From: Remi Gacogne Date: Wed, 27 Sep 2023 09:39:57 +0000 (+0200) Subject: builder-support: Build dnsdist with Quiche for DNS over QUIC support X-Git-Tag: rec-5.0.0-alpha2~6^2~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=db2064457cad579002f6efb4114baf91c005641e;p=thirdparty%2Fpdns.git builder-support: Build dnsdist with Quiche for DNS over QUIC support Except on el-7 where the `clang` version needed to build the `boring-sys`crate for `Quiche` is too old. --- diff --git a/builder-support/debian/dnsdist/debian-buster/copyright b/builder-support/debian/dnsdist/debian-buster/copyright index 761250f2bf..5fbb602069 100644 --- a/builder-support/debian/dnsdist/debian-buster/copyright +++ b/builder-support/debian/dnsdist/debian-buster/copyright @@ -77,6 +77,10 @@ Files: src_js/rickshaw.js Copyright: 2011-2014 by Shutterstock Images, LLC License: Expat +Files: */libdnsdist-quiche.so +Copyright: 2018-2019, Cloudflare, Inc. +License: BSD-2-clause + License: Unlicense This is free and unencumbered software released into the public domain. . @@ -144,6 +148,26 @@ License: Expat OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +License: BSD-2-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + License: BSD-3 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/builder-support/debian/dnsdist/debian-buster/rules b/builder-support/debian/dnsdist/debian-buster/rules index e9a2a8cf1a..6f96e26978 100755 --- a/builder-support/debian/dnsdist/debian-buster/rules +++ b/builder-support/debian/dnsdist/debian-buster/rules @@ -49,16 +49,18 @@ override_dh_auto_configure: --libexecdir='$${prefix}/lib' \ --enable-lto=thin \ --enable-dns-over-https \ + --enable-dns-over-quic \ --enable-dns-over-tls \ --enable-dnscrypt \ --enable-dnstap \ + --with-ebpf \ --with-gnutls \ --with-h2o \ --with-net-snmp \ --with-libcap \ --with-libsodium \ + --with-quiche \ --with-re2 \ - --with-ebpf \ --with-service-user='_dnsdist' \ --with-service-group='_dnsdist' \ $(CONFIGURE_ARGS) @@ -68,6 +70,7 @@ override_dh_auto_build-arch: override_dh_install: dh_auto_install + install -Dm644 /usr/lib/libdnsdist-quiche.so debian/dnsdist/usr/lib/libdnsdist-quiche.so ifeq ($(DEB_HOST_ARCH_BITS),32) echo RestrictAddressFamilies is broken on 32bit, removing it from service file perl -ni -e 'print unless /RestrictAddressFamilies/' debian/dnsdist/lib/systemd/system/*.service diff --git a/builder-support/dockerfiles/Dockerfile.debbuild-prepare b/builder-support/dockerfiles/Dockerfile.debbuild-prepare index bf86ab18bd..64a5d401c5 100644 --- a/builder-support/dockerfiles/Dockerfile.debbuild-prepare +++ b/builder-support/dockerfiles/Dockerfile.debbuild-prepare @@ -12,6 +12,12 @@ ADD builder-support/helpers/ /pdns/builder-support/helpers/ RUN /pdns/builder-support/helpers/install_rust.sh @ENDIF +@IF [ -n "$M_dnsdist$M_all" ] +RUN /pdns/builder-support/helpers/install_rust.sh +RUN DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends git cmake clang +RUN /pdns/builder-support/helpers/install_quiche.sh +@ENDIF + # Used for -p option to only build specific packages ARG BUILDER_PACKAGE_MATCH diff --git a/builder-support/dockerfiles/Dockerfile.rpmbuild b/builder-support/dockerfiles/Dockerfile.rpmbuild index 82334e51f1..9ec0f3c4ed 100644 --- a/builder-support/dockerfiles/Dockerfile.rpmbuild +++ b/builder-support/dockerfiles/Dockerfile.rpmbuild @@ -19,6 +19,16 @@ ADD builder-support/helpers/ /pdns/builder-support/helpers/ RUN /pdns/builder-support/helpers/install_rust.sh @ENDIF +@IF [ -n "$M_dnsdist$M_all" ] +RUN /pdns/builder-support/helpers/install_rust.sh +# We do not build Quiche (DNS over QUIC support) on el-7 because the clang +# version is too old to build the 'boring-sys' crate needed by Quiche +RUN if ! $(grep -q 'release 7' /etc/redhat-release); then \ + yum install -y git cmake clang; \ + /pdns/builder-support/helpers/install_quiche.sh; \ + fi +@ENDIF + # Used for -p option to only build specific spec files ARG BUILDER_PACKAGE_MATCH diff --git a/builder-support/helpers/install_quiche.sh b/builder-support/helpers/install_quiche.sh new file mode 100755 index 0000000000..1c0b559283 --- /dev/null +++ b/builder-support/helpers/install_quiche.sh @@ -0,0 +1,30 @@ +#!/bin/sh +set -v +set -e + +readonly QUICHE_VERSION='0.18.0' +readonly QUICHE_TARBALL="${QUICHE_VERSION}.tar.gz" +readonly QUICHE_TARBALL_URL="https://github.com/cloudflare/quiche/archive/${QUICHE_TARBALL}" +readonly QUICHE_TARBALL_HASH='eb242a14c4d801a90b57b6021dd29f7a62099f3a4d7a7ba889e105f8328e6c1f' + +cd /tmp +echo $0: Downloading $QUICHE_TARBALL +curl -L -o "${QUICHE_TARBALL}" "${QUICHE_TARBALL_URL}" +# Line below should echo two spaces between digest and name +echo "${QUICHE_TARBALL_HASH}" "${QUICHE_TARBALL}" | sha256sum -c - +tar xf "${QUICHE_TARBALL}" +cd "quiche-${QUICHE_VERSION}" +RUST_BACKTRACE=1 cargo build --release --no-default-features --features ffi,boringssl-boring-crate --package quiche +install -Dm644 quiche/include/quiche.h /usr/include +install -Dm644 target/release/libquiche.so /usr/lib/libdnsdist-quiche.so +install -Dm644 /dev/stdin /usr/lib/pkgconfig/quiche.pc <= 7 - --with-gnutls \ - --enable-dnstap \ - --with-lua=%{lua_implementation} \ - --with-libcap \ - --with-libsodium \ --enable-dnscrypt \ + --enable-dnstap \ --enable-dns-over-https \ --enable-systemd --with-systemd=%{_unitdir} \ - --with-re2 \ + --with-gnutls \ + --with-libcap \ + --with-libsodium \ + --with-lua=%{lua_implementation} \ --with-net-snmp \ - PKG_CONFIG_PATH=/opt/lib64/pkgconfig + --with-re2 \ +%if 0%{?rhel} >= 8 + --enable-dns-over-quic \ + --with-quiche \ +%endif + PKG_CONFIG_PATH=/usr/lib/pkgconfig:/opt/lib64/pkgconfig %endif make %{?_smp_mflags} @@ -110,6 +114,9 @@ make %{?_smp_mflags} check || (cat test-suite.log && false) %install %make_install install -d %{buildroot}/%{_sysconfdir}/dnsdist +%if 0%{?rhel} >= 8 +install -Dm644 /usr/lib/libdnsdist-quiche.so %{buildroot}/%{_libdir}/libdnsdist-quiche.so +%endif %{__mv} %{buildroot}%{_sysconfdir}/dnsdist/dnsdist.conf-dist %{buildroot}%{_sysconfdir}/dnsdist/dnsdist.conf chmod 0640 %{buildroot}/%{_sysconfdir}/dnsdist/dnsdist.conf @@ -149,6 +156,9 @@ systemctl daemon-reload ||: %{!?_licensedir:%global license %%doc} %doc README.md %{_bindir}/* +%if 0%{?rhel} >= 8 +%{_libdir}/libdnsdist-quiche.so +%endif %{_mandir}/man1/* %dir %{_sysconfdir}/dnsdist %attr(-, root, dnsdist) %config(noreplace) %{_sysconfdir}/%{name}/dnsdist.conf