From: Tomas Krizek Date: Fri, 25 Jan 2019 13:16:48 +0000 (+0100) Subject: meson: add option keyfile_default X-Git-Tag: v4.0.0~24^2~238 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4b3ac5d78f6d1f0ab7e925a595069ea53e27f8be;p=thirdparty%2Fknot-resolver.git meson: add option keyfile_default --- diff --git a/daemon/README.rst b/daemon/README.rst index 12f3ea424..765d2abdc 100644 --- a/daemon/README.rst +++ b/daemon/README.rst @@ -421,9 +421,9 @@ Trust anchors and DNSSEC [ ta ] key: 19036 state: Valid -.. envvar:: trust_anchors.keyfile_default = KEYFILE_DEFAULT +.. envvar:: trust_anchors.keyfile_default = keyfile_default - Set by ``KEYFILE_DEFAULT`` during compilation (by default ``nil``). This can be explicitly + Set by ``keyfile_default`` option during compilation (by default ``nil``). This can be explicitly set to ``nil`` to override the value set during compilation in order to disable DNSSEC. .. envvar:: trust_anchors.hold_down_time = 30 * day diff --git a/daemon/cache.test/clear.test.lua b/daemon/cache.test/clear.test.lua index 473103bab..e7e96fd81 100644 --- a/daemon/cache.test/clear.test.lua +++ b/daemon/cache.test/clear.test.lua @@ -31,7 +31,7 @@ event.cancel(ev) ev = event.after(0, function () return 1 end) --- Import fake root zone; avoid interference with configured KEYFILE_DEFAULT. +-- Import fake root zone; avoid interference with configured keyfile_default. trust_anchors.keyfile_default = nil trust_anchors.add('. IN DS 48409 8 2 3D63A0C25BCE86621DE63636F11B35B908EFE8E9381E0E3E9DEFD89EA952C27D') diff --git a/daemon/lua/meson.build b/daemon/lua/meson.build index 07259d741..d891440e0 100644 --- a/daemon/lua/meson.build +++ b/daemon/lua/meson.build @@ -1,11 +1,19 @@ lua_modules_daemon = [ 'kres', 'kres-gen', - #'trust_anchors', # TODO + 'trust_anchors', 'zonefile', ] +# trust_anchors.lua +configure_file( + input: 'trust_anchors.lua.in', + output: 'trust_anchors.lua', + configuration: config +) + + # install lua modules foreach mod : lua_modules_daemon install_data( diff --git a/daemon/lua/trust_anchors.lua.in b/daemon/lua/trust_anchors.lua.in index fdeb14363..6fe8d4775 100644 --- a/daemon/lua/trust_anchors.lua.in +++ b/daemon/lua/trust_anchors.lua.in @@ -624,7 +624,7 @@ trust_anchors = { bootstrap_url = 'https://data.iana.org/root-anchors/root-anchors.xml', bootstrap_ca = '@ETCDIR@/icann-ca.pem', -- change empty string to nil - keyfile_default = ('@KEYFILE_DEFAULT@' ~= '' and '@KEYFILE_DEFAULT@') or nil, + keyfile_default = ('@keyfile_default@' ~= '' and '@keyfile_default@') or nil, -- Load keys from a file, 5011-managed by default. -- If managed and the file doesn't exist, try bootstrapping the root into it. diff --git a/daemon/lua/trust_anchors.test/bootstrap.test.lua b/daemon/lua/trust_anchors.test/bootstrap.test.lua index 0fad935a1..12b6cc304 100644 --- a/daemon/lua/trust_anchors.test/bootstrap.test.lua +++ b/daemon/lua/trust_anchors.test/bootstrap.test.lua @@ -59,7 +59,7 @@ local function wait_for_webserver() end local host = 'https://localhost:8080/' --- avoid interference with configured KEYFILE_DEFAULT +-- avoid interference with configured keyfile_default trust_anchors.keyfile_default = nil local function test_err_cert() diff --git a/doc/build.rst b/doc/build.rst index 4cf427457..c7e6e0294 100644 --- a/doc/build.rst +++ b/doc/build.rst @@ -195,12 +195,12 @@ All paths are prefixed with ``PREFIX`` variable by default if not specified othe "daemon", "``SBINDIR``", "``$(PREFIX)/sbin``", "" "configuration", "``ETCDIR``", "``$(PREFIX)/etc/knot-resolver``", "Configuration file, templates." "modules", "``MODULEDIR``", "``$(LIBDIR)/kdns_modules``", "Runtime directory for loading dynamic modules [#]_." - "trust anchor file", "``KEYFILE_DEFAULT``", "*(none)*", "Path to read-only trust anchor file, which is used as fallback when no other file is specified. [#]_" + "trust anchor file", "``keyfile_default``", "*(none)*", "Path to read-only trust anchor file, which is used as fallback when no other file is specified. [#]_" "work directory", "", "the current directory", "Run directory for daemon. (Only relevant during run time, not e.g. during installation.)" .. [#] The ``libkres.pc`` is installed in ``$(LIBDIR)/pkgconfig``. .. [#] The default moduledir can be changed with `-m` option to `kresd` daemon or by calling `moduledir()` function from lua. -.. [#] If no other trust anchor is specified by user, the compiled-in path ``KEYFILE_DEFAULT`` must contain a valid trust anchor. This is typically used by distributions which provide DNSSEC root trust anchors as part of distribution package. Users can disable the built-in trust anchor by adding ``trust_anchors.keyfile_default = nil`` to their configuration. +.. [#] If no other trust anchor is specified by user, the compiled-in path ``keyfile_default`` must contain a valid trust anchor. This is typically used by distributions which provide DNSSEC root trust anchors as part of distribution package. Users can disable the built-in trust anchor by adding ``trust_anchors.keyfile_default = nil`` to their configuration. .. note:: Each module is self-contained and may install additional bundled files within ``$(MODULEDIR)/$(modulename)``. These files should be read-only, non-executable. diff --git a/doc/kresd.8.in b/doc/kresd.8.in index 0fa8cc95d..a9921f2ea 100644 --- a/doc/kresd.8.in +++ b/doc/kresd.8.in @@ -136,7 +136,7 @@ and is compatible with Unbound and BIND 9 root key files. .B \-K\fI keyfile\fR, \fB\-\-keyfile\-ro=\fI (Discouraged) Static root trust anchors file. The file is not updated by kresd. Use of this option is discouraged because it will break your installation when the trust anchor key changes! -Default: "@KEYFILE_DEFAULT@" (can be empty if your distribution did not provide one) +Default: "@keyfile_default@" (can be empty if your distribution did not provide one) .TP .B \-m\fI path\fR, \fB\-\-moduledir=\fI Override the directory that is searched for modules. Default: @MODULEDIR@ diff --git a/meson.build b/meson.build index 6fb958e7a..734d7c974 100644 --- a/meson.build +++ b/meson.build @@ -17,6 +17,8 @@ message('modules_dir: ' + modules_dir) etc_dir = join_paths(get_option('prefix'), get_option('sysconfdir'), 'knot-resolver') +config = configuration_data() +config.set('keyfile_default', get_option('keyfile_default')) # Project-wide dependencies diff --git a/meson_options.txt b/meson_options.txt index 2580a5d74..037062bac 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -2,3 +2,4 @@ option('cookies', type: 'boolean', value: false, description: 'Support for DNS C option('client', type : 'boolean', value : true, description: 'kresc client binary') option('daemon', type: 'boolean', value: true, description: 'kresd daemon binary') option('modules_dir', type: 'string', description: 'path to kres modules directory') +option('keyfile_default', type: 'string', description: 'path to trust anchors file') diff --git a/tests/config/keyfile/nonexist_keyfile1.test.lua b/tests/config/keyfile/nonexist_keyfile1.test.lua index be73f32f4..332919dab 100644 --- a/tests/config/keyfile/nonexist_keyfile1.test.lua +++ b/tests/config/keyfile/nonexist_keyfile1.test.lua @@ -1,2 +1,2 @@ --- simulate building without KEYFILE_DEFAULT +-- simulate building without keyfile_default trust_anchors.keyfile_default = nil diff --git a/tests/config/keyfile/nonexist_keyfile2.test.lua b/tests/config/keyfile/nonexist_keyfile2.test.lua index bb2f98bf1..6d4fa8fce 100644 --- a/tests/config/keyfile/nonexist_keyfile2.test.lua +++ b/tests/config/keyfile/nonexist_keyfile2.test.lua @@ -1,2 +1,2 @@ --- simulate building with KEYFILE_DEFAULT +-- simulate building with keyfile_default trust_anchors.keyfile_default = "root1.keys"