Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock Control: block -1 by 924019 Control: affects -1 + src:knot-resolver
Please unblock package knot-resolver, package version 3.2.1-3. knot-resolver 3.2.1-1 (in testing) ships libkres-dev, which does not work for building other tools against libkres9 :( Upstream packaging tries to install the development files, but they just aren't functional (see more discussion on the RC-critical bug https://bugs.debian.org/923970). 3.2.1-3 solves the issue by folding the .so back into the knot-resolver binary package, and removing the libkres-dev and libkres9 packages. However, those packages linger on the arm64 platform, which hasn't supported the knot-resolver binary itself for a while. see https://bugs.debian.org/924019 for the request to the ftp team to remove those binary packages on that platform to avoid shipping lingering unusable packages. i'm marking this bug as blocked by that one, because i believe this all needs to happen together. In the course of package review, i discovered that the debian/missing-sources/ file for the dygraphs javascript library was outdated, so i've replaced it as well -- that huge difference between 3.2.1-1 and 3.2.1-3 has been filtered out of the debdiff, but feel free to take a look at commit 0ca501d492beca924e1e5dd20314f0e5640a5102 in https://salsa.debian.org/dns-team/knot-resolver.git for the comparison. This update also avoids shipping an embedded copy of font file glyphs-halfling.woff, and converts from debhelper 11 to debhelper 12 (which causes no changes in the underlying package). And it fixes passing CXXFLAGS to the text-string matching Aho Corasick Lua module that it uses, further expanding the scope of automatic debian hardening. Thanks for your work on the debian release, --dkg unblock knot-resolver/3.2.1-3 -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diff --git knot-resolver-3.2.1/debian/changelog knot-resolver-3.2.1/debian/changelog index 8e18a042..4af50d4e 100644 --- knot-resolver-3.2.1/debian/changelog +++ knot-resolver-3.2.1/debian/changelog @@ -1,3 +1,23 @@ +knot-resolver (3.2.1-3) unstable; urgency=medium + + * knot-resolver-module-http is arch: all, not arch: any + * Explicitly list all non-arm64 architectures + + -- Daniel Kahn Gillmor <[email protected]> Fri, 08 Mar 2019 00:56:09 -0500 + +knot-resolver (3.2.1-2) unstable; urgency=medium + + * Standards-Version: move to 4.3.0 (no changes needed) + * move to debhelper 12 + * Avoid breakage when built against knot-dns 2.8.0 + * d/tests/control: wrap-and-sort + * Drop libkres9 and libkres-dev packages (Closes: #923970) + * avoid clobbering CXXFLAGS when compiling lua-aho-corasick + * missing-sources: updated dygraph-combined.js to match minified version + * avoid shipping pre-built glyphicons-halflings-regular.woff2 + + -- Daniel Kahn Gillmor <[email protected]> Thu, 07 Mar 2019 16:23:16 -0500 + knot-resolver (3.2.1-1) unstable; urgency=medium * new upstream release (Closes: #922172) diff --git knot-resolver-3.2.1/debian/clean knot-resolver-3.2.1/debian/clean index a8241244..ce17de8f 100644 --- knot-resolver-3.2.1/debian/clean +++ knot-resolver-3.2.1/debian/clean @@ -1,5 +1,5 @@ doc/kresd.8 libkres.pc lib/libkres.a -lib/libkres.so.9 +lib/libkres.so.* test-modules/ diff --git knot-resolver-3.2.1/debian/compat knot-resolver-3.2.1/debian/compat deleted file mode 100644 index b4de3947..00000000 +++ /dev/null @@ -1 +0,0 @@ -11 diff --git knot-resolver-3.2.1/debian/control knot-resolver-3.2.1/debian/control index 4da0323a..4ed0dad4 100644 --- knot-resolver-3.2.1/debian/control +++ knot-resolver-3.2.1/debian/control @@ -11,7 +11,7 @@ Build-Depends-Indep: python3-sphinx, python3-sphinx-rtd-theme, Build-Depends: - debhelper (>= 11~), + debhelper-compat (= 12), dns-root-data, gnutls-bin <!nocheck>, knot-dnsutils <!nocheck>, @@ -20,6 +20,7 @@ Build-Depends: libgeoip-dev, libgnutls28-dev, libknot-dev (>= 2.7.2), + libknot-dev (<< 2.8.0), liblmdb-dev, libluajit-5.1-dev, libsystemd-dev (>= 227) [linux-any], @@ -27,23 +28,26 @@ Build-Depends: luajit, pkg-config, socat <!nocheck>, -Standards-Version: 4.2.1 +Standards-Version: 4.3.0 Homepage: https://www.knot-resolver.cz/ Vcs-Browser: https://salsa.debian.org/dns-team/knot-resolver Vcs-Git: https://salsa.debian.org/dns-team/knot-resolver.git Rules-Requires-Root: no Package: knot-resolver -# actually "Architecture: any [!arm64]" via debian/rules, see #907729 -Architecture: any +# intended to be "Architecture: any [!arm64]", see #907729 +Architecture: amd64 armel armhf i386 mips mips64el mipsel ppc64 ppc64el Depends: adduser, dns-root-data, - libkres9 (= ${binary:Version}), lua-sec, lua-socket, ${misc:Depends}, ${shlibs:Depends}, +Replaces: + libkres9 (<< 3.2.1-2), +Breaks: + libkres9 (<< 3.2.1-2), Recommends: knot-resolver-module-http, lua-basexx, @@ -65,9 +69,9 @@ Description: caching, DNSSEC-validating DNS resolver nodes depending on the contention without downtime. Package: knot-resolver-module-http -# actually "Architecture: any [!arm64]" via debian/rules, see #907729 Architecture: all Depends: + fonts-glyphicons-halflings, libjs-bootstrap, libjs-d3, libjs-jquery, @@ -105,44 +109,3 @@ Description: Documentation for Knot Resolver validator, and many external. . This package contains Knot Resolver Documentation. - -Package: libkres9 -Architecture: any -Section: libs -Depends: - ${misc:Depends}, - ${shlibs:Depends}, -Breaks: - knot-resolver (<< 1.5.0-5), -Replaces: - knot-resolver (<< 1.5.0-5), -Description: caching, DNSSEC-validating DNS resolver (shared library) - The Knot DNS Resolver is a caching full resolver implementation - written in C and LuaJIT, including both a resolver library and a - daemon. Modular architecture of the library keeps the core tiny and - efficient, and provides a state-machine like API for - extensions. - . - This package contains the libkres shared library used by Knot - Resolver. - -Package: libkres-dev -Architecture: any -Section: libdevel -Depends: - libkres9 (= ${binary:Version}), - ${misc:Depends}, - ${shlibs:Depends}, -Breaks: - knot-resolver (<< 1.5.0-5), -Replaces: - knot-resolver (<< 1.5.0-5), -Description: caching, DNSSEC-validating DNS resolver (shared library development files) - The Knot DNS Resolver is a caching full resolver implementation - written in C and LuaJIT, including both a resolver library and a - daemon. Modular architecture of the library keeps the core tiny and - efficient, and provides a state-machine like API for - extensions. - . - This package provides development files for use when building against - the libkres shared library. diff --git knot-resolver-3.2.1/debian/knot-resolver-module-http.links knot-resolver-3.2.1/debian/knot-resolver-module-http.links index 322529c8..d651f6fc 100644 --- knot-resolver-3.2.1/debian/knot-resolver-module-http.links +++ knot-resolver-3.2.1/debian/knot-resolver-module-http.links @@ -1,3 +1,4 @@ +/usr/share/fonts-glyphicons/glyphicons-halflings-regular.woff2 /usr/lib/knot-resolver/http/glyphicons-halflings-regular.woff2 /usr/share/javascript/bootstrap/css/bootstrap-theme.min.css /usr/lib/knot-resolver/http/bootstrap-theme.min.css /usr/share/javascript/bootstrap/css/bootstrap.min.css /usr/lib/knot-resolver/http/bootstrap.min.css /usr/share/javascript/bootstrap/js/bootstrap.min.js /usr/lib/knot-resolver/http/bootstrap.min.js diff --git knot-resolver-3.2.1/debian/knot-resolver.install knot-resolver-3.2.1/debian/knot-resolver.install index 6d1ebb1b..429a43b4 100644 --- knot-resolver-3.2.1/debian/knot-resolver.install +++ knot-resolver-3.2.1/debian/knot-resolver.install @@ -7,6 +7,7 @@ distro/common/systemd/kresd.target lib/systemd/system/ distro/common/systemd/[email protected] lib/systemd/system/ distro/common/tmpfiles/knot-resolver.conf usr/lib/tmpfiles.d/ etc/knot-resolver/config.* /usr/share/doc/knot-resolver/examples/ +usr/lib/*.so.* usr/lib/knot-resolver/*.so usr/lib/knot-resolver/daf.lua usr/lib/knot-resolver/daf/ diff --git knot-resolver-3.2.1/debian/knot-resolver.lintian-overrides knot-resolver-3.2.1/debian/knot-resolver.lintian-overrides index b65480bc..5ac85653 100644 --- knot-resolver-3.2.1/debian/knot-resolver.lintian-overrides +++ knot-resolver-3.2.1/debian/knot-resolver.lintian-overrides @@ -2,3 +2,6 @@ # see https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/597 # and https://github.com/systemd/systemd/issues/9080#issuecomment-393552613 knot-resolver: systemd-service-file-refers-to-unusual-wantedby-target lib/systemd/system/[email protected] kresd.target +# libkres9 is not currently functional independently. see https://bugs.debian.org/923970 +knot-resolver: package-name-doesnt-match-sonames libkres9 +knot-resolver: no-symbols-control-file usr/lib/libkres.so.9 diff --git knot-resolver-3.2.1/debian/libkres-dev.install knot-resolver-3.2.1/debian/libkres-dev.install deleted file mode 100644 index d565b386..00000000 +++ /dev/null @@ -1,3 +0,0 @@ -usr/include/libkres/*.h -usr/lib/*.so -usr/lib/pkgconfig/libkres.pc diff --git knot-resolver-3.2.1/debian/libkres9.install knot-resolver-3.2.1/debian/libkres9.install deleted file mode 100644 index 093956b1..00000000 +++ /dev/null @@ -1 +0,0 @@ -usr/lib/*.so.* diff --git knot-resolver-3.2.1/debian/libkres9.symbols knot-resolver-3.2.1/debian/libkres9.symbols deleted file mode 100644 index b7baf5a1..00000000 +++ /dev/null @@ -1,146 +0,0 @@ -libkres.so.9 libkres9 #MINVER# -* Build-Depends-Package: libkres-dev - cache_api@Base 2.2.0 - iterate_api@Base 2.2.0 - kr_bitcmp@Base 2.2.0 - kr_cache_clear@Base 2.2.0 - kr_cache_close@Base 2.2.0 - kr_cache_closest_apex@Base 3.0.0 - kr_cache_emergency_file_to_remove@Base 3.1.0 - kr_cache_insert_rr@Base 2.4.0 - kr_cache_match@Base 3.0.0 - kr_cache_materialize@Base 2.2.0 - kr_cache_open@Base 2.2.0 - kr_cache_peek_exact@Base 2.2.0 - kr_cache_remove@Base 3.0.0 - kr_cache_remove_subtree@Base 3.0.0 - kr_cache_sync@Base 2.2.0 - kr_cache_ttl@Base 2.2.0 - kr_cdb_lmdb@Base 2.2.0 - kr_crypto_cleanup@Base 2.2.0 - kr_crypto_init@Base 2.2.0 - kr_crypto_reinit@Base 2.2.0 - kr_dnssec_key_ksk@Base 2.2.0 - kr_dnssec_key_match@Base 2.2.0 - kr_dnssec_key_revoked@Base 2.2.0 - kr_dnssec_key_tag@Base 2.2.0 - kr_dnssec_key_zsk@Base 2.2.0 - kr_family_len@Base 2.2.0 - kr_inaddr@Base 2.2.0 - kr_inaddr_family@Base 2.2.0 - kr_inaddr_len@Base 2.2.0 - kr_inaddr_port@Base 2.2.0 - kr_inaddr_set_port@Base 3.1.0 - kr_inaddr_str@Base 2.2.0 - kr_log_qverbose_impl@Base 3.2.0 - kr_log_trace@Base 2.2.0 - kr_log_verbose@Base 2.2.0 - kr_make_query@Base 2.4.0 - kr_memreserve@Base 2.2.0 - kr_module_call@Base 2.2.0 - kr_module_embedded@Base 2.2.0 - kr_module_load@Base 2.2.0 - kr_module_unload@Base 2.2.0 - kr_now@Base 2.2.0 - kr_nsrep_elect@Base 2.2.0 - kr_nsrep_elect_addr@Base 2.2.0 - kr_nsrep_set@Base 2.2.0 - kr_nsrep_sort@Base 2.2.0 - kr_nsrep_update_rep@Base 2.2.0 - kr_nsrep_update_rtt@Base 2.2.0 - kr_pkt_clear_payload@Base 2.2.0 - kr_pkt_make_auth_header@Base 2.2.0 - kr_pkt_put@Base 2.2.0 - kr_pkt_qclass@Base 3.0.0 - kr_pkt_qtype@Base 3.0.0 - kr_pkt_recycle@Base 2.2.0 - kr_qflags_clear@Base 2.2.0 - kr_qflags_set@Base 2.2.0 - kr_ranked_rrarray_add@Base 2.2.0 - kr_resolve_begin@Base 2.2.0 - kr_resolve_checkout@Base 2.2.0 - kr_resolve_consume@Base 2.2.0 - kr_resolve_finish@Base 2.2.0 - kr_resolve_plan@Base 2.2.0 - kr_resolve_pool@Base 2.2.0 - kr_resolve_produce@Base 2.2.0 - kr_rnd_buffered@Base 3.2.0 - kr_rplan_deinit@Base 2.2.0 - kr_rplan_empty@Base 2.2.0 - kr_rplan_find_resolved@Base 2.2.0 - kr_rplan_init@Base 2.2.0 - kr_rplan_last@Base 2.2.0 - kr_rplan_pop@Base 2.2.0 - kr_rplan_push@Base 2.2.0 - kr_rplan_push_empty@Base 2.2.0 - kr_rplan_resolved@Base 2.2.0 - kr_rplan_satisfies@Base 2.2.0 - kr_rrkey@Base 2.2.0 - kr_rrset_init@Base 3.0.0 - kr_rrsig_sig_expiration@Base 3.0.0 - kr_rrsig_sig_inception@Base 3.0.0 - kr_rrsig_type_covered@Base 3.0.0 - kr_sockaddr_cmp@Base 2.4.0 - kr_sockaddr_len@Base 2.2.0 - kr_straddr_family@Base 2.2.0 - kr_straddr_join@Base 2.2.0 - kr_straddr_socket@Base 2.2.0 - kr_straddr_split@Base 2.2.0 - kr_straddr_subnet@Base 2.2.0 - kr_strcatdup@Base 2.2.0 - kr_strptime_diff@Base 3.2.1 - kr_ta_add@Base 2.2.0 - kr_ta_clear@Base 2.2.0 - kr_ta_covers@Base 2.2.0 - kr_ta_covers_qry@Base 2.2.0 - kr_ta_del@Base 2.2.0 - kr_ta_get@Base 2.2.0 - kr_ta_get_longest_name@Base 2.2.0 - kr_unpack_cache_key@Base 3.0.0 - kr_verbose_set@Base 2.2.0 - kr_verbose_status@Base 2.2.0 - kr_zonecut_add@Base 2.2.0 - kr_zonecut_copy@Base 2.2.0 - kr_zonecut_copy_trust@Base 2.2.0 - kr_zonecut_deinit@Base 2.2.0 - kr_zonecut_del@Base 2.2.0 - kr_zonecut_del_all@Base 2.2.0 - kr_zonecut_find@Base 2.2.0 - kr_zonecut_find_cached@Base 2.2.0 - kr_zonecut_init@Base 2.2.0 - kr_zonecut_is_empty@Base 2.3.0 - kr_zonecut_move@Base 3.2.0 - kr_zonecut_set@Base 2.2.0 - kr_zonecut_set_sbelt@Base 2.2.0 - lru_apply_impl@Base 2.2.0 - lru_create_impl@Base 2.2.0 - lru_free_items_impl@Base 2.2.0 - lru_get_impl@Base 2.2.0 - map_clear@Base 2.2.0 - map_contains@Base 2.2.0 - map_del@Base 2.2.0 - map_get@Base 2.2.0 - map_set@Base 2.2.0 - map_walk_prefixed@Base 2.2.0 - mm_realloc@Base 3.2.0 - queue_deinit_impl@Base 3.1.0 - queue_init_impl@Base 3.1.0 - queue_push_head_impl@Base 3.1.0 - queue_push_impl@Base 3.1.0 - trie_clear@Base 2.3.0 - trie_create@Base 2.3.0 - trie_del@Base 2.3.0 - trie_del_first@Base 3.1.0 - trie_free@Base 2.3.0 - trie_get_first@Base 3.1.0 - trie_get_ins@Base 2.3.0 - trie_get_leq@Base 3.1.0 - trie_get_try@Base 2.3.0 - trie_it_begin@Base 2.3.0 - trie_it_finished@Base 2.3.0 - trie_it_free@Base 2.3.0 - trie_it_key@Base 2.3.0 - trie_it_next@Base 2.3.0 - trie_it_val@Base 2.3.0 - trie_weight@Base 2.3.0 - validate_api@Base 2.2.0 diff --git knot-resolver-3.2.1/debian/not-installed knot-resolver-3.2.1/debian/not-installed index 2bfaf64a..dce28d5d 100644 --- knot-resolver-3.2.1/debian/not-installed +++ knot-resolver-3.2.1/debian/not-installed @@ -1,2 +1,5 @@ usr/lib/knot-resolver/http/LICENSE usr/lib/knot-resolver/basexx.lua +usr/include/libkres/*.h +usr/lib/*.so +usr/lib/pkgconfig/libkres.pc diff --git knot-resolver-3.2.1/debian/patches/0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch knot-resolver-3.2.1/debian/patches/0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch new file mode 100644 index 00000000..8d3d869d --- /dev/null +++ knot-resolver-3.2.1/debian/patches/0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch @@ -0,0 +1,24 @@ +From: Daniel Kahn Gillmor <[email protected]> +Date: Thu, 7 Mar 2019 14:36:33 -0500 +Subject: Avoid clobbering CXX flags when compiling lua-aho-corasick + +Without this patch, any externally-set CXXFLAGS are not passed through +to the underlying C++ compiler. + +--- + modules/policy/policy.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/policy/policy.mk b/modules/policy/policy.mk +index 98c9f88..43964dd 100644 +--- a/modules/policy/policy.mk ++++ b/modules/policy/policy.mk +@@ -7,7 +7,7 @@ $(call make_lua_module,policy) + policy-clean: + $(MAKE) -C $(AHOCORASICK_DIR) clean + $(AHOCORASICK_DIR)ahocorasick$(LIBEXT): $(AHOCORASICK_DIR)Makefile +- $(MAKE) -C $(AHOCORASICK_DIR) ahocorasick$(LIBEXT) CXXFLAGS="$(lua_CFLAGS)" ++ $(MAKE) -C $(AHOCORASICK_DIR) ahocorasick$(LIBEXT) CXXFLAGS="$(lua_CFLAGS) $(CXXFLAGS)" + + policy-install: ahocorasick-install + ahocorasick-install: $(AHOCORASICK_DIR)ahocorasick$(LIBEXT) $(DESTDIR)$(MODULEDIR) diff --git knot-resolver-3.2.1/debian/patches/series knot-resolver-3.2.1/debian/patches/series index cd2df8ce..815a16ce 100644 --- knot-resolver-3.2.1/debian/patches/series +++ knot-resolver-3.2.1/debian/patches/series @@ -1,2 +1,3 @@ 0001-Update-documentation-of-keyfile-ro.patch 0002-avoid-invocations-of-git-during-make-installcheck.patch +0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch diff --git knot-resolver-3.2.1/debian/rules knot-resolver-3.2.1/debian/rules index 13912d11..87831d0c 100755 --- knot-resolver-3.2.1/debian/rules +++ knot-resolver-3.2.1/debian/rules @@ -18,14 +18,8 @@ export PREFIX=/usr export MODULEDIR=/usr/lib/knot-resolver export ETCDIR=/etc/knot-resolver -# see https://bugs.debian.org/907729 -LUA_LUD_BROKEN_ARCHES := arm64 -ifneq (, $(filter $(DEB_HOST_ARCH), $(LUA_LUD_BROKEN_ARCHES))) - KRESD_EXCLUDE_ARCHES := -Nknot-resolver -Nknot-resolver-module-http -endif - %: - dh $@ $(KRESD_EXCLUDE_ARCHES) + dh $@ override_dh_auto_clean-indep: dh_auto_clean -- doc-clean http-clean @@ -59,11 +53,9 @@ override_dh_auto_test-indep: override_dh_auto_test-arch: dh_auto_test -- V=1 ifeq (, $(filter nocheck, $(DEB_BUILD_OPTIONS))) -ifeq (, $(filter $(DEB_HOST_ARCH), $(LUA_LUD_BROKEN_ARCHES))) mkdir -p test-modules && (cd test-modules && ln -sf ../modules/*/*.lua ../modules/*/*.so ../modules/policy/lua-aho-corasick/*.lua ../modules/policy/lua-aho-corasick/*.so ../daemon/lua/* ./) MODULE_DIR=$(CURDIR)/test-modules LD_LIBRARY_PATH=$(CURDIR)/lib KRESD=$(CURDIR)/daemon/kresd debian/tests/roundtrip endif -endif override_dh_missing: dh_missing --fail-missing diff --git knot-resolver-3.2.1/debian/tests/control knot-resolver-3.2.1/debian/tests/control index 2acaeb7f..975fc1ef 100644 --- knot-resolver-3.2.1/debian/tests/control +++ knot-resolver-3.2.1/debian/tests/control @@ -1,6 +1,13 @@ Test-Command: make -k installcheck V=1 PREFIX=/usr ROOTHINTS=/usr/share/dns/root.hints KEYFILE_DEFAULT=/usr/share/dns/root.key -Depends: @, @builddeps@, lua-cqueues +Depends: + lua-cqueues, + @, + @builddeps@, Restrictions: allow-stderr Tests: roundtrip -Depends: gnutls-bin, knot-dnsutils, knot-resolver, socat +Depends: + gnutls-bin, + knot-dnsutils, + knot-resolver, + socat,
