HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: unbound: Use INVOKE.
[jackhill/guix/guix.git] / gnu / packages / dns.scm
CommitLineData
dd2efd3d
TUBK		 1;;; GNU Guix --- Functional package management for GNU
2;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
d912db5b 3;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
b2844d8f 4;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
76dd04be 5;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
be86b7ad 6;;; Copyright © 2016 John Darrington <jmd@gnu.org>
4a78fd46 7;;; Copyright © 2016 Nils Gillmann <ng0@n0.is>
02482f5d 8;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
afe62a8b 9;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
ecc7aa89 10;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
7e61a16c 11;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
dd2efd3d
TUBK		 12;;;
13;;; This file is part of GNU Guix.
14;;;
15;;; GNU Guix is free software; you can redistribute it and/or modify it
16;;; under the terms of the GNU General Public License as published by
17;;; the Free Software Foundation; either version 3 of the License, or (at
18;;; your option) any later version.
19;;;
20;;; GNU Guix is distributed in the hope that it will be useful, but
21;;; WITHOUT ANY WARRANTY; without even the implied warranty of
22;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23;;; GNU General Public License for more details.
24;;;
25;;; You should have received a copy of the GNU General Public License
26;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
27
36fb36b5 28(define-module (gnu packages dns)
f9cdf1c1 29 #:use-module (gnu packages admin)
71f048c6 30 #:use-module (gnu packages autotools)
6cf626e8 31 #:use-module (gnu packages base)
1e744399 32 #:use-module (gnu packages databases)
afe62a8b 33 #:use-module (gnu packages crypto)
f9cdf1c1 34 #:use-module (gnu packages datastructures)
7e61a16c 35 #:use-module (gnu packages flex)
cb6d322a 36 #:use-module (gnu packages glib)
71f048c6 37 #:use-module (gnu packages groff)
f9cdf1c1
TGR		 38 #:use-module (gnu packages groff)
39 #:use-module (gnu packages libedit)
afe62a8b 40 #:use-module (gnu packages libevent)
f9cdf1c1 41 #:use-module (gnu packages libidn)
1e744399 42 #:use-module (gnu packages linux)
f9cdf1c1
TGR		 43 #:use-module (gnu packages ncurses)
44 #:use-module (gnu packages nettle)
1e744399 45 #:use-module (gnu packages perl)
71f048c6 46 #:use-module (gnu packages pkg-config)
7e61a16c
GG		 47 #:use-module (gnu packages protobuf)
48 #:use-module (gnu packages python)
49 #:use-module (gnu packages swig)
a7fd7b68 50 #:use-module (gnu packages tls)
f9cdf1c1 51 #:use-module (gnu packages web)
1e744399 52 #:use-module (gnu packages xml)
12e530ba 53 #:use-module (gnu packages)
1e744399 54 #:use-module ((guix licenses) #:prefix license:)
dd2efd3d
TUBK		 55 #:use-module (guix packages)
56 #:use-module (guix download)
7e61a16c 57 #:use-module (guix utils)
dd2efd3d
TUBK		 58 #:use-module (guix build-system gnu))
59
60(define-public dnsmasq
61 (package
62 (name "dnsmasq")
4e6c51d4 63 (version "2.79")
dd2efd3d
TUBK		 64 (source (origin
65 (method url-fetch)
66 (uri (string-append
67 "http://www.thekelleys.org.uk/dnsmasq/dnsmasq-"
68 version ".tar.xz"))
69 (sha256
70 (base32
4e6c51d4 71 "07w6cw706yyahwvbvslhkrbjf2ynv567cgy9pal8bz8lrbsp9bbq"))))
dd2efd3d 72 (build-system gnu-build-system)
cb6d322a
CB		 73 (native-inputs
74 `(("pkg-config" ,pkg-config)))
75 (inputs
76 `(("dbus" ,dbus)))
dd2efd3d
TUBK		 77 (arguments
78 `(#:phases
dc1d3cde 79 (modify-phases %standard-phases (delete 'configure))
dd2efd3d 80 #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
cb6d322a
CB		 81 "CC=gcc"
82 "COPTS=\"-DHAVE_DBUS\"")
4e6c51d4 83 #:tests? #f)) ; no ‘check’ target
dd2efd3d
TUBK		 84 (home-page "http://www.thekelleys.org.uk/dnsmasq/doc.html")
85 (synopsis "Small caching DNS proxy and DHCP/TFTP server")
86 (description
c657716e
TGR		 87 "Dnsmasq is a light-weight DNS forwarder and DHCP server. It is designed
88to provide DNS and, optionally, DHCP to a small network. It can serve the
dd2efd3d
TUBK		 89names of local machines which are not in the global DNS. The DHCP server
90integrates with the DNS server and allows machines with DHCP-allocated
c657716e 91addresses to appear in the DNS with names configured either on each host or in
dd2efd3d
TUBK		 92a central configuration file. Dnsmasq supports static and dynamic DHCP leases
93and BOOTP/TFTP for network booting of diskless machines.")
94 ;; Source files only say GPL2 and GPL3 are allowed.
1e744399
 95 (license (list license:gpl2 license:gpl3))))
96
a0683006
LC		 97;; 'bind' is the name of a built-in Guile procedure, which is why we choose a
98;; different name here.
99(define-public isc-bind
1e744399 100 (package
be86b7ad 101 (name "bind")
27135cf4 102 (version "9.12.1-P2")
1e744399
 103 (source (origin
104 (method url-fetch)
be86b7ad
JD		 105 (uri (string-append
106 "ftp://ftp.isc.org/isc/bind9/" version "/" name "-"
107 version ".tar.gz"))
12e530ba 108 (patches (search-patches "bind-CVE-2018-5738.patch"))
1e744399
 109 (sha256
110 (base32
27135cf4 111 "0a9dvyg1dk7vpqn9gz7p5jas3bz7z22bjd66b98g1qk16i2w7rqd"))))
1e744399 112 (build-system gnu-build-system)
be86b7ad 113 (outputs `("out" "utils"))
1e744399
 114 (inputs
115 ;; it would be nice to add GeoIP and gssapi once there is package
116 `(("libcap" ,libcap)
117 ("libxml2" ,libxml2)
1e744399 118 ("openssl" ,openssl)
1e744399 119 ("p11-kit" ,p11-kit)))
be86b7ad
JD		 120 (native-inputs `(("perl" ,perl)
121 ("net-tools" ,net-tools)))
1e744399 122 (arguments
be86b7ad 123 `(#:configure-flags
1e744399
 124 (list (string-append "--with-openssl="
125 (assoc-ref %build-inputs "openssl"))
1e744399
 126 (string-append "--with-pkcs11="
127 (assoc-ref %build-inputs "p11-kit")))
128 #:phases
be86b7ad
JD		 129 (modify-phases %standard-phases
130 (add-after 'strip 'move-to-utils
131 (lambda _
132 (for-each
133 (lambda (file)
134 (let ((target (string-append (assoc-ref %outputs "utils") file))
135 (src (string-append (assoc-ref %outputs "out") file)))
136 (mkdir-p (dirname target))
137 (link src target)
138 (delete-file src)))
139 '("/bin/dig" "/bin/delv" "/bin/nslookup" "/bin/host" "/bin/nsupdate"
140 "/share/man/man1/dig.1"
141 "/share/man/man1/host.1"
142 "/share/man/man1/nslookup.1"
143 "/share/man/man1/nsupdate.1"))))
144 ;; When and if guix provides user namespaces for the build process,
145 ;; then the following can be uncommented and the subsequent "force-test"
146 ;; will not be necessary.
147 ;;
148 ;; (add-before 'check 'set-up-loopback
149 ;; (lambda _
150 ;; (system "bin/tests/system/ifconfig.sh up")))
151 (replace 'check
152 (lambda _
b9d02005
TGR		 153 (invoke "make" "force-test")
154 #t)))))
be86b7ad 155 (synopsis "An implementation of the Domain Name System")
366efcb2
TGR		 156 (description "BIND is an implementation of the @dfn{Domain Name System}
157(DNS) protocols for the Internet. It is a reference implementation of those
be86b7ad
JD		 158protocols, but it is also production-grade software, suitable for use in
159high-volume and high-reliability applications. The name BIND stands for
160\"Berkeley Internet Name Domain\", because the software originated in the early
1611980s at the University of California at Berkeley.")
162 (home-page "https://www.isc.org/downloads/bind")
ecc7aa89 163 (license (list license:mpl2.0))))
be86b7ad 164
d24727c0
MB		 165(define-public dnscrypt-proxy
166 (package
167 (name "dnscrypt-proxy")
83a89531 168 (version "1.9.5")
d24727c0
MB		 169 (source (origin
170 (method url-fetch)
171 (uri (string-append
172 "https://download.dnscrypt.org/dnscrypt-proxy/"
173 "dnscrypt-proxy-" version ".tar.bz2"))
174 (sha256
175 (base32
83a89531 176 "1dhvklr4dg2vlw108n11xbamacaryyg3dbrg629b76lp7685p7z8"))
d24727c0
MB		 177 (modules '((guix build utils)))
178 (snippet
179 ;; Delete bundled libltdl. XXX: This package also bundles
180 ;; a modified libevent that cannot currently be removed.
6cbee49d
MW		 181 '(begin
182 (delete-file-recursively "libltdl")
183 #t))))
d24727c0
MB		 184 (build-system gnu-build-system)
185 (arguments
186 `(#:phases
187 (modify-phases %standard-phases
d10092b8 188 (add-after 'unpack 'autoreconf
d24727c0
MB		 189 (lambda _
190 ;; Re-generate build files due to unbundling ltdl.
191 ;; TODO: Prevent generating new libltdl and building it.
192 ;; The system version is still favored and referenced.
997a4e18 193 (invoke "autoreconf" "-vif"))))))
d24727c0
MB		 194 (native-inputs
195 `(("pkg-config" ,pkg-config)
196 ("automake" ,automake)
197 ("autoconf" ,autoconf)
198 ("libtool" ,libtool)))
199 (inputs
200 `(("libltdl" ,libltdl)
201 ("libsodium" ,libsodium)))
202 (home-page "https://www.dnscrypt.org/")
203 (synopsis "Securely send DNS requests to a remote server")
204 (description
205 "@command{dnscrypt-proxy} is a tool for securing communications
206between a client and a DNS resolver. It verifies that responses you get
207from a DNS provider was actually sent by that provider, and haven't been
208tampered with. For optimal performance it is recommended to use this as
209a forwarder for a caching DNS resolver such as @command{dnsmasq}, but it
210can also be used as a normal DNS \"server\". A list of public dnscrypt
211servers is included, and an up-to-date version is available at
212@url{https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv}.")
213 (license (list license:isc
214 ;; Libevent and src/ext/queue.h is 3-clause BSD.
215 license:bsd-3))))
216
afe62a8b
MB		 217(define-public dnscrypt-wrapper
218 (package
219 (name "dnscrypt-wrapper")
220 (version "0.2.2")
221 (source (origin
222 (method url-fetch)
223 (uri (string-append
224 "https://github.com/cofyc/dnscrypt-wrapper/releases"
225 "/download/v" version "/" name "-v" version ".tar.bz2"))
226 (sha256
227 (base32
228 "1vhg4g0r687f51wcdn7z9w1hxapazx6vyh5rsr8wa48sljzd583g"))))
229 (build-system gnu-build-system)
230 (arguments
231 `(#:make-flags '("CC=gcc")
232 ;; TODO: Tests require ruby-cucumber and ruby-aruba.
233 #:tests? #f
234 #:phases
235 (modify-phases %standard-phases
d10092b8 236 (add-after 'unpack 'create-configure
afe62a8b 237 (lambda _
b43cd106 238 (invoke "make" "configure"))))))
afe62a8b
MB		 239 (native-inputs
240 `(("autoconf" ,autoconf)))
241 (inputs
242 `(("libevent" ,libevent)
243 ("libsodium" ,libsodium)))
244 (home-page "https://github.com/Cofyc/dnscrypt-wrapper")
245 (synopsis "Server-side dnscrypt proxy")
246 (description
247 "@command{dnscrypt-wrapper} is a tool to expose a name server over
248the @code{dnscrypt} protocol. It can be used as an endpoint for the
249@command{dnscrypt-proxy} client to securely tunnel DNS requests between
250the two.")
251 (license (list license:isc
252 ;; Bundled argparse is MIT. TODO: package and unbundle.
253 license:expat
254 ;; dns-protocol.h and rfc1035.{c,h} is gpl2 or gpl3 (either).
255 license:gpl2
256 license:gpl3))))
257
71f048c6 258(define-public libasr
259 (package
260 (name "libasr")
261 (version "201602131606")
262 (source
263 (origin
264 (method url-fetch)
265 (uri (string-append "https://www.opensmtpd.org/archives/"
266 name "-" version ".tar.gz"))
267 (sha256
268 (base32
269 "18kdmbjsxrfai16d66qslp48b1zf7gr8him2jj5dcqgbsl44ls75"))))
270 (build-system gnu-build-system)
271 (native-inputs
272 `(("autoconf" ,autoconf)
273 ("automake" ,automake)
274 ("pkg-config" ,pkg-config)
275 ("groff" ,groff)))
276 (home-page "https://www.opensmtpd.org")
277 (synopsis "Asynchronous resolver library by the OpenBSD project")
278 (description
279 "libasr is a free, simple and portable asynchronous resolver library.
280It allows to run DNS queries and perform hostname resolutions in a fully
281asynchronous fashion.")
282 (license (list license:isc
283 license:bsd-2 ; last part of getrrsetbyname_async.c
284 license:bsd-3
285 (license:non-copyleft "file://LICENSE") ; includes.h
286 license:openssl))))
6cf626e8 287
7e61a16c
GG		 288(define-public unbound
289 (package
290 (name "unbound")
28f6f229 291 (version "1.6.8")
7e61a16c
GG		 292 (source
293 (origin
294 (method url-fetch)
295 (uri (string-append "https://www.unbound.net/downloads/unbound-"
296 version ".tar.gz"))
297 (sha256
298 (base32
28f6f229 299 "0jfxhh4gc5amhndikskz1s7da27ycn442j3l20bm992n7zijid73"))))
7e61a16c
GG		 300 (build-system gnu-build-system)
301 (outputs '("out" "python"))
302 (native-inputs
303 `(("flex" ,flex)
304 ("swig" ,swig)))
305 (inputs
306 `(("expat" ,expat)
307 ("libevent" ,libevent)
308 ("protobuf" ,protobuf)
309 ("python" ,python-3)
310 ("python-wrapper" ,python-wrapper)
311 ("openssl" ,openssl)))
312 (arguments
313 `(#:configure-flags
a431929d
LC		 314 (list "--disable-static" ;save space and non-determinism in libunbound.a
315 (string-append
7e61a16c
GG		 316 "--with-ssl=" (assoc-ref %build-inputs "openssl"))
317 (string-append
318 "--with-libevent=" (assoc-ref %build-inputs "libevent"))
319 (string-append
320 "--with-libexpat=" (assoc-ref %build-inputs "expat"))
321 "--with-pythonmodule" "--with-pyunbound")
322 #:phases
323 (modify-phases %standard-phases
324 (add-after 'configure 'fix-python-site-package-path
325 ;; Move python modules into their own output.
326 (lambda* (#:key outputs #:allow-other-keys)
327 (let ((pyout (assoc-ref outputs "python"))
328 (ver ,(version-major+minor (package-version python))))
329 (substitute* "Makefile"
330 (("^PYTHON_SITE_PKG=.*$")
331 (string-append
332 "PYTHON_SITE_PKG="
333 pyout "/lib/python-" ver "/site-packages\n"))))
334 #t))
335 (add-before 'check 'fix-missing-nss-for-tests
336 ;; Unfortunately, the package's unittests involve some checks
337 ;; looking up protocols and services which are not provided
338 ;; by the minimalistic build environment, in particular,
339 ;; /etc/protocols and /etc/services are missing.
340 ;; Also, after plain substitution of protocol and service names
341 ;; in the test data, the tests still fail because the
342 ;; corresponding Resource Records have been signed by
343 ;; RRSIG records.
344 ;; The following LD_PRELOAD library overwrites the glibc
345 ;; functions ‘get{proto,serv}byname’, ‘getprotobynumber’ and
346 ;; ‘getservbyport’ providing the few records required for the
347 ;; unit tests to pass.
348 (lambda* (#:key inputs outputs #:allow-other-keys)
349 (let* ((source (assoc-ref %build-inputs "source"))
350 (gcc (assoc-ref %build-inputs "gcc")))
351 (call-with-output-file "/tmp/nss_preload.c"
352 (lambda (port)
353 (display "#include <stdlib.h>
354#include <string.h>
355#include <strings.h>
356
357#include <netdb.h>
358
359struct protoent *getprotobyname(const char *name) {
360 struct protoent *p = malloc(sizeof(struct protoent));
361 p->p_aliases = malloc(sizeof(char*));
362 if (strcasecmp(name, \"tcp\") == 0) {
363 p->p_name = \"tcp\";
364 p->p_proto = 6;
365 p->p_aliases[0] = \"TCP\";
366 } else if (strcasecmp(name, \"udp\") == 0) {
367 p->p_name = \"udp\";
368 p->p_proto = 17;
369 p->p_aliases[0] = \"UDP\";
370 } else
371 p = NULL;
372 return p;
373}
374
375struct protoent *getprotobynumber(int proto) {
376 struct protoent *p = malloc(sizeof(struct protoent));
377 p->p_aliases = malloc(sizeof(char*));
378 switch(proto) {
379 case 6:
380 p->p_name = \"tcp\";
381 p->p_proto = 6;
382 p->p_aliases[0] = \"TCP\";
383 break;
384 case 17:
385 p->p_name = \"udp\";
386 p->p_proto = 17;
387 p->p_aliases[0] = \"UDP\";
388 break;
389 default:
390 p = NULL;
391 break;
392 }
393 return p;
394}
395
396struct servent *getservbyname(const char *name, const char *proto) {
397 struct servent *s = malloc(sizeof(struct servent));
398 char* buf = malloc((strlen(proto)+1)*sizeof(char));
399 strcpy(buf, proto);
400 s->s_aliases = malloc(sizeof(char*));
401 s->s_aliases[0] = NULL;
402 if (strcasecmp(name, \"domain\") == 0) {
403 s->s_name = \"domain\";
404 s->s_port = htons(53);
405 s->s_proto = buf;
406 } else
407 s = NULL;
408 return s;
409}
410
411struct servent *getservbyport(int port, const char *proto) {
412 char buf[32];
413 struct servent *s = malloc(sizeof(struct servent));
414 strcpy(buf, proto);
415 s->s_aliases = malloc(sizeof(char*));
416 s->s_aliases[0] = NULL;
417 switch(port) {
418 case 53:
419 s->s_name = \"domain\";
420 s->s_port = 53;
421 s->s_proto = \"udp\";
422 break;
423 default:
424 s = NULL;
425 break;
426 }
427 return s;
428}" port)))
9a3a1565
TGR		 429 (invoke (string-append gcc "/bin/gcc")
430 "-shared" "-fPIC" "-o" "/tmp/nss_preload.so"
431 "/tmp/nss_preload.c")
7e61a16c
GG		 432 ;; The preload library only affects the unittests.
433 (substitute* "Makefile"
434 (("./unittest")
435 "LD_PRELOAD=/tmp/nss_preload.so ./unittest")))
436 #t)))))
437 (home-page "https://www.unbound.net")
438 (synopsis "Validating, recursive, and caching DNS resolver")
439 (description
440 "Unbound is a recursive-only caching DNS server which can perform DNSSEC
441validation of results. It implements only a minimal amount of authoritative
442service to prevent leakage to the root nameservers: forward lookups for
443localhost, reverse for @code{127.0.0.1} and @code{::1}, and NXDOMAIN for zones
444served by AS112. Stub and forward zones are supported.")
445 (license license:bsd-4)))
446
6cf626e8
TGR		 447(define-public yadifa
448 (package
449 (name "yadifa")
f2ba6fc8 450 (version "2.3.8")
6cf626e8 451 (source
f2ba6fc8 452 (let ((build "7713"))
8769d482
TGR		 453 (origin
454 (method url-fetch)
455 (uri
456 (string-append "http://cdn.yadifa.eu/sites/default/files/releases/"
e0d87f8e 457 name "-" version "-" build ".tar.gz"))
8769d482 458 (sha256
f2ba6fc8 459 (base32 "15xhzg4crjcxascwpz6y8qpqcgypzv2p9bspdskp4nx1x1y4316c")))))
6cf626e8
TGR		 460 (build-system gnu-build-system)
461 (native-inputs
462 `(("which" ,which)))
463 (inputs
464 `(("openssl" ,openssl)))
465 (arguments
57b05e4a
TGR		 466 `(#:phases
467 (modify-phases %standard-phases
468 (add-before 'configure 'omit-example-configurations
469 (lambda _
470 (substitute* "Makefile.in"
471 ((" (etc|var)") ""))
472 #t)))
473 #:configure-flags
474 (list "--sysconfdir=/etc"
475 "--localstatedir=/var"
476 "--disable-build-timestamp" ; build reproducibly
477 "--enable-shared"
478 "--disable-static"
479 "--enable-acl"
480 "--enable-caching"
481 "--enable-ctrl" ; enable remote control
482 "--enable-nsec"
483 "--enable-nsec3"
484 "--enable-tsig")))
6cf626e8
TGR		 485 (home-page "http://www.yadifa.eu/")
486 (synopsis "Authoritative DNS name server")
366efcb2
TGR		 487 (description "YADIFA is an authoritative name server for the @dfn{Domain
488Name System} (DNS). It aims for both higher performance and a smaller memory
6cf626e8 489footprint than other implementations, while remaining fully RFC-compliant.
366efcb2
TGR		 490YADIFA supports dynamic record updates and the @dfn{Domain Name System Security
491Extensions} (DNSSEC).")
6cf626e8 492 (license license:bsd-3)))
f9cdf1c1
TGR		 493
494(define-public knot
495 (package
496 (name "knot")
e9ae8466 497 (version "2.6.7")
f9cdf1c1
TGR		 498 (source (origin
499 (method url-fetch)
500 (uri (string-append "https://secure.nic.cz/files/knot-dns/"
501 name "-" version ".tar.xz"))
502 (sha256
503 (base32
e9ae8466 504 "0hr2m664ckjicv3pq2lk16m61pscknywxv2ydnrzfqf10m5h0ahw"))
f9cdf1c1
TGR		 505 (modules '((guix build utils)))
506 (snippet
507 '(begin
023ef013 508 ;; Delete bundled libraries.
f9cdf1c1 509 (with-directory-excursion "src/contrib"
023ef013 510 (delete-file-recursively "lmdb"))
2d431b01 511 #t))))
f9cdf1c1
TGR		 512 (build-system gnu-build-system)
513 (native-inputs
514 `(("pkg-config" ,pkg-config)))
515 (inputs
023ef013
TGR		 516 `(("fstrm" ,fstrm)
517 ("gnutls" ,gnutls)
f9cdf1c1
TGR		 518 ("jansson" ,jansson)
519 ("libcap-ng" ,libcap-ng)
520 ("libedit" ,libedit)
521 ("libidn" ,libidn)
522 ("liburcu" ,liburcu)
523 ("lmdb" ,lmdb)
524 ("ncurses" ,ncurses)
c7d0444a 525 ("nettle" ,nettle)
023ef013 526 ("protobuf-c" ,protobuf-c)
c7d0444a
TGR		 527
528 ;; For ‘pykeymgr’, needed to migrate keys from versions <= 2.4.
529 ("python" ,python-2)
530 ("python-lmdb" ,python2-lmdb)))
f9cdf1c1
TGR		 531 (arguments
532 `(#:phases
533 (modify-phases %standard-phases
534 (add-before 'configure 'disable-directory-pre-creation
535 (lambda _
536 ;; Don't install empty directories like ‘/etc’ outside the store.
2d431b01
TGR		 537 (substitute* "src/Makefile.in" (("\\$\\(INSTALL\\) -d") "true"))
538 #t))
f9cdf1c1
TGR		 539 (replace 'install
540 (lambda* (#:key outputs #:allow-other-keys)
541 (let* ((out (assoc-ref outputs "out"))
542 (doc (string-append out "/share/doc/knot"))
543 (etc (string-append doc "/examples/etc")))
544 (zero?
545 (system* "make"
546 (string-append "config_dir=" etc)
c7d0444a
TGR		 547 "install")))))
548 (add-after 'install 'wrap-python-scripts
549 (lambda* (#:key outputs #:allow-other-keys)
550 (let* ((out (assoc-ref outputs "out"))
551 (path (getenv "PYTHONPATH")))
552 (wrap-program (string-append out "/sbin/pykeymgr")
553 `("PYTHONPATH" ":" prefix (,path))))
554 #t)))
f9cdf1c1
TGR		 555 #:configure-flags
556 (list "--sysconfdir=/etc"
557 "--localstatedir=/var"
c7d0444a 558 "--with-module-rosedb=yes" ; serve static records from a database
023ef013 559 "--with-module-dnstap=yes" ; allow detailed query logging
f9cdf1c1
TGR		 560 (string-append "--with-bash-completions="
561 (assoc-ref %outputs "out")
562 "/etc/bash_completion.d"))))
563 (home-page "https://www.knot-dns.cz/")
564 (synopsis "Authoritative DNS name server")
d1e4ad1b 565 (description "Knot DNS is an authoritative name server for the @dfn{Domain
f9cdf1c1
TGR		 566Name System} (DNS), designed to meet the needs of root and @dfn{top-level
567domain} (TLD) name servers. It is implemented as a threaded daemon and uses a
568number of programming techniques to improve speed. For example, the responder
569is completely lock-free, resulting in a very high response rate. Other features
570include automatic @dfn{DNS Security Extensions} (DNSSEC) signing, dynamic record
571synthesis, and on-the-fly re-configuration.")
0056f4cc
TGR		 572 (license
573 (list
574 ;; src/contrib/{hat-trie,murmurhash3,openbsd},
575 ;; src/dnssec/contrib/vpool.[ch], and parts of libtap/ are ‘MIT’ (expat).
576 license:expat
577 license:lgpl2.0+ ; parts of scr/contrib/ucw
578 license:public-domain ; src/contrib/fnv and possibly murmurhash3
579 license:gpl3+)))) ; everything else
jackhill's copy of GNU Guix: https://guix.gnu.org/