From patchwork Sat Jan 20 21:23:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Leo_Nikkil=C3=A4?= X-Patchwork-Id: 1590 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 718EE27BBEC; Sat, 20 Jan 2024 21:27:15 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id D168127BBE2 for ; Sat, 20 Jan 2024 21:27:12 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rRIrn-0000br-4F; Sat, 20 Jan 2024 16:27:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rRIrk-0000ba-Ea for guix-patches@gnu.org; Sat, 20 Jan 2024 16:27:00 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rRIrk-0000G2-2v for guix-patches@gnu.org; Sat, 20 Jan 2024 16:27:00 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rRIrm-0008SP-Qy for guix-patches@gnu.org; Sat, 20 Jan 2024 16:27:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#68621] [PATCH 0/2] Provide default DNSSEC trust anchors for knot-resolver Resent-From: Leo =?utf-8?q?Nikkil=C3=A4?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 20 Jan 2024 21:27:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 68621 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 68621@debbugs.gnu.org Cc: Leo =?utf-8?q?Nikkil=C3=A4?= X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.170578600032453 (code B ref -1); Sat, 20 Jan 2024 21:27:02 +0000 Received: (at submit) by debbugs.gnu.org; 20 Jan 2024 21:26:40 +0000 Received: from localhost ([127.0.0.1]:35982 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRIrQ-0008RM-BY for submit@debbugs.gnu.org; Sat, 20 Jan 2024 16:26:40 -0500 Received: from lists.gnu.org ([2001:470:142::17]:57956) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRIrM-0008Qk-AB for submit@debbugs.gnu.org; Sat, 20 Jan 2024 16:26:37 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rRIr5-00009g-4y for guix-patches@gnu.org; Sat, 20 Jan 2024 16:26:21 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rRIr3-00009B-33 for guix-patches@gnu.org; Sat, 20 Jan 2024 16:26:18 -0500 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 1FA3C5C00A6; Sat, 20 Jan 2024 16:26:13 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Sat, 20 Jan 2024 16:26:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lnikki.la; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm1; t=1705785973; x=1705872373; bh=IJ VC0an6Z4ae0TjMKVkaMAp3A805UexkcMP/7RrpD5w=; b=OWDEyWVzXmgVDE8JN1 FDjX1JIvoO9ivx6t0NQoP/e31/9sTNBG0xQya7tz2P8P0ONCWV+nkzlsVBpsjqKn vIPgExjvT3lRwlIkpyOL6nony4FWTPI+9KbMT9XF5lNqXRrMII8VW6WHUNeWamb4 MYfGK/NK/7IKjYIA+CGsxOpUuNnVr0tLVQyEJ7sxF1QUQ0dmuGJljZNINOrdjRzG 9O1kAo7X+bhbIlZk2A1NmyOEV3m2h4zi3H8JzNQVYkeK4Ncf7xgfNEBK/oL95Pqk +hhlXVO1t3jd5k/hlJN4RfTtYitU/4z3Gq91+G8TjATODU0+0eJefcM15G1YfrM2 rvWw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1705785973; x=1705872373; bh=IJVC0an6Z4ae0 TjMKVkaMAp3A805UexkcMP/7RrpD5w=; b=w5jo03pK1rOfmikn98gUGpdPt1Ouc f5KqAAO824hDRh8MiVlv6rtQyCRMdN6aUXo9M5Smkf266z8Fogug8aXXFPEJh6Fs vxkVmt2gv26pg2OHnDCO0ZLcJqrf39SY6mfaFQKSPcnTWR4faX23SiDTb44kFVao 3OwRvTJnNBAiD5iveWpfwisxu3YYS33llDh+MFo2bf7E/QNNhTTvGGm04RPLrHDb qQCVcsjrUiN3xDqV0GHoN3cSK5mJY7mQoxSOdnVIcVMvmXjBr+jufW6CE4Yp+U53 p7V9A9I/v28dGHXtGzDQAkW2fSQScMjiR15OqO4F8FUuixfyN7vjMhjdQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdekvddgudehudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofggtgfgsehtke ertdertdejnecuhfhrohhmpefnvghoucfpihhkkhhilhomuceohhgvlhhloheslhhnihhk khhirdhlrgeqnecuggftrfgrthhtvghrnhepvdejfeejuefffeeiuedvleetkeettdefje elfeevvdeffeehgeduvedufefgheeinecuffhomhgrihhnpehrvggrughthhgvughotghs rdhiohenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hhvghllhhosehlnhhikhhkihdrlhgr X-ME-Proxy: Feedback-ID: i41f146a7:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 20 Jan 2024 16:26:12 -0500 (EST) Date: Sat, 20 Jan 2024 23:23:42 +0200 Message-ID: <20240120212542.17473-1-hello@lnikki.la> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Received-SPF: pass client-ip=66.111.4.25; envelope-from=hello@lnikki.la; helo=out1-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Leo =?utf-8?q?Nikkil=C3=A4?= X-ACL-Warn: , =?utf-8?q?Leo_Nikkil=C3=A4_via_Guix-patches?= X-Patchwork-Original-From: =?utf-8?q?Leo_Nikkil=C3=A4_via_Guix-patches?= via From: =?utf-8?q?Leo_Nikkil=C3=A4?= Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches The default DNSSEC trust anchors for knot-resolver are currently disabled through a build phase, but configured when you use the default kresd.conf file provided by Guix. If you write your own configuration, you might expect kresd to have DNSSEC enabled by default since this is what upstream does [1]. On Guix, DNSSEC is disabled unless you provide the same custom path in your own configuration and install the file into the appropriate location. This set updates the package to be built with the correct path as the default, and the service to use that path and install the default trust anchors at activation time when missing. [1]: https://knot-resolver.readthedocs.io/en/stable/config-dnssec.html Leo Nikkilä (2): gnu: knot-resolver: Re-enable default DNSSEC trust anchors. services: knot-resolver: Use default DNSSEC trust anchors. gnu/packages/dns.scm | 20 +++++++++++++------- gnu/services/dns.scm | 17 +++++++++++++---- 2 files changed, 26 insertions(+), 11 deletions(-) base-commit: 9072f27f5d3514be22c6af208f2ad56ef4e112f4