From c442531a6f13af1c1b1f380c23de96963db32d1b Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Wed, 17 Apr 2019 15:13:28 +0200
Subject: [PATCH] systemd: use 44353 for DoH port

Using 443 as the default port presents too many packaging challenges.
DoH requires configuration to be useful anyway, so users are free to
override this value as they see fit.
---
 distro/arch/PKGBUILD                                       | 5 -----
 distro/deb/knot-resolver-module-http.links                 | 1 -
 distro/rpm/knot-resolver.spec                              | 7 -------
 .../knot_resolver/tasks/configure_doh_nosocket.yaml        | 2 +-
 .../tests/ansible-roles/knot_resolver/tasks/test_doh.yaml  | 2 +-
 systemd/kresd-doh.socket                                   | 4 ++--
 6 files changed, 4 insertions(+), 17 deletions(-)

diff --git a/distro/arch/PKGBUILD b/distro/arch/PKGBUILD
index 94080fddd..69052b3f4 100644
--- a/distro/arch/PKGBUILD
+++ b/distro/arch/PKGBUILD
@@ -65,11 +65,6 @@ package() {
     install -d -m 0755 "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants"
     ln -s ../kresd.target "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants/kresd.target"
 
-    # mask kresd-doh.socket, kresd-webmgmt.socket by default (unmask if using http module)
-    install -d -m 0755 "${pkgdir}/etc/systemd/system"
-    ln -s /dev/null "${pkgdir}/etc/systemd/system/kresd-doh.socket"
-    ln -s /dev/null "${pkgdir}/etc/systemd/system/kresd-webmgmt.socket"
-
     # remove modules with missing dependencies
     rm "${pkgdir}/usr/lib/knot-resolver/kres_modules/etcd.lua"
 }
diff --git a/distro/deb/knot-resolver-module-http.links b/distro/deb/knot-resolver-module-http.links
index bf86610c2..4963c5cb9 100644
--- a/distro/deb/knot-resolver-module-http.links
+++ b/distro/deb/knot-resolver-module-http.links
@@ -1,4 +1,3 @@
-dev/null etc/systemd/system/kresd-doh.socket
 usr/share/javascript/bootstrap/css/bootstrap-theme.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap-theme.min.css
 usr/share/javascript/bootstrap/css/bootstrap.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap.min.css
 usr/share/javascript/bootstrap/js/bootstrap.min.js usr/lib/knot-resolver/kres_modules/http/bootstrap.min.js
diff --git a/distro/rpm/knot-resolver.spec b/distro/rpm/knot-resolver.spec
index 36cc53148..cc72adad4 100644
--- a/distro/rpm/knot-resolver.spec
+++ b/distro/rpm/knot-resolver.spec
@@ -192,12 +192,6 @@ rm %{buildroot}%{_unitdir}/kresd-doh.socket
 rm %{buildroot}%{_unitdir}/kresd-webmgmt.socket
 %endif
 
-%if 0%{?fedora}
-# mask kresd-doh.socket by default
-install -d -m 0755 %{buildroot}%{_sysconfdir}/systemd/system
-ln -s /dev/null %{buildroot}%{_sysconfdir}/systemd/system/kresd-doh.socket
-%endif
-
 # rename doc directory for centos, opensuse
 %if "x%{?fedora}" == "x"
 install -m 755 -d %{buildroot}/%{_pkgdocdir}
@@ -302,7 +296,6 @@ getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysc
 %if 0%{?fedora}
 %{_unitdir}/kresd@.service.d/module-http.conf
 %{_unitdir}/kresd-doh.socket
-%{_sysconfdir}/systemd/system/kresd-doh.socket
 %{_unitdir}/kresd-webmgmt.socket
 %endif
 %{_libdir}/knot-resolver/kres_modules/http
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh_nosocket.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh_nosocket.yaml
index 725362565..758fa7be3 100644
--- a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh_nosocket.yaml
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh_nosocket.yaml
@@ -3,7 +3,7 @@
   blockinfile:
     marker: -- {mark} ANSIBLE MANAGED BLOCK
     block: |
-      net.listen('127.0.0.1', 443, { kind = 'doh' })
+      net.listen('127.0.0.1', 44353, { kind = 'doh' })
       modules.load('http')
     path: /etc/knot-resolver/kresd.conf
     insertbefore: BOF
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml
index fca095e7f..90a0b96c7 100644
--- a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml
@@ -1,7 +1,7 @@
 ---
 - name: doh_test query localhost. A
   get_url:
-    url: https://127.0.0.1:443/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB
+    url: https://127.0.0.1:44353/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB
     sha256sum: e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008
     dest: /tmp/doh_test
     validate_certs: false
diff --git a/systemd/kresd-doh.socket b/systemd/kresd-doh.socket
index ec0dde5db..c4d0e0204 100644
--- a/systemd/kresd-doh.socket
+++ b/systemd/kresd-doh.socket
@@ -8,8 +8,8 @@ Before=sockets.target
 FreeBind=true
 BindIPv6Only=both
 FileDescriptorName=doh
-ListenStream=[::1]:443
-ListenStream=127.0.0.1:443
+ListenStream=[::1]:44353
+ListenStream=127.0.0.1:44353
 Service=kresd@1.service
 Slice=system-kresd.slice
 
-- 
2.47.2