Message ID | 20180113222651.22755-1-stefan.froberg@petroprogram.com |
---|---|
State | Changes Requested |
Headers | show |
Series | [v2,1/1] unbound: new package | expand |
Am Sun, 14 Jan 2018 00:26:51 +0200 schrieb Stefan Fröberg: > Unbound: validating, recursive & caching DNS resolver with > DNSSEC, QNAME minimisation, DNSCrypt and DNS-over-TLS support. > > Signed-off-by: Stefan Fröberg <stefan.froberg@petroprogram.com> Hi, when testing your package with this defconfig stored in ./test-unbound $ cat ./test-unbound BR2_PACKAGE_UNBOUND=y BR2_PACKAGE_UNBOUND_DNSCRYPT=y $ utils/test-pkg -c test-unbound $HOME/test-unbound it fails on some platforms: br-arm-cortex-m4-full [ 8/47]: FAILED br-arm-full-static [11/47]: FAILED br-bfin-full [12/47]: FAILED br-m68k-5208-full [15/47]: FAILED I stopped the test at this point, maybe you can have a look at the failures? I did not do that at this time (CET) of day ;) Regards, Bernd
Hi Bernd Bernd Kuhls kirjoitti 14.01.2018 klo 01:11: > Am Sun, 14 Jan 2018 00:26:51 +0200 schrieb Stefan Fröberg: > >> Unbound: validating, recursive & caching DNS resolver with >> DNSSEC, QNAME minimisation, DNSCrypt and DNS-over-TLS support. >> >> Signed-off-by: Stefan Fröberg <stefan.froberg@petroprogram.com> > Hi, > > when testing your package with this defconfig stored in ./test-unbound > > $ cat ./test-unbound > BR2_PACKAGE_UNBOUND=y > BR2_PACKAGE_UNBOUND_DNSCRYPT=y > > $ utils/test-pkg -c test-unbound $HOME/test-unbound > > it fails on some platforms: > > br-arm-cortex-m4-full [ 8/47]: FAILED > br-arm-full-static [11/47]: FAILED > br-bfin-full [12/47]: FAILED > br-m68k-5208-full [15/47]: FAILED > > I stopped the test at this point, maybe you can have a look at the > failures? I did not do that at this time (CET) of day ;) > Uh...47 compiler/platform combinations? Jeeez...that will take ages with my poor comp ... Where does that test-pkg script output the build failures? Regards Stefan
Hi Stefan, Am Sun, 14 Jan 2018 19:56:00 +0200 schrieb Stefan Fröberg: > Uh...47 compiler/platform combinations? Jeeez...that will take ages with > my poor comp ... Maybe not, test-pkg uses pre-built toolchains, just like the autobuilders. > Where does that test-pkg script output the build failures? $HOME/test-unbound/{name of compiler/platform combo}/logfile Some errors are thread-related, maybe you need to check for BR2_TOOLCHAIN_HAS_THREADS_NPTL instead of BR2_TOOLCHAIN_HAS_THREADS. Regards, Bernd
Hello Bernd I have a little problem. I have ran all the tests now but my $HOME/tests-unbound is totally empty. What I am doing wrong? Regards Stefan Bernd Kuhls kirjoitti 14.01.2018 klo 20:42: > Hi Stefan, > > Am Sun, 14 Jan 2018 19:56:00 +0200 schrieb Stefan Fröberg: > >> Uh...47 compiler/platform combinations? Jeeez...that will take ages with >> my poor comp ... > Maybe not, test-pkg uses pre-built toolchains, just like the autobuilders. > >> Where does that test-pkg script output the build failures? > $HOME/test-unbound/{name of compiler/platform combo}/logfile > > Some errors are thread-related, maybe you need to check for > BR2_TOOLCHAIN_HAS_THREADS_NPTL instead of BR2_TOOLCHAIN_HAS_THREADS. > > Regards, Bernd > > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot
Am Tue, 16 Jan 2018 23:28:58 +0200 schrieb Stefan Fröberg: > Hello Bernd > > I have a little problem. I have ran all the tests now but my > $HOME/tests-unbound is totally empty. > What I am doing wrong? Hi Stefan, I wrote $ utils/test-pkg -c test-unbound $HOME/test-unbound and forgot to add "-d" before $HOME/test-unbound, sorry. The correct syntax would have been $ utils/test-pkg -c test-unbound -d $HOME/test-unbound Therefore $HOME/test-unbound was not used but you should find the builds in $HOME/br-test-pkg/ instead, this is the default value. Regards, Bernd
Hi Bernd Bernd Kuhls kirjoitti 16.01.2018 klo 23:48: > Am Tue, 16 Jan 2018 23:28:58 +0200 schrieb Stefan Fröberg: > >> Hello Bernd >> >> I have a little problem. I have ran all the tests now but my >> $HOME/tests-unbound is totally empty. >> What I am doing wrong? > Hi Stefan, > > I wrote > > $ utils/test-pkg -c test-unbound $HOME/test-unbound > > and forgot to add "-d" before $HOME/test-unbound, sorry. > No problem at all :-) > The correct syntax would have been > > $ utils/test-pkg -c test-unbound -d $HOME/test-unbound > > Therefore $HOME/test-unbound was not used but you should find the builds > in $HOME/br-test-pkg/ instead, this is the default value. > > Regards, Bernd > > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot You are right. Thank god and Thank You! Best Regards Stefan
>>>>> "Stefan" == Stefan Fröberg <stefan.froberg@petroprogram.com> writes: Hi, >> and forgot to add "-d" before $HOME/test-unbound, sorry. >> > No problem at all :-) Will you send an updated patch once you have looked at those build failures? I have so far marked the patch as changes requested in patchwork.
Hi Peter Yes, I try to go throught them all tomorro. Already checked some of them and they give me error because I don't have 32-bit libs on my pure, non-multilib 64-bit system. So those ones I can't check out. Best Regards Stefan Peter Korsgaard kirjoitti 28.01.2018 klo 18:24: >>>>>> "Stefan" == Stefan Fröberg <stefan.froberg@petroprogram.com> writes: > Hi, > > >> and forgot to add "-d" before $HOME/test-unbound, sorry. > >> > > No problem at all :-) > > Will you send an updated patch once you have looked at those build > failures? I have so far marked the patch as changes requested in > patchwork. >
Results: armv5-ctng-linux-gnueabi [ 1/47]: FAILED (cannot execute cross-compiler) armv7-ctng-linux-gnueabihf [ 2/47]: FAILED (cannot execute cross-compiler) br-arm-cortex-m4-full [ 8/47]: FAILED (need openssl 0.9.7 or higher) br-arm-full-static [11/47]: FAILED (need openssl 0.9.7 or higher) br-bfin-full [12/47]: FAILED (undefined pthread_spin_init, pthread_spin_lock etc..) br-m68k-5208-full [15/47]: FAILED (undefined pthread_spin_init, pthread_spin_lock etc..) br-m68k-68040-full [16/47]: FAILED (undefined pthread_spin_init, pthread_spin_lock etc..) br-microblazeel-full [17/47]: FAILED (undefined pthread_spin_init, pthread_spin_lock etc..) br-openrisc-uclibc [23/47]: FAILED (undefined pthread_spin_init, pthread_spin_lock etc..) i686-ctng-linux-gnu [34/47]: FAILED (cannot execute cross-compiler) mips64el-ctng_n32-linux-gnu [37/47]: FAILED (cannot execute cross-compiler) mips64el-ctng_n64-linux-gnu [38/47]: FAILED (cannot execute cross-compiler) powerpc-ctng_e500v2-linux-gnuspe [39/47]: FAILED (cannot execute cross-compiler) sourcery-arm-armv4t [40/47]: FAILED (need 32-bit support library) sourcery-arm [41/47]: FAILED (need 32-bit support library) sourcery-arm-thumb2 [42/47]: FAILED (need 32-bit support library) sourcery-mips64 [43/47]: FAILED (need 32-bit support library) sourcery-mips [44/47]: FAILED (need 32-bit support library) sourcery-nios2 [45/47]: FAILED (need 32-bit support library) sourcery-x86-64 [46/47]: FAILED (need 32-bit support library) x86_64-ctng_locales-linux-gnu [47/47]: FAILED (cannot execute cross-compiler) So only br-bfin-full, br-m68k-5208-full, br-m68k-68040-full, br-microblazeel-full, br-openrisc-uclibc I could only try to patch. So what is the proper way of checking if external toolchain has thread support ? BR2_TOOLCHAIN_HAS_THREADS checks only internal toolchain right? Best Regards Stefan
>>>>> "Stefan" == Stefan Fröberg <stefan.froberg@petroprogram.com> writes: > Results: > armv5-ctng-linux-gnueabi [ 1/47]: FAILED (cannot execute cross-compiler) > armv7-ctng-linux-gnueabihf [ 2/47]: FAILED (cannot execute cross-compiler) Huh? Are you missing some 32bit libraries? > br-arm-cortex-m4-full [ 8/47]: FAILED (need openssl 0.9.7 or higher) > br-arm-full-static [11/47]: FAILED (need openssl 0.9.7 or higher) Presumably needs do depend on openssl? > br-bfin-full [12/47]: FAILED (undefined pthread_spin_init, > pthread_spin_lock etc..) > br-m68k-5208-full [15/47]: FAILED (undefined pthread_spin_init, > pthread_spin_lock etc..) > br-m68k-68040-full [16/47]: FAILED (undefined pthread_spin_init, > pthread_spin_lock etc..) > br-microblazeel-full [17/47]: FAILED (undefined pthread_spin_init, > pthread_spin_lock etc..) > br-openrisc-uclibc [23/47]: FAILED (undefined pthread_spin_init, > pthread_spin_lock etc..) Needs threads support. > i686-ctng-linux-gnu [34/47]: FAILED (cannot execute cross-compiler) > mips64el-ctng_n32-linux-gnu [37/47]: FAILED (cannot execute cross-compiler) > mips64el-ctng_n64-linux-gnu [38/47]: FAILED (cannot execute cross-compiler) > powerpc-ctng_e500v2-linux-gnuspe [39/47]: FAILED (cannot execute > cross-compiler) > sourcery-arm-armv4t [40/47]: FAILED (need 32-bit support library) > sourcery-arm [41/47]: FAILED (need 32-bit support library) > sourcery-arm-thumb2 [42/47]: FAILED (need 32-bit support library) > sourcery-mips64 [43/47]: FAILED (need 32-bit support library) > sourcery-mips [44/47]: FAILED (need 32-bit support library) > sourcery-nios2 [45/47]: FAILED (need 32-bit support library) > sourcery-x86-64 [46/47]: FAILED (need 32-bit support library) > x86_64-ctng_locales-linux-gnu [47/47]: FAILED (cannot execute > cross-compiler) Again 32bit libraries? > So only br-bfin-full, br-m68k-5208-full, br-m68k-68040-full, > br-microblazeel-full, br-openrisc-uclibc > I could only try to patch. > So what is the proper way of checking if external toolchain has thread > support ? > BR2_TOOLCHAIN_HAS_THREADS checks only internal toolchain right? No, BR2_TOOLCHAIN_HAS_THREADS applies to all toolchain types.
>>>>> "Stefan" == Stefan Fröberg <stefan.froberg@petroprogram.com> writes: > Hi Peter > Yes, I try to go throught them all tomorro. > Already checked some of them and they give me error because I don't have > 32-bit libs on my pure, non-multilib 64-bit system. > So those ones I can't check out. Does your distribution not provide 32bit libraries? The toolchains are 32bit on purpose for compatibility reasons.
diff --git a/DEVELOPERS b/DEVELOPERS index 2f7d051e8a..184ce82cec 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -1642,6 +1642,7 @@ N: Stefan Fröberg <stefan.froberg@petroprogram.com> F: package/elfutils/ F: package/libtasn1/ F: package/proxychains-ng/ +F: package/unbound/ F: package/yasm/ F: package/zlib-ng/ diff --git a/package/Config.in b/package/Config.in index 01f4095be5..f810445e27 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1827,6 +1827,7 @@ endif source "package/udpcast/Config.in" source "package/uhttpd/Config.in" source "package/ulogd/Config.in" + source "package/unbound/Config.in" source "package/ushare/Config.in" source "package/ussp-push/Config.in" source "package/vde2/Config.in" diff --git a/package/unbound/Config.in b/package/unbound/Config.in new file mode 100644 index 0000000000..a53cd2537c --- /dev/null +++ b/package/unbound/Config.in @@ -0,0 +1,37 @@ +config BR2_PACKAGE_UNBOUND + bool "unbound" + select BR2_PACKAGE_EXPAT + select BR2_PACKAGE_LIBEVENT + select BR2_PACKAGE_OPENSSL + help + Unbound is a validating, recursive, and caching DNS resolver. + It supports DNSSEC, QNAME minimisation, DNS-over-TLS and + DNSCrypt. + + https://www.unbound.net + +if BR2_PACKAGE_UNBOUND + +config BR2_PACKAGE_UNBOUND_DNSCRYPT + bool "Enable DNSCrypt" + select BR2_PACKAGE_LIBSODIUM + help + DNSCrypt wraps unmodified DNS queries between a client and + a DNS resolver. Default port used is 443 and like with + normal unencrypted DNS, it uses UDP first and falling back + to TCP if response too large. + + There is also DNS-over-TLS, a TCP only version + of proposed standard for DNS encryption (RFC 7858). + Default port for DNS-over-TLS is 853 and Unbound has + built-in support for it. + + https://tools.ietf.org/html/rfc7858 + + Note: Neither DNSCrypt or DNS-over-TLS encrypt the SNI. + Here is some suggestions how to handle SNI encryption: + + https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-00 + +endif + diff --git a/package/unbound/unbound.hash b/package/unbound/unbound.hash new file mode 100644 index 0000000000..5f2183897e --- /dev/null +++ b/package/unbound/unbound.hash @@ -0,0 +1,3 @@ +# Locally calculated +sha256 4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f unbound-1.6.7.tar.gz +sha256 8eb9a16cbfb8703090bbfa3a2028fd46bb351509a2f90dc1001e51fbe6fd45db LICENSE diff --git a/package/unbound/unbound.mk b/package/unbound/unbound.mk new file mode 100644 index 0000000000..ccbb490f1c --- /dev/null +++ b/package/unbound/unbound.mk @@ -0,0 +1,51 @@ +################################################################################ +# +# unbound +# +################################################################################ + +UNBOUND_VERSION = 1.6.7 +UNBOUND_SITE = https://www.unbound.net/downloads +UNBOUND_DEPENDENCIES = host-pkgconf expat libevent openssl +UNBOUND_LICENSE = BSD-3-Clause +UNBOUND_LICENSE_FILES = LICENSE +UNBOUND_CONF_OPTS += \ + --disable-rpath \ + --disable-debug \ + --with-conf-file=/etc/unbound/unbound.conf \ + --with-pidfile=/var/run/unbound.pid \ + --with-rootkey-file=/etc/unbound/root.key \ + --enable-tfo-server \ + --enable-relro-now \ + --with-pic \ + --enable-pie \ + --with-ssl=$(STAGING_DIR)/usr + +# uClibc-ng does not have MSG_FASTOPEN +# so TCP Fast Open client mode disabled for it +ifeq ($(BR2_TOOLCHAIN_USES_UCLIBC),y) +UNBOUND_CONF_OPTS += --disable-tfo-client +else +UNBOUND_CONF_OPTS += --enable-tfo-client +endif + +ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y) +UNBOUND_CONF_OPTS += --with-pthreads +else +UNBOUND_CONF_OPTS += --without-pthreads +endif + +ifeq ($(BR2_GCC_ENABLE_LTO),y) +UNBOUND_CONF_OPTS += --enable-flto +else +UNBOUND_CONF_OPTS += --disable-flto +endif + +ifeq ($(BR2_PACKAGE_UNBOUND_DNSCRYPT),y) +UNBOUND_CONF_OPTS += --enable-dnscrypt +UNBOUND_DEPENDENCIES += libsodium +else +UNBOUND_CONF_OPTS += --disable-dnscrypt +endif + +$(eval $(autotools-package))
Unbound: validating, recursive & caching DNS resolver with DNSSEC, QNAME minimisation, DNSCrypt and DNS-over-TLS support. Signed-off-by: Stefan Fröberg <stefan.froberg@petroprogram.com> --- Changes v1 -> v2: - Fixed license to BSD-3-Clause (by Bernd Kuhls) - Fixed DNSCrypt handling (by Bernd Kuhls) - Use "select BR2_PACKAGE_OPENSSL" (by Bernd Kuhls) - Added "--with-ssl=$(STAGING_DIR)/usr" (by Bernd Kuhls) - Use "BR2_TOOLCHAIN_USES_UCLIBC" (by Bernd Kuhls) DEVELOPERS | 1 + package/Config.in | 1 + package/unbound/Config.in | 37 ++++++++++++++++++++++++++++++++ package/unbound/unbound.hash | 3 +++ package/unbound/unbound.mk | 51 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 93 insertions(+) create mode 100644 package/unbound/Config.in create mode 100644 package/unbound/unbound.hash create mode 100644 package/unbound/unbound.mk