HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' into core-updates
[jackhill/guix/guix.git] / gnu / packages / dns.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
3 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
5 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
6 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
7 ;;; Copyright © 2016 ng0 <ng0@n0.is>
8 ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
9 ;;; Copyright © 2016, 2020 Marius Bakke <mbakke@fastmail.com>
10 ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
11 ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
12 ;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
13 ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
14 ;;; Copyright © 2019 Chris Marusich <cmmarusich@gmail.com>
15 ;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com>
16 ;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com>
17 ;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
18 ;;;
19 ;;; This file is part of GNU Guix.
20 ;;;
21 ;;; GNU Guix is free software; you can redistribute it and/or modify it
22 ;;; under the terms of the GNU General Public License as published by
23 ;;; the Free Software Foundation; either version 3 of the License, or (at
24 ;;; your option) any later version.
25 ;;;
26 ;;; GNU Guix is distributed in the hope that it will be useful, but
27 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
28 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29 ;;; GNU General Public License for more details.
30 ;;;
31 ;;; You should have received a copy of the GNU General Public License
32 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
33
34 (define-module (gnu packages dns)
35 #:use-module (gnu packages admin)
36 #:use-module (gnu packages autotools)
37 #:use-module (gnu packages base)
38 #:use-module (gnu packages bash)
39 #:use-module (gnu packages check)
40 #:use-module (gnu packages databases)
41 #:use-module (gnu packages documentation)
42 #:use-module (gnu packages compression)
43 #:use-module (gnu packages crypto)
44 #:use-module (gnu packages datastructures)
45 #:use-module (gnu packages flex)
46 #:use-module (gnu packages gcc)
47 #:use-module (gnu packages glib)
48 #:use-module (gnu packages groff)
49 #:use-module (gnu packages groff)
50 #:use-module (gnu packages libedit)
51 #:use-module (gnu packages libevent)
52 #:use-module (gnu packages libidn)
53 #:use-module (gnu packages linux)
54 #:use-module (gnu packages lua)
55 #:use-module (gnu packages ncurses)
56 #:use-module (gnu packages nettle)
57 #:use-module (gnu packages networking)
58 #:use-module (gnu packages perl)
59 #:use-module (gnu packages pkg-config)
60 #:use-module (gnu packages protobuf)
61 #:use-module (gnu packages python)
62 #:use-module (gnu packages python-xyz)
63 #:use-module (gnu packages sphinx)
64 #:use-module (gnu packages swig)
65 #:use-module (gnu packages tls)
66 #:use-module (gnu packages web)
67 #:use-module (gnu packages xml)
68 #:use-module (gnu packages)
69 #:use-module ((guix licenses) #:prefix license:)
70 #:use-module (guix packages)
71 #:use-module (guix download)
72 #:use-module (guix git-download)
73 #:use-module (guix utils)
74 #:use-module (guix build-system gnu)
75 #:use-module (guix build-system meson)
76 #:use-module (guix build-system trivial))
77
78 (define-public dnsmasq
79 (package
80 (name "dnsmasq")
81 (version "2.81")
82 (source (origin
83 (method url-fetch)
84 (uri (string-append
85 "http://www.thekelleys.org.uk/dnsmasq/dnsmasq-"
86 version ".tar.xz"))
87 (sha256
88 (base32
89 "1yzq6anwgr5rlnwydpszb51cyhp2vjq29b24ck19flbwac1sk73l"))))
90 (build-system gnu-build-system)
91 (native-inputs
92 `(("pkg-config" ,pkg-config)))
93 (inputs
94 `(("dbus" ,dbus)))
95 (arguments
96 `(#:phases
97 (modify-phases %standard-phases (delete 'configure))
98 #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
99 "CC=gcc"
100 "COPTS=\"-DHAVE_DBUS\"")
101 #:tests? #f)) ; no ‘check’ target
102 (home-page "http://www.thekelleys.org.uk/dnsmasq/doc.html")
103 (synopsis "Small caching DNS proxy and DHCP/TFTP server")
104 (description
105 "Dnsmasq is a light-weight DNS forwarder and DHCP server. It is designed
106 to provide DNS and, optionally, DHCP to a small network. It can serve the
107 names of local machines which are not in the global DNS. The DHCP server
108 integrates with the DNS server and allows machines with DHCP-allocated
109 addresses to appear in the DNS with names configured either on each host or in
110 a central configuration file. Dnsmasq supports static and dynamic DHCP leases
111 and BOOTP/TFTP for network booting of diskless machines.")
112 ;; Source files only say GPL2 and GPL3 are allowed.
113 (license (list license:gpl2 license:gpl3))))
114
115 ;; 'bind' is the name of a built-in Guile procedure, which is why we choose a
116 ;; different name here.
117 (define-public isc-bind
118 (package
119 (name "bind")
120 (version "9.16.2")
121 (source (origin
122 (method url-fetch)
123 (uri (string-append
124 "https://ftp.isc.org/isc/bind9/" version
125 "/bind-" version ".tar.xz"))
126 (sha256
127 (base32
128 "0gwr4p14zy5jqq050n762rfc33km51qwipcwy6bsvk55ziybgrfr"))))
129 (build-system gnu-build-system)
130 (outputs `("out" "utils"))
131 (inputs
132 ;; It would be nice to add GeoIP and gssapi once there are packages.
133 `(("libcap" ,libcap)
134 ("libuv" ,libuv)
135 ("libxml2" ,libxml2)
136 ("openssl" ,openssl)
137 ("p11-kit" ,p11-kit)
138 ("python" ,python)
139 ("python-ply" ,python-ply)))
140 (native-inputs
141 `(("perl" ,perl)
142 ("pkg-config" ,pkg-config)))
143 (arguments
144 `(#:configure-flags
145 (list (string-append "--with-pkcs11="
146 (assoc-ref %build-inputs "p11-kit")))
147 #:phases
148 (modify-phases %standard-phases
149 (add-after 'strip 'move-to-utils
150 (lambda _
151 (for-each
152 (lambda (file)
153 (let ((target (string-append (assoc-ref %outputs "utils") file))
154 (src (string-append (assoc-ref %outputs "out") file)))
155 (mkdir-p (dirname target))
156 (link src target)
157 (delete-file src)))
158 '("/bin/dig" "/bin/delv" "/bin/nslookup" "/bin/host" "/bin/nsupdate"
159 "/share/man/man1/dig.1"
160 "/share/man/man1/host.1"
161 "/share/man/man1/nslookup.1"
162 "/share/man/man1/nsupdate.1"))
163 #t))
164 ;; When and if guix provides user namespaces for the build process,
165 ;; then the following can be uncommented and the subsequent "force-test"
166 ;; will not be necessary.
167 ;;
168 ;; (add-before 'check 'set-up-loopback
169 ;; (lambda _
170 ;; (system "bin/tests/system/ifconfig.sh up")))
171 (replace 'check
172 (lambda _
173 ;; XXX Even ‘make force-test’ tries to create network interfaces
174 ;; and fails. The only working target is the (trivial) fuzz test.
175 (with-directory-excursion "fuzz"
176 (invoke "make" "check"))
177 #t)))))
178 (synopsis "An implementation of the Domain Name System")
179 (description "BIND is an implementation of the @dfn{Domain Name System}
180 (DNS) protocols for the Internet. It is a reference implementation of those
181 protocols, but it is also production-grade software, suitable for use in
182 high-volume and high-reliability applications. The name BIND stands for
183 \"Berkeley Internet Name Domain\", because the software originated in the early
184 1980s at the University of California at Berkeley.")
185 (home-page "https://www.isc.org/downloads/bind")
186 (license (list license:mpl2.0))))
187
188 (define-public dnscrypt-proxy
189 (package
190 (name "dnscrypt-proxy")
191 (version "1.9.5")
192 (source (origin
193 (method url-fetch)
194 (uri (string-append
195 "https://download.dnscrypt.org/dnscrypt-proxy/"
196 "dnscrypt-proxy-" version ".tar.bz2"))
197 (sha256
198 (base32
199 "1dhvklr4dg2vlw108n11xbamacaryyg3dbrg629b76lp7685p7z8"))
200 (modules '((guix build utils)))
201 (snippet
202 ;; Delete bundled libltdl. XXX: This package also bundles
203 ;; a modified libevent that cannot currently be removed.
204 '(begin
205 (delete-file-recursively "libltdl")
206 #t))))
207 (build-system gnu-build-system)
208 (arguments
209 `(#:phases
210 (modify-phases %standard-phases
211 (add-after 'unpack 'autoreconf
212 (lambda _
213 ;; Re-generate build files due to unbundling ltdl.
214 ;; TODO: Prevent generating new libltdl and building it.
215 ;; The system version is still favored and referenced.
216 (invoke "autoreconf" "-vif"))))))
217 (native-inputs
218 `(("pkg-config" ,pkg-config)
219 ("automake" ,automake)
220 ("autoconf" ,autoconf)
221 ("libtool" ,libtool)))
222 (inputs
223 `(("libltdl" ,libltdl)
224 ("libsodium" ,libsodium)))
225 (home-page "https://www.dnscrypt.org/")
226 (synopsis "Securely send DNS requests to a remote server")
227 (description
228 "@command{dnscrypt-proxy} is a tool for securing communications
229 between a client and a DNS resolver. It verifies that responses you get
230 from a DNS provider was actually sent by that provider, and haven't been
231 tampered with. For optimal performance it is recommended to use this as
232 a forwarder for a caching DNS resolver such as @command{dnsmasq}, but it
233 can also be used as a normal DNS \"server\". A list of public dnscrypt
234 servers is included, and an up-to-date version is available at
235 @url{https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv}.")
236 (license (list license:isc
237 ;; Libevent and src/ext/queue.h is 3-clause BSD.
238 license:bsd-3))))
239
240 (define-public dnscrypt-wrapper
241 (package
242 (name "dnscrypt-wrapper")
243 (version "0.2.2")
244 (source (origin
245 (method url-fetch)
246 (uri (string-append
247 "https://github.com/cofyc/dnscrypt-wrapper/releases"
248 "/download/v" version "/" name "-v" version ".tar.bz2"))
249 (sha256
250 (base32
251 "1vhg4g0r687f51wcdn7z9w1hxapazx6vyh5rsr8wa48sljzd583g"))))
252 (build-system gnu-build-system)
253 (arguments
254 `(#:make-flags '("CC=gcc")
255 ;; TODO: Tests require ruby-cucumber and ruby-aruba.
256 #:tests? #f
257 #:phases
258 (modify-phases %standard-phases
259 (add-after 'unpack 'create-configure
260 (lambda _
261 (invoke "make" "configure"))))))
262 (native-inputs
263 `(("autoconf" ,autoconf)))
264 (inputs
265 `(("libevent" ,libevent)
266 ("libsodium" ,libsodium)))
267 (home-page "https://github.com/Cofyc/dnscrypt-wrapper")
268 (synopsis "Server-side dnscrypt proxy")
269 (description
270 "@command{dnscrypt-wrapper} is a tool to expose a name server over
271 the @code{dnscrypt} protocol. It can be used as an endpoint for the
272 @command{dnscrypt-proxy} client to securely tunnel DNS requests between
273 the two.")
274 (license (list license:isc
275 ;; Bundled argparse is MIT. TODO: package and unbundle.
276 license:expat
277 ;; dns-protocol.h and rfc1035.{c,h} is gpl2 or gpl3 (either).
278 license:gpl2
279 license:gpl3))))
280
281 (define-public libasr
282 (package
283 (name "libasr")
284 (version "1.0.4")
285 (source
286 (origin
287 (method url-fetch)
288 (uri (string-append "https://www.opensmtpd.org/archives/"
289 "libasr-" version ".tar.gz"))
290 (sha256
291 (base32 "1d6s8njqhvayx2gp47409sp1fn8m608ws26hr1srfp6i23nnpyqr"))))
292 (build-system gnu-build-system)
293 (arguments
294 `(#:phases
295 (modify-phases %standard-phases
296 (add-after 'install 'install-documentation
297 (lambda* (#:key outputs #:allow-other-keys)
298 (let ((out (assoc-ref outputs "out")))
299 (install-file "src/asr_run.3"
300 (string-append out "/share/man/man3"))
301 #t))))))
302 (native-inputs
303 `(("autoconf" ,autoconf)
304 ("automake" ,automake)
305 ("libtool" ,libtool)
306 ("pkg-config" ,pkg-config)))
307 (home-page "https://www.opensmtpd.org")
308 (synopsis "Asynchronous resolver library by the OpenBSD project")
309 (description
310 "libasr is a free, simple and portable asynchronous resolver library.
311 It runs DNS queries and performs hostname resolution in a fully
312 asynchronous fashion.")
313 (license (list license:isc
314 license:bsd-2 ; last part of getrrsetbyname_async.c
315 license:bsd-3
316 (license:non-copyleft "file://LICENSE") ; includes.h
317 license:openssl))))
318
319 (define-public nsd
320 (package
321 (name "nsd")
322 (version "4.2.4")
323 (source
324 (origin
325 (method url-fetch)
326 (uri (string-append "https://www.nlnetlabs.nl/downloads/nsd/nsd-"
327 version ".tar.gz"))
328 (sha256
329 (base32 "0z7j3vwqqj0hh8n5irb2yqwzl45k4sn2wczbq1b1lqv5cxv6vgcy"))))
330 (build-system gnu-build-system)
331 (arguments
332 `(#:configure-flags
333 (list "--enable-pie" ; fully benefit from ASLR
334 "--enable-ratelimit"
335 "--enable-recvmmsg"
336 "--enable-relro-now" ; protect GOT and .dtor areas
337 "--disable-radix-tree"
338 (string-append "--with-libevent="
339 (assoc-ref %build-inputs "libevent"))
340 (string-append "--with-ssl="
341 (assoc-ref %build-inputs "openssl"))
342 "--with-configdir=/etc"
343 "--with-nsd_conf_file=/etc/nsd/nsd.conf"
344 "--with-logfile=/var/log/nsd.log"
345 "--with-pidfile=/var/db/nsd/nsd.pid"
346 "--with-dbfile=/var/db/nsd/nsd.db"
347 "--with-zonesdir=/etc/nsd"
348 "--with-xfrdfile=/var/db/nsd/xfrd.state"
349 "--with-zonelistfile=/var/db/nsd/zone.list")
350 #:phases
351 (modify-phases %standard-phases
352 (add-before 'configure 'patch-installation-paths
353 (lambda* (#:key outputs #:allow-other-keys)
354 (let* ((out (assoc-ref outputs "out"))
355 (doc (string-append out "/share/doc/" ,name "-" ,version)))
356 ;; The ‘make install’ target tries to create the parent
357 ;; directories of run-time things like ‘pidfile’ above, and
358 ;; useless empty directories like 'configdir'. Remove such
359 ;; '$(INSTALL)' lines and install the example configuration file
360 ;; in an appropriate location.
361 (substitute* "Makefile.in"
362 ((".*INSTALL.*\\$\\((config|pid|xfr|db)dir" command)
363 (string-append "#" command))
364 (("\\$\\(nsdconfigfile\\)\\.sample" file-name)
365 (string-append doc "/examples/" file-name)))
366 #t))))
367 #:tests? #f)) ; no tests
368 (inputs
369 `(("libevent" ,libevent)
370 ("openssl" ,openssl)))
371 (home-page "https://www.nlnetlabs.nl/projects/nsd/about/")
372 (synopsis "Authoritative DNS name server")
373 (description "@dfn{NSD}, short for Name Server Daemon, is an authoritative
374 name server for the Domain Name System (@dfn{DNS}). It aims to be a fast and
375 RFC-compliant nameserver.
376
377 NSD uses zone information compiled via @command{zonec} into a binary database
378 file (@file{nsd.db}). This allows fast startup of the name service daemon and
379 allows syntax-structural errors in zone files to be flagged at compile time,
380 before being made available to NSD service itself. However, most traditional
381 BIND-style zone files can be directly imported into NSD without modification.
382
383 The collection of programs and processes that make up NSD are designed so that
384 the daemon itself runs as a non-privileged user and can be easily configured to
385 run in a @code{chroot} jail, thus making any security flaws in NSD less likely
386 to result in system-wide compromise.")
387 (license (list license:bsd-3))))
388
389 (define-public unbound
390 (package
391 (name "unbound")
392 (version "1.10.0")
393 (source
394 (origin
395 (method url-fetch)
396 (uri (string-append "https://www.unbound.net/downloads/unbound-"
397 version ".tar.gz"))
398 (sha256
399 (base32 "0mg9divpysr42sp0m693a70693dp8025v6c9dv1yabr4g1jlhbqm"))))
400 (build-system gnu-build-system)
401 (outputs '("out" "python"))
402 (native-inputs
403 `(("flex" ,flex)
404 ("swig" ,swig)))
405 (inputs
406 `(("expat" ,expat)
407 ("libevent" ,libevent)
408 ("protobuf" ,protobuf)
409 ("python-wrapper" ,python-wrapper)
410 ("openssl" ,openssl)))
411 (arguments
412 `(#:configure-flags
413 (list "--disable-static" ; save space and non-determinism in libunbound.a
414 (string-append
415 "--with-ssl=" (assoc-ref %build-inputs "openssl"))
416 (string-append
417 "--with-libevent=" (assoc-ref %build-inputs "libevent"))
418 (string-append
419 "--with-libexpat=" (assoc-ref %build-inputs "expat"))
420 "--with-pythonmodule" "--with-pyunbound")
421 #:phases
422 (modify-phases %standard-phases
423 (add-after 'configure 'fix-python-site-package-path
424 ;; Move python modules into their own output.
425 (lambda* (#:key outputs #:allow-other-keys)
426 (let ((pyout (assoc-ref outputs "python"))
427 (ver ,(version-major+minor (package-version python))))
428 (substitute* "Makefile"
429 (("^PYTHON_SITE_PKG=.*$")
430 (string-append
431 "PYTHON_SITE_PKG="
432 pyout "/lib/python-" ver "/site-packages\n"))))
433 #t))
434 (add-before 'check 'fix-missing-nss-for-tests
435 ;; Unfortunately, the package's unittests involve some checks
436 ;; looking up protocols and services which are not provided
437 ;; by the minimalistic build environment, in particular,
438 ;; /etc/protocols and /etc/services are missing.
439 ;; Also, after plain substitution of protocol and service names
440 ;; in the test data, the tests still fail because the
441 ;; corresponding Resource Records have been signed by
442 ;; RRSIG records.
443 ;; The following LD_PRELOAD library overwrites the glibc
444 ;; functions ‘get{proto,serv}byname’, ‘getprotobynumber’ and
445 ;; ‘getservbyport’ providing the few records required for the
446 ;; unit tests to pass.
447 (lambda* (#:key inputs outputs #:allow-other-keys)
448 (let* ((source (assoc-ref %build-inputs "source"))
449 (gcc (assoc-ref %build-inputs "gcc")))
450 (call-with-output-file "/tmp/nss_preload.c"
451 (lambda (port)
452 (display "#include <stdlib.h>
453 #include <string.h>
454 #include <strings.h>
455
456 #include <netdb.h>
457
458 struct protoent *getprotobyname(const char *name) {
459 struct protoent *p = malloc(sizeof(struct protoent));
460 p->p_aliases = malloc(sizeof(char*));
461 if (strcasecmp(name, \"tcp\") == 0) {
462 p->p_name = \"tcp\";
463 p->p_proto = 6;
464 p->p_aliases[0] = \"TCP\";
465 } else if (strcasecmp(name, \"udp\") == 0) {
466 p->p_name = \"udp\";
467 p->p_proto = 17;
468 p->p_aliases[0] = \"UDP\";
469 } else
470 p = NULL;
471 return p;
472 }
473
474 struct protoent *getprotobynumber(int proto) {
475 struct protoent *p = malloc(sizeof(struct protoent));
476 p->p_aliases = malloc(sizeof(char*));
477 switch(proto) {
478 case 6:
479 p->p_name = \"tcp\";
480 p->p_proto = 6;
481 p->p_aliases[0] = \"TCP\";
482 break;
483 case 17:
484 p->p_name = \"udp\";
485 p->p_proto = 17;
486 p->p_aliases[0] = \"UDP\";
487 break;
488 default:
489 p = NULL;
490 break;
491 }
492 return p;
493 }
494
495 struct servent *getservbyname(const char *name, const char *proto) {
496 struct servent *s = malloc(sizeof(struct servent));
497 char* buf = malloc((strlen(proto)+1)*sizeof(char));
498 strcpy(buf, proto);
499 s->s_aliases = malloc(sizeof(char*));
500 s->s_aliases[0] = NULL;
501 if (strcasecmp(name, \"domain\") == 0) {
502 s->s_name = \"domain\";
503 s->s_port = htons(53);
504 s->s_proto = buf;
505 } else
506 s = NULL;
507 return s;
508 }
509
510 struct servent *getservbyport(int port, const char *proto) {
511 char buf[32];
512 struct servent *s = malloc(sizeof(struct servent));
513 strcpy(buf, proto);
514 s->s_aliases = malloc(sizeof(char*));
515 s->s_aliases[0] = NULL;
516 switch(port) {
517 case 53:
518 s->s_name = \"domain\";
519 s->s_port = 53;
520 s->s_proto = \"udp\";
521 break;
522 default:
523 s = NULL;
524 break;
525 }
526 return s;
527 }" port)))
528 (invoke (string-append gcc "/bin/gcc")
529 "-shared" "-fPIC" "-o" "/tmp/nss_preload.so"
530 "/tmp/nss_preload.c")
531 ;; The preload library only affects the unittests.
532 (substitute* "Makefile"
533 (("./unittest")
534 "LD_PRELOAD=/tmp/nss_preload.so ./unittest")))
535 #t)))))
536 (home-page "https://www.unbound.net")
537 (synopsis "Validating, recursive, and caching DNS resolver")
538 (description
539 "Unbound is a recursive-only caching DNS server which can perform DNSSEC
540 validation of results. It implements only a minimal amount of authoritative
541 service to prevent leakage to the root nameservers: forward lookups for
542 localhost, reverse for @code{127.0.0.1} and @code{::1}, and NXDOMAIN for zones
543 served by AS112. Stub and forward zones are supported.")
544 (license license:bsd-4)))
545
546 (define-public yadifa
547 (package
548 (name "yadifa")
549 (version "2.3.9")
550 (source
551 (let ((build "8497"))
552 (origin
553 (method url-fetch)
554 (uri
555 (string-append "http://cdn.yadifa.eu/sites/default/files/releases/"
556 "yadifa-" version "-" build ".tar.gz"))
557 (sha256
558 (base32 "0xvyr91sfgzkpw6g3h893ldbwnki3w2472n56rr18w67qghs1sa5")))))
559 (build-system gnu-build-system)
560 (native-inputs
561 `(("which" ,which)))
562 (inputs
563 `(("openssl" ,openssl)))
564 (arguments
565 `(#:phases
566 (modify-phases %standard-phases
567 (add-before 'configure 'omit-example-configurations
568 (lambda _
569 (substitute* "Makefile.in"
570 ((" (etc|var)") ""))
571 #t)))
572 #:configure-flags
573 (list "--sysconfdir=/etc"
574 "--localstatedir=/var"
575 "--disable-build-timestamp" ; build reproducibly
576 "--enable-shared"
577 "--disable-static"
578 "--enable-acl"
579 "--enable-caching"
580 "--enable-ctrl" ; enable remote control
581 "--enable-nsec"
582 "--enable-nsec3"
583 "--enable-tsig")))
584 (home-page "https://www.yadifa.eu/")
585 (synopsis "Authoritative DNS name server")
586 (description "YADIFA is an authoritative name server for the @dfn{Domain
587 Name System} (DNS). It aims for both higher performance and a smaller memory
588 footprint than other implementations, while remaining fully RFC-compliant.
589 YADIFA supports dynamic record updates and the @dfn{Domain Name System Security
590 Extensions} (DNSSEC).")
591 (license license:bsd-3)))
592
593 (define-public knot
594 (package
595 (name "knot")
596 (version "2.9.3")
597 (source
598 (origin
599 (method url-fetch)
600 (uri (string-append "https://secure.nic.cz/files/knot-dns/"
601 "knot-" version ".tar.xz"))
602 (sha256
603 (base32 "0zm0642hkb16sqkqpa84f89f3s0bw44m837r1nia8m89swvz3bgj"))
604 (modules '((guix build utils)))
605 (snippet
606 '(begin
607 ;; Delete bundled libraries.
608 (with-directory-excursion "src/contrib"
609 (delete-file-recursively "lmdb"))
610 #t))))
611 (build-system gnu-build-system)
612 (native-inputs
613 `(("pkg-config" ,pkg-config)))
614 (inputs
615 `(("fstrm" ,fstrm)
616 ("gnutls" ,gnutls)
617 ("jansson" ,jansson)
618 ("libcap-ng" ,libcap-ng)
619 ("libedit" ,libedit)
620 ("libidn" ,libidn)
621 ("liburcu" ,liburcu)
622 ("lmdb" ,lmdb)
623 ("ncurses" ,ncurses)
624 ("protobuf-c" ,protobuf-c)))
625 (arguments
626 `(#:phases
627 (modify-phases %standard-phases
628 (add-before 'configure 'disable-directory-pre-creation
629 (lambda _
630 ;; Don't install empty directories like ‘/etc’ outside the store.
631 ;; This is needed even when using ‘make config_dir=... install’.
632 (substitute* "src/Makefile.in" (("\\$\\(INSTALL\\) -d") "true"))
633 #t))
634 (replace 'install
635 (lambda* (#:key outputs #:allow-other-keys)
636 (let* ((out (assoc-ref outputs "out"))
637 (doc (string-append out "/share/doc/" ,name "-" ,version))
638 (etc (string-append doc "/examples/etc")))
639 (invoke "make"
640 (string-append "config_dir=" etc)
641 "install")))))
642 #:configure-flags
643 (list "--sysconfdir=/etc"
644 "--localstatedir=/var"
645 "--enable-dnstap" ; let tools read/write capture files
646 "--with-module-dnstap=yes" ; detailed query capturing & logging
647 (string-append "--with-bash-completions="
648 (assoc-ref %outputs "out")
649 "/etc/bash_completion.d"))))
650 (home-page "https://www.knot-dns.cz/")
651 (synopsis "Authoritative DNS name server")
652 (description "Knot DNS is an authoritative name server for the @dfn{Domain
653 Name System} (DNS), designed to meet the needs of root and @dfn{top-level
654 domain} (TLD) name servers. It is implemented as a threaded daemon and uses a
655 number of programming techniques to improve speed. For example, the responder
656 is completely lock-free, resulting in a very high response rate. Other features
657 include automatic @dfn{DNS Security Extensions} (DNSSEC) signing, dynamic record
658 synthesis, and on-the-fly re-configuration.")
659 (license
660 (list
661 ;; src/contrib/{hat-trie,murmurhash3,openbsd},
662 ;; src/dnssec/contrib/vpool.[ch], and parts of libtap/ are ‘MIT’ (expat).
663 license:expat
664 license:lgpl2.0+ ; parts of scr/contrib/ucw
665 license:public-domain ; src/contrib/fnv and possibly murmurhash3
666 license:gpl3+)))) ; everything else
667
668 (define-public knot-resolver
669 (package
670 (name "knot-resolver")
671 (version "4.3.0")
672 (source (origin
673 (method url-fetch)
674 (uri (string-append "https://secure.nic.cz/files/knot-resolver/"
675 "knot-resolver-" version ".tar.xz"))
676 (sha256
677 (base32
678 "09ffmqx79lv5psr433x4n946njgsn071b9b7161pcb9bmrqz380c"))))
679 (build-system meson-build-system)
680 (arguments
681 '(#:configure-flags '("-Ddoc=enabled")
682 #:phases
683 (modify-phases %standard-phases
684 (add-before 'configure 'disable-default-ta
685 (lambda _
686 ;; Disable the default managed root TA, since we don't have
687 ;; write access to the keyfile and its directory in store.
688 (substitute* "daemon/lua/sandbox.lua.in"
689 (("^trust_anchors\\.add_file.*") ""))
690 #t))
691 (add-after 'build 'build-doc
692 (lambda _
693 (invoke "ninja" "doc")))
694 (add-after 'install 'wrap-binary
695 (lambda* (#:key inputs outputs #:allow-other-keys)
696 (let* ((out (assoc-ref outputs "out"))
697 (lua-* (map cdr (filter
698 (lambda (input)
699 (string-prefix? "lua-" (car input)))
700 inputs)))
701 (lua-path (lambda (p)
702 (string-append p "/share/lua/5.1/?.lua")))
703 (lua-cpath (lambda (p)
704 (string-append p "/lib/lua/5.1/?.so"))))
705 (wrap-program (string-append out "/sbin/kresd")
706 `("LUA_PATH" ";" prefix ,(map lua-path lua-*))
707 `("LUA_CPATH" ";" prefix ,(map lua-cpath lua-*)))
708 #t))))))
709 (native-inputs
710 `(("cmocka" ,cmocka) ; for unit tests
711 ("doxygen" ,doxygen)
712 ("protobuf-c" ,protobuf-c)
713 ("pkg-config" ,pkg-config)
714 ("python-breathe" ,python-breathe)
715 ("python-sphinx" ,python-sphinx)
716 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)))
717 (inputs
718 `(("fstrm" ,fstrm)
719 ("gnutls" ,gnutls)
720 ("knot" ,knot)
721 ("libuv" ,libuv)
722 ("lmdb" ,lmdb)
723 ("luajit" ,luajit)
724 ;; TODO: Add optional lua modules: basexx, cqueues and psl.
725 ("lua-bitop" ,lua5.1-bitop)
726 ("lua-filesystem" ,lua5.1-filesystem)
727 ("lua-sec" ,lua5.1-sec)
728 ("lua-socket" ,lua5.1-socket)))
729 (home-page "https://www.knot-resolver.cz/")
730 (synopsis "Caching validating DNS resolver")
731 (description
732 "Knot Resolver is a caching full resolver implementation written in C and
733 LuaJIT, both a resolver library and a daemon.")
734 (license (list license:gpl3+
735 ;; Some 'contrib' files are under MIT, CC0 and LGPL2.
736 license:expat
737 license:cc0
738 license:lgpl2.0))))
739
740 (define-public ddclient
741 (package
742 (name "ddclient")
743 (version "3.9.1")
744 (source
745 (origin
746 (method git-fetch)
747 (uri (git-reference
748 (url "https://github.com/ddclient/ddclient.git")
749 (commit (string-append "v" version))))
750 (file-name (git-file-name name version))
751 (sha256
752 (base32 "0hf377g4j9r9sac75xp17nk2h58mazswz4vkg4g2gl2yyhvzq91w"))))
753 (build-system trivial-build-system) ; no Makefile.PL
754 (native-inputs
755 `(("bash" ,bash)
756 ("perl" ,perl)))
757 (inputs
758 `(("inetutils" ,inetutils) ; logger
759 ("net-tools" ,net-tools)
760 ("perl-data-validate-ip" ,perl-data-validate-ip)
761 ("perl-digest-sha1" ,perl-digest-sha1)
762 ("perl-io-socket-ssl" ,perl-io-socket-ssl)))
763 (arguments
764 `(#:modules ((guix build utils)
765 (ice-9 match)
766 (srfi srfi-26))
767 #:builder
768 (begin
769 (use-modules (guix build utils)
770 (ice-9 match)
771 (srfi srfi-26))
772 (setenv "PATH" (string-append
773 (assoc-ref %build-inputs "bash") "/bin" ":"
774 (assoc-ref %build-inputs "perl") "/bin"))
775
776 ;; Copy the (read-only) source into the (writable) build directory.
777 (copy-recursively (assoc-ref %build-inputs "source") ".")
778
779 ;; Install.
780 (let* ((out (assoc-ref %outputs "out"))
781 (bin (string-append out "/bin")))
782 (let ((file "ddclient"))
783 (substitute* file
784 (("/usr/bin/perl") (which "perl"))
785 ;; Strictly use ‘/etc/ddclient/ddclient.conf’.
786 (("\\$\\{program\\}\\.conf") "/etc/ddclient/ddclient.conf")
787 (("\\$etc\\$program.conf") "/etc/ddclient/ddclient.conf")
788 ;; Strictly use ‘/var/cache/ddclient/ddclient.cache’
789 (("\\$cachedir\\$program\\.cache")
790 "/var/cache/ddclient/ddclient.cache"))
791 (install-file file bin)
792 (wrap-program (string-append bin "/" file)
793 `("PATH" ":" =
794 ("$PATH"
795 ,@(map (lambda (input)
796 (match input
797 ((name . store)
798 (string-append store "/bin"))))
799 %build-inputs)))
800 `("PERL5LIB" ":" =
801 ,(delete
802 ""
803 (map (match-lambda
804 (((? (cut string-prefix? "perl-" <>) name) . dir)
805 (string-append dir "/lib/perl5/site_perl"))
806 (_ ""))
807 %build-inputs)))))
808 (for-each (cut install-file <> (string-append out
809 "/share/ddclient"))
810 (find-files "." "sample.*$"))))))
811 (home-page "https://ddclient.net/")
812 (synopsis "Address updating utility for dynamic DNS services")
813 (description "This package provides a client to update dynamic IP
814 addresses with several dynamic DNS service providers, such as
815 @uref{https://www.dyndns.com/account/login.html,DynDNS.com}.
816
817 This makes it possible to use a fixed hostname (such as myhost.dyndns.org) to
818 access a machine with a dynamic IP address.
819
820 The client supports both dynamic and (near) static services, as well as MX
821 record and alternative name management. It caches the address, and only
822 attempts the update when it has changed.")
823 (license license:gpl2+)))
824
825 (define-public hnsd
826 ;; There have been no releases yet, hence this commit.
827 (let ((revision "0")
828 (commit "895d89c25d316d18df9d374fe78aae3902bc89fb"))
829 (package
830 (name "hnsd")
831 (version (git-version "0.0" revision commit))
832 (source (origin
833 (method git-fetch)
834 (uri (git-reference
835 (url "https://github.com/handshake-org/hnsd")
836 (commit commit)))
837 (sha256
838 (base32
839 "0704y73sddn24jga9csw4gxyfb3pnrfnk0vdcph84n1h38490l16"))
840 (file-name (git-file-name name version))
841 (modules '((guix build utils)))
842 (snippet
843 '(begin
844 ;; Delete the bundled copy of libuv.
845 (delete-file-recursively "uv")
846 (substitute* "configure.ac"
847 (("AC_CONFIG_SUBDIRS\\(\\[uv\\]\\)") ""))
848 (substitute* "Makefile.am"
849 (("SUBDIRS = uv") "\n")
850 (("\\$\\(top_builddir\\)/uv/libuv.la") "-luv")
851
852 ;; Make sure the 'hnsd' binary is installed and
853 ;; dynamically-linked.
854 (("noinst_PROGRAMS") "bin_PROGRAMS")
855 (("hnsd_LDFLAGS = -static") ""))
856
857 ;; This script tries to chdir to "uv" and doesn't do more
858 ;; than "autoreconf" so remove it.
859 (delete-file "autogen.sh")
860 #t))))
861 (build-system gnu-build-system)
862 (arguments
863 '(#:configure-flags '("--disable-static"))) ;no need for libhsk.a
864 (native-inputs
865 `(("autoconf" ,autoconf)
866 ("automake" ,automake)
867 ("libtool" ,libtool)))
868 (inputs
869 `(("unbound" ,unbound)
870 ("libuv" ,libuv)))
871 (home-page "https://www.handshake.org/")
872 (synopsis "Resolver daemon for the Handshake naming protocol")
873 (description
874 "@command{hnsd} is a @dfn{host name resolver} for the Handshake Naming
875 System (HNS) peer-to-peer network.")
876 (license license:expat))))
877
878 (define-public libmicrodns
879 (package
880 (name "libmicrodns")
881 (version "0.0.10")
882 (source (origin
883 (method git-fetch)
884 (uri (git-reference
885 (url "https://github.com/videolabs/libmicrodns")
886 (commit version)))
887 (file-name (git-file-name name version))
888 (sha256
889 (base32
890 "1xvl9k49ng35wbsqmnjnyqvkyjf8dcq2ywsq3jp3wh0rgmxhq2fh"))))
891 (build-system gnu-build-system)
892 (native-inputs
893 `(("pkg-config" ,pkg-config)
894 ("autoconf" ,autoconf)
895 ("automake" ,automake)
896 ("libtool" ,libtool)))
897 (home-page "https://github.com/videolabs/libmicrodns")
898 (synopsis "Minimal mDNS resolver library")
899 (description "@code{libmicrodns} provides a minimal implementation of a
900 mDNS resolver as well as an announcer. mDNS (Multicast Domain Name System) is
901 a zero-config service that allows one to resolve host names to IP addresses in
902 local networks.")
903 (license license:lgpl2.1)))
904
905 (define-public public-suffix-list
906 ;; Mozilla releases the official list here:
907 ;;
908 ;; https://publicsuffix.org/list/public_suffix_list.dat
909 ;;
910 ;; However, Mozilla syncs that file from the GitHub repository periodically,
911 ;; so its contents will change over time. If you update this commit, please
912 ;; make sure that the new commit refers to a list which is identical to the
913 ;; officially published list available from the URL above.
914 (let ((commit "9375b697baddb0827a5995c81bd3c75877a0b35d"))
915 (package
916 (name "public-suffix-list")
917 (version (git-version "0" "1" commit))
918 (source (origin
919 (method git-fetch)
920 (uri (git-reference
921 (url "https://github.com/publicsuffix/list.git")
922 (commit commit)))
923 (file-name (git-file-name name version))
924 (sha256
925 (base32
926 "1sm7pni01rnl4ldzi8z8nc4cbgq8nxda9gwc68v0s3ij7jd1jmik"))))
927 (build-system trivial-build-system)
928 (arguments
929 `(#:modules ((guix build utils))
930 #:builder
931 (begin
932 (use-modules (guix build utils))
933 (let* ((out (assoc-ref %outputs "out"))
934 ;; Install to /share because that is where "read-only
935 ;; architecture-independent data files" should go (see:
936 ;; (standards) Directory Variables). Include the version in
937 ;; the directory name so that if multiple versions are ever
938 ;; installed in the same profile, they will not conflict.
939 (destination (string-append
940 out "/share/public-suffix-list-" ,version))
941 (source (assoc-ref %build-inputs "source")))
942 (with-directory-excursion source
943 (install-file "public_suffix_list.dat" destination)
944 (install-file "LICENSE" destination))
945 #t))))
946 (home-page "https://publicsuffix.org/")
947 (synopsis "Database of current and historical DNS suffixes")
948 (description "This is the Public Suffix List maintained by Mozilla. A
949 \"public suffix\" is one under which Internet users can (or historically
950 could) directly register names in the Domain Name System (DNS). Some examples
951 of public suffixes are .com, .co.uk and pvt.k12.ma.us. This is a list of all
952 known public suffixes.")
953 (license license:mpl2.0))))
954
955 (define-public maradns
956 (package
957 (name "maradns")
958 (version "3.5.0004")
959 (source
960 (origin
961 (method url-fetch)
962 (uri (string-append "https://maradns.samiam.org/download/"
963 (version-major+minor version) "/"
964 version "/maradns-" version ".tar.xz"))
965 (sha256
966 (base32
967 "1zv0i6m4m05ay5zlhwq1h88hgjq2d81cjanpnb3gyhr0xhmjwk6a"))))
968 (build-system gnu-build-system)
969 (arguments
970 `(#:tests? #f ; need to be root to run tests
971 #:make-flags
972 (list
973 (string-append "CC="
974 (if ,(%current-target-system)
975 (string-append (assoc-ref %build-inputs "cross-gcc")
976 "/bin/" ,(%current-target-system) "-gcc")
977 "gcc"))
978 (string-append "PREFIX=" %output)
979 (string-append "RPM_BUILD_ROOT=" %output))
980 #:phases
981 (modify-phases %standard-phases
982 (replace 'configure
983 (lambda* (#:key native-inputs target #:allow-other-keys)
984 ;; make_32bit_tables generates a header file that is used during
985 ;; compilation. Hence, during cross compilation, it should be
986 ;; built for the host system.
987 (when target
988 (substitute* "rng/Makefile"
989 (("\\$\\(CC\\) -o make_32bit_tables")
990 (string-append (assoc-ref native-inputs "gcc")
991 "/bin/gcc -o make_32bit_tables"))))
992 (invoke "./configure")))
993 (add-before 'install 'create-install-directories
994 (lambda* (#:key outputs #:allow-other-keys)
995 (let ((out (assoc-ref outputs "out")))
996 (for-each (lambda (dir)
997 (mkdir-p (string-append out dir)))
998 (list "/bin" "/sbin" "/etc"
999 "/share/man/man1"
1000 "/share/man/man5"
1001 "/share/man/man8"))
1002 #t))))))
1003 (home-page "https://maradns.samiam.org")
1004 (synopsis "Small lightweight DNS server")
1005 (description "MaraDNS is a small and lightweight DNS server. MaraDNS
1006 consists of a UDP-only authoritative DNS server for hosting domains, and a UDP
1007 and TCP-capable recursive DNS server for finding domains on the internet.")
1008 (license license:bsd-2)))
jackhill's copy of GNU Guix: https://guix.gnu.org/