From 92bfd4a85a48cdcc996da90c27081c362253a393 Mon Sep 17 00:00:00 2001 From: "Jonathan G. Underwood" Date: Thu, 3 Jan 2019 01:16:23 +0000 Subject: [PATCH 1/2] getdns: update to version 1.5.0 Signed-off-by: Jonathan G. Underwood --- libs/getdns/Makefile | 20 +++++++-------- ...lude-linux-sysctl.h-in-getentropy_li.patch | 25 ------------------- 2 files changed, 10 insertions(+), 35 deletions(-) delete mode 100644 libs/getdns/patches/001-Bugfix-399-Reinclude-linux-sysctl.h-in-getentropy_li.patch diff --git a/libs/getdns/Makefile b/libs/getdns/Makefile index 73f5b425d..a7f957619 100644 --- a/libs/getdns/Makefile +++ b/libs/getdns/Makefile @@ -5,8 +5,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=getdns -PKG_VERSION:=1.4.2 -PKG_RELEASE:=2 +PKG_VERSION:=1.5.0 +PKG_RELEASE:=1 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE @@ -14,7 +14,7 @@ PKG_MAINTAINER:=Jonathan Underwood PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://getdnsapi.net/dist/ -PKG_HASH:=1685b82dfe297cffc4bae08a773cdc88a3edf9a4e5a1ea27d8764bb5affc0e80 +PKG_HASH:=577182c3ace919ee70cee5629505581a10dc530bd53fe5c241603ea91c84fa84 PKG_FIXUP:=autoreconf @@ -22,8 +22,8 @@ PKG_INSTALL:=1 PKG_CONFIG_DEPENDS:= \ CONFIG_GETDNS_ENABLE_STUB_ONLY \ - CONFIG_GETDNS_ENABLE_IDN_LIBIDN2 - + CONFIG_GETDNS_ENABLE_IDN_LIBIDN2 + include $(INCLUDE_DIR)/package.mk define Package/getdns/Default @@ -41,7 +41,7 @@ define Package/getdns endef define Package/getdns/description - This package contains the getdns library (libgetdns). + This package contains the getdns library (libgetdns). This package also contains the "getdns_query" command line wrapper for getdns exposing the features of this implementation (both in the official API and the additional API functions). endef @@ -56,7 +56,7 @@ CONFIGURE_ARGS += \ --with-ssl="$(STAGING_DIR)/usr" \ # This will make 'configure' think that our libbsd.so is missing the -# functions inet_pton, inet_ntop, strlcpy and use the builtin. This +# functions inet_pton, inet_ntop, strlcpy and use the builtin. This # removes the libbsd dependency CONFIGURE_VARS += LIBBSD_LIBS=-lc @@ -68,12 +68,12 @@ define Build/InstallDev $(INSTALL_DIR) $(1)/usr/lib/pkgconfig $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/getdns*.pc $(1)/usr/lib/pkgconfig/ endef - - + + define Package/getdns/install $(INSTALL_DIR) $(1)/usr/lib $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libgetdns.so.* $(1)/usr/lib/ - $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/getdns_query $(1)/usr/sbin/getdns_query endef diff --git a/libs/getdns/patches/001-Bugfix-399-Reinclude-linux-sysctl.h-in-getentropy_li.patch b/libs/getdns/patches/001-Bugfix-399-Reinclude-linux-sysctl.h-in-getentropy_li.patch deleted file mode 100644 index 72997d4f5..000000000 --- a/libs/getdns/patches/001-Bugfix-399-Reinclude-linux-sysctl.h-in-getentropy_li.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 05bce5263735b77f91078a930ec55b9cf181d999 Mon Sep 17 00:00:00 2001 -From: Willem Toorop -Date: Sun, 13 May 2018 11:59:14 +0200 -Subject: [PATCH] Bugfix #399: Reinclude in getentropy_linux.c - ---- - src/compat/getentropy_linux.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/compat/getentropy_linux.c b/src/compat/getentropy_linux.c -index 744783c..abb28f4 100644 ---- a/src/compat/getentropy_linux.c -+++ b/src/compat/getentropy_linux.c -@@ -62,6 +62,7 @@ - - #include - #include -+#include - #ifdef HAVE_GETAUXVAL - #include - #endif --- -2.14.1 - - From c7c3eca42ea7a237777b8245fd7e2065ff393534 Mon Sep 17 00:00:00 2001 From: "Jonathan G. Underwood" Date: Thu, 3 Jan 2019 15:10:47 +0000 Subject: [PATCH 2/2] stubby: update to version 0.2.4 This upstream release adds support for trust_anchors_backoff_time configuration parameter. UCI support has been added for this. This commit also includes a number of clean-ups: o change START=50 to START=30 in init file Starting earlier in the boot means less chance of missing interface trigger events. See: https://github.com/openwrt/packages/pull/4675 o remove unused variables from init file o separate local declarations and assignments in init file o add defensive quoting in init file o use default values for procd respawn in init file o make use of {} in variables consistent in init file o remove unused variable from init file Signed-off-by: Jonathan G. Underwood --- net/stubby/Makefile | 8 ++++---- net/stubby/files/README.md | 7 +++++++ net/stubby/files/stubby.conf | 1 + net/stubby/files/stubby.init | 32 ++++++++++++++++++-------------- 4 files changed, 30 insertions(+), 18 deletions(-) diff --git a/net/stubby/Makefile b/net/stubby/Makefile index f582587c4..afda53ed8 100644 --- a/net/stubby/Makefile +++ b/net/stubby/Makefile @@ -5,8 +5,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=stubby -PKG_VERSION:=0.2.3 -PKG_RELEASE:=3 +PKG_VERSION:=0.2.4 +PKG_RELEASE:=1 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=COPYING @@ -15,8 +15,8 @@ PKG_MAINTAINER:=Jonathan Underwood PKG_SOURCE_PROTO:=git PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/getdnsapi/$(PKG_NAME) -PKG_SOURCE_VERSION:=8fb853ac8d6148fd9b53fdcbc107ecd375071ec5 -PKG_MIRROR_HASH:=db736f4a728970d2441009ac19716d6129700eab3f441a5db3a0c26d41bf162c +PKG_SOURCE_VERSION:=58200cadec6371f95e31a7f3735225c5a46ecf75 +PKG_MIRROR_HASH:=28c46f4464cb41cf59264d10da63dc25ece9a1d00b4dfb05a9276594658e5eb9 PKG_FIXUP:=autoreconf diff --git a/net/stubby/files/README.md b/net/stubby/files/README.md index 771d2534c..9703573ec 100644 --- a/net/stubby/files/README.md +++ b/net/stubby/files/README.md @@ -307,6 +307,13 @@ This option specifies the location for storing stubby runtime data. In particular, if DNSSEC is turned on, stubby will store its automatically retrieved trust anchor data here. The default value is `'/var/lib/stubby'`. +#### `option trust_anchors_backoff_time` + +When Zero configuration DNSSEC failed, because of network unavailability or +failure to write to the appdata directory, stubby will backoff trying to refetch +the DNSSEC trust-anchor for a specified amount of time expressed in milliseconds +(which defaults to two and a half seconds). + #### `option dnssec_trust_anchors` This option sets the location of the file containing the trust anchor data used diff --git a/net/stubby/files/stubby.conf b/net/stubby/files/stubby.conf index a4eed1509..a02936da1 100644 --- a/net/stubby/files/stubby.conf +++ b/net/stubby/files/stubby.conf @@ -10,6 +10,7 @@ config stubby 'global' # option timeout '5000' # option dnssec_return_status '0' option appdata_dir '/var/lib/stubby' + # option trust_anchors_backoff_time 2500 # option dnssec_trust_anchors '/var/lib/stubby/getdns-root.key' option edns_client_subnet_private '1' option idle_timeout '10000' diff --git a/net/stubby/files/stubby.init b/net/stubby/files/stubby.init index 104248acb..4a975e39d 100755 --- a/net/stubby/files/stubby.init +++ b/net/stubby/files/stubby.init @@ -2,11 +2,9 @@ USE_PROCD=1 -START=50 +START=30 STOP=51 -PROG="/usr/sbin/stubby" - stubby="/usr/sbin/stubby" stubby_init="/etc/init.d/stubby" stubby_config_dir="/var/etc/stubby" @@ -29,6 +27,7 @@ generate_config() local edns_client_subnet_private local idle_timeout local appdata_dir + local trust_anchors_backoff_time local tls_connection_retries local tls_backoff_time local timeout @@ -37,7 +36,6 @@ generate_config() local listen_addresses_section=0 local dns_transport_list_section=0 local upstream_recursive_servers_section=0 - local stubby_args local command_line_arguments local log_level @@ -51,6 +49,9 @@ generate_config() config_get appdata_dir "global" appdata_dir "/var/lib/stubby" echo "appdata_dir: \"$appdata_dir\"" >> "$config_file" + config_get trust_anchors_backoff_time "global" trust_anchors_backoff_time "2500" + echo "trust_anchors_backoff_time: $trust_anchors_backoff_time" >> "$config_file" + config_get tls_connection_retries "global" tls_connection_retries "" if [ -n "$tls_connection_retries" ]; then echo "tls_connection_retries: $tls_connection_retries" >> "$config_file" @@ -121,7 +122,6 @@ generate_config() local config=$1 local address local tls_auth_name - local spki local tls_pubkey_pinset_section=0 if [ "$upstream_recursive_servers_section" = 0 ]; then @@ -176,10 +176,11 @@ start_service() { config_get log_level "global" log_level "" - if [ $("${stubby_init}" enabled; printf "%u" ${?}) -eq 0 ]; then - if [ -n "${stubby_boot}" ]; then - local trigger="$(uci_get stubby global trigger)" - if [ "${trigger}" != "timed" ]; then + if [ "$("$stubby_init" enabled; printf "%u" $?)" -eq 0 ]; then + if [ -n "$stubby_boot" ]; then + local trigger + trigger="$(uci_get stubby global trigger)" + if [ "$trigger" != "timed" ]; then return 0 fi fi @@ -191,7 +192,7 @@ start_service() { if [ -n "$command_line_arguments" ]; then procd_append_param command "$command_line_arguments" fi - procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5} + procd_set_param respawn procd_set_param file "$stubby_config" procd_set_param stdout 1 procd_set_param stderr 1 @@ -203,12 +204,15 @@ start_service() { service_triggers() { - local trigger="$(uci_get stubby global trigger)" - local delay="$(uci_get stubby global triggerdelay "2")" + local trigger + local delay - if [ "${trigger}" != "none" ] && [ "${trigger}" != "timed" ]; then + trigger="$(uci_get stubby global trigger)" + delay="$(uci_get stubby global triggerdelay "2")" + + if [ "$trigger" != "none" ] && [ "$trigger" != "timed" ]; then PROCD_RELOAD_DELAY=$((${delay:-2} * 1000)) - procd_add_interface_trigger "interface.*.up" "${trigger}" "${stubby_init}" start + procd_add_interface_trigger "interface.*.up" "$trigger" "$stubby_init" start fi procd_add_reload_trigger "stubby" }