Vladimír Čunát [Wed, 7 Aug 2019 07:36:13 +0000 (09:36 +0200)]
lua FFI: avoid frequent usage of lua_pushpointer()
The new way of transitioning to layer callbacks - done because of
portability (mainly to aarch64) - is a bit expensive. This is a simple
way of recovering that cost. Merge 603a24f regressed speed a bit.
Lukáš Ježek [Mon, 18 Nov 2019 11:16:42 +0000 (12:16 +0100)]
tests: packaging
Directory with subdirectory "packaging" is called "component".
List all components: python3 tests/packaging-doc.py --list
Run all tests/compoments: python3 tests/packaging-doc.py
Run specific test/component: python3 tests/packaging-doc.py --test <component>
The file structure for 1 component:
daemon - dependencies for 1 component "kresd daemon" (default component, must always be there)
scripts/distros - dependencies for 1 component for specific distro (must always be there)
scripts/dockerfile_gen.py - test Dockerfile generator, see below
tests/packaging.py - script to generate and build all combinations
of Docker files for all components
[component] - directory of component/test, see below
(e.g. "client/packaging/", "modules/http/packaging/" etc.)
The file structure of each component:
[component]
<distro>/<version> - package names
- builddeps - list of build depedencies
- rundeps - list of runtime depedencies
- pre-build.sh - script called before build phase
- post-build.sh - script called after build phase
- pre-run.sh - script called before run phase
- post-run.sh - script called after run phase
- install.sh and build.sh script called during build phase
test.config or test.sh - kresd config test or shell script
note: content of "scripts/distroos" is same as "<distro>/<version>" of component.
There are "build" and "run" phases. "build" phase precedes "run" phase.
All script are called in this order:
1. pre-<phase>.sh
2. install packages specifed in the file "<phase>deps"
3a. for "build" phase: run build.sh and install.sh
3b. for "run" phase: run 'kresd -c [component]/test.config' or config.sh
4. remove packages specified in the file "<phase>deps"
5. post-<phase>.sh
Each step above is combines base components with a component under test.
E.g. component "scripts/distros" always precedes component "daemon/packaging"
and it precedes the tested component e.g. "modules/http".
In long term we might migrate this to py.test or some other well known
framework.
Petr Špaček [Tue, 22 Oct 2019 10:03:30 +0000 (12:03 +0200)]
doh debug: rename SSLKEYLOG environment variable to OPENSSLKEYLOG
This avoids conflict between GnuTLS's built-in SSLKEYLOG and our hack
for OpenSSL. This would be important for instances which run
DNS-over-TLS using built-in GnuTLS
and at the same time DNS-over-HTTPS using lua-http (based on OpenSSL).
Vladimír Čunát [Thu, 24 Oct 2019 08:35:31 +0000 (10:35 +0200)]
cache entry_list: fix crash on insertion via lua
When inserting NS or xNAME, we could get into this place with
qry == NULL, and we'd crash when trying to use the memory pool.
Let's simply use the stack instead.
Vladimír Čunát [Fri, 15 Nov 2019 12:22:11 +0000 (13:22 +0100)]
daemon/udp_queue: add a ref-unref pair
I must admit I don't really understand why we had a rare case
of use-after-free in the sendmmsg call, but this change should avoid
that without affecting anything else.
Tomas Krizek [Fri, 8 Nov 2019 12:18:43 +0000 (13:18 +0100)]
meson: remove upper version limit for knot
The advanced version comparison was isn't implemeted in meson 0.46,
which is used for CentOS 7 and it caused build issue with development
version of Knot.
Tomas Krizek [Thu, 17 Oct 2019 08:37:44 +0000 (10:37 +0200)]
systemd/kresd: fix dependency on network-online.target
The missing Wants= and After= directives for network-online.target
made it possible for kresd to start before network interfaces were
properly initialized and configured with IP addresses, leading to a
failure to bind to addresses.
Tomas Krizek [Mon, 7 Oct 2019 11:21:30 +0000 (13:21 +0200)]
ci: remove pkg:epel-7 pkg:fedora-29 jobs
These jobs started to suddenly fail inexplicably. They also
require privileged mode and are a mess in general
Build and packaging for these distros is handled by nightly OBS builds
nowadays, so let's remove these.
Perhaps in the future, it might make sense ot bring back some sensible
CentOS 7 build (without the packaging part) to make sure we keep
compatibility with older GnuTLS on every commit / MR, instead of
nightly.
I'm really sorry; I didn't notice and it only hit parts that
*apparently* aren't tested normally. Only 32-bit systems would be
affected, due to the structure only changing ABI on 32-bit systems.
Vladimír Čunát [Tue, 24 Sep 2019 13:17:41 +0000 (15:17 +0200)]
lib/nsrep: randomize the order of NS names
... as input into the *unchanged* algorithm (which is ugly).
This partially addresses the problem attempted by reverted commit,
and it also improves some other properties of the algorithm.
Vladimír Čunát [Tue, 3 Sep 2019 14:33:50 +0000 (16:33 +0200)]
validator: trim TTLs by RRSIG's expiration and original TTL
A down-side is that validation can now modify the validated RRset
on success. I checked all transitive call sites that it's OK.
The change is pretty simple; I just hand-tested it a bit with faketime.
Vladimír Čunát [Tue, 17 Sep 2019 15:42:05 +0000 (17:42 +0200)]
modules/policy: DENY home.arpa. and local. domains
- home.arpa.: 4. from https://tools.ietf.org/html/rfc8375#section-4
- local.: 4. from https://tools.ietf.org/html/rfc6762#section-22.1
Well, it's just an approximation... if the user specifies a forwarding
policy, any special names will also get forwarded, even though the RFC
says not to. And this code will also reply NXDOMAIN to home.arpa. DS.
Some of these DENY rules are perhaps unnecessary, but for now we keep
the same approach. For arguments see the MR 855 thread and linked ML.
projects / thirdparty / knot-resolver.git / log
