Commit | Line | Data |
---|---|---|
dd2efd3d TUBK |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com> | |
d912db5b | 3 | ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org> |
b2844d8f | 4 | ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net> |
76dd04be | 5 | ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> |
be86b7ad | 6 | ;;; Copyright © 2016 John Darrington <jmd@gnu.org> |
47956fa0 | 7 | ;;; Copyright © 2016 ng0 <ng0@n0.is> |
fe99b7f7 | 8 | ;;; Copyright © 2016, 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr> |
afe62a8b | 9 | ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> |
ecc7aa89 | 10 | ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com> |
7e61a16c | 11 | ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net> |
0bc2d3e4 | 12 | ;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com> |
498911d3 | 13 | ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com> |
41553c90 | 14 | ;;; Copyright © 2019 Chris Marusich <cmmarusich@gmail.com> |
dd2efd3d TUBK |
15 | ;;; |
16 | ;;; This file is part of GNU Guix. | |
17 | ;;; | |
18 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
19 | ;;; under the terms of the GNU General Public License as published by | |
20 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
21 | ;;; your option) any later version. | |
22 | ;;; | |
23 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
24 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
25 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
26 | ;;; GNU General Public License for more details. | |
27 | ;;; | |
28 | ;;; You should have received a copy of the GNU General Public License | |
29 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
30 | ||
36fb36b5 | 31 | (define-module (gnu packages dns) |
f9cdf1c1 | 32 | #:use-module (gnu packages admin) |
71f048c6 | 33 | #:use-module (gnu packages autotools) |
6cf626e8 | 34 | #:use-module (gnu packages base) |
0bc2d3e4 | 35 | #:use-module (gnu packages bash) |
1e744399 | 36 | #:use-module (gnu packages databases) |
0bc2d3e4 | 37 | #:use-module (gnu packages compression) |
afe62a8b | 38 | #:use-module (gnu packages crypto) |
f9cdf1c1 | 39 | #:use-module (gnu packages datastructures) |
7e61a16c | 40 | #:use-module (gnu packages flex) |
cb6d322a | 41 | #:use-module (gnu packages glib) |
71f048c6 | 42 | #:use-module (gnu packages groff) |
f9cdf1c1 TGR |
43 | #:use-module (gnu packages groff) |
44 | #:use-module (gnu packages libedit) | |
afe62a8b | 45 | #:use-module (gnu packages libevent) |
f9cdf1c1 | 46 | #:use-module (gnu packages libidn) |
1e744399 | 47 | #:use-module (gnu packages linux) |
f9cdf1c1 TGR |
48 | #:use-module (gnu packages ncurses) |
49 | #:use-module (gnu packages nettle) | |
e12df2c6 | 50 | #:use-module (gnu packages networking) |
1e744399 | 51 | #:use-module (gnu packages perl) |
71f048c6 | 52 | #:use-module (gnu packages pkg-config) |
7e61a16c GG |
53 | #:use-module (gnu packages protobuf) |
54 | #:use-module (gnu packages python) | |
0406434b | 55 | #:use-module (gnu packages python-xyz) |
7e61a16c | 56 | #:use-module (gnu packages swig) |
a7fd7b68 | 57 | #:use-module (gnu packages tls) |
f9cdf1c1 | 58 | #:use-module (gnu packages web) |
1e744399 | 59 | #:use-module (gnu packages xml) |
12e530ba | 60 | #:use-module (gnu packages) |
1e744399 | 61 | #:use-module ((guix licenses) #:prefix license:) |
dd2efd3d TUBK |
62 | #:use-module (guix packages) |
63 | #:use-module (guix download) | |
91a4863d | 64 | #:use-module (guix git-download) |
7e61a16c | 65 | #:use-module (guix utils) |
0bc2d3e4 OP |
66 | #:use-module (guix build-system gnu) |
67 | #:use-module (guix build-system trivial)) | |
dd2efd3d TUBK |
68 | |
69 | (define-public dnsmasq | |
70 | (package | |
71 | (name "dnsmasq") | |
0e8e2908 | 72 | (version "2.80") |
dd2efd3d TUBK |
73 | (source (origin |
74 | (method url-fetch) | |
75 | (uri (string-append | |
76 | "http://www.thekelleys.org.uk/dnsmasq/dnsmasq-" | |
77 | version ".tar.xz")) | |
78 | (sha256 | |
79 | (base32 | |
0e8e2908 | 80 | "1fv3g8vikj3sn37x1j6qsywn09w1jipvlv34j3q5qrljbrwa5ayd")))) |
dd2efd3d | 81 | (build-system gnu-build-system) |
cb6d322a CB |
82 | (native-inputs |
83 | `(("pkg-config" ,pkg-config))) | |
84 | (inputs | |
85 | `(("dbus" ,dbus))) | |
dd2efd3d TUBK |
86 | (arguments |
87 | `(#:phases | |
dc1d3cde | 88 | (modify-phases %standard-phases (delete 'configure)) |
dd2efd3d | 89 | #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")) |
cb6d322a CB |
90 | "CC=gcc" |
91 | "COPTS=\"-DHAVE_DBUS\"") | |
4e6c51d4 | 92 | #:tests? #f)) ; no ‘check’ target |
dd2efd3d TUBK |
93 | (home-page "http://www.thekelleys.org.uk/dnsmasq/doc.html") |
94 | (synopsis "Small caching DNS proxy and DHCP/TFTP server") | |
95 | (description | |
c657716e TGR |
96 | "Dnsmasq is a light-weight DNS forwarder and DHCP server. It is designed |
97 | to provide DNS and, optionally, DHCP to a small network. It can serve the | |
dd2efd3d TUBK |
98 | names of local machines which are not in the global DNS. The DHCP server |
99 | integrates with the DNS server and allows machines with DHCP-allocated | |
c657716e | 100 | addresses to appear in the DNS with names configured either on each host or in |
dd2efd3d TUBK |
101 | a central configuration file. Dnsmasq supports static and dynamic DHCP leases |
102 | and BOOTP/TFTP for network booting of diskless machines.") | |
103 | ;; Source files only say GPL2 and GPL3 are allowed. | |
1e744399 TČ |
104 | (license (list license:gpl2 license:gpl3)))) |
105 | ||
a0683006 LC |
106 | ;; 'bind' is the name of a built-in Guile procedure, which is why we choose a |
107 | ;; different name here. | |
108 | (define-public isc-bind | |
1e744399 | 109 | (package |
be86b7ad | 110 | (name "bind") |
0406434b | 111 | (version "9.12.4-P1") |
1e744399 TČ |
112 | (source (origin |
113 | (method url-fetch) | |
be86b7ad | 114 | (uri (string-append |
54fd7c02 TGR |
115 | "https://ftp.isc.org/isc/bind9/" version |
116 | "/bind-" version ".tar.gz")) | |
1e744399 TČ |
117 | (sha256 |
118 | (base32 | |
0406434b TGR |
119 | "1if7zc5gzrfd28csc63v9bjwrc0rgvm1x9yx058946hc5gp5lyp2")) |
120 | (patches | |
121 | (search-patches "bind-fix-unused-pk11-ecc-constants.patch")))) | |
1e744399 | 122 | (build-system gnu-build-system) |
be86b7ad | 123 | (outputs `("out" "utils")) |
1e744399 | 124 | (inputs |
fc0dd636 | 125 | ;; It would be nice to add GeoIP and gssapi once there are packages. |
1e744399 TČ |
126 | `(("libcap" ,libcap) |
127 | ("libxml2" ,libxml2) | |
1e744399 | 128 | ("openssl" ,openssl) |
0406434b TGR |
129 | ("p11-kit" ,p11-kit) |
130 | ("python" ,python) | |
131 | ("python-ply" ,python-ply))) | |
be86b7ad JD |
132 | (native-inputs `(("perl" ,perl) |
133 | ("net-tools" ,net-tools))) | |
1e744399 | 134 | (arguments |
be86b7ad | 135 | `(#:configure-flags |
1e744399 TČ |
136 | (list (string-append "--with-openssl=" |
137 | (assoc-ref %build-inputs "openssl")) | |
1e744399 TČ |
138 | (string-append "--with-pkcs11=" |
139 | (assoc-ref %build-inputs "p11-kit"))) | |
140 | #:phases | |
be86b7ad JD |
141 | (modify-phases %standard-phases |
142 | (add-after 'strip 'move-to-utils | |
143 | (lambda _ | |
144 | (for-each | |
145 | (lambda (file) | |
146 | (let ((target (string-append (assoc-ref %outputs "utils") file)) | |
147 | (src (string-append (assoc-ref %outputs "out") file))) | |
148 | (mkdir-p (dirname target)) | |
149 | (link src target) | |
150 | (delete-file src))) | |
151 | '("/bin/dig" "/bin/delv" "/bin/nslookup" "/bin/host" "/bin/nsupdate" | |
152 | "/share/man/man1/dig.1" | |
153 | "/share/man/man1/host.1" | |
154 | "/share/man/man1/nslookup.1" | |
6023ecab TGR |
155 | "/share/man/man1/nsupdate.1")) |
156 | #t)) | |
be86b7ad JD |
157 | ;; When and if guix provides user namespaces for the build process, |
158 | ;; then the following can be uncommented and the subsequent "force-test" | |
159 | ;; will not be necessary. | |
160 | ;; | |
161 | ;; (add-before 'check 'set-up-loopback | |
162 | ;; (lambda _ | |
163 | ;; (system "bin/tests/system/ifconfig.sh up"))) | |
164 | (replace 'check | |
165 | (lambda _ | |
6023ecab | 166 | (invoke "make" "force-test")))))) |
be86b7ad | 167 | (synopsis "An implementation of the Domain Name System") |
366efcb2 TGR |
168 | (description "BIND is an implementation of the @dfn{Domain Name System} |
169 | (DNS) protocols for the Internet. It is a reference implementation of those | |
be86b7ad JD |
170 | protocols, but it is also production-grade software, suitable for use in |
171 | high-volume and high-reliability applications. The name BIND stands for | |
172 | \"Berkeley Internet Name Domain\", because the software originated in the early | |
173 | 1980s at the University of California at Berkeley.") | |
174 | (home-page "https://www.isc.org/downloads/bind") | |
ecc7aa89 | 175 | (license (list license:mpl2.0)))) |
be86b7ad | 176 | |
d24727c0 MB |
177 | (define-public dnscrypt-proxy |
178 | (package | |
179 | (name "dnscrypt-proxy") | |
83a89531 | 180 | (version "1.9.5") |
d24727c0 MB |
181 | (source (origin |
182 | (method url-fetch) | |
183 | (uri (string-append | |
184 | "https://download.dnscrypt.org/dnscrypt-proxy/" | |
185 | "dnscrypt-proxy-" version ".tar.bz2")) | |
186 | (sha256 | |
187 | (base32 | |
83a89531 | 188 | "1dhvklr4dg2vlw108n11xbamacaryyg3dbrg629b76lp7685p7z8")) |
d24727c0 MB |
189 | (modules '((guix build utils))) |
190 | (snippet | |
191 | ;; Delete bundled libltdl. XXX: This package also bundles | |
192 | ;; a modified libevent that cannot currently be removed. | |
6cbee49d MW |
193 | '(begin |
194 | (delete-file-recursively "libltdl") | |
195 | #t)))) | |
d24727c0 MB |
196 | (build-system gnu-build-system) |
197 | (arguments | |
198 | `(#:phases | |
199 | (modify-phases %standard-phases | |
d10092b8 | 200 | (add-after 'unpack 'autoreconf |
d24727c0 MB |
201 | (lambda _ |
202 | ;; Re-generate build files due to unbundling ltdl. | |
203 | ;; TODO: Prevent generating new libltdl and building it. | |
204 | ;; The system version is still favored and referenced. | |
997a4e18 | 205 | (invoke "autoreconf" "-vif")))))) |
d24727c0 MB |
206 | (native-inputs |
207 | `(("pkg-config" ,pkg-config) | |
208 | ("automake" ,automake) | |
209 | ("autoconf" ,autoconf) | |
210 | ("libtool" ,libtool))) | |
211 | (inputs | |
212 | `(("libltdl" ,libltdl) | |
213 | ("libsodium" ,libsodium))) | |
214 | (home-page "https://www.dnscrypt.org/") | |
215 | (synopsis "Securely send DNS requests to a remote server") | |
216 | (description | |
217 | "@command{dnscrypt-proxy} is a tool for securing communications | |
218 | between a client and a DNS resolver. It verifies that responses you get | |
219 | from a DNS provider was actually sent by that provider, and haven't been | |
220 | tampered with. For optimal performance it is recommended to use this as | |
221 | a forwarder for a caching DNS resolver such as @command{dnsmasq}, but it | |
222 | can also be used as a normal DNS \"server\". A list of public dnscrypt | |
223 | servers is included, and an up-to-date version is available at | |
224 | @url{https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv}.") | |
225 | (license (list license:isc | |
226 | ;; Libevent and src/ext/queue.h is 3-clause BSD. | |
227 | license:bsd-3)))) | |
228 | ||
afe62a8b MB |
229 | (define-public dnscrypt-wrapper |
230 | (package | |
231 | (name "dnscrypt-wrapper") | |
232 | (version "0.2.2") | |
233 | (source (origin | |
234 | (method url-fetch) | |
235 | (uri (string-append | |
236 | "https://github.com/cofyc/dnscrypt-wrapper/releases" | |
237 | "/download/v" version "/" name "-v" version ".tar.bz2")) | |
238 | (sha256 | |
239 | (base32 | |
240 | "1vhg4g0r687f51wcdn7z9w1hxapazx6vyh5rsr8wa48sljzd583g")))) | |
241 | (build-system gnu-build-system) | |
242 | (arguments | |
243 | `(#:make-flags '("CC=gcc") | |
244 | ;; TODO: Tests require ruby-cucumber and ruby-aruba. | |
245 | #:tests? #f | |
246 | #:phases | |
247 | (modify-phases %standard-phases | |
d10092b8 | 248 | (add-after 'unpack 'create-configure |
afe62a8b | 249 | (lambda _ |
b43cd106 | 250 | (invoke "make" "configure")))))) |
afe62a8b MB |
251 | (native-inputs |
252 | `(("autoconf" ,autoconf))) | |
253 | (inputs | |
254 | `(("libevent" ,libevent) | |
255 | ("libsodium" ,libsodium))) | |
256 | (home-page "https://github.com/Cofyc/dnscrypt-wrapper") | |
257 | (synopsis "Server-side dnscrypt proxy") | |
258 | (description | |
259 | "@command{dnscrypt-wrapper} is a tool to expose a name server over | |
260 | the @code{dnscrypt} protocol. It can be used as an endpoint for the | |
261 | @command{dnscrypt-proxy} client to securely tunnel DNS requests between | |
262 | the two.") | |
263 | (license (list license:isc | |
264 | ;; Bundled argparse is MIT. TODO: package and unbundle. | |
265 | license:expat | |
266 | ;; dns-protocol.h and rfc1035.{c,h} is gpl2 or gpl3 (either). | |
267 | license:gpl2 | |
268 | license:gpl3)))) | |
269 | ||
71f048c6 | 270 | (define-public libasr |
271 | (package | |
272 | (name "libasr") | |
273 | (version "201602131606") | |
274 | (source | |
275 | (origin | |
276 | (method url-fetch) | |
277 | (uri (string-append "https://www.opensmtpd.org/archives/" | |
278 | name "-" version ".tar.gz")) | |
279 | (sha256 | |
280 | (base32 | |
281 | "18kdmbjsxrfai16d66qslp48b1zf7gr8him2jj5dcqgbsl44ls75")))) | |
282 | (build-system gnu-build-system) | |
283 | (native-inputs | |
284 | `(("autoconf" ,autoconf) | |
285 | ("automake" ,automake) | |
286 | ("pkg-config" ,pkg-config) | |
287 | ("groff" ,groff))) | |
288 | (home-page "https://www.opensmtpd.org") | |
289 | (synopsis "Asynchronous resolver library by the OpenBSD project") | |
290 | (description | |
291 | "libasr is a free, simple and portable asynchronous resolver library. | |
292 | It allows to run DNS queries and perform hostname resolutions in a fully | |
293 | asynchronous fashion.") | |
294 | (license (list license:isc | |
295 | license:bsd-2 ; last part of getrrsetbyname_async.c | |
296 | license:bsd-3 | |
297 | (license:non-copyleft "file://LICENSE") ; includes.h | |
298 | license:openssl)))) | |
6cf626e8 | 299 | |
7382ecd8 TGR |
300 | (define-public nsd |
301 | (package | |
302 | (name "nsd") | |
15357dd7 | 303 | (version "4.1.27") |
7382ecd8 TGR |
304 | (source |
305 | (origin | |
306 | (method url-fetch) | |
307 | (uri (string-append "https://www.nlnetlabs.nl/downloads/nsd/nsd-" | |
308 | version ".tar.gz")) | |
309 | (sha256 | |
15357dd7 | 310 | (base32 "1sjfbwr4vq25304hr9vmd9j821g2vzv8lpy95hpsravc80q5zaqv")))) |
7382ecd8 TGR |
311 | (build-system gnu-build-system) |
312 | (arguments | |
313 | `(#:configure-flags | |
314 | (list "--enable-pie" ; fully benefit from ASLR | |
315 | "--enable-ratelimit" | |
316 | "--enable-recvmmsg" | |
317 | "--enable-relro-now" ; protect GOT and .dtor areas | |
318 | "--disable-radix-tree" | |
319 | (string-append "--with-libevent=" | |
320 | (assoc-ref %build-inputs "libevent")) | |
321 | (string-append "--with-ssl=" | |
322 | (assoc-ref %build-inputs "openssl")) | |
323 | "--with-configdir=/etc" | |
324 | "--with-nsd_conf_file=/etc/nsd/nsd.conf" | |
325 | "--with-logfile=/var/log/nsd.log" | |
326 | "--with-pidfile=/var/db/nsd/nsd.pid" | |
327 | "--with-dbfile=/var/db/nsd/nsd.db" | |
328 | "--with-zonesdir=/etc/nsd" | |
329 | "--with-xfrdfile=/var/db/nsd/xfrd.state" | |
330 | "--with-zonelistfile=/var/db/nsd/zone.list") | |
331 | #:phases | |
332 | (modify-phases %standard-phases | |
333 | (add-before 'configure 'patch-installation-paths | |
334 | (lambda* (#:key outputs #:allow-other-keys) | |
335 | (let* ((out (assoc-ref outputs "out")) | |
336 | (doc (string-append out "/share/doc/" ,name "-" ,version))) | |
337 | ;; The ‘make install’ target tries to create the parent | |
338 | ;; directories of run-time things like ‘pidfile’ above, and | |
339 | ;; useless empty directories like 'configdir'. Remove such | |
340 | ;; '$(INSTALL)' lines and install the example configuration file | |
341 | ;; in an appropriate location. | |
342 | (substitute* "Makefile.in" | |
343 | ((".*INSTALL.*\\$\\((config|pid|xfr|db)dir" command) | |
344 | (string-append "#" command)) | |
345 | (("\\$\\(nsdconfigfile\\)\\.sample" file-name) | |
346 | (string-append doc "/examples/" file-name))) | |
347 | #t)))) | |
348 | #:tests? #f)) ; no tests | |
349 | (inputs | |
350 | `(("libevent" ,libevent) | |
351 | ("openssl" ,openssl))) | |
352 | (home-page "https://www.nlnetlabs.nl/projects/nsd/about/") | |
353 | (synopsis "Authoritative DNS name server") | |
354 | (description "@dfn{NSD}, short for Name Server Daemon, is an authoritative | |
355 | name server for the Domain Name System (@dfn{DNS}). It aims to be a fast and | |
356 | RFC-compliant nameserver. | |
357 | ||
358 | NSD uses zone information compiled via @command{zonec} into a binary database | |
359 | file (@file{nsd.db}). This allows fast startup of the name service daemon and | |
360 | allows syntax-structural errors in zone files to be flagged at compile time, | |
361 | before being made available to NSD service itself. However, most traditional | |
362 | BIND-style zone files can be directly imported into NSD without modification. | |
363 | ||
364 | The collection of programs and processes that make up NSD are designed so that | |
365 | the daemon itself runs as a non-privileged user and can be easily configured to | |
366 | run in a @code{chroot} jail, thus making any security flaws in NSD less likely | |
367 | to result in system-wide compromise.") | |
368 | (license (list license:bsd-3)))) | |
369 | ||
7e61a16c GG |
370 | (define-public unbound |
371 | (package | |
372 | (name "unbound") | |
223055dd | 373 | (version "1.9.1") |
7e61a16c GG |
374 | (source |
375 | (origin | |
376 | (method url-fetch) | |
377 | (uri (string-append "https://www.unbound.net/downloads/unbound-" | |
378 | version ".tar.gz")) | |
379 | (sha256 | |
223055dd | 380 | (base32 "1iarvk0i92asvrkpla9z55aan20k6pklzpck9yk4rfnchsdvzh63")))) |
7e61a16c GG |
381 | (build-system gnu-build-system) |
382 | (outputs '("out" "python")) | |
383 | (native-inputs | |
384 | `(("flex" ,flex) | |
385 | ("swig" ,swig))) | |
386 | (inputs | |
387 | `(("expat" ,expat) | |
388 | ("libevent" ,libevent) | |
389 | ("protobuf" ,protobuf) | |
390 | ("python" ,python-3) | |
391 | ("python-wrapper" ,python-wrapper) | |
392 | ("openssl" ,openssl))) | |
393 | (arguments | |
394 | `(#:configure-flags | |
37040b85 | 395 | (list "--disable-static" ; save space and non-determinism in libunbound.a |
a431929d | 396 | (string-append |
7e61a16c GG |
397 | "--with-ssl=" (assoc-ref %build-inputs "openssl")) |
398 | (string-append | |
399 | "--with-libevent=" (assoc-ref %build-inputs "libevent")) | |
400 | (string-append | |
401 | "--with-libexpat=" (assoc-ref %build-inputs "expat")) | |
402 | "--with-pythonmodule" "--with-pyunbound") | |
403 | #:phases | |
404 | (modify-phases %standard-phases | |
405 | (add-after 'configure 'fix-python-site-package-path | |
406 | ;; Move python modules into their own output. | |
407 | (lambda* (#:key outputs #:allow-other-keys) | |
408 | (let ((pyout (assoc-ref outputs "python")) | |
409 | (ver ,(version-major+minor (package-version python)))) | |
410 | (substitute* "Makefile" | |
411 | (("^PYTHON_SITE_PKG=.*$") | |
412 | (string-append | |
413 | "PYTHON_SITE_PKG=" | |
414 | pyout "/lib/python-" ver "/site-packages\n")))) | |
415 | #t)) | |
416 | (add-before 'check 'fix-missing-nss-for-tests | |
417 | ;; Unfortunately, the package's unittests involve some checks | |
418 | ;; looking up protocols and services which are not provided | |
419 | ;; by the minimalistic build environment, in particular, | |
420 | ;; /etc/protocols and /etc/services are missing. | |
421 | ;; Also, after plain substitution of protocol and service names | |
422 | ;; in the test data, the tests still fail because the | |
423 | ;; corresponding Resource Records have been signed by | |
424 | ;; RRSIG records. | |
425 | ;; The following LD_PRELOAD library overwrites the glibc | |
426 | ;; functions ‘get{proto,serv}byname’, ‘getprotobynumber’ and | |
427 | ;; ‘getservbyport’ providing the few records required for the | |
428 | ;; unit tests to pass. | |
429 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
430 | (let* ((source (assoc-ref %build-inputs "source")) | |
431 | (gcc (assoc-ref %build-inputs "gcc"))) | |
432 | (call-with-output-file "/tmp/nss_preload.c" | |
433 | (lambda (port) | |
434 | (display "#include <stdlib.h> | |
435 | #include <string.h> | |
436 | #include <strings.h> | |
437 | ||
438 | #include <netdb.h> | |
439 | ||
440 | struct protoent *getprotobyname(const char *name) { | |
441 | struct protoent *p = malloc(sizeof(struct protoent)); | |
442 | p->p_aliases = malloc(sizeof(char*)); | |
443 | if (strcasecmp(name, \"tcp\") == 0) { | |
444 | p->p_name = \"tcp\"; | |
445 | p->p_proto = 6; | |
446 | p->p_aliases[0] = \"TCP\"; | |
447 | } else if (strcasecmp(name, \"udp\") == 0) { | |
448 | p->p_name = \"udp\"; | |
449 | p->p_proto = 17; | |
450 | p->p_aliases[0] = \"UDP\"; | |
451 | } else | |
452 | p = NULL; | |
453 | return p; | |
454 | } | |
455 | ||
456 | struct protoent *getprotobynumber(int proto) { | |
457 | struct protoent *p = malloc(sizeof(struct protoent)); | |
458 | p->p_aliases = malloc(sizeof(char*)); | |
459 | switch(proto) { | |
460 | case 6: | |
461 | p->p_name = \"tcp\"; | |
462 | p->p_proto = 6; | |
463 | p->p_aliases[0] = \"TCP\"; | |
464 | break; | |
465 | case 17: | |
466 | p->p_name = \"udp\"; | |
467 | p->p_proto = 17; | |
468 | p->p_aliases[0] = \"UDP\"; | |
469 | break; | |
470 | default: | |
471 | p = NULL; | |
472 | break; | |
473 | } | |
474 | return p; | |
475 | } | |
476 | ||
477 | struct servent *getservbyname(const char *name, const char *proto) { | |
478 | struct servent *s = malloc(sizeof(struct servent)); | |
479 | char* buf = malloc((strlen(proto)+1)*sizeof(char)); | |
480 | strcpy(buf, proto); | |
481 | s->s_aliases = malloc(sizeof(char*)); | |
482 | s->s_aliases[0] = NULL; | |
483 | if (strcasecmp(name, \"domain\") == 0) { | |
484 | s->s_name = \"domain\"; | |
485 | s->s_port = htons(53); | |
486 | s->s_proto = buf; | |
487 | } else | |
488 | s = NULL; | |
489 | return s; | |
490 | } | |
491 | ||
492 | struct servent *getservbyport(int port, const char *proto) { | |
493 | char buf[32]; | |
494 | struct servent *s = malloc(sizeof(struct servent)); | |
495 | strcpy(buf, proto); | |
496 | s->s_aliases = malloc(sizeof(char*)); | |
497 | s->s_aliases[0] = NULL; | |
498 | switch(port) { | |
499 | case 53: | |
500 | s->s_name = \"domain\"; | |
501 | s->s_port = 53; | |
502 | s->s_proto = \"udp\"; | |
503 | break; | |
504 | default: | |
505 | s = NULL; | |
506 | break; | |
507 | } | |
508 | return s; | |
509 | }" port))) | |
9a3a1565 TGR |
510 | (invoke (string-append gcc "/bin/gcc") |
511 | "-shared" "-fPIC" "-o" "/tmp/nss_preload.so" | |
512 | "/tmp/nss_preload.c") | |
7e61a16c GG |
513 | ;; The preload library only affects the unittests. |
514 | (substitute* "Makefile" | |
515 | (("./unittest") | |
516 | "LD_PRELOAD=/tmp/nss_preload.so ./unittest"))) | |
517 | #t))))) | |
518 | (home-page "https://www.unbound.net") | |
519 | (synopsis "Validating, recursive, and caching DNS resolver") | |
520 | (description | |
521 | "Unbound is a recursive-only caching DNS server which can perform DNSSEC | |
522 | validation of results. It implements only a minimal amount of authoritative | |
523 | service to prevent leakage to the root nameservers: forward lookups for | |
524 | localhost, reverse for @code{127.0.0.1} and @code{::1}, and NXDOMAIN for zones | |
525 | served by AS112. Stub and forward zones are supported.") | |
526 | (license license:bsd-4))) | |
527 | ||
6cf626e8 TGR |
528 | (define-public yadifa |
529 | (package | |
530 | (name "yadifa") | |
92a33362 | 531 | (version "2.3.9") |
6cf626e8 | 532 | (source |
92a33362 | 533 | (let ((build "8497")) |
8769d482 TGR |
534 | (origin |
535 | (method url-fetch) | |
536 | (uri | |
537 | (string-append "http://cdn.yadifa.eu/sites/default/files/releases/" | |
fe99b7f7 | 538 | "yadifa-" version "-" build ".tar.gz")) |
8769d482 | 539 | (sha256 |
92a33362 | 540 | (base32 "0xvyr91sfgzkpw6g3h893ldbwnki3w2472n56rr18w67qghs1sa5"))))) |
6cf626e8 TGR |
541 | (build-system gnu-build-system) |
542 | (native-inputs | |
543 | `(("which" ,which))) | |
544 | (inputs | |
545 | `(("openssl" ,openssl))) | |
546 | (arguments | |
57b05e4a TGR |
547 | `(#:phases |
548 | (modify-phases %standard-phases | |
549 | (add-before 'configure 'omit-example-configurations | |
550 | (lambda _ | |
551 | (substitute* "Makefile.in" | |
552 | ((" (etc|var)") "")) | |
553 | #t))) | |
554 | #:configure-flags | |
555 | (list "--sysconfdir=/etc" | |
556 | "--localstatedir=/var" | |
557 | "--disable-build-timestamp" ; build reproducibly | |
558 | "--enable-shared" | |
559 | "--disable-static" | |
560 | "--enable-acl" | |
561 | "--enable-caching" | |
562 | "--enable-ctrl" ; enable remote control | |
563 | "--enable-nsec" | |
564 | "--enable-nsec3" | |
565 | "--enable-tsig"))) | |
6cf626e8 TGR |
566 | (home-page "http://www.yadifa.eu/") |
567 | (synopsis "Authoritative DNS name server") | |
366efcb2 TGR |
568 | (description "YADIFA is an authoritative name server for the @dfn{Domain |
569 | Name System} (DNS). It aims for both higher performance and a smaller memory | |
6cf626e8 | 570 | footprint than other implementations, while remaining fully RFC-compliant. |
366efcb2 TGR |
571 | YADIFA supports dynamic record updates and the @dfn{Domain Name System Security |
572 | Extensions} (DNSSEC).") | |
6cf626e8 | 573 | (license license:bsd-3))) |
f9cdf1c1 TGR |
574 | |
575 | (define-public knot | |
576 | (package | |
577 | (name "knot") | |
e41ddf76 TGR |
578 | (version "2.8.1") |
579 | (source | |
580 | (origin | |
581 | (method url-fetch) | |
582 | (uri (string-append "https://secure.nic.cz/files/knot-dns/" | |
583 | "knot-" version ".tar.xz")) | |
584 | (sha256 | |
585 | (base32 "1im2wb8hl394mzni1wavmvfqd7il8s28kcz8w3s4v05nbhzg06xj")) | |
586 | (modules '((guix build utils))) | |
587 | (snippet | |
588 | '(begin | |
589 | ;; Delete bundled libraries. | |
590 | (with-directory-excursion "src/contrib" | |
591 | (delete-file-recursively "lmdb")) | |
592 | #t)))) | |
f9cdf1c1 TGR |
593 | (build-system gnu-build-system) |
594 | (native-inputs | |
595 | `(("pkg-config" ,pkg-config))) | |
596 | (inputs | |
023ef013 TGR |
597 | `(("fstrm" ,fstrm) |
598 | ("gnutls" ,gnutls) | |
f9cdf1c1 TGR |
599 | ("jansson" ,jansson) |
600 | ("libcap-ng" ,libcap-ng) | |
601 | ("libedit" ,libedit) | |
602 | ("libidn" ,libidn) | |
603 | ("liburcu" ,liburcu) | |
604 | ("lmdb" ,lmdb) | |
605 | ("ncurses" ,ncurses) | |
1b00e3bd | 606 | ("protobuf-c" ,protobuf-c))) |
f9cdf1c1 TGR |
607 | (arguments |
608 | `(#:phases | |
609 | (modify-phases %standard-phases | |
610 | (add-before 'configure 'disable-directory-pre-creation | |
611 | (lambda _ | |
612 | ;; Don't install empty directories like ‘/etc’ outside the store. | |
1b00e3bd | 613 | ;; This is needed even when using ‘make config_dir=... install’. |
2d431b01 TGR |
614 | (substitute* "src/Makefile.in" (("\\$\\(INSTALL\\) -d") "true")) |
615 | #t)) | |
f9cdf1c1 TGR |
616 | (replace 'install |
617 | (lambda* (#:key outputs #:allow-other-keys) | |
618 | (let* ((out (assoc-ref outputs "out")) | |
ee1362fc | 619 | (doc (string-append out "/share/doc/" ,name "-" ,version)) |
f9cdf1c1 | 620 | (etc (string-append doc "/examples/etc"))) |
6b042495 TGR |
621 | (invoke "make" |
622 | (string-append "config_dir=" etc) | |
1b00e3bd | 623 | "install"))))) |
f9cdf1c1 TGR |
624 | #:configure-flags |
625 | (list "--sysconfdir=/etc" | |
626 | "--localstatedir=/var" | |
1b00e3bd TGR |
627 | "--enable-dnstap" ; let tools read/write capture files |
628 | "--with-module-dnstap=yes" ; detailed query capturing & logging | |
f9cdf1c1 TGR |
629 | (string-append "--with-bash-completions=" |
630 | (assoc-ref %outputs "out") | |
631 | "/etc/bash_completion.d")))) | |
632 | (home-page "https://www.knot-dns.cz/") | |
633 | (synopsis "Authoritative DNS name server") | |
d1e4ad1b | 634 | (description "Knot DNS is an authoritative name server for the @dfn{Domain |
f9cdf1c1 TGR |
635 | Name System} (DNS), designed to meet the needs of root and @dfn{top-level |
636 | domain} (TLD) name servers. It is implemented as a threaded daemon and uses a | |
637 | number of programming techniques to improve speed. For example, the responder | |
638 | is completely lock-free, resulting in a very high response rate. Other features | |
639 | include automatic @dfn{DNS Security Extensions} (DNSSEC) signing, dynamic record | |
640 | synthesis, and on-the-fly re-configuration.") | |
0056f4cc TGR |
641 | (license |
642 | (list | |
643 | ;; src/contrib/{hat-trie,murmurhash3,openbsd}, | |
644 | ;; src/dnssec/contrib/vpool.[ch], and parts of libtap/ are ‘MIT’ (expat). | |
645 | license:expat | |
646 | license:lgpl2.0+ ; parts of scr/contrib/ucw | |
647 | license:public-domain ; src/contrib/fnv and possibly murmurhash3 | |
648 | license:gpl3+)))) ; everything else | |
0bc2d3e4 OP |
649 | |
650 | (define-public ddclient | |
651 | (package | |
652 | (name "ddclient") | |
e12df2c6 | 653 | (version "3.9.0") |
0bc2d3e4 OP |
654 | (source (origin |
655 | (method url-fetch) | |
656 | (uri (string-append "mirror://sourceforge/ddclient/ddclient/ddclient-" | |
657 | version "/ddclient-" version ".tar.gz")) | |
658 | (sha256 | |
659 | (base32 | |
e12df2c6 | 660 | "0fwyhab8yga2yi1kdfkbqxa83wxhwpagmj1w1mwkg2iffh1fjjlw")))) |
0bc2d3e4 OP |
661 | (build-system trivial-build-system) ; no Makefile.PL |
662 | (native-inputs | |
663 | `(("bash" ,bash) | |
664 | ("gzip" ,gzip) | |
665 | ("perl" ,perl) | |
666 | ("tar" ,tar))) | |
667 | (inputs | |
e12df2c6 TGR |
668 | `(("inetutils" ,inetutils) ; logger |
669 | ("net-tools" ,net-tools) | |
670 | ("perl-data-validate-ip" ,perl-data-validate-ip) | |
671 | ("perl-digest-sha1" ,perl-digest-sha1) | |
672 | ("perl-io-socket-ssl" ,perl-io-socket-ssl))) | |
0bc2d3e4 OP |
673 | (arguments |
674 | `(#:modules ((guix build utils) | |
675 | (ice-9 match) | |
676 | (srfi srfi-26)) | |
677 | #:builder | |
678 | (begin | |
679 | (use-modules (guix build utils) | |
680 | (ice-9 match) | |
681 | (srfi srfi-26)) | |
682 | ;; bootstrap | |
683 | (setenv "PATH" (string-append | |
684 | (assoc-ref %build-inputs "bash") "/bin" ":" | |
685 | (assoc-ref %build-inputs "tar") "/bin" ":" | |
686 | (assoc-ref %build-inputs "gzip") "/bin" ":" | |
687 | (assoc-ref %build-inputs "perl") "/bin")) | |
688 | ;; extract source | |
689 | (invoke "tar" "xvf" (assoc-ref %build-inputs "source")) | |
690 | ;; package | |
691 | (with-directory-excursion (string-append ,name "-" ,version) | |
692 | (let* ((out (assoc-ref %outputs "out")) | |
693 | (bin (string-append out "/bin"))) | |
694 | (let ((file "ddclient")) | |
695 | (substitute* file | |
696 | (("/usr/bin/perl") (which "perl")) | |
697 | ;; Strictly use ‘/etc/ddclient/ddclient.conf’. | |
698 | (("\\$\\{program\\}\\.conf") "/etc/ddclient/ddclient.conf") | |
699 | (("\\$etc\\$program.conf") "/etc/ddclient/ddclient.conf") | |
700 | ;; Strictly use ‘/var/cache/ddclient/ddclient.cache’ | |
701 | (("\\$cachedir\\$program\\.cache") | |
702 | "/var/cache/ddclient/ddclient.cache")) | |
703 | (install-file file bin) | |
704 | (wrap-program (string-append bin "/" file) | |
705 | `("PATH" ":" = | |
706 | ("$PATH" | |
707 | ,@(map (lambda (input) | |
708 | (match input | |
709 | ((name . store) | |
710 | (string-append store "/bin")))) | |
711 | %build-inputs))) | |
712 | `("PERL5LIB" ":" = | |
713 | ,(delete | |
714 | "" | |
715 | (map (match-lambda | |
716 | (((? (cut string-prefix? "perl-" <>) name) . dir) | |
717 | (string-append dir "/lib/perl5/site_perl")) | |
718 | (_ "")) | |
719 | %build-inputs))))) | |
720 | (for-each (cut install-file <> (string-append out | |
721 | "/share/ddclient")) | |
722 | (find-files "." "sample.*$"))))))) | |
723 | (home-page "https://sourceforge.net/projects/ddclient/") | |
724 | (synopsis "Address updating utility for dynamic DNS services") | |
725 | (description "This package provides a client to update dynamic IP | |
726 | addresses with several dynamic DNS service providers, such as | |
727 | @uref{https://www.dyndns.com/account/login.html,DynDNS.com}. | |
728 | ||
729 | This makes it possible to use a fixed hostname (such as myhost.dyndns.org) to | |
730 | access a machine with a dynamic IP address. | |
731 | ||
732 | The client supports both dynamic and (near) static services, as well as MX | |
733 | record and alternative name management. It caches the address, and only | |
734 | attempts the update when it has changed.") | |
735 | (license license:gpl2+))) | |
91a4863d LC |
736 | |
737 | (define-public hnsd | |
738 | ;; There have been no releases yet, hence this commit. | |
739 | (let ((revision "0") | |
740 | (commit "895d89c25d316d18df9d374fe78aae3902bc89fb")) | |
741 | (package | |
742 | (name "hnsd") | |
743 | (version (git-version "0.0" revision commit)) | |
744 | (source (origin | |
745 | (method git-fetch) | |
746 | (uri (git-reference | |
747 | (url "https://github.com/handshake-org/hnsd") | |
748 | (commit commit))) | |
749 | (sha256 | |
750 | (base32 | |
751 | "0704y73sddn24jga9csw4gxyfb3pnrfnk0vdcph84n1h38490l16")) | |
752 | (file-name (git-file-name name version)) | |
753 | (modules '((guix build utils))) | |
754 | (snippet | |
755 | '(begin | |
756 | ;; Delete the bundled copy of libuv. | |
757 | (delete-file-recursively "uv") | |
758 | (substitute* "configure.ac" | |
759 | (("AC_CONFIG_SUBDIRS\\(\\[uv\\]\\)") "")) | |
760 | (substitute* "Makefile.am" | |
761 | (("SUBDIRS = uv") "\n") | |
762 | (("\\$\\(top_builddir\\)/uv/libuv.la") "-luv") | |
763 | ||
764 | ;; Make sure the 'hnsd' binary is installed and | |
765 | ;; dynamically-linked. | |
766 | (("noinst_PROGRAMS") "bin_PROGRAMS") | |
767 | (("hnsd_LDFLAGS = -static") "")) | |
768 | ||
769 | ;; This script tries to chdir to "uv" and doesn't do more | |
770 | ;; than "autoreconf" so remove it. | |
771 | (delete-file "autogen.sh") | |
772 | #t)))) | |
773 | (build-system gnu-build-system) | |
774 | (arguments | |
775 | '(#:configure-flags '("--disable-static"))) ;no need for libhsk.a | |
776 | (native-inputs | |
777 | `(("autoconf" ,autoconf) | |
778 | ("automake" ,automake) | |
779 | ("libtool" ,libtool))) | |
780 | (inputs | |
781 | `(("unbound" ,unbound) | |
782 | ("libuv" ,libuv))) | |
783 | (home-page "https://www.handshake.org/") | |
784 | (synopsis "Resolver daemon for the Handshake naming protocol") | |
785 | (description | |
786 | "@command{hnsd} is a @dfn{host name resolver} for the Handshake Naming | |
787 | System (HNS) peer-to-peer network.") | |
788 | (license license:expat)))) | |
498911d3 MO |
789 | |
790 | (define-public libmicrodns | |
791 | (package | |
792 | (name "libmicrodns") | |
793 | (version "0.0.10") | |
794 | (source (origin | |
795 | (method git-fetch) | |
796 | (uri (git-reference | |
797 | (url "https://github.com/videolabs/libmicrodns") | |
798 | (commit version))) | |
799 | (file-name (git-file-name name version)) | |
800 | (sha256 | |
801 | (base32 | |
802 | "1xvl9k49ng35wbsqmnjnyqvkyjf8dcq2ywsq3jp3wh0rgmxhq2fh")))) | |
803 | (build-system gnu-build-system) | |
804 | (native-inputs | |
805 | `(("pkg-config" ,pkg-config) | |
806 | ("autoconf" ,autoconf) | |
807 | ("automake" ,automake) | |
808 | ("libtool" ,libtool))) | |
809 | (home-page "https://github.com/videolabs/libmicrodns") | |
810 | (synopsis "Minimal mDNS resolver library") | |
811 | (description "@code{libmicrodns} provides a minimal implementation of a | |
812 | mDNS resolver as well as an announcer. mDNS (Multicast Domain Name System) is | |
813 | a zero-config service that allows one to resolve host names to IP addresses in | |
814 | local networks.") | |
815 | (license license:lgpl2.1))) | |
41553c90 CM |
816 | |
817 | (define-public public-suffix-list | |
818 | ;; Mozilla releases the official list here: | |
819 | ;; | |
820 | ;; https://publicsuffix.org/list/public_suffix_list.dat | |
821 | ;; | |
822 | ;; However, Mozilla syncs that file from the GitHub repository periodically, | |
823 | ;; so its contents will change over time. If you update this commit, please | |
824 | ;; make sure that the new commit refers to a list which is identical to the | |
825 | ;; officially published list available from the URL above. | |
826 | (let ((commit "9375b697baddb0827a5995c81bd3c75877a0b35d")) | |
827 | (package | |
828 | (name "public-suffix-list") | |
829 | (version (git-version "0" "1" commit)) | |
830 | (source (origin | |
831 | (method git-fetch) | |
832 | (uri (git-reference | |
833 | (url "https://github.com/publicsuffix/list.git") | |
834 | (commit commit))) | |
835 | (file-name (git-file-name name version)) | |
836 | (sha256 | |
837 | (base32 | |
838 | "1sm7pni01rnl4ldzi8z8nc4cbgq8nxda9gwc68v0s3ij7jd1jmik")))) | |
839 | (build-system trivial-build-system) | |
840 | (arguments | |
841 | `(#:modules ((guix build utils)) | |
842 | #:builder | |
843 | (begin | |
844 | (use-modules (guix build utils)) | |
845 | (let* ((out (assoc-ref %outputs "out")) | |
846 | ;; Install to /share because that is where "read-only | |
847 | ;; architecture-independent data files" should go (see: | |
848 | ;; (standards) Directory Variables). Include the version in | |
849 | ;; the directory name so that if multiple versions are ever | |
850 | ;; installed in the same profile, they will not conflict. | |
851 | (destination (string-append | |
852 | out "/share/public-suffix-list-" ,version)) | |
853 | (source (assoc-ref %build-inputs "source"))) | |
854 | (with-directory-excursion source | |
855 | (install-file "public_suffix_list.dat" destination) | |
856 | (install-file "LICENSE" destination)) | |
857 | #t)))) | |
858 | (home-page "https://publicsuffix.org/") | |
859 | (synopsis "Database of current and historical DNS suffixes") | |
860 | (description "This is the Public Suffix List maintained by Mozilla. A | |
861 | \"public suffix\" is one under which Internet users can (or historically | |
862 | could) directly register names in the Domain Name System (DNS). Some examples | |
863 | of public suffixes are .com, .co.uk and pvt.k12.ma.us. This is a list of all | |
864 | known public suffixes.") | |
865 | (license license:mpl2.0)))) |