GNU bug report logs - #68621
[PATCH 0/2] Provide default DNSSEC trust anchors for knot-resolver

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Reported by: Leo Nikkilä <hello@HIDDEN>; Keywords: patch; dated Sat, 20 Jan 2024 21:27:02 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.

Message received at 68621 <at> debbugs.gnu.org:

Received: (at 68621) by debbugs.gnu.org; 23 Apr 2024 18:34:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 23 14:34:20 2024
Received: from localhost ([127.0.0.1]:53713 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rzKyB-0001Jh-0x
	for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 14:34:20 -0400
Received: from [195.15.247.228] (port=24017 helo=rdmp.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzKxT-0000zG-CC
 for 68621 <at> debbugs.gnu.org; Tue, 23 Apr 2024 14:33:38 -0400
Received: from [127.0.0.1] (helo=[IPv6:::1])
 by rdmp.org with esmtp (Exim 4.96.1)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzKx5-0004JZ-0W
 for 68621 <at> debbugs.gnu.org; Tue, 23 Apr 2024 18:33:11 +0000
Message-ID: <41e6590d7cd82331d8782e71782de90f049015ac.camel@HIDDEN>
Subject: [PATCH v2 0/4]  Allow use of DNSSEC in knot-resolver service
From: Dale Mellor <guix-devel-0brg6a@HIDDEN>
To: 68621 <at> debbugs.gnu.org
Date: Tue, 23 Apr 2024 19:33:10 +0100
Organization: DM Bespoke Computer Solutions Ltd
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
User-Agent: Evolution 3.48.4 
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  As per previous messages. 
 Content analysis details:   (1.3 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Debbugs-Envelope-To: 68621
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.3 (/)

As per previous messages.

Information forwarded to guix-patches@HIDDEN:
bug#68621; Package guix-patches. Full text available.

Message received at 68621 <at> debbugs.gnu.org:

Received: (at 68621) by debbugs.gnu.org; 23 Apr 2024 16:14:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 23 12:14:33 2024
Received: from localhost ([127.0.0.1]:53062 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rzImu-0001om-4v
	for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:14:33 -0400
Received: from [195.15.247.228] (port=10638 helo=rdmp.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzImD-0001eK-3a
 for 68621 <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:13:56 -0400
Received: from [127.0.0.1] (helo=localhost.localdomain)
 by rdmp.org with esmtp (Exim 4.96.1)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzIlq-00047D-21;
 Tue, 23 Apr 2024 16:13:27 +0000
From: Dale Mellor <guix-devel-0brg6a@HIDDEN>
To: 68621 <at> debbugs.gnu.org
Subject: [PATCH v2 4/4] gnu: knot-resolver: version to 5.7.2
Date: Tue, 23 Apr 2024 17:12:26 +0100
Message-ID: <20240423161226.973140-4-guix-devel-0brg6a@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240120212542.17473-1-hello@HIDDEN>
References: <20240120212542.17473-1-hello@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Dale Mellor <black-hole@HIDDEN> *
 gnu/packages/dns.scm
 (knot-resolver): Version to 5.7.2. --- gnu/packages/dns.scm | 4 ++-- 1 file
 changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/dns.scm
 b/gnu/packages/dns.scm index bb86fd34f8..d8b3606f10 100644 ---
 a/gnu/packages/dns.scm
 +++ b/gnu/packages/dns.scm @@ -984,14 +984,14 @@ (define (move source target
 fil [...] 
 Content analysis details:   (1.3 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Debbugs-Envelope-To: 68621
Cc: Dale Mellor <black-hole@HIDDEN>, guix-patches@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.3 (/)

From: Dale Mellor <black-hole@HIDDEN>

  * gnu/packages/dns.scm (knot-resolver): Version to 5.7.2.
---
 gnu/packages/dns.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index bb86fd34f8..d8b3606f10 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -984,14 +984,14 @@ (define (move source target file)
 (define-public knot-resolver
   (package
     (name "knot-resolver")
-    (version "5.7.1")
+    (version "5.7.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://secure.nic.cz/files/knot-resolver/"
                                   "knot-resolver-" version ".tar.xz"))
               (sha256
                (base32
-                "18n3jh17d22xmzpg8syw2dm85vv7jchdc4hzk5x78lqxqqav856s"))))
+                "03wszdrx5wcd0gz9h4p0ggn67n59almnb2h2m38c5m7wj1rj4sjz"))))
     (build-system meson-build-system)
     (outputs '("out" "doc"))
     (arguments
-- 
2.41.0

Information forwarded to guix-patches@HIDDEN:
bug#68621; Package guix-patches. Full text available.

Message received at 68621 <at> debbugs.gnu.org:

Received: (at 68621) by debbugs.gnu.org; 23 Apr 2024 16:14:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 23 12:14:30 2024
Received: from localhost ([127.0.0.1]:53058 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rzImq-0001nu-Hq
	for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:14:30 -0400
Received: from [195.15.247.228] (port=53410 helo=rdmp.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzIm7-0001dN-E9
 for 68621 <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:13:45 -0400
Received: from [127.0.0.1] (helo=localhost.localdomain)
 by rdmp.org with esmtp (Exim 4.96.1)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzIlk-00047D-36;
 Tue, 23 Apr 2024 16:13:21 +0000
From: Dale Mellor <guix-devel-0brg6a@HIDDEN>
To: 68621 <at> debbugs.gnu.org
Subject: [PATCH v2 2/4] gnu: knot-resolver: Appease some guix lint complaints.
Date: Tue, 23 Apr 2024 17:12:24 +0100
Message-ID: <20240423161226.973140-2-guix-devel-0brg6a@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240120212542.17473-1-hello@HIDDEN>
References: <20240120212542.17473-1-hello@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Dale Mellor <black-hole@HIDDEN> *
 gnu/packages/dns.scm
 (knot-resolver): Add bash-minimal to inputs,
 re-label input items to 'lua5.1-bitop'
 and 'nghttp2:lib'. --- gnu/packages/dns.scm | 7 ++++--- 1 file changed, 4
 insertions(+), 3 d [...] 
 Content analysis details:   (1.3 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Debbugs-Envelope-To: 68621
Cc: Dale Mellor <black-hole@HIDDEN>, guix-patches@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.3 (/)

From: Dale Mellor <black-hole@HIDDEN>

  * gnu/packages/dns.scm (knot-resolver): Add bash-minimal to inputs, re-label
    input items to 'lua5.1-bitop' and 'nghttp2:lib'.
---
 gnu/packages/dns.scm | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 947a6e89ba..bb86fd34f8 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -1051,15 +1051,16 @@ (define-public knot-resolver
            python-sphinx-rtd-theme
            texinfo))
     (inputs
-     `(("fstrm" ,fstrm)
+     `(("bash-minimal" ,bash-minimal)
+       ("fstrm" ,fstrm)
        ("gnutls" ,gnutls)
        ("knot:lib" ,knot "lib")
        ("libuv" ,libuv)
        ("lmdb" ,lmdb)
        ("luajit" ,luajit)
        ;; TODO: Add optional lua modules: basexx and psl.
-       ("lua-bitop" ,lua5.1-bitop)
-       ("nghttp2" ,nghttp2 "lib")
+       ("lua5.1-bitop" ,lua5.1-bitop)
+       ("nghttp2:lib" ,nghttp2 "lib")
        ("python" ,python)))
     (home-page "https://www.knot-resolver.cz/")
     (synopsis "Caching validating DNS resolver")
-- 
2.41.0

Information forwarded to guix-patches@HIDDEN:
bug#68621; Package guix-patches. Full text available.

Message received at 68621 <at> debbugs.gnu.org:

Received: (at 68621) by debbugs.gnu.org; 23 Apr 2024 16:14:19 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 23 12:14:19 2024
Received: from localhost ([127.0.0.1]:53052 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rzImg-0001la-Bz
	for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:14:18 -0400
Received: from [195.15.247.228] (port=9898 helo=rdmp.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzImA-0001df-71
 for 68621 <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:13:48 -0400
Received: from [127.0.0.1] (helo=localhost.localdomain)
 by rdmp.org with esmtp (Exim 4.96.1)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzIln-00047D-2L;
 Tue, 23 Apr 2024 16:13:24 +0000
From: Dale Mellor <guix-devel-0brg6a@HIDDEN>
To: 68621 <at> debbugs.gnu.org
Subject: [PATCH v2 3/4] services: knot-resolver: Use default DNSSEC trust
 anchors.
Date: Tue, 23 Apr 2024 17:12:25 +0100
Message-ID: <20240423161226.973140-3-guix-devel-0brg6a@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240120212542.17473-1-hello@HIDDEN>
References: <20240120212542.17473-1-hello@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  From: Leo Nikkilä <hello@HIDDEN> * gnu/services/dns.scm
    (%kresd.conf): Use default anchors. (knot-resolver-activation): Install default
    anchors when missing. --- gnu/services/dns.scm | 17 +++++++++++++---- 1 file
    changed, 13 insertio [...] 
 
 Content analysis details:   (1.3 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
  1.3 RDNS_NONE              Delivered to internal network by a host with no rDNS
X-Debbugs-Envelope-To: 68621
Cc: =?UTF-8?q?Leo=20Nikkil=C3=A4?= <hello@HIDDEN>, guix-patches@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.3 (/)

From: Leo Nikkilä <hello@HIDDEN>

* gnu/services/dns.scm (%kresd.conf): Use default anchors.
(knot-resolver-activation): Install default anchors when missing.
---
 gnu/services/dns.scm | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm
index 6608046909..f83c5b6594 100644
--- a/gnu/services/dns.scm
+++ b/gnu/services/dns.scm
@@ -655,7 +655,6 @@ (define-record-type* <knot-resolver-configuration>
 
 (define %kresd.conf
   (plain-file "kresd.conf" "-- -*- mode: lua -*-
-trust_anchors.add_file('/var/cache/knot-resolver/root.keys')
 net = { '127.0.0.1', '::1' }
 user('knot-resolver', 'knot-resolver')
 modules = { 'hints > iterate', 'stats', 'predict' }
@@ -676,10 +675,20 @@ (define %knot-resolver-accounts
 (define (knot-resolver-activation config)
   #~(begin
       (use-modules (guix build utils))
-      (let ((rundir "/var/cache/knot-resolver")
-            (owner (getpwnam "knot-resolver")))
+      (let* ((rundir "/var/cache/knot-resolver")
+             (keyfile (string-append rundir "/root.keys"))
+             (owner (getpwnam "knot-resolver")))
         (mkdir-p rundir)
-        (chown rundir (passwd:uid owner) (passwd:gid owner)))))
+        (chown rundir (passwd:uid owner) (passwd:gid owner))
+
+        ;; Install initial trust anchors when missing.
+        (unless (file-exists? keyfile)
+          (copy-file #$(file-append (knot-resolver-configuration-package
+                                     config)
+                                    "/etc/knot-resolver/root.keys")
+                     keyfile)
+          (chown keyfile (passwd:uid owner) (passwd:gid owner))
+          (chmod keyfile #o755)))))
 
 (define knot-resolver-shepherd-services
   (match-lambda
-- 
2.41.0

Information forwarded to guix-patches@HIDDEN:
bug#68621; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 23 Apr 2024 16:14:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 23 12:14:32 2024
Received: from localhost ([127.0.0.1]:53060 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rzIms-0001o7-8I
	for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:14:32 -0400
Received: from lists.gnu.org ([2001:470:142::17]:37276)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzImG-0001f8-Au
 for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:13:55 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <guix-devel-0brg6a@HIDDEN>)
 id 1rzIlu-0002nK-8P
 for guix-patches@HIDDEN; Tue, 23 Apr 2024 12:13:30 -0400
Received: from [195.15.247.228] (helo=rdmp.org)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <guix-devel-0brg6a@HIDDEN>)
 id 1rzIls-0005kq-GL
 for guix-patches@HIDDEN; Tue, 23 Apr 2024 12:13:29 -0400
Received: from [127.0.0.1] (helo=localhost.localdomain)
 by rdmp.org with esmtp (Exim 4.96.1)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzIlq-00047D-21;
 Tue, 23 Apr 2024 16:13:27 +0000
From: Dale Mellor <guix-devel-0brg6a@HIDDEN>
To: 68621 <at> debbugs.gnu.org
Subject: [PATCH v2 4/4] gnu: knot-resolver: version to 5.7.2
Date: Tue, 23 Apr 2024 17:12:26 +0100
Message-ID: <20240423161226.973140-4-guix-devel-0brg6a@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240120212542.17473-1-hello@HIDDEN>
References: <20240120212542.17473-1-hello@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Host-Lookup-Failed: Reverse DNS lookup failed for 195.15.247.228 (failed)
Received-SPF: pass client-ip=195.15.247.228;
 envelope-from=guix-devel-0brg6a@HIDDEN; helo=rdmp.org
X-Spam_score_int: -10
X-Spam_score: -1.1
X-Spam_bar: -
X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, RDNS_NONE=0.793,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: submit
Cc: Dale Mellor <black-hole@HIDDEN>, guix-patches@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

From: Dale Mellor <black-hole@HIDDEN>

  * gnu/packages/dns.scm (knot-resolver): Version to 5.7.2.
---
 gnu/packages/dns.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index bb86fd34f8..d8b3606f10 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -984,14 +984,14 @@ (define (move source target file)
 (define-public knot-resolver
   (package
     (name "knot-resolver")
-    (version "5.7.1")
+    (version "5.7.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://secure.nic.cz/files/knot-resolver/"
                                   "knot-resolver-" version ".tar.xz"))
               (sha256
                (base32
-                "18n3jh17d22xmzpg8syw2dm85vv7jchdc4hzk5x78lqxqqav856s"))))
+                "03wszdrx5wcd0gz9h4p0ggn67n59almnb2h2m38c5m7wj1rj4sjz"))))
     (build-system meson-build-system)
     (outputs '("out" "doc"))
     (arguments
-- 
2.41.0

Information forwarded to guix-patches@HIDDEN:
bug#68621; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 23 Apr 2024 16:14:20 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 23 12:14:20 2024
Received: from localhost ([127.0.0.1]:53054 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rzImg-0001lq-Tx
	for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:14:20 -0400
Received: from lists.gnu.org ([2001:470:142::17]:40648)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzImC-0001eJ-UV
 for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:13:52 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <guix-devel-0brg6a@HIDDEN>)
 id 1rzIlq-0002n9-Uv
 for guix-patches@HIDDEN; Tue, 23 Apr 2024 12:13:26 -0400
Received: from [195.15.247.228] (helo=rdmp.org)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <guix-devel-0brg6a@HIDDEN>)
 id 1rzIlp-0005kB-Dn
 for guix-patches@HIDDEN; Tue, 23 Apr 2024 12:13:26 -0400
Received: from [127.0.0.1] (helo=localhost.localdomain)
 by rdmp.org with esmtp (Exim 4.96.1)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzIln-00047D-2L;
 Tue, 23 Apr 2024 16:13:24 +0000
From: Dale Mellor <guix-devel-0brg6a@HIDDEN>
To: 68621 <at> debbugs.gnu.org
Subject: [PATCH v2 3/4] services: knot-resolver: Use default DNSSEC trust
 anchors.
Date: Tue, 23 Apr 2024 17:12:25 +0100
Message-ID: <20240423161226.973140-3-guix-devel-0brg6a@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240120212542.17473-1-hello@HIDDEN>
References: <20240120212542.17473-1-hello@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Host-Lookup-Failed: Reverse DNS lookup failed for 195.15.247.228 (failed)
Received-SPF: pass client-ip=195.15.247.228;
 envelope-from=guix-devel-0brg6a@HIDDEN; helo=rdmp.org
X-Spam_score_int: -10
X-Spam_score: -1.1
X-Spam_bar: -
X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, RDNS_NONE=0.793,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: submit
Cc: =?UTF-8?q?Leo=20Nikkil=C3=A4?= <hello@HIDDEN>, guix-patches@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

From: Leo Nikkilä <hello@HIDDEN>

* gnu/services/dns.scm (%kresd.conf): Use default anchors.
(knot-resolver-activation): Install default anchors when missing.
---
 gnu/services/dns.scm | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm
index 6608046909..f83c5b6594 100644
--- a/gnu/services/dns.scm
+++ b/gnu/services/dns.scm
@@ -655,7 +655,6 @@ (define-record-type* <knot-resolver-configuration>
 
 (define %kresd.conf
   (plain-file "kresd.conf" "-- -*- mode: lua -*-
-trust_anchors.add_file('/var/cache/knot-resolver/root.keys')
 net = { '127.0.0.1', '::1' }
 user('knot-resolver', 'knot-resolver')
 modules = { 'hints > iterate', 'stats', 'predict' }
@@ -676,10 +675,20 @@ (define %knot-resolver-accounts
 (define (knot-resolver-activation config)
   #~(begin
       (use-modules (guix build utils))
-      (let ((rundir "/var/cache/knot-resolver")
-            (owner (getpwnam "knot-resolver")))
+      (let* ((rundir "/var/cache/knot-resolver")
+             (keyfile (string-append rundir "/root.keys"))
+             (owner (getpwnam "knot-resolver")))
         (mkdir-p rundir)
-        (chown rundir (passwd:uid owner) (passwd:gid owner)))))
+        (chown rundir (passwd:uid owner) (passwd:gid owner))
+
+        ;; Install initial trust anchors when missing.
+        (unless (file-exists? keyfile)
+          (copy-file #$(file-append (knot-resolver-configuration-package
+                                     config)
+                                    "/etc/knot-resolver/root.keys")
+                     keyfile)
+          (chown keyfile (passwd:uid owner) (passwd:gid owner))
+          (chmod keyfile #o755)))))
 
 (define knot-resolver-shepherd-services
   (match-lambda
-- 
2.41.0

Information forwarded to guix-patches@HIDDEN:
bug#68621; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 23 Apr 2024 16:14:18 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 23 12:14:18 2024
Received: from localhost ([127.0.0.1]:53050 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rzImf-0001lW-Sn
	for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:14:18 -0400
Received: from lists.gnu.org ([2001:470:142::17]:40636)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzImA-0001dl-ES
 for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:13:48 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <guix-devel-0brg6a@HIDDEN>)
 id 1rzIlo-0002ms-BY
 for guix-patches@HIDDEN; Tue, 23 Apr 2024 12:13:24 -0400
Received: from [195.15.247.228] (helo=rdmp.org)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <guix-devel-0brg6a@HIDDEN>)
 id 1rzIlm-0005ju-KF
 for guix-patches@HIDDEN; Tue, 23 Apr 2024 12:13:24 -0400
Received: from [127.0.0.1] (helo=localhost.localdomain)
 by rdmp.org with esmtp (Exim 4.96.1)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzIlk-00047D-36;
 Tue, 23 Apr 2024 16:13:21 +0000
From: Dale Mellor <guix-devel-0brg6a@HIDDEN>
To: 68621 <at> debbugs.gnu.org
Subject: [PATCH v2 2/4] gnu: knot-resolver: Appease some guix lint complaints.
Date: Tue, 23 Apr 2024 17:12:24 +0100
Message-ID: <20240423161226.973140-2-guix-devel-0brg6a@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240120212542.17473-1-hello@HIDDEN>
References: <20240120212542.17473-1-hello@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Host-Lookup-Failed: Reverse DNS lookup failed for 195.15.247.228 (failed)
Received-SPF: pass client-ip=195.15.247.228;
 envelope-from=guix-devel-0brg6a@HIDDEN; helo=rdmp.org
X-Spam_score_int: -10
X-Spam_score: -1.1
X-Spam_bar: -
X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, RDNS_NONE=0.793,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: submit
Cc: Dale Mellor <black-hole@HIDDEN>, guix-patches@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

From: Dale Mellor <black-hole@HIDDEN>

  * gnu/packages/dns.scm (knot-resolver): Add bash-minimal to inputs, re-label
    input items to 'lua5.1-bitop' and 'nghttp2:lib'.
---
 gnu/packages/dns.scm | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 947a6e89ba..bb86fd34f8 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -1051,15 +1051,16 @@ (define-public knot-resolver
            python-sphinx-rtd-theme
            texinfo))
     (inputs
-     `(("fstrm" ,fstrm)
+     `(("bash-minimal" ,bash-minimal)
+       ("fstrm" ,fstrm)
        ("gnutls" ,gnutls)
        ("knot:lib" ,knot "lib")
        ("libuv" ,libuv)
        ("lmdb" ,lmdb)
        ("luajit" ,luajit)
        ;; TODO: Add optional lua modules: basexx and psl.
-       ("lua-bitop" ,lua5.1-bitop)
-       ("nghttp2" ,nghttp2 "lib")
+       ("lua5.1-bitop" ,lua5.1-bitop)
+       ("nghttp2:lib" ,nghttp2 "lib")
        ("python" ,python)))
     (home-page "https://www.knot-resolver.cz/")
     (synopsis "Caching validating DNS resolver")
-- 
2.41.0

Information forwarded to guix-patches@HIDDEN:
bug#68621; Package guix-patches. Full text available.

Message received at 68621 <at> debbugs.gnu.org:

Received: (at 68621) by debbugs.gnu.org; 23 Apr 2024 16:13:37 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 23 12:13:37 2024
Received: from localhost ([127.0.0.1]:53035 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rzIm1-0001dG-7W
	for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:13:37 -0400
Received: from [195.15.247.228] (port=6094 helo=rdmp.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzIly-0001c4-KC
 for 68621 <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:13:36 -0400
Received: from [127.0.0.1] (helo=localhost.localdomain)
 by rdmp.org with esmtp (Exim 4.96.1)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzIlb-00047D-2z;
 Tue, 23 Apr 2024 16:13:12 +0000
From: Dale Mellor <guix-devel-0brg6a@HIDDEN>
To: 68621 <at> debbugs.gnu.org
Subject: [PATCH v2 1/4] gnu: knot-resolver: Re-enable default DNSSEC trust
 anchors.
Date: Tue, 23 Apr 2024 17:12:23 +0100
Message-ID: <20240423161226.973140-1-guix-devel-0brg6a@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240120212542.17473-1-hello@HIDDEN>
References: <20240120212542.17473-1-hello@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  From: Leo Nikkilä <hello@HIDDEN> * gnu/packages/dns.scm
    (knot-resolver) [#:configure-flags]: Configure root keys and managed TA.
   [#:phases] Remove `'disable-default-ta', add `'install-root-keys'. --- gnu/packages/dns.scm
    | 20 +++++++ [...] 
 
 Content analysis details:   (1.3 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
  1.3 RDNS_NONE              Delivered to internal network by a host with no rDNS
X-Debbugs-Envelope-To: 68621
Cc: =?UTF-8?q?Leo=20Nikkil=C3=A4?= <hello@HIDDEN>, guix-patches@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.3 (/)

From: Leo Nikkilä <hello@HIDDEN>

* gnu/packages/dns.scm (knot-resolver) [#:configure-flags]: Configure
root keys and managed TA.
[#:phases] Remove `'disable-default-ta', add `'install-root-keys'.
---
 gnu/packages/dns.scm | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 36d3eb8b7e..947a6e89ba 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -995,15 +995,13 @@ (define-public knot-resolver
     (build-system meson-build-system)
     (outputs '("out" "doc"))
     (arguments
-     '(#:configure-flags '("-Ddoc=enabled")
+     `(#:configure-flags
+       '("-Ddoc=enabled"
+         "-Dinstall_root_keys=disabled" ; installed manually outside store
+         "-Dkeyfile_default=/var/cache/knot-resolver/root.keys"
+         "-Dmanaged_ta=enabled")
        #:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'disable-default-ta
-           (lambda _
-             ;;  Disable the default managed root TA, since we don't have
-             ;;  write access to the keyfile and its directory in store.
-             (substitute* "daemon/lua/sandbox.lua.in"
-               (("^trust_anchors\\.add_file.*") ""))))
          (add-after 'build 'build-doc
            (lambda _
              (invoke "ninja" "doc")))
@@ -1021,6 +1019,14 @@ (define-public knot-resolver
                 '("doc/knot-resolver/examples"
                   "doc/knot-resolver/html"
                   "info")))))
+         (add-after 'install 'install-root-keys
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((dir (string-append (assoc-ref outputs "out")
+                                       "/etc/knot-resolver")))
+               (mkdir-p dir)
+               (install-file (string-append "../knot-resolver-" ,version
+                                            "/etc/root.keys")
+                             dir))))
          (add-after 'install 'wrap-binary
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
-- 
2.41.0

Information forwarded to guix-patches@HIDDEN:
bug#68621; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 23 Apr 2024 16:13:45 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 23 12:13:44 2024
Received: from localhost ([127.0.0.1]:53038 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rzIm6-0001e0-Ij
	for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:13:44 -0400
Received: from lists.gnu.org ([2001:470:142::17]:49298)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzIm3-0001d6-UJ
 for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:13:41 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <guix-devel-0brg6a@HIDDEN>)
 id 1rzIlh-0002mK-HR
 for guix-patches@HIDDEN; Tue, 23 Apr 2024 12:13:17 -0400
Received: from [195.15.247.228] (helo=rdmp.org)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <guix-devel-0brg6a@HIDDEN>)
 id 1rzIlf-0005ik-ML
 for guix-patches@HIDDEN; Tue, 23 Apr 2024 12:13:17 -0400
Received: from [127.0.0.1] (helo=localhost.localdomain)
 by rdmp.org with esmtp (Exim 4.96.1)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzIlb-00047D-2z;
 Tue, 23 Apr 2024 16:13:12 +0000
From: Dale Mellor <guix-devel-0brg6a@HIDDEN>
To: 68621 <at> debbugs.gnu.org
Subject: [PATCH v2 1/4] gnu: knot-resolver: Re-enable default DNSSEC trust
 anchors.
Date: Tue, 23 Apr 2024 17:12:23 +0100
Message-ID: <20240423161226.973140-1-guix-devel-0brg6a@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240120212542.17473-1-hello@HIDDEN>
References: <20240120212542.17473-1-hello@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Host-Lookup-Failed: Reverse DNS lookup failed for 195.15.247.228 (failed)
Received-SPF: pass client-ip=195.15.247.228;
 envelope-from=guix-devel-0brg6a@HIDDEN; helo=rdmp.org
X-Spam_score_int: -10
X-Spam_score: -1.1
X-Spam_bar: -
X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, RDNS_NONE=0.793,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: submit
Cc: =?UTF-8?q?Leo=20Nikkil=C3=A4?= <hello@HIDDEN>, guix-patches@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

From: Leo Nikkilä <hello@HIDDEN>

* gnu/packages/dns.scm (knot-resolver) [#:configure-flags]: Configure
root keys and managed TA.
[#:phases] Remove `'disable-default-ta', add `'install-root-keys'.
---
 gnu/packages/dns.scm | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 36d3eb8b7e..947a6e89ba 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -995,15 +995,13 @@ (define-public knot-resolver
     (build-system meson-build-system)
     (outputs '("out" "doc"))
     (arguments
-     '(#:configure-flags '("-Ddoc=enabled")
+     `(#:configure-flags
+       '("-Ddoc=enabled"
+         "-Dinstall_root_keys=disabled" ; installed manually outside store
+         "-Dkeyfile_default=/var/cache/knot-resolver/root.keys"
+         "-Dmanaged_ta=enabled")
        #:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'disable-default-ta
-           (lambda _
-             ;;  Disable the default managed root TA, since we don't have
-             ;;  write access to the keyfile and its directory in store.
-             (substitute* "daemon/lua/sandbox.lua.in"
-               (("^trust_anchors\\.add_file.*") ""))))
          (add-after 'build 'build-doc
            (lambda _
              (invoke "ninja" "doc")))
@@ -1021,6 +1019,14 @@ (define-public knot-resolver
                 '("doc/knot-resolver/examples"
                   "doc/knot-resolver/html"
                   "info")))))
+         (add-after 'install 'install-root-keys
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((dir (string-append (assoc-ref outputs "out")
+                                       "/etc/knot-resolver")))
+               (mkdir-p dir)
+               (install-file (string-append "../knot-resolver-" ,version
+                                            "/etc/root.keys")
+                             dir))))
          (add-after 'install 'wrap-binary
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
-- 
2.41.0

Information forwarded to guix-patches@HIDDEN:
bug#68621; Package guix-patches. Full text available.

Message received at 68621 <at> debbugs.gnu.org:

Received: (at 68621) by debbugs.gnu.org; 23 Apr 2024 16:02:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 23 12:02:41 2024
Received: from localhost ([127.0.0.1]:52961 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rzIbP-00084Y-8n
	for submit <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:02:40 -0400
Received: from [195.15.247.228] (port=1179 helo=rdmp.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzIZ0-0007eF-8E
 for 68621 <at> debbugs.gnu.org; Tue, 23 Apr 2024 12:00:13 -0400
Received: from [127.0.0.1] (helo=[IPv6:::1])
 by rdmp.org with esmtp (Exim 4.96.1)
 (envelope-from <guix-devel-0brg6a@HIDDEN>) id 1rzIYc-00046v-0I
 for 68621 <at> debbugs.gnu.org; Tue, 23 Apr 2024 15:59:46 +0000
Message-ID: <fad6df9ef4070589d84834ab60d26da71d2296bf.camel@HIDDEN>
Subject: Consolidating patches under this one issue number
From: Dale Mellor <"	guix-devel-0brg6a"@rdmp.org>
To: 68621 <at> debbugs.gnu.org
Date: Tue, 23 Apr 2024 16:59:45 +0100
Organization: DM Bespoke Computer Solutions Ltd
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.48.4 
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: The patches that follow are: * two patches which were
 originally
 supposed to accompany this issue * a fix to quieten some guix lint warnings
 * a package version micro-bump, to 5.7.2. 
 Content analysis details:   (1.3 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
 0.0 FROM_ADDR_WS           Malformed From address
X-Debbugs-Envelope-To: 68621
X-Mailman-Approved-At: Tue, 23 Apr 2024 12:02:37 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.3 (/)

The patches that follow are:
  * two patches which were originally supposed to accompany this issue
  * a fix to quieten some guix lint warnings
  * a package version micro-bump, to 5.7.2.

Information forwarded to guix-patches@HIDDEN:
bug#68621; Package guix-patches. Full text available.

Message received at 68621 <at> debbugs.gnu.org:

Received: (at 68621) by debbugs.gnu.org; 20 Jan 2024 21:38:07 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jan 20 16:38:07 2024
Received: from localhost ([127.0.0.1]:36000 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rRJ2U-0000KT-JW
	for submit <at> debbugs.gnu.org; Sat, 20 Jan 2024 16:38:06 -0500
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:58623)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <hello@HIDDEN>) id 1rRJ2R-0000Jx-Pg
 for 68621 <at> debbugs.gnu.org; Sat, 20 Jan 2024 16:38:05 -0500
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
 by mailout.nyi.internal (Postfix) with ESMTP id 95E895C00BE
 for <68621 <at> debbugs.gnu.org>; Sat, 20 Jan 2024 16:37:55 -0500 (EST)
Received: from imap43 ([10.202.2.93])
 by compute6.internal (MEProxy); Sat, 20 Jan 2024 16:37:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lnikki.la; h=cc
 :content-type:content-type:date:date:from:from:in-reply-to
 :message-id:mime-version:reply-to:subject:subject:to:to; s=fm1;
 t=1705786675; x=1705873075; bh=pjMQBQPWQUn7wCqJwl5/ALiBXdso8KJL
 84QWY0q45/c=; b=n2Q8sFqaztacuBPxrALLKZFzGkjxztfJT8NuJn99+XZNnPvP
 8FeHD3pRLFJ8Xr9rttm0bDgYsVqRaaATawjKbb244cNh9D2VhsmQifdQokXLnvDo
 63bJGeUpBiEG59R8qgGF+1NepqFoqn0RA1P8DHtlO4wsZlynBavhJRv8DDk2W+tG
 BvojotzkMV80G8l4C91OvhGWdwlGDGpPmy/iDYtgZ453mya7TUVrdUlYkMY/EGp4
 eQe2ENfM93x5eH3GJxmMzK93w9lfHi0gCMQhUNvZzssxZNkQcvmEI9pVV2W07Pcz
 PW18pWDCw+ltADWo8+8QP9S0ux2oCIx4EoGSAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:content-type:date:date
 :feedback-id:feedback-id:from:from:in-reply-to:message-id
 :mime-version:reply-to:subject:subject:to:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=
 1705786675; x=1705873075; bh=pjMQBQPWQUn7wCqJwl5/ALiBXdso8KJL84Q
 WY0q45/c=; b=eBJaUXZ8+F0qbWQG/VF9VOnach64FZgfNsbH5vCbn/sZzs3oiId
 u6oshSAJC/u+/iFXMl1pehHvqIXgRczCL9ul4eSBYj2uK9QxeQeora5J/aOXvTKi
 PrelERiuq+SUbjOpnS/EONS9LI0r1TeW99iJgFhMd/0ygLQpLra+Ndfo1KFzfFA4
 g7mBIepKIUQyWLYWFrWmbhTGVkWJsTeP3ujxYENufUTsC/7h1/p1J40Cnxa/ljs3
 sFhp0JFPeZm2MotrNomym8IwUSkcRZvQU3g4tJ1VhRE02RuD6OMQmp8rDfK5XiXq
 frlqwG3aWTgK+0u3de0E9FYwImBoeDSO6uA==
X-ME-Sender: <xms:Mz2sZZ28JHMNR69Lxj46trw3meUd8jG7pbwSmKTNjivdFZ2vI4unFA>
 <xme:Mz2sZQF5y1aZ-nQvapjSQjV9sL4fTxuqwYqnfQLjUgZNJYryoPAkhETAOyWV6fFEv
 SlZYXhwC4aCQQW68hQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdekvddgudehfecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesthdtre
 dtreerjeenucfhrhhomhepnfgvohcupfhikhhkihhlmocuoehhvghllhhosehlnhhikhhk
 ihdrlhgrqeenucggtffrrghtthgvrhhnpeetffejjedvgeekgffhiefhhfeggffhfeehhf
 ehffdvkeeuhfeiuedvudefueeutdenucffohhmrghinhepnhhitgdrtgiinecuvehluhhs
 thgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhgvlhhloheslhhnih
 hkkhhirdhlrg
X-ME-Proxy: <xmx:Mz2sZZ7DpSXNGg3Ax622FqF2_NSAxtk59K6ueyQSt-Iy3_B5gAMyuQ>
 <xmx:Mz2sZW2q35MS8-xKrN2a2T3n3EaJy4Pj-361GtYH6dOH1RyQ6UDyMg>
 <xmx:Mz2sZcFCGchD7IoMuDXuPIYpLar-1MVoZyCxWN3lvSPRV3_-q9BKEw>
 <xmx:Mz2sZQCF35WlNfH3SwVJkI7S3PhDcQxH39T2vKw1kKAOfHkP3hhTWQ>
Feedback-ID: i41f146a7:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
 id 57D902D40087; Sat, 20 Jan 2024 16:37:55 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-1374-gc37f3abe3d-fm-20240102.001-gc37f3abe
MIME-Version: 1.0
Message-Id: <55e61c14-1737-4252-bd4a-72cefc51c964@HIDDEN>
Date: Sat, 20 Jan 2024 23:37:35 +0200
From: =?UTF-8?Q?Leo_Nikkil=C3=A4?= <hello@HIDDEN>
To: 68621 <at> debbugs.gnu.org
Subject: Re: [PATCH 0/2] Provide default DNSSEC trust anchors for knot-resolver
Content-Type: text/plain
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 68621
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Forgot to mention, but this is more or less what was done for the upstream RPM package, see:

https://gitlab.nic.cz/knot/knot-resolver/-/issues/513
https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/888/diffs

Information forwarded to guix-patches@HIDDEN:
bug#68621; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 20 Jan 2024 21:26:40 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jan 20 16:26:40 2024
Received: from localhost ([127.0.0.1]:35982 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rRIrQ-0008RM-BY
	for submit <at> debbugs.gnu.org; Sat, 20 Jan 2024 16:26:40 -0500
Received: from lists.gnu.org ([2001:470:142::17]:57956)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <hello@HIDDEN>) id 1rRIrM-0008Qk-AB
 for submit <at> debbugs.gnu.org; Sat, 20 Jan 2024 16:26:37 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <hello@HIDDEN>) id 1rRIr5-00009g-4y
 for guix-patches@HIDDEN; Sat, 20 Jan 2024 16:26:21 -0500
Received: from out1-smtp.messagingengine.com ([66.111.4.25])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <hello@HIDDEN>) id 1rRIr3-00009B-33
 for guix-patches@HIDDEN; Sat, 20 Jan 2024 16:26:18 -0500
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
 by mailout.nyi.internal (Postfix) with ESMTP id 1FA3C5C00A6;
 Sat, 20 Jan 2024 16:26:13 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
 by compute2.internal (MEProxy); Sat, 20 Jan 2024 16:26:13 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lnikki.la; h=cc
 :cc:content-transfer-encoding:content-type:content-type:date
 :date:from:from:in-reply-to:message-id:mime-version:reply-to
 :subject:subject:to:to; s=fm1; t=1705785973; x=1705872373; bh=IJ
 VC0an6Z4ae0TjMKVkaMAp3A805UexkcMP/7RrpD5w=; b=OWDEyWVzXmgVDE8JN1
 FDjX1JIvoO9ivx6t0NQoP/e31/9sTNBG0xQya7tz2P8P0ONCWV+nkzlsVBpsjqKn
 vIPgExjvT3lRwlIkpyOL6nony4FWTPI+9KbMT9XF5lNqXRrMII8VW6WHUNeWamb4
 MYfGK/NK/7IKjYIA+CGsxOpUuNnVr0tLVQyEJ7sxF1QUQ0dmuGJljZNINOrdjRzG
 9O1kAo7X+bhbIlZk2A1NmyOEV3m2h4zi3H8JzNQVYkeK4Ncf7xgfNEBK/oL95Pqk
 +hhlXVO1t3jd5k/hlJN4RfTtYitU/4z3Gq91+G8TjATODU0+0eJefcM15G1YfrM2
 rvWw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:content-type:date:date:feedback-id:feedback-id
 :from:from:in-reply-to:message-id:mime-version:reply-to:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm3; t=1705785973; x=1705872373; bh=IJVC0an6Z4ae0
 TjMKVkaMAp3A805UexkcMP/7RrpD5w=; b=w5jo03pK1rOfmikn98gUGpdPt1Ouc
 f5KqAAO824hDRh8MiVlv6rtQyCRMdN6aUXo9M5Smkf266z8Fogug8aXXFPEJh6Fs
 vxkVmt2gv26pg2OHnDCO0ZLcJqrf39SY6mfaFQKSPcnTWR4faX23SiDTb44kFVao
 3OwRvTJnNBAiD5iveWpfwisxu3YYS33llDh+MFo2bf7E/QNNhTTvGGm04RPLrHDb
 qQCVcsjrUiN3xDqV0GHoN3cSK5mJY7mQoxSOdnVIcVMvmXjBr+jufW6CE4Yp+U53
 p7V9A9I/v28dGHXtGzDQAkW2fSQScMjiR15OqO4F8FUuixfyN7vjMhjdQ==
X-ME-Sender: <xms:dDqsZTJQmkk__mM52stfTb8XKva1OK50CJi1MDwJvskr-G5vyU5x_Q>
 <xme:dDqsZXItz4znI-ZRKUIdHqIKlH8mZYveXdhDHqIsC1VYwdZoDv2adC1NiYwdjrloh
 AtMsSzp9rgt_-rYx7s>
X-ME-Received: <xmr:dDqsZbsdg89yPneUansy9CzzhGgFhgrgtQVeIhLzYSddkh8KjLE4OAoaUyD0ZWFReLQho2JB6FyQj9651xObiBOZbp5qAkXPZz8>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdekvddgudehudcutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofggtgfgsehtke
 ertdertdejnecuhfhrohhmpefnvghoucfpihhkkhhilhomuceohhgvlhhloheslhhnihhk
 khhirdhlrgeqnecuggftrfgrthhtvghrnhepvdejfeejuefffeeiuedvleetkeettdefje
 elfeevvdeffeehgeduvedufefgheeinecuffhomhgrihhnpehrvggrughthhgvughotghs
 rdhiohenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe
 hhvghllhhosehlnhhikhhkihdrlhgr
X-ME-Proxy: <xmx:dDqsZcYW0f7Xn5aR-lWn1RHN3YNAZTwv2PyMg5wB8WpmO1xPIlwF7w>
 <xmx:dDqsZaZaSEiBZ2OiC-fsuGA0A0EpQq7guBLKxOfaCHXdVVnA3bNwnw>
 <xmx:dDqsZQBZLs5lr0KsMVE9ushRj6uXNSMP4JPFqB8MP_wcis53u7nNng>
 <xmx:dTqsZRytbe176_zUFuLUTtkjjm-cSi4sEKV-d_uiQQ7gGsEitqRe0w>
Feedback-ID: i41f146a7:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat,
 20 Jan 2024 16:26:12 -0500 (EST)
From: =?utf-8?Q?Leo=20Nikkil=C3=A4?= <hello@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH 0/2] Provide default DNSSEC trust anchors for knot-resolver
Date: Sat, 20 Jan 2024 23:23:42 +0200
Message-ID: <20240120212542.17473-1-hello@HIDDEN>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=66.111.4.25; envelope-from=hello@HIDDEN;
 helo=out1-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: submit
Cc: =?UTF-8?q?Leo=20Nikkil=C3=A4?= <hello@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

The default DNSSEC trust anchors for knot-resolver are currently
disabled through a build phase, but configured when you use the default
kresd.conf file provided by Guix.

If you write your own configuration, you might expect kresd to have
DNSSEC enabled by default since this is what upstream does [1]. On Guix,
DNSSEC is disabled unless you provide the same custom path in your own
configuration and install the file into the appropriate location.

This set updates the package to be built with the correct path as the
default, and the service to use that path and install the default trust
anchors at activation time when missing.

[1]: https://knot-resolver.readthedocs.io/en/stable/config-dnssec.html

Leo Nikkilä (2):
  gnu: knot-resolver: Re-enable default DNSSEC trust anchors.
  services: knot-resolver: Use default DNSSEC trust anchors.

 gnu/packages/dns.scm | 20 +++++++++++++-------
 gnu/services/dns.scm | 17 +++++++++++++----
 2 files changed, 26 insertions(+), 11 deletions(-)


base-commit: 9072f27f5d3514be22c6af208f2ad56ef4e112f4
-- 
2.41.0

Acknowledgement sent to Leo Nikkilä <hello@HIDDEN>:
New bug report received and forwarded. Copy sent to guix-patches@HIDDEN. Full text available.

Report forwarded to guix-patches@HIDDEN:
bug#68621; Package guix-patches. Full text available.

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Last modified: Tue, 23 Apr 2024 18:30:04 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.