Message ID | 20180111232039.24270-1-stefan.froberg@petroprogram.com |
---|---|
State | Changes Requested |
Headers | show |
Series | [1/1] unbound: new package | expand |
Hi Stefan, Am Fri, 12 Jan 2018 01:20:39 +0200 schrieb Stefan Fröberg: > diff --git a/package/unbound/Config.in b/package/unbound/Config.in > new file mode 100644 > index 0000000000..07e4fa39f2 > --- /dev/null > +++ b/package/unbound/Config.in > @@ -0,0 +1,37 @@ > +config BR2_PACKAGE_UNBOUND > + bool "unbound" > + select BR2_PACKAGE_EXPAT > + select BR2_PACKAGE_LIBEVENT > + select BR2_PACKAGE_LIBSODIUM if BR2_PACKAGE_UNBOUND_DNSCRYPT parts of this line should be moved inside "config BR2_PACKAGE_UNBOUND_DNSCRYPT". > + depends on BR2_PACKAGE_OPENSSL Why not "select BR2_PACKAGE_OPENSSL"? Did you test with libressl as well? > + help > + Unbound is a validating, recursive, and caching DNS resolver. > + It supports DNSSEC, QNAME minimisation, DNS-over-TLS and > + DNSCrypt. > + > + https://www.unbound.net > + > +if BR2_PACKAGE_UNBOUND > + > +config BR2_PACKAGE_UNBOUND_DNSCRYPT > + bool "Enable DNSCrypt" Add > + select BR2_PACKAGE_LIBSODIUM here. [...] > diff --git a/package/unbound/unbound.mk b/package/unbound/unbound.mk > new file mode 100644 > index 0000000000..3c6f4ac895 > --- /dev/null > +++ b/package/unbound/unbound.mk > @@ -0,0 +1,50 @@ > +################################################################################ > +# > +# unbound > +# > +################################################################################ > + > +UNBOUND_VERSION = 1.6.7 > +UNBOUND_SOURCE = unbound-$(UNBOUND_VERSION).tar.gz the variable value contains the default, this line can therefore be removed completely. > +UNBOUND_SITE = https://www.unbound.net/downloads > +UNBOUND_DEPENDENCIES = host-pkgconf expat libevent openssl > +UNBOUND_LICENSE = BSD According to https://spdx.org/licenses/ the value "BSD" does not exist, afaics the license is "BSD-3-Clause". > +UNBOUND_LICENSE_FILES = LICENSE > +UNBOUND_CONF_OPTS += --disable-rpath \ > + --disable-debug \ > + --with-conf-file=/etc/unbound/unbound.conf \ > + --with-pidfile=/var/run/unbound.pid \ > + --with-rootkey-file=/etc/unbound/root.key \ > + --enable-tfo-server \ > + --enable-relro-now \ > + --with-pic \ > + --enable-pie Please add --with-ssl=$(STAGING_DIR)/usr \ to avoid checking for SSL... configure: error: Cannot find the SSL libraries in /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr Small nit: I do not like the idention used, how about something like this? https://git.buildroot.net/buildroot/tree/package/kodi/kodi.mk#n59 > +# uClibc-ng does not have MSG_FASTOPEN > +# so TCP Fast Open client mode disabled for it > +ifeq ($(BR2_TOOLCHAIN_BUILDROOT_UCLIBC),y) > +UNBOUND_CONF_OPTS += --disable-tfo-client > +else > +UNBOUND_CONF_OPTS += --enable-tfo-client > +endif An external uClibc toolchain does not define BR2_TOOLCHAIN_BUILDROOT_UCLIBC: $ grep UCLIBC .config BR2_TOOLCHAIN_USES_UCLIBC=y BR2_TOOLCHAIN_EXTERNAL_UCLIBC=y BR2_TOOLCHAIN_EXTERNAL_CUSTOM_UCLIBC=y Better check for BR2_TOOLCHAIN_USES_UCLIBC. Regards, Bernd
Hi Bernd Okay, I will send a new one soon. Best Regards Stefan Bernd Kuhls kirjoitti 12.01.2018 klo 08:41: > Hi Stefan, > > Am Fri, 12 Jan 2018 01:20:39 +0200 schrieb Stefan Fröberg: > >> diff --git a/package/unbound/Config.in b/package/unbound/Config.in >> new file mode 100644 >> index 0000000000..07e4fa39f2 >> --- /dev/null >> +++ b/package/unbound/Config.in >> @@ -0,0 +1,37 @@ >> +config BR2_PACKAGE_UNBOUND >> + bool "unbound" >> + select BR2_PACKAGE_EXPAT >> + select BR2_PACKAGE_LIBEVENT >> + select BR2_PACKAGE_LIBSODIUM if BR2_PACKAGE_UNBOUND_DNSCRYPT > parts of this line should be moved inside > "config BR2_PACKAGE_UNBOUND_DNSCRYPT". > >> + depends on BR2_PACKAGE_OPENSSL > Why not "select BR2_PACKAGE_OPENSSL"? > Did you test with libressl as well? > >> + help >> + Unbound is a validating, recursive, and caching DNS resolver. >> + It supports DNSSEC, QNAME minimisation, DNS-over-TLS and >> + DNSCrypt. >> + >> + https://www.unbound.net >> + >> +if BR2_PACKAGE_UNBOUND >> + >> +config BR2_PACKAGE_UNBOUND_DNSCRYPT >> + bool "Enable DNSCrypt" > Add > >> + select BR2_PACKAGE_LIBSODIUM > here. > > [...] > >> diff --git a/package/unbound/unbound.mk b/package/unbound/unbound.mk >> new file mode 100644 >> index 0000000000..3c6f4ac895 >> --- /dev/null >> +++ b/package/unbound/unbound.mk >> @@ -0,0 +1,50 @@ >> +################################################################################ >> +# >> +# unbound >> +# >> +################################################################################ >> + >> +UNBOUND_VERSION = 1.6.7 >> +UNBOUND_SOURCE = unbound-$(UNBOUND_VERSION).tar.gz > the variable value contains the default, this line can therefore > be removed completely. > >> +UNBOUND_SITE = https://www.unbound.net/downloads >> +UNBOUND_DEPENDENCIES = host-pkgconf expat libevent openssl >> +UNBOUND_LICENSE = BSD > According to https://spdx.org/licenses/ the value "BSD" does not exist, > afaics the license is "BSD-3-Clause". > >> +UNBOUND_LICENSE_FILES = LICENSE >> +UNBOUND_CONF_OPTS += --disable-rpath \ >> + --disable-debug \ >> + --with-conf-file=/etc/unbound/unbound.conf \ >> + --with-pidfile=/var/run/unbound.pid \ >> + --with-rootkey-file=/etc/unbound/root.key \ >> + --enable-tfo-server \ >> + --enable-relro-now \ >> + --with-pic \ >> + --enable-pie > Please add > --with-ssl=$(STAGING_DIR)/usr \ > > to avoid > > checking for SSL... configure: error: Cannot find the SSL libraries in > /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr > > Small nit: I do not like the idention used, how about something like this? > https://git.buildroot.net/buildroot/tree/package/kodi/kodi.mk#n59 > >> +# uClibc-ng does not have MSG_FASTOPEN >> +# so TCP Fast Open client mode disabled for it >> +ifeq ($(BR2_TOOLCHAIN_BUILDROOT_UCLIBC),y) >> +UNBOUND_CONF_OPTS += --disable-tfo-client >> +else >> +UNBOUND_CONF_OPTS += --enable-tfo-client >> +endif > An external uClibc toolchain does not define > BR2_TOOLCHAIN_BUILDROOT_UCLIBC: > > $ grep UCLIBC .config > BR2_TOOLCHAIN_USES_UCLIBC=y > BR2_TOOLCHAIN_EXTERNAL_UCLIBC=y > BR2_TOOLCHAIN_EXTERNAL_CUSTOM_UCLIBC=y > > Better check for BR2_TOOLCHAIN_USES_UCLIBC. > > Regards, Bernd > > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot
Oh, forgot ... >> + depends on BR2_PACKAGE_OPENSSL > Why not "select BR2_PACKAGE_OPENSSL"? > Did you test with libressl as well? > That cannot be select because it's a choise and if I remember buildroot manual and what Thomas said, you can't (or actually shouldn't) select from choice unless absolutely necessary (like, for example, in my turbovnc patch...have to remember update that too...) But I test with libressl too Regards Stefan
Hello, On Fri, 12 Jan 2018 12:45:06 +0200, Stefan Fröberg wrote: > > Why not "select BR2_PACKAGE_OPENSSL"? > > Did you test with libressl as well? > > > > That cannot be select because it's a choise and if I remember buildroot > manual and > what Thomas said, you can't (or actually shouldn't) select from choice > unless > absolutely necessary (like, for example, in my turbovnc patch...have to > remember update that too...) It is correct that regular virtual packages cannot be selected. But openssl (like jpeg) is special, and you can select BR2_PACKAGE_OPENSSL. BR2_PACKAGE_OPENSSL is not part of a choice. The case of turbovnc is different: you wanted to select jpeg-turbo specifically, which is one jpeg implementation. And this is not possible. See the difference ? BR2_PACKAGE_OPENSSL is the virtual package itself, which has two implementations: libopenssl and libressl, selectable through a choice. BR2_PACKAGE_JPEG_TURBO is one implementation of the BR2_PACKAGE_JPEG virtual package. Selecting BR2_PACKAGE_JPEG is OK (just like selecting BR2_PACKAGE_OPENSSL is OK), but selecting BR2_PACKAGE_JPEG_TURBO doesn't work. So Bernd is totally correct: you should select BR2_PACKAGE_OPENSSL. See how many packages are already doing this today :-) Best regards, Thomas
Hi Thomas Petazzoni kirjoitti 12.01.2018 klo 13:08: > Hello, > > On Fri, 12 Jan 2018 12:45:06 +0200, Stefan Fröberg wrote: > >>> Why not "select BR2_PACKAGE_OPENSSL"? >>> Did you test with libressl as well? >>> >> That cannot be select because it's a choise and if I remember buildroot >> manual and >> what Thomas said, you can't (or actually shouldn't) select from choice >> unless >> absolutely necessary (like, for example, in my turbovnc patch...have to >> remember update that too...) > It is correct that regular virtual packages cannot be selected. > > But openssl (like jpeg) is special, and you can select > BR2_PACKAGE_OPENSSL. BR2_PACKAGE_OPENSSL is not part of a choice. > > The case of turbovnc is different: you wanted to select jpeg-turbo > specifically, which is one jpeg implementation. And this is not > possible. > > See the difference ? BR2_PACKAGE_OPENSSL is the virtual package itself, > which has two implementations: libopenssl and libressl, selectable > through a choice. > > BR2_PACKAGE_JPEG_TURBO is one implementation of the BR2_PACKAGE_JPEG > virtual package. Selecting BR2_PACKAGE_JPEG is OK (just like selecting > BR2_PACKAGE_OPENSSL is OK), but selecting BR2_PACKAGE_JPEG_TURBO > doesn't work. > > Ah, okay. But Thomas, I can't use BR2_PACKAGE_JPEG for turbovnc because it uses specific ABI (the so called TurboJPEG ABI) from libjpeg-turbo package and vanilla jpeg does not provide it. https://libjpeg-turbo.org/About/TurboJPEG At least, *if* I remember correctly, turbovnc nagged something about missing function when I tried to compile against vanilla jpeg. Regards Stefan
Hello, On Fri, 12 Jan 2018 16:00:27 +0200, Stefan Fröberg wrote: > But Thomas, I can't use BR2_PACKAGE_JPEG for turbovnc because it uses > specific ABI (the so called TurboJPEG ABI) > from libjpeg-turbo package and vanilla jpeg does not provide it. > > https://libjpeg-turbo.org/About/TurboJPEG > > At least, *if* I remember correctly, turbovnc nagged something about > missing function when I tried to compile against vanilla jpeg. Yes, sure, I do remember this perfectly well. turbo-jpeg is kind of an exception, because it is API compatible with jpeg (so it is logical for it to be supported in Buildroot as a provider of the jpeg API), but it also provides its own custom API. With the current state of things, I believe there is indeed no other choice for TurboVNC but to use a "depends on BR2_PACKAGE_TURBO_JPEG". Didn't we already reached this conclusion during the TurboVNC discussion ? I know I originally complained against this "depends on", but once justified with the fact that TurboVNC really only works with jpeg-turbo's specific API, I'd be OK with using this "depends on". Best regards, Thomas
Hi Thomas Petazzoni kirjoitti 12.01.2018 klo 17:23: > Hello, > > On Fri, 12 Jan 2018 16:00:27 +0200, Stefan Fröberg wrote: > >> But Thomas, I can't use BR2_PACKAGE_JPEG for turbovnc because it uses >> specific ABI (the so called TurboJPEG ABI) >> from libjpeg-turbo package and vanilla jpeg does not provide it. >> >> https://libjpeg-turbo.org/About/TurboJPEG >> >> At least, *if* I remember correctly, turbovnc nagged something about >> missing function when I tried to compile against vanilla jpeg. > Yes, sure, I do remember this perfectly well. turbo-jpeg is kind of an > exception, because it is API compatible with jpeg (so it is logical for > it to be supported in Buildroot as a provider of the jpeg API), but it > also provides its own custom API. > > With the current state of things, I believe there is indeed no other > choice for TurboVNC but to use a "depends on BR2_PACKAGE_TURBO_JPEG". > Didn't we already reached this conclusion during the TurboVNC > discussion ? Could be, I have so lousy memory nowadays ... > > I know I originally complained against this "depends on", but once > justified with the fact that TurboVNC really only works with > jpeg-turbo's specific API, I'd be OK with using this "depends on". > > Thanks T :-) Regards -S-
diff --git a/DEVELOPERS b/DEVELOPERS index 2f7d051e8a..184ce82cec 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -1642,6 +1642,7 @@ N: Stefan Fröberg <stefan.froberg@petroprogram.com> F: package/elfutils/ F: package/libtasn1/ F: package/proxychains-ng/ +F: package/unbound/ F: package/yasm/ F: package/zlib-ng/ diff --git a/package/Config.in b/package/Config.in index 01f4095be5..f810445e27 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1827,6 +1827,7 @@ endif source "package/udpcast/Config.in" source "package/uhttpd/Config.in" source "package/ulogd/Config.in" + source "package/unbound/Config.in" source "package/ushare/Config.in" source "package/ussp-push/Config.in" source "package/vde2/Config.in" diff --git a/package/unbound/Config.in b/package/unbound/Config.in new file mode 100644 index 0000000000..07e4fa39f2 --- /dev/null +++ b/package/unbound/Config.in @@ -0,0 +1,37 @@ +config BR2_PACKAGE_UNBOUND + bool "unbound" + select BR2_PACKAGE_EXPAT + select BR2_PACKAGE_LIBEVENT + select BR2_PACKAGE_LIBSODIUM if BR2_PACKAGE_UNBOUND_DNSCRYPT + depends on BR2_PACKAGE_OPENSSL + help + Unbound is a validating, recursive, and caching DNS resolver. + It supports DNSSEC, QNAME minimisation, DNS-over-TLS and + DNSCrypt. + + https://www.unbound.net + +if BR2_PACKAGE_UNBOUND + +config BR2_PACKAGE_UNBOUND_DNSCRYPT + bool "Enable DNSCrypt" + help + DNSCrypt wraps unmodified DNS queries between a client and + a DNS resolver. Default port used is 443 and like with + normal unencrypted DNS, it uses UDP first and falling back + to TCP if response too large. + + There is also DNS-over-TLS, a TCP only version + of proposed standard for DNS encryption (RFC 7858). + Default port for DNS-over-TLS is 853 and Unbound has + built-in support for it. + + https://tools.ietf.org/html/rfc7858 + + Note: Neither DNSCrypt or DNS-over-TLS encrypt the SNI. + Here is some suggestions how to handle SNI encryption: + + https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-00 + +endif + diff --git a/package/unbound/unbound.hash b/package/unbound/unbound.hash new file mode 100644 index 0000000000..5f2183897e --- /dev/null +++ b/package/unbound/unbound.hash @@ -0,0 +1,3 @@ +# Locally calculated +sha256 4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f unbound-1.6.7.tar.gz +sha256 8eb9a16cbfb8703090bbfa3a2028fd46bb351509a2f90dc1001e51fbe6fd45db LICENSE diff --git a/package/unbound/unbound.mk b/package/unbound/unbound.mk new file mode 100644 index 0000000000..3c6f4ac895 --- /dev/null +++ b/package/unbound/unbound.mk @@ -0,0 +1,50 @@ +################################################################################ +# +# unbound +# +################################################################################ + +UNBOUND_VERSION = 1.6.7 +UNBOUND_SOURCE = unbound-$(UNBOUND_VERSION).tar.gz +UNBOUND_SITE = https://www.unbound.net/downloads +UNBOUND_DEPENDENCIES = host-pkgconf expat libevent openssl +UNBOUND_LICENSE = BSD +UNBOUND_LICENSE_FILES = LICENSE +UNBOUND_CONF_OPTS += --disable-rpath \ + --disable-debug \ + --with-conf-file=/etc/unbound/unbound.conf \ + --with-pidfile=/var/run/unbound.pid \ + --with-rootkey-file=/etc/unbound/root.key \ + --enable-tfo-server \ + --enable-relro-now \ + --with-pic \ + --enable-pie + +# uClibc-ng does not have MSG_FASTOPEN +# so TCP Fast Open client mode disabled for it +ifeq ($(BR2_TOOLCHAIN_BUILDROOT_UCLIBC),y) +UNBOUND_CONF_OPTS += --disable-tfo-client +else +UNBOUND_CONF_OPTS += --enable-tfo-client +endif + +ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y) +UNBOUND_CONF_OPTS += --with-pthreads +else +UNBOUND_CONF_OPTS += --without-pthreads +endif + +ifeq ($(BR2_GCC_ENABLE_LTO),y) +UNBOUND_CONF_OPTS += --enable-flto +else +UNBOUND_CONF_OPTS += --disable-flto +endif + +ifeq ($(BR2_PACKAGE_UNBOUND_DNSCRYPT),y) +UNBOUND_CONF_OPTS += --enable-dnscrypt +UNBOUND_DEPENDENCIES += libsodium +else +UNBOUND_CONF_OPTS += --disable-dnscrypt +endif + +$(eval $(autotools-package))
Signed-off-by: Stefan Fröberg <stefan.froberg@petroprogram.com> --- DEVELOPERS | 1 + package/Config.in | 1 + package/unbound/Config.in | 37 ++++++++++++++++++++++++++++++++ package/unbound/unbound.hash | 3 +++ package/unbound/unbound.mk | 50 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 92 insertions(+) create mode 100644 package/unbound/Config.in create mode 100644 package/unbound/unbound.hash create mode 100644 package/unbound/unbound.mk