setuid=.*!setuid=pdns!' \
@@ -60,5 +65,5 @@ override_dh_gencontrol:
  
  override_dh_fixperms:
         dh_fixperms
-        # these files often contain passwords. 640 as it is chowned to root:pdns
+# these files often contain passwords. 640 as it is chowned to root:pdns
         chmod 0640 debian/pdns-recursor/etc/powerdns/recursor.conf
diff --git a/builder-support/debian/recursor/debian-jessie/lua-config/rootkeys.lua b/builder-support/debian/recursor/debian-jessie/lua-config/rootkeys.lua

new file mode 100644 (file)

index 0000000..bba18fd
--- /dev/null
+++ b/builder-support/debian/recursor/debian-jessie/lua-config/rootkeys.lua
@@ -0,0 +1,3 @@
+-- readTrustAnchorsFromFile reads the DNSSEC trust anchors from the provided file
+-- and reloads it every 24 hours.
+readTrustAnchorsFromFile("/usr/share/dns/root.key")
diff --git a/builder-support/debian/recursor/debian-jessie/pdns-recursor.dirs b/builder-support/debian/recursor/debian-jessie/pdns-recursor.dirs

new file mode 100644 (file)

index 0000000..1e7acad
--- /dev/null
+++ b/builder-support/debian/recursor/debian-jessie/pdns-recursor.dirs
@@ -0,0 +1 @@
+etc/powerdns/recursor.d
diff --git a/builder-support/debian/recursor/debian-jessie/recursor.lua b/builder-support/debian/recursor/debian-jessie/recursor.lua

new file mode 100644 (file)

index 0000000..1d670a5
--- /dev/null
+++ b/builder-support/debian/recursor/debian-jessie/recursor.lua
@@ -0,0 +1,7 @@
+-- Debian default Lua configuration file for PowerDNS Recursor
+
+-- Load DNSSEC root keys from dns-root-data package.
+-- Note: If you provide your own Lua configuration file, consider
+-- running rootkeys.lua too.
+dofile("/usr/share/pdns-recursor/lua-config/rootkeys.lua")
+
diff --git a/builder-support/debian/recursor/debian-jessie/rules b/builder-support/debian/recursor/debian-jessie/rules

index 4f70a2e804dff47a1a37091ec35a7403dc417458..e6951a3be3eaeef8e29a39671f5cf754f1cb6d4b 100755 (executable)
--- a/builder-support/debian/recursor/debian-jessie/rules
+++ b/builder-support/debian/recursor/debian-jessie/rules
@@ -39,10 +39,15 @@ override_dh_auto_configure:
  
  override_dh_auto_install:
         dh_auto_install -- STRIP_BINARIES=0
+       install -d debian/pdns-recursor/usr/share/pdns-recursor/lua-config
+       install -m 644 -t debian/pdns-recursor/usr/share/pdns-recursor/lua-config debian/lua-config/rootkeys.lua
+       install -m 644 -t debian/pdns-recursor/etc/powerdns debian/recursor.lua
         rm -f debian/tmp/etc/powerdns/recursor.conf-dist
         ./pdns_recursor --no-config --config | sed \
                 -e 's!# config-dir=.*!config-dir=/etc/powerdns!' \
+               -e 's!# include-dir=.*!&\ninclude-dir=/etc/powerdns/recursor.d!' \
                 -e 's!# local-address=.*!local-address=127.0.0.1!' \
+               -e 's!# lua-config-file=.*!lua-config-file=/etc/powerdns/recursor.lua!' \
                 -e 's!# quiet=.*!quiet=yes!' \
                 -e 's!# setgid=.*!setgid=pdns!' \
                 -e 's!# setuid=.*!setuid=pdns!' \
@@ -60,5 +65,5 @@ override_dh_gencontrol:
  
  override_dh_fixperms:
         dh_fixperms
-        # these files often contain passwords. 640 as it is chowned to root:pdns
+# these files often contain passwords. 640 as it is chowned to root:pdns
         chmod 0640 debian/tmp/etc/powerdns/recursor.conf
diff --git a/builder-support/debian/recursor/debian-stretch/lua-config/rootkeys.lua b/builder-support/debian/recursor/debian-stretch/lua-config/rootkeys.lua

new file mode 100644 (file)

index 0000000..bba18fd
--- /dev/null
+++ b/builder-support/debian/recursor/debian-stretch/lua-config/rootkeys.lua
@@ -0,0 +1,3 @@
+-- readTrustAnchorsFromFile reads the DNSSEC trust anchors from the provided file
+-- and reloads it every 24 hours.
+readTrustAnchorsFromFile("/usr/share/dns/root.key")
diff --git a/builder-support/debian/recursor/debian-stretch/pdns-recursor.dirs b/builder-support/debian/recursor/debian-stretch/pdns-recursor.dirs

new file mode 100644 (file)

index 0000000..1e7acad
--- /dev/null
+++ b/builder-support/debian/recursor/debian-stretch/pdns-recursor.dirs
@@ -0,0 +1 @@
+etc/powerdns/recursor.d
diff --git a/builder-support/debian/recursor/debian-stretch/recursor.lua b/builder-support/debian/recursor/debian-stretch/recursor.lua

new file mode 100644 (file)

index 0000000..1d670a5
--- /dev/null
+++ b/builder-support/debian/recursor/debian-stretch/recursor.lua
@@ -0,0 +1,7 @@
+-- Debian default Lua configuration file for PowerDNS Recursor
+
+-- Load DNSSEC root keys from dns-root-data package.
+-- Note: If you provide your own Lua configuration file, consider
+-- running rootkeys.lua too.
+dofile("/usr/share/pdns-recursor/lua-config/rootkeys.lua")
+
diff --git a/builder-support/debian/recursor/debian-stretch/rules b/builder-support/debian/recursor/debian-stretch/rules

index 8cfcfa518e0830b1f4c8adbbcc2416c0294b153a..59e60b8081bb2fe21cf643779438c9a6d112c2d2 100755 (executable)
--- a/builder-support/debian/recursor/debian-stretch/rules
+++ b/builder-support/debian/recursor/debian-stretch/rules
@@ -39,10 +39,15 @@ override_dh_auto_configure:
  
  override_dh_auto_install:
         dh_auto_install
+       install -d debian/pdns-recursor/usr/share/pdns-recursor/lua-config
+       install -m 644 -t debian/pdns-recursor/usr/share/pdns-recursor/lua-config debian/lua-config/rootkeys.lua
+       install -m 644 -t debian/pdns-recursor/etc/powerdns debian/recursor.lua
         rm -f debian/pdns-recursor/etc/powerdns/recursor.conf-dist
         ./pdns_recursor --no-config --config | sed \
                 -e 's!# config-dir=.*!config-dir=/etc/powerdns!' \
+               -e 's!# include-dir=.*!&\ninclude-dir=/etc/powerdns/recursor.d!' \
                 -e 's!# local-address=.*!local-address=127.0.0.1!' \
+               -e 's!# lua-config-file=.*!lua-config-file=/etc/powerdns/recursor.lua!' \
                 -e 's!# quiet=.*!quiet=yes!' \
                 -e 's!# setgid=.*!setgid=pdns!' \
                 -e 's!# setuid=.*!setuid=pdns!' \
@@ -60,5 +65,5 @@ override_dh_gencontrol:
  
  override_dh_fixperms:
         dh_fixperms
-        # these files often contain passwords. 640 as it is chowned to root:pdns
+# these files often contain passwords. 640 as it is chowned to root:pdns
         chmod 0640 debian/pdns-recursor/etc/powerdns/recursor.conf
author	Pieter Lexis <pieter.lexis@powerdns.com>
	Tue, 15 Oct 2019 12:31:18 +0000 (14:31 +0200)
committer	Pieter Lexis <pieter.lexis@powerdns.com>
	Fri, 25 Oct 2019 07:21:22 +0000 (09:21 +0200)
builder-support/debian/recursor/debian-buster/lua-config/rootkeys.lua	[new file with mode: 0644]	patch \| blob
builder-support/debian/recursor/debian-buster/pdns-recursor.dirs	[new file with mode: 0644]	patch \| blob
builder-support/debian/recursor/debian-buster/recursor.lua	[new file with mode: 0644]	patch \| blob
builder-support/debian/recursor/debian-buster/rules		patch \| blob \| blame \| history
builder-support/debian/recursor/debian-jessie/lua-config/rootkeys.lua	[new file with mode: 0644]	patch \| blob
builder-support/debian/recursor/debian-jessie/pdns-recursor.dirs	[new file with mode: 0644]	patch \| blob
builder-support/debian/recursor/debian-jessie/recursor.lua	[new file with mode: 0644]	patch \| blob
builder-support/debian/recursor/debian-jessie/rules		patch \| blob \| blame \| history
builder-support/debian/recursor/debian-stretch/lua-config/rootkeys.lua	[new file with mode: 0644]	patch \| blob
builder-support/debian/recursor/debian-stretch/pdns-recursor.dirs	[new file with mode: 0644]	patch \| blob
builder-support/debian/recursor/debian-stretch/recursor.lua	[new file with mode: 0644]	patch \| blob
builder-support/debian/recursor/debian-stretch/rules		patch \| blob \| blame \| history