Commit graph

105 commits

Author SHA1 Message Date
Vladimír Čunát
9a0723cc3f
unbound-full: fix the build again
... by not avoiding openssl dependency in .lib.
dnstap part of code ran into issues with this during checkPhase.

The benefit of withSlimLib is mainly for `unbound`;
for the fuller builds it doesn't seem important.
2021-11-28 15:41:19 +01:00
Alyssa Ross
e07e701515
unbound: don't run tests when cross-compiling
stdenv.mkDerivation will automatically set doCheck to false when
cross-compiling (which is why the default checkPhase doesn't happen).
2021-11-11 12:26:21 +00:00
Alyssa Ross
1103974a27
Revert "unbound: don't run tests when cross compiling"
This reverts commit 28e5327e96.

This change didn't have any effect, because stdenv.mkDerivation will
ignore the doCheck argument when cross-compiling.  The reason tests
are being run when cross-compiling is because of the manual checkPhase
invocation in postFixup.
2021-11-11 12:23:12 +00:00
Bernardo Meurer
28e5327e96
unbound: don't run tests when cross compiling 2021-11-09 20:26:18 -08:00
Bernardo Meurer
3f0160288b
unbound: enable tests 2021-11-05 09:25:57 -07:00
Sandro Jäckel
bf60e5144c
unbound: use lib.optionalString 2021-10-18 16:13:14 +02:00
Poscat
280e7b93be
unbound: enable more features 2021-10-17 15:15:12 +08:00
Vladimír Čunát
70e05c1003
Merge branch 'master' into staging-next 2021-08-25 19:42:15 +02:00
Sandro Jäckel
fc5bfd6844
unbound: unify unbound and pyunbound source
and also update both at the same time
2021-08-23 23:28:31 +02:00
Jan Tojnar
4ff3577f25 Merge branch 'staging-next' into staging 2021-08-23 14:19:54 +02:00
R. RyanTM
cafcfc6045 python38Packages.pyunbound: 1.13.1 -> 1.13.2 2021-08-22 00:16:08 +00:00
davidak
f944bdcffb
Merge pull request #134239 from Kranzes/auto-update/unbound
unbound: 1.13.1 -> 1.13.2
2021-08-19 23:18:55 +02:00
Ilan Joselevich
36e9d30c98 unbound: 1.13.1 -> 1.13.2 2021-08-15 18:54:29 +03:00
github-actions[bot]
c0f81f0ce6
Merge master into staging-next 2021-08-06 12:01:15 +00:00
Sandro Jäckel
a08e1ea7f9
unbound: format, cleanup 2021-08-06 09:17:08 +02:00
github-actions[bot]
a7d7790dd5
Merge master into staging-next 2021-08-06 06:01:01 +00:00
László Vaskó
86621f1fe2 pythonPackages.pyunbound: patchElf only works on linux platform 2021-08-06 00:24:41 +02:00
László Vaskó
fcff510efb pythonPackages.pyunbound: fixing nixpkgs-hammering suggestions
- `swig` is a build tool so it likely goes to `nativeBuildInputs`,
    not `buildInputs`

  - `patchPhase` should not be overridden, use `postPatch` instead

  - `configureFlags` and `installFlags` cannot contain spaces,
    break-up arguments to reflect that they are indeed without spaces

  - `substituteStream()`: WARNING: pattern
    `libdir='/build/unbound-1.13.1/lib/python3.9/site-packages'`
    doesn't match anything in file `_unbound.la`

    Also checked with `strings`, the correct path is present in the binary
2021-08-05 23:58:36 +02:00
László Vaskó
5fe5522a67 pythonPackages.pyunbound: 1.9.3 -> 1.13.1
Updating to get it in-line with `unbound`
2021-08-05 21:26:58 +02:00
László Vaskó
92b4e83245 pythonPackages.pyunbound: fix build
`_unbound.so` references `libunbound.so.8` in its RPATH
2021-08-05 21:15:02 +02:00
Andreas Rammhold
6edbb14e81
unbound: remove references to compile-time dependencies in outputs
Previously unbound dev dependencies would leak into the unbound binary
through the embedded configure flags string in the binary.

Before this commit `unbound -V` would list something like this:

> Version 1.13.1
> Configure line: --disable-static --prefix=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1 --bindir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/bin --sbindir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/sbin --includedir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/include --oldincludedir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/include --mandir=/nix/store/n4kgsi87dxjm2ifpllh31grfcg7q3n8x-unbound-1.13.1-man/share/man --infodir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/share/info --docdir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/share/doc/unbound --libdir=/nix/store/ncpggv4bmdh22y6108qrdvnid6rqamlz-unbound-1.13.1-lib/lib --libexecdir=/nix/store/ncpggv4bmdh22y6108qrdvnid6rqamlz-unbound-1.13.1-lib/libexec --localedir=/nix/store/ncpggv4bmdh22y6108qrdvnid6rqamlz-unbound-1.13.1-lib/share/locale --with-ssl=/nix/store/dndqy1r8h0kcnd55895czs8lrpv8xqf4-openssl-1.1.1k-dev --with-libexpat=/nix/store/x5kjng6iha7kcdm3p12fxfvzg09wizwc-expat-2.2.10-dev --with-libevent=/nix/store/89i6mpzp1n866i86y07pxka1a58v4s1a-libevent-2.1.12-dev --localstatedir=/var --sysconfdir=/etc --sbindir=${out}/bin --with-rootkey-file=/nix/store/gyz4nxg9s1faqkhaqbasdxzldm8zial8-dns-root-data-2019-01-11/root.key --enable-pie --enable-relro-now
> Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 1.1.1k  25 Mar 2021
> Linked modules: dns64 respip validator iterator

After this commit:

> Version 1.13.1
> Configure line: --disable-static --prefix=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1 --bindir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/bin --sbindir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/sbin --includedir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/include --oldincludedir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/include --mandir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-man/share/man --infodir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/share/info --docdir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/share/doc/unbound --libdir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-lib/lib --libexecdir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-lib/libexec --localedir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-lib/share/locale --with-ssl=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-openssl-1.1.1k-dev --with-libexpat=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-expat-2.2.10-dev --with-libevent=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libevent-2.1.12-dev --localstatedir=/var --sysconfdir=/etc --sbindir=${out}/bin --with-rootkey-file=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-dns-root-data-2019-01-11/root.key --enable-pie --enable-relro-now
> Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 1.1.1k  25 Mar 2021
> Linked modules: dns64 respip validator iterator

Notice: All the paths are now invalid and thus do not produce a
reference in the output binaries.

This removes a total of 2MiB from the closure of unbound.
2021-06-02 01:56:46 +02:00
Sandro Jäckel
ac309027ab
unbound: wrap unbound-control-setup with openssl 2021-04-24 10:26:40 +02:00
R. RyanTM
a24b40bd40 unbound: 1.13.0 -> 1.13.1 2021-03-20 09:22:21 +01:00
Daniel Nagy
a40f86e390 unbound: optionally support DNS-over-HTTPS
unbound can be used as a DNS-over-HTTPS (DoH) server.

This is a blog post introducing the feature:

https://www.nlnetlabs.nl/news/2020/Oct/08/unbound-1.12.0-released/
2021-02-25 18:37:57 -05:00
Ben Siraphob
8c5d37129f pkgs/tools: stdenv.lib -> lib 2021-01-15 17:12:36 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Martin Weinelt
e8959c4660 unbound: 1.12.0 -> 1.13.0
https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-December/007102.html

Fixes: CVE-2020-28935
2020-12-08 05:22:41 +01:00
Ninjatrappeur
5f5d38e88f
Merge pull request #101218 from andir/unbound-systemd 2020-11-08 16:55:29 +01:00
Andreas Rammhold
c07ce093ec
unbound: allow building with systemd support
Systemd has to remain an optional (non-default) dependency as otherwise
we will have an unpleasant bootstrap cycle. Most (if not all) of the
(lib)unbound consumers will likely not care about unbound's systemd
integration that only affects the daemon mode, anyway.
2020-11-03 13:15:53 +01:00
Vladimír Čunát
89023c38fc
Recover the complicated situation after my bad merge
I made a mistake merge.  Reverting it in c778945806 undid the state
on master, but now I realize it crippled the git merge mechanism.
As the merge contained a mix of commits from `master..staging-next`
and other commits from `staging-next..staging`, it got the
`staging-next` branch into a state that was difficult to recover.

I reconstructed the "desired" state of staging-next tree by:
 - checking out the last commit of the problematic range: 4effe769e2
 - `git rebase -i --preserve-merges a8a018ddc0` - dropping the mistaken
   merge commit and its revert from that range (while keeping
   reapplication from 4effe769e2)
 - merging the last unaffected staging-next commit (803ca85c20)
 - fortunately no other commits have been pushed to staging-next yet
 - applying a diff on staging-next to get it into that state
2020-10-26 09:01:04 +01:00
Vladimír Čunát
c778945806
Revert "Merge #101508: libraw: 0.20.0 -> 0.20.2"
I'm sorry; I didn't notice it contained staging commits.

This reverts commit 17f5305b6c, reversing
changes made to a8a018ddc0.
2020-10-25 09:41:51 +01:00
Martin Weinelt
7d2a6beb6d
unbound: 1.11.0 -> 1.12.0 2020-10-09 00:46:40 +02:00
Frederik Rietdijk
377242d587 Merge staging-next into staging 2020-09-03 19:21:10 +02:00
Arthur Gautier
cc1920a109
unbound: disable lto on static builds (PR #96020)
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>

Amended by vcunat (isMusl != isStatic).
https://github.com/NixOS/nixpkgs/pull/96223#issuecomment-681204478
2020-09-01 08:49:31 +02:00
Vladimír Čunát
848a3a4d4a
Revert "unbound: fix build with nettle-3.5"
This reverts commit 96d65875f8.
The fix has been upstreamed a long time ago.
2020-08-29 07:47:41 +02:00
R. RyanTM
73cd1efe6d unbound: 1.10.1 -> 1.11.0 2020-08-02 22:43:22 +02:00
Vladimír Čunát
73390e3349
unbound: 1.10.0 -> 1.10.1 (security)
https://www.nlnetlabs.nl/news/2020/May/19/unbound-1.10.1-released/
It fixes DoS CVEs; details e.g. on http://www.nxnsattack.com/

On each Linux platform this should be around 8k rebuilds,
so as a compromise I'm pushing to staging-next.
2020-05-19 11:00:51 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Michiel Leenaars
2410dbb3c7 Unbound: 1.9.5 -> 1.10.0 2020-03-14 23:32:04 +00:00
Robert Scott
d17ecebcf0 unbound: install headers etc for libevent support as postInstall step 2019-12-15 18:48:53 +01:00
R. RyanTM
335e62b6f3 unbound: 1.9.4 -> 1.9.5 2019-12-01 18:28:50 +01:00
Jan Tojnar
e2e3861d6b
Merge branch 'staging-next' into staging 2019-10-12 00:51:55 +02:00
Linus Heckemann
5aa4b19946 treewide: mark some broken packages as broken
Refs:
e6754980264fe927320d5ff2dbd24ca4fac9a160
1e9cc5b9844ef603fe160e9f671178f96200774f
793a2fe1e8bb886ca2096c5904e1193dc3268b6d
c19cf65261639f749012454932a532aa7c681e4b
f6544d618f30fae0bc4798c4387a8c7c9c047a7c
2019-10-08 17:14:26 +02:00
Vladimír Čunát
dc322c76d6
unbound: 1.9.3 -> 1.9.4
This only fixes CVE-2019-16866 (DoS, minor one IMHO)
https://www.nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-parsing-notify-queries
2019-10-04 09:37:50 +02:00
Vladimír Čunát
96d65875f8
unbound: fix build with nettle-3.5 2019-10-02 20:15:47 +02:00
Michiel Leenaars
44b695a26e
pyunbound: 1.9.0 -> 1.9.3 2019-08-31 07:25:12 -04:00
Michiel Leenaars
ff824dedbc
unbound: 1.9.2 -> 1.9.3 2019-08-31 07:22:44 -04:00
Vladimír Čunát
2e6bf42a22
Merge branch 'master' into staging-next
There ver very many conflicts, basically all due to
name -> pname+version.  Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job.  There might be some fallback to these
conflicts, but I believe it should be minimal.

Hydra nixpkgs: ?compare=1538299
2019-08-24 08:55:37 +02:00
Robin Gloster
4e60b0efae
treewide: update globin's maintained drvs 2019-08-20 19:36:05 +02:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00