From: Yegor Yefremov <yegorslists@googlemail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] unbound: new package
Date: Sat, 21 Mar 2020 07:42:39 +0100 [thread overview]
Message-ID: <CAGm1_ktqCr1K4qR9A8B3DNSeEwQJmzo3ktLvs6wWtcAy1v9dpQ@mail.gmail.com> (raw)
In-Reply-To: <20200321005706.22235-1-stefan@ott.net>
Hi Stefan,
On Sat, Mar 21, 2020 at 1:57 AM Stefan Ott <stefan@ott.net> wrote:
>
> Unbound: validating, recursive & caching DNS resolver with
> DNSSEC, QNAME minimisation, DNSCrypt and DNS-over-TLS support.
>
> Patch based on an earlier patch by Stefan Fr?berg
>
> Signed-off-by: Stefan Ott <stefan@ott.net>
> ---
> DEVELOPERS | 3 ++
> package/Config.in | 1 +
> package/unbound/Config.in | 35 ++++++++++++++++++++++
> package/unbound/S70unbound | 26 ++++++++++++++++
> package/unbound/unbound.hash | 3 ++
> package/unbound/unbound.mk | 57 ++++++++++++++++++++++++++++++++++++
> 6 files changed, 125 insertions(+)
> create mode 100644 package/unbound/Config.in
> create mode 100755 package/unbound/S70unbound
> create mode 100644 package/unbound/unbound.hash
> create mode 100644 package/unbound/unbound.mk
>
> diff --git a/DEVELOPERS b/DEVELOPERS
> index 8c736efcca..c5790c2a18 100644
> --- a/DEVELOPERS
> +++ b/DEVELOPERS
> @@ -2338,6 +2338,9 @@ F: package/libvpx/
> F: package/mesa3d-demos/
> F: package/ti-gfx/
>
> +N: Stefan Ott <stefan@ott.net>
> +F: package/unbound/
> +
> N: Stefan S?rensen <stefan.sorensen@spectralink.com>
> F: package/cracklib/
> F: package/libpwquality/
> diff --git a/package/Config.in b/package/Config.in
> index cba756d9f1..ff9df32476 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -2193,6 +2193,7 @@ endif
> source "package/uftp/Config.in"
> source "package/uhttpd/Config.in"
> source "package/ulogd/Config.in"
> + source "package/unbound/Config.in"
> source "package/ushare/Config.in"
> source "package/ussp-push/Config.in"
> source "package/vde2/Config.in"
> diff --git a/package/unbound/Config.in b/package/unbound/Config.in
> new file mode 100644
> index 0000000000..3533164c03
> --- /dev/null
> +++ b/package/unbound/Config.in
> @@ -0,0 +1,35 @@
> +config BR2_PACKAGE_UNBOUND
> + bool "unbound"
> + select BR2_PACKAGE_EXPAT
> + select BR2_PACKAGE_LIBEVENT
> + select BR2_PACKAGE_OPENSSL
> + help
> + Unbound is a validating, recursive, and caching DNS resolver.
> + It supports DNSSEC, QNAME minimisation, DNS-over-TLS and
> + DNSCrypt.
> +
> + https://www.unbound.net
Looks like you have two tabs instead of one tab and two spaces.
> +
> +if BR2_PACKAGE_UNBOUND
> + config BR2_PACKAGE_UNBOUND_DNSCRYPT
> + bool "Enable DNSCrypt"
> + select BR2_PACKAGE_LIBSODIUM
> + help
> + DNSCrypt wraps unmodified DNS queries between a client and
> + a DNS resolver. Default port used is 443 and like with
> + normal unencrypted DNS, it uses UDP first and falling back
> + to TCP if response too large.
> +
> + There is also DNS-over-TLS, a TCP only version
> + of proposed standard for DNS encryption (RFC 7858).
> + Default port for DNS-over-TLS is 853 and Unbound has
> + built-in support for it.
> +
> + https://tools.ietf.org/html/rfc7858
> +
> + Note: Neither DNSCrypt or DNS-over-TLS encrypt the SNI.
> + Here is some suggestions how to handle SNI encryption:
> +
> + https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-00
same here.
Yegor
> +
> +endif
> diff --git a/package/unbound/S70unbound b/package/unbound/S70unbound
> new file mode 100755
> index 0000000000..5079f4121f
> --- /dev/null
> +++ b/package/unbound/S70unbound
> @@ -0,0 +1,26 @@
> +#!/bin/sh
> +
> +[ -f /etc/unbound/unbound.conf ] || exit 0
> +
> +case "$1" in
> + start)
> + printf "Starting unbound DNS server: "
> + start-stop-daemon -S -x /usr/sbin/unbound
> + [ $? = 0 ] && echo "OK" || echo "FAIL"
> + ;;
> + stop)
> + printf "Stopping unbound DNS server: "
> + start-stop-daemon -K -q -x /usr/sbin/unbound
> + [ $? = 0 ] && echo "OK" || echo "FAIL"
> + ;;
> + restart|reload)
> + $0 stop
> + sleep 1
> + $0 start
> + ;;
> + *)
> + echo "Usage: $0 {start|stop|restart}"
> + exit 1
> +esac
> +
> +exit 0
> diff --git a/package/unbound/unbound.hash b/package/unbound/unbound.hash
> new file mode 100644
> index 0000000000..11626d0b6f
> --- /dev/null
> +++ b/package/unbound/unbound.hash
> @@ -0,0 +1,3 @@
> +# Locally calculated
> +sha256 152f486578242fe5c36e89995d0440b78d64c05123990aae16246b7f776ce955 unbound-1.10.0.tar.gz
> +sha256 8eb9a16cbfb8703090bbfa3a2028fd46bb351509a2f90dc1001e51fbe6fd45db LICENSE
> diff --git a/package/unbound/unbound.mk b/package/unbound/unbound.mk
> new file mode 100644
> index 0000000000..81a620c170
> --- /dev/null
> +++ b/package/unbound/unbound.mk
> @@ -0,0 +1,57 @@
> +################################################################################
> +#
> +# unbound
> +#
> +################################################################################
> +
> +UNBOUND_VERSION = 1.10.0
> +UNBOUND_SITE = https://www.unbound.net/downloads
> +UNBOUND_DEPENDENCIES = host-pkgconf expat libevent openssl
> +UNBOUND_LICENSE = BSD-3-Clause
> +UNBOUND_LICENSE_FILES = LICENSE
> +UNBOUND_CONF_OPTS += \
> + --disable-rpath \
> + --disable-debug \
> + --with-conf-file=/etc/unbound/unbound.conf \
> + --with-pidfile=/var/run/unbound.pid \
> + --with-rootkey-file=/etc/unbound/root.key \
> + --enable-tfo-server \
> + --enable-relro-now \
> + --with-pic \
> + --enable-pie \
> + --with-ssl=$(STAGING_DIR)/usr
> +
> +# uClibc-ng does not have MSG_FASTOPEN
> +# so TCP Fast Open client mode disabled for it
> +ifeq ($(BR2_TOOLCHAIN_USES_UCLIBC),y)
> +UNBOUND_CONF_OPTS += --disable-tfo-client
> +else
> +UNBOUND_CONF_OPTS += --enable-tfo-client
> +endif
> +
> +ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
> +UNBOUND_CONF_OPTS += --with-pthreads
> +else
> +UNBOUND_CONF_OPTS += --without-pthreads
> +endif
> +
> +ifeq ($(BR2_GCC_ENABLE_LTO),y)
> +UNBOUND_CONF_OPTS += --enable-flto
> +else
> +UNBOUND_CONF_OPTS += --disable-flto
> +endif
> +
> +ifeq ($(BR2_PACKAGE_UNBOUND_DNSCRYPT),y)
> +UNBOUND_CONF_OPTS += --enable-dnscrypt
> +UNBOUND_DEPENDENCIES += libsodium
> +else
> +UNBOUND_CONF_OPTS += --disable-dnscrypt
> +endif
> +
> +define UNBOUND_INSTALL_INIT_SYSV
> + $(INSTALL) -D -m 755 package/unbound/S70unbound \
> + $(TARGET_DIR)/etc/init.d/S70unbound
> +endef
> +
> +$(eval $(autotools-package))
> +
> --
> 2.25.2
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
next prev parent reply other threads:[~2020-03-21 6:42 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-21 0:57 [Buildroot] [PATCH 1/1] unbound: new package Stefan Ott
2020-03-21 6:42 ` Yegor Yefremov [this message]
2020-03-29 16:53 ` Stefan Ott
2020-03-21 8:27 ` Thomas Petazzoni
2020-03-21 12:37 ` Yann E. MORIN
2020-03-29 17:00 ` Stefan Ott
-- strict thread matches above, loose matches on Subject: below --
2018-01-11 23:20 Stefan Fröberg
2018-01-12 6:41 ` Bernd Kuhls
2018-01-12 10:34 ` Stefan Fröberg
2018-01-12 10:45 ` Stefan Fröberg
2018-01-12 11:08 ` Thomas Petazzoni
2018-01-12 14:00 ` Stefan Fröberg
2018-01-12 15:23 ` Thomas Petazzoni
2018-01-12 16:19 ` Stefan Fröberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGm1_ktqCr1K4qR9A8B3DNSeEwQJmzo3ktLvs6wWtcAy1v9dpQ@mail.gmail.com \
--to=yegorslists@googlemail.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.