Commit | Line | Data |
---|---|---|
dd2efd3d TUBK |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com> | |
d912db5b | 3 | ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org> |
b2844d8f | 4 | ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net> |
76dd04be | 5 | ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> |
be86b7ad | 6 | ;;; Copyright © 2016 John Darrington <jmd@gnu.org> |
3c986a7d | 7 | ;;; Copyright © 2016 Nikita <nikita@n0.is> |
3bdd380f | 8 | ;;; Copyright © 2016–2021 Tobias Geerinckx-Rice <me@tobias.gr> |
645772e4 | 9 | ;;; Copyright © 2016, 2020 Marius Bakke <mbakke@fastmail.com> |
ecc7aa89 | 10 | ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com> |
7e61a16c | 11 | ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net> |
0bc2d3e4 | 12 | ;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com> |
498911d3 | 13 | ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com> |
41553c90 | 14 | ;;; Copyright © 2019 Chris Marusich <cmmarusich@gmail.com> |
7e5eda0c | 15 | ;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com> |
a1819473 | 16 | ;;; Copyright © 2020, 2021 Pierre Langlois <pierre.langlois@gmx.com> |
0d36d0ba | 17 | ;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net> |
65fd3f0a | 18 | ;;; Copyright © 2020 Leo Famulari <leo@famulari.name> |
6b6647f8 | 19 | ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re> |
dadfc9bc | 20 | ;;; Copyright © 2020 Simon South <simon@simonsouth.net> |
8bd2c50b | 21 | ;;; Copyright © 2021 Zheng Junjie <873216071@qq.com> |
dd2efd3d TUBK |
22 | ;;; |
23 | ;;; This file is part of GNU Guix. | |
24 | ;;; | |
25 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
26 | ;;; under the terms of the GNU General Public License as published by | |
27 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
28 | ;;; your option) any later version. | |
29 | ;;; | |
30 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
31 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
32 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
33 | ;;; GNU General Public License for more details. | |
34 | ;;; | |
35 | ;;; You should have received a copy of the GNU General Public License | |
36 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
37 | ||
36fb36b5 | 38 | (define-module (gnu packages dns) |
f9cdf1c1 | 39 | #:use-module (gnu packages admin) |
71f048c6 | 40 | #:use-module (gnu packages autotools) |
6cf626e8 | 41 | #:use-module (gnu packages base) |
0bc2d3e4 | 42 | #:use-module (gnu packages bash) |
6a7256fc | 43 | #:use-module (gnu packages certs) |
a35e16c0 | 44 | #:use-module (gnu packages check) |
1e744399 | 45 | #:use-module (gnu packages databases) |
a35e16c0 | 46 | #:use-module (gnu packages documentation) |
0bc2d3e4 | 47 | #:use-module (gnu packages compression) |
afe62a8b | 48 | #:use-module (gnu packages crypto) |
f9cdf1c1 | 49 | #:use-module (gnu packages datastructures) |
387ad8fd | 50 | #:use-module (gnu packages elf) |
7e61a16c | 51 | #:use-module (gnu packages flex) |
7239c674 | 52 | #:use-module (gnu packages freedesktop) |
018114ba | 53 | #:use-module (gnu packages gcc) |
cb6d322a | 54 | #:use-module (gnu packages glib) |
71f048c6 | 55 | #:use-module (gnu packages groff) |
f9cdf1c1 | 56 | #:use-module (gnu packages groff) |
7239c674 | 57 | #:use-module (gnu packages gtk) |
f9cdf1c1 | 58 | #:use-module (gnu packages libedit) |
afe62a8b | 59 | #:use-module (gnu packages libevent) |
f9cdf1c1 | 60 | #:use-module (gnu packages libidn) |
1e744399 | 61 | #:use-module (gnu packages linux) |
a35e16c0 | 62 | #:use-module (gnu packages lua) |
f9cdf1c1 TGR |
63 | #:use-module (gnu packages ncurses) |
64 | #:use-module (gnu packages nettle) | |
e12df2c6 | 65 | #:use-module (gnu packages networking) |
1e744399 | 66 | #:use-module (gnu packages perl) |
71f048c6 | 67 | #:use-module (gnu packages pkg-config) |
7e61a16c GG |
68 | #:use-module (gnu packages protobuf) |
69 | #:use-module (gnu packages python) | |
0406434b | 70 | #:use-module (gnu packages python-xyz) |
2b73e50c | 71 | #:use-module (gnu packages ragel) |
6a7256fc | 72 | #:use-module (gnu packages shells) |
a35e16c0 | 73 | #:use-module (gnu packages sphinx) |
7e61a16c | 74 | #:use-module (gnu packages swig) |
4756b9b1 | 75 | #:use-module (gnu packages texinfo) |
a7fd7b68 | 76 | #:use-module (gnu packages tls) |
f9cdf1c1 | 77 | #:use-module (gnu packages web) |
1e744399 | 78 | #:use-module (gnu packages xml) |
12e530ba | 79 | #:use-module (gnu packages) |
1e744399 | 80 | #:use-module ((guix licenses) #:prefix license:) |
dd2efd3d TUBK |
81 | #:use-module (guix packages) |
82 | #:use-module (guix download) | |
91a4863d | 83 | #:use-module (guix git-download) |
7e61a16c | 84 | #:use-module (guix utils) |
7239c674 | 85 | #:use-module (guix build-system glib-or-gtk) |
0bc2d3e4 | 86 | #:use-module (guix build-system gnu) |
a35e16c0 | 87 | #:use-module (guix build-system meson) |
0bc2d3e4 | 88 | #:use-module (guix build-system trivial)) |
dd2efd3d | 89 | |
6a7256fc RG |
90 | (define-public ldns |
91 | (package | |
92 | (name "ldns") | |
93 | (version "1.7.1") | |
94 | (source | |
95 | (origin | |
96 | (method url-fetch) | |
97 | (uri | |
98 | (string-append "https://www.nlnetlabs.nl/downloads/" | |
99 | name "/" name "-" version ".tar.gz")) | |
100 | (sha256 | |
101 | (base32 "0ac242n7996fswq1a3nlh1bbbhrsdwsq4mx7xq8ffq6aplb4rj4a")) | |
102 | (patches | |
103 | (search-patches | |
104 | ;; To create make-flag vairables, | |
105 | ;; for splitting installation of drill and examples. | |
106 | "ldns-drill-examples.patch")))) | |
107 | (build-system gnu-build-system) | |
108 | (outputs '("out" "drill" "examples" "pyldns")) | |
109 | (arguments | |
110 | `( ;; Tests require Tpkg. | |
111 | ;; https://tpkg.github.io/ | |
112 | #:tests? #f | |
113 | #:configure-flags | |
114 | (list | |
115 | "--disable-static" | |
116 | "--enable-gost-anyway" | |
117 | "--enable-rrtype-ninfo" | |
118 | "--enable-rrtype-rkey" | |
119 | "--enable-rrtype-ta" | |
120 | "--enable-rrtype-avc" | |
121 | "--enable-rrtype-doa" | |
122 | "--enable-rrtype-amtrelay" | |
123 | "--with-drill" | |
124 | "--with-examples" | |
125 | "--with-pyldns" | |
126 | ;; Perl module DNS::LDNS not available. | |
127 | ;; https://github.com/erikoest/DNS-LDNS.git | |
128 | ;; "--with-p5-dns-ldns" | |
129 | (string-append "--with-ssl=" | |
130 | (assoc-ref %build-inputs "openssl")) | |
131 | (string-append "--with-ca-path=" | |
132 | (assoc-ref %build-inputs "nss-certs") | |
133 | "/etc/ssl/certs")) | |
134 | #:make-flags | |
135 | (list | |
136 | (string-append "drillbindir=" | |
137 | (assoc-ref %outputs "drill") | |
138 | "/bin") | |
139 | (string-append "drillmandir=" | |
140 | (assoc-ref %outputs "drill") | |
141 | "/share/man") | |
142 | (string-append "examplesbindir=" | |
143 | (assoc-ref %outputs "examples") | |
144 | "/bin") | |
145 | (string-append "examplesmandir=" | |
146 | (assoc-ref %outputs "examples") | |
147 | "/share/man") | |
148 | (string-append "python_site=" | |
149 | (assoc-ref %outputs "pyldns") | |
150 | "/lib/python" | |
151 | ,(version-major+minor | |
152 | (package-version python)) | |
153 | "/site-packages")))) | |
154 | (native-inputs | |
155 | `(("doxygen" ,doxygen) | |
156 | ("ksh" ,oksh) | |
157 | ("perl" ,perl) | |
158 | ("perl-devel-checklib" ,perl-devel-checklib) | |
159 | ("pkg-config" ,pkg-config) | |
160 | ("python" ,python-wrapper) | |
161 | ("swig" ,swig))) | |
162 | (inputs | |
163 | `(("libpcap" ,libpcap) | |
164 | ("nss-certs" ,nss-certs) | |
165 | ("openssl" ,openssl))) | |
166 | (synopsis "DNS library that facilitates DNS tool programming") | |
167 | (description "LDNS aims to simplify DNS programming, it supports recent | |
168 | RFCs like the DNSSEC documents, and allows developers to easily create | |
169 | software conforming to current RFCs, and experimental software for current | |
170 | Internet Drafts. A secondary benefit of using ldns is speed; ldns is written in | |
171 | C it should be a lot faster than Perl.") | |
172 | (home-page "https://nlnetlabs.nl/projects/ldns/about/") | |
173 | (license license:bsd-3))) | |
174 | ||
7239c674 RG |
175 | (define-public dnssec-trigger |
176 | (package | |
177 | (name "dnssec-trigger") | |
178 | (version "0.17") | |
179 | (source | |
180 | (origin | |
181 | (method url-fetch) | |
182 | (uri | |
183 | (string-append "https://www.nlnetlabs.nl/downloads/" | |
184 | name "/" name "-" version ".tar.gz")) | |
185 | (sha256 | |
186 | (base32 "10928q406x9r66a090xl5kznzgyxpja88w4srwcv454hd351j9f0")))) | |
187 | (build-system glib-or-gtk-build-system) | |
188 | (outputs '("out" "gui" "nm")) | |
189 | (arguments | |
190 | `(#:test-target "test" | |
191 | #:configure-flags | |
192 | (list | |
193 | (string-append "--with-ssl=" | |
194 | (assoc-ref %build-inputs "openssl")) | |
195 | "--with-hooks=networkmanager" | |
196 | (string-append "--with-networkmanager-dispatch=" | |
197 | (assoc-ref %outputs "nm") | |
198 | "/etc/NetworkManager/dispatcher.d") | |
199 | (string-append "--with-xdg-autostart=" | |
200 | (assoc-ref %outputs "gui") | |
201 | "/etc/xdg/autostart") | |
202 | (string-append "--with-uidir=" | |
203 | (assoc-ref %outputs "gui") | |
204 | "/share/dnssec-trigger") | |
205 | (string-append "--with-python=" | |
206 | (assoc-ref %build-inputs "python") | |
207 | "/bin/python") | |
208 | (string-append "--with-unbound-control=" | |
209 | (assoc-ref %build-inputs "unbound") | |
210 | "/sbin/unbound-control") | |
211 | "--with-forward-zones-support") | |
212 | #:phases | |
213 | (modify-phases %standard-phases | |
214 | (add-after 'unpack 'patch-configure | |
215 | (lambda _ | |
216 | (substitute* "configure" | |
217 | (("appindicator-0.1") | |
218 | "appindicator3-0.1")) | |
219 | #t)) | |
220 | (add-before 'configure 'patch-makefile | |
221 | (lambda _ | |
222 | (substitute* "Makefile.in" | |
223 | (("/usr") | |
224 | "$(prefix)") | |
225 | (("/etc") | |
226 | "$(prefix)/etc") | |
227 | ((".*gtk-update-icon-cache.*") | |
228 | "")) | |
229 | #t)) | |
230 | (add-after 'install 'remove-systemd | |
231 | (lambda* (#:key outputs #:allow-other-keys) | |
232 | (let* ((out (assoc-ref outputs "out"))) | |
233 | (delete-file-recursively | |
234 | (string-append out "/lib/systemd")) | |
235 | #t))) | |
236 | (add-after 'remove-systemd 'move-gui | |
237 | (lambda* (#:key outputs #:allow-other-keys) | |
238 | (let* ((out (assoc-ref outputs "out")) | |
239 | (gui (assoc-ref outputs "gui"))) | |
240 | (mkdir-p (string-append gui "/bin")) | |
241 | (mkdir-p (string-append gui "/share")) | |
242 | (rename-file | |
243 | (string-append out "/bin") | |
244 | (string-append gui "/bin")) | |
245 | (rename-file | |
246 | (string-append out "/share/icons") | |
247 | (string-append gui "/share/icons")) | |
248 | #t))) | |
249 | (add-after 'move-gui 'move-nm | |
250 | (lambda* (#:key outputs #:allow-other-keys) | |
251 | (let* ((out (assoc-ref outputs "out")) | |
252 | (nm (assoc-ref outputs "nm"))) | |
253 | (mkdir-p (string-append nm "/libexec")) | |
254 | (rename-file | |
255 | (string-append out "/libexec") | |
256 | (string-append nm "/libexec")) | |
257 | #t)))))) | |
258 | (native-inputs | |
259 | `(("cmocka" ,cmocka) | |
260 | ("pkg-config" ,pkg-config) | |
261 | ("python" ,python-wrapper))) | |
262 | (inputs | |
263 | `(("gtk+-2" ,gtk+-2) | |
264 | ("ldns" ,ldns) | |
265 | ("libappindicator" ,libappindicator) | |
266 | ("openssl" ,openssl) | |
267 | ("unbound" ,unbound))) | |
268 | (synopsis "DNSSEC protection for the DNS traffic") | |
269 | (description "DNSSEC-Trigger enables your computer to use DNSSEC protection | |
270 | for the DNS traffic. It relies on the Unbound DNS resolver running locally on | |
271 | your system, which performs DNSSEC validation. It reconfigures Unbound in such | |
272 | a way that it will signal it to to use the DHCP obtained forwarders if possible, | |
273 | fallback to doing its own AUTH queries if that fails, and if that fails it will | |
274 | prompt the user with the option to go with insecure DNS only.") | |
275 | (home-page "https://www.nlnetlabs.nl/projects/dnssec-trigger/about/") | |
276 | (license license:bsd-3))) | |
277 | ||
dd2efd3d TUBK |
278 | (define-public dnsmasq |
279 | (package | |
280 | (name "dnsmasq") | |
c8d809f9 | 281 | (version "2.85") |
dd2efd3d TUBK |
282 | (source (origin |
283 | (method url-fetch) | |
284 | (uri (string-append | |
285 | "http://www.thekelleys.org.uk/dnsmasq/dnsmasq-" | |
286 | version ".tar.xz")) | |
287 | (sha256 | |
288 | (base32 | |
c8d809f9 | 289 | "1yhjwgz8g5qrqvxh6bbmg3443zi8qqjks3q872wyb1zn7n0d765d")))) |
dd2efd3d | 290 | (build-system gnu-build-system) |
cb6d322a CB |
291 | (native-inputs |
292 | `(("pkg-config" ,pkg-config))) | |
293 | (inputs | |
294 | `(("dbus" ,dbus))) | |
dd2efd3d TUBK |
295 | (arguments |
296 | `(#:phases | |
dc1d3cde | 297 | (modify-phases %standard-phases (delete 'configure)) |
dd2efd3d | 298 | #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")) |
cb6d322a CB |
299 | "CC=gcc" |
300 | "COPTS=\"-DHAVE_DBUS\"") | |
4e6c51d4 | 301 | #:tests? #f)) ; no ‘check’ target |
dd2efd3d TUBK |
302 | (home-page "http://www.thekelleys.org.uk/dnsmasq/doc.html") |
303 | (synopsis "Small caching DNS proxy and DHCP/TFTP server") | |
304 | (description | |
c657716e TGR |
305 | "Dnsmasq is a light-weight DNS forwarder and DHCP server. It is designed |
306 | to provide DNS and, optionally, DHCP to a small network. It can serve the | |
dd2efd3d TUBK |
307 | names of local machines which are not in the global DNS. The DHCP server |
308 | integrates with the DNS server and allows machines with DHCP-allocated | |
c657716e | 309 | addresses to appear in the DNS with names configured either on each host or in |
dd2efd3d TUBK |
310 | a central configuration file. Dnsmasq supports static and dynamic DHCP leases |
311 | and BOOTP/TFTP for network booting of diskless machines.") | |
312 | ;; Source files only say GPL2 and GPL3 are allowed. | |
1e744399 TČ |
313 | (license (list license:gpl2 license:gpl3)))) |
314 | ||
a0683006 LC |
315 | ;; 'bind' is the name of a built-in Guile procedure, which is why we choose a |
316 | ;; different name here. | |
317 | (define-public isc-bind | |
1e744399 | 318 | (package |
be86b7ad | 319 | (name "bind") |
56b4a1d5 | 320 | ;; When updating, check whether isc-dhcp's bundled copy should be as well. |
11feecc2 LF |
321 | ;; The BIND release notes are available here: |
322 | ;; https://www.isc.org/bind/ | |
000e27b3 | 323 | (version "9.16.13") |
1e744399 TČ |
324 | (source (origin |
325 | (method url-fetch) | |
be86b7ad | 326 | (uri (string-append |
54fd7c02 | 327 | "https://ftp.isc.org/isc/bind9/" version |
3c4c60fa | 328 | "/bind-" version ".tar.xz")) |
1e744399 TČ |
329 | (sha256 |
330 | (base32 | |
000e27b3 | 331 | "026cliyj570wxvvij96mrzsxyf421xv9a80gc5gv6savza9wfk55")))) |
1e744399 | 332 | (build-system gnu-build-system) |
be86b7ad | 333 | (outputs `("out" "utils")) |
1e744399 | 334 | (inputs |
fc0dd636 | 335 | ;; It would be nice to add GeoIP and gssapi once there are packages. |
1e744399 | 336 | `(("libcap" ,libcap) |
3c4c60fa | 337 | ("libuv" ,libuv) |
1e744399 | 338 | ("libxml2" ,libxml2) |
1e744399 | 339 | ("openssl" ,openssl) |
0406434b TGR |
340 | ("p11-kit" ,p11-kit) |
341 | ("python" ,python) | |
342 | ("python-ply" ,python-ply))) | |
3c4c60fa TGR |
343 | (native-inputs |
344 | `(("perl" ,perl) | |
345 | ("pkg-config" ,pkg-config))) | |
1e744399 | 346 | (arguments |
be86b7ad | 347 | `(#:configure-flags |
3c4c60fa | 348 | (list (string-append "--with-pkcs11=" |
1e744399 TČ |
349 | (assoc-ref %build-inputs "p11-kit"))) |
350 | #:phases | |
be86b7ad JD |
351 | (modify-phases %standard-phases |
352 | (add-after 'strip 'move-to-utils | |
353 | (lambda _ | |
354 | (for-each | |
355 | (lambda (file) | |
356 | (let ((target (string-append (assoc-ref %outputs "utils") file)) | |
357 | (src (string-append (assoc-ref %outputs "out") file))) | |
358 | (mkdir-p (dirname target)) | |
359 | (link src target) | |
360 | (delete-file src))) | |
361 | '("/bin/dig" "/bin/delv" "/bin/nslookup" "/bin/host" "/bin/nsupdate" | |
362 | "/share/man/man1/dig.1" | |
363 | "/share/man/man1/host.1" | |
364 | "/share/man/man1/nslookup.1" | |
6023ecab TGR |
365 | "/share/man/man1/nsupdate.1")) |
366 | #t)) | |
be86b7ad JD |
367 | ;; When and if guix provides user namespaces for the build process, |
368 | ;; then the following can be uncommented and the subsequent "force-test" | |
369 | ;; will not be necessary. | |
370 | ;; | |
371 | ;; (add-before 'check 'set-up-loopback | |
372 | ;; (lambda _ | |
373 | ;; (system "bin/tests/system/ifconfig.sh up"))) | |
374 | (replace 'check | |
375 | (lambda _ | |
c72c1005 TGR |
376 | ;; XXX Even ‘make force-test’ tries to create network interfaces |
377 | ;; and fails. The only working target is the (trivial) fuzz test. | |
378 | (with-directory-excursion "fuzz" | |
379 | (invoke "make" "check")) | |
380 | #t))))) | |
d039d80d TGR |
381 | (synopsis "@acronym{DNS, Domain Name System} implementation") |
382 | (description "BIND implements the @acronym{DNS, Domain Name System} | |
383 | protocols for the Internet. It is both a reference implementation of those | |
384 | protocols and production-grade software, suitable for use in high-volume and | |
385 | high-reliability applications. | |
386 | ||
387 | The name stands for \"Berkeley Internet Name Domain\" because the software | |
388 | originated in the early 1980s at the University of California at Berkeley. | |
389 | ||
390 | The @code{utils} output of this package contains the following command line | |
391 | utilities related to DNS name servers: | |
392 | ||
83b5ea9d MC |
393 | @table @code |
394 | @item delv | |
395 | DNS lookup and validation utility | |
396 | @item dig | |
397 | DNS lookup utility | |
398 | @item host | |
399 | DNS lookup utility | |
400 | @item nslookup | |
401 | Internet name servers interactive query utility | |
402 | @item nsupdate | |
403 | Dynamic DNS update utility | |
404 | @end table") | |
405 | (home-page "https://www.isc.org/bind/") | |
ecc7aa89 | 406 | (license (list license:mpl2.0)))) |
be86b7ad | 407 | |
d24727c0 MB |
408 | (define-public dnscrypt-proxy |
409 | (package | |
410 | (name "dnscrypt-proxy") | |
83a89531 | 411 | (version "1.9.5") |
d24727c0 MB |
412 | (source (origin |
413 | (method url-fetch) | |
414 | (uri (string-append | |
415 | "https://download.dnscrypt.org/dnscrypt-proxy/" | |
416 | "dnscrypt-proxy-" version ".tar.bz2")) | |
417 | (sha256 | |
418 | (base32 | |
83a89531 | 419 | "1dhvklr4dg2vlw108n11xbamacaryyg3dbrg629b76lp7685p7z8")) |
d24727c0 MB |
420 | (modules '((guix build utils))) |
421 | (snippet | |
422 | ;; Delete bundled libltdl. XXX: This package also bundles | |
423 | ;; a modified libevent that cannot currently be removed. | |
6cbee49d MW |
424 | '(begin |
425 | (delete-file-recursively "libltdl") | |
426 | #t)))) | |
d24727c0 MB |
427 | (build-system gnu-build-system) |
428 | (arguments | |
429 | `(#:phases | |
430 | (modify-phases %standard-phases | |
d10092b8 | 431 | (add-after 'unpack 'autoreconf |
d24727c0 MB |
432 | (lambda _ |
433 | ;; Re-generate build files due to unbundling ltdl. | |
434 | ;; TODO: Prevent generating new libltdl and building it. | |
435 | ;; The system version is still favored and referenced. | |
997a4e18 | 436 | (invoke "autoreconf" "-vif")))))) |
d24727c0 MB |
437 | (native-inputs |
438 | `(("pkg-config" ,pkg-config) | |
439 | ("automake" ,automake) | |
440 | ("autoconf" ,autoconf) | |
441 | ("libtool" ,libtool))) | |
442 | (inputs | |
443 | `(("libltdl" ,libltdl) | |
444 | ("libsodium" ,libsodium))) | |
445 | (home-page "https://www.dnscrypt.org/") | |
446 | (synopsis "Securely send DNS requests to a remote server") | |
447 | (description | |
448 | "@command{dnscrypt-proxy} is a tool for securing communications | |
449 | between a client and a DNS resolver. It verifies that responses you get | |
450 | from a DNS provider was actually sent by that provider, and haven't been | |
451 | tampered with. For optimal performance it is recommended to use this as | |
452 | a forwarder for a caching DNS resolver such as @command{dnsmasq}, but it | |
453 | can also be used as a normal DNS \"server\". A list of public dnscrypt | |
454 | servers is included, and an up-to-date version is available at | |
455 | @url{https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv}.") | |
456 | (license (list license:isc | |
457 | ;; Libevent and src/ext/queue.h is 3-clause BSD. | |
458 | license:bsd-3)))) | |
459 | ||
afe62a8b MB |
460 | (define-public dnscrypt-wrapper |
461 | (package | |
462 | (name "dnscrypt-wrapper") | |
463 | (version "0.2.2") | |
464 | (source (origin | |
465 | (method url-fetch) | |
466 | (uri (string-append | |
467 | "https://github.com/cofyc/dnscrypt-wrapper/releases" | |
468 | "/download/v" version "/" name "-v" version ".tar.bz2")) | |
469 | (sha256 | |
470 | (base32 | |
471 | "1vhg4g0r687f51wcdn7z9w1hxapazx6vyh5rsr8wa48sljzd583g")))) | |
472 | (build-system gnu-build-system) | |
473 | (arguments | |
474 | `(#:make-flags '("CC=gcc") | |
475 | ;; TODO: Tests require ruby-cucumber and ruby-aruba. | |
476 | #:tests? #f | |
477 | #:phases | |
478 | (modify-phases %standard-phases | |
d10092b8 | 479 | (add-after 'unpack 'create-configure |
afe62a8b | 480 | (lambda _ |
b43cd106 | 481 | (invoke "make" "configure")))))) |
afe62a8b MB |
482 | (native-inputs |
483 | `(("autoconf" ,autoconf))) | |
484 | (inputs | |
485 | `(("libevent" ,libevent) | |
486 | ("libsodium" ,libsodium))) | |
487 | (home-page "https://github.com/Cofyc/dnscrypt-wrapper") | |
488 | (synopsis "Server-side dnscrypt proxy") | |
489 | (description | |
490 | "@command{dnscrypt-wrapper} is a tool to expose a name server over | |
491 | the @code{dnscrypt} protocol. It can be used as an endpoint for the | |
492 | @command{dnscrypt-proxy} client to securely tunnel DNS requests between | |
493 | the two.") | |
494 | (license (list license:isc | |
495 | ;; Bundled argparse is MIT. TODO: package and unbundle. | |
496 | license:expat | |
497 | ;; dns-protocol.h and rfc1035.{c,h} is gpl2 or gpl3 (either). | |
498 | license:gpl2 | |
499 | license:gpl3)))) | |
500 | ||
71f048c6 | 501 | (define-public libasr |
502 | (package | |
503 | (name "libasr") | |
4bf26153 | 504 | (version "1.0.4") |
71f048c6 | 505 | (source |
506 | (origin | |
507 | (method url-fetch) | |
508 | (uri (string-append "https://www.opensmtpd.org/archives/" | |
c34d0cd8 | 509 | "libasr-" version ".tar.gz")) |
71f048c6 | 510 | (sha256 |
4bf26153 | 511 | (base32 "1d6s8njqhvayx2gp47409sp1fn8m608ws26hr1srfp6i23nnpyqr")))) |
71f048c6 | 512 | (build-system gnu-build-system) |
0aa217e7 TGR |
513 | (arguments |
514 | `(#:phases | |
515 | (modify-phases %standard-phases | |
0aa217e7 TGR |
516 | (add-after 'install 'install-documentation |
517 | (lambda* (#:key outputs #:allow-other-keys) | |
518 | (let ((out (assoc-ref outputs "out"))) | |
519 | (install-file "src/asr_run.3" | |
520 | (string-append out "/share/man/man3")) | |
521 | #t)))))) | |
71f048c6 | 522 | (native-inputs |
523 | `(("autoconf" ,autoconf) | |
524 | ("automake" ,automake) | |
0aa217e7 TGR |
525 | ("libtool" ,libtool) |
526 | ("pkg-config" ,pkg-config))) | |
71f048c6 | 527 | (home-page "https://www.opensmtpd.org") |
528 | (synopsis "Asynchronous resolver library by the OpenBSD project") | |
529 | (description | |
530 | "libasr is a free, simple and portable asynchronous resolver library. | |
23f5dd91 | 531 | It runs DNS queries and performs hostname resolution in a fully |
71f048c6 | 532 | asynchronous fashion.") |
533 | (license (list license:isc | |
534 | license:bsd-2 ; last part of getrrsetbyname_async.c | |
535 | license:bsd-3 | |
536 | (license:non-copyleft "file://LICENSE") ; includes.h | |
537 | license:openssl)))) | |
6cf626e8 | 538 | |
7382ecd8 TGR |
539 | (define-public nsd |
540 | (package | |
541 | (name "nsd") | |
887531a2 | 542 | (version "4.3.6") |
7382ecd8 TGR |
543 | (source |
544 | (origin | |
545 | (method url-fetch) | |
546 | (uri (string-append "https://www.nlnetlabs.nl/downloads/nsd/nsd-" | |
547 | version ".tar.gz")) | |
548 | (sha256 | |
887531a2 | 549 | (base32 "062zwx4k5rgpg2c0b4721ldj36aj8clrxv79mlfw9b15ap7w1rmy")))) |
7382ecd8 TGR |
550 | (build-system gnu-build-system) |
551 | (arguments | |
552 | `(#:configure-flags | |
553 | (list "--enable-pie" ; fully benefit from ASLR | |
554 | "--enable-ratelimit" | |
555 | "--enable-recvmmsg" | |
556 | "--enable-relro-now" ; protect GOT and .dtor areas | |
557 | "--disable-radix-tree" | |
558 | (string-append "--with-libevent=" | |
559 | (assoc-ref %build-inputs "libevent")) | |
560 | (string-append "--with-ssl=" | |
561 | (assoc-ref %build-inputs "openssl")) | |
562 | "--with-configdir=/etc" | |
563 | "--with-nsd_conf_file=/etc/nsd/nsd.conf" | |
564 | "--with-logfile=/var/log/nsd.log" | |
565 | "--with-pidfile=/var/db/nsd/nsd.pid" | |
566 | "--with-dbfile=/var/db/nsd/nsd.db" | |
567 | "--with-zonesdir=/etc/nsd" | |
568 | "--with-xfrdfile=/var/db/nsd/xfrd.state" | |
569 | "--with-zonelistfile=/var/db/nsd/zone.list") | |
570 | #:phases | |
571 | (modify-phases %standard-phases | |
572 | (add-before 'configure 'patch-installation-paths | |
573 | (lambda* (#:key outputs #:allow-other-keys) | |
574 | (let* ((out (assoc-ref outputs "out")) | |
575 | (doc (string-append out "/share/doc/" ,name "-" ,version))) | |
576 | ;; The ‘make install’ target tries to create the parent | |
577 | ;; directories of run-time things like ‘pidfile’ above, and | |
578 | ;; useless empty directories like 'configdir'. Remove such | |
579 | ;; '$(INSTALL)' lines and install the example configuration file | |
580 | ;; in an appropriate location. | |
581 | (substitute* "Makefile.in" | |
582 | ((".*INSTALL.*\\$\\((config|pid|xfr|db)dir" command) | |
583 | (string-append "#" command)) | |
584 | (("\\$\\(nsdconfigfile\\)\\.sample" file-name) | |
585 | (string-append doc "/examples/" file-name))) | |
586 | #t)))) | |
587 | #:tests? #f)) ; no tests | |
588 | (inputs | |
589 | `(("libevent" ,libevent) | |
590 | ("openssl" ,openssl))) | |
591 | (home-page "https://www.nlnetlabs.nl/projects/nsd/about/") | |
592 | (synopsis "Authoritative DNS name server") | |
593 | (description "@dfn{NSD}, short for Name Server Daemon, is an authoritative | |
594 | name server for the Domain Name System (@dfn{DNS}). It aims to be a fast and | |
595 | RFC-compliant nameserver. | |
596 | ||
597 | NSD uses zone information compiled via @command{zonec} into a binary database | |
598 | file (@file{nsd.db}). This allows fast startup of the name service daemon and | |
599 | allows syntax-structural errors in zone files to be flagged at compile time, | |
600 | before being made available to NSD service itself. However, most traditional | |
601 | BIND-style zone files can be directly imported into NSD without modification. | |
602 | ||
603 | The collection of programs and processes that make up NSD are designed so that | |
604 | the daemon itself runs as a non-privileged user and can be easily configured to | |
605 | run in a @code{chroot} jail, thus making any security flaws in NSD less likely | |
606 | to result in system-wide compromise.") | |
607 | (license (list license:bsd-3)))) | |
608 | ||
7e61a16c GG |
609 | (define-public unbound |
610 | (package | |
611 | (name "unbound") | |
402964ee | 612 | (version "1.13.1") |
7e61a16c GG |
613 | (source |
614 | (origin | |
615 | (method url-fetch) | |
616 | (uri (string-append "https://www.unbound.net/downloads/unbound-" | |
617 | version ".tar.gz")) | |
618 | (sha256 | |
402964ee | 619 | (base32 "1f2hky62f4xxnjr0lncrzz4gipg01rp12pf98mrqkgf5ixxxj145")))) |
7e61a16c GG |
620 | (build-system gnu-build-system) |
621 | (outputs '("out" "python")) | |
622 | (native-inputs | |
623 | `(("flex" ,flex) | |
624 | ("swig" ,swig))) | |
625 | (inputs | |
626 | `(("expat" ,expat) | |
627 | ("libevent" ,libevent) | |
628 | ("protobuf" ,protobuf) | |
7e61a16c GG |
629 | ("python-wrapper" ,python-wrapper) |
630 | ("openssl" ,openssl))) | |
631 | (arguments | |
632 | `(#:configure-flags | |
37040b85 | 633 | (list "--disable-static" ; save space and non-determinism in libunbound.a |
a431929d | 634 | (string-append |
7e61a16c GG |
635 | "--with-ssl=" (assoc-ref %build-inputs "openssl")) |
636 | (string-append | |
637 | "--with-libevent=" (assoc-ref %build-inputs "libevent")) | |
638 | (string-append | |
639 | "--with-libexpat=" (assoc-ref %build-inputs "expat")) | |
640 | "--with-pythonmodule" "--with-pyunbound") | |
641 | #:phases | |
642 | (modify-phases %standard-phases | |
643 | (add-after 'configure 'fix-python-site-package-path | |
644 | ;; Move python modules into their own output. | |
645 | (lambda* (#:key outputs #:allow-other-keys) | |
646 | (let ((pyout (assoc-ref outputs "python")) | |
647 | (ver ,(version-major+minor (package-version python)))) | |
648 | (substitute* "Makefile" | |
649 | (("^PYTHON_SITE_PKG=.*$") | |
650 | (string-append | |
651 | "PYTHON_SITE_PKG=" | |
652 | pyout "/lib/python-" ver "/site-packages\n")))) | |
653 | #t)) | |
654 | (add-before 'check 'fix-missing-nss-for-tests | |
655 | ;; Unfortunately, the package's unittests involve some checks | |
656 | ;; looking up protocols and services which are not provided | |
657 | ;; by the minimalistic build environment, in particular, | |
658 | ;; /etc/protocols and /etc/services are missing. | |
659 | ;; Also, after plain substitution of protocol and service names | |
660 | ;; in the test data, the tests still fail because the | |
661 | ;; corresponding Resource Records have been signed by | |
662 | ;; RRSIG records. | |
663 | ;; The following LD_PRELOAD library overwrites the glibc | |
664 | ;; functions ‘get{proto,serv}byname’, ‘getprotobynumber’ and | |
665 | ;; ‘getservbyport’ providing the few records required for the | |
666 | ;; unit tests to pass. | |
667 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
668 | (let* ((source (assoc-ref %build-inputs "source")) | |
669 | (gcc (assoc-ref %build-inputs "gcc"))) | |
670 | (call-with-output-file "/tmp/nss_preload.c" | |
671 | (lambda (port) | |
672 | (display "#include <stdlib.h> | |
673 | #include <string.h> | |
674 | #include <strings.h> | |
675 | ||
676 | #include <netdb.h> | |
677 | ||
678 | struct protoent *getprotobyname(const char *name) { | |
679 | struct protoent *p = malloc(sizeof(struct protoent)); | |
680 | p->p_aliases = malloc(sizeof(char*)); | |
681 | if (strcasecmp(name, \"tcp\") == 0) { | |
682 | p->p_name = \"tcp\"; | |
683 | p->p_proto = 6; | |
684 | p->p_aliases[0] = \"TCP\"; | |
685 | } else if (strcasecmp(name, \"udp\") == 0) { | |
686 | p->p_name = \"udp\"; | |
687 | p->p_proto = 17; | |
688 | p->p_aliases[0] = \"UDP\"; | |
689 | } else | |
690 | p = NULL; | |
691 | return p; | |
692 | } | |
693 | ||
694 | struct protoent *getprotobynumber(int proto) { | |
695 | struct protoent *p = malloc(sizeof(struct protoent)); | |
696 | p->p_aliases = malloc(sizeof(char*)); | |
697 | switch(proto) { | |
698 | case 6: | |
699 | p->p_name = \"tcp\"; | |
700 | p->p_proto = 6; | |
701 | p->p_aliases[0] = \"TCP\"; | |
702 | break; | |
703 | case 17: | |
704 | p->p_name = \"udp\"; | |
705 | p->p_proto = 17; | |
706 | p->p_aliases[0] = \"UDP\"; | |
707 | break; | |
708 | default: | |
709 | p = NULL; | |
710 | break; | |
711 | } | |
712 | return p; | |
713 | } | |
714 | ||
715 | struct servent *getservbyname(const char *name, const char *proto) { | |
716 | struct servent *s = malloc(sizeof(struct servent)); | |
717 | char* buf = malloc((strlen(proto)+1)*sizeof(char)); | |
718 | strcpy(buf, proto); | |
719 | s->s_aliases = malloc(sizeof(char*)); | |
720 | s->s_aliases[0] = NULL; | |
721 | if (strcasecmp(name, \"domain\") == 0) { | |
722 | s->s_name = \"domain\"; | |
723 | s->s_port = htons(53); | |
724 | s->s_proto = buf; | |
725 | } else | |
726 | s = NULL; | |
727 | return s; | |
728 | } | |
729 | ||
730 | struct servent *getservbyport(int port, const char *proto) { | |
731 | char buf[32]; | |
732 | struct servent *s = malloc(sizeof(struct servent)); | |
733 | strcpy(buf, proto); | |
734 | s->s_aliases = malloc(sizeof(char*)); | |
735 | s->s_aliases[0] = NULL; | |
736 | switch(port) { | |
737 | case 53: | |
738 | s->s_name = \"domain\"; | |
739 | s->s_port = 53; | |
740 | s->s_proto = \"udp\"; | |
741 | break; | |
742 | default: | |
743 | s = NULL; | |
744 | break; | |
745 | } | |
746 | return s; | |
747 | }" port))) | |
9a3a1565 TGR |
748 | (invoke (string-append gcc "/bin/gcc") |
749 | "-shared" "-fPIC" "-o" "/tmp/nss_preload.so" | |
750 | "/tmp/nss_preload.c") | |
7e61a16c GG |
751 | ;; The preload library only affects the unittests. |
752 | (substitute* "Makefile" | |
753 | (("./unittest") | |
754 | "LD_PRELOAD=/tmp/nss_preload.so ./unittest"))) | |
755 | #t))))) | |
756 | (home-page "https://www.unbound.net") | |
757 | (synopsis "Validating, recursive, and caching DNS resolver") | |
758 | (description | |
759 | "Unbound is a recursive-only caching DNS server which can perform DNSSEC | |
760 | validation of results. It implements only a minimal amount of authoritative | |
761 | service to prevent leakage to the root nameservers: forward lookups for | |
762 | localhost, reverse for @code{127.0.0.1} and @code{::1}, and NXDOMAIN for zones | |
763 | served by AS112. Stub and forward zones are supported.") | |
764 | (license license:bsd-4))) | |
765 | ||
6cf626e8 TGR |
766 | (define-public yadifa |
767 | (package | |
768 | (name "yadifa") | |
a5b24c35 | 769 | (version "2.4.2") |
6cf626e8 | 770 | (source |
a5b24c35 | 771 | (let ((build "9997")) |
8769d482 TGR |
772 | (origin |
773 | (method url-fetch) | |
774 | (uri | |
2682614b | 775 | (string-append "https://www.yadifa.eu/sites/default/files/releases/" |
fe99b7f7 | 776 | "yadifa-" version "-" build ".tar.gz")) |
8769d482 | 777 | (sha256 |
a5b24c35 | 778 | (base32 "0f1by2c7l39qpsar5nh98f3xypmn2ikv7wr557wmva6m0lwbl3q0"))))) |
6cf626e8 TGR |
779 | (build-system gnu-build-system) |
780 | (native-inputs | |
781 | `(("which" ,which))) | |
782 | (inputs | |
783 | `(("openssl" ,openssl))) | |
784 | (arguments | |
57b05e4a TGR |
785 | `(#:phases |
786 | (modify-phases %standard-phases | |
787 | (add-before 'configure 'omit-example-configurations | |
788 | (lambda _ | |
789 | (substitute* "Makefile.in" | |
790 | ((" (etc|var)") "")) | |
576a1699 TGR |
791 | #t)) |
792 | (add-after 'configure 'omit-spurious-references | |
793 | (lambda _ | |
794 | ;; The many Makefile.in grep this(!) to #define BUILD_OPTIONS. | |
795 | (substitute* "config.log" | |
796 | (("(=/gnu/store/)[^-]*" _ match) | |
797 | (string-append match "..."))) | |
57b05e4a TGR |
798 | #t))) |
799 | #:configure-flags | |
800 | (list "--sysconfdir=/etc" | |
801 | "--localstatedir=/var" | |
4733c76c TGR |
802 | "--enable-shared" "--disable-static" |
803 | "--disable-build-timestamp"))) ; build reproducibly | |
9f733172 | 804 | (home-page "https://www.yadifa.eu/") |
6cf626e8 | 805 | (synopsis "Authoritative DNS name server") |
366efcb2 TGR |
806 | (description "YADIFA is an authoritative name server for the @dfn{Domain |
807 | Name System} (DNS). It aims for both higher performance and a smaller memory | |
6cf626e8 | 808 | footprint than other implementations, while remaining fully RFC-compliant. |
366efcb2 TGR |
809 | YADIFA supports dynamic record updates and the @dfn{Domain Name System Security |
810 | Extensions} (DNSSEC).") | |
6cf626e8 | 811 | (license license:bsd-3))) |
f9cdf1c1 TGR |
812 | |
813 | (define-public knot | |
814 | (package | |
815 | (name "knot") | |
3f4a71a4 | 816 | (version "3.0.5") |
e41ddf76 TGR |
817 | (source |
818 | (origin | |
ca4143c7 TGR |
819 | (method git-fetch) |
820 | (uri (git-reference | |
821 | (url "https://gitlab.nic.cz/knot/knot-dns") | |
822 | (commit (string-append "v" version)))) | |
823 | (file-name (git-file-name name version)) | |
e41ddf76 | 824 | (sha256 |
3f4a71a4 | 825 | (base32 "16rgcmgj21w2niyz45d3zjlci9i22gxcvfzqw7g5zwsjdy9610nx")) |
2b73e50c TGR |
826 | (modules '((guix build utils))) |
827 | (snippet | |
828 | '(begin | |
829 | ;; Remove Ragel-generated C files. We'll recreate them below. | |
830 | (for-each delete-file (find-files "." "\\.c\\.[gt].")) | |
ca4143c7 | 831 | (delete-file "src/libknot/yparser/ypbody.c") |
387ad8fd TGR |
832 | ;; Remove bundled library to ensure we always use the system's. |
833 | (delete-file-recursively "src/contrib/libbpf") | |
2b73e50c | 834 | #t)))) |
f9cdf1c1 | 835 | (build-system gnu-build-system) |
8154df53 | 836 | (outputs (list "out" "doc" "lib" "tools")) |
f9cdf1c1 | 837 | (arguments |
84da8f7f | 838 | `(#:configure-flags |
8154df53 TGR |
839 | (list (string-append "--docdir=" (assoc-ref %outputs "doc") |
840 | "/share/" ,name "-" ,version) | |
841 | (string-append "--infodir=" (assoc-ref %outputs "doc") | |
842 | "/share/info") | |
843 | (string-append "--libdir=" (assoc-ref %outputs "lib") "/lib") | |
844 | "--sysconfdir=/etc" | |
84da8f7f TGR |
845 | "--localstatedir=/var" |
846 | "--enable-dnstap" ; let tools read/write capture files | |
d3413b6f | 847 | "--enable-fastparser" ; disabled by default when .git/ exists |
387ad8fd | 848 | "--enable-xdp=auto" ; XXX [=yes] currently means =embedded |
2eb0585a | 849 | "--with-module-dnstap=yes") ; detailed query capturing & logging |
84da8f7f | 850 | #:phases |
f9cdf1c1 | 851 | (modify-phases %standard-phases |
387ad8fd TGR |
852 | (add-after 'unpack 'link-missing-libbpf-dependency |
853 | ;; Linking against -lbpf later would fail to find -lz: libbpf.pc has | |
854 | ;; zlib in its Requires.private (not Requires) field. Add it here. | |
855 | (lambda _ | |
856 | (substitute* "configure.ac" | |
857 | (("enable_xdp=yes" match) | |
858 | (string-append match "\nlibbpf_LIBS=\"$libbpf_LIBS -lz\""))) | |
8154df53 | 859 | #true)) |
ca4143c7 TGR |
860 | (add-before 'bootstrap 'update-parser |
861 | (lambda _ | |
2b73e50c | 862 | (with-directory-excursion "src" |
ca4143c7 | 863 | (invoke "sh" "../scripts/update-parser.sh")))) |
f9cdf1c1 TGR |
864 | (add-before 'configure 'disable-directory-pre-creation |
865 | (lambda _ | |
866 | ;; Don't install empty directories like ‘/etc’ outside the store. | |
1b00e3bd | 867 | ;; This is needed even when using ‘make config_dir=... install’. |
2d431b01 TGR |
868 | (substitute* "src/Makefile.in" (("\\$\\(INSTALL\\) -d") "true")) |
869 | #t)) | |
4756b9b1 SS |
870 | (add-after 'build 'build-info |
871 | (lambda _ | |
872 | (invoke "make" "info"))) | |
f9cdf1c1 TGR |
873 | (replace 'install |
874 | (lambda* (#:key outputs #:allow-other-keys) | |
875 | (let* ((out (assoc-ref outputs "out")) | |
ee1362fc | 876 | (doc (string-append out "/share/doc/" ,name "-" ,version)) |
f9cdf1c1 | 877 | (etc (string-append doc "/examples/etc"))) |
6b042495 TGR |
878 | (invoke "make" |
879 | (string-append "config_dir=" etc) | |
4756b9b1 SS |
880 | "install")))) |
881 | (add-after 'install 'install-info | |
882 | (lambda _ | |
8154df53 TGR |
883 | (invoke "make" "install-info"))) |
884 | (add-after 'install 'break-circular-:lib->:out-reference | |
885 | (lambda* (#:key outputs #:allow-other-keys) | |
886 | (let ((lib (assoc-ref outputs "lib"))) | |
887 | (for-each (lambda (file) | |
888 | (substitute* file | |
889 | (("(prefix=).*" _ assign) | |
890 | (string-append assign lib "\n")))) | |
891 | (find-files lib "\\.pc$")) | |
892 | #true))) | |
893 | (add-after 'install 'split-:tools | |
894 | (lambda* (#:key outputs #:allow-other-keys) | |
895 | (let* ((out (assoc-ref outputs "out")) | |
896 | (tools (assoc-ref outputs "tools"))) | |
897 | (mkdir-p (string-append tools "/share/man")) | |
898 | (rename-file (string-append out "/bin") | |
899 | (string-append tools "/bin")) | |
900 | (rename-file (string-append out "/share/man/man1") | |
901 | (string-append tools "/share/man/man1")) | |
902 | #true)))))) | |
84da8f7f | 903 | (native-inputs |
ca4143c7 TGR |
904 | `(("autoconf" ,autoconf) |
905 | ("automake" ,automake) | |
906 | ("libtool" ,libtool) | |
907 | ("pkg-config" ,pkg-config) | |
4756b9b1 SS |
908 | ("python-sphinx" ,python-sphinx) |
909 | ("ragel" ,ragel) | |
910 | ("texinfo" ,texinfo))) | |
84da8f7f TGR |
911 | (inputs |
912 | `(("fstrm" ,fstrm) | |
913 | ("gnutls" ,gnutls) | |
914 | ("jansson" ,jansson) | |
387ad8fd | 915 | ("libbpf" ,libbpf) |
84da8f7f TGR |
916 | ("libcap-ng" ,libcap-ng) |
917 | ("libedit" ,libedit) | |
387ad8fd | 918 | ("libelf" ,libelf) |
84da8f7f | 919 | ("libidn" ,libidn) |
dadfc9bc | 920 | ("libnghttp2" ,nghttp2 "lib") |
84da8f7f TGR |
921 | ("liburcu" ,liburcu) |
922 | ("lmdb" ,lmdb) | |
923 | ("ncurses" ,ncurses) | |
924 | ("protobuf-c" ,protobuf-c))) | |
f9cdf1c1 TGR |
925 | (home-page "https://www.knot-dns.cz/") |
926 | (synopsis "Authoritative DNS name server") | |
d1e4ad1b | 927 | (description "Knot DNS is an authoritative name server for the @dfn{Domain |
f9cdf1c1 TGR |
928 | Name System} (DNS), designed to meet the needs of root and @dfn{top-level |
929 | domain} (TLD) name servers. It is implemented as a threaded daemon and uses a | |
930 | number of programming techniques to improve speed. For example, the responder | |
931 | is completely lock-free, resulting in a very high response rate. Other features | |
932 | include automatic @dfn{DNS Security Extensions} (DNSSEC) signing, dynamic record | |
933 | synthesis, and on-the-fly re-configuration.") | |
0056f4cc TGR |
934 | (license |
935 | (list | |
936 | ;; src/contrib/{hat-trie,murmurhash3,openbsd}, | |
937 | ;; src/dnssec/contrib/vpool.[ch], and parts of libtap/ are ‘MIT’ (expat). | |
938 | license:expat | |
939 | license:lgpl2.0+ ; parts of scr/contrib/ucw | |
940 | license:public-domain ; src/contrib/fnv and possibly murmurhash3 | |
941 | license:gpl3+)))) ; everything else | |
0bc2d3e4 | 942 | |
a35e16c0 SB |
943 | (define-public knot-resolver |
944 | (package | |
945 | (name "knot-resolver") | |
b495254e | 946 | (version "5.3.1") |
a35e16c0 SB |
947 | (source (origin |
948 | (method url-fetch) | |
949 | (uri (string-append "https://secure.nic.cz/files/knot-resolver/" | |
950 | "knot-resolver-" version ".tar.xz")) | |
951 | (sha256 | |
952 | (base32 | |
b495254e | 953 | "1j99sz6r1hdvvd8rffx1917r9cyb7z46ivp5934sq57irmxnnkcx")))) |
a35e16c0 | 954 | (build-system meson-build-system) |
74e3c37a | 955 | (outputs '("out" "doc")) |
a35e16c0 | 956 | (arguments |
8a5c4384 | 957 | '(#:configure-flags '("-Ddoc=enabled") |
a35e16c0 SB |
958 | #:phases |
959 | (modify-phases %standard-phases | |
8a5c4384 SB |
960 | (add-before 'configure 'disable-default-ta |
961 | (lambda _ | |
962 | ;; Disable the default managed root TA, since we don't have | |
963 | ;; write access to the keyfile and its directory in store. | |
964 | (substitute* "daemon/lua/sandbox.lua.in" | |
965 | (("^trust_anchors\\.add_file.*") "")) | |
966 | #t)) | |
a35e16c0 SB |
967 | (add-after 'build 'build-doc |
968 | (lambda _ | |
969 | (invoke "ninja" "doc"))) | |
74e3c37a SS |
970 | (add-after 'install 'move-doc |
971 | (lambda* (#:key outputs #:allow-other-keys) | |
972 | ;; Move the manual and the example configuration files to the | |
973 | ;; "doc" output. | |
974 | (let ((out (assoc-ref outputs "out")) | |
975 | (doc (assoc-ref outputs "doc"))) | |
976 | (mkdir-p (string-append doc "/share/doc/knot-resolver")) | |
977 | (for-each | |
978 | (lambda (dir) | |
979 | (rename-file (string-append out "/share/" dir) | |
980 | (string-append doc "/share/" dir))) | |
981 | '("doc/knot-resolver/examples" | |
982 | "doc/knot-resolver/html" | |
983 | "info"))))) | |
a35e16c0 SB |
984 | (add-after 'install 'wrap-binary |
985 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
986 | (let* ((out (assoc-ref outputs "out")) | |
987 | (lua-* (map cdr (filter | |
988 | (lambda (input) | |
989 | (string-prefix? "lua-" (car input))) | |
990 | inputs))) | |
991 | (lua-path (lambda (p) | |
992 | (string-append p "/share/lua/5.1/?.lua"))) | |
993 | (lua-cpath (lambda (p) | |
994 | (string-append p "/lib/lua/5.1/?.so")))) | |
995 | (wrap-program (string-append out "/sbin/kresd") | |
996 | `("LUA_PATH" ";" prefix ,(map lua-path lua-*)) | |
997 | `("LUA_CPATH" ";" prefix ,(map lua-cpath lua-*))) | |
998 | #t)))))) | |
999 | (native-inputs | |
1000 | `(("cmocka" ,cmocka) ; for unit tests | |
1001 | ("doxygen" ,doxygen) | |
1002 | ("protobuf-c" ,protobuf-c) | |
1003 | ("pkg-config" ,pkg-config) | |
1004 | ("python-breathe" ,python-breathe) | |
1005 | ("python-sphinx" ,python-sphinx) | |
4fcff590 SS |
1006 | ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme) |
1007 | ("texinfo" ,texinfo))) | |
a35e16c0 SB |
1008 | (inputs |
1009 | `(("fstrm" ,fstrm) | |
1010 | ("gnutls" ,gnutls) | |
a97ea4ff | 1011 | ("knot:lib" ,knot "lib") |
a35e16c0 SB |
1012 | ("libuv" ,libuv) |
1013 | ("lmdb" ,lmdb) | |
1014 | ("luajit" ,luajit) | |
d1a26bed | 1015 | ;; TODO: Add optional lua modules: basexx and psl. |
4fcff590 SS |
1016 | ("lua-bitop" ,lua5.1-bitop) |
1017 | ("nghttp2" ,nghttp2 "lib"))) | |
a35e16c0 SB |
1018 | (home-page "https://www.knot-resolver.cz/") |
1019 | (synopsis "Caching validating DNS resolver") | |
1020 | (description | |
1021 | "Knot Resolver is a caching full resolver implementation written in C and | |
1022 | LuaJIT, both a resolver library and a daemon.") | |
1023 | (license (list license:gpl3+ | |
1024 | ;; Some 'contrib' files are under MIT, CC0 and LGPL2. | |
1025 | license:expat | |
1026 | license:cc0 | |
1027 | license:lgpl2.0)))) | |
1028 | ||
0bc2d3e4 OP |
1029 | (define-public ddclient |
1030 | (package | |
1031 | (name "ddclient") | |
8bb9f997 TGR |
1032 | (version "3.9.1") |
1033 | (source | |
1034 | (origin | |
1035 | (method git-fetch) | |
1036 | (uri (git-reference | |
b0e7b699 | 1037 | (url "https://github.com/ddclient/ddclient") |
8bb9f997 TGR |
1038 | (commit (string-append "v" version)))) |
1039 | (file-name (git-file-name name version)) | |
1040 | (sha256 | |
1041 | (base32 "0hf377g4j9r9sac75xp17nk2h58mazswz4vkg4g2gl2yyhvzq91w")))) | |
0bc2d3e4 OP |
1042 | (build-system trivial-build-system) ; no Makefile.PL |
1043 | (native-inputs | |
1044 | `(("bash" ,bash) | |
8bb9f997 | 1045 | ("perl" ,perl))) |
0bc2d3e4 | 1046 | (inputs |
e12df2c6 TGR |
1047 | `(("inetutils" ,inetutils) ; logger |
1048 | ("net-tools" ,net-tools) | |
1049 | ("perl-data-validate-ip" ,perl-data-validate-ip) | |
1050 | ("perl-digest-sha1" ,perl-digest-sha1) | |
1051 | ("perl-io-socket-ssl" ,perl-io-socket-ssl))) | |
0bc2d3e4 | 1052 | (arguments |
77eaf5fc | 1053 | `(#:modules ((guix build utils)) |
0bc2d3e4 OP |
1054 | #:builder |
1055 | (begin | |
1056 | (use-modules (guix build utils) | |
1057 | (ice-9 match) | |
1058 | (srfi srfi-26)) | |
0bc2d3e4 OP |
1059 | (setenv "PATH" (string-append |
1060 | (assoc-ref %build-inputs "bash") "/bin" ":" | |
0bc2d3e4 | 1061 | (assoc-ref %build-inputs "perl") "/bin")) |
8bb9f997 TGR |
1062 | |
1063 | ;; Copy the (read-only) source into the (writable) build directory. | |
1064 | (copy-recursively (assoc-ref %build-inputs "source") ".") | |
1065 | ||
1066 | ;; Install. | |
1067 | (let* ((out (assoc-ref %outputs "out")) | |
1068 | (bin (string-append out "/bin"))) | |
1069 | (let ((file "ddclient")) | |
1070 | (substitute* file | |
1071 | (("/usr/bin/perl") (which "perl")) | |
1072 | ;; Strictly use ‘/etc/ddclient/ddclient.conf’. | |
1073 | (("\\$\\{program\\}\\.conf") "/etc/ddclient/ddclient.conf") | |
1074 | (("\\$etc\\$program.conf") "/etc/ddclient/ddclient.conf") | |
1075 | ;; Strictly use ‘/var/cache/ddclient/ddclient.cache’ | |
1076 | (("\\$cachedir\\$program\\.cache") | |
1077 | "/var/cache/ddclient/ddclient.cache")) | |
1078 | (install-file file bin) | |
1079 | (wrap-program (string-append bin "/" file) | |
1080 | `("PATH" ":" = | |
1081 | ("$PATH" | |
1082 | ,@(map (lambda (input) | |
1083 | (match input | |
1084 | ((name . store) | |
1085 | (string-append store "/bin")))) | |
1086 | %build-inputs))) | |
1087 | `("PERL5LIB" ":" = | |
1088 | ,(delete | |
1089 | "" | |
1090 | (map (match-lambda | |
1091 | (((? (cut string-prefix? "perl-" <>) name) . dir) | |
1092 | (string-append dir "/lib/perl5/site_perl")) | |
1093 | (_ "")) | |
1094 | %build-inputs))))) | |
1095 | (for-each (cut install-file <> (string-append out | |
1096 | "/share/ddclient")) | |
1097 | (find-files "." "sample.*$")))))) | |
9469ab53 | 1098 | (home-page "https://ddclient.net/") |
0bc2d3e4 OP |
1099 | (synopsis "Address updating utility for dynamic DNS services") |
1100 | (description "This package provides a client to update dynamic IP | |
1101 | addresses with several dynamic DNS service providers, such as | |
1102 | @uref{https://www.dyndns.com/account/login.html,DynDNS.com}. | |
1103 | ||
1104 | This makes it possible to use a fixed hostname (such as myhost.dyndns.org) to | |
1105 | access a machine with a dynamic IP address. | |
1106 | ||
1107 | The client supports both dynamic and (near) static services, as well as MX | |
1108 | record and alternative name management. It caches the address, and only | |
1109 | attempts the update when it has changed.") | |
1110 | (license license:gpl2+))) | |
91a4863d LC |
1111 | |
1112 | (define-public hnsd | |
91a4863d LC |
1113 | (package |
1114 | (name "hnsd") | |
8bd2c50b | 1115 | (version "1.0.0") |
91a4863d LC |
1116 | (source (origin |
1117 | (method git-fetch) | |
1118 | (uri (git-reference | |
1119 | (url "https://github.com/handshake-org/hnsd") | |
8bd2c50b | 1120 | (commit (string-append "v" version)))) |
91a4863d LC |
1121 | (sha256 |
1122 | (base32 | |
8bd2c50b | 1123 | "1kdgff8rf8gmvwz2p758ilbjxpvz4xm6z41pa5353asg6xb853bb")) |
91a4863d LC |
1124 | (file-name (git-file-name name version)) |
1125 | (modules '((guix build utils))) | |
1126 | (snippet | |
1127 | '(begin | |
1128 | ;; Delete the bundled copy of libuv. | |
1129 | (delete-file-recursively "uv") | |
1130 | (substitute* "configure.ac" | |
1131 | (("AC_CONFIG_SUBDIRS\\(\\[uv\\]\\)") "")) | |
1132 | (substitute* "Makefile.am" | |
1133 | (("SUBDIRS = uv") "\n") | |
1134 | (("\\$\\(top_builddir\\)/uv/libuv.la") "-luv") | |
1135 | ||
1136 | ;; Make sure the 'hnsd' binary is installed and | |
1137 | ;; dynamically-linked. | |
1138 | (("noinst_PROGRAMS") "bin_PROGRAMS") | |
1139 | (("hnsd_LDFLAGS = -static") "")) | |
1140 | ||
1141 | ;; This script tries to chdir to "uv" and doesn't do more | |
1142 | ;; than "autoreconf" so remove it. | |
1143 | (delete-file "autogen.sh") | |
1144 | #t)))) | |
1145 | (build-system gnu-build-system) | |
1146 | (arguments | |
1147 | '(#:configure-flags '("--disable-static"))) ;no need for libhsk.a | |
1148 | (native-inputs | |
1149 | `(("autoconf" ,autoconf) | |
1150 | ("automake" ,automake) | |
1151 | ("libtool" ,libtool))) | |
1152 | (inputs | |
1153 | `(("unbound" ,unbound) | |
1154 | ("libuv" ,libuv))) | |
1155 | (home-page "https://www.handshake.org/") | |
1156 | (synopsis "Resolver daemon for the Handshake naming protocol") | |
1157 | (description | |
1158 | "@command{hnsd} is a @dfn{host name resolver} for the Handshake Naming | |
1159 | System (HNS) peer-to-peer network.") | |
8bd2c50b | 1160 | (license license:expat))) |
498911d3 MO |
1161 | |
1162 | (define-public libmicrodns | |
1163 | (package | |
1164 | (name "libmicrodns") | |
65fd3f0a | 1165 | (version "0.1.2") |
498911d3 | 1166 | (source (origin |
65fd3f0a LF |
1167 | (method url-fetch) |
1168 | (uri (string-append "https://github.com/videolabs/libmicrodns/" | |
1169 | "releases/download/" version "/microdns-" | |
1170 | version ".tar.xz")) | |
498911d3 MO |
1171 | (sha256 |
1172 | (base32 | |
65fd3f0a LF |
1173 | "0p4va18zxgmzcdwhlbg2mmjwswlbgqy4ay5vaxrw7cxmhsflnv36")))) |
1174 | (build-system meson-build-system) | |
498911d3 MO |
1175 | (home-page "https://github.com/videolabs/libmicrodns") |
1176 | (synopsis "Minimal mDNS resolver library") | |
1177 | (description "@code{libmicrodns} provides a minimal implementation of a | |
1178 | mDNS resolver as well as an announcer. mDNS (Multicast Domain Name System) is | |
1179 | a zero-config service that allows one to resolve host names to IP addresses in | |
1180 | local networks.") | |
1181 | (license license:lgpl2.1))) | |
41553c90 CM |
1182 | |
1183 | (define-public public-suffix-list | |
1184 | ;; Mozilla releases the official list here: | |
1185 | ;; | |
1186 | ;; https://publicsuffix.org/list/public_suffix_list.dat | |
1187 | ;; | |
1188 | ;; However, Mozilla syncs that file from the GitHub repository periodically, | |
1189 | ;; so its contents will change over time. If you update this commit, please | |
1190 | ;; make sure that the new commit refers to a list which is identical to the | |
1191 | ;; officially published list available from the URL above. | |
1192 | (let ((commit "9375b697baddb0827a5995c81bd3c75877a0b35d")) | |
1193 | (package | |
1194 | (name "public-suffix-list") | |
1195 | (version (git-version "0" "1" commit)) | |
1196 | (source (origin | |
1197 | (method git-fetch) | |
1198 | (uri (git-reference | |
b0e7b699 | 1199 | (url "https://github.com/publicsuffix/list") |
41553c90 CM |
1200 | (commit commit))) |
1201 | (file-name (git-file-name name version)) | |
1202 | (sha256 | |
1203 | (base32 | |
1204 | "1sm7pni01rnl4ldzi8z8nc4cbgq8nxda9gwc68v0s3ij7jd1jmik")))) | |
1205 | (build-system trivial-build-system) | |
1206 | (arguments | |
1207 | `(#:modules ((guix build utils)) | |
1208 | #:builder | |
1209 | (begin | |
1210 | (use-modules (guix build utils)) | |
1211 | (let* ((out (assoc-ref %outputs "out")) | |
1212 | ;; Install to /share because that is where "read-only | |
1213 | ;; architecture-independent data files" should go (see: | |
1214 | ;; (standards) Directory Variables). Include the version in | |
1215 | ;; the directory name so that if multiple versions are ever | |
1216 | ;; installed in the same profile, they will not conflict. | |
1217 | (destination (string-append | |
1218 | out "/share/public-suffix-list-" ,version)) | |
1219 | (source (assoc-ref %build-inputs "source"))) | |
1220 | (with-directory-excursion source | |
1221 | (install-file "public_suffix_list.dat" destination) | |
1222 | (install-file "LICENSE" destination)) | |
1223 | #t)))) | |
1224 | (home-page "https://publicsuffix.org/") | |
1225 | (synopsis "Database of current and historical DNS suffixes") | |
1226 | (description "This is the Public Suffix List maintained by Mozilla. A | |
1227 | \"public suffix\" is one under which Internet users can (or historically | |
1228 | could) directly register names in the Domain Name System (DNS). Some examples | |
1229 | of public suffixes are .com, .co.uk and pvt.k12.ma.us. This is a list of all | |
1230 | known public suffixes.") | |
1231 | (license license:mpl2.0)))) | |
0d36d0ba AI |
1232 | |
1233 | (define-public maradns | |
1234 | (package | |
1235 | (name "maradns") | |
0ac91500 | 1236 | (version "3.5.0007") |
0d36d0ba AI |
1237 | (source |
1238 | (origin | |
1239 | (method url-fetch) | |
1240 | (uri (string-append "https://maradns.samiam.org/download/" | |
1241 | (version-major+minor version) "/" | |
1242 | version "/maradns-" version ".tar.xz")) | |
1243 | (sha256 | |
0ac91500 | 1244 | (base32 "0bc19xylg4whww9qaj5i4izwxcrh0c0ja7l1pfcn2la02hlvg1a6")))) |
0d36d0ba AI |
1245 | (build-system gnu-build-system) |
1246 | (arguments | |
0ac91500 | 1247 | `(#:tests? #f ; need to be root to run tests |
0d36d0ba AI |
1248 | #:make-flags |
1249 | (list | |
de53ddb5 | 1250 | ,(string-append "CC=" (cc-for-target)) |
0d36d0ba AI |
1251 | (string-append "PREFIX=" %output) |
1252 | (string-append "RPM_BUILD_ROOT=" %output)) | |
1253 | #:phases | |
1254 | (modify-phases %standard-phases | |
1255 | (replace 'configure | |
018114ba AI |
1256 | (lambda* (#:key native-inputs target #:allow-other-keys) |
1257 | ;; make_32bit_tables generates a header file that is used during | |
1258 | ;; compilation. Hence, during cross compilation, it should be | |
1259 | ;; built for the host system. | |
1260 | (when target | |
1261 | (substitute* "rng/Makefile" | |
1262 | (("\\$\\(CC\\) -o make_32bit_tables") | |
1263 | (string-append (assoc-ref native-inputs "gcc") | |
1264 | "/bin/gcc -o make_32bit_tables")))) | |
0d36d0ba AI |
1265 | (invoke "./configure"))) |
1266 | (add-before 'install 'create-install-directories | |
1267 | (lambda* (#:key outputs #:allow-other-keys) | |
1268 | (let ((out (assoc-ref outputs "out"))) | |
1269 | (for-each (lambda (dir) | |
1270 | (mkdir-p (string-append out dir))) | |
1271 | (list "/bin" "/sbin" "/etc" | |
1272 | "/share/man/man1" | |
1273 | "/share/man/man5" | |
1274 | "/share/man/man8")) | |
1275 | #t)))))) | |
1276 | (home-page "https://maradns.samiam.org") | |
1277 | (synopsis "Small lightweight DNS server") | |
1278 | (description "MaraDNS is a small and lightweight DNS server. MaraDNS | |
1279 | consists of a UDP-only authoritative DNS server for hosting domains, and a UDP | |
1280 | and TCP-capable recursive DNS server for finding domains on the internet.") | |
1281 | (license license:bsd-2))) | |
6b6647f8 BW |
1282 | |
1283 | (define-public openresolv | |
1284 | (package | |
1285 | (name "openresolv") | |
b3c29d90 | 1286 | (version "3.12.0") |
6b6647f8 BW |
1287 | (source (origin |
1288 | (method url-fetch) | |
1289 | (uri (string-append "https://roy.marples.name/downloads/openresolv/" | |
1290 | "openresolv-" version ".tar.xz")) | |
1291 | (sha256 | |
1292 | (base32 | |
b3c29d90 | 1293 | "15qvp5va2yrqpz0ba54clvn8cbc66v4sl7k3bi9ji8jpx040bcs2")) |
6b6647f8 BW |
1294 | (patches |
1295 | (search-patches "openresolv-restartcmd-guix.patch")))) | |
1296 | (build-system gnu-build-system) | |
1297 | (arguments | |
1298 | `(#:tests? #f ; No test suite | |
1299 | #:configure-flags | |
1300 | (list (string-append "--sysconfdir=/etc")) | |
1301 | #:make-flags | |
1302 | (list (string-append "SYSCONFDIR=/" (assoc-ref %outputs "out") "/etc")))) | |
1303 | (home-page "https://roy.marples.name/projects/openresolv/") | |
1304 | (synopsis "Resolvconf POSIX compliant implementation, a middleman for resolv.conf") | |
1305 | (description "openresolv is an implementation of @command{resolvconf}, the | |
1306 | middleman between the network configuration services and | |
1307 | @file{/etc/resolv.conf}. @command{resolvconf} itself is just a script that | |
1308 | stores, removes and lists a full @file{resolv.conf} generated for the | |
1309 | interface. It then calls all the helper scripts it knows about so it can | |
1310 | configure the real @file{/etc/resolv.conf} and optionally any local | |
1311 | nameservers other than libc.") | |
1312 | (license license:bsd-2))) |