diff mbox series

[v2,1/1] unbound: new package

Message ID 20180113222651.22755-1-stefan.froberg@petroprogram.com
State Changes Requested
Headers show
Series [v2,1/1] unbound: new package | expand

Commit Message

Stefan Fröberg Jan. 13, 2018, 10:26 p.m. UTC 
Unbound: validating, recursive & caching DNS resolver with
DNSSEC, QNAME minimisation, DNSCrypt and DNS-over-TLS support.

Signed-off-by: Stefan Fröberg <stefan.froberg@petroprogram.com>
---

Changes v1 -> v2:

- Fixed license to BSD-3-Clause (by Bernd Kuhls)
- Fixed DNSCrypt handling (by Bernd Kuhls)
- Use "select BR2_PACKAGE_OPENSSL" (by Bernd Kuhls)
- Added "--with-ssl=$(STAGING_DIR)/usr" (by Bernd Kuhls)
- Use "BR2_TOOLCHAIN_USES_UCLIBC" (by Bernd Kuhls)

 DEVELOPERS                   |  1 +
 package/Config.in            |  1 +
 package/unbound/Config.in    | 37 ++++++++++++++++++++++++++++++++
 package/unbound/unbound.hash |  3 +++
 package/unbound/unbound.mk   | 51 ++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 93 insertions(+)
 create mode 100644 package/unbound/Config.in
 create mode 100644 package/unbound/unbound.hash
 create mode 100644 package/unbound/unbound.mk

Comments

Bernd Kuhls Jan. 13, 2018, 11:11 p.m. UTC | #1 
Am Sun, 14 Jan 2018 00:26:51 +0200 schrieb Stefan Fröberg:

> Unbound: validating, recursive & caching DNS resolver with
> DNSSEC, QNAME minimisation, DNSCrypt and DNS-over-TLS support.
> 
> Signed-off-by: Stefan Fröberg <stefan.froberg@petroprogram.com>

Hi,

when testing your package with this defconfig stored in ./test-unbound

$ cat ./test-unbound 
BR2_PACKAGE_UNBOUND=y
BR2_PACKAGE_UNBOUND_DNSCRYPT=y

$ utils/test-pkg -c test-unbound $HOME/test-unbound

it fails on some platforms:

                   br-arm-cortex-m4-full [ 8/47]: FAILED
                      br-arm-full-static [11/47]: FAILED
                            br-bfin-full [12/47]: FAILED
                       br-m68k-5208-full [15/47]: FAILED

I stopped the test at this point, maybe you can have a look at the 
failures? I did not do that at this time (CET) of day ;)

Regards, Bernd
Stefan Fröberg Jan. 14, 2018, 5:56 p.m. UTC | #2 
Hi Bernd


Bernd Kuhls kirjoitti 14.01.2018 klo 01:11:
> Am Sun, 14 Jan 2018 00:26:51 +0200 schrieb Stefan Fröberg:
>
>> Unbound: validating, recursive & caching DNS resolver with
>> DNSSEC, QNAME minimisation, DNSCrypt and DNS-over-TLS support.
>>
>> Signed-off-by: Stefan Fröberg <stefan.froberg@petroprogram.com>
> Hi,
>
> when testing your package with this defconfig stored in ./test-unbound
>
> $ cat ./test-unbound 
> BR2_PACKAGE_UNBOUND=y
> BR2_PACKAGE_UNBOUND_DNSCRYPT=y
>
> $ utils/test-pkg -c test-unbound $HOME/test-unbound
>
> it fails on some platforms:
>
>                    br-arm-cortex-m4-full [ 8/47]: FAILED
>                       br-arm-full-static [11/47]: FAILED
>                             br-bfin-full [12/47]: FAILED
>                        br-m68k-5208-full [15/47]: FAILED
>
> I stopped the test at this point, maybe you can have a look at the 
> failures? I did not do that at this time (CET) of day ;)
>

Uh...47 compiler/platform combinations? Jeeez...that will take ages with
my poor comp ...

Where does that test-pkg script output the build failures?

Regards
Stefan
Bernd Kuhls Jan. 14, 2018, 6:42 p.m. UTC | #3 
Hi Stefan,

Am Sun, 14 Jan 2018 19:56:00 +0200 schrieb Stefan Fröberg:

> Uh...47 compiler/platform combinations? Jeeez...that will take ages with
> my poor comp ...

Maybe not, test-pkg uses pre-built toolchains, just like the autobuilders.

> Where does that test-pkg script output the build failures?

$HOME/test-unbound/{name of compiler/platform combo}/logfile

Some errors are thread-related, maybe you need to check for 
BR2_TOOLCHAIN_HAS_THREADS_NPTL instead of BR2_TOOLCHAIN_HAS_THREADS.

Regards, Bernd
Stefan Fröberg Jan. 16, 2018, 9:28 p.m. UTC | #4 
Hello Bernd

I have a little problem. I have ran all the tests now but my
$HOME/tests-unbound is totally empty.
What I am doing wrong?

Regards
Stefan

Bernd Kuhls kirjoitti 14.01.2018 klo 20:42:
> Hi Stefan,
>
> Am Sun, 14 Jan 2018 19:56:00 +0200 schrieb Stefan Fröberg:
>
>> Uh...47 compiler/platform combinations? Jeeez...that will take ages with
>> my poor comp ...
> Maybe not, test-pkg uses pre-built toolchains, just like the autobuilders.
>
>> Where does that test-pkg script output the build failures?
> $HOME/test-unbound/{name of compiler/platform combo}/logfile
>
> Some errors are thread-related, maybe you need to check for 
> BR2_TOOLCHAIN_HAS_THREADS_NPTL instead of BR2_TOOLCHAIN_HAS_THREADS.
>
> Regards, Bernd
>
> _______________________________________________
> buildroot mailing list
> buildroot@busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
Bernd Kuhls Jan. 16, 2018, 9:48 p.m. UTC | #5 
Am Tue, 16 Jan 2018 23:28:58 +0200 schrieb Stefan Fröberg:

> Hello Bernd
> 
> I have a little problem. I have ran all the tests now but my
> $HOME/tests-unbound is totally empty.
> What I am doing wrong?

Hi Stefan,

I wrote

$ utils/test-pkg -c test-unbound $HOME/test-unbound

and forgot to add "-d" before $HOME/test-unbound, sorry.

The correct syntax would have been

$ utils/test-pkg -c test-unbound -d $HOME/test-unbound

Therefore $HOME/test-unbound was not used but you should find the builds 
in $HOME/br-test-pkg/ instead, this is the default value.

Regards, Bernd
Stefan Fröberg Jan. 16, 2018, 9:52 p.m. UTC | #6 
Hi Bernd


Bernd Kuhls kirjoitti 16.01.2018 klo 23:48:
> Am Tue, 16 Jan 2018 23:28:58 +0200 schrieb Stefan Fröberg:
>
>> Hello Bernd
>>
>> I have a little problem. I have ran all the tests now but my
>> $HOME/tests-unbound is totally empty.
>> What I am doing wrong?
> Hi Stefan,
>
> I wrote
>
> $ utils/test-pkg -c test-unbound $HOME/test-unbound
>
> and forgot to add "-d" before $HOME/test-unbound, sorry.
>
No problem at all :-)

> The correct syntax would have been
>
> $ utils/test-pkg -c test-unbound -d $HOME/test-unbound
>
> Therefore $HOME/test-unbound was not used but you should find the builds 
> in $HOME/br-test-pkg/ instead, this is the default value.
>
> Regards, Bernd
>
> _______________________________________________
> buildroot mailing list
> buildroot@busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

You are right. Thank god and Thank You!

Best Regards
Stefan
Peter Korsgaard Jan. 28, 2018, 4:24 p.m. UTC | #7 
>>>>> "Stefan" == Stefan Fröberg <stefan.froberg@petroprogram.com> writes:

Hi,

 >> and forgot to add "-d" before $HOME/test-unbound, sorry.
 >> 
 > No problem at all :-)

Will you send an updated patch once you have looked at those build
failures? I have so far marked the patch as changes requested in
patchwork.
Stefan Fröberg Jan. 28, 2018, 11:43 p.m. UTC | #8 
Hi Peter

Yes, I try to go throught them all tomorro.
Already checked some of them and they give me error because I don't have
32-bit libs on my pure, non-multilib 64-bit system.
So those ones I can't check out.

Best Regards
Stefan

Peter Korsgaard kirjoitti 28.01.2018 klo 18:24:
>>>>>> "Stefan" == Stefan Fröberg <stefan.froberg@petroprogram.com> writes:
> Hi,
>
>  >> and forgot to add "-d" before $HOME/test-unbound, sorry.
>  >> 
>  > No problem at all :-)
>
> Will you send an updated patch once you have looked at those build
> failures? I have so far marked the patch as changes requested in
> patchwork.
>
Stefan Fröberg Jan. 29, 2018, 12:58 a.m. UTC | #9 
Results:


armv5-ctng-linux-gnueabi [ 1/47]: FAILED (cannot execute cross-compiler)
armv7-ctng-linux-gnueabihf [ 2/47]: FAILED (cannot execute cross-compiler)

br-arm-cortex-m4-full [ 8/47]: FAILED (need openssl 0.9.7 or higher)
br-arm-full-static [11/47]: FAILED (need openssl 0.9.7 or higher)

br-bfin-full [12/47]: FAILED (undefined pthread_spin_init,
pthread_spin_lock etc..)
br-m68k-5208-full [15/47]: FAILED (undefined pthread_spin_init,
pthread_spin_lock etc..)
br-m68k-68040-full [16/47]: FAILED (undefined pthread_spin_init,
pthread_spin_lock etc..)
br-microblazeel-full [17/47]: FAILED (undefined pthread_spin_init,
pthread_spin_lock etc..)
br-openrisc-uclibc [23/47]: FAILED (undefined pthread_spin_init,
pthread_spin_lock etc..)

i686-ctng-linux-gnu [34/47]: FAILED (cannot execute cross-compiler)
mips64el-ctng_n32-linux-gnu [37/47]: FAILED (cannot execute cross-compiler)
mips64el-ctng_n64-linux-gnu [38/47]: FAILED (cannot execute cross-compiler)
powerpc-ctng_e500v2-linux-gnuspe [39/47]: FAILED (cannot execute
cross-compiler)
sourcery-arm-armv4t [40/47]: FAILED (need 32-bit support library)
sourcery-arm [41/47]: FAILED (need 32-bit support library)
sourcery-arm-thumb2 [42/47]: FAILED (need 32-bit support library)
sourcery-mips64 [43/47]: FAILED (need 32-bit support library)
sourcery-mips [44/47]: FAILED (need 32-bit support library)
sourcery-nios2 [45/47]: FAILED (need 32-bit support library)
sourcery-x86-64 [46/47]: FAILED (need 32-bit support library)
x86_64-ctng_locales-linux-gnu [47/47]: FAILED (cannot execute
cross-compiler)


So only br-bfin-full, br-m68k-5208-full, br-m68k-68040-full,
br-microblazeel-full, br-openrisc-uclibc
I could only try to patch.

So what is the proper way of checking if external toolchain has thread
support ?
BR2_TOOLCHAIN_HAS_THREADS checks only internal toolchain right?

Best Regards
Stefan
Peter Korsgaard Jan. 29, 2018, 7:58 a.m. UTC | #10 
>>>>> "Stefan" == Stefan Fröberg <stefan.froberg@petroprogram.com> writes:

 > Results:
 > armv5-ctng-linux-gnueabi [ 1/47]: FAILED (cannot execute cross-compiler)
 > armv7-ctng-linux-gnueabihf [ 2/47]: FAILED (cannot execute cross-compiler)

Huh? Are you missing some 32bit libraries?

 > br-arm-cortex-m4-full [ 8/47]: FAILED (need openssl 0.9.7 or higher)
 > br-arm-full-static [11/47]: FAILED (need openssl 0.9.7 or higher)

Presumably needs do depend on openssl?

 > br-bfin-full [12/47]: FAILED (undefined pthread_spin_init,
 > pthread_spin_lock etc..)
 > br-m68k-5208-full [15/47]: FAILED (undefined pthread_spin_init,
 > pthread_spin_lock etc..)
 > br-m68k-68040-full [16/47]: FAILED (undefined pthread_spin_init,
 > pthread_spin_lock etc..)
 > br-microblazeel-full [17/47]: FAILED (undefined pthread_spin_init,
 > pthread_spin_lock etc..)
 > br-openrisc-uclibc [23/47]: FAILED (undefined pthread_spin_init,
 > pthread_spin_lock etc..)

Needs threads support.

 > i686-ctng-linux-gnu [34/47]: FAILED (cannot execute cross-compiler)
 > mips64el-ctng_n32-linux-gnu [37/47]: FAILED (cannot execute cross-compiler)
 > mips64el-ctng_n64-linux-gnu [38/47]: FAILED (cannot execute cross-compiler)
 > powerpc-ctng_e500v2-linux-gnuspe [39/47]: FAILED (cannot execute
 > cross-compiler)
 > sourcery-arm-armv4t [40/47]: FAILED (need 32-bit support library)
 > sourcery-arm [41/47]: FAILED (need 32-bit support library)
 > sourcery-arm-thumb2 [42/47]: FAILED (need 32-bit support library)
 > sourcery-mips64 [43/47]: FAILED (need 32-bit support library)
 > sourcery-mips [44/47]: FAILED (need 32-bit support library)
 > sourcery-nios2 [45/47]: FAILED (need 32-bit support library)
 > sourcery-x86-64 [46/47]: FAILED (need 32-bit support library)
 > x86_64-ctng_locales-linux-gnu [47/47]: FAILED (cannot execute
 > cross-compiler)

Again 32bit libraries?

 > So only br-bfin-full, br-m68k-5208-full, br-m68k-68040-full,
 > br-microblazeel-full, br-openrisc-uclibc
 > I could only try to patch.

 > So what is the proper way of checking if external toolchain has thread
 > support ?
 > BR2_TOOLCHAIN_HAS_THREADS checks only internal toolchain right?

No, BR2_TOOLCHAIN_HAS_THREADS applies to all toolchain types.
Peter Korsgaard Jan. 29, 2018, 7:58 a.m. UTC | #11 
>>>>> "Stefan" == Stefan Fröberg <stefan.froberg@petroprogram.com> writes:

 > Hi Peter
 > Yes, I try to go throught them all tomorro.
 > Already checked some of them and they give me error because I don't have
 > 32-bit libs on my pure, non-multilib 64-bit system.
 > So those ones I can't check out.

Does your distribution not provide 32bit libraries? The toolchains are
32bit on purpose for compatibility reasons.
diff mbox series

Patch

diff --git a/DEVELOPERS b/DEVELOPERS
index 2f7d051e8a..184ce82cec 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -1642,6 +1642,7 @@  N:	Stefan Fröberg <stefan.froberg@petroprogram.com>
 F:	package/elfutils/
 F:	package/libtasn1/
 F:	package/proxychains-ng/
+F:	package/unbound/
 F:	package/yasm/
 F:	package/zlib-ng/
 
diff --git a/package/Config.in b/package/Config.in
index 01f4095be5..f810445e27 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1827,6 +1827,7 @@  endif
 	source "package/udpcast/Config.in"
 	source "package/uhttpd/Config.in"
 	source "package/ulogd/Config.in"
+	source "package/unbound/Config.in"
 	source "package/ushare/Config.in"
 	source "package/ussp-push/Config.in"
 	source "package/vde2/Config.in"
diff --git a/package/unbound/Config.in b/package/unbound/Config.in
new file mode 100644
index 0000000000..a53cd2537c
--- /dev/null
+++ b/package/unbound/Config.in
@@ -0,0 +1,37 @@ 
+config BR2_PACKAGE_UNBOUND
+	bool "unbound"
+	select BR2_PACKAGE_EXPAT
+	select BR2_PACKAGE_LIBEVENT
+	select BR2_PACKAGE_OPENSSL
+	help
+	  Unbound is a validating, recursive, and caching DNS resolver.
+	  It supports DNSSEC, QNAME minimisation, DNS-over-TLS and
+	  DNSCrypt.
+
+	  https://www.unbound.net
+
+if BR2_PACKAGE_UNBOUND
+
+config BR2_PACKAGE_UNBOUND_DNSCRYPT
+	bool "Enable DNSCrypt"
+	select BR2_PACKAGE_LIBSODIUM
+	help
+	  DNSCrypt wraps unmodified DNS queries between a client and
+	  a DNS resolver. Default port used is 443 and like with
+	  normal unencrypted DNS, it uses UDP first and falling back
+	  to TCP if response too large.
+
+	  There is also DNS-over-TLS, a TCP only version
+	  of proposed standard for DNS encryption (RFC 7858).
+	  Default port for DNS-over-TLS is 853 and Unbound has
+	  built-in support for it.
+
+	  https://tools.ietf.org/html/rfc7858
+
+	  Note: Neither DNSCrypt or DNS-over-TLS encrypt the SNI.
+	  Here is some suggestions how to handle SNI encryption:
+
+	  https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-00
+
+endif
+
diff --git a/package/unbound/unbound.hash b/package/unbound/unbound.hash
new file mode 100644
index 0000000000..5f2183897e
--- /dev/null
+++ b/package/unbound/unbound.hash
@@ -0,0 +1,3 @@ 
+# Locally calculated
+sha256	4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f  unbound-1.6.7.tar.gz
+sha256	8eb9a16cbfb8703090bbfa3a2028fd46bb351509a2f90dc1001e51fbe6fd45db  LICENSE
diff --git a/package/unbound/unbound.mk b/package/unbound/unbound.mk
new file mode 100644
index 0000000000..ccbb490f1c
--- /dev/null
+++ b/package/unbound/unbound.mk
@@ -0,0 +1,51 @@ 
+################################################################################
+#
+# unbound
+#
+################################################################################
+
+UNBOUND_VERSION = 1.6.7
+UNBOUND_SITE = https://www.unbound.net/downloads
+UNBOUND_DEPENDENCIES = host-pkgconf expat libevent openssl
+UNBOUND_LICENSE = BSD-3-Clause
+UNBOUND_LICENSE_FILES = LICENSE
+UNBOUND_CONF_OPTS += \
+		--disable-rpath \
+		--disable-debug \
+		--with-conf-file=/etc/unbound/unbound.conf \
+		--with-pidfile=/var/run/unbound.pid \
+		--with-rootkey-file=/etc/unbound/root.key \
+		--enable-tfo-server \
+		--enable-relro-now \
+		--with-pic \
+		--enable-pie \
+		--with-ssl=$(STAGING_DIR)/usr
+
+# uClibc-ng does not have MSG_FASTOPEN
+# so TCP Fast Open client mode disabled for it
+ifeq ($(BR2_TOOLCHAIN_USES_UCLIBC),y)
+UNBOUND_CONF_OPTS += --disable-tfo-client
+else
+UNBOUND_CONF_OPTS += --enable-tfo-client
+endif
+
+ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
+UNBOUND_CONF_OPTS += --with-pthreads
+else
+UNBOUND_CONF_OPTS += --without-pthreads
+endif
+
+ifeq ($(BR2_GCC_ENABLE_LTO),y)
+UNBOUND_CONF_OPTS += --enable-flto
+else
+UNBOUND_CONF_OPTS += --disable-flto
+endif
+
+ifeq ($(BR2_PACKAGE_UNBOUND_DNSCRYPT),y)
+UNBOUND_CONF_OPTS += --enable-dnscrypt
+UNBOUND_DEPENDENCIES += libsodium
+else
+UNBOUND_CONF_OPTS += --disable-dnscrypt
+endif
+
+$(eval $(autotools-package))