GNU bug report logs - #30748
[PATCH] gnu: Add nsd.

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 30748 in the body.
You can then email your comments to 30748 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: Add nsd.
Date: Thu,  8 Mar 2018 09:20:50 +0100

* gnu/packages/dns.scm (nsd): New public variable.
---

Guix,

Have this two-year-old patch I found.

Kind regards,

T G-R

 gnu/packages/dns.scm | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index b0f6ddaec..b0649dc53 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -573,3 +573,71 @@ synthesis, and on-the-fly re-configuration.")
       license:lgpl2.0+              ; parts of scr/contrib/ucw
       license:public-domain         ; src/contrib/fnv and possibly murmurhash3
       license:gpl3+))))             ; everything else
+
+(define-public nsd
+  (package
+    (name "nsd")
+    (version "4.1.20")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://www.nlnetlabs.nl/downloads/"
+                           name "/" name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "04zph9zli3a0zx1sfphwbxx6f8whdxcjai6w0k7a565vgcfzd5wa"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libevent" ,libevent)
+       ("openssl" ,openssl)))
+    (arguments
+     `(#:configure-flags
+       (list "--enable-pie"             ; fully benefit from ASLR
+             "--enable-ratelimit"
+             "--enable-recvmmsg"
+             "--enable-relro-now"       ; protect GOT and .dtor areas
+             "--disable-radix-tree"
+             (string-append "--with-libevent="
+                            (assoc-ref %build-inputs "libevent"))
+             (string-append "--with-ssl="
+                            (assoc-ref %build-inputs "openssl"))
+             "--with-configdir=/etc"
+             "--with-nsd_conf_file=/etc/nsd/nsd.conf"
+             "--with-logfile=/var/log/nsd.log"
+             "--with-pidfile=/var/db/nsd/nsd.pid"
+             "--with-dbfile=/var/db/nsd/nsd.db"
+             "--with-zonesdir=/etc/nsd"
+             "--with-xfrdfile=/var/db/nsd/xfrd.state"
+             "--with-zonelistfile=/var/db/nsd/zone.list")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'patch-installation-paths
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (doc (string-append out "/share/doc/" ,name "-" ,version)))
+               (substitute* "Makefile.in"
+                 (((string-append ".*\\$\\(DESTDIR\\)\\$\\("
+                                  "(config|pid|xfr|db)dir"
+                                  "\\).*"))
+                  "")
+                 (("\\$\\(nsdconfigfile\\)\\.sample")
+                  (string-append doc "/examples/$(nsdconfigfile).sample")))
+               #t))))
+       #:tests? #f))                    ; no tests
+    (home-page "https://www.nlnetlabs.nl/projects/nsd/")
+    (synopsis "Authoritative DNS name server")
+    (description "@dfn{NSD}, short for Name Server Daemon, is an authoritative
+name server for the Domain Name System (@dfn{DNS}).  It aims to be a fast and
+RFC-compliant nameserver.
+
+NSD uses zone information compiled via @command{zonec} into a binary database
+file (@file{nsd.db}).  This allows fast startup of the name service daemon and
+allows syntax-structural errors in zone files to be flagged at compile time,
+before being made available to NSD service itself.  However, most traditional
+BIND-style zone files can be directly imported into NSD without modification.
+
+The collection of programs and processes that make up NSD are designed so that
+the daemon itself runs as a non-privileged user and can be easily configured to
+run in a @code{chroot} jail, thus making any security flaws in NSD less likely
+to result in system-wide compromise.")
+    (license (list license:bsd-3))))
-- 
2.15.1

Message #8 received at 30748 <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>, 30748 <at> debbugs.gnu.org
Subject: Re: [bug#30748] [PATCH] gnu: Add nsd.
Date: Sat, 10 Mar 2018 10:18:00 +0100

[Message part 1 (text/plain, inline)]

Tobias Geerinckx-Rice <me <at> tobias.gr> writes:

> * gnu/packages/dns.scm (nsd): New public variable.

[...]

> +         (add-before 'configure 'patch-installation-paths
> +           (lambda* (#:key outputs #:allow-other-keys)
> +             (let* ((out (assoc-ref outputs "out"))
> +                    (doc (string-append out "/share/doc/" ,name "-" ,version)))
> +               (substitute* "Makefile.in"
> +                 (((string-append ".*\\$\\(DESTDIR\\)\\$\\("
> +                                  "(config|pid|xfr|db)dir"
> +                                  "\\).*"))
> +                  "")

Can you add a comment about what's going on here?  Would setting
DESTDIR=(assoc-ref %outputs "out") in #:make-flags suffice?

Apart from that LGTM.

[signature.asc (application/pgp-signature, inline)]

Message #11 received at 30748 <at> debbugs.gnu.org (full text, mbox):

From: Danny Milosavljevic <dannym <at> scratchpost.org>
To: Marius Bakke <mbakke <at> fastmail.com>, Tobias Geerinckx-Rice <me <at> tobias.gr>
Cc: 30748 <at> debbugs.gnu.org
Subject: Re: [bug#30748] [PATCH] gnu: Add nsd.
Date: Mon, 12 Mar 2018 22:03:16 +0100

[Message part 1 (text/plain, inline)]

Hi Marius,
Hi Tobias,

> > +         (add-before 'configure 'patch-installation-paths
> > +           (lambda* (#:key outputs #:allow-other-keys)
> > +             (let* ((out (assoc-ref outputs "out"))
> > +                    (doc (string-append out "/share/doc/" ,name "-" ,version)))
> > +               (substitute* "Makefile.in"
> > +                 (((string-append ".*\\$\\(DESTDIR\\)\\$\\("
> > +                                  "(config|pid|xfr|db)dir"
> > +                                  "\\).*"))
> > +                  "")  
> 
> Can you add a comment about what's going on here?

I agree... I'm scratching my head here. The ".*" is particularily worrying.
Doesn't that mean it will replace all the installation lines by nothing in the end?

Does that install anything still? :)

So now I've downloaded the source tarball and checked.

By extreme obscurity :), this only matches the "install -d" lines which are
creating empty directories (empty because of the configure-flags).

>  Would setting
> DESTDIR=(assoc-ref %outputs "out") in #:make-flags suffice?

DESTDIR is for installing into a tempdir.  After that is done the system
is supposed to "mv $tempdir /" and the software is usually written *not*
to expect DESTDIR to be still here when it runs.  PREFIX is something
else and probably what you had in mind.

[Message part 2 (application/pgp-signature, inline)]

Message #14 received at 30748 <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Danny Milosavljevic <dannym <at> scratchpost.org>, Marius Bakke
 <mbakke <at> fastmail.com>
Cc: 30748 <at> debbugs.gnu.org
Subject: Re: [bug#30748] [PATCH] gnu: Add nsd.
Date: Mon, 12 Mar 2018 22:35:32 +0100

Danny,
Marius,

On 2018-03-12 22:03, Danny Milosavljevic wrote:
> Hi Marius,
> Hi Tobias,
> 
>> > +         (add-before 'configure 'patch-installation-paths
>> > +           (lambda* (#:key outputs #:allow-other-keys)
>> > +             (let* ((out (assoc-ref outputs "out"))
>> > +                    (doc (string-append out "/share/doc/" ,name "-" ,version)))
>> > +               (substitute* "Makefile.in"
>> > +                 (((string-append ".*\\$\\(DESTDIR\\)\\$\\("
>> > +                                  "(config|pid|xfr|db)dir"
>> > +                                  "\\).*"))
>> > +                  "")
>> 
>> Can you add a comment about what's going on here?
> 
> I agree... I'm scratching my head here. The ".*" is particularily 
> worrying.
> Doesn't that mean it will replace all the installation lines by
> nothing in the end?

Hmm? Well, the matching ones, yes...

I'd not call it ‘worrying’, since it does exactly what it should do, but 
you might want to have a word with 2016 Tobias about how ‘clever’ they 
think they're being.

Us less clever folks will just have to make do with a comment, indeed.

> Does that install anything still? :)
> 
> So now I've downloaded the source tarball and checked.
> 
> By extreme obscurity :), this only matches the "install -d" lines which 
> are
> creating empty directories (empty because of the configure-flags).

Obcurity by design :-)

>>  Would setting
>> DESTDIR=(assoc-ref %outputs "out") in #:make-flags suffice?
> 
> DESTDIR is for installing into a tempdir.  After that is done the 
> system
> is supposed to "mv $tempdir /" and the software is usually written 
> *not*
> to expect DESTDIR to be still here when it runs.  PREFIX is something
> else and probably what you had in mind.

Correct. DESTDIR is never the answer (unless, of course, it is).

Now, I think we can pretty safely credit my past self with knowing about 
PREFIX, so I suspect it wasn't as easy as just setting that. Or it's 
used incorrectly to look up data at run time, as some packages are wont 
to do, or something like that. I'll take a look when I get home; with 
extreme luck the problem I was solving there is no longer an issue in 
the current release.

Kind regards,

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.

Message #17 received at 30748 <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Marius Bakke <mbakke <at> fastmail.com>, dannym <at> scratchpost.org
Cc: 30748 <at> debbugs.gnu.org
Subject: Re: [bug#30748] [PATCH] gnu: Add nsd.
Date: Tue, 13 Mar 2018 03:06:59 +0100

Marius,
Danny,

So...

On 2018-03-10 10:18, Marius Bakke wrote:
> Tobias Geerinckx-Rice <me <at> tobias.gr> writes:
> 
>> * gnu/packages/dns.scm (nsd): New public variable.
> 
> [...]
> 
>> +         (add-before 'configure 'patch-installation-paths
>> +           (lambda* (#:key outputs #:allow-other-keys)
>> +             (let* ((out (assoc-ref outputs "out"))
>> +                    (doc (string-append out "/share/doc/" ,name "-" 
>> ,version)))
>> +               (substitute* "Makefile.in"
>> +                 (((string-append ".*\\$\\(DESTDIR\\)\\$\\("
>> +                                  "(config|pid|xfr|db)dir"
>> +                                  "\\).*"))
>> +                  "")

It's just a Makefile being very stupid. How boring :-(

It tries to create run-time systemy things like `dirname $pidfile` (from 
#:configure-flags), which it has no business doing, so we ask it not to 
by politely shooting it in the head.

> Can you add a comment about what's going on here?

Sure. If anyone has a cleaner fix or regex to match I'll gladly take it, 
but I'm done staring at metamake. Otherwise a comment paraphrasing the 
above will have to do.

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.

Message #22 received at 30748-done <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: 30748-done <at> debbugs.gnu.org
Subject: Re: [bug#30748] [PATCH] gnu: Add nsd.
Date: Thu, 04 Oct 2018 21:38:23 +0200

Guix,

I've pushed an updated NSD as 
7382ecd81859de878b22a6510b8262abe69d38bf. We're now one server 
(PowerDNS) away from having all major name servers in Guix, though 
not all have services.

Thanks for the reviews, Marius & Danny! I never understood what's 
obscure about the regex, but I tried to make it a bit more 
self-explanatory.

Kind regards,

T G-R

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.