Commit graph

87 commits

Author SHA1 Message Date
Vladimír Čunát
9a0723cc3f
unbound-full: fix the build again
... by not avoiding openssl dependency in .lib.
dnstap part of code ran into issues with this during checkPhase.

The benefit of withSlimLib is mainly for `unbound`;
for the fuller builds it doesn't seem important.
2021-11-28 15:41:19 +01:00
Alyssa Ross
e07e701515
unbound: don't run tests when cross-compiling
stdenv.mkDerivation will automatically set doCheck to false when
cross-compiling (which is why the default checkPhase doesn't happen).
2021-11-11 12:26:21 +00:00
Alyssa Ross
1103974a27
Revert "unbound: don't run tests when cross compiling"
This reverts commit 28e5327e96.

This change didn't have any effect, because stdenv.mkDerivation will
ignore the doCheck argument when cross-compiling.  The reason tests
are being run when cross-compiling is because of the manual checkPhase
invocation in postFixup.
2021-11-11 12:23:12 +00:00
Bernardo Meurer
28e5327e96
unbound: don't run tests when cross compiling 2021-11-09 20:26:18 -08:00
Bernardo Meurer
3f0160288b
unbound: enable tests 2021-11-05 09:25:57 -07:00
Sandro Jäckel
bf60e5144c
unbound: use lib.optionalString 2021-10-18 16:13:14 +02:00
Poscat
280e7b93be
unbound: enable more features 2021-10-17 15:15:12 +08:00
Vladimír Čunát
70e05c1003
Merge branch 'master' into staging-next 2021-08-25 19:42:15 +02:00
Sandro Jäckel
fc5bfd6844
unbound: unify unbound and pyunbound source
and also update both at the same time
2021-08-23 23:28:31 +02:00
davidak
f944bdcffb
Merge pull request #134239 from Kranzes/auto-update/unbound
unbound: 1.13.1 -> 1.13.2
2021-08-19 23:18:55 +02:00
Ilan Joselevich
36e9d30c98 unbound: 1.13.1 -> 1.13.2 2021-08-15 18:54:29 +03:00
Andreas Rammhold
6edbb14e81
unbound: remove references to compile-time dependencies in outputs
Previously unbound dev dependencies would leak into the unbound binary
through the embedded configure flags string in the binary.

Before this commit `unbound -V` would list something like this:

> Version 1.13.1
> Configure line: --disable-static --prefix=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1 --bindir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/bin --sbindir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/sbin --includedir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/include --oldincludedir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/include --mandir=/nix/store/n4kgsi87dxjm2ifpllh31grfcg7q3n8x-unbound-1.13.1-man/share/man --infodir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/share/info --docdir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/share/doc/unbound --libdir=/nix/store/ncpggv4bmdh22y6108qrdvnid6rqamlz-unbound-1.13.1-lib/lib --libexecdir=/nix/store/ncpggv4bmdh22y6108qrdvnid6rqamlz-unbound-1.13.1-lib/libexec --localedir=/nix/store/ncpggv4bmdh22y6108qrdvnid6rqamlz-unbound-1.13.1-lib/share/locale --with-ssl=/nix/store/dndqy1r8h0kcnd55895czs8lrpv8xqf4-openssl-1.1.1k-dev --with-libexpat=/nix/store/x5kjng6iha7kcdm3p12fxfvzg09wizwc-expat-2.2.10-dev --with-libevent=/nix/store/89i6mpzp1n866i86y07pxka1a58v4s1a-libevent-2.1.12-dev --localstatedir=/var --sysconfdir=/etc --sbindir=${out}/bin --with-rootkey-file=/nix/store/gyz4nxg9s1faqkhaqbasdxzldm8zial8-dns-root-data-2019-01-11/root.key --enable-pie --enable-relro-now
> Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 1.1.1k  25 Mar 2021
> Linked modules: dns64 respip validator iterator

After this commit:

> Version 1.13.1
> Configure line: --disable-static --prefix=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1 --bindir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/bin --sbindir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/sbin --includedir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/include --oldincludedir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/include --mandir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-man/share/man --infodir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/share/info --docdir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/share/doc/unbound --libdir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-lib/lib --libexecdir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-lib/libexec --localedir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-lib/share/locale --with-ssl=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-openssl-1.1.1k-dev --with-libexpat=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-expat-2.2.10-dev --with-libevent=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libevent-2.1.12-dev --localstatedir=/var --sysconfdir=/etc --sbindir=${out}/bin --with-rootkey-file=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-dns-root-data-2019-01-11/root.key --enable-pie --enable-relro-now
> Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 1.1.1k  25 Mar 2021
> Linked modules: dns64 respip validator iterator

Notice: All the paths are now invalid and thus do not produce a
reference in the output binaries.

This removes a total of 2MiB from the closure of unbound.
2021-06-02 01:56:46 +02:00
Sandro Jäckel
ac309027ab
unbound: wrap unbound-control-setup with openssl 2021-04-24 10:26:40 +02:00
R. RyanTM
a24b40bd40 unbound: 1.13.0 -> 1.13.1 2021-03-20 09:22:21 +01:00
Daniel Nagy
a40f86e390 unbound: optionally support DNS-over-HTTPS
unbound can be used as a DNS-over-HTTPS (DoH) server.

This is a blog post introducing the feature:

https://www.nlnetlabs.nl/news/2020/Oct/08/unbound-1.12.0-released/
2021-02-25 18:37:57 -05:00
Ben Siraphob
8c5d37129f pkgs/tools: stdenv.lib -> lib 2021-01-15 17:12:36 +07:00
Martin Weinelt
e8959c4660 unbound: 1.12.0 -> 1.13.0
https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-December/007102.html

Fixes: CVE-2020-28935
2020-12-08 05:22:41 +01:00
Ninjatrappeur
5f5d38e88f
Merge pull request #101218 from andir/unbound-systemd 2020-11-08 16:55:29 +01:00
Andreas Rammhold
c07ce093ec
unbound: allow building with systemd support
Systemd has to remain an optional (non-default) dependency as otherwise
we will have an unpleasant bootstrap cycle. Most (if not all) of the
(lib)unbound consumers will likely not care about unbound's systemd
integration that only affects the daemon mode, anyway.
2020-11-03 13:15:53 +01:00
Vladimír Čunát
89023c38fc
Recover the complicated situation after my bad merge
I made a mistake merge.  Reverting it in c778945806 undid the state
on master, but now I realize it crippled the git merge mechanism.
As the merge contained a mix of commits from `master..staging-next`
and other commits from `staging-next..staging`, it got the
`staging-next` branch into a state that was difficult to recover.

I reconstructed the "desired" state of staging-next tree by:
 - checking out the last commit of the problematic range: 4effe769e2
 - `git rebase -i --preserve-merges a8a018ddc0` - dropping the mistaken
   merge commit and its revert from that range (while keeping
   reapplication from 4effe769e2)
 - merging the last unaffected staging-next commit (803ca85c20)
 - fortunately no other commits have been pushed to staging-next yet
 - applying a diff on staging-next to get it into that state
2020-10-26 09:01:04 +01:00
Vladimír Čunát
c778945806
Revert "Merge #101508: libraw: 0.20.0 -> 0.20.2"
I'm sorry; I didn't notice it contained staging commits.

This reverts commit 17f5305b6c, reversing
changes made to a8a018ddc0.
2020-10-25 09:41:51 +01:00
Martin Weinelt
7d2a6beb6d
unbound: 1.11.0 -> 1.12.0 2020-10-09 00:46:40 +02:00
Frederik Rietdijk
377242d587 Merge staging-next into staging 2020-09-03 19:21:10 +02:00
Arthur Gautier
cc1920a109
unbound: disable lto on static builds (PR #96020)
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>

Amended by vcunat (isMusl != isStatic).
https://github.com/NixOS/nixpkgs/pull/96223#issuecomment-681204478
2020-09-01 08:49:31 +02:00
Vladimír Čunát
848a3a4d4a
Revert "unbound: fix build with nettle-3.5"
This reverts commit 96d65875f8.
The fix has been upstreamed a long time ago.
2020-08-29 07:47:41 +02:00
R. RyanTM
73cd1efe6d unbound: 1.10.1 -> 1.11.0 2020-08-02 22:43:22 +02:00
Vladimír Čunát
73390e3349
unbound: 1.10.0 -> 1.10.1 (security)
https://www.nlnetlabs.nl/news/2020/May/19/unbound-1.10.1-released/
It fixes DoS CVEs; details e.g. on http://www.nxnsattack.com/

On each Linux platform this should be around 8k rebuilds,
so as a compromise I'm pushing to staging-next.
2020-05-19 11:00:51 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Michiel Leenaars
2410dbb3c7 Unbound: 1.9.5 -> 1.10.0 2020-03-14 23:32:04 +00:00
Robert Scott
d17ecebcf0 unbound: install headers etc for libevent support as postInstall step 2019-12-15 18:48:53 +01:00
R. RyanTM
335e62b6f3 unbound: 1.9.4 -> 1.9.5 2019-12-01 18:28:50 +01:00
Vladimír Čunát
dc322c76d6
unbound: 1.9.3 -> 1.9.4
This only fixes CVE-2019-16866 (DoS, minor one IMHO)
https://www.nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-parsing-notify-queries
2019-10-04 09:37:50 +02:00
Vladimír Čunát
96d65875f8
unbound: fix build with nettle-3.5 2019-10-02 20:15:47 +02:00
Michiel Leenaars
ff824dedbc
unbound: 1.9.2 -> 1.9.3 2019-08-31 07:22:44 -04:00
Vladimír Čunát
2e6bf42a22
Merge branch 'master' into staging-next
There ver very many conflicts, basically all due to
name -> pname+version.  Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job.  There might be some fallback to these
conflicts, but I believe it should be minimal.

Hydra nixpkgs: ?compare=1538299
2019-08-24 08:55:37 +02:00
Robin Gloster
4e60b0efae
treewide: update globin's maintained drvs 2019-08-20 19:36:05 +02:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
R. RyanTM
f7eee05a22 unbound: 1.9.1 -> 1.9.2
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/unbound/versions
2019-07-03 08:28:23 +02:00
R. RyanTM
2db96ffe49 unbound: 1.9.0 -> 1.9.1
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/unbound/versions
2019-04-16 18:56:09 +02:00
R. RyanTM
c84e7d1b6d unbound: 1.8.3 -> 1.9.0
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/unbound/versions
2019-02-15 02:45:27 -08:00
R. RyanTM
fdfb809a9b unbound: 1.8.1 -> 1.8.3
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/unbound/versions
2018-12-19 09:15:47 +01:00
Tristan Helmich (omniIT)
1bfaa0157e unbound: 1.8.0 -> 1.8.1 2018-10-27 14:04:01 +02:00
R. RyanTM
2d759f2b0a unbound: 1.7.3 -> 1.8.0 (#46938)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/unbound/versions
2018-10-03 00:44:42 +02:00
Vladimír Čunát
f769004e5b
unbound: 1.7.2 -> 1.7.3
The NEWS seems safe.

My motivation: fixes resolution of some Microsoft names if using
qname-minimisation: yes
2018-06-21 13:55:32 +02:00
Yegor Timoshenko
d04444295c
Merge pull request #41933 from r-ryantm/auto-update/unbound
unbound: 1.7.1 -> 1.7.2
2018-06-15 01:53:26 +00:00
R. RyanTM
94d678d9b3 unbound: 1.7.1 -> 1.7.2
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/unbound/versions.

These checks were done:

- built on NixOS
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-checkconf had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-control had a zero exit code or showed the expected version
- /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-host passed the binary check.
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-anchor had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-control-setup had a zero exit code or showed the expected version
- 1 of 6 passed binary check by having a zero exit code.
- 0 of 6 passed binary check by having the new version present in output.
- found 1.7.2 with grep in /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2
- directory tree listing: https://gist.github.com/24f2136689bd3209095feb3b71734811
- du listing: https://gist.github.com/9efb5b527b161e93a47f0237c7d556a8
2018-06-13 08:56:56 -07:00
Matthew Bauer
e93a8cba4a unbound: also replace -R in libunbound.la
This was increasing closure sizes as well.
2018-06-09 13:00:50 -04:00
R. RyanTM
64bb57972c unbound: 1.7.0 -> 1.7.1
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/unbound/versions.

These checks were done:

- built on NixOS
- ran ‘/nix/store/456crrnsgkrbicb54bwrwwl76n2645gq-unbound-1.7.1/bin/unbound-host help’ got 0 exit code
- found 1.7.1 with grep in /nix/store/456crrnsgkrbicb54bwrwwl76n2645gq-unbound-1.7.1
- directory tree listing: https://gist.github.com/ab82a0d52e5fd8bda918bbdaa6ce7609
2018-05-06 20:13:16 -07:00
Ryan Mulligan
955898a05f unbound: 1.6.8 -> 1.7.0
Semi-automatic update generated by https://github.com/ryantm/nix-update tools. These checks were done:

- built on NixOS
- ran `/nix/store/p36fksfjzi9715cgx8s3kmngy51qfjki-unbound-1.7.0/bin/unbound-host help` got 0 exit code
- found 1.7.0 with grep in /nix/store/p36fksfjzi9715cgx8s3kmngy51qfjki-unbound-1.7.0
- directory tree listing: https://gist.github.com/bb22fcb9572c54b0464c82405bf26b56
2018-03-18 12:24:54 -07:00
Will Dietz
5d3af42250 unbound: don't build twice w/musl, second time fails :( 2018-02-13 09:44:50 -06:00