1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
3 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
5 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
6 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
7 ;;; Copyright © 2016 ng0 <ng0@n0.is>
8 ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
9 ;;; Copyright © 2016, 2020 Marius Bakke <mbakke@fastmail.com>
10 ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
11 ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
12 ;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
13 ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
14 ;;; Copyright © 2019 Chris Marusich <cmmarusich@gmail.com>
15 ;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com>
16 ;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com>
17 ;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
19 ;;; This file is part of GNU Guix.
21 ;;; GNU Guix is free software; you can redistribute it and/or modify it
22 ;;; under the terms of the GNU General Public License as published by
23 ;;; the Free Software Foundation; either version 3 of the License, or (at
24 ;;; your option) any later version.
26 ;;; GNU Guix is distributed in the hope that it will be useful, but
27 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
28 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29 ;;; GNU General Public License for more details.
31 ;;; You should have received a copy of the GNU General Public License
32 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
34 (define-module (gnu packages dns)
35 #:use-module (gnu packages admin)
36 #:use-module (gnu packages autotools)
37 #:use-module (gnu packages base)
38 #:use-module (gnu packages bash)
39 #:use-module (gnu packages check)
40 #:use-module (gnu packages databases)
41 #:use-module (gnu packages documentation)
42 #:use-module (gnu packages compression)
43 #:use-module (gnu packages crypto)
44 #:use-module (gnu packages datastructures)
45 #:use-module (gnu packages flex)
46 #:use-module (gnu packages gcc)
47 #:use-module (gnu packages glib)
48 #:use-module (gnu packages groff)
49 #:use-module (gnu packages groff)
50 #:use-module (gnu packages libedit)
51 #:use-module (gnu packages libevent)
52 #:use-module (gnu packages libidn)
53 #:use-module (gnu packages linux)
54 #:use-module (gnu packages lua)
55 #:use-module (gnu packages ncurses)
56 #:use-module (gnu packages nettle)
57 #:use-module (gnu packages networking)
58 #:use-module (gnu packages perl)
59 #:use-module (gnu packages pkg-config)
60 #:use-module (gnu packages protobuf)
61 #:use-module (gnu packages python)
62 #:use-module (gnu packages python-xyz)
63 #:use-module (gnu packages sphinx)
64 #:use-module (gnu packages swig)
65 #:use-module (gnu packages tls)
66 #:use-module (gnu packages web)
67 #:use-module (gnu packages xml)
68 #:use-module (gnu packages)
69 #:use-module ((guix licenses) #:prefix license:)
70 #:use-module (guix packages)
71 #:use-module (guix download)
72 #:use-module (guix git-download)
73 #:use-module (guix utils)
74 #:use-module (guix build-system gnu)
75 #:use-module (guix build-system meson)
76 #:use-module (guix build-system trivial))
78 (define-public dnsmasq
85 "http://www.thekelleys.org.uk/dnsmasq/dnsmasq-"
89 "1yzq6anwgr5rlnwydpszb51cyhp2vjq29b24ck19flbwac1sk73l"))))
90 (build-system gnu-build-system)
92 `(("pkg-config" ,pkg-config)))
97 (modify-phases %standard-phases (delete 'configure))
98 #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
100 "COPTS=\"-DHAVE_DBUS\"")
101 #:tests? #f)) ; no ‘check’ target
102 (home-page "http://www.thekelleys.org.uk/dnsmasq/doc.html")
103 (synopsis "Small caching DNS proxy and DHCP/TFTP server")
105 "Dnsmasq is a light-weight DNS forwarder and DHCP server. It is designed
106 to provide DNS and, optionally, DHCP to a small network. It can serve the
107 names of local machines which are not in the global DNS. The DHCP server
108 integrates with the DNS server and allows machines with DHCP-allocated
109 addresses to appear in the DNS with names configured either on each host or in
110 a central configuration file. Dnsmasq supports static and dynamic DHCP leases
111 and BOOTP/TFTP for network booting of diskless machines.")
112 ;; Source files only say GPL2 and GPL3 are allowed.
113 (license (list license:gpl2 license:gpl3))))
115 ;; 'bind' is the name of a built-in Guile procedure, which is why we choose a
116 ;; different name here.
117 (define-public isc-bind
124 "https://ftp.isc.org/isc/bind9/" version
125 "/bind-" version ".tar.xz"))
128 "0gwr4p14zy5jqq050n762rfc33km51qwipcwy6bsvk55ziybgrfr"))))
129 (build-system gnu-build-system)
130 (outputs `("out" "utils"))
132 ;; It would be nice to add GeoIP and gssapi once there are packages.
139 ("python-ply" ,python-ply)))
142 ("pkg-config" ,pkg-config)))
145 (list (string-append "--with-pkcs11="
146 (assoc-ref %build-inputs "p11-kit")))
148 (modify-phases %standard-phases
149 (add-after 'strip 'move-to-utils
153 (let ((target (string-append (assoc-ref %outputs "utils") file))
154 (src (string-append (assoc-ref %outputs "out") file)))
155 (mkdir-p (dirname target))
158 '("/bin/dig" "/bin/delv" "/bin/nslookup" "/bin/host" "/bin/nsupdate"
159 "/share/man/man1/dig.1"
160 "/share/man/man1/host.1"
161 "/share/man/man1/nslookup.1"
162 "/share/man/man1/nsupdate.1"))
164 ;; When and if guix provides user namespaces for the build process,
165 ;; then the following can be uncommented and the subsequent "force-test"
166 ;; will not be necessary.
168 ;; (add-before 'check 'set-up-loopback
170 ;; (system "bin/tests/system/ifconfig.sh up")))
173 ;; XXX Even ‘make force-test’ tries to create network interfaces
174 ;; and fails. The only working target is the (trivial) fuzz test.
175 (with-directory-excursion "fuzz"
176 (invoke "make" "check"))
178 (synopsis "An implementation of the Domain Name System")
179 (description "BIND is an implementation of the @dfn{Domain Name System}
180 (DNS) protocols for the Internet. It is a reference implementation of those
181 protocols, but it is also production-grade software, suitable for use in
182 high-volume and high-reliability applications. The name BIND stands for
183 \"Berkeley Internet Name Domain\", because the software originated in the early
184 1980s at the University of California at Berkeley.")
185 (home-page "https://www.isc.org/downloads/bind")
186 (license (list license:mpl2.0))))
188 (define-public dnscrypt-proxy
190 (name "dnscrypt-proxy")
195 "https://download.dnscrypt.org/dnscrypt-proxy/"
196 "dnscrypt-proxy-" version ".tar.bz2"))
199 "1dhvklr4dg2vlw108n11xbamacaryyg3dbrg629b76lp7685p7z8"))
200 (modules '((guix build utils)))
202 ;; Delete bundled libltdl. XXX: This package also bundles
203 ;; a modified libevent that cannot currently be removed.
205 (delete-file-recursively "libltdl")
207 (build-system gnu-build-system)
210 (modify-phases %standard-phases
211 (add-after 'unpack 'autoreconf
213 ;; Re-generate build files due to unbundling ltdl.
214 ;; TODO: Prevent generating new libltdl and building it.
215 ;; The system version is still favored and referenced.
216 (invoke "autoreconf" "-vif"))))))
218 `(("pkg-config" ,pkg-config)
219 ("automake" ,automake)
220 ("autoconf" ,autoconf)
221 ("libtool" ,libtool)))
223 `(("libltdl" ,libltdl)
224 ("libsodium" ,libsodium)))
225 (home-page "https://www.dnscrypt.org/")
226 (synopsis "Securely send DNS requests to a remote server")
228 "@command{dnscrypt-proxy} is a tool for securing communications
229 between a client and a DNS resolver. It verifies that responses you get
230 from a DNS provider was actually sent by that provider, and haven't been
231 tampered with. For optimal performance it is recommended to use this as
232 a forwarder for a caching DNS resolver such as @command{dnsmasq}, but it
233 can also be used as a normal DNS \"server\". A list of public dnscrypt
234 servers is included, and an up-to-date version is available at
235 @url{https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv}.")
236 (license (list license:isc
237 ;; Libevent and src/ext/queue.h is 3-clause BSD.
240 (define-public dnscrypt-wrapper
242 (name "dnscrypt-wrapper")
247 "https://github.com/cofyc/dnscrypt-wrapper/releases"
248 "/download/v" version "/" name "-v" version ".tar.bz2"))
251 "1vhg4g0r687f51wcdn7z9w1hxapazx6vyh5rsr8wa48sljzd583g"))))
252 (build-system gnu-build-system)
254 `(#:make-flags '("CC=gcc")
255 ;; TODO: Tests require ruby-cucumber and ruby-aruba.
258 (modify-phases %standard-phases
259 (add-after 'unpack 'create-configure
261 (invoke "make" "configure"))))))
263 `(("autoconf" ,autoconf)))
265 `(("libevent" ,libevent)
266 ("libsodium" ,libsodium)))
267 (home-page "https://github.com/Cofyc/dnscrypt-wrapper")
268 (synopsis "Server-side dnscrypt proxy")
270 "@command{dnscrypt-wrapper} is a tool to expose a name server over
271 the @code{dnscrypt} protocol. It can be used as an endpoint for the
272 @command{dnscrypt-proxy} client to securely tunnel DNS requests between
274 (license (list license:isc
275 ;; Bundled argparse is MIT. TODO: package and unbundle.
277 ;; dns-protocol.h and rfc1035.{c,h} is gpl2 or gpl3 (either).
281 (define-public libasr
288 (uri (string-append "https://www.opensmtpd.org/archives/"
289 "libasr-" version ".tar.gz"))
291 (base32 "1d6s8njqhvayx2gp47409sp1fn8m608ws26hr1srfp6i23nnpyqr"))))
292 (build-system gnu-build-system)
295 (modify-phases %standard-phases
296 (add-after 'install 'install-documentation
297 (lambda* (#:key outputs #:allow-other-keys)
298 (let ((out (assoc-ref outputs "out")))
299 (install-file "src/asr_run.3"
300 (string-append out "/share/man/man3"))
303 `(("autoconf" ,autoconf)
304 ("automake" ,automake)
306 ("pkg-config" ,pkg-config)))
307 (home-page "https://www.opensmtpd.org")
308 (synopsis "Asynchronous resolver library by the OpenBSD project")
310 "libasr is a free, simple and portable asynchronous resolver library.
311 It runs DNS queries and performs hostname resolution in a fully
312 asynchronous fashion.")
313 (license (list license:isc
314 license:bsd-2 ; last part of getrrsetbyname_async.c
316 (license:non-copyleft "file://LICENSE") ; includes.h
326 (uri (string-append "https://www.nlnetlabs.nl/downloads/nsd/nsd-"
329 (base32 "0z7j3vwqqj0hh8n5irb2yqwzl45k4sn2wczbq1b1lqv5cxv6vgcy"))))
330 (build-system gnu-build-system)
333 (list "--enable-pie" ; fully benefit from ASLR
336 "--enable-relro-now" ; protect GOT and .dtor areas
337 "--disable-radix-tree"
338 (string-append "--with-libevent="
339 (assoc-ref %build-inputs "libevent"))
340 (string-append "--with-ssl="
341 (assoc-ref %build-inputs "openssl"))
342 "--with-configdir=/etc"
343 "--with-nsd_conf_file=/etc/nsd/nsd.conf"
344 "--with-logfile=/var/log/nsd.log"
345 "--with-pidfile=/var/db/nsd/nsd.pid"
346 "--with-dbfile=/var/db/nsd/nsd.db"
347 "--with-zonesdir=/etc/nsd"
348 "--with-xfrdfile=/var/db/nsd/xfrd.state"
349 "--with-zonelistfile=/var/db/nsd/zone.list")
351 (modify-phases %standard-phases
352 (add-before 'configure 'patch-installation-paths
353 (lambda* (#:key outputs #:allow-other-keys)
354 (let* ((out (assoc-ref outputs "out"))
355 (doc (string-append out "/share/doc/" ,name "-" ,version)))
356 ;; The ‘make install’ target tries to create the parent
357 ;; directories of run-time things like ‘pidfile’ above, and
358 ;; useless empty directories like 'configdir'. Remove such
359 ;; '$(INSTALL)' lines and install the example configuration file
360 ;; in an appropriate location.
361 (substitute* "Makefile.in"
362 ((".*INSTALL.*\\$\\((config|pid|xfr|db)dir" command)
363 (string-append "#" command))
364 (("\\$\\(nsdconfigfile\\)\\.sample" file-name)
365 (string-append doc "/examples/" file-name)))
367 #:tests? #f)) ; no tests
369 `(("libevent" ,libevent)
370 ("openssl" ,openssl)))
371 (home-page "https://www.nlnetlabs.nl/projects/nsd/about/")
372 (synopsis "Authoritative DNS name server")
373 (description "@dfn{NSD}, short for Name Server Daemon, is an authoritative
374 name server for the Domain Name System (@dfn{DNS}). It aims to be a fast and
375 RFC-compliant nameserver.
377 NSD uses zone information compiled via @command{zonec} into a binary database
378 file (@file{nsd.db}). This allows fast startup of the name service daemon and
379 allows syntax-structural errors in zone files to be flagged at compile time,
380 before being made available to NSD service itself. However, most traditional
381 BIND-style zone files can be directly imported into NSD without modification.
383 The collection of programs and processes that make up NSD are designed so that
384 the daemon itself runs as a non-privileged user and can be easily configured to
385 run in a @code{chroot} jail, thus making any security flaws in NSD less likely
386 to result in system-wide compromise.")
387 (license (list license:bsd-3))))
389 (define-public unbound
396 (uri (string-append "https://www.unbound.net/downloads/unbound-"
399 (base32 "0mg9divpysr42sp0m693a70693dp8025v6c9dv1yabr4g1jlhbqm"))))
400 (build-system gnu-build-system)
401 (outputs '("out" "python"))
407 ("libevent" ,libevent)
408 ("protobuf" ,protobuf)
409 ("python-wrapper" ,python-wrapper)
410 ("openssl" ,openssl)))
413 (list "--disable-static" ; save space and non-determinism in libunbound.a
415 "--with-ssl=" (assoc-ref %build-inputs "openssl"))
417 "--with-libevent=" (assoc-ref %build-inputs "libevent"))
419 "--with-libexpat=" (assoc-ref %build-inputs "expat"))
420 "--with-pythonmodule" "--with-pyunbound")
422 (modify-phases %standard-phases
423 (add-after 'configure 'fix-python-site-package-path
424 ;; Move python modules into their own output.
425 (lambda* (#:key outputs #:allow-other-keys)
426 (let ((pyout (assoc-ref outputs "python"))
427 (ver ,(version-major+minor (package-version python))))
428 (substitute* "Makefile"
429 (("^PYTHON_SITE_PKG=.*$")
432 pyout "/lib/python-" ver "/site-packages\n"))))
434 (add-before 'check 'fix-missing-nss-for-tests
435 ;; Unfortunately, the package's unittests involve some checks
436 ;; looking up protocols and services which are not provided
437 ;; by the minimalistic build environment, in particular,
438 ;; /etc/protocols and /etc/services are missing.
439 ;; Also, after plain substitution of protocol and service names
440 ;; in the test data, the tests still fail because the
441 ;; corresponding Resource Records have been signed by
443 ;; The following LD_PRELOAD library overwrites the glibc
444 ;; functions ‘get{proto,serv}byname’, ‘getprotobynumber’ and
445 ;; ‘getservbyport’ providing the few records required for the
446 ;; unit tests to pass.
447 (lambda* (#:key inputs outputs #:allow-other-keys)
448 (let* ((source (assoc-ref %build-inputs "source"))
449 (gcc (assoc-ref %build-inputs "gcc")))
450 (call-with-output-file "/tmp/nss_preload.c"
452 (display "#include <stdlib.h>
458 struct protoent *getprotobyname(const char *name) {
459 struct protoent *p = malloc(sizeof(struct protoent));
460 p->p_aliases = malloc(sizeof(char*));
461 if (strcasecmp(name, \"tcp\") == 0) {
464 p->p_aliases[0] = \"TCP\";
465 } else if (strcasecmp(name, \"udp\") == 0) {
468 p->p_aliases[0] = \"UDP\";
474 struct protoent *getprotobynumber(int proto) {
475 struct protoent *p = malloc(sizeof(struct protoent));
476 p->p_aliases = malloc(sizeof(char*));
481 p->p_aliases[0] = \"TCP\";
486 p->p_aliases[0] = \"UDP\";
495 struct servent *getservbyname(const char *name, const char *proto) {
496 struct servent *s = malloc(sizeof(struct servent));
497 char* buf = malloc((strlen(proto)+1)*sizeof(char));
499 s->s_aliases = malloc(sizeof(char*));
500 s->s_aliases[0] = NULL;
501 if (strcasecmp(name, \"domain\") == 0) {
502 s->s_name = \"domain\";
503 s->s_port = htons(53);
510 struct servent *getservbyport(int port, const char *proto) {
512 struct servent *s = malloc(sizeof(struct servent));
514 s->s_aliases = malloc(sizeof(char*));
515 s->s_aliases[0] = NULL;
518 s->s_name = \"domain\";
520 s->s_proto = \"udp\";
528 (invoke (string-append gcc "/bin/gcc")
529 "-shared" "-fPIC" "-o" "/tmp/nss_preload.so"
530 "/tmp/nss_preload.c")
531 ;; The preload library only affects the unittests.
532 (substitute* "Makefile"
534 "LD_PRELOAD=/tmp/nss_preload.so ./unittest")))
536 (home-page "https://www.unbound.net")
537 (synopsis "Validating, recursive, and caching DNS resolver")
539 "Unbound is a recursive-only caching DNS server which can perform DNSSEC
540 validation of results. It implements only a minimal amount of authoritative
541 service to prevent leakage to the root nameservers: forward lookups for
542 localhost, reverse for @code{127.0.0.1} and @code{::1}, and NXDOMAIN for zones
543 served by AS112. Stub and forward zones are supported.")
544 (license license:bsd-4)))
546 (define-public yadifa
551 (let ((build "8497"))
555 (string-append "http://cdn.yadifa.eu/sites/default/files/releases/"
556 "yadifa-" version "-" build ".tar.gz"))
558 (base32 "0xvyr91sfgzkpw6g3h893ldbwnki3w2472n56rr18w67qghs1sa5")))))
559 (build-system gnu-build-system)
563 `(("openssl" ,openssl)))
566 (modify-phases %standard-phases
567 (add-before 'configure 'omit-example-configurations
569 (substitute* "Makefile.in"
573 (list "--sysconfdir=/etc"
574 "--localstatedir=/var"
575 "--disable-build-timestamp" ; build reproducibly
580 "--enable-ctrl" ; enable remote control
584 (home-page "https://www.yadifa.eu/")
585 (synopsis "Authoritative DNS name server")
586 (description "YADIFA is an authoritative name server for the @dfn{Domain
587 Name System} (DNS). It aims for both higher performance and a smaller memory
588 footprint than other implementations, while remaining fully RFC-compliant.
589 YADIFA supports dynamic record updates and the @dfn{Domain Name System Security
590 Extensions} (DNSSEC).")
591 (license license:bsd-3)))
600 (uri (string-append "https://secure.nic.cz/files/knot-dns/"
601 "knot-" version ".tar.xz"))
603 (base32 "0zm0642hkb16sqkqpa84f89f3s0bw44m837r1nia8m89swvz3bgj"))
604 (modules '((guix build utils)))
607 ;; Delete bundled libraries.
608 (with-directory-excursion "src/contrib"
609 (delete-file-recursively "lmdb"))
611 (build-system gnu-build-system)
613 `(("pkg-config" ,pkg-config)))
618 ("libcap-ng" ,libcap-ng)
624 ("protobuf-c" ,protobuf-c)))
627 (modify-phases %standard-phases
628 (add-before 'configure 'disable-directory-pre-creation
630 ;; Don't install empty directories like ‘/etc’ outside the store.
631 ;; This is needed even when using ‘make config_dir=... install’.
632 (substitute* "src/Makefile.in" (("\\$\\(INSTALL\\) -d") "true"))
635 (lambda* (#:key outputs #:allow-other-keys)
636 (let* ((out (assoc-ref outputs "out"))
637 (doc (string-append out "/share/doc/" ,name "-" ,version))
638 (etc (string-append doc "/examples/etc")))
640 (string-append "config_dir=" etc)
643 (list "--sysconfdir=/etc"
644 "--localstatedir=/var"
645 "--enable-dnstap" ; let tools read/write capture files
646 "--with-module-dnstap=yes" ; detailed query capturing & logging
647 (string-append "--with-bash-completions="
648 (assoc-ref %outputs "out")
649 "/etc/bash_completion.d"))))
650 (home-page "https://www.knot-dns.cz/")
651 (synopsis "Authoritative DNS name server")
652 (description "Knot DNS is an authoritative name server for the @dfn{Domain
653 Name System} (DNS), designed to meet the needs of root and @dfn{top-level
654 domain} (TLD) name servers. It is implemented as a threaded daemon and uses a
655 number of programming techniques to improve speed. For example, the responder
656 is completely lock-free, resulting in a very high response rate. Other features
657 include automatic @dfn{DNS Security Extensions} (DNSSEC) signing, dynamic record
658 synthesis, and on-the-fly re-configuration.")
661 ;; src/contrib/{hat-trie,murmurhash3,openbsd},
662 ;; src/dnssec/contrib/vpool.[ch], and parts of libtap/ are ‘MIT’ (expat).
664 license:lgpl2.0+ ; parts of scr/contrib/ucw
665 license:public-domain ; src/contrib/fnv and possibly murmurhash3
666 license:gpl3+)))) ; everything else
668 (define-public knot-resolver
670 (name "knot-resolver")
674 (uri (string-append "https://secure.nic.cz/files/knot-resolver/"
675 "knot-resolver-" version ".tar.xz"))
678 "09ffmqx79lv5psr433x4n946njgsn071b9b7161pcb9bmrqz380c"))))
679 (build-system meson-build-system)
681 '(#:configure-flags '("-Ddoc=enabled")
683 (modify-phases %standard-phases
684 (add-before 'configure 'disable-default-ta
686 ;; Disable the default managed root TA, since we don't have
687 ;; write access to the keyfile and its directory in store.
688 (substitute* "daemon/lua/sandbox.lua.in"
689 (("^trust_anchors\\.add_file.*") ""))
691 (add-after 'build 'build-doc
693 (invoke "ninja" "doc")))
694 (add-after 'install 'wrap-binary
695 (lambda* (#:key inputs outputs #:allow-other-keys)
696 (let* ((out (assoc-ref outputs "out"))
697 (lua-* (map cdr (filter
699 (string-prefix? "lua-" (car input)))
701 (lua-path (lambda (p)
702 (string-append p "/share/lua/5.1/?.lua")))
703 (lua-cpath (lambda (p)
704 (string-append p "/lib/lua/5.1/?.so"))))
705 (wrap-program (string-append out "/sbin/kresd")
706 `("LUA_PATH" ";" prefix ,(map lua-path lua-*))
707 `("LUA_CPATH" ";" prefix ,(map lua-cpath lua-*)))
710 `(("cmocka" ,cmocka) ; for unit tests
712 ("protobuf-c" ,protobuf-c)
713 ("pkg-config" ,pkg-config)
714 ("python-breathe" ,python-breathe)
715 ("python-sphinx" ,python-sphinx)
716 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)))
724 ;; TODO: Add optional lua modules: basexx, cqueues and psl.
725 ("lua-bitop" ,lua5.1-bitop)
726 ("lua-filesystem" ,lua5.1-filesystem)
727 ("lua-sec" ,lua5.1-sec)
728 ("lua-socket" ,lua5.1-socket)))
729 (home-page "https://www.knot-resolver.cz/")
730 (synopsis "Caching validating DNS resolver")
732 "Knot Resolver is a caching full resolver implementation written in C and
733 LuaJIT, both a resolver library and a daemon.")
734 (license (list license:gpl3+
735 ;; Some 'contrib' files are under MIT, CC0 and LGPL2.
740 (define-public ddclient
748 (url "https://github.com/ddclient/ddclient.git")
749 (commit (string-append "v" version))))
750 (file-name (git-file-name name version))
752 (base32 "0hf377g4j9r9sac75xp17nk2h58mazswz4vkg4g2gl2yyhvzq91w"))))
753 (build-system trivial-build-system) ; no Makefile.PL
758 `(("inetutils" ,inetutils) ; logger
759 ("net-tools" ,net-tools)
760 ("perl-data-validate-ip" ,perl-data-validate-ip)
761 ("perl-digest-sha1" ,perl-digest-sha1)
762 ("perl-io-socket-ssl" ,perl-io-socket-ssl)))
764 `(#:modules ((guix build utils)
769 (use-modules (guix build utils)
772 (setenv "PATH" (string-append
773 (assoc-ref %build-inputs "bash") "/bin" ":"
774 (assoc-ref %build-inputs "perl") "/bin"))
776 ;; Copy the (read-only) source into the (writable) build directory.
777 (copy-recursively (assoc-ref %build-inputs "source") ".")
780 (let* ((out (assoc-ref %outputs "out"))
781 (bin (string-append out "/bin")))
782 (let ((file "ddclient"))
784 (("/usr/bin/perl") (which "perl"))
785 ;; Strictly use ‘/etc/ddclient/ddclient.conf’.
786 (("\\$\\{program\\}\\.conf") "/etc/ddclient/ddclient.conf")
787 (("\\$etc\\$program.conf") "/etc/ddclient/ddclient.conf")
788 ;; Strictly use ‘/var/cache/ddclient/ddclient.cache’
789 (("\\$cachedir\\$program\\.cache")
790 "/var/cache/ddclient/ddclient.cache"))
791 (install-file file bin)
792 (wrap-program (string-append bin "/" file)
795 ,@(map (lambda (input)
798 (string-append store "/bin"))))
804 (((? (cut string-prefix? "perl-" <>) name) . dir)
805 (string-append dir "/lib/perl5/site_perl"))
808 (for-each (cut install-file <> (string-append out
810 (find-files "." "sample.*$"))))))
811 (home-page "https://ddclient.net/")
812 (synopsis "Address updating utility for dynamic DNS services")
813 (description "This package provides a client to update dynamic IP
814 addresses with several dynamic DNS service providers, such as
815 @uref{https://www.dyndns.com/account/login.html,DynDNS.com}.
817 This makes it possible to use a fixed hostname (such as myhost.dyndns.org) to
818 access a machine with a dynamic IP address.
820 The client supports both dynamic and (near) static services, as well as MX
821 record and alternative name management. It caches the address, and only
822 attempts the update when it has changed.")
823 (license license:gpl2+)))
826 ;; There have been no releases yet, hence this commit.
828 (commit "895d89c25d316d18df9d374fe78aae3902bc89fb"))
831 (version (git-version "0.0" revision commit))
835 (url "https://github.com/handshake-org/hnsd")
839 "0704y73sddn24jga9csw4gxyfb3pnrfnk0vdcph84n1h38490l16"))
840 (file-name (git-file-name name version))
841 (modules '((guix build utils)))
844 ;; Delete the bundled copy of libuv.
845 (delete-file-recursively "uv")
846 (substitute* "configure.ac"
847 (("AC_CONFIG_SUBDIRS\\(\\[uv\\]\\)") ""))
848 (substitute* "Makefile.am"
849 (("SUBDIRS = uv") "\n")
850 (("\\$\\(top_builddir\\)/uv/libuv.la") "-luv")
852 ;; Make sure the 'hnsd' binary is installed and
853 ;; dynamically-linked.
854 (("noinst_PROGRAMS") "bin_PROGRAMS")
855 (("hnsd_LDFLAGS = -static") ""))
857 ;; This script tries to chdir to "uv" and doesn't do more
858 ;; than "autoreconf" so remove it.
859 (delete-file "autogen.sh")
861 (build-system gnu-build-system)
863 '(#:configure-flags '("--disable-static"))) ;no need for libhsk.a
865 `(("autoconf" ,autoconf)
866 ("automake" ,automake)
867 ("libtool" ,libtool)))
869 `(("unbound" ,unbound)
871 (home-page "https://www.handshake.org/")
872 (synopsis "Resolver daemon for the Handshake naming protocol")
874 "@command{hnsd} is a @dfn{host name resolver} for the Handshake Naming
875 System (HNS) peer-to-peer network.")
876 (license license:expat))))
878 (define-public libmicrodns
885 (url "https://github.com/videolabs/libmicrodns")
887 (file-name (git-file-name name version))
890 "1xvl9k49ng35wbsqmnjnyqvkyjf8dcq2ywsq3jp3wh0rgmxhq2fh"))))
891 (build-system gnu-build-system)
893 `(("pkg-config" ,pkg-config)
894 ("autoconf" ,autoconf)
895 ("automake" ,automake)
896 ("libtool" ,libtool)))
897 (home-page "https://github.com/videolabs/libmicrodns")
898 (synopsis "Minimal mDNS resolver library")
899 (description "@code{libmicrodns} provides a minimal implementation of a
900 mDNS resolver as well as an announcer. mDNS (Multicast Domain Name System) is
901 a zero-config service that allows one to resolve host names to IP addresses in
903 (license license:lgpl2.1)))
905 (define-public public-suffix-list
906 ;; Mozilla releases the official list here:
908 ;; https://publicsuffix.org/list/public_suffix_list.dat
910 ;; However, Mozilla syncs that file from the GitHub repository periodically,
911 ;; so its contents will change over time. If you update this commit, please
912 ;; make sure that the new commit refers to a list which is identical to the
913 ;; officially published list available from the URL above.
914 (let ((commit "9375b697baddb0827a5995c81bd3c75877a0b35d"))
916 (name "public-suffix-list")
917 (version (git-version "0" "1" commit))
921 (url "https://github.com/publicsuffix/list.git")
923 (file-name (git-file-name name version))
926 "1sm7pni01rnl4ldzi8z8nc4cbgq8nxda9gwc68v0s3ij7jd1jmik"))))
927 (build-system trivial-build-system)
929 `(#:modules ((guix build utils))
932 (use-modules (guix build utils))
933 (let* ((out (assoc-ref %outputs "out"))
934 ;; Install to /share because that is where "read-only
935 ;; architecture-independent data files" should go (see:
936 ;; (standards) Directory Variables). Include the version in
937 ;; the directory name so that if multiple versions are ever
938 ;; installed in the same profile, they will not conflict.
939 (destination (string-append
940 out "/share/public-suffix-list-" ,version))
941 (source (assoc-ref %build-inputs "source")))
942 (with-directory-excursion source
943 (install-file "public_suffix_list.dat" destination)
944 (install-file "LICENSE" destination))
946 (home-page "https://publicsuffix.org/")
947 (synopsis "Database of current and historical DNS suffixes")
948 (description "This is the Public Suffix List maintained by Mozilla. A
949 \"public suffix\" is one under which Internet users can (or historically
950 could) directly register names in the Domain Name System (DNS). Some examples
951 of public suffixes are .com, .co.uk and pvt.k12.ma.us. This is a list of all
952 known public suffixes.")
953 (license license:mpl2.0))))
955 (define-public maradns
962 (uri (string-append "https://maradns.samiam.org/download/"
963 (version-major+minor version) "/"
964 version "/maradns-" version ".tar.xz"))
967 "1zv0i6m4m05ay5zlhwq1h88hgjq2d81cjanpnb3gyhr0xhmjwk6a"))))
968 (build-system gnu-build-system)
970 `(#:tests? #f ; need to be root to run tests
974 (if ,(%current-target-system)
975 (string-append (assoc-ref %build-inputs "cross-gcc")
976 "/bin/" ,(%current-target-system) "-gcc")
978 (string-append "PREFIX=" %output)
979 (string-append "RPM_BUILD_ROOT=" %output))
981 (modify-phases %standard-phases
983 (lambda* (#:key native-inputs target #:allow-other-keys)
984 ;; make_32bit_tables generates a header file that is used during
985 ;; compilation. Hence, during cross compilation, it should be
986 ;; built for the host system.
988 (substitute* "rng/Makefile"
989 (("\\$\\(CC\\) -o make_32bit_tables")
990 (string-append (assoc-ref native-inputs "gcc")
991 "/bin/gcc -o make_32bit_tables"))))
992 (invoke "./configure")))
993 (add-before 'install 'create-install-directories
994 (lambda* (#:key outputs #:allow-other-keys)
995 (let ((out (assoc-ref outputs "out")))
996 (for-each (lambda (dir)
997 (mkdir-p (string-append out dir)))
998 (list "/bin" "/sbin" "/etc"
1003 (home-page "https://maradns.samiam.org")
1004 (synopsis "Small lightweight DNS server")
1005 (description "MaraDNS is a small and lightweight DNS server. MaraDNS
1006 consists of a UDP-only authoritative DNS server for hosting domains, and a UDP
1007 and TCP-capable recursive DNS server for finding domains on the internet.")
1008 (license license:bsd-2)))