aboutsummaryrefslogtreecommitdiff
path: root/net/dnsdist/Makefile
blob: 2cfe7df339dd66fd03bafd3ea4234cdd08125196 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169

include $(TOPDIR)/rules.mk

PKG_NAME:=dnsdist
PKG_VERSION:=1.9.3
PKG_RELEASE:=1

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/
PKG_HASH:=f05b68806dc6c4d207b1fadb7ec715c3e0d28d893a8b3b92d58297c4ceb56c3f

PKG_MAINTAINER:=Peter van Dijk <peter.van.dijk@powerdns.com>, Remi Gacogne <remi.gacogne@powerdns.com>
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:powerdns:dnsdist

PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1

PKG_BUILD_DEPENDS:=boost

PKG_CONFIG_DEPENDS:= \
  CONFIG_DNSDIST_GNUTLS \
  CONFIG_DNSDIST_OPENSSL

include $(INCLUDE_DIR)/package.mk

define Package/dnsdist/Default
  SECTION:=net
  CATEGORY:=Network
  SUBMENU:=IP Addresses and Names
  TITLE:=dnsdist DNS-, DOS- and abuse-aware loadbalancer $(2)
  USERID:=dnsdist:dnsdist
  DEPENDS:= \
	  +ca-bundle \
	  +libatomic \
	  +libcap \
	  +libstdcpp \
	  @HAS_LUAJIT_ARCH +luajit
  URL:=https://dnsdist.org/
  VARIANT:=$(1)
  PROVIDES:=dnsdist
endef

define Package/dnsdist/description/Default
  dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life
  is to route traffic to the best server, delivering top performance to legitimate
  users while shunting or blocking abusive traffic.
endef

define Package/dnsdist/conffiles/Default
/etc/dnsdist.conf
/etc/config/dnsdist
/etc/init.d/dnsdist
endef

define Package/dnsdist/config
  source "$(SOURCE)/Config.in"
endef

define Package/dnsdist/install/Default
	$(INSTALL_DIR) $(1)/etc
	$(INSTALL_DIR) $(1)/etc/dnsdist.conf.d
	$(INSTALL_CONF) ./files/dnsdist.conf $(1)/etc/dnsdist.conf
	$(INSTALL_DIR) $(1)/etc/config
	$(INSTALL_CONF) ./files/dnsdist.config $(1)/etc/config/dnsdist
	$(INSTALL_DIR) $(1)/etc/init.d
	$(INSTALL_BIN) ./files/dnsdist.init $(1)/etc/init.d/dnsdist
	$(INSTALL_DIR) $(1)/usr/bin
	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dnsdist $(1)/usr/bin/
endef

define Package/dnsdist
  $(call Package/dnsdist/Default,mini,- minimal version with a restricted feature set)
  DEPENDS+= \
	  +DNSDIST_LIBEDIT:libedit \
	  +DNSDIST_DNSTAP:libfstrm \
	  +DNSDIST_GNUTLS:libgnutls \
	  +DNSDIST_DNS_OVER_HTTPS:libnghttp2 \
	  +DNSDIST_NET_SNMP:libnetsnmp \
	  +DNSDIST_OPENSSL:libopenssl \
	  +DNSDIST_SODIUM:libsodium \
	  +DNSDIST_LMDB:lmdb \
	  +DNSDIST_CDB:tinycdb \
	  +DNSDIST_RE2:re2
endef

Package/dnsdist/description=$(call Package/dnsdist/description/Default)
Package/dnsdist/conffiles=$(call Package/dnsdist/conffiles/Default)
Package/dnsdist/install=$(call Package/dnsdist/install/Default,$1)

define Package/dnsdist-full
  $(call Package/dnsdist/Default,full,- full version with all the features built in)
  DEPENDS+= \
	  +libedit \
	  +libfstrm \
	  +libgnutls \
	  +libnetsnmp \
	  +libnghttp2 \
	  +libopenssl \
	  +libsodium \
	  +lmdb \
	  +tinycdb \
	  +re2
endef
Package/dnsdist-full/description=$(call Package/dnsdist/description/Default)
Package/dnsdist-full/conffiles=$(call Package/dnsdist/conffiles/Default)
Package/dnsdist-full/install=$(call Package/dnsdist/install/Default,$1)

# not everything groks --disable-nls
DISABLE_NLS:=

# disable PIE for this package, see CONFIG_DNSDIST_PIE
PKG_ASLR_PIE:=0

ifneq ($(CONFIG_DNSDIST_DEBUG_SYMBOLS),)
	RSTRIP:=:
	STRIP:=:
endif

IsEnabled = $(or $(filter full,$(BUILD_VARIANT)),$(CONFIG_$(1)))

# OpenWRT's setting of CXX destroys dnsdist's -std=c++17
# --with-re2 compensates for that because it compensates for a bug in re2.pc that also destroys it
# so this addition is for the --without-re2 case
#
# none of this is pretty
TARGET_CXX+=-std=c++17
TARGET_CFLAGS+=-Os -fvisibility=hidden -flto -fno-ipa-cp -DNDEBUG
TARGET_CXXFLAGS+=-Os -fvisibility=hidden -flto -fno-ipa-cp -DNDEBUG \
	-DDISABLE_DEPRECATED_DYNBLOCK -DDISABLE_RECVMMSG -DDISABLE_NPN -DDISABLE_FALSE_SHARING_PADDING -DUSE_SINGLE_ACCEPTOR_THREAD -DOPENSSL_NO_ENGINE -DDISABLE_OPENSSL_ERROR_STRINGS \
	$(if $(call IsEnabled,DNSDIST_CARBON),,-DDISABLE_CARBON) \
	$(if $(call IsEnabled,DNSDIST_COMPLETION),,-DDISABLE_COMPLETION) \
	$(if $(call IsEnabled,DNSDIST_DEBUG_SYMBOLS),-g3,) \
	$(if $(call IsEnabled,DNSDIST_DELAY_PIPE),,-DDISABLE_DELAY_PIPE) \
	$(if $(call IsEnabled,DNSDIST_DYNBLOCKS),,-DDISABLE_DYNBLOCKS) \
	$(if $(call IsEnabled,DNSDIST_ECS_ACTIONS),,-DDISABLE_ECS_ACTIONS) \
	$(if $(call IsEnabled,DNSDIST_HASHED),,-DDISABLE_HASHED_CREDENTIALS) \
	$(if $(call IsEnabled,DNSDIST_LUA_ADVANCED),,-DDISABLE_NON_FFI_DQ_BINDINGS -DDISABLE_DOWNSTREAM_BINDINGS -DDISABLE_DNSHEADER_BINDINGS -DDISABLE_COMBO_ADDR_BINDINGS -DDISABLE_QPS_LIMITER_BINDINGS -DDISABLE_PACKETCACHE_BINDINGS -DDISABLE_CLIENT_STATE_BINDINGS -DDISABLE_DNSPACKET_BINDINGS -DDISABLE_LUA_BINDINGS_RINGS) \
	$(if $(call IsEnabled,DNSDIST_MAC),-DDNSDIST_RINGS_WITH_MACADDRESS,) \
	$(if $(call IsEnabled,DNSDIST_OCSP_STAPLING),,-DDISABLE_OCSP_STAPLING) \
	$(if $(call IsEnabled,DNSDIST_PROTOBUF),,-DDISABLE_PROTOBUF) \
	$(if $(call IsEnabled,DNSDIST_PROMETHEUS),,-DDISABLE_PROMETHEUS) \
	$(if $(call IsEnabled,DNSDIST_RULES_ALTER),,-DDISABLE_RULES_ALTERING_QUERIES) \
	$(if $(call IsEnabled,DNSDIST_SECPOLL),,-DDISABLE_SECPOLL) \
	$(if $(call IsEnabled,DNSDIST_TOP_N),,-DDISABLE_TOP_N_BINDINGS) \
	$(if $(call IsEnabled,DNSDIST_WEB),,-DDISABLE_WEB_CONFIG -DDISABLE_BUILTIN_HTML -DDISABLE_LUA_WEB_HANDLERS)

CONFIGURE_ARGS+= \
	--with-pic \
	--with-lua=luajit \
	--with-libcap \
	--without-xsk \
	$(if $(call IsEnabled,DNSDIST_PIE),,--disable-hardening) \
	$(if $(call IsEnabled,DNSDIST_SODIUM),--enable-dnscrypt --with-libsodium,--disable-dnscrypt --without-libsodium) \
	$(if $(call IsEnabled,DNSDIST_DNSTAP),--enable-dnstap=yes,--enable-dnstap=no) \
	$(if $(call IsEnabled,DNSDIST_RE2),--with,--without)-re2 \
	$(if $(call IsEnabled,DNSDIST_NET_SNMP),--with,--without)-net-snmp \
	$(if $(call IsEnabled,DNSDIST_GNUTLS),--with,--without)-gnutls \
	$(if $(call IsEnabled,DNSDIST_OPENSSL),--with,--without)-libssl \
	$(if $(call IsEnabled,DNSDIST_DNS_OVER_TLS),--enable-dns-over-tls,) \
	$(if $(call IsEnabled,DNSDIST_CDB),--with,--without)-cdb \
	$(if $(call IsEnabled,DNSDIST_LMDB),--with,--without)-lmdb \
	$(if $(call IsEnabled,DNSDIST_LIBEDIT),--with,--without)-libedit \
	$(if $(call IsEnabled,DNSDIST_IPCIPHER),--enable,--disable)-ipcipher \
	$(if $(call IsEnabled,DNSDIST_EBPF),--with,--without)-ebpf \
	$(if $(call IsEnabled,DNSDIST_DNS_OVER_HTTPS),--enable-dns-over-https,) \

$(eval $(call BuildPackage,dnsdist))
$(eval $(call BuildPackage,dnsdist-full))
Powered by cgit, Themed by Ted Yin.