From 637b052bfdf3650a1b368f771362856a9cc82abe Mon Sep 17 00:00:00 2001 From: Pieter Lexis Date: Tue, 29 Mar 2016 14:32:04 +0200 Subject: [PATCH] dnsdist: Sync debian dir with downstream This is synced as much as possible. With the exception of the service file. We use the Type=simple and now disable logging to syslog (this way all logs end up in the journal). Closes #3367 --- build-scripts/debian-dnsdist/control.in | 8 +- build-scripts/debian-dnsdist/copyright | 108 +++++++++++++++++- build-scripts/debian-dnsdist/dnsdist.postinst | 37 ++++++ build-scripts/debian-dnsdist/dnsdist.service | 20 +++- build-scripts/debian-dnsdist/rules | 3 + 5 files changed, 168 insertions(+), 8 deletions(-) create mode 100644 build-scripts/debian-dnsdist/dnsdist.postinst diff --git a/build-scripts/debian-dnsdist/control.in b/build-scripts/debian-dnsdist/control.in index c222bc5db..7eff7391c 100644 --- a/build-scripts/debian-dnsdist/control.in +++ b/build-scripts/debian-dnsdist/control.in @@ -3,14 +3,18 @@ Section: net Priority: optional Maintainer: PowerDNS Autobuilder Origin: PowerDNS -Build-Depends: debhelper (>= 9), dh-systemd (>= 1.5), autotools-dev, libboost-dev, libedit-dev, liblua5.2-dev @LIBSODIUMDEV@ -Standards-Version: 3.9.5 +Build-Depends: debhelper (>= 9), dh-autoreconf, dh-systemd (>= 1.5), libboost-dev, libedit-dev, liblua5.2-dev, pkg-config @LIBSODIUMDEV@ +Standards-Version: 3.9.7 Homepage: http://dnsdist.org Package: dnsdist Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Powerful, scriptable DNS loadbalancer + Highly DoS- and abuse-aware load balancing tool for DNS traffic, + with Lua scripting and configuration capability. + Can be configured to use various sets of rules to classify, route + and reject traffic. Package: dnsdist-dbg Architecture: any diff --git a/build-scripts/debian-dnsdist/copyright b/build-scripts/debian-dnsdist/copyright index f874a051a..0356a3edc 100644 --- a/build-scripts/debian-dnsdist/copyright +++ b/build-scripts/debian-dnsdist/copyright @@ -3,5 +3,109 @@ Upstream-Name: dnsdist Source: http://dnsdist.net Files: * -Copyright: 2015 Bert Hubert -License: GPL-2 +Copyright: 2002-2016 PowerDNS.COM BV and contributors +License: GPL-2 with OpenSSL Exception + +Files: ext/yahttp/* +Copyright: 2014 Aki Tuomi +License: Expat + +Files: ext/json11/* +Copyright: 2013 Dropbox, Inc. +License: Expat + +Files: ext/luawrapper/* +Copyright: 2013, Pierre KRIEGER +License: BSD-3 + +Files: ext/incbin/* +Copyright: 2015, Dale Weiler +License: public-domain + This is free and unencumbered software released into the public domain. + . + Anyone is free to copy, modify, publish, use, compile, sell, or + distribute this software, either in source code form or as a compiled + binary, for any purpose, commercial or non-commercial, and by any + means. + . + In jurisdictions that recognize copyright laws, the author or authors + of this software dedicate any and all copyright interest in the + software to the public domain. We make this dedication for the benefit + of the public at large and to the detriment of our heirs and + successors. We intend this dedication to be an overt act of + relinquishment in perpetuity of all present and future rights to this + software under copyright law. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR + OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + OTHER DEALINGS IN THE SOFTWARE. + . + For more information, please refer to + +License: GPL-2 with OpenSSL Exception + This program is free software; you can redistribute it and/or modify + it under the terms of version 2 of the GNU General Public License as + published by the Free Software Foundation. + . + In addition, for the avoidance of any doubt, permission is granted to + link this program with OpenSSL and to (re)distribute the binaries + produced as the result of such linking. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + +License: BSD-3 + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/build-scripts/debian-dnsdist/dnsdist.postinst b/build-scripts/debian-dnsdist/dnsdist.postinst new file mode 100644 index 000000000..319a26406 --- /dev/null +++ b/build-scripts/debian-dnsdist/dnsdist.postinst @@ -0,0 +1,37 @@ +#! /bin/sh + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +case "$1" in + configure) + + adduser --force-badname --system --home /nonexistent --group \ + --no-create-home --quiet _dnsdist || true + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/build-scripts/debian-dnsdist/dnsdist.service b/build-scripts/debian-dnsdist/dnsdist.service index e0374e843..13d728060 100644 --- a/build-scripts/debian-dnsdist/dnsdist.service +++ b/build-scripts/debian-dnsdist/dnsdist.service @@ -1,10 +1,22 @@ [Unit] -Description=DNSdist -After=syslog.target +Description=dnsdist +Wants=network-online.target +After=network-online.target [Service] -# Keep the --supervised option when modifying the default options -ExecStart=/usr/bin/dnsdist --supervised +# Keep the --supervised and --disable-syslog option when modifying the default options +ExecStart=/usr/bin/dnsdist --supervised --disable-syslog -u _dnsdist -g _dnsdist +Restart=on-failure +RestartSec=2 +TimeoutStopSec=5 +StartLimitInterval=0 +PrivateTmp=true +PrivateDevices=true +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID +NoNewPrivileges=true +ProtectSystem=full +ProtectHome=true +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 [Install] WantedBy=multi-user.target diff --git a/build-scripts/debian-dnsdist/rules b/build-scripts/debian-dnsdist/rules index 7aedb0e1b..3c8f11ce3 100755 --- a/build-scripts/debian-dnsdist/rules +++ b/build-scripts/debian-dnsdist/rules @@ -42,5 +42,8 @@ override_dh_auto_configure: --libexecdir='$${prefix}/lib' \ $(ENABLE_LIBSODIUM) +override_dh_auto_build-arch: + dh_auto_build -- V=1 + override_dh_strip: dh_strip --dbg-package=dnsdist-dbg -- 2.40.0