HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gnu: dnscrypt-proxy: Return #t from phases.
[jackhill/guix/guix.git] / gnu / packages / dns.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
3 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
5 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
6 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
7 ;;; Copyright © 2016 Nils Gillmann <ng0@n0.is>
8 ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
9 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
10 ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
11 ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
12 ;;;
13 ;;; This file is part of GNU Guix.
14 ;;;
15 ;;; GNU Guix is free software; you can redistribute it and/or modify it
16 ;;; under the terms of the GNU General Public License as published by
17 ;;; the Free Software Foundation; either version 3 of the License, or (at
18 ;;; your option) any later version.
19 ;;;
20 ;;; GNU Guix is distributed in the hope that it will be useful, but
21 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
22 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 ;;; GNU General Public License for more details.
24 ;;;
25 ;;; You should have received a copy of the GNU General Public License
26 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
27
28 (define-module (gnu packages dns)
29 #:use-module (gnu packages admin)
30 #:use-module (gnu packages autotools)
31 #:use-module (gnu packages base)
32 #:use-module (gnu packages databases)
33 #:use-module (gnu packages crypto)
34 #:use-module (gnu packages datastructures)
35 #:use-module (gnu packages flex)
36 #:use-module (gnu packages glib)
37 #:use-module (gnu packages groff)
38 #:use-module (gnu packages groff)
39 #:use-module (gnu packages libedit)
40 #:use-module (gnu packages libevent)
41 #:use-module (gnu packages libidn)
42 #:use-module (gnu packages linux)
43 #:use-module (gnu packages ncurses)
44 #:use-module (gnu packages nettle)
45 #:use-module (gnu packages perl)
46 #:use-module (gnu packages pkg-config)
47 #:use-module (gnu packages protobuf)
48 #:use-module (gnu packages python)
49 #:use-module (gnu packages swig)
50 #:use-module (gnu packages tls)
51 #:use-module (gnu packages web)
52 #:use-module (gnu packages xml)
53 #:use-module (gnu packages)
54 #:use-module ((guix licenses) #:prefix license:)
55 #:use-module (guix packages)
56 #:use-module (guix download)
57 #:use-module (guix utils)
58 #:use-module (guix build-system gnu))
59
60 (define-public dnsmasq
61 (package
62 (name "dnsmasq")
63 (version "2.79")
64 (source (origin
65 (method url-fetch)
66 (uri (string-append
67 "http://www.thekelleys.org.uk/dnsmasq/dnsmasq-"
68 version ".tar.xz"))
69 (sha256
70 (base32
71 "07w6cw706yyahwvbvslhkrbjf2ynv567cgy9pal8bz8lrbsp9bbq"))))
72 (build-system gnu-build-system)
73 (native-inputs
74 `(("pkg-config" ,pkg-config)))
75 (inputs
76 `(("dbus" ,dbus)))
77 (arguments
78 `(#:phases
79 (modify-phases %standard-phases (delete 'configure))
80 #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
81 "CC=gcc"
82 "COPTS=\"-DHAVE_DBUS\"")
83 #:tests? #f)) ; no ‘check’ target
84 (home-page "http://www.thekelleys.org.uk/dnsmasq/doc.html")
85 (synopsis "Small caching DNS proxy and DHCP/TFTP server")
86 (description
87 "Dnsmasq is a light-weight DNS forwarder and DHCP server. It is designed
88 to provide DNS and, optionally, DHCP to a small network. It can serve the
89 names of local machines which are not in the global DNS. The DHCP server
90 integrates with the DNS server and allows machines with DHCP-allocated
91 addresses to appear in the DNS with names configured either on each host or in
92 a central configuration file. Dnsmasq supports static and dynamic DHCP leases
93 and BOOTP/TFTP for network booting of diskless machines.")
94 ;; Source files only say GPL2 and GPL3 are allowed.
95 (license (list license:gpl2 license:gpl3))))
96
97 ;; 'bind' is the name of a built-in Guile procedure, which is why we choose a
98 ;; different name here.
99 (define-public isc-bind
100 (package
101 (name "bind")
102 (version "9.12.1-P2")
103 (source (origin
104 (method url-fetch)
105 (uri (string-append
106 "ftp://ftp.isc.org/isc/bind9/" version "/" name "-"
107 version ".tar.gz"))
108 (patches (search-patches "bind-CVE-2018-5738.patch"))
109 (sha256
110 (base32
111 "0a9dvyg1dk7vpqn9gz7p5jas3bz7z22bjd66b98g1qk16i2w7rqd"))))
112 (build-system gnu-build-system)
113 (outputs `("out" "utils"))
114 (inputs
115 ;; it would be nice to add GeoIP and gssapi once there is package
116 `(("libcap" ,libcap)
117 ("libxml2" ,libxml2)
118 ("openssl" ,openssl)
119 ("p11-kit" ,p11-kit)))
120 (native-inputs `(("perl" ,perl)
121 ("net-tools" ,net-tools)))
122 (arguments
123 `(#:configure-flags
124 (list (string-append "--with-openssl="
125 (assoc-ref %build-inputs "openssl"))
126 (string-append "--with-pkcs11="
127 (assoc-ref %build-inputs "p11-kit")))
128 #:phases
129 (modify-phases %standard-phases
130 (add-after 'strip 'move-to-utils
131 (lambda _
132 (for-each
133 (lambda (file)
134 (let ((target (string-append (assoc-ref %outputs "utils") file))
135 (src (string-append (assoc-ref %outputs "out") file)))
136 (mkdir-p (dirname target))
137 (link src target)
138 (delete-file src)))
139 '("/bin/dig" "/bin/delv" "/bin/nslookup" "/bin/host" "/bin/nsupdate"
140 "/share/man/man1/dig.1"
141 "/share/man/man1/host.1"
142 "/share/man/man1/nslookup.1"
143 "/share/man/man1/nsupdate.1"))))
144 ;; When and if guix provides user namespaces for the build process,
145 ;; then the following can be uncommented and the subsequent "force-test"
146 ;; will not be necessary.
147 ;;
148 ;; (add-before 'check 'set-up-loopback
149 ;; (lambda _
150 ;; (system "bin/tests/system/ifconfig.sh up")))
151 (replace 'check
152 (lambda _
153 (invoke "make" "force-test")
154 #t)))))
155 (synopsis "An implementation of the Domain Name System")
156 (description "BIND is an implementation of the @dfn{Domain Name System}
157 (DNS) protocols for the Internet. It is a reference implementation of those
158 protocols, but it is also production-grade software, suitable for use in
159 high-volume and high-reliability applications. The name BIND stands for
160 \"Berkeley Internet Name Domain\", because the software originated in the early
161 1980s at the University of California at Berkeley.")
162 (home-page "https://www.isc.org/downloads/bind")
163 (license (list license:mpl2.0))))
164
165 (define-public dnscrypt-proxy
166 (package
167 (name "dnscrypt-proxy")
168 (version "1.9.5")
169 (source (origin
170 (method url-fetch)
171 (uri (string-append
172 "https://download.dnscrypt.org/dnscrypt-proxy/"
173 "dnscrypt-proxy-" version ".tar.bz2"))
174 (sha256
175 (base32
176 "1dhvklr4dg2vlw108n11xbamacaryyg3dbrg629b76lp7685p7z8"))
177 (modules '((guix build utils)))
178 (snippet
179 ;; Delete bundled libltdl. XXX: This package also bundles
180 ;; a modified libevent that cannot currently be removed.
181 '(begin
182 (delete-file-recursively "libltdl")
183 #t))))
184 (build-system gnu-build-system)
185 (arguments
186 `(#:phases
187 (modify-phases %standard-phases
188 (add-after 'unpack 'autoreconf
189 (lambda _
190 ;; Re-generate build files due to unbundling ltdl.
191 ;; TODO: Prevent generating new libltdl and building it.
192 ;; The system version is still favored and referenced.
193 (invoke "autoreconf" "-vif"))))))
194 (native-inputs
195 `(("pkg-config" ,pkg-config)
196 ("automake" ,automake)
197 ("autoconf" ,autoconf)
198 ("libtool" ,libtool)))
199 (inputs
200 `(("libltdl" ,libltdl)
201 ("libsodium" ,libsodium)))
202 (home-page "https://www.dnscrypt.org/")
203 (synopsis "Securely send DNS requests to a remote server")
204 (description
205 "@command{dnscrypt-proxy} is a tool for securing communications
206 between a client and a DNS resolver. It verifies that responses you get
207 from a DNS provider was actually sent by that provider, and haven't been
208 tampered with. For optimal performance it is recommended to use this as
209 a forwarder for a caching DNS resolver such as @command{dnsmasq}, but it
210 can also be used as a normal DNS \"server\". A list of public dnscrypt
211 servers is included, and an up-to-date version is available at
212 @url{https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv}.")
213 (license (list license:isc
214 ;; Libevent and src/ext/queue.h is 3-clause BSD.
215 license:bsd-3))))
216
217 (define-public dnscrypt-wrapper
218 (package
219 (name "dnscrypt-wrapper")
220 (version "0.2.2")
221 (source (origin
222 (method url-fetch)
223 (uri (string-append
224 "https://github.com/cofyc/dnscrypt-wrapper/releases"
225 "/download/v" version "/" name "-v" version ".tar.bz2"))
226 (sha256
227 (base32
228 "1vhg4g0r687f51wcdn7z9w1hxapazx6vyh5rsr8wa48sljzd583g"))))
229 (build-system gnu-build-system)
230 (arguments
231 `(#:make-flags '("CC=gcc")
232 ;; TODO: Tests require ruby-cucumber and ruby-aruba.
233 #:tests? #f
234 #:phases
235 (modify-phases %standard-phases
236 (add-after 'unpack 'create-configure
237 (lambda _
238 (zero? (system* "make" "configure")))))))
239 (native-inputs
240 `(("autoconf" ,autoconf)))
241 (inputs
242 `(("libevent" ,libevent)
243 ("libsodium" ,libsodium)))
244 (home-page "https://github.com/Cofyc/dnscrypt-wrapper")
245 (synopsis "Server-side dnscrypt proxy")
246 (description
247 "@command{dnscrypt-wrapper} is a tool to expose a name server over
248 the @code{dnscrypt} protocol. It can be used as an endpoint for the
249 @command{dnscrypt-proxy} client to securely tunnel DNS requests between
250 the two.")
251 (license (list license:isc
252 ;; Bundled argparse is MIT. TODO: package and unbundle.
253 license:expat
254 ;; dns-protocol.h and rfc1035.{c,h} is gpl2 or gpl3 (either).
255 license:gpl2
256 license:gpl3))))
257
258 (define-public libasr
259 (package
260 (name "libasr")
261 (version "201602131606")
262 (source
263 (origin
264 (method url-fetch)
265 (uri (string-append "https://www.opensmtpd.org/archives/"
266 name "-" version ".tar.gz"))
267 (sha256
268 (base32
269 "18kdmbjsxrfai16d66qslp48b1zf7gr8him2jj5dcqgbsl44ls75"))))
270 (build-system gnu-build-system)
271 (native-inputs
272 `(("autoconf" ,autoconf)
273 ("automake" ,automake)
274 ("pkg-config" ,pkg-config)
275 ("groff" ,groff)))
276 (home-page "https://www.opensmtpd.org")
277 (synopsis "Asynchronous resolver library by the OpenBSD project")
278 (description
279 "libasr is a free, simple and portable asynchronous resolver library.
280 It allows to run DNS queries and perform hostname resolutions in a fully
281 asynchronous fashion.")
282 (license (list license:isc
283 license:bsd-2 ; last part of getrrsetbyname_async.c
284 license:bsd-3
285 (license:non-copyleft "file://LICENSE") ; includes.h
286 license:openssl))))
287
288 (define-public unbound
289 (package
290 (name "unbound")
291 (version "1.6.8")
292 (source
293 (origin
294 (method url-fetch)
295 (uri (string-append "https://www.unbound.net/downloads/unbound-"
296 version ".tar.gz"))
297 (sha256
298 (base32
299 "0jfxhh4gc5amhndikskz1s7da27ycn442j3l20bm992n7zijid73"))))
300 (build-system gnu-build-system)
301 (outputs '("out" "python"))
302 (native-inputs
303 `(("flex" ,flex)
304 ("swig" ,swig)))
305 (inputs
306 `(("expat" ,expat)
307 ("libevent" ,libevent)
308 ("protobuf" ,protobuf)
309 ("python" ,python-3)
310 ("python-wrapper" ,python-wrapper)
311 ("openssl" ,openssl)))
312 (arguments
313 `(#:configure-flags
314 (list "--disable-static" ;save space and non-determinism in libunbound.a
315 (string-append
316 "--with-ssl=" (assoc-ref %build-inputs "openssl"))
317 (string-append
318 "--with-libevent=" (assoc-ref %build-inputs "libevent"))
319 (string-append
320 "--with-libexpat=" (assoc-ref %build-inputs "expat"))
321 "--with-pythonmodule" "--with-pyunbound")
322 #:phases
323 (modify-phases %standard-phases
324 (add-after 'configure 'fix-python-site-package-path
325 ;; Move python modules into their own output.
326 (lambda* (#:key outputs #:allow-other-keys)
327 (let ((pyout (assoc-ref outputs "python"))
328 (ver ,(version-major+minor (package-version python))))
329 (substitute* "Makefile"
330 (("^PYTHON_SITE_PKG=.*$")
331 (string-append
332 "PYTHON_SITE_PKG="
333 pyout "/lib/python-" ver "/site-packages\n"))))
334 #t))
335 (add-before 'check 'fix-missing-nss-for-tests
336 ;; Unfortunately, the package's unittests involve some checks
337 ;; looking up protocols and services which are not provided
338 ;; by the minimalistic build environment, in particular,
339 ;; /etc/protocols and /etc/services are missing.
340 ;; Also, after plain substitution of protocol and service names
341 ;; in the test data, the tests still fail because the
342 ;; corresponding Resource Records have been signed by
343 ;; RRSIG records.
344 ;; The following LD_PRELOAD library overwrites the glibc
345 ;; functions ‘get{proto,serv}byname’, ‘getprotobynumber’ and
346 ;; ‘getservbyport’ providing the few records required for the
347 ;; unit tests to pass.
348 (lambda* (#:key inputs outputs #:allow-other-keys)
349 (let* ((source (assoc-ref %build-inputs "source"))
350 (gcc (assoc-ref %build-inputs "gcc")))
351 (call-with-output-file "/tmp/nss_preload.c"
352 (lambda (port)
353 (display "#include <stdlib.h>
354 #include <string.h>
355 #include <strings.h>
356
357 #include <netdb.h>
358
359 struct protoent *getprotobyname(const char *name) {
360 struct protoent *p = malloc(sizeof(struct protoent));
361 p->p_aliases = malloc(sizeof(char*));
362 if (strcasecmp(name, \"tcp\") == 0) {
363 p->p_name = \"tcp\";
364 p->p_proto = 6;
365 p->p_aliases[0] = \"TCP\";
366 } else if (strcasecmp(name, \"udp\") == 0) {
367 p->p_name = \"udp\";
368 p->p_proto = 17;
369 p->p_aliases[0] = \"UDP\";
370 } else
371 p = NULL;
372 return p;
373 }
374
375 struct protoent *getprotobynumber(int proto) {
376 struct protoent *p = malloc(sizeof(struct protoent));
377 p->p_aliases = malloc(sizeof(char*));
378 switch(proto) {
379 case 6:
380 p->p_name = \"tcp\";
381 p->p_proto = 6;
382 p->p_aliases[0] = \"TCP\";
383 break;
384 case 17:
385 p->p_name = \"udp\";
386 p->p_proto = 17;
387 p->p_aliases[0] = \"UDP\";
388 break;
389 default:
390 p = NULL;
391 break;
392 }
393 return p;
394 }
395
396 struct servent *getservbyname(const char *name, const char *proto) {
397 struct servent *s = malloc(sizeof(struct servent));
398 char* buf = malloc((strlen(proto)+1)*sizeof(char));
399 strcpy(buf, proto);
400 s->s_aliases = malloc(sizeof(char*));
401 s->s_aliases[0] = NULL;
402 if (strcasecmp(name, \"domain\") == 0) {
403 s->s_name = \"domain\";
404 s->s_port = htons(53);
405 s->s_proto = buf;
406 } else
407 s = NULL;
408 return s;
409 }
410
411 struct servent *getservbyport(int port, const char *proto) {
412 char buf[32];
413 struct servent *s = malloc(sizeof(struct servent));
414 strcpy(buf, proto);
415 s->s_aliases = malloc(sizeof(char*));
416 s->s_aliases[0] = NULL;
417 switch(port) {
418 case 53:
419 s->s_name = \"domain\";
420 s->s_port = 53;
421 s->s_proto = \"udp\";
422 break;
423 default:
424 s = NULL;
425 break;
426 }
427 return s;
428 }" port)))
429 (system* (string-append gcc "/bin/gcc")
430 "-shared" "-fPIC" "-o" "/tmp/nss_preload.so"
431 "/tmp/nss_preload.c")
432 ;; The preload library only affects the unittests.
433 (substitute* "Makefile"
434 (("./unittest")
435 "LD_PRELOAD=/tmp/nss_preload.so ./unittest")))
436 #t)))))
437 (home-page "https://www.unbound.net")
438 (synopsis "Validating, recursive, and caching DNS resolver")
439 (description
440 "Unbound is a recursive-only caching DNS server which can perform DNSSEC
441 validation of results. It implements only a minimal amount of authoritative
442 service to prevent leakage to the root nameservers: forward lookups for
443 localhost, reverse for @code{127.0.0.1} and @code{::1}, and NXDOMAIN for zones
444 served by AS112. Stub and forward zones are supported.")
445 (license license:bsd-4)))
446
447 (define-public yadifa
448 (package
449 (name "yadifa")
450 (version "2.3.8")
451 (source
452 (let ((build "7713"))
453 (origin
454 (method url-fetch)
455 (uri
456 (string-append "http://cdn.yadifa.eu/sites/default/files/releases/"
457 name "-" version "-" build ".tar.gz"))
458 (sha256
459 (base32 "15xhzg4crjcxascwpz6y8qpqcgypzv2p9bspdskp4nx1x1y4316c")))))
460 (build-system gnu-build-system)
461 (native-inputs
462 `(("which" ,which)))
463 (inputs
464 `(("openssl" ,openssl)))
465 (arguments
466 `(#:phases
467 (modify-phases %standard-phases
468 (add-before 'configure 'omit-example-configurations
469 (lambda _
470 (substitute* "Makefile.in"
471 ((" (etc|var)") ""))
472 #t)))
473 #:configure-flags
474 (list "--sysconfdir=/etc"
475 "--localstatedir=/var"
476 "--disable-build-timestamp" ; build reproducibly
477 "--enable-shared"
478 "--disable-static"
479 "--enable-acl"
480 "--enable-caching"
481 "--enable-ctrl" ; enable remote control
482 "--enable-nsec"
483 "--enable-nsec3"
484 "--enable-tsig")))
485 (home-page "http://www.yadifa.eu/")
486 (synopsis "Authoritative DNS name server")
487 (description "YADIFA is an authoritative name server for the @dfn{Domain
488 Name System} (DNS). It aims for both higher performance and a smaller memory
489 footprint than other implementations, while remaining fully RFC-compliant.
490 YADIFA supports dynamic record updates and the @dfn{Domain Name System Security
491 Extensions} (DNSSEC).")
492 (license license:bsd-3)))
493
494 (define-public knot
495 (package
496 (name "knot")
497 (version "2.6.7")
498 (source (origin
499 (method url-fetch)
500 (uri (string-append "https://secure.nic.cz/files/knot-dns/"
501 name "-" version ".tar.xz"))
502 (sha256
503 (base32
504 "0hr2m664ckjicv3pq2lk16m61pscknywxv2ydnrzfqf10m5h0ahw"))
505 (modules '((guix build utils)))
506 (snippet
507 '(begin
508 ;; Delete bundled libraries.
509 (with-directory-excursion "src/contrib"
510 (delete-file-recursively "lmdb"))
511 #t))))
512 (build-system gnu-build-system)
513 (native-inputs
514 `(("pkg-config" ,pkg-config)))
515 (inputs
516 `(("fstrm" ,fstrm)
517 ("gnutls" ,gnutls)
518 ("jansson" ,jansson)
519 ("libcap-ng" ,libcap-ng)
520 ("libedit" ,libedit)
521 ("libidn" ,libidn)
522 ("liburcu" ,liburcu)
523 ("lmdb" ,lmdb)
524 ("ncurses" ,ncurses)
525 ("nettle" ,nettle)
526 ("protobuf-c" ,protobuf-c)
527
528 ;; For ‘pykeymgr’, needed to migrate keys from versions <= 2.4.
529 ("python" ,python-2)
530 ("python-lmdb" ,python2-lmdb)))
531 (arguments
532 `(#:phases
533 (modify-phases %standard-phases
534 (add-before 'configure 'disable-directory-pre-creation
535 (lambda _
536 ;; Don't install empty directories like ‘/etc’ outside the store.
537 (substitute* "src/Makefile.in" (("\\$\\(INSTALL\\) -d") "true"))
538 #t))
539 (replace 'install
540 (lambda* (#:key outputs #:allow-other-keys)
541 (let* ((out (assoc-ref outputs "out"))
542 (doc (string-append out "/share/doc/knot"))
543 (etc (string-append doc "/examples/etc")))
544 (zero?
545 (system* "make"
546 (string-append "config_dir=" etc)
547 "install")))))
548 (add-after 'install 'wrap-python-scripts
549 (lambda* (#:key outputs #:allow-other-keys)
550 (let* ((out (assoc-ref outputs "out"))
551 (path (getenv "PYTHONPATH")))
552 (wrap-program (string-append out "/sbin/pykeymgr")
553 `("PYTHONPATH" ":" prefix (,path))))
554 #t)))
555 #:configure-flags
556 (list "--sysconfdir=/etc"
557 "--localstatedir=/var"
558 "--with-module-rosedb=yes" ; serve static records from a database
559 "--with-module-dnstap=yes" ; allow detailed query logging
560 (string-append "--with-bash-completions="
561 (assoc-ref %outputs "out")
562 "/etc/bash_completion.d"))))
563 (home-page "https://www.knot-dns.cz/")
564 (synopsis "Authoritative DNS name server")
565 (description "Knot DNS is an authoritative name server for the @dfn{Domain
566 Name System} (DNS), designed to meet the needs of root and @dfn{top-level
567 domain} (TLD) name servers. It is implemented as a threaded daemon and uses a
568 number of programming techniques to improve speed. For example, the responder
569 is completely lock-free, resulting in a very high response rate. Other features
570 include automatic @dfn{DNS Security Extensions} (DNSSEC) signing, dynamic record
571 synthesis, and on-the-fly re-configuration.")
572 (license
573 (list
574 ;; src/contrib/{hat-trie,murmurhash3,openbsd},
575 ;; src/dnssec/contrib/vpool.[ch], and parts of libtap/ are ‘MIT’ (expat).
576 license:expat
577 license:lgpl2.0+ ; parts of scr/contrib/ucw
578 license:public-domain ; src/contrib/fnv and possibly murmurhash3
579 license:gpl3+)))) ; everything else
jackhill's copy of GNU Guix: https://guix.gnu.org/