From: Pieter Lexis Date: Mon, 13 Apr 2015 09:55:11 +0000 (+0200) Subject: Import the debian dir for the recursor as debian-recursor X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~78^2~9^2~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8cc3b20e4d59f338ef39099d84c2576adcc67b31;p=thirdparty%2Fpdns.git Import the debian dir for the recursor as debian-recursor --- diff --git a/build-scripts/debian-recursor/README.source b/build-scripts/debian-recursor/README.source new file mode 100644 index 0000000000..cf42723cec --- /dev/null +++ b/build-scripts/debian-recursor/README.source @@ -0,0 +1 @@ +See /usr/share/doc/quilt/README.source diff --git a/build-scripts/debian-recursor/changelog b/build-scripts/debian-recursor/changelog new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/build-scripts/debian-recursor/changelog @@ -0,0 +1 @@ + diff --git a/build-scripts/debian-recursor/compat b/build-scripts/debian-recursor/compat new file mode 100644 index 0000000000..ec635144f6 --- /dev/null +++ b/build-scripts/debian-recursor/compat @@ -0,0 +1 @@ +9 diff --git a/build-scripts/debian-recursor/config/recursor.conf b/build-scripts/debian-recursor/config/recursor.conf new file mode 100644 index 0000000000..ef1a957212 --- /dev/null +++ b/build-scripts/debian-recursor/config/recursor.conf @@ -0,0 +1,302 @@ +# Autogenerated configuration file template +################################# +# aaaa-additional-processing turn on to do AAAA additional processing (slow) +# +# aaaa-additional-processing=off + +################################# +# allow-from If set, only allow these comma separated netmasks to recurse +# +# allow-from=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 + +################################# +# allow-from-file If set, load allowed netmasks from this file +# +# allow-from-file= + +################################# +# auth-can-lower-ttl If we follow RFC 2181 to the letter, an authoritative server can lower the TTL of NS records +# +# auth-can-lower-ttl=off + +################################# +# auth-zones Zones for which we have authoritative data, comma separated domain=file pairs +# +# auth-zones= + +################################# +# chroot switch to chroot jail +# +# chroot= + +################################# +# client-tcp-timeout Timeout in seconds when talking to TCP clients +# +# client-tcp-timeout=2 + +################################# +# config-dir Location of configuration directory (recursor.conf) +# +# config-dir=/etc/powerdns/ + +################################# +# daemon Operate as a daemon +# +# daemon=yes + +################################# +# delegation-only Which domains we only accept delegations from +# +# delegation-only= + +################################# +# disable-edns Disable EDNS +# +# disable-edns= + +################################# +# disable-edns-ping Disable EDNSPing +# +# disable-edns-ping=no + +################################# +# disable-packetcache Disable packetcache +# +# disable-packetcache=no + +################################# +# dont-query If set, do not query these netmasks for DNS data +# +# dont-query=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 + +################################# +# entropy-source If set, read entropy from this file +# +# entropy-source=/dev/urandom + +################################# +# etc-hosts-file Path to 'hosts' file +# +# etc-hosts-file=/etc/hosts + +################################# +# export-etc-hosts If we should serve up contents from /etc/hosts +# +# export-etc-hosts=off + +################################# +# forward-zones Zones for which we forward queries, comma separated domain=ip pairs +# +# forward-zones= + +################################# +# forward-zones-file File with (+)domain=ip pairs for forwarding +# +# forward-zones-file= + +################################# +# forward-zones-recurse Zones for which we forward queries with recursion bit, comma separated domain=ip pairs +# +# forward-zones-recurse= + +################################# +# hint-file If set, load root hints from this file +# +# hint-file= + +################################# +# ignore-rd-bit Assume each packet requires recursion, for compatability +# +# ignore-rd-bit=off + +################################# +# local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports. +# +local-address=127.0.0.1 + +################################# +# local-port port to listen on +# +local-port=53 + +################################# +# log-common-errors If we should log rather common errors +# +# log-common-errors=yes + +################################# +# logging-facility Facility to log messages as. 0 corresponds to local0 +# +# logging-facility= + +################################# +# lua-dns-script Filename containing an optional 'lua' script that will be used to modify dns answers +# +# lua-dns-script= + +################################# +# max-cache-entries If set, maximum number of entries in the main cache +# +# max-cache-entries=1000000 + +################################# +# max-cache-ttl maximum number of seconds to keep a cached entry in memory +# +# max-cache-ttl=86400 + +################################# +# max-mthreads Maximum number of simultaneous Mtasker threads +# +# max-mthreads=2048 + +################################# +# max-negative-ttl maximum number of seconds to keep a negative cached entry in memory +# +# max-negative-ttl=3600 + +################################# +# max-packetcache-entries maximum number of entries to keep in the packetcache +# +# max-packetcache-entries=500000 + +################################# +# max-tcp-clients Maximum number of simultaneous TCP clients +# +# max-tcp-clients=128 + +################################# +# max-tcp-per-client If set, maximum number of TCP sessions per client (IP address) +# +# max-tcp-per-client=0 + +################################# +# network-timeout Wait this nummer of milliseconds for network i/o +# +# network-timeout=1500 + +################################# +# no-shuffle Don't change +# +# no-shuffle=off + +################################# +# packetcache-servfail-ttl maximum number of seconds to keep a cached servfail entry in packetcache +# +# packetcache-servfail-ttl=60 + +################################# +# packetcache-ttl maximum number of seconds to keep a cached entry in packetcache +# +# packetcache-ttl=3600 + +################################# +# pdns-distributes-queries If PowerDNS itself should distribute queries over threads (EXPERIMENTAL) +# +# pdns-distributes-queries=no + +################################# +# processes Launch this number of processes (EXPERIMENTAL, DO NOT CHANGE) +# +# processes=1 + +################################# +# query-local-address Source IP address for sending queries +# +# query-local-address=0.0.0.0 + +################################# +# query-local-address6 Source IPv6 address for sending queries +# +# query-local-address6= + +################################# +# quiet Suppress logging of questions and answers +# +quiet=yes + +################################# +# remotes-ringbuffer-entries maximum number of packets to store statistics for +# +# remotes-ringbuffer-entries=0 + +################################# +# serve-rfc1918 If we should be authoritative for RFC 1918 private IP space +# +# serve-rfc1918= + +################################# +# server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname +# +# server-id= + +################################# +# setgid If set, change group id to this gid for more security +# +setgid=pdns + +################################# +# setuid If set, change user id to this uid for more security +# +setuid=pdns + +################################# +# single-socket If set, only use a single socket for outgoing queries +# +# single-socket=off + +################################# +# soa-minimum-ttl Don't change +# +# soa-minimum-ttl=0 + +################################# +# soa-serial-offset Don't change +# +# soa-serial-offset=0 + +################################# +# socket-dir Where the controlsocket will live +# +# socket-dir=/var/run/ + +################################# +# socket-group Group of socket +# +# socket-group= + +################################# +# socket-mode Permissions for socket +# +# socket-mode= + +################################# +# socket-owner Owner of socket +# +# socket-owner= + +################################# +# spoof-nearmiss-max If non-zero, assume spoofing after this many near misses +# +# spoof-nearmiss-max=20 + +################################# +# stack-size stack size per mthread +# +# stack-size=200000 + +################################# +# threads Launch this number of threads +# +# threads=2 + +################################# +# trace if we should output heaps of logging +# +# trace=off + +################################# +# version-string string reported on version.pdns or version.bind +# +# version-string=PowerDNS Recursor 3.3 $Id: pdns_recursor.cc 1712 2010-09-11 13:40:03Z ahu $ + + diff --git a/build-scripts/debian-recursor/control b/build-scripts/debian-recursor/control new file mode 100644 index 0000000000..ea9e8ac5ee --- /dev/null +++ b/build-scripts/debian-recursor/control @@ -0,0 +1,35 @@ +Source: pdns-recursor +Section: net +Priority: extra +Standards-Version: 3.9.6 +Maintainer: PowerDNS Autobuilder +Origin: PowerDNS +Build-Depends: debhelper (>= 9~), dh-systemd, quilt, dpkg-dev (>= 1.17.0~), libboost-dev, libboost-serialization-dev, liblua5.2-dev, pkg-config +Homepage: http://www.powerdns.com/ + +Package: pdns-recursor +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.0-6), adduser +Replaces: pdns +Recommends: pdns-doc +Description: PowerDNS recursor + PowerDNS is a versatile nameserver which supports a large number + of different backends ranging from simple zonefiles to relational + databases and load balancing/failover algorithms. + PowerDNS tries to emphasize speed and security. + . + This is the recursive nameserver that goes out to the internet and + resolve queries about other domains. + +Package: pdns-recursor-dbg +Section: debug +Architecture: any +Depends: pdns-recursor (= ${binary:Version}), ${misc:Depends} +Description: debugging symbols for PowerDNS recursor + PowerDNS is a versatile nameserver which supports a large number + of different backends ranging from simple zonefiles to relational + databases and load balancing/failover algorithms. + PowerDNS tries to emphasize speed and security. + . + This package contains debugging symbols for PowerDNS to assist in + debugging, such as with gdb. It is not required for normal operation. diff --git a/build-scripts/debian-recursor/copyright b/build-scripts/debian-recursor/copyright new file mode 100644 index 0000000000..da18f6e82d --- /dev/null +++ b/build-scripts/debian-recursor/copyright @@ -0,0 +1,121 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: PowerDNS +Source: https://www.powerdns.com/downloads.html + +Files: * +Copyright: 2002 - 2014 PowerDNS.COM BV and contributors +License: GPL-2 with OpenSSL Exception + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License version 2 + as published by the Free Software Foundation + . + In addition, for the avoidance of any doubt, permission is granted to + link this program with OpenSSL and to (re)distribute the binaries + produced as the result of such linking. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. + +Files: debian/* +Copyright: 2002 - 2004 Wichert Akkermann + 2004 - 2013 Matthijs Möhlmann + 2012 - 2013 Marc Haber + 2014 Christian Hofstaedtler +License: GPL-2 + +Files: pdns/ext/rapidjson/* +Copyright: 2011 Milo Yip +License: Expat + +Files: pdns/ext/polarssl* +Copyright: 2006-2010, Brainspark B.V. +License: GPL-2+ + +Files: pdns/ext/yahttp* +Copyright: 2014 Aki Tuomi +License: LGPL-2.1+ + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + +License: GPL-2 + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. + +License: GPL-2+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. + +License: LGPL-2.1+ + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GNU Lesser General Public + License version 2.1 can be found in the file + `/usr/share/common-licenses/LGPL-2.1'. diff --git a/build-scripts/debian-recursor/patches/series b/build-scripts/debian-recursor/patches/series new file mode 100644 index 0000000000..e69de29bb2 diff --git a/build-scripts/debian-recursor/pdns-recursor.default b/build-scripts/debian-recursor/pdns-recursor.default new file mode 100644 index 0000000000..b7781ac6af --- /dev/null +++ b/build-scripts/debian-recursor/pdns-recursor.default @@ -0,0 +1,6 @@ +# Variables for PowerDNS recursor +# +# Set START to yes to start the pdns-recursor +START=yes +# Run resolvconf? +RESOLVCONF=yes diff --git a/build-scripts/debian-recursor/pdns-recursor.dirs b/build-scripts/debian-recursor/pdns-recursor.dirs new file mode 100644 index 0000000000..10f46aa110 --- /dev/null +++ b/build-scripts/debian-recursor/pdns-recursor.dirs @@ -0,0 +1,6 @@ +etc/powerdns +etc/init.d +etc/default +usr/bin +usr/sbin +usr/share/doc/pdns-recursor diff --git a/build-scripts/debian-recursor/pdns-recursor.init b/build-scripts/debian-recursor/pdns-recursor.init new file mode 100644 index 0000000000..206bf65c6d --- /dev/null +++ b/build-scripts/debian-recursor/pdns-recursor.init @@ -0,0 +1,170 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: pdns-recursor +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: PowerDNS Recursor - Recursive DNS Server +# Description: PowerDNS Recursor - Recursive DNS Server +### END INIT INFO + +# +# Authors: Matthijs Möhlmann +# Christoph Haas +# +# Thanks to: +# Thomas Hood +# +# initscript for PowerDNS recursor + +. /lib/lsb/init-functions + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DESC="PowerDNS recursor" +NAME=pdns_recursor +DAEMON=/usr/sbin/$NAME +# Derive the socket-dir setting from /etc/powerdns/recursor.conf +# or fall back to the default /var/run if not specified there. +PIDDIR=$(awk -F= '/^socket-dir=/ {print $2}' /etc/powerdns/recursor.conf) +if [ -z "$PIDDIR" ]; then PIDDIR=/var/run; fi +PIDFILE=$PIDDIR/$NAME.pid + +# Gracefully exit if the package has been removed. +test -x $DAEMON || exit 0 + +# Read config file if it is present. +if [ -r /etc/default/pdns-recursor ]; then + . /etc/default/pdns-recursor +fi + +start() { +# Return +# 0 if daemon has been started / was already running +# >0 if daemon could not be started + start-stop-daemon --start --oknodo --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null || return 0 + start-stop-daemon --start --oknodo --quiet --pidfile $PIDFILE --exec $DAEMON || return 2 +} + +start_resolvconf() { + if [ "X$RESOLVCONF" = "Xyes" ] && [ -x /sbin/resolvconf ]; then + echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.pdns-recursor + fi + return 0 +} + +stop() { +# Return +# 0 if daemon has been stopped +# 1 if daemon was already stopped +# 2 if daemon could not be stopped +# other if a failure occured + start-stop-daemon --stop --quiet --retry=HUP/30/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + rm -f $PIDFILE + return "$RETVAL" +} + +stop_resolvconf() { + if [ "X$RESOLVCONF" = "Xyes" ] && [ -x /sbin/resolvconf ]; then + /sbin/resolvconf -d lo.pdns-recursor + fi + return 0 +} + +case "$1" in + start) + if [ "$START" != "yes" ]; then + log_begin_msg "Not starting $DESC -- disabled." + log_end_msg 0 + exit 0 + fi + log_daemon_msg "Starting $DESC" "pdns-recursor" + start + case "$?" in + 0) + start_resolvconf + break + ;; + 1) + log_progress_msg "(already running)" + break + ;; + *) + log_progress_msg " (failed)." + log_end_msg 1 + exit 1 + ;; + esac + log_end_msg 0 + ;; + stop) + stop_resolvconf + log_daemon_msg "Stopping $DESC" "pdns-recursor" + stop + case "$?" in + 0) + break + ;; + 1) + log_progress_msg "(not running)" + break + ;; + *) + log_progress_msg "(failed)" + log_end_msg 1 + exit 1 + ;; + esac + log_end_msg 0 + ;; + restart|force-reload) + if [ "$START" != "yes" ]; then + $0 stop + exit 0 + fi + log_daemon_msg "Restarting $DESC" "pdns-recursor" + stop + case "$?" in + 0|1) + start + case "$?" in + 0) + log_end_msg 0 + exit 0 + ;; + 1) + log_progress_msg "(failed -- old process still running)" + log_end_msg 1 + exit 1 + ;; + *) + log_progress_msg "(failed to start)" + log_end_msg 1 + exit 1 + ;; + esac + ;; + *) + log_progress_msg "(failed to stop)" + log_end_msg 1 + exit 1 + ;; + esac + ;; + force-stop) + killall -v -9 pdns_recursor + echo "killed" + ;; + status) + status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload|force-stop|status}" >&2 + exit 3 + ;; +esac + +exit 0 + diff --git a/build-scripts/debian-recursor/pdns-recursor.install b/build-scripts/debian-recursor/pdns-recursor.install new file mode 100644 index 0000000000..52c9542bab --- /dev/null +++ b/build-scripts/debian-recursor/pdns-recursor.install @@ -0,0 +1,3 @@ +debian/tmp/usr/sbin/pdns_recursor usr/sbin/ +debian/tmp/usr/bin/rec_control usr/bin/ +debian/config/recursor.conf etc/powerdns/ diff --git a/build-scripts/debian-recursor/pdns-recursor.logcheck.ignore.server b/build-scripts/debian-recursor/pdns-recursor.logcheck.ignore.server new file mode 100644 index 0000000000..f6e86ecedc --- /dev/null +++ b/build-scripts/debian-recursor/pdns-recursor.logcheck.ignore.server @@ -0,0 +1 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pdns_recursor\[[0-9]+\]: stats: .* diff --git a/build-scripts/debian-recursor/pdns-recursor.manpages b/build-scripts/debian-recursor/pdns-recursor.manpages new file mode 100644 index 0000000000..020a6a1edd --- /dev/null +++ b/build-scripts/debian-recursor/pdns-recursor.manpages @@ -0,0 +1,2 @@ +pdns_recursor.1 +rec_control.1 diff --git a/build-scripts/debian-recursor/pdns-recursor.postinst b/build-scripts/debian-recursor/pdns-recursor.postinst new file mode 100644 index 0000000000..64a99825f3 --- /dev/null +++ b/build-scripts/debian-recursor/pdns-recursor.postinst @@ -0,0 +1,43 @@ +#!/bin/sh +# +# + +set -e + +case "$1" in + configure) + if [ -z "`getent group pdns`" ]; then + addgroup --quiet --system pdns + fi + if [ -z "`getent passwd pdns`" ]; then + echo -n "Creating user and group pdns..." + adduser --quiet --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns + echo "done" + fi + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# Those using dependency based boot sequencing with sysv-rc and +# installing pdns-recursor version 3.1.7.1-2 or earlier would have wrong +# runlevel symlinks. Recover from this. +if [ "$1" = "configure" ] && dpkg --compare-versions "$2" le "3.1.7.1-2" \ + && [ -f /etc/rc2.d/S[0-9][0-9]pdns-recursor ] && [ ! -f /etc/rc1.d/K[0-9][0-9]pdns-recursor ] +then + update-rc.d -f pdns-recursor remove +fi + +# Init script has errors in previous versions. Postinst script should just +# return the exit status of this script +initscript_error() { + return $1 +} + +#DEBHELPER# + +exit 0 + diff --git a/build-scripts/debian-recursor/pdns-recursor.prerm b/build-scripts/debian-recursor/pdns-recursor.prerm new file mode 100644 index 0000000000..956c65e777 --- /dev/null +++ b/build-scripts/debian-recursor/pdns-recursor.prerm @@ -0,0 +1,27 @@ +#!/bin/sh +# +# Add an error handler to catch up with a fault in the pdns-recursor script. + +set -e + +# Set the old version. +MODE=$1 +OLDVERSION=$2 + +# Init script has errors in previous versions. +initscript_error() { + + # Versions older then 3.2-4 have a bug in the initscript. + if dpkg --compare-versions "$OLDVERSION" lt-nl "3.2-4" && + [ "$MODE" = "failed-upgrade" ]; then + + return 0 + fi + + return $1 +} + +#DEBHELPER# + +exit 0 + diff --git a/build-scripts/debian-recursor/pdns-recursor.service b/build-scripts/debian-recursor/pdns-recursor.service new file mode 100644 index 0000000000..53a644dec8 --- /dev/null +++ b/build-scripts/debian-recursor/pdns-recursor.service @@ -0,0 +1,12 @@ +[Unit] +Description=PowerDNS Recursor +Wants=network-online.target +After=network-online.target + +[Service] +Type=simple +ExecStart=/usr/sbin/pdns_recursor --daemon=no +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/build-scripts/debian-recursor/rules b/build-scripts/debian-recursor/rules new file mode 100755 index 0000000000..45e18265c0 --- /dev/null +++ b/build-scripts/debian-recursor/rules @@ -0,0 +1,31 @@ +#!/usr/bin/make -f + +# Enable lua +export LUA := 1 +export LUA_CPPFLAGS_CONFIG := $(shell pkg-config lua5.2 --cflags) +export LUA_LIBS_CONFIG := $(shell pkg-config lua5.2 --libs) + +# Enable hardening features for daemons +# Note: blhc (build log hardening check) will find these false positivies: CPPFLAGS 2 missing, LDFLAGS 1 missing +export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow,+pie +DPKG_EXPORT_BUILDFLAGS = 1 +# Include buildflags.mk so we can append to the vars it sets. +include /usr/share/dpkg/buildflags.mk + +# Vendor and version (after buildflags.mk so we don't overwrite CXXFLAGS) +version := $(shell dpkg-parsechangelog -SVersion).$(shell dpkg-vendor --query Vendor) +CXXFLAGS += -DPACKAGEVERSION='"$(version)"' + +# Use new build system +%: + dh $@ --with systemd --parallel + +override_dh_auto_install: + dh_auto_install -- STRIP_BINARIES=0 + +override_dh_strip: + dh_strip --dbg-package=pdns-recursor-dbg + +override_dh_installinit: + dh_installinit --error-handler=initscript_error -- defaults 19 85 + diff --git a/build-scripts/debian-recursor/source/format b/build-scripts/debian-recursor/source/format new file mode 100644 index 0000000000..163aaf8d82 --- /dev/null +++ b/build-scripts/debian-recursor/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/build-scripts/debian-recursor/tests/control b/build-scripts/debian-recursor/tests/control new file mode 100644 index 0000000000..a0a6fc4a76 --- /dev/null +++ b/build-scripts/debian-recursor/tests/control @@ -0,0 +1,3 @@ +Tests: smoke +Depends: @, dnsutils +Restrictions: needs-root diff --git a/build-scripts/debian-recursor/tests/smoke b/build-scripts/debian-recursor/tests/smoke new file mode 100755 index 0000000000..7970733642 --- /dev/null +++ b/build-scripts/debian-recursor/tests/smoke @@ -0,0 +1,31 @@ +#!/bin/bash +exec 2>&1 +set -ex + +cat <>/etc/powerdns/recursor.conf +auth-zones=example.org=/etc/powerdns/example.org.zone +EOF + +cat </etc/powerdns/example.org.zone +example.org. 172800 IN SOA ns1.example.org. dns.example.org. 1 10800 3600 604800 3600 +example.org. 172800 IN NS ns1.example.org. +smoke.example.org. 172800 IN A 127.0.0.123 +EOF + +service pdns-recursor restart + +TMPFILE=$(mktemp) +cleanup() { + rm -f "$TMPFILE" +} +trap cleanup EXIT + +dig @127.0.0.1 smoke.example.org 2>&1 | tee "$TMPFILE" + +if grep -c '127\.0\.0\.123' "$TMPFILE"; then + echo success +else + echo smoke could not be resolved + exit 1 +fi + diff --git a/build-scripts/debian-recursor/watch b/build-scripts/debian-recursor/watch new file mode 100644 index 0000000000..7e1873c782 --- /dev/null +++ b/build-scripts/debian-recursor/watch @@ -0,0 +1,3 @@ +# Site Directory Pattern Version Script +version=3 +http://downloads.powerdns.com/releases/ pdns-recursor-(.*)\.tar\.bz2 debian uupdate