Commit | Line | Data |
---|---|---|
dd2efd3d TUBK |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com> | |
d912db5b | 3 | ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org> |
b2844d8f | 4 | ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net> |
76dd04be | 5 | ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> |
be86b7ad | 6 | ;;; Copyright © 2016 John Darrington <jmd@gnu.org> |
3c986a7d | 7 | ;;; Copyright © 2016 Nikita <nikita@n0.is> |
3bdd380f | 8 | ;;; Copyright © 2016–2021 Tobias Geerinckx-Rice <me@tobias.gr> |
645772e4 | 9 | ;;; Copyright © 2016, 2020 Marius Bakke <mbakke@fastmail.com> |
ecc7aa89 | 10 | ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com> |
7e61a16c | 11 | ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net> |
0bc2d3e4 | 12 | ;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com> |
498911d3 | 13 | ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com> |
41553c90 | 14 | ;;; Copyright © 2019 Chris Marusich <cmmarusich@gmail.com> |
7e5eda0c | 15 | ;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com> |
a1819473 | 16 | ;;; Copyright © 2020, 2021 Pierre Langlois <pierre.langlois@gmx.com> |
0d36d0ba | 17 | ;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net> |
65fd3f0a | 18 | ;;; Copyright © 2020 Leo Famulari <leo@famulari.name> |
6b6647f8 | 19 | ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re> |
dadfc9bc | 20 | ;;; Copyright © 2020 Simon South <simon@simonsouth.net> |
dd2efd3d TUBK |
21 | ;;; |
22 | ;;; This file is part of GNU Guix. | |
23 | ;;; | |
24 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
25 | ;;; under the terms of the GNU General Public License as published by | |
26 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
27 | ;;; your option) any later version. | |
28 | ;;; | |
29 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
30 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
31 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
32 | ;;; GNU General Public License for more details. | |
33 | ;;; | |
34 | ;;; You should have received a copy of the GNU General Public License | |
35 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
36 | ||
36fb36b5 | 37 | (define-module (gnu packages dns) |
f9cdf1c1 | 38 | #:use-module (gnu packages admin) |
71f048c6 | 39 | #:use-module (gnu packages autotools) |
6cf626e8 | 40 | #:use-module (gnu packages base) |
0bc2d3e4 | 41 | #:use-module (gnu packages bash) |
6a7256fc | 42 | #:use-module (gnu packages certs) |
a35e16c0 | 43 | #:use-module (gnu packages check) |
1e744399 | 44 | #:use-module (gnu packages databases) |
a35e16c0 | 45 | #:use-module (gnu packages documentation) |
0bc2d3e4 | 46 | #:use-module (gnu packages compression) |
afe62a8b | 47 | #:use-module (gnu packages crypto) |
f9cdf1c1 | 48 | #:use-module (gnu packages datastructures) |
387ad8fd | 49 | #:use-module (gnu packages elf) |
7e61a16c | 50 | #:use-module (gnu packages flex) |
7239c674 | 51 | #:use-module (gnu packages freedesktop) |
018114ba | 52 | #:use-module (gnu packages gcc) |
cb6d322a | 53 | #:use-module (gnu packages glib) |
71f048c6 | 54 | #:use-module (gnu packages groff) |
f9cdf1c1 | 55 | #:use-module (gnu packages groff) |
7239c674 | 56 | #:use-module (gnu packages gtk) |
f9cdf1c1 | 57 | #:use-module (gnu packages libedit) |
afe62a8b | 58 | #:use-module (gnu packages libevent) |
f9cdf1c1 | 59 | #:use-module (gnu packages libidn) |
1e744399 | 60 | #:use-module (gnu packages linux) |
a35e16c0 | 61 | #:use-module (gnu packages lua) |
f9cdf1c1 TGR |
62 | #:use-module (gnu packages ncurses) |
63 | #:use-module (gnu packages nettle) | |
e12df2c6 | 64 | #:use-module (gnu packages networking) |
1e744399 | 65 | #:use-module (gnu packages perl) |
71f048c6 | 66 | #:use-module (gnu packages pkg-config) |
7e61a16c GG |
67 | #:use-module (gnu packages protobuf) |
68 | #:use-module (gnu packages python) | |
0406434b | 69 | #:use-module (gnu packages python-xyz) |
2b73e50c | 70 | #:use-module (gnu packages ragel) |
6a7256fc | 71 | #:use-module (gnu packages shells) |
a35e16c0 | 72 | #:use-module (gnu packages sphinx) |
7e61a16c | 73 | #:use-module (gnu packages swig) |
4756b9b1 | 74 | #:use-module (gnu packages texinfo) |
a7fd7b68 | 75 | #:use-module (gnu packages tls) |
f9cdf1c1 | 76 | #:use-module (gnu packages web) |
1e744399 | 77 | #:use-module (gnu packages xml) |
12e530ba | 78 | #:use-module (gnu packages) |
1e744399 | 79 | #:use-module ((guix licenses) #:prefix license:) |
dd2efd3d TUBK |
80 | #:use-module (guix packages) |
81 | #:use-module (guix download) | |
91a4863d | 82 | #:use-module (guix git-download) |
7e61a16c | 83 | #:use-module (guix utils) |
7239c674 | 84 | #:use-module (guix build-system glib-or-gtk) |
0bc2d3e4 | 85 | #:use-module (guix build-system gnu) |
a35e16c0 | 86 | #:use-module (guix build-system meson) |
0bc2d3e4 | 87 | #:use-module (guix build-system trivial)) |
dd2efd3d | 88 | |
6a7256fc RG |
89 | (define-public ldns |
90 | (package | |
91 | (name "ldns") | |
92 | (version "1.7.1") | |
93 | (source | |
94 | (origin | |
95 | (method url-fetch) | |
96 | (uri | |
97 | (string-append "https://www.nlnetlabs.nl/downloads/" | |
98 | name "/" name "-" version ".tar.gz")) | |
99 | (sha256 | |
100 | (base32 "0ac242n7996fswq1a3nlh1bbbhrsdwsq4mx7xq8ffq6aplb4rj4a")) | |
101 | (patches | |
102 | (search-patches | |
103 | ;; To create make-flag vairables, | |
104 | ;; for splitting installation of drill and examples. | |
105 | "ldns-drill-examples.patch")))) | |
106 | (build-system gnu-build-system) | |
107 | (outputs '("out" "drill" "examples" "pyldns")) | |
108 | (arguments | |
109 | `( ;; Tests require Tpkg. | |
110 | ;; https://tpkg.github.io/ | |
111 | #:tests? #f | |
112 | #:configure-flags | |
113 | (list | |
114 | "--disable-static" | |
115 | "--enable-gost-anyway" | |
116 | "--enable-rrtype-ninfo" | |
117 | "--enable-rrtype-rkey" | |
118 | "--enable-rrtype-ta" | |
119 | "--enable-rrtype-avc" | |
120 | "--enable-rrtype-doa" | |
121 | "--enable-rrtype-amtrelay" | |
122 | "--with-drill" | |
123 | "--with-examples" | |
124 | "--with-pyldns" | |
125 | ;; Perl module DNS::LDNS not available. | |
126 | ;; https://github.com/erikoest/DNS-LDNS.git | |
127 | ;; "--with-p5-dns-ldns" | |
128 | (string-append "--with-ssl=" | |
129 | (assoc-ref %build-inputs "openssl")) | |
130 | (string-append "--with-ca-path=" | |
131 | (assoc-ref %build-inputs "nss-certs") | |
132 | "/etc/ssl/certs")) | |
133 | #:make-flags | |
134 | (list | |
135 | (string-append "drillbindir=" | |
136 | (assoc-ref %outputs "drill") | |
137 | "/bin") | |
138 | (string-append "drillmandir=" | |
139 | (assoc-ref %outputs "drill") | |
140 | "/share/man") | |
141 | (string-append "examplesbindir=" | |
142 | (assoc-ref %outputs "examples") | |
143 | "/bin") | |
144 | (string-append "examplesmandir=" | |
145 | (assoc-ref %outputs "examples") | |
146 | "/share/man") | |
147 | (string-append "python_site=" | |
148 | (assoc-ref %outputs "pyldns") | |
149 | "/lib/python" | |
150 | ,(version-major+minor | |
151 | (package-version python)) | |
152 | "/site-packages")))) | |
153 | (native-inputs | |
154 | `(("doxygen" ,doxygen) | |
155 | ("ksh" ,oksh) | |
156 | ("perl" ,perl) | |
157 | ("perl-devel-checklib" ,perl-devel-checklib) | |
158 | ("pkg-config" ,pkg-config) | |
159 | ("python" ,python-wrapper) | |
160 | ("swig" ,swig))) | |
161 | (inputs | |
162 | `(("libpcap" ,libpcap) | |
163 | ("nss-certs" ,nss-certs) | |
164 | ("openssl" ,openssl))) | |
165 | (synopsis "DNS library that facilitates DNS tool programming") | |
166 | (description "LDNS aims to simplify DNS programming, it supports recent | |
167 | RFCs like the DNSSEC documents, and allows developers to easily create | |
168 | software conforming to current RFCs, and experimental software for current | |
169 | Internet Drafts. A secondary benefit of using ldns is speed; ldns is written in | |
170 | C it should be a lot faster than Perl.") | |
171 | (home-page "https://nlnetlabs.nl/projects/ldns/about/") | |
172 | (license license:bsd-3))) | |
173 | ||
7239c674 RG |
174 | (define-public dnssec-trigger |
175 | (package | |
176 | (name "dnssec-trigger") | |
177 | (version "0.17") | |
178 | (source | |
179 | (origin | |
180 | (method url-fetch) | |
181 | (uri | |
182 | (string-append "https://www.nlnetlabs.nl/downloads/" | |
183 | name "/" name "-" version ".tar.gz")) | |
184 | (sha256 | |
185 | (base32 "10928q406x9r66a090xl5kznzgyxpja88w4srwcv454hd351j9f0")))) | |
186 | (build-system glib-or-gtk-build-system) | |
187 | (outputs '("out" "gui" "nm")) | |
188 | (arguments | |
189 | `(#:test-target "test" | |
190 | #:configure-flags | |
191 | (list | |
192 | (string-append "--with-ssl=" | |
193 | (assoc-ref %build-inputs "openssl")) | |
194 | "--with-hooks=networkmanager" | |
195 | (string-append "--with-networkmanager-dispatch=" | |
196 | (assoc-ref %outputs "nm") | |
197 | "/etc/NetworkManager/dispatcher.d") | |
198 | (string-append "--with-xdg-autostart=" | |
199 | (assoc-ref %outputs "gui") | |
200 | "/etc/xdg/autostart") | |
201 | (string-append "--with-uidir=" | |
202 | (assoc-ref %outputs "gui") | |
203 | "/share/dnssec-trigger") | |
204 | (string-append "--with-python=" | |
205 | (assoc-ref %build-inputs "python") | |
206 | "/bin/python") | |
207 | (string-append "--with-unbound-control=" | |
208 | (assoc-ref %build-inputs "unbound") | |
209 | "/sbin/unbound-control") | |
210 | "--with-forward-zones-support") | |
211 | #:phases | |
212 | (modify-phases %standard-phases | |
213 | (add-after 'unpack 'patch-configure | |
214 | (lambda _ | |
215 | (substitute* "configure" | |
216 | (("appindicator-0.1") | |
217 | "appindicator3-0.1")) | |
218 | #t)) | |
219 | (add-before 'configure 'patch-makefile | |
220 | (lambda _ | |
221 | (substitute* "Makefile.in" | |
222 | (("/usr") | |
223 | "$(prefix)") | |
224 | (("/etc") | |
225 | "$(prefix)/etc") | |
226 | ((".*gtk-update-icon-cache.*") | |
227 | "")) | |
228 | #t)) | |
229 | (add-after 'install 'remove-systemd | |
230 | (lambda* (#:key outputs #:allow-other-keys) | |
231 | (let* ((out (assoc-ref outputs "out"))) | |
232 | (delete-file-recursively | |
233 | (string-append out "/lib/systemd")) | |
234 | #t))) | |
235 | (add-after 'remove-systemd 'move-gui | |
236 | (lambda* (#:key outputs #:allow-other-keys) | |
237 | (let* ((out (assoc-ref outputs "out")) | |
238 | (gui (assoc-ref outputs "gui"))) | |
239 | (mkdir-p (string-append gui "/bin")) | |
240 | (mkdir-p (string-append gui "/share")) | |
241 | (rename-file | |
242 | (string-append out "/bin") | |
243 | (string-append gui "/bin")) | |
244 | (rename-file | |
245 | (string-append out "/share/icons") | |
246 | (string-append gui "/share/icons")) | |
247 | #t))) | |
248 | (add-after 'move-gui 'move-nm | |
249 | (lambda* (#:key outputs #:allow-other-keys) | |
250 | (let* ((out (assoc-ref outputs "out")) | |
251 | (nm (assoc-ref outputs "nm"))) | |
252 | (mkdir-p (string-append nm "/libexec")) | |
253 | (rename-file | |
254 | (string-append out "/libexec") | |
255 | (string-append nm "/libexec")) | |
256 | #t)))))) | |
257 | (native-inputs | |
258 | `(("cmocka" ,cmocka) | |
259 | ("pkg-config" ,pkg-config) | |
260 | ("python" ,python-wrapper))) | |
261 | (inputs | |
262 | `(("gtk+-2" ,gtk+-2) | |
263 | ("ldns" ,ldns) | |
264 | ("libappindicator" ,libappindicator) | |
265 | ("openssl" ,openssl) | |
266 | ("unbound" ,unbound))) | |
267 | (synopsis "DNSSEC protection for the DNS traffic") | |
268 | (description "DNSSEC-Trigger enables your computer to use DNSSEC protection | |
269 | for the DNS traffic. It relies on the Unbound DNS resolver running locally on | |
270 | your system, which performs DNSSEC validation. It reconfigures Unbound in such | |
271 | a way that it will signal it to to use the DHCP obtained forwarders if possible, | |
272 | fallback to doing its own AUTH queries if that fails, and if that fails it will | |
273 | prompt the user with the option to go with insecure DNS only.") | |
274 | (home-page "https://www.nlnetlabs.nl/projects/dnssec-trigger/about/") | |
275 | (license license:bsd-3))) | |
276 | ||
dd2efd3d TUBK |
277 | (define-public dnsmasq |
278 | (package | |
279 | (name "dnsmasq") | |
79c11747 | 280 | (version "2.84") |
dd2efd3d TUBK |
281 | (source (origin |
282 | (method url-fetch) | |
283 | (uri (string-append | |
284 | "http://www.thekelleys.org.uk/dnsmasq/dnsmasq-" | |
285 | version ".tar.xz")) | |
286 | (sha256 | |
287 | (base32 | |
79c11747 | 288 | "0305a0c3snwqcv77sipyynr55xip1fp2843yn04pc4vk9g39acb0")))) |
dd2efd3d | 289 | (build-system gnu-build-system) |
cb6d322a CB |
290 | (native-inputs |
291 | `(("pkg-config" ,pkg-config))) | |
292 | (inputs | |
293 | `(("dbus" ,dbus))) | |
dd2efd3d TUBK |
294 | (arguments |
295 | `(#:phases | |
dc1d3cde | 296 | (modify-phases %standard-phases (delete 'configure)) |
dd2efd3d | 297 | #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")) |
cb6d322a CB |
298 | "CC=gcc" |
299 | "COPTS=\"-DHAVE_DBUS\"") | |
4e6c51d4 | 300 | #:tests? #f)) ; no ‘check’ target |
dd2efd3d TUBK |
301 | (home-page "http://www.thekelleys.org.uk/dnsmasq/doc.html") |
302 | (synopsis "Small caching DNS proxy and DHCP/TFTP server") | |
303 | (description | |
c657716e TGR |
304 | "Dnsmasq is a light-weight DNS forwarder and DHCP server. It is designed |
305 | to provide DNS and, optionally, DHCP to a small network. It can serve the | |
dd2efd3d TUBK |
306 | names of local machines which are not in the global DNS. The DHCP server |
307 | integrates with the DNS server and allows machines with DHCP-allocated | |
c657716e | 308 | addresses to appear in the DNS with names configured either on each host or in |
dd2efd3d TUBK |
309 | a central configuration file. Dnsmasq supports static and dynamic DHCP leases |
310 | and BOOTP/TFTP for network booting of diskless machines.") | |
311 | ;; Source files only say GPL2 and GPL3 are allowed. | |
1e744399 TČ |
312 | (license (list license:gpl2 license:gpl3)))) |
313 | ||
a0683006 LC |
314 | ;; 'bind' is the name of a built-in Guile procedure, which is why we choose a |
315 | ;; different name here. | |
316 | (define-public isc-bind | |
1e744399 | 317 | (package |
be86b7ad | 318 | (name "bind") |
56b4a1d5 | 319 | ;; When updating, check whether isc-dhcp's bundled copy should be as well. |
11feecc2 LF |
320 | ;; The BIND release notes are available here: |
321 | ;; https://www.isc.org/bind/ | |
000e27b3 | 322 | (version "9.16.13") |
1e744399 TČ |
323 | (source (origin |
324 | (method url-fetch) | |
be86b7ad | 325 | (uri (string-append |
54fd7c02 | 326 | "https://ftp.isc.org/isc/bind9/" version |
3c4c60fa | 327 | "/bind-" version ".tar.xz")) |
1e744399 TČ |
328 | (sha256 |
329 | (base32 | |
000e27b3 | 330 | "026cliyj570wxvvij96mrzsxyf421xv9a80gc5gv6savza9wfk55")))) |
1e744399 | 331 | (build-system gnu-build-system) |
be86b7ad | 332 | (outputs `("out" "utils")) |
1e744399 | 333 | (inputs |
fc0dd636 | 334 | ;; It would be nice to add GeoIP and gssapi once there are packages. |
1e744399 | 335 | `(("libcap" ,libcap) |
3c4c60fa | 336 | ("libuv" ,libuv) |
1e744399 | 337 | ("libxml2" ,libxml2) |
1e744399 | 338 | ("openssl" ,openssl) |
0406434b TGR |
339 | ("p11-kit" ,p11-kit) |
340 | ("python" ,python) | |
341 | ("python-ply" ,python-ply))) | |
3c4c60fa TGR |
342 | (native-inputs |
343 | `(("perl" ,perl) | |
344 | ("pkg-config" ,pkg-config))) | |
1e744399 | 345 | (arguments |
be86b7ad | 346 | `(#:configure-flags |
3c4c60fa | 347 | (list (string-append "--with-pkcs11=" |
1e744399 TČ |
348 | (assoc-ref %build-inputs "p11-kit"))) |
349 | #:phases | |
be86b7ad JD |
350 | (modify-phases %standard-phases |
351 | (add-after 'strip 'move-to-utils | |
352 | (lambda _ | |
353 | (for-each | |
354 | (lambda (file) | |
355 | (let ((target (string-append (assoc-ref %outputs "utils") file)) | |
356 | (src (string-append (assoc-ref %outputs "out") file))) | |
357 | (mkdir-p (dirname target)) | |
358 | (link src target) | |
359 | (delete-file src))) | |
360 | '("/bin/dig" "/bin/delv" "/bin/nslookup" "/bin/host" "/bin/nsupdate" | |
361 | "/share/man/man1/dig.1" | |
362 | "/share/man/man1/host.1" | |
363 | "/share/man/man1/nslookup.1" | |
6023ecab TGR |
364 | "/share/man/man1/nsupdate.1")) |
365 | #t)) | |
be86b7ad JD |
366 | ;; When and if guix provides user namespaces for the build process, |
367 | ;; then the following can be uncommented and the subsequent "force-test" | |
368 | ;; will not be necessary. | |
369 | ;; | |
370 | ;; (add-before 'check 'set-up-loopback | |
371 | ;; (lambda _ | |
372 | ;; (system "bin/tests/system/ifconfig.sh up"))) | |
373 | (replace 'check | |
374 | (lambda _ | |
c72c1005 TGR |
375 | ;; XXX Even ‘make force-test’ tries to create network interfaces |
376 | ;; and fails. The only working target is the (trivial) fuzz test. | |
377 | (with-directory-excursion "fuzz" | |
378 | (invoke "make" "check")) | |
379 | #t))))) | |
d039d80d TGR |
380 | (synopsis "@acronym{DNS, Domain Name System} implementation") |
381 | (description "BIND implements the @acronym{DNS, Domain Name System} | |
382 | protocols for the Internet. It is both a reference implementation of those | |
383 | protocols and production-grade software, suitable for use in high-volume and | |
384 | high-reliability applications. | |
385 | ||
386 | The name stands for \"Berkeley Internet Name Domain\" because the software | |
387 | originated in the early 1980s at the University of California at Berkeley. | |
388 | ||
389 | The @code{utils} output of this package contains the following command line | |
390 | utilities related to DNS name servers: | |
391 | ||
83b5ea9d MC |
392 | @table @code |
393 | @item delv | |
394 | DNS lookup and validation utility | |
395 | @item dig | |
396 | DNS lookup utility | |
397 | @item host | |
398 | DNS lookup utility | |
399 | @item nslookup | |
400 | Internet name servers interactive query utility | |
401 | @item nsupdate | |
402 | Dynamic DNS update utility | |
403 | @end table") | |
404 | (home-page "https://www.isc.org/bind/") | |
ecc7aa89 | 405 | (license (list license:mpl2.0)))) |
be86b7ad | 406 | |
d24727c0 MB |
407 | (define-public dnscrypt-proxy |
408 | (package | |
409 | (name "dnscrypt-proxy") | |
83a89531 | 410 | (version "1.9.5") |
d24727c0 MB |
411 | (source (origin |
412 | (method url-fetch) | |
413 | (uri (string-append | |
414 | "https://download.dnscrypt.org/dnscrypt-proxy/" | |
415 | "dnscrypt-proxy-" version ".tar.bz2")) | |
416 | (sha256 | |
417 | (base32 | |
83a89531 | 418 | "1dhvklr4dg2vlw108n11xbamacaryyg3dbrg629b76lp7685p7z8")) |
d24727c0 MB |
419 | (modules '((guix build utils))) |
420 | (snippet | |
421 | ;; Delete bundled libltdl. XXX: This package also bundles | |
422 | ;; a modified libevent that cannot currently be removed. | |
6cbee49d MW |
423 | '(begin |
424 | (delete-file-recursively "libltdl") | |
425 | #t)))) | |
d24727c0 MB |
426 | (build-system gnu-build-system) |
427 | (arguments | |
428 | `(#:phases | |
429 | (modify-phases %standard-phases | |
d10092b8 | 430 | (add-after 'unpack 'autoreconf |
d24727c0 MB |
431 | (lambda _ |
432 | ;; Re-generate build files due to unbundling ltdl. | |
433 | ;; TODO: Prevent generating new libltdl and building it. | |
434 | ;; The system version is still favored and referenced. | |
997a4e18 | 435 | (invoke "autoreconf" "-vif")))))) |
d24727c0 MB |
436 | (native-inputs |
437 | `(("pkg-config" ,pkg-config) | |
438 | ("automake" ,automake) | |
439 | ("autoconf" ,autoconf) | |
440 | ("libtool" ,libtool))) | |
441 | (inputs | |
442 | `(("libltdl" ,libltdl) | |
443 | ("libsodium" ,libsodium))) | |
444 | (home-page "https://www.dnscrypt.org/") | |
445 | (synopsis "Securely send DNS requests to a remote server") | |
446 | (description | |
447 | "@command{dnscrypt-proxy} is a tool for securing communications | |
448 | between a client and a DNS resolver. It verifies that responses you get | |
449 | from a DNS provider was actually sent by that provider, and haven't been | |
450 | tampered with. For optimal performance it is recommended to use this as | |
451 | a forwarder for a caching DNS resolver such as @command{dnsmasq}, but it | |
452 | can also be used as a normal DNS \"server\". A list of public dnscrypt | |
453 | servers is included, and an up-to-date version is available at | |
454 | @url{https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv}.") | |
455 | (license (list license:isc | |
456 | ;; Libevent and src/ext/queue.h is 3-clause BSD. | |
457 | license:bsd-3)))) | |
458 | ||
afe62a8b MB |
459 | (define-public dnscrypt-wrapper |
460 | (package | |
461 | (name "dnscrypt-wrapper") | |
462 | (version "0.2.2") | |
463 | (source (origin | |
464 | (method url-fetch) | |
465 | (uri (string-append | |
466 | "https://github.com/cofyc/dnscrypt-wrapper/releases" | |
467 | "/download/v" version "/" name "-v" version ".tar.bz2")) | |
468 | (sha256 | |
469 | (base32 | |
470 | "1vhg4g0r687f51wcdn7z9w1hxapazx6vyh5rsr8wa48sljzd583g")))) | |
471 | (build-system gnu-build-system) | |
472 | (arguments | |
473 | `(#:make-flags '("CC=gcc") | |
474 | ;; TODO: Tests require ruby-cucumber and ruby-aruba. | |
475 | #:tests? #f | |
476 | #:phases | |
477 | (modify-phases %standard-phases | |
d10092b8 | 478 | (add-after 'unpack 'create-configure |
afe62a8b | 479 | (lambda _ |
b43cd106 | 480 | (invoke "make" "configure")))))) |
afe62a8b MB |
481 | (native-inputs |
482 | `(("autoconf" ,autoconf))) | |
483 | (inputs | |
484 | `(("libevent" ,libevent) | |
485 | ("libsodium" ,libsodium))) | |
486 | (home-page "https://github.com/Cofyc/dnscrypt-wrapper") | |
487 | (synopsis "Server-side dnscrypt proxy") | |
488 | (description | |
489 | "@command{dnscrypt-wrapper} is a tool to expose a name server over | |
490 | the @code{dnscrypt} protocol. It can be used as an endpoint for the | |
491 | @command{dnscrypt-proxy} client to securely tunnel DNS requests between | |
492 | the two.") | |
493 | (license (list license:isc | |
494 | ;; Bundled argparse is MIT. TODO: package and unbundle. | |
495 | license:expat | |
496 | ;; dns-protocol.h and rfc1035.{c,h} is gpl2 or gpl3 (either). | |
497 | license:gpl2 | |
498 | license:gpl3)))) | |
499 | ||
71f048c6 | 500 | (define-public libasr |
501 | (package | |
502 | (name "libasr") | |
4bf26153 | 503 | (version "1.0.4") |
71f048c6 | 504 | (source |
505 | (origin | |
506 | (method url-fetch) | |
507 | (uri (string-append "https://www.opensmtpd.org/archives/" | |
c34d0cd8 | 508 | "libasr-" version ".tar.gz")) |
71f048c6 | 509 | (sha256 |
4bf26153 | 510 | (base32 "1d6s8njqhvayx2gp47409sp1fn8m608ws26hr1srfp6i23nnpyqr")))) |
71f048c6 | 511 | (build-system gnu-build-system) |
0aa217e7 TGR |
512 | (arguments |
513 | `(#:phases | |
514 | (modify-phases %standard-phases | |
0aa217e7 TGR |
515 | (add-after 'install 'install-documentation |
516 | (lambda* (#:key outputs #:allow-other-keys) | |
517 | (let ((out (assoc-ref outputs "out"))) | |
518 | (install-file "src/asr_run.3" | |
519 | (string-append out "/share/man/man3")) | |
520 | #t)))))) | |
71f048c6 | 521 | (native-inputs |
522 | `(("autoconf" ,autoconf) | |
523 | ("automake" ,automake) | |
0aa217e7 TGR |
524 | ("libtool" ,libtool) |
525 | ("pkg-config" ,pkg-config))) | |
71f048c6 | 526 | (home-page "https://www.opensmtpd.org") |
527 | (synopsis "Asynchronous resolver library by the OpenBSD project") | |
528 | (description | |
529 | "libasr is a free, simple and portable asynchronous resolver library. | |
23f5dd91 | 530 | It runs DNS queries and performs hostname resolution in a fully |
71f048c6 | 531 | asynchronous fashion.") |
532 | (license (list license:isc | |
533 | license:bsd-2 ; last part of getrrsetbyname_async.c | |
534 | license:bsd-3 | |
535 | (license:non-copyleft "file://LICENSE") ; includes.h | |
536 | license:openssl)))) | |
6cf626e8 | 537 | |
7382ecd8 TGR |
538 | (define-public nsd |
539 | (package | |
540 | (name "nsd") | |
641fc7c1 | 541 | (version "4.3.5") |
7382ecd8 TGR |
542 | (source |
543 | (origin | |
544 | (method url-fetch) | |
545 | (uri (string-append "https://www.nlnetlabs.nl/downloads/nsd/nsd-" | |
546 | version ".tar.gz")) | |
547 | (sha256 | |
641fc7c1 | 548 | (base32 "0wj490rxqs86z8s4lxjwk06ry5pvkdqqyq1cf83z7mxk60zb98kx")))) |
7382ecd8 TGR |
549 | (build-system gnu-build-system) |
550 | (arguments | |
551 | `(#:configure-flags | |
552 | (list "--enable-pie" ; fully benefit from ASLR | |
553 | "--enable-ratelimit" | |
554 | "--enable-recvmmsg" | |
555 | "--enable-relro-now" ; protect GOT and .dtor areas | |
556 | "--disable-radix-tree" | |
557 | (string-append "--with-libevent=" | |
558 | (assoc-ref %build-inputs "libevent")) | |
559 | (string-append "--with-ssl=" | |
560 | (assoc-ref %build-inputs "openssl")) | |
561 | "--with-configdir=/etc" | |
562 | "--with-nsd_conf_file=/etc/nsd/nsd.conf" | |
563 | "--with-logfile=/var/log/nsd.log" | |
564 | "--with-pidfile=/var/db/nsd/nsd.pid" | |
565 | "--with-dbfile=/var/db/nsd/nsd.db" | |
566 | "--with-zonesdir=/etc/nsd" | |
567 | "--with-xfrdfile=/var/db/nsd/xfrd.state" | |
568 | "--with-zonelistfile=/var/db/nsd/zone.list") | |
569 | #:phases | |
570 | (modify-phases %standard-phases | |
571 | (add-before 'configure 'patch-installation-paths | |
572 | (lambda* (#:key outputs #:allow-other-keys) | |
573 | (let* ((out (assoc-ref outputs "out")) | |
574 | (doc (string-append out "/share/doc/" ,name "-" ,version))) | |
575 | ;; The ‘make install’ target tries to create the parent | |
576 | ;; directories of run-time things like ‘pidfile’ above, and | |
577 | ;; useless empty directories like 'configdir'. Remove such | |
578 | ;; '$(INSTALL)' lines and install the example configuration file | |
579 | ;; in an appropriate location. | |
580 | (substitute* "Makefile.in" | |
581 | ((".*INSTALL.*\\$\\((config|pid|xfr|db)dir" command) | |
582 | (string-append "#" command)) | |
583 | (("\\$\\(nsdconfigfile\\)\\.sample" file-name) | |
584 | (string-append doc "/examples/" file-name))) | |
585 | #t)))) | |
586 | #:tests? #f)) ; no tests | |
587 | (inputs | |
588 | `(("libevent" ,libevent) | |
589 | ("openssl" ,openssl))) | |
590 | (home-page "https://www.nlnetlabs.nl/projects/nsd/about/") | |
591 | (synopsis "Authoritative DNS name server") | |
592 | (description "@dfn{NSD}, short for Name Server Daemon, is an authoritative | |
593 | name server for the Domain Name System (@dfn{DNS}). It aims to be a fast and | |
594 | RFC-compliant nameserver. | |
595 | ||
596 | NSD uses zone information compiled via @command{zonec} into a binary database | |
597 | file (@file{nsd.db}). This allows fast startup of the name service daemon and | |
598 | allows syntax-structural errors in zone files to be flagged at compile time, | |
599 | before being made available to NSD service itself. However, most traditional | |
600 | BIND-style zone files can be directly imported into NSD without modification. | |
601 | ||
602 | The collection of programs and processes that make up NSD are designed so that | |
603 | the daemon itself runs as a non-privileged user and can be easily configured to | |
604 | run in a @code{chroot} jail, thus making any security flaws in NSD less likely | |
605 | to result in system-wide compromise.") | |
606 | (license (list license:bsd-3)))) | |
607 | ||
7e61a16c GG |
608 | (define-public unbound |
609 | (package | |
610 | (name "unbound") | |
402964ee | 611 | (version "1.13.1") |
7e61a16c GG |
612 | (source |
613 | (origin | |
614 | (method url-fetch) | |
615 | (uri (string-append "https://www.unbound.net/downloads/unbound-" | |
616 | version ".tar.gz")) | |
617 | (sha256 | |
402964ee | 618 | (base32 "1f2hky62f4xxnjr0lncrzz4gipg01rp12pf98mrqkgf5ixxxj145")))) |
7e61a16c GG |
619 | (build-system gnu-build-system) |
620 | (outputs '("out" "python")) | |
621 | (native-inputs | |
622 | `(("flex" ,flex) | |
623 | ("swig" ,swig))) | |
624 | (inputs | |
625 | `(("expat" ,expat) | |
626 | ("libevent" ,libevent) | |
627 | ("protobuf" ,protobuf) | |
7e61a16c GG |
628 | ("python-wrapper" ,python-wrapper) |
629 | ("openssl" ,openssl))) | |
630 | (arguments | |
631 | `(#:configure-flags | |
37040b85 | 632 | (list "--disable-static" ; save space and non-determinism in libunbound.a |
a431929d | 633 | (string-append |
7e61a16c GG |
634 | "--with-ssl=" (assoc-ref %build-inputs "openssl")) |
635 | (string-append | |
636 | "--with-libevent=" (assoc-ref %build-inputs "libevent")) | |
637 | (string-append | |
638 | "--with-libexpat=" (assoc-ref %build-inputs "expat")) | |
639 | "--with-pythonmodule" "--with-pyunbound") | |
640 | #:phases | |
641 | (modify-phases %standard-phases | |
642 | (add-after 'configure 'fix-python-site-package-path | |
643 | ;; Move python modules into their own output. | |
644 | (lambda* (#:key outputs #:allow-other-keys) | |
645 | (let ((pyout (assoc-ref outputs "python")) | |
646 | (ver ,(version-major+minor (package-version python)))) | |
647 | (substitute* "Makefile" | |
648 | (("^PYTHON_SITE_PKG=.*$") | |
649 | (string-append | |
650 | "PYTHON_SITE_PKG=" | |
651 | pyout "/lib/python-" ver "/site-packages\n")))) | |
652 | #t)) | |
653 | (add-before 'check 'fix-missing-nss-for-tests | |
654 | ;; Unfortunately, the package's unittests involve some checks | |
655 | ;; looking up protocols and services which are not provided | |
656 | ;; by the minimalistic build environment, in particular, | |
657 | ;; /etc/protocols and /etc/services are missing. | |
658 | ;; Also, after plain substitution of protocol and service names | |
659 | ;; in the test data, the tests still fail because the | |
660 | ;; corresponding Resource Records have been signed by | |
661 | ;; RRSIG records. | |
662 | ;; The following LD_PRELOAD library overwrites the glibc | |
663 | ;; functions ‘get{proto,serv}byname’, ‘getprotobynumber’ and | |
664 | ;; ‘getservbyport’ providing the few records required for the | |
665 | ;; unit tests to pass. | |
666 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
667 | (let* ((source (assoc-ref %build-inputs "source")) | |
668 | (gcc (assoc-ref %build-inputs "gcc"))) | |
669 | (call-with-output-file "/tmp/nss_preload.c" | |
670 | (lambda (port) | |
671 | (display "#include <stdlib.h> | |
672 | #include <string.h> | |
673 | #include <strings.h> | |
674 | ||
675 | #include <netdb.h> | |
676 | ||
677 | struct protoent *getprotobyname(const char *name) { | |
678 | struct protoent *p = malloc(sizeof(struct protoent)); | |
679 | p->p_aliases = malloc(sizeof(char*)); | |
680 | if (strcasecmp(name, \"tcp\") == 0) { | |
681 | p->p_name = \"tcp\"; | |
682 | p->p_proto = 6; | |
683 | p->p_aliases[0] = \"TCP\"; | |
684 | } else if (strcasecmp(name, \"udp\") == 0) { | |
685 | p->p_name = \"udp\"; | |
686 | p->p_proto = 17; | |
687 | p->p_aliases[0] = \"UDP\"; | |
688 | } else | |
689 | p = NULL; | |
690 | return p; | |
691 | } | |
692 | ||
693 | struct protoent *getprotobynumber(int proto) { | |
694 | struct protoent *p = malloc(sizeof(struct protoent)); | |
695 | p->p_aliases = malloc(sizeof(char*)); | |
696 | switch(proto) { | |
697 | case 6: | |
698 | p->p_name = \"tcp\"; | |
699 | p->p_proto = 6; | |
700 | p->p_aliases[0] = \"TCP\"; | |
701 | break; | |
702 | case 17: | |
703 | p->p_name = \"udp\"; | |
704 | p->p_proto = 17; | |
705 | p->p_aliases[0] = \"UDP\"; | |
706 | break; | |
707 | default: | |
708 | p = NULL; | |
709 | break; | |
710 | } | |
711 | return p; | |
712 | } | |
713 | ||
714 | struct servent *getservbyname(const char *name, const char *proto) { | |
715 | struct servent *s = malloc(sizeof(struct servent)); | |
716 | char* buf = malloc((strlen(proto)+1)*sizeof(char)); | |
717 | strcpy(buf, proto); | |
718 | s->s_aliases = malloc(sizeof(char*)); | |
719 | s->s_aliases[0] = NULL; | |
720 | if (strcasecmp(name, \"domain\") == 0) { | |
721 | s->s_name = \"domain\"; | |
722 | s->s_port = htons(53); | |
723 | s->s_proto = buf; | |
724 | } else | |
725 | s = NULL; | |
726 | return s; | |
727 | } | |
728 | ||
729 | struct servent *getservbyport(int port, const char *proto) { | |
730 | char buf[32]; | |
731 | struct servent *s = malloc(sizeof(struct servent)); | |
732 | strcpy(buf, proto); | |
733 | s->s_aliases = malloc(sizeof(char*)); | |
734 | s->s_aliases[0] = NULL; | |
735 | switch(port) { | |
736 | case 53: | |
737 | s->s_name = \"domain\"; | |
738 | s->s_port = 53; | |
739 | s->s_proto = \"udp\"; | |
740 | break; | |
741 | default: | |
742 | s = NULL; | |
743 | break; | |
744 | } | |
745 | return s; | |
746 | }" port))) | |
9a3a1565 TGR |
747 | (invoke (string-append gcc "/bin/gcc") |
748 | "-shared" "-fPIC" "-o" "/tmp/nss_preload.so" | |
749 | "/tmp/nss_preload.c") | |
7e61a16c GG |
750 | ;; The preload library only affects the unittests. |
751 | (substitute* "Makefile" | |
752 | (("./unittest") | |
753 | "LD_PRELOAD=/tmp/nss_preload.so ./unittest"))) | |
754 | #t))))) | |
755 | (home-page "https://www.unbound.net") | |
756 | (synopsis "Validating, recursive, and caching DNS resolver") | |
757 | (description | |
758 | "Unbound is a recursive-only caching DNS server which can perform DNSSEC | |
759 | validation of results. It implements only a minimal amount of authoritative | |
760 | service to prevent leakage to the root nameservers: forward lookups for | |
761 | localhost, reverse for @code{127.0.0.1} and @code{::1}, and NXDOMAIN for zones | |
762 | served by AS112. Stub and forward zones are supported.") | |
763 | (license license:bsd-4))) | |
764 | ||
6cf626e8 TGR |
765 | (define-public yadifa |
766 | (package | |
767 | (name "yadifa") | |
a5b24c35 | 768 | (version "2.4.2") |
6cf626e8 | 769 | (source |
a5b24c35 | 770 | (let ((build "9997")) |
8769d482 TGR |
771 | (origin |
772 | (method url-fetch) | |
773 | (uri | |
2682614b | 774 | (string-append "https://www.yadifa.eu/sites/default/files/releases/" |
fe99b7f7 | 775 | "yadifa-" version "-" build ".tar.gz")) |
8769d482 | 776 | (sha256 |
a5b24c35 | 777 | (base32 "0f1by2c7l39qpsar5nh98f3xypmn2ikv7wr557wmva6m0lwbl3q0"))))) |
6cf626e8 TGR |
778 | (build-system gnu-build-system) |
779 | (native-inputs | |
780 | `(("which" ,which))) | |
781 | (inputs | |
782 | `(("openssl" ,openssl))) | |
783 | (arguments | |
57b05e4a TGR |
784 | `(#:phases |
785 | (modify-phases %standard-phases | |
786 | (add-before 'configure 'omit-example-configurations | |
787 | (lambda _ | |
788 | (substitute* "Makefile.in" | |
789 | ((" (etc|var)") "")) | |
576a1699 TGR |
790 | #t)) |
791 | (add-after 'configure 'omit-spurious-references | |
792 | (lambda _ | |
793 | ;; The many Makefile.in grep this(!) to #define BUILD_OPTIONS. | |
794 | (substitute* "config.log" | |
795 | (("(=/gnu/store/)[^-]*" _ match) | |
796 | (string-append match "..."))) | |
57b05e4a TGR |
797 | #t))) |
798 | #:configure-flags | |
799 | (list "--sysconfdir=/etc" | |
800 | "--localstatedir=/var" | |
4733c76c TGR |
801 | "--enable-shared" "--disable-static" |
802 | "--disable-build-timestamp"))) ; build reproducibly | |
9f733172 | 803 | (home-page "https://www.yadifa.eu/") |
6cf626e8 | 804 | (synopsis "Authoritative DNS name server") |
366efcb2 TGR |
805 | (description "YADIFA is an authoritative name server for the @dfn{Domain |
806 | Name System} (DNS). It aims for both higher performance and a smaller memory | |
6cf626e8 | 807 | footprint than other implementations, while remaining fully RFC-compliant. |
366efcb2 TGR |
808 | YADIFA supports dynamic record updates and the @dfn{Domain Name System Security |
809 | Extensions} (DNSSEC).") | |
6cf626e8 | 810 | (license license:bsd-3))) |
f9cdf1c1 TGR |
811 | |
812 | (define-public knot | |
813 | (package | |
814 | (name "knot") | |
236d1215 | 815 | (version "3.0.4") |
e41ddf76 TGR |
816 | (source |
817 | (origin | |
ca4143c7 TGR |
818 | (method git-fetch) |
819 | (uri (git-reference | |
820 | (url "https://gitlab.nic.cz/knot/knot-dns") | |
821 | (commit (string-append "v" version)))) | |
822 | (file-name (git-file-name name version)) | |
e41ddf76 | 823 | (sha256 |
236d1215 | 824 | (base32 "1mbjl18zi8yxs7pa3395lqjwdw0agjbfpl32x42i6d9zb8fsblzs")) |
2b73e50c TGR |
825 | (modules '((guix build utils))) |
826 | (snippet | |
827 | '(begin | |
828 | ;; Remove Ragel-generated C files. We'll recreate them below. | |
829 | (for-each delete-file (find-files "." "\\.c\\.[gt].")) | |
ca4143c7 | 830 | (delete-file "src/libknot/yparser/ypbody.c") |
387ad8fd TGR |
831 | ;; Remove bundled library to ensure we always use the system's. |
832 | (delete-file-recursively "src/contrib/libbpf") | |
2b73e50c | 833 | #t)))) |
f9cdf1c1 | 834 | (build-system gnu-build-system) |
8154df53 | 835 | (outputs (list "out" "doc" "lib" "tools")) |
f9cdf1c1 | 836 | (arguments |
84da8f7f | 837 | `(#:configure-flags |
8154df53 TGR |
838 | (list (string-append "--docdir=" (assoc-ref %outputs "doc") |
839 | "/share/" ,name "-" ,version) | |
840 | (string-append "--infodir=" (assoc-ref %outputs "doc") | |
841 | "/share/info") | |
842 | (string-append "--libdir=" (assoc-ref %outputs "lib") "/lib") | |
843 | "--sysconfdir=/etc" | |
84da8f7f TGR |
844 | "--localstatedir=/var" |
845 | "--enable-dnstap" ; let tools read/write capture files | |
d3413b6f | 846 | "--enable-fastparser" ; disabled by default when .git/ exists |
387ad8fd | 847 | "--enable-xdp=auto" ; XXX [=yes] currently means =embedded |
2eb0585a | 848 | "--with-module-dnstap=yes") ; detailed query capturing & logging |
84da8f7f | 849 | #:phases |
f9cdf1c1 | 850 | (modify-phases %standard-phases |
387ad8fd TGR |
851 | (add-after 'unpack 'link-missing-libbpf-dependency |
852 | ;; Linking against -lbpf later would fail to find -lz: libbpf.pc has | |
853 | ;; zlib in its Requires.private (not Requires) field. Add it here. | |
854 | (lambda _ | |
855 | (substitute* "configure.ac" | |
856 | (("enable_xdp=yes" match) | |
857 | (string-append match "\nlibbpf_LIBS=\"$libbpf_LIBS -lz\""))) | |
8154df53 | 858 | #true)) |
ca4143c7 TGR |
859 | (add-before 'bootstrap 'update-parser |
860 | (lambda _ | |
2b73e50c | 861 | (with-directory-excursion "src" |
ca4143c7 | 862 | (invoke "sh" "../scripts/update-parser.sh")))) |
f9cdf1c1 TGR |
863 | (add-before 'configure 'disable-directory-pre-creation |
864 | (lambda _ | |
865 | ;; Don't install empty directories like ‘/etc’ outside the store. | |
1b00e3bd | 866 | ;; This is needed even when using ‘make config_dir=... install’. |
2d431b01 TGR |
867 | (substitute* "src/Makefile.in" (("\\$\\(INSTALL\\) -d") "true")) |
868 | #t)) | |
4756b9b1 SS |
869 | (add-after 'build 'build-info |
870 | (lambda _ | |
871 | (invoke "make" "info"))) | |
f9cdf1c1 TGR |
872 | (replace 'install |
873 | (lambda* (#:key outputs #:allow-other-keys) | |
874 | (let* ((out (assoc-ref outputs "out")) | |
ee1362fc | 875 | (doc (string-append out "/share/doc/" ,name "-" ,version)) |
f9cdf1c1 | 876 | (etc (string-append doc "/examples/etc"))) |
6b042495 TGR |
877 | (invoke "make" |
878 | (string-append "config_dir=" etc) | |
4756b9b1 SS |
879 | "install")))) |
880 | (add-after 'install 'install-info | |
881 | (lambda _ | |
8154df53 TGR |
882 | (invoke "make" "install-info"))) |
883 | (add-after 'install 'break-circular-:lib->:out-reference | |
884 | (lambda* (#:key outputs #:allow-other-keys) | |
885 | (let ((lib (assoc-ref outputs "lib"))) | |
886 | (for-each (lambda (file) | |
887 | (substitute* file | |
888 | (("(prefix=).*" _ assign) | |
889 | (string-append assign lib "\n")))) | |
890 | (find-files lib "\\.pc$")) | |
891 | #true))) | |
892 | (add-after 'install 'split-:tools | |
893 | (lambda* (#:key outputs #:allow-other-keys) | |
894 | (let* ((out (assoc-ref outputs "out")) | |
895 | (tools (assoc-ref outputs "tools"))) | |
896 | (mkdir-p (string-append tools "/share/man")) | |
897 | (rename-file (string-append out "/bin") | |
898 | (string-append tools "/bin")) | |
899 | (rename-file (string-append out "/share/man/man1") | |
900 | (string-append tools "/share/man/man1")) | |
901 | #true)))))) | |
84da8f7f | 902 | (native-inputs |
ca4143c7 TGR |
903 | `(("autoconf" ,autoconf) |
904 | ("automake" ,automake) | |
905 | ("libtool" ,libtool) | |
906 | ("pkg-config" ,pkg-config) | |
4756b9b1 SS |
907 | ("python-sphinx" ,python-sphinx) |
908 | ("ragel" ,ragel) | |
909 | ("texinfo" ,texinfo))) | |
84da8f7f TGR |
910 | (inputs |
911 | `(("fstrm" ,fstrm) | |
912 | ("gnutls" ,gnutls) | |
913 | ("jansson" ,jansson) | |
387ad8fd | 914 | ("libbpf" ,libbpf) |
84da8f7f TGR |
915 | ("libcap-ng" ,libcap-ng) |
916 | ("libedit" ,libedit) | |
387ad8fd | 917 | ("libelf" ,libelf) |
84da8f7f | 918 | ("libidn" ,libidn) |
dadfc9bc | 919 | ("libnghttp2" ,nghttp2 "lib") |
84da8f7f TGR |
920 | ("liburcu" ,liburcu) |
921 | ("lmdb" ,lmdb) | |
922 | ("ncurses" ,ncurses) | |
923 | ("protobuf-c" ,protobuf-c))) | |
f9cdf1c1 TGR |
924 | (home-page "https://www.knot-dns.cz/") |
925 | (synopsis "Authoritative DNS name server") | |
d1e4ad1b | 926 | (description "Knot DNS is an authoritative name server for the @dfn{Domain |
f9cdf1c1 TGR |
927 | Name System} (DNS), designed to meet the needs of root and @dfn{top-level |
928 | domain} (TLD) name servers. It is implemented as a threaded daemon and uses a | |
929 | number of programming techniques to improve speed. For example, the responder | |
930 | is completely lock-free, resulting in a very high response rate. Other features | |
931 | include automatic @dfn{DNS Security Extensions} (DNSSEC) signing, dynamic record | |
932 | synthesis, and on-the-fly re-configuration.") | |
0056f4cc TGR |
933 | (license |
934 | (list | |
935 | ;; src/contrib/{hat-trie,murmurhash3,openbsd}, | |
936 | ;; src/dnssec/contrib/vpool.[ch], and parts of libtap/ are ‘MIT’ (expat). | |
937 | license:expat | |
938 | license:lgpl2.0+ ; parts of scr/contrib/ucw | |
939 | license:public-domain ; src/contrib/fnv and possibly murmurhash3 | |
940 | license:gpl3+)))) ; everything else | |
0bc2d3e4 | 941 | |
a35e16c0 SB |
942 | (define-public knot-resolver |
943 | (package | |
944 | (name "knot-resolver") | |
673ab1cd | 945 | (version "5.3.0") |
a35e16c0 SB |
946 | (source (origin |
947 | (method url-fetch) | |
948 | (uri (string-append "https://secure.nic.cz/files/knot-resolver/" | |
949 | "knot-resolver-" version ".tar.xz")) | |
950 | (sha256 | |
951 | (base32 | |
673ab1cd | 952 | "0gp3ivv3zccz4b6s1wxbsvvlrc837lw2g089l3cbvzsg7z0b4v7v")))) |
a35e16c0 | 953 | (build-system meson-build-system) |
74e3c37a | 954 | (outputs '("out" "doc")) |
a35e16c0 | 955 | (arguments |
8a5c4384 | 956 | '(#:configure-flags '("-Ddoc=enabled") |
a35e16c0 SB |
957 | #:phases |
958 | (modify-phases %standard-phases | |
8a5c4384 SB |
959 | (add-before 'configure 'disable-default-ta |
960 | (lambda _ | |
961 | ;; Disable the default managed root TA, since we don't have | |
962 | ;; write access to the keyfile and its directory in store. | |
963 | (substitute* "daemon/lua/sandbox.lua.in" | |
964 | (("^trust_anchors\\.add_file.*") "")) | |
965 | #t)) | |
a35e16c0 SB |
966 | (add-after 'build 'build-doc |
967 | (lambda _ | |
968 | (invoke "ninja" "doc"))) | |
74e3c37a SS |
969 | (add-after 'install 'move-doc |
970 | (lambda* (#:key outputs #:allow-other-keys) | |
971 | ;; Move the manual and the example configuration files to the | |
972 | ;; "doc" output. | |
973 | (let ((out (assoc-ref outputs "out")) | |
974 | (doc (assoc-ref outputs "doc"))) | |
975 | (mkdir-p (string-append doc "/share/doc/knot-resolver")) | |
976 | (for-each | |
977 | (lambda (dir) | |
978 | (rename-file (string-append out "/share/" dir) | |
979 | (string-append doc "/share/" dir))) | |
980 | '("doc/knot-resolver/examples" | |
981 | "doc/knot-resolver/html" | |
982 | "info"))))) | |
a35e16c0 SB |
983 | (add-after 'install 'wrap-binary |
984 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
985 | (let* ((out (assoc-ref outputs "out")) | |
986 | (lua-* (map cdr (filter | |
987 | (lambda (input) | |
988 | (string-prefix? "lua-" (car input))) | |
989 | inputs))) | |
990 | (lua-path (lambda (p) | |
991 | (string-append p "/share/lua/5.1/?.lua"))) | |
992 | (lua-cpath (lambda (p) | |
993 | (string-append p "/lib/lua/5.1/?.so")))) | |
994 | (wrap-program (string-append out "/sbin/kresd") | |
995 | `("LUA_PATH" ";" prefix ,(map lua-path lua-*)) | |
996 | `("LUA_CPATH" ";" prefix ,(map lua-cpath lua-*))) | |
997 | #t)))))) | |
998 | (native-inputs | |
999 | `(("cmocka" ,cmocka) ; for unit tests | |
1000 | ("doxygen" ,doxygen) | |
1001 | ("protobuf-c" ,protobuf-c) | |
1002 | ("pkg-config" ,pkg-config) | |
1003 | ("python-breathe" ,python-breathe) | |
1004 | ("python-sphinx" ,python-sphinx) | |
4fcff590 SS |
1005 | ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme) |
1006 | ("texinfo" ,texinfo))) | |
a35e16c0 SB |
1007 | (inputs |
1008 | `(("fstrm" ,fstrm) | |
1009 | ("gnutls" ,gnutls) | |
a97ea4ff | 1010 | ("knot:lib" ,knot "lib") |
a35e16c0 SB |
1011 | ("libuv" ,libuv) |
1012 | ("lmdb" ,lmdb) | |
1013 | ("luajit" ,luajit) | |
d1a26bed | 1014 | ;; TODO: Add optional lua modules: basexx and psl. |
4fcff590 SS |
1015 | ("lua-bitop" ,lua5.1-bitop) |
1016 | ("nghttp2" ,nghttp2 "lib"))) | |
a35e16c0 SB |
1017 | (home-page "https://www.knot-resolver.cz/") |
1018 | (synopsis "Caching validating DNS resolver") | |
1019 | (description | |
1020 | "Knot Resolver is a caching full resolver implementation written in C and | |
1021 | LuaJIT, both a resolver library and a daemon.") | |
1022 | (license (list license:gpl3+ | |
1023 | ;; Some 'contrib' files are under MIT, CC0 and LGPL2. | |
1024 | license:expat | |
1025 | license:cc0 | |
1026 | license:lgpl2.0)))) | |
1027 | ||
0bc2d3e4 OP |
1028 | (define-public ddclient |
1029 | (package | |
1030 | (name "ddclient") | |
8bb9f997 TGR |
1031 | (version "3.9.1") |
1032 | (source | |
1033 | (origin | |
1034 | (method git-fetch) | |
1035 | (uri (git-reference | |
b0e7b699 | 1036 | (url "https://github.com/ddclient/ddclient") |
8bb9f997 TGR |
1037 | (commit (string-append "v" version)))) |
1038 | (file-name (git-file-name name version)) | |
1039 | (sha256 | |
1040 | (base32 "0hf377g4j9r9sac75xp17nk2h58mazswz4vkg4g2gl2yyhvzq91w")))) | |
0bc2d3e4 OP |
1041 | (build-system trivial-build-system) ; no Makefile.PL |
1042 | (native-inputs | |
1043 | `(("bash" ,bash) | |
8bb9f997 | 1044 | ("perl" ,perl))) |
0bc2d3e4 | 1045 | (inputs |
e12df2c6 TGR |
1046 | `(("inetutils" ,inetutils) ; logger |
1047 | ("net-tools" ,net-tools) | |
1048 | ("perl-data-validate-ip" ,perl-data-validate-ip) | |
1049 | ("perl-digest-sha1" ,perl-digest-sha1) | |
1050 | ("perl-io-socket-ssl" ,perl-io-socket-ssl))) | |
0bc2d3e4 OP |
1051 | (arguments |
1052 | `(#:modules ((guix build utils) | |
1053 | (ice-9 match) | |
1054 | (srfi srfi-26)) | |
1055 | #:builder | |
1056 | (begin | |
1057 | (use-modules (guix build utils) | |
1058 | (ice-9 match) | |
1059 | (srfi srfi-26)) | |
0bc2d3e4 OP |
1060 | (setenv "PATH" (string-append |
1061 | (assoc-ref %build-inputs "bash") "/bin" ":" | |
0bc2d3e4 | 1062 | (assoc-ref %build-inputs "perl") "/bin")) |
8bb9f997 TGR |
1063 | |
1064 | ;; Copy the (read-only) source into the (writable) build directory. | |
1065 | (copy-recursively (assoc-ref %build-inputs "source") ".") | |
1066 | ||
1067 | ;; Install. | |
1068 | (let* ((out (assoc-ref %outputs "out")) | |
1069 | (bin (string-append out "/bin"))) | |
1070 | (let ((file "ddclient")) | |
1071 | (substitute* file | |
1072 | (("/usr/bin/perl") (which "perl")) | |
1073 | ;; Strictly use ‘/etc/ddclient/ddclient.conf’. | |
1074 | (("\\$\\{program\\}\\.conf") "/etc/ddclient/ddclient.conf") | |
1075 | (("\\$etc\\$program.conf") "/etc/ddclient/ddclient.conf") | |
1076 | ;; Strictly use ‘/var/cache/ddclient/ddclient.cache’ | |
1077 | (("\\$cachedir\\$program\\.cache") | |
1078 | "/var/cache/ddclient/ddclient.cache")) | |
1079 | (install-file file bin) | |
1080 | (wrap-program (string-append bin "/" file) | |
1081 | `("PATH" ":" = | |
1082 | ("$PATH" | |
1083 | ,@(map (lambda (input) | |
1084 | (match input | |
1085 | ((name . store) | |
1086 | (string-append store "/bin")))) | |
1087 | %build-inputs))) | |
1088 | `("PERL5LIB" ":" = | |
1089 | ,(delete | |
1090 | "" | |
1091 | (map (match-lambda | |
1092 | (((? (cut string-prefix? "perl-" <>) name) . dir) | |
1093 | (string-append dir "/lib/perl5/site_perl")) | |
1094 | (_ "")) | |
1095 | %build-inputs))))) | |
1096 | (for-each (cut install-file <> (string-append out | |
1097 | "/share/ddclient")) | |
1098 | (find-files "." "sample.*$")))))) | |
9469ab53 | 1099 | (home-page "https://ddclient.net/") |
0bc2d3e4 OP |
1100 | (synopsis "Address updating utility for dynamic DNS services") |
1101 | (description "This package provides a client to update dynamic IP | |
1102 | addresses with several dynamic DNS service providers, such as | |
1103 | @uref{https://www.dyndns.com/account/login.html,DynDNS.com}. | |
1104 | ||
1105 | This makes it possible to use a fixed hostname (such as myhost.dyndns.org) to | |
1106 | access a machine with a dynamic IP address. | |
1107 | ||
1108 | The client supports both dynamic and (near) static services, as well as MX | |
1109 | record and alternative name management. It caches the address, and only | |
1110 | attempts the update when it has changed.") | |
1111 | (license license:gpl2+))) | |
91a4863d LC |
1112 | |
1113 | (define-public hnsd | |
1114 | ;; There have been no releases yet, hence this commit. | |
1115 | (let ((revision "0") | |
1116 | (commit "895d89c25d316d18df9d374fe78aae3902bc89fb")) | |
1117 | (package | |
1118 | (name "hnsd") | |
1119 | (version (git-version "0.0" revision commit)) | |
1120 | (source (origin | |
1121 | (method git-fetch) | |
1122 | (uri (git-reference | |
1123 | (url "https://github.com/handshake-org/hnsd") | |
1124 | (commit commit))) | |
1125 | (sha256 | |
1126 | (base32 | |
1127 | "0704y73sddn24jga9csw4gxyfb3pnrfnk0vdcph84n1h38490l16")) | |
1128 | (file-name (git-file-name name version)) | |
1129 | (modules '((guix build utils))) | |
1130 | (snippet | |
1131 | '(begin | |
1132 | ;; Delete the bundled copy of libuv. | |
1133 | (delete-file-recursively "uv") | |
1134 | (substitute* "configure.ac" | |
1135 | (("AC_CONFIG_SUBDIRS\\(\\[uv\\]\\)") "")) | |
1136 | (substitute* "Makefile.am" | |
1137 | (("SUBDIRS = uv") "\n") | |
1138 | (("\\$\\(top_builddir\\)/uv/libuv.la") "-luv") | |
1139 | ||
1140 | ;; Make sure the 'hnsd' binary is installed and | |
1141 | ;; dynamically-linked. | |
1142 | (("noinst_PROGRAMS") "bin_PROGRAMS") | |
1143 | (("hnsd_LDFLAGS = -static") "")) | |
1144 | ||
1145 | ;; This script tries to chdir to "uv" and doesn't do more | |
1146 | ;; than "autoreconf" so remove it. | |
1147 | (delete-file "autogen.sh") | |
1148 | #t)))) | |
1149 | (build-system gnu-build-system) | |
1150 | (arguments | |
1151 | '(#:configure-flags '("--disable-static"))) ;no need for libhsk.a | |
1152 | (native-inputs | |
1153 | `(("autoconf" ,autoconf) | |
1154 | ("automake" ,automake) | |
1155 | ("libtool" ,libtool))) | |
1156 | (inputs | |
1157 | `(("unbound" ,unbound) | |
1158 | ("libuv" ,libuv))) | |
1159 | (home-page "https://www.handshake.org/") | |
1160 | (synopsis "Resolver daemon for the Handshake naming protocol") | |
1161 | (description | |
1162 | "@command{hnsd} is a @dfn{host name resolver} for the Handshake Naming | |
1163 | System (HNS) peer-to-peer network.") | |
1164 | (license license:expat)))) | |
498911d3 MO |
1165 | |
1166 | (define-public libmicrodns | |
1167 | (package | |
1168 | (name "libmicrodns") | |
65fd3f0a | 1169 | (version "0.1.2") |
498911d3 | 1170 | (source (origin |
65fd3f0a LF |
1171 | (method url-fetch) |
1172 | (uri (string-append "https://github.com/videolabs/libmicrodns/" | |
1173 | "releases/download/" version "/microdns-" | |
1174 | version ".tar.xz")) | |
498911d3 MO |
1175 | (sha256 |
1176 | (base32 | |
65fd3f0a LF |
1177 | "0p4va18zxgmzcdwhlbg2mmjwswlbgqy4ay5vaxrw7cxmhsflnv36")))) |
1178 | (build-system meson-build-system) | |
498911d3 MO |
1179 | (home-page "https://github.com/videolabs/libmicrodns") |
1180 | (synopsis "Minimal mDNS resolver library") | |
1181 | (description "@code{libmicrodns} provides a minimal implementation of a | |
1182 | mDNS resolver as well as an announcer. mDNS (Multicast Domain Name System) is | |
1183 | a zero-config service that allows one to resolve host names to IP addresses in | |
1184 | local networks.") | |
1185 | (license license:lgpl2.1))) | |
41553c90 CM |
1186 | |
1187 | (define-public public-suffix-list | |
1188 | ;; Mozilla releases the official list here: | |
1189 | ;; | |
1190 | ;; https://publicsuffix.org/list/public_suffix_list.dat | |
1191 | ;; | |
1192 | ;; However, Mozilla syncs that file from the GitHub repository periodically, | |
1193 | ;; so its contents will change over time. If you update this commit, please | |
1194 | ;; make sure that the new commit refers to a list which is identical to the | |
1195 | ;; officially published list available from the URL above. | |
1196 | (let ((commit "9375b697baddb0827a5995c81bd3c75877a0b35d")) | |
1197 | (package | |
1198 | (name "public-suffix-list") | |
1199 | (version (git-version "0" "1" commit)) | |
1200 | (source (origin | |
1201 | (method git-fetch) | |
1202 | (uri (git-reference | |
b0e7b699 | 1203 | (url "https://github.com/publicsuffix/list") |
41553c90 CM |
1204 | (commit commit))) |
1205 | (file-name (git-file-name name version)) | |
1206 | (sha256 | |
1207 | (base32 | |
1208 | "1sm7pni01rnl4ldzi8z8nc4cbgq8nxda9gwc68v0s3ij7jd1jmik")))) | |
1209 | (build-system trivial-build-system) | |
1210 | (arguments | |
1211 | `(#:modules ((guix build utils)) | |
1212 | #:builder | |
1213 | (begin | |
1214 | (use-modules (guix build utils)) | |
1215 | (let* ((out (assoc-ref %outputs "out")) | |
1216 | ;; Install to /share because that is where "read-only | |
1217 | ;; architecture-independent data files" should go (see: | |
1218 | ;; (standards) Directory Variables). Include the version in | |
1219 | ;; the directory name so that if multiple versions are ever | |
1220 | ;; installed in the same profile, they will not conflict. | |
1221 | (destination (string-append | |
1222 | out "/share/public-suffix-list-" ,version)) | |
1223 | (source (assoc-ref %build-inputs "source"))) | |
1224 | (with-directory-excursion source | |
1225 | (install-file "public_suffix_list.dat" destination) | |
1226 | (install-file "LICENSE" destination)) | |
1227 | #t)))) | |
1228 | (home-page "https://publicsuffix.org/") | |
1229 | (synopsis "Database of current and historical DNS suffixes") | |
1230 | (description "This is the Public Suffix List maintained by Mozilla. A | |
1231 | \"public suffix\" is one under which Internet users can (or historically | |
1232 | could) directly register names in the Domain Name System (DNS). Some examples | |
1233 | of public suffixes are .com, .co.uk and pvt.k12.ma.us. This is a list of all | |
1234 | known public suffixes.") | |
1235 | (license license:mpl2.0)))) | |
0d36d0ba AI |
1236 | |
1237 | (define-public maradns | |
1238 | (package | |
1239 | (name "maradns") | |
0ac91500 | 1240 | (version "3.5.0007") |
0d36d0ba AI |
1241 | (source |
1242 | (origin | |
1243 | (method url-fetch) | |
1244 | (uri (string-append "https://maradns.samiam.org/download/" | |
1245 | (version-major+minor version) "/" | |
1246 | version "/maradns-" version ".tar.xz")) | |
1247 | (sha256 | |
0ac91500 | 1248 | (base32 "0bc19xylg4whww9qaj5i4izwxcrh0c0ja7l1pfcn2la02hlvg1a6")))) |
0d36d0ba AI |
1249 | (build-system gnu-build-system) |
1250 | (arguments | |
0ac91500 | 1251 | `(#:tests? #f ; need to be root to run tests |
0d36d0ba AI |
1252 | #:make-flags |
1253 | (list | |
de53ddb5 | 1254 | ,(string-append "CC=" (cc-for-target)) |
0d36d0ba AI |
1255 | (string-append "PREFIX=" %output) |
1256 | (string-append "RPM_BUILD_ROOT=" %output)) | |
1257 | #:phases | |
1258 | (modify-phases %standard-phases | |
1259 | (replace 'configure | |
018114ba AI |
1260 | (lambda* (#:key native-inputs target #:allow-other-keys) |
1261 | ;; make_32bit_tables generates a header file that is used during | |
1262 | ;; compilation. Hence, during cross compilation, it should be | |
1263 | ;; built for the host system. | |
1264 | (when target | |
1265 | (substitute* "rng/Makefile" | |
1266 | (("\\$\\(CC\\) -o make_32bit_tables") | |
1267 | (string-append (assoc-ref native-inputs "gcc") | |
1268 | "/bin/gcc -o make_32bit_tables")))) | |
0d36d0ba AI |
1269 | (invoke "./configure"))) |
1270 | (add-before 'install 'create-install-directories | |
1271 | (lambda* (#:key outputs #:allow-other-keys) | |
1272 | (let ((out (assoc-ref outputs "out"))) | |
1273 | (for-each (lambda (dir) | |
1274 | (mkdir-p (string-append out dir))) | |
1275 | (list "/bin" "/sbin" "/etc" | |
1276 | "/share/man/man1" | |
1277 | "/share/man/man5" | |
1278 | "/share/man/man8")) | |
1279 | #t)))))) | |
1280 | (home-page "https://maradns.samiam.org") | |
1281 | (synopsis "Small lightweight DNS server") | |
1282 | (description "MaraDNS is a small and lightweight DNS server. MaraDNS | |
1283 | consists of a UDP-only authoritative DNS server for hosting domains, and a UDP | |
1284 | and TCP-capable recursive DNS server for finding domains on the internet.") | |
1285 | (license license:bsd-2))) | |
6b6647f8 BW |
1286 | |
1287 | (define-public openresolv | |
1288 | (package | |
1289 | (name "openresolv") | |
b3c29d90 | 1290 | (version "3.12.0") |
6b6647f8 BW |
1291 | (source (origin |
1292 | (method url-fetch) | |
1293 | (uri (string-append "https://roy.marples.name/downloads/openresolv/" | |
1294 | "openresolv-" version ".tar.xz")) | |
1295 | (sha256 | |
1296 | (base32 | |
b3c29d90 | 1297 | "15qvp5va2yrqpz0ba54clvn8cbc66v4sl7k3bi9ji8jpx040bcs2")) |
6b6647f8 BW |
1298 | (patches |
1299 | (search-patches "openresolv-restartcmd-guix.patch")))) | |
1300 | (build-system gnu-build-system) | |
1301 | (arguments | |
1302 | `(#:tests? #f ; No test suite | |
1303 | #:configure-flags | |
1304 | (list (string-append "--sysconfdir=/etc")) | |
1305 | #:make-flags | |
1306 | (list (string-append "SYSCONFDIR=/" (assoc-ref %outputs "out") "/etc")))) | |
1307 | (home-page "https://roy.marples.name/projects/openresolv/") | |
1308 | (synopsis "Resolvconf POSIX compliant implementation, a middleman for resolv.conf") | |
1309 | (description "openresolv is an implementation of @command{resolvconf}, the | |
1310 | middleman between the network configuration services and | |
1311 | @file{/etc/resolv.conf}. @command{resolvconf} itself is just a script that | |
1312 | stores, removes and lists a full @file{resolv.conf} generated for the | |
1313 | interface. It then calls all the helper scripts it knows about so it can | |
1314 | configure the real @file{/etc/resolv.conf} and optionally any local | |
1315 | nameservers other than libc.") | |
1316 | (license license:bsd-2))) |