HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' into core-updates
[jackhill/guix/guix.git] / gnu / packages / dns.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
3 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
5 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
6 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
7 ;;; Copyright © 2016 ng0 <ng0@n0.is>
8 ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
9 ;;; Copyright © 2016, 2020 Marius Bakke <mbakke@fastmail.com>
10 ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
11 ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
12 ;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
13 ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
14 ;;; Copyright © 2019 Chris Marusich <cmmarusich@gmail.com>
15 ;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com>
16 ;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com>
17 ;;;
18 ;;; This file is part of GNU Guix.
19 ;;;
20 ;;; GNU Guix is free software; you can redistribute it and/or modify it
21 ;;; under the terms of the GNU General Public License as published by
22 ;;; the Free Software Foundation; either version 3 of the License, or (at
23 ;;; your option) any later version.
24 ;;;
25 ;;; GNU Guix is distributed in the hope that it will be useful, but
26 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
27 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 ;;; GNU General Public License for more details.
29 ;;;
30 ;;; You should have received a copy of the GNU General Public License
31 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
32
33 (define-module (gnu packages dns)
34 #:use-module (gnu packages admin)
35 #:use-module (gnu packages autotools)
36 #:use-module (gnu packages base)
37 #:use-module (gnu packages bash)
38 #:use-module (gnu packages check)
39 #:use-module (gnu packages databases)
40 #:use-module (gnu packages documentation)
41 #:use-module (gnu packages compression)
42 #:use-module (gnu packages crypto)
43 #:use-module (gnu packages datastructures)
44 #:use-module (gnu packages flex)
45 #:use-module (gnu packages glib)
46 #:use-module (gnu packages groff)
47 #:use-module (gnu packages groff)
48 #:use-module (gnu packages libedit)
49 #:use-module (gnu packages libevent)
50 #:use-module (gnu packages libidn)
51 #:use-module (gnu packages linux)
52 #:use-module (gnu packages lua)
53 #:use-module (gnu packages ncurses)
54 #:use-module (gnu packages nettle)
55 #:use-module (gnu packages networking)
56 #:use-module (gnu packages perl)
57 #:use-module (gnu packages pkg-config)
58 #:use-module (gnu packages protobuf)
59 #:use-module (gnu packages python)
60 #:use-module (gnu packages python-xyz)
61 #:use-module (gnu packages sphinx)
62 #:use-module (gnu packages swig)
63 #:use-module (gnu packages tls)
64 #:use-module (gnu packages web)
65 #:use-module (gnu packages xml)
66 #:use-module (gnu packages)
67 #:use-module ((guix licenses) #:prefix license:)
68 #:use-module (guix packages)
69 #:use-module (guix download)
70 #:use-module (guix git-download)
71 #:use-module (guix utils)
72 #:use-module (guix build-system gnu)
73 #:use-module (guix build-system meson)
74 #:use-module (guix build-system trivial))
75
76 (define-public dnsmasq
77 (package
78 (name "dnsmasq")
79 (version "2.81")
80 (source (origin
81 (method url-fetch)
82 (uri (string-append
83 "http://www.thekelleys.org.uk/dnsmasq/dnsmasq-"
84 version ".tar.xz"))
85 (sha256
86 (base32
87 "1yzq6anwgr5rlnwydpszb51cyhp2vjq29b24ck19flbwac1sk73l"))))
88 (build-system gnu-build-system)
89 (native-inputs
90 `(("pkg-config" ,pkg-config)))
91 (inputs
92 `(("dbus" ,dbus)))
93 (arguments
94 `(#:phases
95 (modify-phases %standard-phases (delete 'configure))
96 #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
97 "CC=gcc"
98 "COPTS=\"-DHAVE_DBUS\"")
99 #:tests? #f)) ; no ‘check’ target
100 (home-page "http://www.thekelleys.org.uk/dnsmasq/doc.html")
101 (synopsis "Small caching DNS proxy and DHCP/TFTP server")
102 (description
103 "Dnsmasq is a light-weight DNS forwarder and DHCP server. It is designed
104 to provide DNS and, optionally, DHCP to a small network. It can serve the
105 names of local machines which are not in the global DNS. The DHCP server
106 integrates with the DNS server and allows machines with DHCP-allocated
107 addresses to appear in the DNS with names configured either on each host or in
108 a central configuration file. Dnsmasq supports static and dynamic DHCP leases
109 and BOOTP/TFTP for network booting of diskless machines.")
110 ;; Source files only say GPL2 and GPL3 are allowed.
111 (license (list license:gpl2 license:gpl3))))
112
113 ;; 'bind' is the name of a built-in Guile procedure, which is why we choose a
114 ;; different name here.
115 (define-public isc-bind
116 (package
117 (name "bind")
118 (version "9.16.2")
119 (source (origin
120 (method url-fetch)
121 (uri (string-append
122 "https://ftp.isc.org/isc/bind9/" version
123 "/bind-" version ".tar.xz"))
124 (sha256
125 (base32
126 "0gwr4p14zy5jqq050n762rfc33km51qwipcwy6bsvk55ziybgrfr"))))
127 (build-system gnu-build-system)
128 (outputs `("out" "utils"))
129 (inputs
130 ;; It would be nice to add GeoIP and gssapi once there are packages.
131 `(("libcap" ,libcap)
132 ("libuv" ,libuv)
133 ("libxml2" ,libxml2)
134 ("openssl" ,openssl)
135 ("p11-kit" ,p11-kit)
136 ("python" ,python)
137 ("python-ply" ,python-ply)))
138 (native-inputs
139 `(("perl" ,perl)
140 ("pkg-config" ,pkg-config)))
141 (arguments
142 `(#:configure-flags
143 (list (string-append "--with-pkcs11="
144 (assoc-ref %build-inputs "p11-kit")))
145 #:phases
146 (modify-phases %standard-phases
147 (add-after 'strip 'move-to-utils
148 (lambda _
149 (for-each
150 (lambda (file)
151 (let ((target (string-append (assoc-ref %outputs "utils") file))
152 (src (string-append (assoc-ref %outputs "out") file)))
153 (mkdir-p (dirname target))
154 (link src target)
155 (delete-file src)))
156 '("/bin/dig" "/bin/delv" "/bin/nslookup" "/bin/host" "/bin/nsupdate"
157 "/share/man/man1/dig.1"
158 "/share/man/man1/host.1"
159 "/share/man/man1/nslookup.1"
160 "/share/man/man1/nsupdate.1"))
161 #t))
162 ;; When and if guix provides user namespaces for the build process,
163 ;; then the following can be uncommented and the subsequent "force-test"
164 ;; will not be necessary.
165 ;;
166 ;; (add-before 'check 'set-up-loopback
167 ;; (lambda _
168 ;; (system "bin/tests/system/ifconfig.sh up")))
169 (replace 'check
170 (lambda _
171 ;; XXX Even ‘make force-test’ tries to create network interfaces
172 ;; and fails. The only working target is the (trivial) fuzz test.
173 (with-directory-excursion "fuzz"
174 (invoke "make" "check"))
175 #t)))))
176 (synopsis "An implementation of the Domain Name System")
177 (description "BIND is an implementation of the @dfn{Domain Name System}
178 (DNS) protocols for the Internet. It is a reference implementation of those
179 protocols, but it is also production-grade software, suitable for use in
180 high-volume and high-reliability applications. The name BIND stands for
181 \"Berkeley Internet Name Domain\", because the software originated in the early
182 1980s at the University of California at Berkeley.")
183 (home-page "https://www.isc.org/downloads/bind")
184 (license (list license:mpl2.0))))
185
186 (define-public dnscrypt-proxy
187 (package
188 (name "dnscrypt-proxy")
189 (version "1.9.5")
190 (source (origin
191 (method url-fetch)
192 (uri (string-append
193 "https://download.dnscrypt.org/dnscrypt-proxy/"
194 "dnscrypt-proxy-" version ".tar.bz2"))
195 (sha256
196 (base32
197 "1dhvklr4dg2vlw108n11xbamacaryyg3dbrg629b76lp7685p7z8"))
198 (modules '((guix build utils)))
199 (snippet
200 ;; Delete bundled libltdl. XXX: This package also bundles
201 ;; a modified libevent that cannot currently be removed.
202 '(begin
203 (delete-file-recursively "libltdl")
204 #t))))
205 (build-system gnu-build-system)
206 (arguments
207 `(#:phases
208 (modify-phases %standard-phases
209 (add-after 'unpack 'autoreconf
210 (lambda _
211 ;; Re-generate build files due to unbundling ltdl.
212 ;; TODO: Prevent generating new libltdl and building it.
213 ;; The system version is still favored and referenced.
214 (invoke "autoreconf" "-vif"))))))
215 (native-inputs
216 `(("pkg-config" ,pkg-config)
217 ("automake" ,automake)
218 ("autoconf" ,autoconf)
219 ("libtool" ,libtool)))
220 (inputs
221 `(("libltdl" ,libltdl)
222 ("libsodium" ,libsodium)))
223 (home-page "https://www.dnscrypt.org/")
224 (synopsis "Securely send DNS requests to a remote server")
225 (description
226 "@command{dnscrypt-proxy} is a tool for securing communications
227 between a client and a DNS resolver. It verifies that responses you get
228 from a DNS provider was actually sent by that provider, and haven't been
229 tampered with. For optimal performance it is recommended to use this as
230 a forwarder for a caching DNS resolver such as @command{dnsmasq}, but it
231 can also be used as a normal DNS \"server\". A list of public dnscrypt
232 servers is included, and an up-to-date version is available at
233 @url{https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv}.")
234 (license (list license:isc
235 ;; Libevent and src/ext/queue.h is 3-clause BSD.
236 license:bsd-3))))
237
238 (define-public dnscrypt-wrapper
239 (package
240 (name "dnscrypt-wrapper")
241 (version "0.2.2")
242 (source (origin
243 (method url-fetch)
244 (uri (string-append
245 "https://github.com/cofyc/dnscrypt-wrapper/releases"
246 "/download/v" version "/" name "-v" version ".tar.bz2"))
247 (sha256
248 (base32
249 "1vhg4g0r687f51wcdn7z9w1hxapazx6vyh5rsr8wa48sljzd583g"))))
250 (build-system gnu-build-system)
251 (arguments
252 `(#:make-flags '("CC=gcc")
253 ;; TODO: Tests require ruby-cucumber and ruby-aruba.
254 #:tests? #f
255 #:phases
256 (modify-phases %standard-phases
257 (add-after 'unpack 'create-configure
258 (lambda _
259 (invoke "make" "configure"))))))
260 (native-inputs
261 `(("autoconf" ,autoconf)))
262 (inputs
263 `(("libevent" ,libevent)
264 ("libsodium" ,libsodium)))
265 (home-page "https://github.com/Cofyc/dnscrypt-wrapper")
266 (synopsis "Server-side dnscrypt proxy")
267 (description
268 "@command{dnscrypt-wrapper} is a tool to expose a name server over
269 the @code{dnscrypt} protocol. It can be used as an endpoint for the
270 @command{dnscrypt-proxy} client to securely tunnel DNS requests between
271 the two.")
272 (license (list license:isc
273 ;; Bundled argparse is MIT. TODO: package and unbundle.
274 license:expat
275 ;; dns-protocol.h and rfc1035.{c,h} is gpl2 or gpl3 (either).
276 license:gpl2
277 license:gpl3))))
278
279 (define-public libasr
280 (package
281 (name "libasr")
282 (version "1.0.4")
283 (source
284 (origin
285 (method url-fetch)
286 (uri (string-append "https://www.opensmtpd.org/archives/"
287 "libasr-" version ".tar.gz"))
288 (sha256
289 (base32 "1d6s8njqhvayx2gp47409sp1fn8m608ws26hr1srfp6i23nnpyqr"))))
290 (build-system gnu-build-system)
291 (arguments
292 `(#:phases
293 (modify-phases %standard-phases
294 (add-after 'install 'install-documentation
295 (lambda* (#:key outputs #:allow-other-keys)
296 (let ((out (assoc-ref outputs "out")))
297 (install-file "src/asr_run.3"
298 (string-append out "/share/man/man3"))
299 #t))))))
300 (native-inputs
301 `(("autoconf" ,autoconf)
302 ("automake" ,automake)
303 ("libtool" ,libtool)
304 ("pkg-config" ,pkg-config)))
305 (home-page "https://www.opensmtpd.org")
306 (synopsis "Asynchronous resolver library by the OpenBSD project")
307 (description
308 "libasr is a free, simple and portable asynchronous resolver library.
309 It runs DNS queries and performs hostname resolution in a fully
310 asynchronous fashion.")
311 (license (list license:isc
312 license:bsd-2 ; last part of getrrsetbyname_async.c
313 license:bsd-3
314 (license:non-copyleft "file://LICENSE") ; includes.h
315 license:openssl))))
316
317 (define-public nsd
318 (package
319 (name "nsd")
320 (version "4.2.4")
321 (source
322 (origin
323 (method url-fetch)
324 (uri (string-append "https://www.nlnetlabs.nl/downloads/nsd/nsd-"
325 version ".tar.gz"))
326 (sha256
327 (base32 "0z7j3vwqqj0hh8n5irb2yqwzl45k4sn2wczbq1b1lqv5cxv6vgcy"))))
328 (build-system gnu-build-system)
329 (arguments
330 `(#:configure-flags
331 (list "--enable-pie" ; fully benefit from ASLR
332 "--enable-ratelimit"
333 "--enable-recvmmsg"
334 "--enable-relro-now" ; protect GOT and .dtor areas
335 "--disable-radix-tree"
336 (string-append "--with-libevent="
337 (assoc-ref %build-inputs "libevent"))
338 (string-append "--with-ssl="
339 (assoc-ref %build-inputs "openssl"))
340 "--with-configdir=/etc"
341 "--with-nsd_conf_file=/etc/nsd/nsd.conf"
342 "--with-logfile=/var/log/nsd.log"
343 "--with-pidfile=/var/db/nsd/nsd.pid"
344 "--with-dbfile=/var/db/nsd/nsd.db"
345 "--with-zonesdir=/etc/nsd"
346 "--with-xfrdfile=/var/db/nsd/xfrd.state"
347 "--with-zonelistfile=/var/db/nsd/zone.list")
348 #:phases
349 (modify-phases %standard-phases
350 (add-before 'configure 'patch-installation-paths
351 (lambda* (#:key outputs #:allow-other-keys)
352 (let* ((out (assoc-ref outputs "out"))
353 (doc (string-append out "/share/doc/" ,name "-" ,version)))
354 ;; The ‘make install’ target tries to create the parent
355 ;; directories of run-time things like ‘pidfile’ above, and
356 ;; useless empty directories like 'configdir'. Remove such
357 ;; '$(INSTALL)' lines and install the example configuration file
358 ;; in an appropriate location.
359 (substitute* "Makefile.in"
360 ((".*INSTALL.*\\$\\((config|pid|xfr|db)dir" command)
361 (string-append "#" command))
362 (("\\$\\(nsdconfigfile\\)\\.sample" file-name)
363 (string-append doc "/examples/" file-name)))
364 #t))))
365 #:tests? #f)) ; no tests
366 (inputs
367 `(("libevent" ,libevent)
368 ("openssl" ,openssl)))
369 (home-page "https://www.nlnetlabs.nl/projects/nsd/about/")
370 (synopsis "Authoritative DNS name server")
371 (description "@dfn{NSD}, short for Name Server Daemon, is an authoritative
372 name server for the Domain Name System (@dfn{DNS}). It aims to be a fast and
373 RFC-compliant nameserver.
374
375 NSD uses zone information compiled via @command{zonec} into a binary database
376 file (@file{nsd.db}). This allows fast startup of the name service daemon and
377 allows syntax-structural errors in zone files to be flagged at compile time,
378 before being made available to NSD service itself. However, most traditional
379 BIND-style zone files can be directly imported into NSD without modification.
380
381 The collection of programs and processes that make up NSD are designed so that
382 the daemon itself runs as a non-privileged user and can be easily configured to
383 run in a @code{chroot} jail, thus making any security flaws in NSD less likely
384 to result in system-wide compromise.")
385 (license (list license:bsd-3))))
386
387 (define-public unbound
388 (package
389 (name "unbound")
390 (version "1.10.0")
391 (source
392 (origin
393 (method url-fetch)
394 (uri (string-append "https://www.unbound.net/downloads/unbound-"
395 version ".tar.gz"))
396 (sha256
397 (base32 "0mg9divpysr42sp0m693a70693dp8025v6c9dv1yabr4g1jlhbqm"))))
398 (build-system gnu-build-system)
399 (outputs '("out" "python"))
400 (native-inputs
401 `(("flex" ,flex)
402 ("swig" ,swig)))
403 (inputs
404 `(("expat" ,expat)
405 ("libevent" ,libevent)
406 ("protobuf" ,protobuf)
407 ("python-wrapper" ,python-wrapper)
408 ("openssl" ,openssl)))
409 (arguments
410 `(#:configure-flags
411 (list "--disable-static" ; save space and non-determinism in libunbound.a
412 (string-append
413 "--with-ssl=" (assoc-ref %build-inputs "openssl"))
414 (string-append
415 "--with-libevent=" (assoc-ref %build-inputs "libevent"))
416 (string-append
417 "--with-libexpat=" (assoc-ref %build-inputs "expat"))
418 "--with-pythonmodule" "--with-pyunbound")
419 #:phases
420 (modify-phases %standard-phases
421 (add-after 'configure 'fix-python-site-package-path
422 ;; Move python modules into their own output.
423 (lambda* (#:key outputs #:allow-other-keys)
424 (let ((pyout (assoc-ref outputs "python"))
425 (ver ,(version-major+minor (package-version python))))
426 (substitute* "Makefile"
427 (("^PYTHON_SITE_PKG=.*$")
428 (string-append
429 "PYTHON_SITE_PKG="
430 pyout "/lib/python-" ver "/site-packages\n"))))
431 #t))
432 (add-before 'check 'fix-missing-nss-for-tests
433 ;; Unfortunately, the package's unittests involve some checks
434 ;; looking up protocols and services which are not provided
435 ;; by the minimalistic build environment, in particular,
436 ;; /etc/protocols and /etc/services are missing.
437 ;; Also, after plain substitution of protocol and service names
438 ;; in the test data, the tests still fail because the
439 ;; corresponding Resource Records have been signed by
440 ;; RRSIG records.
441 ;; The following LD_PRELOAD library overwrites the glibc
442 ;; functions ‘get{proto,serv}byname’, ‘getprotobynumber’ and
443 ;; ‘getservbyport’ providing the few records required for the
444 ;; unit tests to pass.
445 (lambda* (#:key inputs outputs #:allow-other-keys)
446 (let* ((source (assoc-ref %build-inputs "source"))
447 (gcc (assoc-ref %build-inputs "gcc")))
448 (call-with-output-file "/tmp/nss_preload.c"
449 (lambda (port)
450 (display "#include <stdlib.h>
451 #include <string.h>
452 #include <strings.h>
453
454 #include <netdb.h>
455
456 struct protoent *getprotobyname(const char *name) {
457 struct protoent *p = malloc(sizeof(struct protoent));
458 p->p_aliases = malloc(sizeof(char*));
459 if (strcasecmp(name, \"tcp\") == 0) {
460 p->p_name = \"tcp\";
461 p->p_proto = 6;
462 p->p_aliases[0] = \"TCP\";
463 } else if (strcasecmp(name, \"udp\") == 0) {
464 p->p_name = \"udp\";
465 p->p_proto = 17;
466 p->p_aliases[0] = \"UDP\";
467 } else
468 p = NULL;
469 return p;
470 }
471
472 struct protoent *getprotobynumber(int proto) {
473 struct protoent *p = malloc(sizeof(struct protoent));
474 p->p_aliases = malloc(sizeof(char*));
475 switch(proto) {
476 case 6:
477 p->p_name = \"tcp\";
478 p->p_proto = 6;
479 p->p_aliases[0] = \"TCP\";
480 break;
481 case 17:
482 p->p_name = \"udp\";
483 p->p_proto = 17;
484 p->p_aliases[0] = \"UDP\";
485 break;
486 default:
487 p = NULL;
488 break;
489 }
490 return p;
491 }
492
493 struct servent *getservbyname(const char *name, const char *proto) {
494 struct servent *s = malloc(sizeof(struct servent));
495 char* buf = malloc((strlen(proto)+1)*sizeof(char));
496 strcpy(buf, proto);
497 s->s_aliases = malloc(sizeof(char*));
498 s->s_aliases[0] = NULL;
499 if (strcasecmp(name, \"domain\") == 0) {
500 s->s_name = \"domain\";
501 s->s_port = htons(53);
502 s->s_proto = buf;
503 } else
504 s = NULL;
505 return s;
506 }
507
508 struct servent *getservbyport(int port, const char *proto) {
509 char buf[32];
510 struct servent *s = malloc(sizeof(struct servent));
511 strcpy(buf, proto);
512 s->s_aliases = malloc(sizeof(char*));
513 s->s_aliases[0] = NULL;
514 switch(port) {
515 case 53:
516 s->s_name = \"domain\";
517 s->s_port = 53;
518 s->s_proto = \"udp\";
519 break;
520 default:
521 s = NULL;
522 break;
523 }
524 return s;
525 }" port)))
526 (invoke (string-append gcc "/bin/gcc")
527 "-shared" "-fPIC" "-o" "/tmp/nss_preload.so"
528 "/tmp/nss_preload.c")
529 ;; The preload library only affects the unittests.
530 (substitute* "Makefile"
531 (("./unittest")
532 "LD_PRELOAD=/tmp/nss_preload.so ./unittest")))
533 #t)))))
534 (home-page "https://www.unbound.net")
535 (synopsis "Validating, recursive, and caching DNS resolver")
536 (description
537 "Unbound is a recursive-only caching DNS server which can perform DNSSEC
538 validation of results. It implements only a minimal amount of authoritative
539 service to prevent leakage to the root nameservers: forward lookups for
540 localhost, reverse for @code{127.0.0.1} and @code{::1}, and NXDOMAIN for zones
541 served by AS112. Stub and forward zones are supported.")
542 (license license:bsd-4)))
543
544 (define-public yadifa
545 (package
546 (name "yadifa")
547 (version "2.3.9")
548 (source
549 (let ((build "8497"))
550 (origin
551 (method url-fetch)
552 (uri
553 (string-append "http://cdn.yadifa.eu/sites/default/files/releases/"
554 "yadifa-" version "-" build ".tar.gz"))
555 (sha256
556 (base32 "0xvyr91sfgzkpw6g3h893ldbwnki3w2472n56rr18w67qghs1sa5")))))
557 (build-system gnu-build-system)
558 (native-inputs
559 `(("which" ,which)))
560 (inputs
561 `(("openssl" ,openssl)))
562 (arguments
563 `(#:phases
564 (modify-phases %standard-phases
565 (add-before 'configure 'omit-example-configurations
566 (lambda _
567 (substitute* "Makefile.in"
568 ((" (etc|var)") ""))
569 #t)))
570 #:configure-flags
571 (list "--sysconfdir=/etc"
572 "--localstatedir=/var"
573 "--disable-build-timestamp" ; build reproducibly
574 "--enable-shared"
575 "--disable-static"
576 "--enable-acl"
577 "--enable-caching"
578 "--enable-ctrl" ; enable remote control
579 "--enable-nsec"
580 "--enable-nsec3"
581 "--enable-tsig")))
582 (home-page "https://www.yadifa.eu/")
583 (synopsis "Authoritative DNS name server")
584 (description "YADIFA is an authoritative name server for the @dfn{Domain
585 Name System} (DNS). It aims for both higher performance and a smaller memory
586 footprint than other implementations, while remaining fully RFC-compliant.
587 YADIFA supports dynamic record updates and the @dfn{Domain Name System Security
588 Extensions} (DNSSEC).")
589 (license license:bsd-3)))
590
591 (define-public knot
592 (package
593 (name "knot")
594 (version "2.9.3")
595 (source
596 (origin
597 (method url-fetch)
598 (uri (string-append "https://secure.nic.cz/files/knot-dns/"
599 "knot-" version ".tar.xz"))
600 (sha256
601 (base32 "0zm0642hkb16sqkqpa84f89f3s0bw44m837r1nia8m89swvz3bgj"))
602 (modules '((guix build utils)))
603 (snippet
604 '(begin
605 ;; Delete bundled libraries.
606 (with-directory-excursion "src/contrib"
607 (delete-file-recursively "lmdb"))
608 #t))))
609 (build-system gnu-build-system)
610 (native-inputs
611 `(("pkg-config" ,pkg-config)))
612 (inputs
613 `(("fstrm" ,fstrm)
614 ("gnutls" ,gnutls)
615 ("jansson" ,jansson)
616 ("libcap-ng" ,libcap-ng)
617 ("libedit" ,libedit)
618 ("libidn" ,libidn)
619 ("liburcu" ,liburcu)
620 ("lmdb" ,lmdb)
621 ("ncurses" ,ncurses)
622 ("protobuf-c" ,protobuf-c)))
623 (arguments
624 `(#:phases
625 (modify-phases %standard-phases
626 (add-before 'configure 'disable-directory-pre-creation
627 (lambda _
628 ;; Don't install empty directories like ‘/etc’ outside the store.
629 ;; This is needed even when using ‘make config_dir=... install’.
630 (substitute* "src/Makefile.in" (("\\$\\(INSTALL\\) -d") "true"))
631 #t))
632 (replace 'install
633 (lambda* (#:key outputs #:allow-other-keys)
634 (let* ((out (assoc-ref outputs "out"))
635 (doc (string-append out "/share/doc/" ,name "-" ,version))
636 (etc (string-append doc "/examples/etc")))
637 (invoke "make"
638 (string-append "config_dir=" etc)
639 "install")))))
640 #:configure-flags
641 (list "--sysconfdir=/etc"
642 "--localstatedir=/var"
643 "--enable-dnstap" ; let tools read/write capture files
644 "--with-module-dnstap=yes" ; detailed query capturing & logging
645 (string-append "--with-bash-completions="
646 (assoc-ref %outputs "out")
647 "/etc/bash_completion.d"))))
648 (home-page "https://www.knot-dns.cz/")
649 (synopsis "Authoritative DNS name server")
650 (description "Knot DNS is an authoritative name server for the @dfn{Domain
651 Name System} (DNS), designed to meet the needs of root and @dfn{top-level
652 domain} (TLD) name servers. It is implemented as a threaded daemon and uses a
653 number of programming techniques to improve speed. For example, the responder
654 is completely lock-free, resulting in a very high response rate. Other features
655 include automatic @dfn{DNS Security Extensions} (DNSSEC) signing, dynamic record
656 synthesis, and on-the-fly re-configuration.")
657 (license
658 (list
659 ;; src/contrib/{hat-trie,murmurhash3,openbsd},
660 ;; src/dnssec/contrib/vpool.[ch], and parts of libtap/ are ‘MIT’ (expat).
661 license:expat
662 license:lgpl2.0+ ; parts of scr/contrib/ucw
663 license:public-domain ; src/contrib/fnv and possibly murmurhash3
664 license:gpl3+)))) ; everything else
665
666 (define-public knot-resolver
667 (package
668 (name "knot-resolver")
669 (version "4.3.0")
670 (source (origin
671 (method url-fetch)
672 (uri (string-append "https://secure.nic.cz/files/knot-resolver/"
673 "knot-resolver-" version ".tar.xz"))
674 (sha256
675 (base32
676 "09ffmqx79lv5psr433x4n946njgsn071b9b7161pcb9bmrqz380c"))))
677 (build-system meson-build-system)
678 (arguments
679 '(#:configure-flags '("-Ddoc=enabled")
680 #:phases
681 (modify-phases %standard-phases
682 (add-before 'configure 'disable-default-ta
683 (lambda _
684 ;; Disable the default managed root TA, since we don't have
685 ;; write access to the keyfile and its directory in store.
686 (substitute* "daemon/lua/sandbox.lua.in"
687 (("^trust_anchors\\.add_file.*") ""))
688 #t))
689 (add-after 'build 'build-doc
690 (lambda _
691 (invoke "ninja" "doc")))
692 (add-after 'install 'wrap-binary
693 (lambda* (#:key inputs outputs #:allow-other-keys)
694 (let* ((out (assoc-ref outputs "out"))
695 (lua-* (map cdr (filter
696 (lambda (input)
697 (string-prefix? "lua-" (car input)))
698 inputs)))
699 (lua-path (lambda (p)
700 (string-append p "/share/lua/5.1/?.lua")))
701 (lua-cpath (lambda (p)
702 (string-append p "/lib/lua/5.1/?.so"))))
703 (wrap-program (string-append out "/sbin/kresd")
704 `("LUA_PATH" ";" prefix ,(map lua-path lua-*))
705 `("LUA_CPATH" ";" prefix ,(map lua-cpath lua-*)))
706 #t))))))
707 (native-inputs
708 `(("cmocka" ,cmocka) ; for unit tests
709 ("doxygen" ,doxygen)
710 ("protobuf-c" ,protobuf-c)
711 ("pkg-config" ,pkg-config)
712 ("python-breathe" ,python-breathe)
713 ("python-sphinx" ,python-sphinx)
714 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)))
715 (inputs
716 `(("fstrm" ,fstrm)
717 ("gnutls" ,gnutls)
718 ("knot" ,knot)
719 ("libuv" ,libuv)
720 ("lmdb" ,lmdb)
721 ("luajit" ,luajit)
722 ;; TODO: Add optional lua modules: basexx, cqueues and psl.
723 ("lua-bitop" ,lua5.1-bitop)
724 ("lua-filesystem" ,lua5.1-filesystem)
725 ("lua-sec" ,lua5.1-sec)
726 ("lua-socket" ,lua5.1-socket)))
727 (home-page "https://www.knot-resolver.cz/")
728 (synopsis "Caching validating DNS resolver")
729 (description
730 "Knot Resolver is a caching full resolver implementation written in C and
731 LuaJIT, both a resolver library and a daemon.")
732 (license (list license:gpl3+
733 ;; Some 'contrib' files are under MIT, CC0 and LGPL2.
734 license:expat
735 license:cc0
736 license:lgpl2.0))))
737
738 (define-public ddclient
739 (package
740 (name "ddclient")
741 (version "3.9.1")
742 (source
743 (origin
744 (method git-fetch)
745 (uri (git-reference
746 (url "https://github.com/ddclient/ddclient.git")
747 (commit (string-append "v" version))))
748 (file-name (git-file-name name version))
749 (sha256
750 (base32 "0hf377g4j9r9sac75xp17nk2h58mazswz4vkg4g2gl2yyhvzq91w"))))
751 (build-system trivial-build-system) ; no Makefile.PL
752 (native-inputs
753 `(("bash" ,bash)
754 ("perl" ,perl)))
755 (inputs
756 `(("inetutils" ,inetutils) ; logger
757 ("net-tools" ,net-tools)
758 ("perl-data-validate-ip" ,perl-data-validate-ip)
759 ("perl-digest-sha1" ,perl-digest-sha1)
760 ("perl-io-socket-ssl" ,perl-io-socket-ssl)))
761 (arguments
762 `(#:modules ((guix build utils)
763 (ice-9 match)
764 (srfi srfi-26))
765 #:builder
766 (begin
767 (use-modules (guix build utils)
768 (ice-9 match)
769 (srfi srfi-26))
770 (setenv "PATH" (string-append
771 (assoc-ref %build-inputs "bash") "/bin" ":"
772 (assoc-ref %build-inputs "perl") "/bin"))
773
774 ;; Copy the (read-only) source into the (writable) build directory.
775 (copy-recursively (assoc-ref %build-inputs "source") ".")
776
777 ;; Install.
778 (let* ((out (assoc-ref %outputs "out"))
779 (bin (string-append out "/bin")))
780 (let ((file "ddclient"))
781 (substitute* file
782 (("/usr/bin/perl") (which "perl"))
783 ;; Strictly use ‘/etc/ddclient/ddclient.conf’.
784 (("\\$\\{program\\}\\.conf") "/etc/ddclient/ddclient.conf")
785 (("\\$etc\\$program.conf") "/etc/ddclient/ddclient.conf")
786 ;; Strictly use ‘/var/cache/ddclient/ddclient.cache’
787 (("\\$cachedir\\$program\\.cache")
788 "/var/cache/ddclient/ddclient.cache"))
789 (install-file file bin)
790 (wrap-program (string-append bin "/" file)
791 `("PATH" ":" =
792 ("$PATH"
793 ,@(map (lambda (input)
794 (match input
795 ((name . store)
796 (string-append store "/bin"))))
797 %build-inputs)))
798 `("PERL5LIB" ":" =
799 ,(delete
800 ""
801 (map (match-lambda
802 (((? (cut string-prefix? "perl-" <>) name) . dir)
803 (string-append dir "/lib/perl5/site_perl"))
804 (_ ""))
805 %build-inputs)))))
806 (for-each (cut install-file <> (string-append out
807 "/share/ddclient"))
808 (find-files "." "sample.*$"))))))
809 (home-page "https://ddclient.net/")
810 (synopsis "Address updating utility for dynamic DNS services")
811 (description "This package provides a client to update dynamic IP
812 addresses with several dynamic DNS service providers, such as
813 @uref{https://www.dyndns.com/account/login.html,DynDNS.com}.
814
815 This makes it possible to use a fixed hostname (such as myhost.dyndns.org) to
816 access a machine with a dynamic IP address.
817
818 The client supports both dynamic and (near) static services, as well as MX
819 record and alternative name management. It caches the address, and only
820 attempts the update when it has changed.")
821 (license license:gpl2+)))
822
823 (define-public hnsd
824 ;; There have been no releases yet, hence this commit.
825 (let ((revision "0")
826 (commit "895d89c25d316d18df9d374fe78aae3902bc89fb"))
827 (package
828 (name "hnsd")
829 (version (git-version "0.0" revision commit))
830 (source (origin
831 (method git-fetch)
832 (uri (git-reference
833 (url "https://github.com/handshake-org/hnsd")
834 (commit commit)))
835 (sha256
836 (base32
837 "0704y73sddn24jga9csw4gxyfb3pnrfnk0vdcph84n1h38490l16"))
838 (file-name (git-file-name name version))
839 (modules '((guix build utils)))
840 (snippet
841 '(begin
842 ;; Delete the bundled copy of libuv.
843 (delete-file-recursively "uv")
844 (substitute* "configure.ac"
845 (("AC_CONFIG_SUBDIRS\\(\\[uv\\]\\)") ""))
846 (substitute* "Makefile.am"
847 (("SUBDIRS = uv") "\n")
848 (("\\$\\(top_builddir\\)/uv/libuv.la") "-luv")
849
850 ;; Make sure the 'hnsd' binary is installed and
851 ;; dynamically-linked.
852 (("noinst_PROGRAMS") "bin_PROGRAMS")
853 (("hnsd_LDFLAGS = -static") ""))
854
855 ;; This script tries to chdir to "uv" and doesn't do more
856 ;; than "autoreconf" so remove it.
857 (delete-file "autogen.sh")
858 #t))))
859 (build-system gnu-build-system)
860 (arguments
861 '(#:configure-flags '("--disable-static"))) ;no need for libhsk.a
862 (native-inputs
863 `(("autoconf" ,autoconf)
864 ("automake" ,automake)
865 ("libtool" ,libtool)))
866 (inputs
867 `(("unbound" ,unbound)
868 ("libuv" ,libuv)))
869 (home-page "https://www.handshake.org/")
870 (synopsis "Resolver daemon for the Handshake naming protocol")
871 (description
872 "@command{hnsd} is a @dfn{host name resolver} for the Handshake Naming
873 System (HNS) peer-to-peer network.")
874 (license license:expat))))
875
876 (define-public libmicrodns
877 (package
878 (name "libmicrodns")
879 (version "0.0.10")
880 (source (origin
881 (method git-fetch)
882 (uri (git-reference
883 (url "https://github.com/videolabs/libmicrodns")
884 (commit version)))
885 (file-name (git-file-name name version))
886 (sha256
887 (base32
888 "1xvl9k49ng35wbsqmnjnyqvkyjf8dcq2ywsq3jp3wh0rgmxhq2fh"))))
889 (build-system gnu-build-system)
890 (native-inputs
891 `(("pkg-config" ,pkg-config)
892 ("autoconf" ,autoconf)
893 ("automake" ,automake)
894 ("libtool" ,libtool)))
895 (home-page "https://github.com/videolabs/libmicrodns")
896 (synopsis "Minimal mDNS resolver library")
897 (description "@code{libmicrodns} provides a minimal implementation of a
898 mDNS resolver as well as an announcer. mDNS (Multicast Domain Name System) is
899 a zero-config service that allows one to resolve host names to IP addresses in
900 local networks.")
901 (license license:lgpl2.1)))
902
903 (define-public public-suffix-list
904 ;; Mozilla releases the official list here:
905 ;;
906 ;; https://publicsuffix.org/list/public_suffix_list.dat
907 ;;
908 ;; However, Mozilla syncs that file from the GitHub repository periodically,
909 ;; so its contents will change over time. If you update this commit, please
910 ;; make sure that the new commit refers to a list which is identical to the
911 ;; officially published list available from the URL above.
912 (let ((commit "9375b697baddb0827a5995c81bd3c75877a0b35d"))
913 (package
914 (name "public-suffix-list")
915 (version (git-version "0" "1" commit))
916 (source (origin
917 (method git-fetch)
918 (uri (git-reference
919 (url "https://github.com/publicsuffix/list.git")
920 (commit commit)))
921 (file-name (git-file-name name version))
922 (sha256
923 (base32
924 "1sm7pni01rnl4ldzi8z8nc4cbgq8nxda9gwc68v0s3ij7jd1jmik"))))
925 (build-system trivial-build-system)
926 (arguments
927 `(#:modules ((guix build utils))
928 #:builder
929 (begin
930 (use-modules (guix build utils))
931 (let* ((out (assoc-ref %outputs "out"))
932 ;; Install to /share because that is where "read-only
933 ;; architecture-independent data files" should go (see:
934 ;; (standards) Directory Variables). Include the version in
935 ;; the directory name so that if multiple versions are ever
936 ;; installed in the same profile, they will not conflict.
937 (destination (string-append
938 out "/share/public-suffix-list-" ,version))
939 (source (assoc-ref %build-inputs "source")))
940 (with-directory-excursion source
941 (install-file "public_suffix_list.dat" destination)
942 (install-file "LICENSE" destination))
943 #t))))
944 (home-page "https://publicsuffix.org/")
945 (synopsis "Database of current and historical DNS suffixes")
946 (description "This is the Public Suffix List maintained by Mozilla. A
947 \"public suffix\" is one under which Internet users can (or historically
948 could) directly register names in the Domain Name System (DNS). Some examples
949 of public suffixes are .com, .co.uk and pvt.k12.ma.us. This is a list of all
950 known public suffixes.")
951 (license license:mpl2.0))))
jackhill's copy of GNU Guix: https://guix.gnu.org/