Commit 3594c4eb authored by Tomas Krizek's avatar Tomas Krizek

Merge branch 'packaging-doh' into 'master'

packaging: DoH

See merge request !806
parents 909d5dd9 a4f71463
...@@ -302,11 +302,11 @@ root.hints: ...@@ -302,11 +302,11 @@ root.hints:
- scripts/update-root-hints.sh - scripts/update-root-hints.sh
test:valgrind: test:valgrind:
<<: *test_flaky # lost block in /bin/bash during ta_update
when: delayed when: delayed
start_in: '30 seconds' start_in: '30 seconds'
script: script:
- ${MESON_TEST} --suite unit --suite config --wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" - ${MESON_TEST} --suite unit --suite config --no-suite snowflake --wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp"
- MESON_TESTTHREADS=1 ${MESON_TEST} --wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" --suite snowflake
# }}} # }}}
# extended {{{ # extended {{{
......
...@@ -66,8 +66,8 @@ FROM runtime ...@@ -66,8 +66,8 @@ FROM runtime
LABEL cz.knot-resolver.vendor="CZ.NIC" LABEL cz.knot-resolver.vendor="CZ.NIC"
LABEL maintainer="knot-resolver-users@lists.nic.cz" LABEL maintainer="knot-resolver-users@lists.nic.cz"
# Export DNS over UDP & TCP, DNS-over-TLS, web interface # Export DNS over UDP & TCP, DNS-over-HTTPS, DNS-over-TLS, web interface
EXPOSE 53/UDP 53/TCP 853/TCP 8053/TCP EXPOSE 53/UDP 53/TCP 443/TCP 853/TCP 8453/TCP
# Fetch Knot Resolver + Knot DNS libraries from build image # Fetch Knot Resolver + Knot DNS libraries from build image
COPY --from=build /tmp/root/ / COPY --from=build /tmp/root/ /
......
...@@ -6,8 +6,8 @@ The server is in the `daemon` directory, it works out of the box without any con ...@@ -6,8 +6,8 @@ The server is in the `daemon` directory, it works out of the box without any con
.. code-block:: bash .. code-block:: bash
$ kresd -h # Get help $ kresd -v # run with defaults in verbose mode
$ kresd -a ::1 $ kresd -h # Get help
If you're using our packages, they also provide systemd integration. To start the resolver under systemd, you can use the ``kresd@1.service`` service. By default, the resolver only binds to local interfaces. If you're using our packages, they also provide systemd integration. To start the resolver under systemd, you can use the ``kresd@1.service`` service. By default, the resolver only binds to local interfaces.
...@@ -385,8 +385,14 @@ Environment ...@@ -385,8 +385,14 @@ Environment
Trust anchors and DNSSEC Trust anchors and DNSSEC
^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^
Since version 4.0, *DNSSEC validation is enabled by default*. To turn it off, Since version 4.0, **DNSSEC validation is enabled by default**.
add the following snippet to your configuration file. This is secure default and should not be changed unless absolutely necessary.
**Options in this section are intended only for expert users and normally
should not be needed.**
If you really need to turn DNSSEC off and are okay with lowering security of your
system by doing so, add the following snippet to your configuration file.
.. code-block:: lua .. code-block:: lua
...@@ -398,6 +404,10 @@ and :rfc:`7646` negative trust anchors. Depending on your distribution, DNSSEC ...@@ -398,6 +404,10 @@ and :rfc:`7646` negative trust anchors. Depending on your distribution, DNSSEC
trust anchors should be either maintained in accordance with the distro-wide trust anchors should be either maintained in accordance with the distro-wide
policy, or automatically maintained by the resolver itself. policy, or automatically maintained by the resolver itself.
In practice this means that you can forget about it and your favorite Linux
distribution will take care of it for you.
.. function:: trust_anchors.add_file(keyfile[, readonly = false]) .. function:: trust_anchors.add_file(keyfile[, readonly = false])
:param string keyfile: path to the file. :param string keyfile: path to the file.
......
...@@ -3,15 +3,36 @@ ...@@ -3,15 +3,36 @@
Network configuration Network configuration
^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^
For when listening on ``localhost`` just doesn't cut it. Modern Linux distributions use so-called *Systemd socket activation*, which
effectively means that IP addresses and ports to listen on are configured
in Systemd configuration files.
**Systemd socket configuration** Older Linux systems and all non-Linux systems do not support this modern method
and have to resort to old fashioned way of configuring network interfaces using
``net.listen()`` configuration call.
Most notable examples of such systems are CentOS 7 and macOS.
.. warning:: On machines with multiple IP addresses avoid listening on wildcards
``0.0.0.0`` or ``::``. Knot Resolver could answer from different IP
addresses if the network address ranges overlap,
and clients would probably refuse such a response.
**Network configuration using systemd**
If you're using our packages with systemd with sockets support (not supported If you're using our packages with systemd with sockets support (not supported
on CentOS 7), network interfaces are configured using systemd drop-in files for on CentOS 7), network interfaces are configured using systemd drop-in files.
``kresd.socket`` and ``kresd-tls.socket``. Each protocol has its own configuration file:
.. csv-table::
:header: "**Network protocol**", "**Socket file name**"
"DNS (UDP+TCP, :rfc:`1034`)","``kresd.socket``"
":ref:`DNS-over-TLS (DoT) <tls-server-config>`","``kresd-tls.socket``"
":ref:`mod-http-doh`","``kresd-doh.socket``"
":ref:`Web management <mod-http-built-in-services>`","``kresd-webmgmt.socket``"
To configure kresd to listen on public interface, create a drop-in file: To configure kresd to listen on a public interface using the original DNS protocol,
create a drop-in file:
.. code-block:: bash .. code-block:: bash
...@@ -20,13 +41,41 @@ To configure kresd to listen on public interface, create a drop-in file: ...@@ -20,13 +41,41 @@ To configure kresd to listen on public interface, create a drop-in file:
.. code-block:: none .. code-block:: none
# /etc/systemd/system/kresd.socket.d/override.conf # /etc/systemd/system/kresd.socket.d/override.conf
# always listen on UDP (datagram) and TCP (stream) as well
[Socket]
ListenDatagram=192.0.2.115:53
ListenStream=192.0.2.115:53
.. note:: If you change network interfaces of systemd sockets for already running
kresd instance, make sure to call ``systemctl restart system-kresd.slice`` for
these changes to take effect.
Configuration you provide is automatically merged with defaults from your
distribution. It is also possible to check resulting configuration using
``systemctl cat``:
.. code-block:: bash
$ systemctl cat kresd.socket
.. code-block:: none
# merged result: user configuration + distro defaults
[Socket] [Socket]
FileDescriptorName=dns
FreeBind=true
BindIPv6Only=both
ListenDatagram=[::1]:53
ListenStream=[::1]:53
ListenDatagram=127.0.0.1:53
ListenStream=127.0.0.1:53
ListenDatagram=192.0.2.115:53 ListenDatagram=192.0.2.115:53
ListenStream=192.0.2.115:53 ListenStream=192.0.2.115:53
.. _kresd-socket-override-port: .. _kresd-socket-override-port:
The default locahost interface/port can also be removed/overriden by using an The default localhost interface/port can also be removed/overriden by using an
empty ``ListenDatagram=`` or ``ListenStream=`` directive. This can be used when empty ``ListenDatagram=`` or ``ListenStream=`` directive. This can be used when
you want to configure kresd to listen on all IPv4/IPv6 network interfaces (if you want to configure kresd to listen on all IPv4/IPv6 network interfaces (if
you've disabled IPv6 support in kernel, use ``0.0.0.0`` instead of ``[::]`` ). you've disabled IPv6 support in kernel, use ``0.0.0.0`` instead of ``[::]`` ).
...@@ -45,9 +94,10 @@ you've disabled IPv6 support in kernel, use ``0.0.0.0`` instead of ``[::]`` ). ...@@ -45,9 +94,10 @@ you've disabled IPv6 support in kernel, use ``0.0.0.0`` instead of ``[::]`` ).
possible workarounds, see possible workarounds, see
https://gitlab.labs.nic.cz/knot/knot-resolver/issues/445 https://gitlab.labs.nic.cz/knot/knot-resolver/issues/445
It can also be useful if you want to use the Knot DNS with the `dnsproxy It can also be useful if you want to use the Knot DNS authoritative server
module`_ to have both resolver and authoritative server running on the same with the `dnsproxy module`_ to have both resolver and authoritative server
machine. running on the same machine. This is not recommended configuration but it can
be done like this:
.. code-block:: none .. code-block:: none
...@@ -63,7 +113,7 @@ machine. ...@@ -63,7 +113,7 @@ machine.
.. _kresd-tls-socket-override-port: .. _kresd-tls-socket-override-port:
The ``kresd-tls.socket`` can also be configured in the same way to listen for The ``kresd-tls.socket`` can also be configured in the same way to listen for
TLS connections. DNS-over-TLS connections (:rfc:`7858`).
.. code-block:: bash .. code-block:: bash
...@@ -72,67 +122,98 @@ TLS connections. ...@@ -72,67 +122,98 @@ TLS connections.
.. code-block:: none .. code-block:: none
# /etc/systemd/system/kresd-tls.socket.d/override.conf # /etc/systemd/system/kresd-tls.socket.d/override.conf
# specify only TCP (stream), DTLS is not supported
[Socket] [Socket]
ListenStream=192.0.2.115:853 ListenStream=192.0.2.115:853
**Daemon network configuration** When configuring sockets for :ref:`mod-http-doh`, make sure you have
``kresd-doh.socket`` installed, it might be part of a separate
If you don't use systemd with sockets to run kresd, network interfaces are ``knot-resolver-module-http`` package.
configured in the config file.
.. tip:: Use declarative interface for network. .. warning:: Make sure you read section :ref:`mod-http-doh` before exposing
the DoH protocol to outside.
.. code-block:: lua For example, to remove the default localhost:44353 and listen on all interfaces
on port 443, create the following drop-in file for ``kresd-doh.socket``:
net = { '127.0.0.1', net.eth0, net.eth1.addr[1] } .. code-block:: bash
net.ipv4 = false
.. warning:: On machines with multiple IP addresses avoid binding to wildcard ``0.0.0.0`` or ``::`` (see example below). Knot Resolver could answer from different IP in case the ranges overlap and client will probably refuse such a response.
.. code-block:: lua $ systemctl edit kresd-doh.socket
net = { '0.0.0.0' } .. code-block:: bash
# /etc/systemd/system/kresd-doh.socket.d/override.conf
[Socket]
ListenStream=
ListenStream=[::]:443
.. envvar:: net.ipv6 = true|false Make sure no other service is using port 443, as that will result in
unpredictable behaviour. Alternately, you can use port 44353 where a collision
is unlikely.
:return: boolean (default: true) Also, don't forget to :ref:`load http module in configuration <mod-http-example>`
file, otherwise the socket won't work.
Enable/disable using IPv6 for contacting upstream nameservers. **Legacy network configuration using configuration file**
.. envvar:: net.ipv4 = true|false If you don't use systemd with sockets to run kresd, addresses and ports to listen
on are configured in the config file.
:return: boolean (default: true)
Enable/disable using IPv4 for contacting upstream nameservers.
.. function:: net.listen(addresses, [port = 53, { kind = 'dns' }]) .. function:: net.listen(addresses, [port = 53, { kind = 'dns' }])
:return: boolean :return: boolean
Listen on addresses; port and flags are optional. Listen on addresses; port and flags are optional.
The addresses can be specified as a string or device, The addresses can be specified as a string or device.
or a list of addresses (recursively).
The command can be given multiple times, The command can be given multiple times,
but repeating an address-port combination is an error. but repeating an address-port combination is an error.
Port 853 implies ``kind = 'tls'`` but it is always better to be explicit.
If you specify port 853, ``kind = 'tls'`` by default. .. csv-table::
:header: "**Network protocol**", "**Configuration command**"
Examples: "DNS (UDP+TCP, :rfc:`1034`)","``net.listen('192.0.2.123', 53)``"
":ref:`DNS-over-TLS (DoT) <tls-server-config>`","``net.listen('192.0.2.123', 853, { kind = 'tls' })``"
":ref:`mod-http-doh`","``net.listen('192.0.2.123', 443, { kind = 'doh' })``"
":ref:`Web management <mod-http-built-in-services>`","``net.listen('192.0.2.123', 8453, { kind = 'webmgmt' })``"
Examples:
.. code-block:: lua .. code-block:: lua
net.listen('::1') net.listen('::1')
net.listen(net.lo, 5353) net.listen(net.lo, 53)
net.listen({net.eth0, '127.0.0.1'}, 53853, { kind = 'tls' }) net.listen(net.eth0, 853, { kind = 'tls' })
net.listen('::', 443, { kind = 'doh' }) -- see http module
net.listen('::', 8453, { kind = 'webmgmt' }) -- see http module net.listen('::', 8453, { kind = 'webmgmt' }) -- see http module
.. warning:: Make sure you read section :ref:`mod-http-doh` before exposing
the DNS-over-HTTP protocol to outside.
.. function:: net.close(address, [port]) .. function:: net.close(address, [port])
:return: boolean (at least one endpoint closed) :return: boolean (at least one endpoint closed)
Close all endpoints listening on the specified address, optionally restricted by port as well. Close all endpoints listening on the specified address, optionally restricted by port as well.
**Additional network configuration options**
Following commands are useful in special situations and can be usef with and without systemd socket activation:
.. envvar:: net.ipv6 = true|false
:return: boolean (default: true)
Enable/disable using IPv6 for contacting upstream nameservers.
.. envvar:: net.ipv4 = true|false
:return: boolean (default: true)
Enable/disable using IPv4 for contacting upstream nameservers.
.. function:: net.list() .. function:: net.list()
:return: Table of bound interfaces. :return: Table of bound interfaces.
...@@ -229,21 +310,13 @@ configured in the config file. ...@@ -229,21 +310,13 @@ configured in the config file.
TLS server configuration TLS server configuration
^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^
.. note:: Installations using systemd should be configured using systemd-specific procedures DNS-over-TLS server (:rfc:`7858`) is enabled by default on loopback interface port 853.
described in manual page ``kresd.systemd(7)``. Information how to configure listening on specific IP addresses is in previous sections
:ref:`network-configuration`.
DNS-over-TLS server (:rfc:`7858`) can be enabled using ``{tls = true}`` parameter
in :c:func:`net.listen()` function call. For example:
.. code-block:: lua
> net.listen("::", 53) -- plain UDP+TCP on port 53 (standard DNS)
> net.listen("::", 853, {tls = true}) -- DNS-over-TLS on port 853 (standard DoT)
> net.listen("::", 443, {tls = true}) -- DNS-over-TLS on port 443 (non-standard)
By default an self-signed certificate will be generated. For serious deployments By default a self-signed certificate is generated. For serious deployments
it is strongly recommended to provide TLS certificates signed by a trusted CA it is strongly recommended to configure your own TLS certificates signed
using :c:func:`net.tls()`. by a trusted CA. This is done using function :c:func:`net.tls()`.
.. function:: net.tls([cert_path], [key_path]) .. function:: net.tls([cert_path], [key_path])
......
...@@ -159,7 +159,7 @@ function M.add_interface(conf) ...@@ -159,7 +159,7 @@ function M.add_interface(conf)
local addr_str local addr_str
if not conf.path then if not conf.path then
conf.host = conf.host or 'localhost' conf.host = conf.host or 'localhost'
conf.port = conf.port or 8053 conf.port = conf.port or 8453
addr_str = string.format('%s@%d', conf.host, conf.port) addr_str = string.format('%s@%d', conf.host, conf.port)
else else
if conf.host or conf.port then if conf.host or conf.port then
......
...@@ -24,6 +24,7 @@ depends=( ...@@ -24,6 +24,7 @@ depends=(
'systemd' 'systemd'
) )
optdepends=( optdepends=(
'lua51-basexx: experimental_dot_auth module',
'lua51-http: http module', 'lua51-http: http module',
'lua51-filesystem: prefill module', 'lua51-filesystem: prefill module',
) )
...@@ -61,7 +62,7 @@ package() { ...@@ -61,7 +62,7 @@ package() {
DESTDIR=${pkgdir} ninja -C build_arch install DESTDIR=${pkgdir} ninja -C build_arch install
# add kresd.target to multi-user.target.wants to support enabling kresd services # add kresd.target to multi-user.target.wants to support enabling kresd services
install -dm 0755 "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants" install -d -m 0755 "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants"
ln -s ../kresd.target "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants/kresd.target" ln -s ../kresd.target "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants/kresd.target"
# remove modules with missing dependencies # remove modules with missing dependencies
......
...@@ -39,8 +39,10 @@ Replaces: ...@@ -39,8 +39,10 @@ Replaces:
Breaks: Breaks:
libkres9 (<< 3.2.1-2), libkres9 (<< 3.2.1-2),
Recommends: Recommends:
knot-resolver-module-http, lua-basexx,
lua-cqueues, lua-cqueues,
Suggests:
knot-resolver-module-http,
Description: caching, DNSSEC-validating DNS resolver Description: caching, DNSSEC-validating DNS resolver
The Knot Resolver is a caching full resolver implementation The Knot Resolver is a caching full resolver implementation
written in C and LuaJIT, including both a resolver library and a written in C and LuaJIT, including both a resolver library and a
...@@ -61,11 +63,14 @@ Description: caching, DNSSEC-validating DNS resolver ...@@ -61,11 +63,14 @@ Description: caching, DNSSEC-validating DNS resolver
Package: knot-resolver-module-http Package: knot-resolver-module-http
Architecture: all Architecture: all
Depends: Depends:
knot-resolver,
libjs-bootstrap, libjs-bootstrap,
libjs-d3, libjs-d3,
libjs-jquery, libjs-jquery,
lua-cqueues (>= 20171014),
lua-http, lua-http,
lua-mmdb, lua-mmdb,
systemd,
${misc:Depends}, ${misc:Depends},
${shlibs:Depends}, ${shlibs:Depends},
Breaks: Breaks:
......
usr/lib/systemd/system/kresd@.service.d/module-http.conf lib/systemd/system/kresd@.service.d/
usr/lib/systemd/system/kresd-doh.socket lib/systemd/system/
usr/lib/systemd/system/kresd-webmgmt.socket lib/systemd/system/
usr/lib/knot-resolver/kres_modules/http*.lua usr/lib/knot-resolver/kres_modules/http*.lua
usr/lib/knot-resolver/kres_modules/prometheus.lua usr/lib/knot-resolver/kres_modules/prometheus.lua
usr/lib/knot-resolver/kres_modules/http/*.css usr/lib/knot-resolver/kres_modules/http/*.css
......
#!/bin/sh
set -e
if [ "$1" = "configure" ]; then
systemctl daemon-reload || true
fi
/lib/systemd/system/kresd@.service.d
/var/lib/knot-resolver /var/lib/knot-resolver
etc/knot-resolver/kresd.conf etc/knot-resolver/kresd.conf
usr/lib/systemd/system/* lib/systemd/system/ usr/lib/systemd/system/kresd@.service lib/systemd/system/
usr/lib/systemd/system/kresd.target lib/systemd/system/
usr/lib/systemd/system/kresd.socket lib/systemd/system/
usr/lib/systemd/system/kresd-tls.socket lib/systemd/system/
usr/lib/systemd/system/kresd-control@.socket lib/systemd/system/
usr/lib/*.so.* usr/lib/*.so.*
usr/lib/tmpfiles.d/knot-resolver.conf usr/lib/tmpfiles.d/knot-resolver.conf
usr/lib/knot-resolver/*.so usr/lib/knot-resolver/*.so
...@@ -21,6 +25,7 @@ usr/lib/knot-resolver/kres_modules/renumber.lua ...@@ -21,6 +25,7 @@ usr/lib/knot-resolver/kres_modules/renumber.lua
usr/lib/knot-resolver/kres_modules/serve_stale.lua usr/lib/knot-resolver/kres_modules/serve_stale.lua
usr/lib/knot-resolver/kres_modules/ta_sentinel.lua usr/lib/knot-resolver/kres_modules/ta_sentinel.lua
usr/lib/knot-resolver/kres_modules/ta_signal_query.lua usr/lib/knot-resolver/kres_modules/ta_signal_query.lua
usr/lib/knot-resolver/kres_modules/ta_update.lua
usr/lib/knot-resolver/kres_modules/view.lua usr/lib/knot-resolver/kres_modules/view.lua
usr/lib/knot-resolver/kres_modules/workarounds.lua usr/lib/knot-resolver/kres_modules/workarounds.lua
usr/sbin/kresc usr/sbin/kresc
......
...@@ -47,25 +47,27 @@ BuildRequires: pkgconfig(libsystemd) ...@@ -47,25 +47,27 @@ BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(libuv) BuildRequires: pkgconfig(libuv)
BuildRequires: pkgconfig(luajit) >= 2.0 BuildRequires: pkgconfig(luajit) >= 2.0
Requires: systemd Requires: systemd
# Distro-dependent dependencies # Distro-dependent dependencies
%if 0%{?rhel} %if 0%{?rhel}
BuildRequires: lmdb-devel BuildRequires: lmdb-devel
# Lua 5.1 version of the libraries have different package names # Lua 5.1 version of the libraries have different package names
Requires: lua-basexx
Requires: lua-socket Requires: lua-socket
Requires: lua-sec Requires: lua-sec
Requires: lua-filesystem Requires: lua-filesystem
Requires(pre): shadow-utils Requires(pre): shadow-utils
%endif %endif
%if 0%{?fedora} %if 0%{?fedora}
BuildRequires: pkgconfig(lmdb) BuildRequires: pkgconfig(lmdb)
BuildRequires: python3-sphinx BuildRequires: python3-sphinx
Requires: lua-cqueues-compat Requires: lua5.1-basexx
Requires: lua5.1-cqueues
Requires: lua-filesystem-compat Requires: lua-filesystem-compat
Requires: lua-socket-compat Requires: lua-socket-compat
Requires: lua-sec-compat Requires: lua-sec-compat
Requires(pre): shadow-utils Requires(pre): shadow-utils
%endif %endif
%if 0%{?suse_version} %if 0%{?suse_version}
%define NINJA ninja %define NINJA ninja
...@@ -74,7 +76,7 @@ BuildRequires: python3-Sphinx ...@@ -74,7 +76,7 @@ BuildRequires: python3-Sphinx
Requires: lua51-luafilesystem Requires: lua51-luafilesystem
Requires: lua51-luasocket Requires: lua51-luasocket
Requires: lua51-luasec Requires: lua51-luasec
Requires(pre): shadow Requires(pre): shadow
%endif %endif
%if "x%{?rhel}" == "x" %if "x%{?rhel}" == "x"
...@@ -112,6 +114,24 @@ Requires: %{name} = %{version}-%{release} ...@@ -112,6 +114,24 @@ Requires: %{name} = %{version}-%{release}
Documentation for Knot Resolver Documentation for Knot Resolver
%endif %endif
%if "x%{?suse_version}" == "x"
%package module-http
Summary: HTTP/2 module for Knot Resolver
Requires: knot-resolver
%if 0%{?fedora}
Requires: lua5.1-http
Requires: lua5.1-mmdb
%else
Requires: lua-http
Requires: lua-mmdb
%endif
%description module-http
HTTP/2 module for Knot Resolver has multiple uses. It enables use of
DNS-over-HTTP, can serve as API ednpoint for other modules or provide a web
interface for local visualization of the resolver cache and queries.
%endif
%prep %prep
%if 0%{GPG_CHECK} %if 0%{GPG_CHECK}
export GNUPGHOME=./gpg-keyring export GNUPGHOME=./gpg-keyring
...@@ -161,10 +181,16 @@ install -m 0750 -d %{buildroot}/run/%{name} ...@@ -161,10 +181,16 @@ install -m 0750 -d %{buildroot}/run/%{name}
# remove modules with missing dependencies # remove modules with missing dependencies
rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/etcd.lua rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/etcd.lua
%if 0%{?suse_version}
rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/experimental_dot_auth.lua
rm -r %{buildroot}%{_libdir}/knot-resolver/kres_modules/http rm -r %{buildroot}%{_libdir}/knot-resolver/kres_modules/http
rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/http.lua rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/http*.lua
rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/http_trace.lua
rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/prometheus.lua rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/prometheus.lua
rm %{buildroot}%{_unitdir}/kresd@.service.d/module-http.conf
rm %{buildroot}%{_unitdir}/kresd-doh.socket
rm %{buildroot}%{_unitdir}/kresd-webmgmt.socket
%endif
# rename doc directory for centos, opensuse # rename doc directory for centos, opensuse
%if "x%{?fedora}" == "x" %if "x%{?fedora}" == "x"
...@@ -207,12 +233,15 @@ getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysc ...@@ -207,12 +233,15 @@ getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysc
%attr(664,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/root.keys %attr(664,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/root.keys
%attr(644,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/root.hints %attr(644,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/root.hints
%attr(644,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/icann-ca.pem %attr(644,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/icann-ca.pem
%{_unitdir}/kresd*.service %{_unitdir}/kresd@.service
%{_unitdir}/kresd.target %{_unitdir}/kresd.target
%dir %{_unitdir}/multi-user.target.wants %dir %{_unitdir}/multi-user.target.wants
%{_unitdir}/multi-user.target.wants/kresd.target %{_unitdir}/multi-user.target.wants/kresd.target
%if "x%{?rhel}" == "x" %if "x%{?rhel}" == "x"
%{_unitdir}/kresd*.socket %dir %{_unitdir}/kresd@.service.d
%{_unitdir}/kresd.socket
%{_unitdir}/kresd-tls.socket
%{_unitdir}/kresd-control@.socket
%ghost /run/%{name}/ %ghost /run/%{name}/
%{_mandir}/man7/kresd.systemd.7.gz %{_mandir}/man7/kresd.systemd.7.gz
%else %else
...@@ -223,7 +252,32 @@ getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysc ...@@ -223,7 +252,32 @@ getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysc
%{_sbindir}/kresd %{_sbindir}/kresd
%{_sbindir}/kresc %{_sbindir}/kresc
%{_libdir}/libkres.so.* %{_libdir}/libkres.so.*
%{_libdir}/knot-resolver %dir %{_libdir}/knot-resolver
%{_libdir}/knot-resolver/*.so
%{_libdir}/knot-resolver/*.lua
%dir %{_libdir}/knot-resolver/kres_modules
%{_libdir}/knot-resolver/kres_modules/*.so
%{_libdir}/knot-resolver/kres_modules/daf
%{_libdir}/knot-resolver/kres_modules/daf.lua
%{_libdir}/knot-resolver/kres_modules/detect_time_jump.lua
%{_libdir}/knot-resolver/kres_modules/detect_time_skew.lua
%{_libdir}/knot-resolver/kres_modules/dns64.lua
%if "x%{?suse_version}" == "x"
%{_libdir}/knot-resolver/kres_modules/experimental_dot_auth.lua
%endif
%{_libdir}/knot-resolver/kres_modules/graphite.lua
%{_libdir}/knot-resolver/kres_modules/policy.lua
%{_libdir}/knot-resolver/kres_modules/predict.lua
%{_libdir}/knot-resolver/kres_modules/prefill.lua
%{_libdir}/knot-resolver/kres_modules/priming.lua
%{_libdir}/knot-resolver/kres_modules/rebinding.lua
%{_libdir}/knot-resolver/kres_modules/renumber.lua
%{_libdir}/knot-resolver/kres_modules/serve_stale.lua
%{_libdir}/knot-resolver/kres_modules/ta_sentinel.lua
%{_libdir}/knot-resolver/kres_modules/ta_signal_query.lua
%{_libdir}/knot-resolver/kres_modules/ta_update.lua
%{_libdir}/knot-resolver/kres_modules/view.lua
%{_libdir}/knot-resolver/kres_modules/workarounds.lua
%{_mandir}/man8/kresd.8.gz %{_mandir}/man8/kresd.8.gz
%files devel %files devel
...@@ -237,6 +291,18 @@ getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysc ...@@ -237,6 +291,18 @@ getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysc
%doc %{_pkgdocdir}/html %doc %{_pkgdocdir}/html
%endif %endif
%if "x%{?suse_version}" == "x"
%files module-http
%if 0%{?fedora}
%{_unitdir}/kresd@.service.d/module-http.conf
%{_unitdir}/kresd-doh.socket
%{_unitdir}/kresd-webmgmt.socket
%endif
%{_libdir}/knot-resolver/kres_modules/http
%{_libdir}/knot-resolver/kres_modules/http*.lua
%{_libdir}/knot-resolver/kres_modules/prometheus.lua
%endif
%changelog %changelog
* Fri Feb 16 2018 Tomas Krizek <tomas.krizek@nic.cz> - 2.1.0-1 * Fri Feb 16 2018 Tomas Krizek <tomas.krizek@nic.cz> - 2.1.0-1
- see NEWS or https://www.knot-resolver.cz/ - see NEWS or https://www.knot-resolver.cz/
......