1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
{
lib,
stdenv,
fetchurl,
pkg-config,
gnutls,
liburcu,
lmdb,
libcap_ng,
libidn2,
libunistring,
systemd,
nettle,
libedit,
zlib,
libiconv,
libintl,
libmaxminddb,
libbpf,
nghttp2,
libmnl,
ngtcp2-gnutls,
xdp-tools,
fstrm,
protobufc,
sphinx,
autoreconfHook,
nixosTests,
knot-resolver,
knot-dns,
runCommandLocal,
}:
stdenv.mkDerivation rec {
pname = "knot-dns";
version = "3.4.6";
src = fetchurl {
url = "https://secure.nic.cz/files/knot-dns/knot-${version}.tar.xz";
sha256 = "sha256-0ZxaH/lLTyYCfWNd4Qjb/Ij1ZSvobMs7qaRO6b4OWDk=";
};
outputs = [
"bin"
"out"
"dev"
];
configureFlags = [
"--with-configdir=/etc/knot"
"--with-rundir=/run/knot"
"--with-storage=/var/lib/knot"
"--with-module-dnstap"
"--enable-dnstap"
];
patches = [
# Don't try to create directories like /var/lib/knot at build time.
# They are later created from NixOS itself.
./dont-create-run-time-dirs.patch
./runtime-deps.patch
];
# FIXME: sphinx is needed for now to get man-pages
nativeBuildInputs = [
pkg-config
autoreconfHook
sphinx
];
buildInputs =
[
gnutls
liburcu
libidn2
libunistring
nettle
libedit
libiconv
lmdb
libintl
nghttp2 # DoH support in kdig
ngtcp2-gnutls # DoQ support in kdig (and elsewhere but not much use there yet)
libmaxminddb # optional for geoip module (it's tiny)
# without sphinx &al. for developer documentation
fstrm
protobufc # dnstap support
]
++ lib.optionals stdenv.hostPlatform.isLinux [
libcap_ng
systemd
xdp-tools
libbpf
libmnl # XDP support (it's Linux kernel API)
]
++ lib.optional stdenv.hostPlatform.isDarwin zlib; # perhaps due to gnutls
enableParallelBuilding = true;
CFLAGS = [
"-O2"
"-DNDEBUG"
];
__darwinAllowLocalNetworking = true;
doCheck = true;
checkFlags = [ "V=1" ]; # verbose output in case some test fails
doInstallCheck = true;
postInstall = ''
rm -r "$out"/lib/*.la
'';
passthru.tests =
{
inherit knot-resolver;
}
// lib.optionalAttrs stdenv.hostPlatform.isLinux {
inherit (nixosTests) knot kea;
prometheus-exporter = nixosTests.prometheus-exporters.knot;
# Some dependencies are very version-sensitive, so the might get dropped
# or embedded after some update, even if the nixPackagers didn't intend to.
# For non-linux I don't know a good replacement for `ldd`.
deps = runCommandLocal "knot-deps-test" { nativeBuildInputs = [ (lib.getBin stdenv.cc.libc) ]; } ''
for libname in libngtcp2 libxdp libbpf; do
echo "Checking for $libname:"
ldd '${knot-dns.bin}/bin/knotd' | grep -F "$libname"
echo "OK"
done
touch "$out"
'';
};
meta = with lib; {
description = "Authoritative-only DNS server from .cz domain registry";
homepage = "https://knot-dns.cz";
changelog = "https://gitlab.nic.cz/knot/knot-dns/-/releases/v${version}";
license = licenses.gpl3Plus;
platforms = platforms.unix;
maintainers = [ maintainers.vcunat ];
mainProgram = "knotd";
};
}
|
