1 files changed, 93 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/getdns/default.nix b/nixpkgs/pkgs/development/libraries/getdns/default.nix
new file mode 100644
index 000000000000..95844e36f3a0
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/getdns/default.nix
@@ -0,0 +1,93 @@
+# Getdns and Stubby are released together, see https://getdnsapi.net/releases/
+
+{ lib, stdenv, fetchurl, cmake, darwin, doxygen, libidn2, libyaml, openssl
+, systemd, unbound, yq }:
+let
+  metaCommon = with lib; {
+    maintainers = with maintainers; [ leenaars ehmry ];
+    license = licenses.bsd3;
+    platforms = platforms.all;
+  };
+in rec {
+
+  getdns = stdenv.mkDerivation rec {
+    pname = "getdns";
+    version = "1.7.3";
+    outputs = [ "out" "dev" "lib" "man" ];
+
+    src = fetchurl {
+      url = with lib; "https://getdnsapi.net/releases/${pname}-${concatStringsSep "-" (splitVersion version)}/${pname}-${version}.tar.gz";
+      # upstream publishes hashes in hex format
+      sha256 = "f1404ca250f02e37a118aa00cf0ec2cbe11896e060c6d369c6761baea7d55a2c";
+    };
+
+    nativeBuildInputs = [ cmake doxygen ];
+
+    buildInputs = [ libidn2 openssl unbound ];
+
+    # https://github.com/getdnsapi/getdns/issues/517
+    postPatch = ''
+      substituteInPlace getdns.pc.in \
+        --replace '$'{exec_prefix}/@CMAKE_INSTALL_LIBDIR@ @CMAKE_INSTALL_FULL_LIBDIR@ \
+        --replace '$'{prefix}/@CMAKE_INSTALL_INCLUDEDIR@ @CMAKE_INSTALL_FULL_INCLUDEDIR@
+    '';
+
+    postInstall = "rm -r $out/share/doc";
+
+    meta = with lib;
+      metaCommon // {
+        description = "A modern asynchronous DNS API";
+        longDescription = ''
+          getdns is an implementation of a modern asynchronous DNS API; the
+          specification was originally edited by Paul Hoffman. It is intended to make all
+          types of DNS information easily available to application developers and non-DNS
+          experts. DNSSEC offers a unique global infrastructure for establishing and
+          enhancing cryptographic trust relations. With the development of this API the
+          developers intend to offer application developers a modern and flexible
+          interface that enables end-to-end trust in the DNS architecture, and which will
+          inspire application developers to implement innovative security solutions in
+          their applications.
+        '';
+        homepage = "https://getdnsapi.net";
+      };
+  };
+
+  stubby = stdenv.mkDerivation rec {
+    pname = "stubby";
+    version = "0.4.3";
+    outputs = [ "out" "man" "stubbyExampleJson" ];
+
+    inherit (getdns) src;
+    sourceRoot = "${getdns.pname}-${getdns.version}/stubby";
+
+    nativeBuildInputs = [ cmake doxygen yq ];
+
+    buildInputs = [ getdns libyaml openssl systemd ]
+      ++ lib.optionals stdenv.isDarwin [ darwin.Security ];
+
+    postInstall = ''
+      rm -r $out/share/doc
+      yq \
+        < $NIX_BUILD_TOP/$sourceRoot/stubby.yml.example \
+        > $stubbyExampleJson
+    '';
+
+    passthru.settingsExample = with builtins;
+      fromJSON (readFile stubby.stubbyExampleJson);
+
+    meta = with lib;
+      metaCommon // {
+        description = "A local DNS Privacy stub resolver (using DNS-over-TLS)";
+        mainProgram = "stubby";
+        longDescription = ''
+          Stubby is an application that acts as a local DNS Privacy stub
+          resolver (using RFC 7858, aka DNS-over-TLS). Stubby encrypts DNS
+          queries sent from a client machine (desktop or laptop) to a DNS
+          Privacy resolver increasing end user privacy. Stubby is developed by
+          the getdns team.
+        '';
+        homepage = "https://dnsprivacy.org/wiki/x/JYAT";
+      };
+  };
+
+}