gnu: Add unbound.

* gnu/packages/dns.scm (unbound): New variable. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2017-06-18 14:27:34 +02:00 · 2017-06-18 14:27:34 +02:00 · 7e61a16c97
parent e2de6bbdd5
commit 7e61a16c97
1 changed files with 164 additions and 0 deletions
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@ -8,6 +8,7 @@
 ;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
+;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -31,6 +32,7 @@
  #:use-module (gnu packages databases)
  #:use-module (gnu packages crypto)
  #:use-module (gnu packages datastructures)
+  #:use-module (gnu packages flex)
  #:use-module (gnu packages glib)
  #:use-module (gnu packages groff)
  #:use-module (gnu packages groff)
@ -42,12 +44,16 @@
  #:use-module (gnu packages nettle)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages swig)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages web)
  #:use-module (gnu packages xml)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
+  #:use-module (guix utils)
  #:use-module (guix build-system gnu))

 (define-public dnsmasq
@ -275,6 +281,164 @@ asynchronous fashion.")
                   (license:non-copyleft "file://LICENSE") ; includes.h
                   license:openssl))))

+(define-public unbound
+  (package
+    (name "unbound")
+    (version "1.6.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://www.unbound.net/downloads/unbound-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "0pw4m4z5qspsagxzbjb61xq5bhd57amw26xqvqzi6b8d3mf6azjc"))))
+    (build-system gnu-build-system)
+    (outputs '("out" "python"))
+    (native-inputs
+     `(("flex" ,flex)
+       ("swig" ,swig)))
+    (inputs
+     `(("expat" ,expat)
+       ("libevent" ,libevent)
+       ("protobuf" ,protobuf)
+       ("python" ,python-3)
+       ("python-wrapper" ,python-wrapper)
+       ("openssl" ,openssl)))
+    (arguments
+     `(#:configure-flags
+       (list (string-append
+              "--with-ssl=" (assoc-ref %build-inputs "openssl"))
+             (string-append
+              "--with-libevent=" (assoc-ref %build-inputs "libevent"))
+             (string-append
+              "--with-libexpat=" (assoc-ref %build-inputs "expat"))
+             "--with-pythonmodule" "--with-pyunbound")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'configure 'fix-python-site-package-path
+           ;; Move python modules into their own output.
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((pyout (assoc-ref outputs "python"))
+                   (ver ,(version-major+minor (package-version python))))
+               (substitute* "Makefile"
+                 (("^PYTHON_SITE_PKG=.*$")
+                  (string-append
+                   "PYTHON_SITE_PKG="
+                   pyout "/lib/python-" ver "/site-packages\n"))))
+             #t))
+         (add-before 'check 'fix-missing-nss-for-tests
+           ;; Unfortunately, the package's unittests involve some checks
+           ;; looking up protocols and services which are not provided
+           ;; by the minimalistic build environment, in particular,
+           ;; /etc/protocols and /etc/services are missing.
+           ;; Also, after plain substitution of protocol and service names
+           ;; in the test data, the tests still fail because the
+           ;; corresponding Resource Records have been signed by
+           ;; RRSIG records.
+           ;; The following LD_PRELOAD library overwrites the glibc
+           ;; functions ‘get{proto,serv}byname’, ‘getprotobynumber’ and
+           ;; ‘getservbyport’ providing the few records required for the
+           ;; unit tests to pass.
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((source (assoc-ref %build-inputs "source"))
+                    (gcc (assoc-ref %build-inputs "gcc")))
+               (call-with-output-file "/tmp/nss_preload.c"
+                 (lambda (port)
+                   (display "#include <stdlib.h>
+#include <string.h>
+#include <strings.h>
+
+#include <netdb.h>
+
+struct protoent *getprotobyname(const char *name) {
+  struct protoent *p = malloc(sizeof(struct protoent));
+  p->p_aliases = malloc(sizeof(char*));
+  if (strcasecmp(name, \"tcp\") == 0) {
+    p->p_name = \"tcp\";
+    p->p_proto = 6;
+    p->p_aliases[0] = \"TCP\";
+  } else if (strcasecmp(name, \"udp\") == 0) {
+    p->p_name = \"udp\";
+    p->p_proto = 17;
+    p->p_aliases[0] = \"UDP\";
+  } else 
+    p = NULL;
+  return p;
+}
+
+struct protoent *getprotobynumber(int proto) {
+  struct protoent *p = malloc(sizeof(struct protoent));
+  p->p_aliases = malloc(sizeof(char*));
+  switch(proto) {
+  case 6:
+    p->p_name = \"tcp\";
+    p->p_proto = 6;
+    p->p_aliases[0] = \"TCP\";
+    break;
+  case 17:
+    p->p_name = \"udp\";
+    p->p_proto = 17;
+    p->p_aliases[0] = \"UDP\";
+    break;
+  default:
+    p = NULL;
+    break;
+  }
+  return p;
+}
+
+struct servent *getservbyname(const char *name, const char *proto) {
+  struct servent *s = malloc(sizeof(struct servent));
+  char* buf = malloc((strlen(proto)+1)*sizeof(char));
+  strcpy(buf, proto);
+  s->s_aliases = malloc(sizeof(char*));
+  s->s_aliases[0] = NULL;
+  if (strcasecmp(name, \"domain\") == 0) {
+    s->s_name = \"domain\";
+    s->s_port = htons(53);
+    s->s_proto = buf;
+  } else 
+    s = NULL;
+  return s;
+}
+
+struct servent *getservbyport(int port, const char *proto) {
+  char buf[32];
+  struct servent *s = malloc(sizeof(struct servent));
+  strcpy(buf, proto);
+  s->s_aliases = malloc(sizeof(char*));
+  s->s_aliases[0] = NULL;
+  switch(port) {
+  case 53:
+    s->s_name = \"domain\";
+    s->s_port = 53;
+    s->s_proto = \"udp\";
+    break;
+  default:
+    s = NULL;
+    break;
+  }
+  return s;
+}" port)))
+               (system* (string-append gcc "/bin/gcc")
+                        "-shared" "-fPIC" "-o" "/tmp/nss_preload.so"
+                        "/tmp/nss_preload.c")
+               ;; The preload library only affects the unittests.
+               (substitute* "Makefile"
+                 (("./unittest")
+                  "LD_PRELOAD=/tmp/nss_preload.so ./unittest")))
+             #t)))))
+    (home-page "https://www.unbound.net")
+    (synopsis "Validating, recursive, and caching DNS resolver")
+    (description
+     "Unbound is a recursive-only caching DNS server which can perform DNSSEC
+validation of results.  It implements only a minimal amount of authoritative
+service to prevent leakage to the root nameservers: forward lookups for
+localhost, reverse for @code{127.0.0.1} and @code{::1}, and NXDOMAIN for zones
+served by AS112.  Stub and forward zones are supported.")
+    (license license:bsd-4)))
+
 (define-public yadifa
  (package
    (name "yadifa")