From patchwork Sat Jan 13 22:26:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Stefan_Fr=C3=B6berg?= X-Patchwork-Id: 860381 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zJvRn31zlz9s7h for ; Sun, 14 Jan 2018 09:29:25 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id D62E522DBF; Sat, 13 Jan 2018 22:29:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G270X0cgPtt9; Sat, 13 Jan 2018 22:29:22 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 6B9CA22F4C; Sat, 13 Jan 2018 22:29:22 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id BC6331C04F5 for ; Sat, 13 Jan 2018 22:29:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id B718B22F4C for ; Sat, 13 Jan 2018 22:29:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6lNAWl0zI6Bj for ; Sat, 13 Jan 2018 22:29:20 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail.petroprogram.com (mail.petroprogram.com [194.89.34.74]) by silver.osuosl.org (Postfix) with ESMTPS id DC6EB22DBF for ; Sat, 13 Jan 2018 22:29:19 +0000 (UTC) Received: from localhost.localdomain (85-76-40-116-nat.elisa-mobile.fi [85.76.40.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: stefan.froberg@petroprogram.com) by mail.petroprogram.com (Postfix) with ESMTPSA id B0ED64153E; Sun, 14 Jan 2018 01:32:52 +0200 (EET) From: =?utf-8?q?Stefan_Fr=C3=B6berg?= To: buildroot@buildroot.org Date: Sun, 14 Jan 2018 00:26:51 +0200 Message-Id: <20180113222651.22755-1-stefan.froberg@petroprogram.com> X-Mailer: git-send-email 2.13.6 MIME-Version: 1.0 Subject: [Buildroot] [PATCH v2 1/1] unbound: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: bernd.kuhls@t-online.de, thomas.petazzoni@free-electrons.com, stefan.froberg@petroprogram.com Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Unbound: validating, recursive & caching DNS resolver with DNSSEC, QNAME minimisation, DNSCrypt and DNS-over-TLS support. Signed-off-by: Stefan Fröberg --- Changes v1 -> v2: - Fixed license to BSD-3-Clause (by Bernd Kuhls) - Fixed DNSCrypt handling (by Bernd Kuhls) - Use "select BR2_PACKAGE_OPENSSL" (by Bernd Kuhls) - Added "--with-ssl=$(STAGING_DIR)/usr" (by Bernd Kuhls) - Use "BR2_TOOLCHAIN_USES_UCLIBC" (by Bernd Kuhls) DEVELOPERS | 1 + package/Config.in | 1 + package/unbound/Config.in | 37 ++++++++++++++++++++++++++++++++ package/unbound/unbound.hash | 3 +++ package/unbound/unbound.mk | 51 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 93 insertions(+) create mode 100644 package/unbound/Config.in create mode 100644 package/unbound/unbound.hash create mode 100644 package/unbound/unbound.mk diff --git a/DEVELOPERS b/DEVELOPERS index 2f7d051e8a..184ce82cec 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -1642,6 +1642,7 @@ N: Stefan Fröberg F: package/elfutils/ F: package/libtasn1/ F: package/proxychains-ng/ +F: package/unbound/ F: package/yasm/ F: package/zlib-ng/ diff --git a/package/Config.in b/package/Config.in index 01f4095be5..f810445e27 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1827,6 +1827,7 @@ endif source "package/udpcast/Config.in" source "package/uhttpd/Config.in" source "package/ulogd/Config.in" + source "package/unbound/Config.in" source "package/ushare/Config.in" source "package/ussp-push/Config.in" source "package/vde2/Config.in" diff --git a/package/unbound/Config.in b/package/unbound/Config.in new file mode 100644 index 0000000000..a53cd2537c --- /dev/null +++ b/package/unbound/Config.in @@ -0,0 +1,37 @@ +config BR2_PACKAGE_UNBOUND + bool "unbound" + select BR2_PACKAGE_EXPAT + select BR2_PACKAGE_LIBEVENT + select BR2_PACKAGE_OPENSSL + help + Unbound is a validating, recursive, and caching DNS resolver. + It supports DNSSEC, QNAME minimisation, DNS-over-TLS and + DNSCrypt. + + https://www.unbound.net + +if BR2_PACKAGE_UNBOUND + +config BR2_PACKAGE_UNBOUND_DNSCRYPT + bool "Enable DNSCrypt" + select BR2_PACKAGE_LIBSODIUM + help + DNSCrypt wraps unmodified DNS queries between a client and + a DNS resolver. Default port used is 443 and like with + normal unencrypted DNS, it uses UDP first and falling back + to TCP if response too large. + + There is also DNS-over-TLS, a TCP only version + of proposed standard for DNS encryption (RFC 7858). + Default port for DNS-over-TLS is 853 and Unbound has + built-in support for it. + + https://tools.ietf.org/html/rfc7858 + + Note: Neither DNSCrypt or DNS-over-TLS encrypt the SNI. + Here is some suggestions how to handle SNI encryption: + + https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-00 + +endif + diff --git a/package/unbound/unbound.hash b/package/unbound/unbound.hash new file mode 100644 index 0000000000..5f2183897e --- /dev/null +++ b/package/unbound/unbound.hash @@ -0,0 +1,3 @@ +# Locally calculated +sha256 4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f unbound-1.6.7.tar.gz +sha256 8eb9a16cbfb8703090bbfa3a2028fd46bb351509a2f90dc1001e51fbe6fd45db LICENSE diff --git a/package/unbound/unbound.mk b/package/unbound/unbound.mk new file mode 100644 index 0000000000..ccbb490f1c --- /dev/null +++ b/package/unbound/unbound.mk @@ -0,0 +1,51 @@ +################################################################################ +# +# unbound +# +################################################################################ + +UNBOUND_VERSION = 1.6.7 +UNBOUND_SITE = https://www.unbound.net/downloads +UNBOUND_DEPENDENCIES = host-pkgconf expat libevent openssl +UNBOUND_LICENSE = BSD-3-Clause +UNBOUND_LICENSE_FILES = LICENSE +UNBOUND_CONF_OPTS += \ + --disable-rpath \ + --disable-debug \ + --with-conf-file=/etc/unbound/unbound.conf \ + --with-pidfile=/var/run/unbound.pid \ + --with-rootkey-file=/etc/unbound/root.key \ + --enable-tfo-server \ + --enable-relro-now \ + --with-pic \ + --enable-pie \ + --with-ssl=$(STAGING_DIR)/usr + +# uClibc-ng does not have MSG_FASTOPEN +# so TCP Fast Open client mode disabled for it +ifeq ($(BR2_TOOLCHAIN_USES_UCLIBC),y) +UNBOUND_CONF_OPTS += --disable-tfo-client +else +UNBOUND_CONF_OPTS += --enable-tfo-client +endif + +ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y) +UNBOUND_CONF_OPTS += --with-pthreads +else +UNBOUND_CONF_OPTS += --without-pthreads +endif + +ifeq ($(BR2_GCC_ENABLE_LTO),y) +UNBOUND_CONF_OPTS += --enable-flto +else +UNBOUND_CONF_OPTS += --disable-flto +endif + +ifeq ($(BR2_PACKAGE_UNBOUND_DNSCRYPT),y) +UNBOUND_CONF_OPTS += --enable-dnscrypt +UNBOUND_DEPENDENCIES += libsodium +else +UNBOUND_CONF_OPTS += --disable-dnscrypt +endif + +$(eval $(autotools-package))