7 files changed, 186 insertions, 0 deletions

diff --git a/community/knot-resolver/APKBUILD b/community/knot-resolver/APKBUILD
new file mode 100644
index 0000000000..b64edfbdf0
--- /dev/null
+++ b/community/knot-resolver/APKBUILD
@@ -0,0 +1,90 @@
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Maintainer: tcely <knot-resolver+aports@tcely.33mail.com>
+pkgname=knot-resolver
+pkgver=3.2.1
+pkgrel=1
+pkgdesc="Minimalistic caching DNS resolver implementation"
+url="https://www.knot-resolver.cz/"
+# luajit is not available for disabled arches
+arch="all !s390x"
+license="GPL-3.0"
+pkgusers="kresd"
+pkggroups="kresd"
+depends="lua5.1-sec lua5.1-socket"
+depends_dnstap=""
+depends_dnstap_dev="fstrm-dev protobuf-c-dev"
+depends_http="$pkgname lua5.1-http"
+depends_dev="knot-dev>=2.8.0 libedit-dev libuv-dev luajit-dev $depends_dnstap_dev"
+makedepends="$depends_dev bash dnssec-root vim"
+checkdepends="cmocka-dev"
+install="$pkgname.pre-install"
+subpackages="$pkgname-mod-http:http:noarch $pkgname-mod-dnstap:dnstap $pkgname-dev $pkgname-doc $pkgname-openrc"
+source="https://secure.nic.cz/files/$pkgname/$pkgname-$pkgver.tar.xz
+	$pkgname.initd
+	$pkgname.confd
+	$pkgname.logrotate
+	knot-2.8.0-compat.patch
+	config"
+
+# secfixes:
+#   2.3.0-r0:
+#     - CVE-2018-1110
+
+_flags="PREFIX=/usr
+	ETCDIR=/etc/$pkgname"
+
+build() {
+	make $_flags
+}
+
+check() {
+	make $_flags -j1 check
+}
+
+package() {
+	make $_flags DESTDIR="$pkgdir" install
+
+	cd "$pkgdir"
+
+	# Move sample configs to -doc.
+	mkdir -p ./usr/share/doc/$pkgname
+	mv ./etc/$pkgname/config* ./usr/share/doc/$pkgname/
+	chmod 644 ./usr/share/doc/$pkgname/*
+
+	install -m 640 -o root -g kresd "$srcdir"/config \
+		./etc/$pkgname/config
+
+	install -m 755 -o kresd -g kresd -d ./var/lib/$pkgname
+	install -m 644 -o kresd -D /usr/share/dnssec-root/trusted-key.key \
+		./var/lib/$pkgname/root.keys
+
+	install -m 755 -D "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname
+	install -m 644 -D "$srcdir"/$pkgname.confd ./etc/conf.d/$pkgname
+
+	install -m 644 -D "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname
+}
+
+http() {
+	pkgdesc="Knot Resolver - HTTP/2 services"
+	depends="$depends_http"
+	local moddir="usr/lib/kdns_modules"
+
+	mkdir -p "$subpkgdir"/$moddir
+	mv "$pkgdir"/$moddir/http* "$subpkgdir"/$moddir/
+}
+
+dnstap() {
+	pkgdesc="Knot Resolver - dnstap logging"
+	depends="$depends_dnstap"
+	local moddir="usr/lib/kdns_modules"
+
+	mkdir -p "$subpkgdir"/$moddir
+	mv "$pkgdir"/$moddir/dnstap.so "$subpkgdir"/$moddir/
+}
+
+sha512sums="2ed79176183a685bf6365081706e68e4add05965a5f53a6f38ae4a5c204d29952eaf511ffbf18c646a0a843a032b425eb0592de27dafbf977d976946a3437351  knot-resolver-3.2.1.tar.xz
+0e9b947ed0fe39a600ba8fe3cdeacf07521cdd6c371007dd15524f67c75ea024994a8c11820d70c57ef180c90f492eae69ef167152ad84c24a47c885710a7974  knot-resolver.initd
+9d0d629405df243dc0f782abd6fcaaaf13fbce78d881f7ce213cfd2a55cfbfd87af2ba976061bf7b5d3d055edec98b42632395390f2a469648c27f96124997a6  knot-resolver.confd
+688aeacb0c1f21c7e532533b402e67068897217713fb668636df7533000b493981ddfa0497f8dba7da7c804ee4ab8d587a4f52155b4e2bf1f4025d2588d314bb  knot-resolver.logrotate
+ea10749307aa23341daf7bb77652300b8c78537fc2fa7c084d3e1e618b0ee11873c056b328bd760673d8fdf45c2f3106861fcf0ac4e8090643516419062fcf0f  knot-2.8.0-compat.patch
+913a557dde84e9dac7c7300ab093285865fa57f3875fc357e680f04a0e85af6610a0e33da6262431cbb06a2c5a115952e742e48c8568d4eb82182906170b4a73  config"
diff --git a/community/knot-resolver/config b/community/knot-resolver/config
new file mode 100644
index 0000000000..1731f0c591
--- /dev/null
+++ b/community/knot-resolver/config
@@ -0,0 +1,23 @@
+-- vim:syntax=lua:
+--
+-- Config file example useable for personal resolver.
+-- The goal is to have a validating resolver with tiny memory footprint,
+-- while actively tracking and refreshing frequent records to lower user latency.
+-- Refer to manual: https://knot-resolver.readthedocs.io/en/latest/daemon.html#configuration
+
+-- Listen on localhost (default)
+net = { '127.0.0.1', '::1' }
+
+-- Drop root privileges
+user('kresd', 'kresd')
+
+-- Load Useful modules
+modules = {
+	'policy',   -- Block queries to local zones/bad sites
+	'hints',    -- Load /etc/hosts and allow custom root hints
+	'stats',    -- Track internal statistics
+	'predict',  -- Prefetch expiring/frequent records
+}
+
+-- Smaller cache size
+cache.size = 10 * MB
diff --git a/community/knot-resolver/knot-2.8.0-compat.patch b/community/knot-resolver/knot-2.8.0-compat.patch
new file mode 100644
index 0000000000..05363468f2
--- /dev/null
+++ b/community/knot-resolver/knot-2.8.0-compat.patch
@@ -0,0 +1,25 @@
+diff --git a/Makefile b/Makefile
+index 82221e99156d6042e22d2ecbae6558c41c1253c7..145555a4d8bfac4d052bef1074b092ab39ef168a 100644
+--- a/Makefile
++++ b/Makefile
+@@ -18,7 +18,7 @@ lint-lua: $(patsubst %.lua.in,%.lua,$(wildcard */*/*.lua.in))
+ .PHONY: all install check clean doc info lint
+ 
+ # Dependencies
+-KNOT_MINVER := 2.7.2
++KNOT_MINVER := 2.8.0
+ $(eval $(call find_lib,libknot,$(KNOT_MINVER),yes))
+ $(eval $(call find_lib,libdnssec,$(KNOT_MINVER),yes))
+ $(eval $(call find_lib,libzscanner,$(KNOT_MINVER),yes))
+diff --git a/daemon/lua/kres-gen.lua b/daemon/lua/kres-gen.lua
+index 5e40a610283f60456763859cac45139cfd29f74f..3d5345f7b68870d34297f7729d8a26a9264277d1 100644
+--- a/daemon/lua/kres-gen.lua
++++ b/daemon/lua/kres-gen.lua
+@@ -395,6 +395,7 @@ struct zs_scanner {
+ 		_Bool automatic;
+ 		void (*record)(zs_scanner_t *);
+ 		void (*error)(zs_scanner_t *);
++		void (*comment)(zs_scanner_t *);
+ 		void *data;
+ 	} process;
+ 	struct {
diff --git a/community/knot-resolver/knot-resolver.confd b/community/knot-resolver/knot-resolver.confd
new file mode 100644
index 0000000000..ccc2e995fd
--- /dev/null
+++ b/community/knot-resolver/knot-resolver.confd
@@ -0,0 +1,10 @@
+# Config file for /etc/init.d/knot-resolver
+
+# Config file path.
+#config="/etc/knot-resolver/config"
+
+# Cache (working) directory.
+#cachedir="/var/cache/knot-resolver"
+
+# Path to the logging file.
+#logfile="/var/log/knot-resolver.log"
diff --git a/community/knot-resolver/knot-resolver.initd b/community/knot-resolver/knot-resolver.initd
new file mode 100644
index 0000000000..7a4ef61eaf
--- /dev/null
+++ b/community/knot-resolver/knot-resolver.initd
@@ -0,0 +1,25 @@
+#!/sbin/openrc-run
+
+: ${config:="/etc/knot-resolver/config"}
+: ${cachedir:="/var/cache/knot-resolver"}
+: ${keyfile:="/var/lib/knot-resolver/root.keys"}
+: ${logfile:="/var/log/knot-resolver.log"}
+
+command="/usr/sbin/kresd"
+# Note: Do not change forks=1, it's buggy.
+command_args="--config=$config --keyfile=$keyfile --forks=1 $cachedir"
+command_background="yes"
+pidfile="/run/$RC_SVCNAME.pid"
+start_stop_daemon_args="
+	--chdir=$cachedir
+	--stdout=$logfile
+	--stderr=$logfile"
+required_files="$config"
+
+depend() {
+	need net
+}
+
+start_pre() {
+	checkpath -d -m 750 -o kresd:kresd "$cachedir"
+}
diff --git a/community/knot-resolver/knot-resolver.logrotate b/community/knot-resolver/knot-resolver.logrotate
new file mode 100644
index 0000000000..a1b0fb4d4b
--- /dev/null
+++ b/community/knot-resolver/knot-resolver.logrotate
@@ -0,0 +1,7 @@
+/var/log/knot-resolver.log {
+	notifempty
+	missingok
+	postrotate
+		/etc/init.d/knot-resolver --quiet --ifstarted restart
+	endscript
+}
diff --git a/community/knot-resolver/knot-resolver.pre-install b/community/knot-resolver/knot-resolver.pre-install
new file mode 100644
index 0000000000..638c4c7310
--- /dev/null
+++ b/community/knot-resolver/knot-resolver.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S kresd 2>/dev/null
+adduser -S -D -H -h /var/lib/knot-resolver -s /sbin/nologin -G kresd -g kresd kresd 2>/dev/null
+
+exit 0