From: Chris Hofstaedtler Date: Wed, 31 Mar 2021 14:10:56 +0000 (+0200) Subject: Update Debian packaging for Recursor X-Git-Tag: rec-4.9.0-alpha1~13^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F10072%2Fhead;p=thirdparty%2Fpdns.git Update Debian packaging for Recursor debhelper compat handling is different from Debian sid, because we try to support older distributions. --- diff --git a/builder-support/debian/recursor/debian-buster/README.source b/builder-support/debian/recursor/debian-buster/README.source deleted file mode 100644 index cf42723cec..0000000000 --- a/builder-support/debian/recursor/debian-buster/README.source +++ /dev/null @@ -1 +0,0 @@ -See /usr/share/doc/quilt/README.source diff --git a/builder-support/debian/recursor/debian-buster/configure-helpers/net-snmp-config b/builder-support/debian/recursor/debian-buster/configure-helpers/net-snmp-config new file mode 100755 index 0000000000..6d8d6e7d3e --- /dev/null +++ b/builder-support/debian/recursor/debian-buster/configure-helpers/net-snmp-config @@ -0,0 +1,21 @@ +#!/bin/bash + +if [ "$1" = "--cflags" ]; then + FLAGS=$(/usr/bin/net-snmp-config --cflags) + MYFLAGS="" + for flag in $FLAGS; do + if [[ "$flag" =~ -DNETSNMP* ]]; then + MYFLAGS="$MYFLAGS $flag" + fi + done + echo "$MYFLAGS" + exit 0 + +elif [ "$1" = "--netsnmp-agent-libs" ]; then + /usr/bin/net-snmp-config "$@" + exit $? + +else + echo "E: debian/configure-helpers/net-snmp-config: unknown flag $1" >&2 + exit 1 +fi diff --git a/builder-support/debian/recursor/debian-buster/control b/builder-support/debian/recursor/debian-buster/control index b5216671c5..c9325fc95e 100644 --- a/builder-support/debian/recursor/debian-buster/control +++ b/builder-support/debian/recursor/debian-buster/control @@ -1,29 +1,36 @@ Source: pdns-recursor Section: net -Priority: extra -Standards-Version: 4.1.2 -Maintainer: PowerDNS.COM BV +Maintainer: PowerDNS Autobuilder +Priority: optional +Standards-Version: 4.5.1 +Build-Conflicts: libboost-context-dev [mips mipsel] Build-Depends: debhelper (>= 10), dh-autoreconf, - libboost-all-dev, + libboost-context-dev [amd64 arm64 armel armhf i386 ppc64el], + libboost-dev, + libboost-program-options-dev, + libboost-system-dev, + libboost-test-dev, + libboost-thread-dev, libcap-dev, libcurl4-openssl-dev, - libluajit-5.1-dev [!arm64 !s390x], - liblua5.3-dev [arm64 s390x], libfstrm-dev, + libluajit-5.1-dev (>= 2.1.0~beta3+dfsg-5.3) [amd64 arm64] | libluajit-5.1-dev [amd64] | liblua5.3-dev, + libprotobuf-dev, libsnmp-dev, libsodium-dev, libssl-dev, - libsystemd-dev [linux-any], + libsystemd-dev, pkg-config, + protobuf-compiler, ragel, - systemd [linux-any] -Vcs-Git: https://anonscm.debian.org/git/pkg-dns/pdns-recursor.git -Vcs-Browser: https://anonscm.debian.org/cgit/pkg-dns/pdns-recursor.git + systemd Homepage: https://www.powerdns.com/ +Rules-Requires-Root: no Package: pdns-recursor Architecture: any +Pre-Depends: ${misc:Pre-Depends} Depends: adduser, dns-root-data, ${misc:Depends}, diff --git a/builder-support/debian/recursor/debian-buster/copyright b/builder-support/debian/recursor/debian-buster/copyright index 8aba47378c..b8e649b708 100644 --- a/builder-support/debian/recursor/debian-buster/copyright +++ b/builder-support/debian/recursor/debian-buster/copyright @@ -1,6 +1,7 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: PowerDNS Source: https://www.powerdns.com/downloads.html +Upstream-Contact: https://mailman.powerdns.com/mailman/listinfo/pdns-users Files: * Copyright: 2002 - 2022 PowerDNS.COM BV and contributors @@ -30,8 +31,8 @@ Files: debian/* Copyright: 2002 - 2004 Wichert Akkermann 2004 - 2013 Matthijs Möhlmann 2012 - 2013 Marc Haber - 2014 - 2016 Chris Hofstaedtler - 2016 PowerDNS.COM BV and contributors + 2014 - 2018 Chris Hofstaedtler + 2016 - 2018 PowerDNS.COM BV and contributors License: GPL-2 Files: ext/yahttp/* diff --git a/builder-support/debian/recursor/debian-buster/pdns-recursor.default b/builder-support/debian/recursor/debian-buster/pdns-recursor.default deleted file mode 100644 index db03e544a1..0000000000 --- a/builder-support/debian/recursor/debian-buster/pdns-recursor.default +++ /dev/null @@ -1,7 +0,0 @@ -# Variables for PowerDNS recursor init script. -# Not honored when systemd is the running init. -# -# Set START to yes to start the pdns-recursor -START=yes -# Run resolvconf? (Deprecated feature.) -RESOLVCONF=no diff --git a/builder-support/debian/recursor/debian-buster/pdns-recursor.init b/builder-support/debian/recursor/debian-buster/pdns-recursor.init deleted file mode 100644 index 8b0f44ed3e..0000000000 --- a/builder-support/debian/recursor/debian-buster/pdns-recursor.init +++ /dev/null @@ -1,175 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: pdns-recursor -# Required-Start: $network $remote_fs $syslog -# Required-Stop: $network $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: PowerDNS Recursor - Recursive DNS Server -# Description: PowerDNS Recursor - Recursive DNS Server -### END INIT INFO - -# -# Authors: Matthijs Möhlmann -# Christoph Haas -# -# Thanks to: -# Thomas Hood -# -# initscript for PowerDNS recursor - -# Load lsb stuff for systemd redirection (if available). -if [ -e /lib/lsb/init-functions ]; then - . /lib/lsb/init-functions -fi - -PATH=/sbin:/bin:/usr/sbin:/usr/bin -DESC="PowerDNS Recursor" -NAME=pdns_recursor -DAEMON=/usr/sbin/$NAME -# Derive the socket-dir setting from /etc/powerdns/recursor.conf -# or fall back to the default /var/run if not specified there. -PIDDIR=$(awk -F= '/^socket-dir=/ {print $2}' /etc/powerdns/recursor.conf) -if [ -z "$PIDDIR" ]; then PIDDIR=/var/run/pdns-recursor; mkdir -p $PIDDIR; fi -PIDFILE=$PIDDIR/$NAME.pid - -# Gracefully exit if the package has been removed. -test -x $DAEMON || exit 0 - -# Read config file if it is present. -if [ -r /etc/default/pdns-recursor ]; then - . /etc/default/pdns-recursor -fi - -start() { -# Return -# 0 if daemon has been started / was already running -# >0 if daemon could not be started - start-stop-daemon --start --oknodo --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null || return 0 - start-stop-daemon --start --oknodo --quiet --pidfile $PIDFILE --exec $DAEMON -- --daemon=yes || return 2 -} - -start_resolvconf() { - if [ "X$RESOLVCONF" = "Xyes" ] && [ -x /sbin/resolvconf ]; then - echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.pdns-recursor - fi - return 0 -} - -stop() { -# Return -# 0 if daemon has been stopped -# 1 if daemon was already stopped -# 2 if daemon could not be stopped -# other if a failure occurred - start-stop-daemon --stop --quiet --pidfile $PIDFILE --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - rm -f $PIDFILE - return "$RETVAL" -} - -stop_resolvconf() { - if [ "X$RESOLVCONF" = "Xyes" ] && [ -x /sbin/resolvconf ]; then - /sbin/resolvconf -d lo.pdns-recursor - fi - return 0 -} - -isrunning() -{ - /usr/bin/rec_control ping > /dev/null - return $? -} - -case "$1" in - start) - if [ "$START" != "yes" ]; then - echo "Not starting $DESC -- disabled." - exit 0 - fi - echo -n "Starting $DESC: $NAME ..." - start - case "$?" in - 0) - start_resolvconf - echo done - break - ;; - 1) - echo "already running" - break - ;; - *) - echo "failed" - exit 1 - ;; - esac - ;; - stop) - stop_resolvconf - echo -n "Stopping $DESC: $NAME ..." - stop - case "$?" in - 0) - echo done - break - ;; - 1) - echo "not running" - break - ;; - *) - echo "failed" - exit 1 - ;; - esac - ;; - restart|force-reload) - if [ "$START" != "yes" ]; then - $0 stop - exit 0 - fi - echo -n "Restarting $DESC ..." - stop - case "$?" in - 0|1) - start - case "$?" in - 0) - echo done - exit 0 - ;; - 1) - echo "failed -- old process still running" - exit 1 - ;; - *) - echo "failed to start" - exit 1 - ;; - esac - ;; - *) - echo "failed to stop" - exit 1 - ;; - esac - ;; - status) - if isrunning; then - echo "$NAME is running" - exit 0 - else - echo "$NAME is not running or not responding" - exit 3 - fi - ;; - *) - echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2 - exit 3 - ;; -esac - -exit 0 - diff --git a/builder-support/debian/recursor/debian-buster/pdns-recursor.lintian-overrides b/builder-support/debian/recursor/debian-buster/pdns-recursor.lintian-overrides index b7f625e555..d6aeec23c1 100644 --- a/builder-support/debian/recursor/debian-buster/pdns-recursor.lintian-overrides +++ b/builder-support/debian/recursor/debian-buster/pdns-recursor.lintian-overrides @@ -1,4 +1,2 @@ # Source carries OpenSSL Exception pdns-recursor: possible-gpl-code-linked-with-openssl -# We load lsb-functions conditionally. -pdns-recursor: init.d-script-needs-depends-on-lsb-base diff --git a/builder-support/debian/recursor/debian-buster/pdns-recursor.postinst b/builder-support/debian/recursor/debian-buster/pdns-recursor.postinst index 4e1da70992..5f83e9d07f 100644 --- a/builder-support/debian/recursor/debian-buster/pdns-recursor.postinst +++ b/builder-support/debian/recursor/debian-buster/pdns-recursor.postinst @@ -3,17 +3,8 @@ set -e case "$1" in configure) - if [ -z "`getent group pdns`" ]; then - addgroup --system pdns - fi - if [ -z "`getent passwd pdns`" ]; then - adduser --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns - fi - if [ "`stat -c '%U:%G' /etc/powerdns/recursor.conf`" = "root:root" ]; then - chown root:pdns /etc/powerdns/recursor.conf - # Make sure that pdns can read it; the default used to be 0600 - chmod g+r /etc/powerdns/recursor.conf - fi + addgroup --system pdns + adduser --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns ;; *) @@ -22,11 +13,6 @@ case "$1" in ;; esac -# Startup errors should never cause dpkg to fail. -initscript_error() { - return 0 -} - #DEBHELPER# exit 0 diff --git a/builder-support/debian/recursor/debian-buster/pdns-recursor.preinst b/builder-support/debian/recursor/debian-buster/pdns-recursor.preinst new file mode 100644 index 0000000000..691107c9ef --- /dev/null +++ b/builder-support/debian/recursor/debian-buster/pdns-recursor.preinst @@ -0,0 +1,30 @@ +#!/bin/sh +set -e + +delete_unchanged() { + if [ -e "$1" ] && echo "$2 $1" | md5sum --check --status; then + echo "Removing unchanged configuration file $1" + rm -f "$1" + fi +} + +backup_conffile() { + if [ -e "$1" ]; then + echo "Moving configuration file $1 to $1.dpkg-bak" + mv -f "$1" "$1".dpkg-bak + fi +} + +case "$1" in + install|upgrade) + # clean up files we no longer ship + delete_unchanged "/etc/default/pdns-recursor" a09916ceb17db9a49ac8cfa84790bf3b + delete_unchanged "/etc/default/pdns-recursor" 076b21b9b76d7ffecc918af47d2963c6 + backup_conffile "/etc/default/pdns-recursor" + delete_unchanged "/etc/init.d/pdns-recursor" e2ea0586c3d99fdbafb76483a769b964 + delete_unchanged "/etc/init.d/pdns-recursor" fb608ec5edc3d068213bac3480782355 + backup_conffile "/etc/init.d/pdns-recursor" + ;; +esac + +#DEBHELPER# diff --git a/builder-support/debian/recursor/debian-buster/pdns-recursor.prerm b/builder-support/debian/recursor/debian-buster/pdns-recursor.prerm deleted file mode 100644 index e78608ccf1..0000000000 --- a/builder-support/debian/recursor/debian-buster/pdns-recursor.prerm +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -set -e - -# Startup errors should never cause dpkg to fail. -initscript_error() { - return 0 -} - -#DEBHELPER# - -exit 0 diff --git a/builder-support/debian/recursor/debian-buster/rules b/builder-support/debian/recursor/debian-buster/rules index 651c627974..c393dcb0c0 100755 --- a/builder-support/debian/recursor/debian-buster/rules +++ b/builder-support/debian/recursor/debian-buster/rules @@ -1,80 +1,59 @@ #!/usr/bin/make -f -include /usr/share/dpkg/architecture.mk -include /usr/share/dpkg/pkg-info.mk -# Enable hardening features for daemons +# Turn on all hardening flags, as we're a networked daemon. # Note: blhc (build log hardening check) will find these false positives: CPPFLAGS 2 missing, LDFLAGS 1 missing -export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow,+pie +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/* DPKG_EXPORT_BUILDFLAGS = 1 -# Include buildflags.mk so we can append to the vars it sets. -include /usr/share/dpkg/buildflags.mk +include /usr/share/dpkg/default.mk -# Only enable systemd integration on Linux operating systems -ifeq ($(DEB_HOST_ARCH_OS),linux) -CONFIGURE_ARGS += --enable-systemd --with-systemd=/lib/systemd/system -DH_ARGS += --with systemd -else -CONFIGURE_ARGS += --disable-systemd -endif - -# Only disable luajit on arm64 -ifneq ($(DEB_HOST_ARCH),arm64) -CONFIGURE_ARGS += --with-lua=luajit -else -CONFIGURE_ARGS += --with-lua=lua5.3 -endif -# Use new build system %: - dh $@ \ - --with autoreconf \ - $(DH_ARGS) + dh $@ + +override_dh_auto_clean: + dh_auto_clean + rm -f dnslabeltext.cc + chmod +x mkpubsuffixcc || true override_dh_auto_configure: - dh_auto_configure -- \ + PATH=debian/configure-helpers/:$$PATH dh_auto_configure -- \ --sysconfdir=/etc/powerdns \ + --enable-systemd --with-systemd=/lib/systemd/system \ --enable-unit-tests \ - --with-libcap \ - --with-libsodium \ - --enable-dns-over-tls \ - --enable-dnstap \ - --with-net-snmp \ --disable-silent-rules \ --with-service-user=pdns \ --with-service-group=pdns \ - $(CONFIGURE_ARGS) + --with-libcap \ + --with-libsodium \ + --with-lua \ + --with-net-snmp \ + --enable-dns-over-tls \ + --enable-dnstap override_dh_auto_install: dh_auto_install install -d debian/pdns-recursor/usr/share/pdns-recursor/lua-config install -m 644 -t debian/pdns-recursor/usr/share/pdns-recursor/lua-config debian/lua-config/rootkeys.lua install -m 644 -t debian/pdns-recursor/etc/powerdns debian/recursor.lua + install -d debian/pdns-recursor/usr/share/pdns-recursor/snmp + install -m 644 -t debian/pdns-recursor/usr/share/pdns-recursor/snmp RECURSOR-MIB.txt rm -f debian/pdns-recursor/etc/powerdns/recursor.conf-dist - ./pdns_recursor --config=default | sed \ - -e 's!# config-dir=.*!config-dir=/etc/powerdns!' \ - -e 's!# include-dir=.*!&\ninclude-dir=/etc/powerdns/recursor.d!' \ - -e 's!# local-address=.*!local-address=127.0.0.1!' \ - -e 's!# lua-config-file=.*!lua-config-file=/etc/powerdns/recursor.lua!' \ - -e 's!# quiet=.*!quiet=yes!' \ - -e 's!# setgid=.*!setgid=pdns!' \ - -e 's!# setuid=.*!setuid=pdns!' \ - -e 's!# hint-file=.*!&\nhint-file=/usr/share/dns/root.hints!' \ + ./pdns_recursor --no-config --config=default | sed \ + -e 's!^# config-dir=.*!config-dir=/etc/powerdns!' \ + -e 's!^# hint-file=.*!&\nhint-file=/usr/share/dns/root.hints!' \ + -e 's!^# include-dir=.*!&\ninclude-dir=/etc/powerdns/recursor.d!' \ + -e 's!^# local-address=.*!local-address=127.0.0.1!' \ + -e 's!^# lua-config-file=.*!lua-config-file=/etc/powerdns/recursor.lua!' \ + -e 's!^# quiet=.*!quiet=yes!' \ -e '/^# version-string=.*/d' \ > debian/pdns-recursor/etc/powerdns/recursor.conf -override_dh_strip: - dh_strip --ddeb-migration='pdns-recursor-dbg' - -override_dh_installinit: - dh_installinit --error-handler=initscript_error +override_dh_auto_test: +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + dh_auto_test + -cat testrunner.log +endif override_dh_gencontrol: dh_gencontrol -- $(SUBSTVARS) - -override_dh_fixperms: - dh_fixperms -# these files often contain passwords. 640 as it is chowned to root:pdns - chmod 0640 debian/pdns-recursor/etc/powerdns/recursor.conf - -override_dh_builddeb: - dh_builddeb -- -Zgzip diff --git a/builder-support/debian/recursor/debian-buster/source.lintian-overrides b/builder-support/debian/recursor/debian-buster/source.lintian-overrides deleted file mode 100644 index 700fed037b..0000000000 --- a/builder-support/debian/recursor/debian-buster/source.lintian-overrides +++ /dev/null @@ -1,2 +0,0 @@ -# Source is in html/js/d3.js -pdns-recursor source: source-is-missing html/js/d3.v3.js line length is 32005 characters (>512) diff --git a/builder-support/debian/recursor/debian-buster/tests/control b/builder-support/debian/recursor/debian-buster/tests/control index a0a6fc4a76..bf44d57917 100644 --- a/builder-support/debian/recursor/debian-buster/tests/control +++ b/builder-support/debian/recursor/debian-buster/tests/control @@ -1,3 +1,4 @@ Tests: smoke -Depends: @, dnsutils +Depends: dnsutils, + @ Restrictions: needs-root diff --git a/builder-support/debian/recursor/debian-buster/tests/smoke b/builder-support/debian/recursor/debian-buster/tests/smoke index 7970733642..23f78fefe0 100755 --- a/builder-support/debian/recursor/debian-buster/tests/smoke +++ b/builder-support/debian/recursor/debian-buster/tests/smoke @@ -2,6 +2,12 @@ exec 2>&1 set -ex +restart_failed() { + echo E: service restart failed + journalctl -n200 --no-pager + exit 1 +} + cat <>/etc/powerdns/recursor.conf auth-zones=example.org=/etc/powerdns/example.org.zone EOF @@ -12,11 +18,11 @@ example.org. 172800 IN NS ns1.example.org. smoke.example.org. 172800 IN A 127.0.0.123 EOF -service pdns-recursor restart +service pdns-recursor restart || restart_failed TMPFILE=$(mktemp) cleanup() { - rm -f "$TMPFILE" + rm -f "$TMPFILE" } trap cleanup EXIT