Commit | Line | Data |
---|---|---|
dd2efd3d TUBK |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com> | |
d912db5b | 3 | ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org> |
b2844d8f | 4 | ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net> |
76dd04be | 5 | ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> |
be86b7ad | 6 | ;;; Copyright © 2016 John Darrington <jmd@gnu.org> |
47956fa0 | 7 | ;;; Copyright © 2016 ng0 <ng0@n0.is> |
fe99b7f7 | 8 | ;;; Copyright © 2016, 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr> |
afe62a8b | 9 | ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> |
ecc7aa89 | 10 | ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com> |
7e61a16c | 11 | ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net> |
0bc2d3e4 | 12 | ;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com> |
498911d3 | 13 | ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com> |
41553c90 | 14 | ;;; Copyright © 2019 Chris Marusich <cmmarusich@gmail.com> |
dd2efd3d TUBK |
15 | ;;; |
16 | ;;; This file is part of GNU Guix. | |
17 | ;;; | |
18 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
19 | ;;; under the terms of the GNU General Public License as published by | |
20 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
21 | ;;; your option) any later version. | |
22 | ;;; | |
23 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
24 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
25 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
26 | ;;; GNU General Public License for more details. | |
27 | ;;; | |
28 | ;;; You should have received a copy of the GNU General Public License | |
29 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
30 | ||
36fb36b5 | 31 | (define-module (gnu packages dns) |
f9cdf1c1 | 32 | #:use-module (gnu packages admin) |
71f048c6 | 33 | #:use-module (gnu packages autotools) |
6cf626e8 | 34 | #:use-module (gnu packages base) |
0bc2d3e4 | 35 | #:use-module (gnu packages bash) |
1e744399 | 36 | #:use-module (gnu packages databases) |
0bc2d3e4 | 37 | #:use-module (gnu packages compression) |
afe62a8b | 38 | #:use-module (gnu packages crypto) |
f9cdf1c1 | 39 | #:use-module (gnu packages datastructures) |
7e61a16c | 40 | #:use-module (gnu packages flex) |
cb6d322a | 41 | #:use-module (gnu packages glib) |
71f048c6 | 42 | #:use-module (gnu packages groff) |
f9cdf1c1 TGR |
43 | #:use-module (gnu packages groff) |
44 | #:use-module (gnu packages libedit) | |
afe62a8b | 45 | #:use-module (gnu packages libevent) |
f9cdf1c1 | 46 | #:use-module (gnu packages libidn) |
1e744399 | 47 | #:use-module (gnu packages linux) |
f9cdf1c1 TGR |
48 | #:use-module (gnu packages ncurses) |
49 | #:use-module (gnu packages nettle) | |
e12df2c6 | 50 | #:use-module (gnu packages networking) |
1e744399 | 51 | #:use-module (gnu packages perl) |
71f048c6 | 52 | #:use-module (gnu packages pkg-config) |
7e61a16c GG |
53 | #:use-module (gnu packages protobuf) |
54 | #:use-module (gnu packages python) | |
0406434b | 55 | #:use-module (gnu packages python-xyz) |
7e61a16c | 56 | #:use-module (gnu packages swig) |
a7fd7b68 | 57 | #:use-module (gnu packages tls) |
f9cdf1c1 | 58 | #:use-module (gnu packages web) |
1e744399 | 59 | #:use-module (gnu packages xml) |
12e530ba | 60 | #:use-module (gnu packages) |
1e744399 | 61 | #:use-module ((guix licenses) #:prefix license:) |
dd2efd3d TUBK |
62 | #:use-module (guix packages) |
63 | #:use-module (guix download) | |
91a4863d | 64 | #:use-module (guix git-download) |
7e61a16c | 65 | #:use-module (guix utils) |
0bc2d3e4 OP |
66 | #:use-module (guix build-system gnu) |
67 | #:use-module (guix build-system trivial)) | |
dd2efd3d TUBK |
68 | |
69 | (define-public dnsmasq | |
70 | (package | |
71 | (name "dnsmasq") | |
0e8e2908 | 72 | (version "2.80") |
dd2efd3d TUBK |
73 | (source (origin |
74 | (method url-fetch) | |
75 | (uri (string-append | |
76 | "http://www.thekelleys.org.uk/dnsmasq/dnsmasq-" | |
77 | version ".tar.xz")) | |
78 | (sha256 | |
79 | (base32 | |
0e8e2908 | 80 | "1fv3g8vikj3sn37x1j6qsywn09w1jipvlv34j3q5qrljbrwa5ayd")))) |
dd2efd3d | 81 | (build-system gnu-build-system) |
cb6d322a CB |
82 | (native-inputs |
83 | `(("pkg-config" ,pkg-config))) | |
84 | (inputs | |
85 | `(("dbus" ,dbus))) | |
dd2efd3d TUBK |
86 | (arguments |
87 | `(#:phases | |
dc1d3cde | 88 | (modify-phases %standard-phases (delete 'configure)) |
dd2efd3d | 89 | #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")) |
cb6d322a CB |
90 | "CC=gcc" |
91 | "COPTS=\"-DHAVE_DBUS\"") | |
4e6c51d4 | 92 | #:tests? #f)) ; no ‘check’ target |
dd2efd3d TUBK |
93 | (home-page "http://www.thekelleys.org.uk/dnsmasq/doc.html") |
94 | (synopsis "Small caching DNS proxy and DHCP/TFTP server") | |
95 | (description | |
c657716e TGR |
96 | "Dnsmasq is a light-weight DNS forwarder and DHCP server. It is designed |
97 | to provide DNS and, optionally, DHCP to a small network. It can serve the | |
dd2efd3d TUBK |
98 | names of local machines which are not in the global DNS. The DHCP server |
99 | integrates with the DNS server and allows machines with DHCP-allocated | |
c657716e | 100 | addresses to appear in the DNS with names configured either on each host or in |
dd2efd3d TUBK |
101 | a central configuration file. Dnsmasq supports static and dynamic DHCP leases |
102 | and BOOTP/TFTP for network booting of diskless machines.") | |
103 | ;; Source files only say GPL2 and GPL3 are allowed. | |
1e744399 TČ |
104 | (license (list license:gpl2 license:gpl3)))) |
105 | ||
a0683006 LC |
106 | ;; 'bind' is the name of a built-in Guile procedure, which is why we choose a |
107 | ;; different name here. | |
108 | (define-public isc-bind | |
1e744399 | 109 | (package |
be86b7ad | 110 | (name "bind") |
1e73986f | 111 | (version "9.14.4") |
1e744399 TČ |
112 | (source (origin |
113 | (method url-fetch) | |
be86b7ad | 114 | (uri (string-append |
54fd7c02 TGR |
115 | "https://ftp.isc.org/isc/bind9/" version |
116 | "/bind-" version ".tar.gz")) | |
1e744399 TČ |
117 | (sha256 |
118 | (base32 | |
1e73986f | 119 | "0gxqws7ml15lwkjw9mdcd759gv5kk3s9m17j3vrp9448ls1gnbii")))) |
1e744399 | 120 | (build-system gnu-build-system) |
be86b7ad | 121 | (outputs `("out" "utils")) |
1e744399 | 122 | (inputs |
fc0dd636 | 123 | ;; It would be nice to add GeoIP and gssapi once there are packages. |
1e744399 TČ |
124 | `(("libcap" ,libcap) |
125 | ("libxml2" ,libxml2) | |
1e744399 | 126 | ("openssl" ,openssl) |
0406434b TGR |
127 | ("p11-kit" ,p11-kit) |
128 | ("python" ,python) | |
129 | ("python-ply" ,python-ply))) | |
be86b7ad JD |
130 | (native-inputs `(("perl" ,perl) |
131 | ("net-tools" ,net-tools))) | |
1e744399 | 132 | (arguments |
be86b7ad | 133 | `(#:configure-flags |
1e744399 TČ |
134 | (list (string-append "--with-openssl=" |
135 | (assoc-ref %build-inputs "openssl")) | |
1e744399 TČ |
136 | (string-append "--with-pkcs11=" |
137 | (assoc-ref %build-inputs "p11-kit"))) | |
138 | #:phases | |
be86b7ad JD |
139 | (modify-phases %standard-phases |
140 | (add-after 'strip 'move-to-utils | |
141 | (lambda _ | |
142 | (for-each | |
143 | (lambda (file) | |
144 | (let ((target (string-append (assoc-ref %outputs "utils") file)) | |
145 | (src (string-append (assoc-ref %outputs "out") file))) | |
146 | (mkdir-p (dirname target)) | |
147 | (link src target) | |
148 | (delete-file src))) | |
149 | '("/bin/dig" "/bin/delv" "/bin/nslookup" "/bin/host" "/bin/nsupdate" | |
150 | "/share/man/man1/dig.1" | |
151 | "/share/man/man1/host.1" | |
152 | "/share/man/man1/nslookup.1" | |
6023ecab TGR |
153 | "/share/man/man1/nsupdate.1")) |
154 | #t)) | |
be86b7ad JD |
155 | ;; When and if guix provides user namespaces for the build process, |
156 | ;; then the following can be uncommented and the subsequent "force-test" | |
157 | ;; will not be necessary. | |
158 | ;; | |
159 | ;; (add-before 'check 'set-up-loopback | |
160 | ;; (lambda _ | |
161 | ;; (system "bin/tests/system/ifconfig.sh up"))) | |
162 | (replace 'check | |
163 | (lambda _ | |
c72c1005 TGR |
164 | ;; XXX Even ‘make force-test’ tries to create network interfaces |
165 | ;; and fails. The only working target is the (trivial) fuzz test. | |
166 | (with-directory-excursion "fuzz" | |
167 | (invoke "make" "check")) | |
168 | #t))))) | |
be86b7ad | 169 | (synopsis "An implementation of the Domain Name System") |
366efcb2 TGR |
170 | (description "BIND is an implementation of the @dfn{Domain Name System} |
171 | (DNS) protocols for the Internet. It is a reference implementation of those | |
be86b7ad JD |
172 | protocols, but it is also production-grade software, suitable for use in |
173 | high-volume and high-reliability applications. The name BIND stands for | |
174 | \"Berkeley Internet Name Domain\", because the software originated in the early | |
175 | 1980s at the University of California at Berkeley.") | |
176 | (home-page "https://www.isc.org/downloads/bind") | |
ecc7aa89 | 177 | (license (list license:mpl2.0)))) |
be86b7ad | 178 | |
d24727c0 MB |
179 | (define-public dnscrypt-proxy |
180 | (package | |
181 | (name "dnscrypt-proxy") | |
83a89531 | 182 | (version "1.9.5") |
d24727c0 MB |
183 | (source (origin |
184 | (method url-fetch) | |
185 | (uri (string-append | |
186 | "https://download.dnscrypt.org/dnscrypt-proxy/" | |
187 | "dnscrypt-proxy-" version ".tar.bz2")) | |
188 | (sha256 | |
189 | (base32 | |
83a89531 | 190 | "1dhvklr4dg2vlw108n11xbamacaryyg3dbrg629b76lp7685p7z8")) |
d24727c0 MB |
191 | (modules '((guix build utils))) |
192 | (snippet | |
193 | ;; Delete bundled libltdl. XXX: This package also bundles | |
194 | ;; a modified libevent that cannot currently be removed. | |
6cbee49d MW |
195 | '(begin |
196 | (delete-file-recursively "libltdl") | |
197 | #t)))) | |
d24727c0 MB |
198 | (build-system gnu-build-system) |
199 | (arguments | |
200 | `(#:phases | |
201 | (modify-phases %standard-phases | |
d10092b8 | 202 | (add-after 'unpack 'autoreconf |
d24727c0 MB |
203 | (lambda _ |
204 | ;; Re-generate build files due to unbundling ltdl. | |
205 | ;; TODO: Prevent generating new libltdl and building it. | |
206 | ;; The system version is still favored and referenced. | |
997a4e18 | 207 | (invoke "autoreconf" "-vif")))))) |
d24727c0 MB |
208 | (native-inputs |
209 | `(("pkg-config" ,pkg-config) | |
210 | ("automake" ,automake) | |
211 | ("autoconf" ,autoconf) | |
212 | ("libtool" ,libtool))) | |
213 | (inputs | |
214 | `(("libltdl" ,libltdl) | |
215 | ("libsodium" ,libsodium))) | |
216 | (home-page "https://www.dnscrypt.org/") | |
217 | (synopsis "Securely send DNS requests to a remote server") | |
218 | (description | |
219 | "@command{dnscrypt-proxy} is a tool for securing communications | |
220 | between a client and a DNS resolver. It verifies that responses you get | |
221 | from a DNS provider was actually sent by that provider, and haven't been | |
222 | tampered with. For optimal performance it is recommended to use this as | |
223 | a forwarder for a caching DNS resolver such as @command{dnsmasq}, but it | |
224 | can also be used as a normal DNS \"server\". A list of public dnscrypt | |
225 | servers is included, and an up-to-date version is available at | |
226 | @url{https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv}.") | |
227 | (license (list license:isc | |
228 | ;; Libevent and src/ext/queue.h is 3-clause BSD. | |
229 | license:bsd-3)))) | |
230 | ||
afe62a8b MB |
231 | (define-public dnscrypt-wrapper |
232 | (package | |
233 | (name "dnscrypt-wrapper") | |
234 | (version "0.2.2") | |
235 | (source (origin | |
236 | (method url-fetch) | |
237 | (uri (string-append | |
238 | "https://github.com/cofyc/dnscrypt-wrapper/releases" | |
239 | "/download/v" version "/" name "-v" version ".tar.bz2")) | |
240 | (sha256 | |
241 | (base32 | |
242 | "1vhg4g0r687f51wcdn7z9w1hxapazx6vyh5rsr8wa48sljzd583g")))) | |
243 | (build-system gnu-build-system) | |
244 | (arguments | |
245 | `(#:make-flags '("CC=gcc") | |
246 | ;; TODO: Tests require ruby-cucumber and ruby-aruba. | |
247 | #:tests? #f | |
248 | #:phases | |
249 | (modify-phases %standard-phases | |
d10092b8 | 250 | (add-after 'unpack 'create-configure |
afe62a8b | 251 | (lambda _ |
b43cd106 | 252 | (invoke "make" "configure")))))) |
afe62a8b MB |
253 | (native-inputs |
254 | `(("autoconf" ,autoconf))) | |
255 | (inputs | |
256 | `(("libevent" ,libevent) | |
257 | ("libsodium" ,libsodium))) | |
258 | (home-page "https://github.com/Cofyc/dnscrypt-wrapper") | |
259 | (synopsis "Server-side dnscrypt proxy") | |
260 | (description | |
261 | "@command{dnscrypt-wrapper} is a tool to expose a name server over | |
262 | the @code{dnscrypt} protocol. It can be used as an endpoint for the | |
263 | @command{dnscrypt-proxy} client to securely tunnel DNS requests between | |
264 | the two.") | |
265 | (license (list license:isc | |
266 | ;; Bundled argparse is MIT. TODO: package and unbundle. | |
267 | license:expat | |
268 | ;; dns-protocol.h and rfc1035.{c,h} is gpl2 or gpl3 (either). | |
269 | license:gpl2 | |
270 | license:gpl3)))) | |
271 | ||
71f048c6 | 272 | (define-public libasr |
273 | (package | |
274 | (name "libasr") | |
275 | (version "201602131606") | |
276 | (source | |
277 | (origin | |
278 | (method url-fetch) | |
279 | (uri (string-append "https://www.opensmtpd.org/archives/" | |
280 | name "-" version ".tar.gz")) | |
281 | (sha256 | |
282 | (base32 | |
283 | "18kdmbjsxrfai16d66qslp48b1zf7gr8him2jj5dcqgbsl44ls75")))) | |
284 | (build-system gnu-build-system) | |
285 | (native-inputs | |
286 | `(("autoconf" ,autoconf) | |
287 | ("automake" ,automake) | |
288 | ("pkg-config" ,pkg-config) | |
289 | ("groff" ,groff))) | |
290 | (home-page "https://www.opensmtpd.org") | |
291 | (synopsis "Asynchronous resolver library by the OpenBSD project") | |
292 | (description | |
293 | "libasr is a free, simple and portable asynchronous resolver library. | |
294 | It allows to run DNS queries and perform hostname resolutions in a fully | |
295 | asynchronous fashion.") | |
296 | (license (list license:isc | |
297 | license:bsd-2 ; last part of getrrsetbyname_async.c | |
298 | license:bsd-3 | |
299 | (license:non-copyleft "file://LICENSE") ; includes.h | |
300 | license:openssl)))) | |
6cf626e8 | 301 | |
7382ecd8 TGR |
302 | (define-public nsd |
303 | (package | |
304 | (name "nsd") | |
935e4b3a | 305 | (version "4.2.0") |
7382ecd8 TGR |
306 | (source |
307 | (origin | |
308 | (method url-fetch) | |
309 | (uri (string-append "https://www.nlnetlabs.nl/downloads/nsd/nsd-" | |
310 | version ".tar.gz")) | |
311 | (sha256 | |
935e4b3a | 312 | (base32 "0k57xl3ybdnqjqw9a3dmi7l6qmhkiic6wsghkz08ir809aj1rpsi")))) |
7382ecd8 TGR |
313 | (build-system gnu-build-system) |
314 | (arguments | |
315 | `(#:configure-flags | |
316 | (list "--enable-pie" ; fully benefit from ASLR | |
317 | "--enable-ratelimit" | |
318 | "--enable-recvmmsg" | |
319 | "--enable-relro-now" ; protect GOT and .dtor areas | |
320 | "--disable-radix-tree" | |
321 | (string-append "--with-libevent=" | |
322 | (assoc-ref %build-inputs "libevent")) | |
323 | (string-append "--with-ssl=" | |
324 | (assoc-ref %build-inputs "openssl")) | |
325 | "--with-configdir=/etc" | |
326 | "--with-nsd_conf_file=/etc/nsd/nsd.conf" | |
327 | "--with-logfile=/var/log/nsd.log" | |
328 | "--with-pidfile=/var/db/nsd/nsd.pid" | |
329 | "--with-dbfile=/var/db/nsd/nsd.db" | |
330 | "--with-zonesdir=/etc/nsd" | |
331 | "--with-xfrdfile=/var/db/nsd/xfrd.state" | |
332 | "--with-zonelistfile=/var/db/nsd/zone.list") | |
333 | #:phases | |
334 | (modify-phases %standard-phases | |
335 | (add-before 'configure 'patch-installation-paths | |
336 | (lambda* (#:key outputs #:allow-other-keys) | |
337 | (let* ((out (assoc-ref outputs "out")) | |
338 | (doc (string-append out "/share/doc/" ,name "-" ,version))) | |
339 | ;; The ‘make install’ target tries to create the parent | |
340 | ;; directories of run-time things like ‘pidfile’ above, and | |
341 | ;; useless empty directories like 'configdir'. Remove such | |
342 | ;; '$(INSTALL)' lines and install the example configuration file | |
343 | ;; in an appropriate location. | |
344 | (substitute* "Makefile.in" | |
345 | ((".*INSTALL.*\\$\\((config|pid|xfr|db)dir" command) | |
346 | (string-append "#" command)) | |
347 | (("\\$\\(nsdconfigfile\\)\\.sample" file-name) | |
348 | (string-append doc "/examples/" file-name))) | |
349 | #t)))) | |
350 | #:tests? #f)) ; no tests | |
351 | (inputs | |
352 | `(("libevent" ,libevent) | |
353 | ("openssl" ,openssl))) | |
354 | (home-page "https://www.nlnetlabs.nl/projects/nsd/about/") | |
355 | (synopsis "Authoritative DNS name server") | |
356 | (description "@dfn{NSD}, short for Name Server Daemon, is an authoritative | |
357 | name server for the Domain Name System (@dfn{DNS}). It aims to be a fast and | |
358 | RFC-compliant nameserver. | |
359 | ||
360 | NSD uses zone information compiled via @command{zonec} into a binary database | |
361 | file (@file{nsd.db}). This allows fast startup of the name service daemon and | |
362 | allows syntax-structural errors in zone files to be flagged at compile time, | |
363 | before being made available to NSD service itself. However, most traditional | |
364 | BIND-style zone files can be directly imported into NSD without modification. | |
365 | ||
366 | The collection of programs and processes that make up NSD are designed so that | |
367 | the daemon itself runs as a non-privileged user and can be easily configured to | |
368 | run in a @code{chroot} jail, thus making any security flaws in NSD less likely | |
369 | to result in system-wide compromise.") | |
370 | (license (list license:bsd-3)))) | |
371 | ||
7e61a16c GG |
372 | (define-public unbound |
373 | (package | |
374 | (name "unbound") | |
223055dd | 375 | (version "1.9.1") |
7e61a16c GG |
376 | (source |
377 | (origin | |
378 | (method url-fetch) | |
379 | (uri (string-append "https://www.unbound.net/downloads/unbound-" | |
380 | version ".tar.gz")) | |
381 | (sha256 | |
223055dd | 382 | (base32 "1iarvk0i92asvrkpla9z55aan20k6pklzpck9yk4rfnchsdvzh63")))) |
7e61a16c GG |
383 | (build-system gnu-build-system) |
384 | (outputs '("out" "python")) | |
385 | (native-inputs | |
386 | `(("flex" ,flex) | |
387 | ("swig" ,swig))) | |
388 | (inputs | |
389 | `(("expat" ,expat) | |
390 | ("libevent" ,libevent) | |
391 | ("protobuf" ,protobuf) | |
392 | ("python" ,python-3) | |
393 | ("python-wrapper" ,python-wrapper) | |
394 | ("openssl" ,openssl))) | |
395 | (arguments | |
396 | `(#:configure-flags | |
37040b85 | 397 | (list "--disable-static" ; save space and non-determinism in libunbound.a |
a431929d | 398 | (string-append |
7e61a16c GG |
399 | "--with-ssl=" (assoc-ref %build-inputs "openssl")) |
400 | (string-append | |
401 | "--with-libevent=" (assoc-ref %build-inputs "libevent")) | |
402 | (string-append | |
403 | "--with-libexpat=" (assoc-ref %build-inputs "expat")) | |
404 | "--with-pythonmodule" "--with-pyunbound") | |
405 | #:phases | |
406 | (modify-phases %standard-phases | |
407 | (add-after 'configure 'fix-python-site-package-path | |
408 | ;; Move python modules into their own output. | |
409 | (lambda* (#:key outputs #:allow-other-keys) | |
410 | (let ((pyout (assoc-ref outputs "python")) | |
411 | (ver ,(version-major+minor (package-version python)))) | |
412 | (substitute* "Makefile" | |
413 | (("^PYTHON_SITE_PKG=.*$") | |
414 | (string-append | |
415 | "PYTHON_SITE_PKG=" | |
416 | pyout "/lib/python-" ver "/site-packages\n")))) | |
417 | #t)) | |
418 | (add-before 'check 'fix-missing-nss-for-tests | |
419 | ;; Unfortunately, the package's unittests involve some checks | |
420 | ;; looking up protocols and services which are not provided | |
421 | ;; by the minimalistic build environment, in particular, | |
422 | ;; /etc/protocols and /etc/services are missing. | |
423 | ;; Also, after plain substitution of protocol and service names | |
424 | ;; in the test data, the tests still fail because the | |
425 | ;; corresponding Resource Records have been signed by | |
426 | ;; RRSIG records. | |
427 | ;; The following LD_PRELOAD library overwrites the glibc | |
428 | ;; functions ‘get{proto,serv}byname’, ‘getprotobynumber’ and | |
429 | ;; ‘getservbyport’ providing the few records required for the | |
430 | ;; unit tests to pass. | |
431 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
432 | (let* ((source (assoc-ref %build-inputs "source")) | |
433 | (gcc (assoc-ref %build-inputs "gcc"))) | |
434 | (call-with-output-file "/tmp/nss_preload.c" | |
435 | (lambda (port) | |
436 | (display "#include <stdlib.h> | |
437 | #include <string.h> | |
438 | #include <strings.h> | |
439 | ||
440 | #include <netdb.h> | |
441 | ||
442 | struct protoent *getprotobyname(const char *name) { | |
443 | struct protoent *p = malloc(sizeof(struct protoent)); | |
444 | p->p_aliases = malloc(sizeof(char*)); | |
445 | if (strcasecmp(name, \"tcp\") == 0) { | |
446 | p->p_name = \"tcp\"; | |
447 | p->p_proto = 6; | |
448 | p->p_aliases[0] = \"TCP\"; | |
449 | } else if (strcasecmp(name, \"udp\") == 0) { | |
450 | p->p_name = \"udp\"; | |
451 | p->p_proto = 17; | |
452 | p->p_aliases[0] = \"UDP\"; | |
453 | } else | |
454 | p = NULL; | |
455 | return p; | |
456 | } | |
457 | ||
458 | struct protoent *getprotobynumber(int proto) { | |
459 | struct protoent *p = malloc(sizeof(struct protoent)); | |
460 | p->p_aliases = malloc(sizeof(char*)); | |
461 | switch(proto) { | |
462 | case 6: | |
463 | p->p_name = \"tcp\"; | |
464 | p->p_proto = 6; | |
465 | p->p_aliases[0] = \"TCP\"; | |
466 | break; | |
467 | case 17: | |
468 | p->p_name = \"udp\"; | |
469 | p->p_proto = 17; | |
470 | p->p_aliases[0] = \"UDP\"; | |
471 | break; | |
472 | default: | |
473 | p = NULL; | |
474 | break; | |
475 | } | |
476 | return p; | |
477 | } | |
478 | ||
479 | struct servent *getservbyname(const char *name, const char *proto) { | |
480 | struct servent *s = malloc(sizeof(struct servent)); | |
481 | char* buf = malloc((strlen(proto)+1)*sizeof(char)); | |
482 | strcpy(buf, proto); | |
483 | s->s_aliases = malloc(sizeof(char*)); | |
484 | s->s_aliases[0] = NULL; | |
485 | if (strcasecmp(name, \"domain\") == 0) { | |
486 | s->s_name = \"domain\"; | |
487 | s->s_port = htons(53); | |
488 | s->s_proto = buf; | |
489 | } else | |
490 | s = NULL; | |
491 | return s; | |
492 | } | |
493 | ||
494 | struct servent *getservbyport(int port, const char *proto) { | |
495 | char buf[32]; | |
496 | struct servent *s = malloc(sizeof(struct servent)); | |
497 | strcpy(buf, proto); | |
498 | s->s_aliases = malloc(sizeof(char*)); | |
499 | s->s_aliases[0] = NULL; | |
500 | switch(port) { | |
501 | case 53: | |
502 | s->s_name = \"domain\"; | |
503 | s->s_port = 53; | |
504 | s->s_proto = \"udp\"; | |
505 | break; | |
506 | default: | |
507 | s = NULL; | |
508 | break; | |
509 | } | |
510 | return s; | |
511 | }" port))) | |
9a3a1565 TGR |
512 | (invoke (string-append gcc "/bin/gcc") |
513 | "-shared" "-fPIC" "-o" "/tmp/nss_preload.so" | |
514 | "/tmp/nss_preload.c") | |
7e61a16c GG |
515 | ;; The preload library only affects the unittests. |
516 | (substitute* "Makefile" | |
517 | (("./unittest") | |
518 | "LD_PRELOAD=/tmp/nss_preload.so ./unittest"))) | |
519 | #t))))) | |
520 | (home-page "https://www.unbound.net") | |
521 | (synopsis "Validating, recursive, and caching DNS resolver") | |
522 | (description | |
523 | "Unbound is a recursive-only caching DNS server which can perform DNSSEC | |
524 | validation of results. It implements only a minimal amount of authoritative | |
525 | service to prevent leakage to the root nameservers: forward lookups for | |
526 | localhost, reverse for @code{127.0.0.1} and @code{::1}, and NXDOMAIN for zones | |
527 | served by AS112. Stub and forward zones are supported.") | |
528 | (license license:bsd-4))) | |
529 | ||
6cf626e8 TGR |
530 | (define-public yadifa |
531 | (package | |
532 | (name "yadifa") | |
92a33362 | 533 | (version "2.3.9") |
6cf626e8 | 534 | (source |
92a33362 | 535 | (let ((build "8497")) |
8769d482 TGR |
536 | (origin |
537 | (method url-fetch) | |
538 | (uri | |
539 | (string-append "http://cdn.yadifa.eu/sites/default/files/releases/" | |
fe99b7f7 | 540 | "yadifa-" version "-" build ".tar.gz")) |
8769d482 | 541 | (sha256 |
92a33362 | 542 | (base32 "0xvyr91sfgzkpw6g3h893ldbwnki3w2472n56rr18w67qghs1sa5"))))) |
6cf626e8 TGR |
543 | (build-system gnu-build-system) |
544 | (native-inputs | |
545 | `(("which" ,which))) | |
546 | (inputs | |
547 | `(("openssl" ,openssl))) | |
548 | (arguments | |
57b05e4a TGR |
549 | `(#:phases |
550 | (modify-phases %standard-phases | |
551 | (add-before 'configure 'omit-example-configurations | |
552 | (lambda _ | |
553 | (substitute* "Makefile.in" | |
554 | ((" (etc|var)") "")) | |
555 | #t))) | |
556 | #:configure-flags | |
557 | (list "--sysconfdir=/etc" | |
558 | "--localstatedir=/var" | |
559 | "--disable-build-timestamp" ; build reproducibly | |
560 | "--enable-shared" | |
561 | "--disable-static" | |
562 | "--enable-acl" | |
563 | "--enable-caching" | |
564 | "--enable-ctrl" ; enable remote control | |
565 | "--enable-nsec" | |
566 | "--enable-nsec3" | |
567 | "--enable-tsig"))) | |
6cf626e8 TGR |
568 | (home-page "http://www.yadifa.eu/") |
569 | (synopsis "Authoritative DNS name server") | |
366efcb2 TGR |
570 | (description "YADIFA is an authoritative name server for the @dfn{Domain |
571 | Name System} (DNS). It aims for both higher performance and a smaller memory | |
6cf626e8 | 572 | footprint than other implementations, while remaining fully RFC-compliant. |
366efcb2 TGR |
573 | YADIFA supports dynamic record updates and the @dfn{Domain Name System Security |
574 | Extensions} (DNSSEC).") | |
6cf626e8 | 575 | (license license:bsd-3))) |
f9cdf1c1 TGR |
576 | |
577 | (define-public knot | |
578 | (package | |
579 | (name "knot") | |
3abc9cc2 | 580 | (version "2.8.2") |
e41ddf76 TGR |
581 | (source |
582 | (origin | |
583 | (method url-fetch) | |
584 | (uri (string-append "https://secure.nic.cz/files/knot-dns/" | |
585 | "knot-" version ".tar.xz")) | |
586 | (sha256 | |
3abc9cc2 | 587 | (base32 "0dx1lp4w33rpa54nns41k4vfdfin6naaskwh132r4qs0l9hl7lh0")) |
e41ddf76 TGR |
588 | (modules '((guix build utils))) |
589 | (snippet | |
590 | '(begin | |
591 | ;; Delete bundled libraries. | |
592 | (with-directory-excursion "src/contrib" | |
593 | (delete-file-recursively "lmdb")) | |
594 | #t)))) | |
f9cdf1c1 TGR |
595 | (build-system gnu-build-system) |
596 | (native-inputs | |
597 | `(("pkg-config" ,pkg-config))) | |
598 | (inputs | |
023ef013 TGR |
599 | `(("fstrm" ,fstrm) |
600 | ("gnutls" ,gnutls) | |
f9cdf1c1 TGR |
601 | ("jansson" ,jansson) |
602 | ("libcap-ng" ,libcap-ng) | |
603 | ("libedit" ,libedit) | |
604 | ("libidn" ,libidn) | |
605 | ("liburcu" ,liburcu) | |
606 | ("lmdb" ,lmdb) | |
607 | ("ncurses" ,ncurses) | |
1b00e3bd | 608 | ("protobuf-c" ,protobuf-c))) |
f9cdf1c1 TGR |
609 | (arguments |
610 | `(#:phases | |
611 | (modify-phases %standard-phases | |
612 | (add-before 'configure 'disable-directory-pre-creation | |
613 | (lambda _ | |
614 | ;; Don't install empty directories like ‘/etc’ outside the store. | |
1b00e3bd | 615 | ;; This is needed even when using ‘make config_dir=... install’. |
2d431b01 TGR |
616 | (substitute* "src/Makefile.in" (("\\$\\(INSTALL\\) -d") "true")) |
617 | #t)) | |
f9cdf1c1 TGR |
618 | (replace 'install |
619 | (lambda* (#:key outputs #:allow-other-keys) | |
620 | (let* ((out (assoc-ref outputs "out")) | |
ee1362fc | 621 | (doc (string-append out "/share/doc/" ,name "-" ,version)) |
f9cdf1c1 | 622 | (etc (string-append doc "/examples/etc"))) |
6b042495 TGR |
623 | (invoke "make" |
624 | (string-append "config_dir=" etc) | |
1b00e3bd | 625 | "install"))))) |
f9cdf1c1 TGR |
626 | #:configure-flags |
627 | (list "--sysconfdir=/etc" | |
628 | "--localstatedir=/var" | |
1b00e3bd TGR |
629 | "--enable-dnstap" ; let tools read/write capture files |
630 | "--with-module-dnstap=yes" ; detailed query capturing & logging | |
f9cdf1c1 TGR |
631 | (string-append "--with-bash-completions=" |
632 | (assoc-ref %outputs "out") | |
633 | "/etc/bash_completion.d")))) | |
634 | (home-page "https://www.knot-dns.cz/") | |
635 | (synopsis "Authoritative DNS name server") | |
d1e4ad1b | 636 | (description "Knot DNS is an authoritative name server for the @dfn{Domain |
f9cdf1c1 TGR |
637 | Name System} (DNS), designed to meet the needs of root and @dfn{top-level |
638 | domain} (TLD) name servers. It is implemented as a threaded daemon and uses a | |
639 | number of programming techniques to improve speed. For example, the responder | |
640 | is completely lock-free, resulting in a very high response rate. Other features | |
641 | include automatic @dfn{DNS Security Extensions} (DNSSEC) signing, dynamic record | |
642 | synthesis, and on-the-fly re-configuration.") | |
0056f4cc TGR |
643 | (license |
644 | (list | |
645 | ;; src/contrib/{hat-trie,murmurhash3,openbsd}, | |
646 | ;; src/dnssec/contrib/vpool.[ch], and parts of libtap/ are ‘MIT’ (expat). | |
647 | license:expat | |
648 | license:lgpl2.0+ ; parts of scr/contrib/ucw | |
649 | license:public-domain ; src/contrib/fnv and possibly murmurhash3 | |
650 | license:gpl3+)))) ; everything else | |
0bc2d3e4 OP |
651 | |
652 | (define-public ddclient | |
653 | (package | |
654 | (name "ddclient") | |
e12df2c6 | 655 | (version "3.9.0") |
0bc2d3e4 OP |
656 | (source (origin |
657 | (method url-fetch) | |
658 | (uri (string-append "mirror://sourceforge/ddclient/ddclient/ddclient-" | |
659 | version "/ddclient-" version ".tar.gz")) | |
660 | (sha256 | |
661 | (base32 | |
e12df2c6 | 662 | "0fwyhab8yga2yi1kdfkbqxa83wxhwpagmj1w1mwkg2iffh1fjjlw")))) |
0bc2d3e4 OP |
663 | (build-system trivial-build-system) ; no Makefile.PL |
664 | (native-inputs | |
665 | `(("bash" ,bash) | |
666 | ("gzip" ,gzip) | |
667 | ("perl" ,perl) | |
668 | ("tar" ,tar))) | |
669 | (inputs | |
e12df2c6 TGR |
670 | `(("inetutils" ,inetutils) ; logger |
671 | ("net-tools" ,net-tools) | |
672 | ("perl-data-validate-ip" ,perl-data-validate-ip) | |
673 | ("perl-digest-sha1" ,perl-digest-sha1) | |
674 | ("perl-io-socket-ssl" ,perl-io-socket-ssl))) | |
0bc2d3e4 OP |
675 | (arguments |
676 | `(#:modules ((guix build utils) | |
677 | (ice-9 match) | |
678 | (srfi srfi-26)) | |
679 | #:builder | |
680 | (begin | |
681 | (use-modules (guix build utils) | |
682 | (ice-9 match) | |
683 | (srfi srfi-26)) | |
684 | ;; bootstrap | |
685 | (setenv "PATH" (string-append | |
686 | (assoc-ref %build-inputs "bash") "/bin" ":" | |
687 | (assoc-ref %build-inputs "tar") "/bin" ":" | |
688 | (assoc-ref %build-inputs "gzip") "/bin" ":" | |
689 | (assoc-ref %build-inputs "perl") "/bin")) | |
690 | ;; extract source | |
691 | (invoke "tar" "xvf" (assoc-ref %build-inputs "source")) | |
692 | ;; package | |
693 | (with-directory-excursion (string-append ,name "-" ,version) | |
694 | (let* ((out (assoc-ref %outputs "out")) | |
695 | (bin (string-append out "/bin"))) | |
696 | (let ((file "ddclient")) | |
697 | (substitute* file | |
698 | (("/usr/bin/perl") (which "perl")) | |
699 | ;; Strictly use ‘/etc/ddclient/ddclient.conf’. | |
700 | (("\\$\\{program\\}\\.conf") "/etc/ddclient/ddclient.conf") | |
701 | (("\\$etc\\$program.conf") "/etc/ddclient/ddclient.conf") | |
702 | ;; Strictly use ‘/var/cache/ddclient/ddclient.cache’ | |
703 | (("\\$cachedir\\$program\\.cache") | |
704 | "/var/cache/ddclient/ddclient.cache")) | |
705 | (install-file file bin) | |
706 | (wrap-program (string-append bin "/" file) | |
707 | `("PATH" ":" = | |
708 | ("$PATH" | |
709 | ,@(map (lambda (input) | |
710 | (match input | |
711 | ((name . store) | |
712 | (string-append store "/bin")))) | |
713 | %build-inputs))) | |
714 | `("PERL5LIB" ":" = | |
715 | ,(delete | |
716 | "" | |
717 | (map (match-lambda | |
718 | (((? (cut string-prefix? "perl-" <>) name) . dir) | |
719 | (string-append dir "/lib/perl5/site_perl")) | |
720 | (_ "")) | |
721 | %build-inputs))))) | |
722 | (for-each (cut install-file <> (string-append out | |
723 | "/share/ddclient")) | |
724 | (find-files "." "sample.*$"))))))) | |
725 | (home-page "https://sourceforge.net/projects/ddclient/") | |
726 | (synopsis "Address updating utility for dynamic DNS services") | |
727 | (description "This package provides a client to update dynamic IP | |
728 | addresses with several dynamic DNS service providers, such as | |
729 | @uref{https://www.dyndns.com/account/login.html,DynDNS.com}. | |
730 | ||
731 | This makes it possible to use a fixed hostname (such as myhost.dyndns.org) to | |
732 | access a machine with a dynamic IP address. | |
733 | ||
734 | The client supports both dynamic and (near) static services, as well as MX | |
735 | record and alternative name management. It caches the address, and only | |
736 | attempts the update when it has changed.") | |
737 | (license license:gpl2+))) | |
91a4863d LC |
738 | |
739 | (define-public hnsd | |
740 | ;; There have been no releases yet, hence this commit. | |
741 | (let ((revision "0") | |
742 | (commit "895d89c25d316d18df9d374fe78aae3902bc89fb")) | |
743 | (package | |
744 | (name "hnsd") | |
745 | (version (git-version "0.0" revision commit)) | |
746 | (source (origin | |
747 | (method git-fetch) | |
748 | (uri (git-reference | |
749 | (url "https://github.com/handshake-org/hnsd") | |
750 | (commit commit))) | |
751 | (sha256 | |
752 | (base32 | |
753 | "0704y73sddn24jga9csw4gxyfb3pnrfnk0vdcph84n1h38490l16")) | |
754 | (file-name (git-file-name name version)) | |
755 | (modules '((guix build utils))) | |
756 | (snippet | |
757 | '(begin | |
758 | ;; Delete the bundled copy of libuv. | |
759 | (delete-file-recursively "uv") | |
760 | (substitute* "configure.ac" | |
761 | (("AC_CONFIG_SUBDIRS\\(\\[uv\\]\\)") "")) | |
762 | (substitute* "Makefile.am" | |
763 | (("SUBDIRS = uv") "\n") | |
764 | (("\\$\\(top_builddir\\)/uv/libuv.la") "-luv") | |
765 | ||
766 | ;; Make sure the 'hnsd' binary is installed and | |
767 | ;; dynamically-linked. | |
768 | (("noinst_PROGRAMS") "bin_PROGRAMS") | |
769 | (("hnsd_LDFLAGS = -static") "")) | |
770 | ||
771 | ;; This script tries to chdir to "uv" and doesn't do more | |
772 | ;; than "autoreconf" so remove it. | |
773 | (delete-file "autogen.sh") | |
774 | #t)))) | |
775 | (build-system gnu-build-system) | |
776 | (arguments | |
777 | '(#:configure-flags '("--disable-static"))) ;no need for libhsk.a | |
778 | (native-inputs | |
779 | `(("autoconf" ,autoconf) | |
780 | ("automake" ,automake) | |
781 | ("libtool" ,libtool))) | |
782 | (inputs | |
783 | `(("unbound" ,unbound) | |
784 | ("libuv" ,libuv))) | |
785 | (home-page "https://www.handshake.org/") | |
786 | (synopsis "Resolver daemon for the Handshake naming protocol") | |
787 | (description | |
788 | "@command{hnsd} is a @dfn{host name resolver} for the Handshake Naming | |
789 | System (HNS) peer-to-peer network.") | |
790 | (license license:expat)))) | |
498911d3 MO |
791 | |
792 | (define-public libmicrodns | |
793 | (package | |
794 | (name "libmicrodns") | |
795 | (version "0.0.10") | |
796 | (source (origin | |
797 | (method git-fetch) | |
798 | (uri (git-reference | |
799 | (url "https://github.com/videolabs/libmicrodns") | |
800 | (commit version))) | |
801 | (file-name (git-file-name name version)) | |
802 | (sha256 | |
803 | (base32 | |
804 | "1xvl9k49ng35wbsqmnjnyqvkyjf8dcq2ywsq3jp3wh0rgmxhq2fh")))) | |
805 | (build-system gnu-build-system) | |
806 | (native-inputs | |
807 | `(("pkg-config" ,pkg-config) | |
808 | ("autoconf" ,autoconf) | |
809 | ("automake" ,automake) | |
810 | ("libtool" ,libtool))) | |
811 | (home-page "https://github.com/videolabs/libmicrodns") | |
812 | (synopsis "Minimal mDNS resolver library") | |
813 | (description "@code{libmicrodns} provides a minimal implementation of a | |
814 | mDNS resolver as well as an announcer. mDNS (Multicast Domain Name System) is | |
815 | a zero-config service that allows one to resolve host names to IP addresses in | |
816 | local networks.") | |
817 | (license license:lgpl2.1))) | |
41553c90 CM |
818 | |
819 | (define-public public-suffix-list | |
820 | ;; Mozilla releases the official list here: | |
821 | ;; | |
822 | ;; https://publicsuffix.org/list/public_suffix_list.dat | |
823 | ;; | |
824 | ;; However, Mozilla syncs that file from the GitHub repository periodically, | |
825 | ;; so its contents will change over time. If you update this commit, please | |
826 | ;; make sure that the new commit refers to a list which is identical to the | |
827 | ;; officially published list available from the URL above. | |
828 | (let ((commit "9375b697baddb0827a5995c81bd3c75877a0b35d")) | |
829 | (package | |
830 | (name "public-suffix-list") | |
831 | (version (git-version "0" "1" commit)) | |
832 | (source (origin | |
833 | (method git-fetch) | |
834 | (uri (git-reference | |
835 | (url "https://github.com/publicsuffix/list.git") | |
836 | (commit commit))) | |
837 | (file-name (git-file-name name version)) | |
838 | (sha256 | |
839 | (base32 | |
840 | "1sm7pni01rnl4ldzi8z8nc4cbgq8nxda9gwc68v0s3ij7jd1jmik")))) | |
841 | (build-system trivial-build-system) | |
842 | (arguments | |
843 | `(#:modules ((guix build utils)) | |
844 | #:builder | |
845 | (begin | |
846 | (use-modules (guix build utils)) | |
847 | (let* ((out (assoc-ref %outputs "out")) | |
848 | ;; Install to /share because that is where "read-only | |
849 | ;; architecture-independent data files" should go (see: | |
850 | ;; (standards) Directory Variables). Include the version in | |
851 | ;; the directory name so that if multiple versions are ever | |
852 | ;; installed in the same profile, they will not conflict. | |
853 | (destination (string-append | |
854 | out "/share/public-suffix-list-" ,version)) | |
855 | (source (assoc-ref %build-inputs "source"))) | |
856 | (with-directory-excursion source | |
857 | (install-file "public_suffix_list.dat" destination) | |
858 | (install-file "LICENSE" destination)) | |
859 | #t)))) | |
860 | (home-page "https://publicsuffix.org/") | |
861 | (synopsis "Database of current and historical DNS suffixes") | |
862 | (description "This is the Public Suffix List maintained by Mozilla. A | |
863 | \"public suffix\" is one under which Internet users can (or historically | |
864 | could) directly register names in the Domain Name System (DNS). Some examples | |
865 | of public suffixes are .com, .co.uk and pvt.k12.ma.us. This is a list of all | |
866 | known public suffixes.") | |
867 | (license license:mpl2.0)))) |