From: Pieter Lexis Date: Thu, 28 Dec 2017 16:44:14 +0000 (+0100) Subject: Builder: Add debian stretch for recursor X-Git-Tag: dnsdist-1.3.3~83^2~35 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=decc61734c2233ffcdc88d052554072f03b38bf7;p=thirdparty%2Fpdns.git Builder: Add debian stretch for recursor --- diff --git a/builder-support/debian/recursor/debian-stretch/README.source b/builder-support/debian/recursor/debian-stretch/README.source new file mode 100644 index 0000000000..cf42723cec --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/README.source @@ -0,0 +1 @@ +See /usr/share/doc/quilt/README.source diff --git a/builder-support/debian/recursor/debian-stretch/compat b/builder-support/debian/recursor/debian-stretch/compat new file mode 100644 index 0000000000..f599e28b8a --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/compat @@ -0,0 +1 @@ +10 diff --git a/builder-support/debian/recursor/debian-stretch/control b/builder-support/debian/recursor/debian-stretch/control new file mode 100644 index 0000000000..e37ee34ac4 --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/control @@ -0,0 +1,30 @@ +Source: pdns-recursor +Section: net +Priority: extra +Standards-Version: 4.1.2 +Maintainer: Debian DNS Packaging +Uploaders: Chris Hofstaedtler , + Marc Haber +Build-Depends: debhelper (>= 10~), + libboost-all-dev, + libluajit-5.1-dev, + libprotobuf-dev, + libsodium-dev, + libssl-dev, + libsystemd-dev [linux-any], + pkg-config, + protobuf-compiler, + ragel +Vcs-Git: https://anonscm.debian.org/git/pkg-dns/pdns-recursor.git +Vcs-Browser: https://anonscm.debian.org/cgit/pkg-dns/pdns-recursor.git +Homepage: https://www.powerdns.com/ + +Package: pdns-recursor +Architecture: any +Depends: adduser, + dns-root-data, + ${misc:Depends}, + ${shlibs:Depends} +Description: PowerDNS Recursor + High-performance resolving name server, utilizing multiple + processor and including Lua scripting capabilities. diff --git a/builder-support/debian/recursor/debian-stretch/copyright b/builder-support/debian/recursor/debian-stretch/copyright new file mode 100644 index 0000000000..75cd9a9b49 --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/copyright @@ -0,0 +1,107 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: PowerDNS +Source: https://www.powerdns.com/downloads.html + +Files: * +Copyright: 2002 - 2015 PowerDNS.COM BV and contributors +License: GPL-2 with OpenSSL Exception + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License version 2 + as published by the Free Software Foundation + . + In addition, for the avoidance of any doubt, permission is granted to + link this program with OpenSSL and to (re)distribute the binaries + produced as the result of such linking. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. + +Files: debian/* +Copyright: 2002 - 2004 Wichert Akkermann + 2004 - 2013 Matthijs Möhlmann + 2012 - 2013 Marc Haber + 2014 - 2016 Christian Hofstaedtler + 2016 PowerDNS.COM BV and contributors +License: GPL-2 + +Files: ext/yahttp/* +Copyright: 2014 Aki Tuomi +License: Expat + +Files: ext/json11/* +Copyright: 2013 Dropbox, Inc. +License: Expat + +Files: ext/luawrapper/* +Copyright: 2013, Pierre KRIEGER +License: BSD-3 + +License: BSD-3 + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + +License: GPL-2 + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. diff --git a/builder-support/debian/recursor/debian-stretch/gbp.conf b/builder-support/debian/recursor/debian-stretch/gbp.conf new file mode 100644 index 0000000000..9eee0d42b8 --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/gbp.conf @@ -0,0 +1,4 @@ +[DEFAULT] +pristine-tar = True +multimaint-merge = True +patch-numbers = False diff --git a/builder-support/debian/recursor/debian-stretch/pdns-recursor.default b/builder-support/debian/recursor/debian-stretch/pdns-recursor.default new file mode 100644 index 0000000000..db03e544a1 --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/pdns-recursor.default @@ -0,0 +1,7 @@ +# Variables for PowerDNS recursor init script. +# Not honored when systemd is the running init. +# +# Set START to yes to start the pdns-recursor +START=yes +# Run resolvconf? (Deprecated feature.) +RESOLVCONF=no diff --git a/builder-support/debian/recursor/debian-stretch/pdns-recursor.examples b/builder-support/debian/recursor/debian-stretch/pdns-recursor.examples new file mode 100644 index 0000000000..e55528c25c --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/pdns-recursor.examples @@ -0,0 +1 @@ +rrd diff --git a/builder-support/debian/recursor/debian-stretch/pdns-recursor.init b/builder-support/debian/recursor/debian-stretch/pdns-recursor.init new file mode 100644 index 0000000000..63390cf448 --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/pdns-recursor.init @@ -0,0 +1,175 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: pdns-recursor +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: PowerDNS Recursor - Recursive DNS Server +# Description: PowerDNS Recursor - Recursive DNS Server +### END INIT INFO + +# +# Authors: Matthijs Möhlmann +# Christoph Haas +# +# Thanks to: +# Thomas Hood +# +# initscript for PowerDNS recursor + +# Load lsb stuff for systemd redirection (if available). +if [ -e /lib/lsb/init-functions ]; then + . /lib/lsb/init-functions +fi + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DESC="PowerDNS Recursor" +NAME=pdns_recursor +DAEMON=/usr/sbin/$NAME +# Derive the socket-dir setting from /etc/powerdns/recursor.conf +# or fall back to the default /var/run if not specified there. +PIDDIR=$(awk -F= '/^socket-dir=/ {print $2}' /etc/powerdns/recursor.conf) +if [ -z "$PIDDIR" ]; then PIDDIR=/var/run; fi +PIDFILE=$PIDDIR/$NAME.pid + +# Gracefully exit if the package has been removed. +test -x $DAEMON || exit 0 + +# Read config file if it is present. +if [ -r /etc/default/pdns-recursor ]; then + . /etc/default/pdns-recursor +fi + +start() { +# Return +# 0 if daemon has been started / was already running +# >0 if daemon could not be started + start-stop-daemon --start --oknodo --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null || return 0 + start-stop-daemon --start --oknodo --quiet --pidfile $PIDFILE --exec $DAEMON -- --daemon=yes || return 2 +} + +start_resolvconf() { + if [ "X$RESOLVCONF" = "Xyes" ] && [ -x /sbin/resolvconf ]; then + echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.pdns-recursor + fi + return 0 +} + +stop() { +# Return +# 0 if daemon has been stopped +# 1 if daemon was already stopped +# 2 if daemon could not be stopped +# other if a failure occured + start-stop-daemon --stop --quiet --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + rm -f $PIDFILE + return "$RETVAL" +} + +stop_resolvconf() { + if [ "X$RESOLVCONF" = "Xyes" ] && [ -x /sbin/resolvconf ]; then + /sbin/resolvconf -d lo.pdns-recursor + fi + return 0 +} + +isrunning() +{ + /usr/bin/rec_control ping > /dev/null + return $? +} + +case "$1" in + start) + if [ "$START" != "yes" ]; then + echo "Not starting $DESC -- disabled." + exit 0 + fi + echo -n "Starting $DESC: $NAME ..." + start + case "$?" in + 0) + start_resolvconf + echo done + break + ;; + 1) + echo "already running" + break + ;; + *) + echo "failed" + exit 1 + ;; + esac + ;; + stop) + stop_resolvconf + echo -n "Stopping $DESC: $NAME ..." + stop + case "$?" in + 0) + echo done + break + ;; + 1) + echo "not running" + break + ;; + *) + echo "failed" + exit 1 + ;; + esac + ;; + restart|force-reload) + if [ "$START" != "yes" ]; then + $0 stop + exit 0 + fi + echo -n "Restarting $DESC ..." + stop + case "$?" in + 0|1) + start + case "$?" in + 0) + echo done + exit 0 + ;; + 1) + echo "failed -- old process still running" + exit 1 + ;; + *) + echo "failed to start" + exit 1 + ;; + esac + ;; + *) + echo "failed to stop" + exit 1 + ;; + esac + ;; + status) + if isrunning; then + echo "$NAME is running" + exit 0 + else + echo "$NAME is not running or not responding" + exit 3 + fi + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2 + exit 3 + ;; +esac + +exit 0 + diff --git a/builder-support/debian/recursor/debian-stretch/pdns-recursor.lintian-overrides b/builder-support/debian/recursor/debian-stretch/pdns-recursor.lintian-overrides new file mode 100644 index 0000000000..b7f625e555 --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/pdns-recursor.lintian-overrides @@ -0,0 +1,4 @@ +# Source carries OpenSSL Exception +pdns-recursor: possible-gpl-code-linked-with-openssl +# We load lsb-functions conditionally. +pdns-recursor: init.d-script-needs-depends-on-lsb-base diff --git a/builder-support/debian/recursor/debian-stretch/pdns-recursor.logcheck.ignore.server b/builder-support/debian/recursor/debian-stretch/pdns-recursor.logcheck.ignore.server new file mode 100644 index 0000000000..f6e86ecedc --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/pdns-recursor.logcheck.ignore.server @@ -0,0 +1 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pdns_recursor\[[0-9]+\]: stats: .* diff --git a/builder-support/debian/recursor/debian-stretch/pdns-recursor.manpages b/builder-support/debian/recursor/debian-stretch/pdns-recursor.manpages new file mode 100644 index 0000000000..020a6a1edd --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/pdns-recursor.manpages @@ -0,0 +1,2 @@ +pdns_recursor.1 +rec_control.1 diff --git a/builder-support/debian/recursor/debian-stretch/pdns-recursor.postinst b/builder-support/debian/recursor/debian-stretch/pdns-recursor.postinst new file mode 100644 index 0000000000..1c32de2854 --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/pdns-recursor.postinst @@ -0,0 +1,23 @@ +#!/bin/sh +set -e + +case "$1" in + configure) + addgroup --system pdns + adduser --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# Startup errors should never cause dpkg to fail. +initscript_error() { + return 0 +} + +#DEBHELPER# + +exit 0 diff --git a/builder-support/debian/recursor/debian-stretch/pdns-recursor.prerm b/builder-support/debian/recursor/debian-stretch/pdns-recursor.prerm new file mode 100644 index 0000000000..e78608ccf1 --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/pdns-recursor.prerm @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Startup errors should never cause dpkg to fail. +initscript_error() { + return 0 +} + +#DEBHELPER# + +exit 0 diff --git a/builder-support/debian/recursor/debian-stretch/rules b/builder-support/debian/recursor/debian-stretch/rules new file mode 100755 index 0000000000..8e8219610a --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/rules @@ -0,0 +1,53 @@ +#!/usr/bin/make -f +DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) + +# Enable hardening features for daemons +# Note: blhc (build log hardening check) will find these false positivies: CPPFLAGS 2 missing, LDFLAGS 1 missing +export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow,+pie +DPKG_EXPORT_BUILDFLAGS = 1 +# Include buildflags.mk so we can append to the vars it sets. +include /usr/share/dpkg/buildflags.mk + +# Disable systemd integration on non-linux archs +ifeq ($(DEB_HOST_ARCH_OS),linux) +CONFIGURE_ARGS += --enable-systemd --with-systemd=/lib/systemd/system +else +CONFIGURE_ARGS += --disable-systemd +endif + + +# Use new build system +%: + dh $@ + +override_dh_auto_configure: + dh_auto_configure -- \ + --sysconfdir=/etc/powerdns \ + --enable-unit-tests \ + --with-luajit \ + --enable-libsodium \ + --with-protobuf=yes \ + --without-net-snmp \ + $(CONFIGURE_ARGS) + +override_dh_auto_install: + dh_auto_install + rm -f debian/pdns-recursor/etc/powerdns/recursor.conf-dist + ./pdns_recursor --no-config --config | sed \ + -e 's!# config-dir=.*!config-dir=/etc/powerdns!' \ + -e 's!# local-address=.*!local-address=127.0.0.1!' \ + -e 's!# quiet=.*!quiet=yes!' \ + -e 's!# setgid=.*!setgid=pdns!' \ + -e 's!# setuid=.*!setuid=pdns!' \ + -e 's!# hint-file=.*!&\nhint-file=/usr/share/dns/root.hints!' \ + -e 's!# security-poll-suffix=.*!&\nsecurity-poll-suffix=!' \ + > debian/pdns-recursor/etc/powerdns/recursor.conf + +override_dh_strip: + dh_strip --ddeb-migration='pdns-recursor-dbg' + +override_dh_installinit: + dh_installinit --error-handler=initscript_error + +override_dh_gencontrol: + dh_gencontrol -- $(SUBSTVARS) diff --git a/builder-support/debian/recursor/debian-stretch/source.lintian-overrides b/builder-support/debian/recursor/debian-stretch/source.lintian-overrides new file mode 100644 index 0000000000..700fed037b --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/source.lintian-overrides @@ -0,0 +1,2 @@ +# Source is in html/js/d3.js +pdns-recursor source: source-is-missing html/js/d3.v3.js line length is 32005 characters (>512) diff --git a/builder-support/debian/recursor/debian-stretch/source/format b/builder-support/debian/recursor/debian-stretch/source/format new file mode 100644 index 0000000000..163aaf8d82 --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/builder-support/debian/recursor/debian-stretch/tests/control b/builder-support/debian/recursor/debian-stretch/tests/control new file mode 100644 index 0000000000..a0a6fc4a76 --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/tests/control @@ -0,0 +1,3 @@ +Tests: smoke +Depends: @, dnsutils +Restrictions: needs-root diff --git a/builder-support/debian/recursor/debian-stretch/tests/smoke b/builder-support/debian/recursor/debian-stretch/tests/smoke new file mode 100755 index 0000000000..7970733642 --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/tests/smoke @@ -0,0 +1,31 @@ +#!/bin/bash +exec 2>&1 +set -ex + +cat <>/etc/powerdns/recursor.conf +auth-zones=example.org=/etc/powerdns/example.org.zone +EOF + +cat </etc/powerdns/example.org.zone +example.org. 172800 IN SOA ns1.example.org. dns.example.org. 1 10800 3600 604800 3600 +example.org. 172800 IN NS ns1.example.org. +smoke.example.org. 172800 IN A 127.0.0.123 +EOF + +service pdns-recursor restart + +TMPFILE=$(mktemp) +cleanup() { + rm -f "$TMPFILE" +} +trap cleanup EXIT + +dig @127.0.0.1 smoke.example.org 2>&1 | tee "$TMPFILE" + +if grep -c '127\.0\.0\.123' "$TMPFILE"; then + echo success +else + echo smoke could not be resolved + exit 1 +fi + diff --git a/builder-support/debian/recursor/debian-stretch/watch b/builder-support/debian/recursor/debian-stretch/watch new file mode 100644 index 0000000000..dbdba00d11 --- /dev/null +++ b/builder-support/debian/recursor/debian-stretch/watch @@ -0,0 +1,3 @@ +# Site Directory Pattern Version Script +version=3 +opts="pgpsigurlmangle=s/$/.asc/,versionmangle=s/-(alpha|beta|rc)/~$1/" https://downloads.powerdns.com/releases/ pdns-recursor-(.*)\.tar\.bz2 debian uupdate diff --git a/builder-support/dockerfiles/Dockerfile.debbuild b/builder-support/dockerfiles/Dockerfile.debbuild index 2797117c41..ea2ea8cdf8 100644 --- a/builder-support/dockerfiles/Dockerfile.debbuild +++ b/builder-support/dockerfiles/Dockerfile.debbuild @@ -9,6 +9,12 @@ RUN PDNS_TEST_NO_IPV6=1 builder/helpers/build-debs.sh pdns-${BUILDER_VERSION} RUN mv pdns*${BUILDER_VERSION}*.deb /dist @ENDIF +@IF [ ! -z "$M_recursor" ] +RUN builder/helpers/build-debs.sh pdns-recursor-${BUILDER_VERSION} + +RUN mv pdns-recursor*${BUILDER_VERSION}*.deb /dist +@ENDIF + @IF [ ! -z "$M_dnsdist" ] RUN builder/helpers/build-debs.sh dnsdist-${BUILDER_VERSION} diff --git a/builder-support/dockerfiles/Dockerfile.debbuild-prepare b/builder-support/dockerfiles/Dockerfile.debbuild-prepare index d70dda7998..f466341dfc 100644 --- a/builder-support/dockerfiles/Dockerfile.debbuild-prepare +++ b/builder-support/dockerfiles/Dockerfile.debbuild-prepare @@ -19,6 +19,10 @@ COPY --from=sdist /sdist /sdist RUN tar xvf /sdist/pdns-${BUILDER_VERSION}.tar.bz2 @ENDIF +@IF [ ! -z "$M_recursor" ] +RUN tar xvf /sdist/pdns-recursor-${BUILDER_VERSION}.tar.bz2 +@ENDIF + @IF [ ! -z "$M_dnsdist" ] RUN tar xvf /sdist/dnsdist-${BUILDER_VERSION}.tar.bz2 @ENDIF diff --git a/builder-support/dockerfiles/Dockerfile.target.debian-stretch b/builder-support/dockerfiles/Dockerfile.target.debian-stretch index 671ac8341c..cff29d3904 100644 --- a/builder-support/dockerfiles/Dockerfile.target.debian-stretch +++ b/builder-support/dockerfiles/Dockerfile.target.debian-stretch @@ -11,6 +11,10 @@ RUN apt-get update && apt-get -y dist-upgrade ADD builder-support/debian/authoritative/debian-stretch/ pdns-${BUILDER_VERSION}/debian/ @ENDIF +@IF [ ! -z "$M_recursor" ] +ADD builder-support/debian/recursor/debian-stretch/ pdns-recursor-${BUILDER_VERSION}/debian/ +@ENDIF + @IF [ ! -z "$M_dnsdist" ] ADD builder-support/debian/dnsdist/debian-stretch/ dnsdist-${BUILDER_VERSION}/debian/ @ENDIF