Merge commit 'a2e06fc3423c4be53181b15c28dfbe0bcf67dd73'

5 files changed, 100 insertions, 43 deletions

diff --git a/nixpkgs/pkgs/servers/dns/bind/default.nix b/nixpkgs/pkgs/servers/dns/bind/default.nix
index 5e4a07bdf25e..bdbff4c00f78 100644
--- a/nixpkgs/pkgs/servers/dns/bind/default.nix
+++ b/nixpkgs/pkgs/servers/dns/bind/default.nix
@@ -10,11 +10,11 @@ assert enablePython -> python3 != null;
 
 stdenv.mkDerivation rec {
   pname = "bind";
-  version = "9.14.9";
+  version = "9.14.11";
 
   src = fetchurl {
     url = "https://ftp.isc.org/isc/bind9/${version}/${pname}-${version}.tar.gz";
-    sha256 = "0g2ph3hlw86yib8hv13qgkb4i84s9zv22r4k6yqlycm2izamwmr9";
+    sha256 = "1v4y9308w0gd98gjzni4cgxmh8g1s37lbnnkyhsn70xs3xki5b4c";
   };
 
   outputs = [ "out" "lib" "dev" "man" "dnsutils" "host" ];
diff --git a/nixpkgs/pkgs/servers/dns/knot-dns/default.nix b/nixpkgs/pkgs/servers/dns/knot-dns/default.nix
index c3d63a54ac0d..7756c5fa3f19 100644
--- a/nixpkgs/pkgs/servers/dns/knot-dns/default.nix
+++ b/nixpkgs/pkgs/servers/dns/knot-dns/default.nix
@@ -1,5 +1,6 @@
 { stdenv, fetchurl, pkgconfig, gnutls, liburcu, lmdb, libcap_ng, libidn2, libunistring
 , systemd, nettle, libedit, zlib, libiconv, libintl
+, autoreconfHook
 }:
 
 let inherit (stdenv.lib) optional optionals; in
@@ -7,16 +8,28 @@ let inherit (stdenv.lib) optional optionals; in
 # Note: ATM only the libraries have been tested in nixpkgs.
 stdenv.mkDerivation rec {
   pname = "knot-dns";
-  version = "2.9.2";
+  version = "2.9.3";
 
   src = fetchurl {
     url = "https://secure.nic.cz/files/knot-dns/knot-${version}.tar.xz";
-    sha256 = "298cdf33aa7589b50df7e5833694b24cd2de8b6d17cee7e1673873fe576db6ee";
+    sha256 = "f2adf137d70955a4a20df90c5409e10be8e1127204a98b27d626ac090531a07e";
   };
 
   outputs = [ "bin" "out" "dev" ];
 
-  nativeBuildInputs = [ pkgconfig ];
+  configureFlags = [
+    "--with-configdir=/etc/knot"
+    "--with-rundir=/run/knot"
+    "--with-storage=/var/lib/knot"
+  ];
+
+  patches = [
+    # Don't try to create directories like /var/lib/knot at build time.
+    # They are later created from NixOS itself.
+    ./dont-create-run-time-dirs.patch
+  ];
+
+  nativeBuildInputs = [ pkgconfig autoreconfHook ];
   buildInputs = [
     gnutls liburcu libidn2 libunistring
     nettle libedit
@@ -33,7 +46,9 @@ stdenv.mkDerivation rec {
   doCheck = true;
   doInstallCheck = false; # needs pykeymgr?
 
-  postInstall = ''rm -r "$out"/var "$out"/lib/*.la'';
+  postInstall = ''
+    rm -r "$out"/lib/*.la
+  '';
 
   meta = with stdenv.lib; {
     description = "Authoritative-only DNS server from .cz domain registry";
diff --git a/nixpkgs/pkgs/servers/dns/knot-dns/dont-create-run-time-dirs.patch b/nixpkgs/pkgs/servers/dns/knot-dns/dont-create-run-time-dirs.patch
new file mode 100644
index 000000000000..9fe165e7681d
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/knot-dns/dont-create-run-time-dirs.patch
@@ -0,0 +1,32 @@
+diff --git a/samples/Makefile.am b/samples/Makefile.am
+index c253c91..107401d 100644
+--- a/samples/Makefile.am
++++ b/samples/Makefile.am
+@@ -19,11 +19,6 @@ EXTRA_DIST = knot.sample.conf.in example.com.zone
+ 
+ if HAVE_DAEMON
+ 
+-install-data-local: knot.sample.conf
+-	if [ \! -f $(DESTDIR)/$(config_dir)/knot.sample.conf ]; then \
+-	  $(INSTALL) -d $(DESTDIR)/$(config_dir); \
+-	  $(INSTALL_DATA) knot.sample.conf $(srcdir)/example.com.zone $(DESTDIR)/$(config_dir); \
+-	fi
+ uninstall-local:
+ 	-rm -rf $(DESTDIR)/$(config_dir)/knot.sample.conf \
+ 	        $(DESTDIR)/$(config_dir)/example.com.zone
+diff --git a/src/utils/Makefile.inc b/src/utils/Makefile.inc
+index e6765d9..d859d23 100644
+--- a/src/utils/Makefile.inc
++++ b/src/utils/Makefile.inc
+@@ -79,11 +79,6 @@ endif HAVE_DNSTAP
+ endif HAVE_UTILS
+ 
+ if HAVE_DAEMON
+-# Create storage and run-time directories
+-install-data-hook:
+-	$(INSTALL) -d $(DESTDIR)/@config_dir@
+-	$(INSTALL) -d $(DESTDIR)/@run_dir@
+-	$(INSTALL) -d $(DESTDIR)/@storage_dir@
+ 
+ sbin_PROGRAMS = knotc knotd
+ 
diff --git a/nixpkgs/pkgs/servers/dns/knot-resolver/default.nix b/nixpkgs/pkgs/servers/dns/knot-resolver/default.nix
index 953d8ebcbae6..ccb9a8590590 100644
--- a/nixpkgs/pkgs/servers/dns/knot-resolver/default.nix
+++ b/nixpkgs/pkgs/servers/dns/knot-resolver/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl
+{ stdenv, fetchurl, fetchpatch
 # native deps.
 , runCommand, pkgconfig, meson, ninja, makeWrapper
 # build+runtime deps.
@@ -11,31 +11,46 @@ let # un-indented, over the whole file
 
 result = if extraFeatures then wrapped-full else unwrapped;
 
-inherit (stdenv.lib) optional optionals concatStringsSep;
+inherit (stdenv.lib) optional optionals;
 lua = luajitPackages;
 
-# FIXME: remove these usages once resolving
-# https://github.com/NixOS/nixpkgs/pull/63108#issuecomment-508670438
-exportLuaPathsFor = luaPkgs: ''
-  export LUA_PATH='${ concatStringsSep ";" (map lua.getLuaPath  luaPkgs)}'
-  export LUA_CPATH='${concatStringsSep ";" (map lua.getLuaCPath luaPkgs)}'
-'';
-
 unwrapped = stdenv.mkDerivation rec {
   pname = "knot-resolver";
-  version = "4.3.0";
+  version = "5.0.1";
 
   src = fetchurl {
     url = "https://secure.nic.cz/files/knot-resolver/${pname}-${version}.tar.xz";
-    sha256 = "0ca0f171ae2b2d76830967a5150eb0fa496b48b2a48f41b2be65d3743aaece25";
+    sha256 = "4a93264ad0cda7ea2252d1ba057e474722f77848165f2893e0c76e21ae406415";
   };
 
+  patches = [
+    (fetchpatch { # merged to upstream master, remove on update
+      name = "zfs-cpu-usage.diff";
+      url = "https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/946.diff";
+      sha256 = "0mcvx4pfnl19h6zrv2fcgxdjarqzczn2dz85sylcczsfvdmn6i5m";
+    })
+  ];
+
   outputs = [ "out" "dev" ];
 
+  # Path fixups for the NixOS service.
+  postPatch = ''
+    patch meson.build <<EOF
+    @@ -50,2 +50,2 @@
+    -systemd_work_dir = join_paths(prefix, get_option('localstatedir'), 'lib', 'knot-resolver')
+    -systemd_cache_dir = join_paths(prefix, get_option('localstatedir'), 'cache', 'knot-resolver')
+    +systemd_work_dir  = '/var/lib/knot-resolver'
+    +systemd_cache_dir = '/var/cache/knot-resolver'
+    EOF
+
+    # ExecStart can't be overwritten in overrides.
+    # We need that to use wrapped executable and correct config file.
+    sed '/^ExecStart=/d' -i systemd/kresd@.service.in
+  '';
+
   preConfigure = ''
     patchShebangs scripts/
-  ''
-    + stdenv.lib.optionalString doInstallCheck (exportLuaPathsFor [ lua.cqueues lua.basexx ]);
+  '';
 
   nativeBuildInputs = [ pkgconfig meson ninja ];
 
@@ -53,16 +68,17 @@ unwrapped = stdenv.mkDerivation rec {
   ]
   ++ optional doInstallCheck "-Dunit_tests=enabled"
   ++ optional (doInstallCheck && !stdenv.isDarwin) "-Dconfig_tests=enabled"
+  ++ optional stdenv.isLinux "-Dsystemd_files=enabled" # used by NixOS service
     #"-Dextra_tests=enabled" # not suitable as in-distro tests; many deps, too.
   ;
 
   postInstall = ''
     rm "$out"/lib/libkres.a
+    rm "$out"/lib/knot-resolver/upgrade-4-to-5.lua # not meaningful on NixOS
   '';
 
-  # aarch64: see https://github.com/wahern/cqueues/issues/223
-  doInstallCheck = with stdenv; hostPlatform == buildPlatform && !hostPlatform.isAarch64;
-  installCheckInputs = [ cmocka which cacert ];
+  doInstallCheck = with stdenv; hostPlatform == buildPlatform;
+  installCheckInputs = [ cmocka which cacert lua.cqueues lua.basexx ];
   installCheckPhase = ''
     meson test --print-errorlogs
   '';
@@ -76,37 +92,31 @@ unwrapped = stdenv.mkDerivation rec {
   };
 };
 
-# FIXME: revert this back after resolving
-# https://github.com/NixOS/nixpkgs/pull/63108#issuecomment-508670438
-wrapped-full =
-  with stdenv.lib;
-  with luajitPackages;
-  let
-    luaPkgs = [
-      luasec luasocket # trust anchor bootstrap, prefill module
-      luafilesystem # prefill module
-      http # for http module; brings lots of deps; some are useful elsewhere
-      cqueues fifo lpeg lpeg_patterns luaossl compat53 basexx binaryheap
-    ];
-  in runCommand unwrapped.name
+wrapped-full = runCommand unwrapped.name
   {
     nativeBuildInputs = [ makeWrapper ];
+    buildInputs = with luajitPackages; [
+      # For http module, prefill module, trust anchor bootstrap.
+      # It brings lots of deps; some are useful elsewhere (e.g. cqueues).
+      http
+      # psl isn't in nixpkgs yet, but policy.slice_randomize_psl() seems not important.
+    ];
     preferLocalBuild = true;
     allowSubstitutes = false;
   }
-  (exportLuaPathsFor luaPkgs
-  + ''
-    mkdir -p "$out"/{bin,share}
+  ''
+    mkdir -p "$out"/bin
     makeWrapper '${unwrapped}/bin/kresd' "$out"/bin/kresd \
       --set LUA_PATH  "$LUA_PATH" \
       --set LUA_CPATH "$LUA_CPATH"
 
-    ln -sr '${unwrapped}/share/man' "$out"/share/
+    ln -sr '${unwrapped}/share' "$out"/
+    ln -sr '${unwrapped}/lib'   "$out"/ # useful in NixOS service
     ln -sr "$out"/{bin,sbin}
 
     echo "Checking that 'http' module loads, i.e. lua search paths work:"
     echo "modules.load('http')" > test-http.lua
     echo -e 'quit()' | env -i "$out"/bin/kresd -a 127.0.0.1#53535 -c test-http.lua
-  '');
+  '';
 
 in result
diff --git a/nixpkgs/pkgs/servers/dns/pdns-recursor/default.nix b/nixpkgs/pkgs/servers/dns/pdns-recursor/default.nix
index e5fc3ac5bb9a..7d6fa7d9c91b 100644
--- a/nixpkgs/pkgs/servers/dns/pdns-recursor/default.nix
+++ b/nixpkgs/pkgs/servers/dns/pdns-recursor/default.nix
@@ -8,11 +8,11 @@ with stdenv.lib;
 
 stdenv.mkDerivation rec {
   pname = "pdns-recursor";
-  version = "4.2.1";
+  version = "4.3.0";
 
   src = fetchurl {
     url = "https://downloads.powerdns.com/releases/pdns-recursor-${version}.tar.bz2";
-    sha256 = "07w9av3v9zjnb1fhknmza168yxsq4zr2jqcla7yg10ajrhsk534d";
+    sha256 = "13v2iah7z10wc43v9agcjrzi3wds4jna8f0b7ph35nyzhzr31h9b";
   };
 
   nativeBuildInputs = [ pkgconfig ];
@@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     description = "A recursive DNS server";
-    homepage = https://www.powerdns.com/;
+    homepage = "https://www.powerdns.com/";
     platforms = platforms.linux;
     license = licenses.gpl2;
     maintainers = with maintainers; [ rnhmjoj ];