We remove the configFile build flag override in the NixOS module.
Instead of embedding the conf file link to the binaries, we symlink it
to /etc/nsd/nsd.nix, the hardcoded config file location for the
various CLI nsd utilities.
This config file build option override is triggerring a nsd rebuild
for each configuration change. This prevent us to use the nixos cache
in many cases.
Co-authored-by: Erjo <erjo@cocoba.work>
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/nsd/versions.
These checks were done:
- built on NixOS
- /nix/store/cv3f36znw2zrckq1082wjf6j7vr5yzyg-nsd-4.1.22/bin/nsd passed the binary check.
- Warning: no invocation of /nix/store/cv3f36znw2zrckq1082wjf6j7vr5yzyg-nsd-4.1.22/bin/nsd-checkconf had a zero exit code or showed the expected version
- /nix/store/cv3f36znw2zrckq1082wjf6j7vr5yzyg-nsd-4.1.22/bin/nsd-checkzone passed the binary check.
- Warning: no invocation of /nix/store/cv3f36znw2zrckq1082wjf6j7vr5yzyg-nsd-4.1.22/bin/nsd-control had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/cv3f36znw2zrckq1082wjf6j7vr5yzyg-nsd-4.1.22/bin/nsd-control-setup had a zero exit code or showed the expected version
- 2 of 5 passed binary check by having a zero exit code.
- 0 of 5 passed binary check by having the new version present in output.
- found 4.1.22 with grep in /nix/store/cv3f36znw2zrckq1082wjf6j7vr5yzyg-nsd-4.1.22
- directory tree listing: https://gist.github.com/ec1aa618f9ae7b813590da95020758aa
- du listing: https://gist.github.com/8277d4bf5e8944c2b6396fb624e08250
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/nsd/versions.
These checks were done:
- built on NixOS
- /nix/store/vwidqdayh0l8rf5sjq37hr6ygdxrmkbb-nsd-4.1.21/bin/nsd passed the binary check.
- Warning: no invocation of /nix/store/vwidqdayh0l8rf5sjq37hr6ygdxrmkbb-nsd-4.1.21/bin/nsd-checkconf had a zero exit code or showed the expected version
- /nix/store/vwidqdayh0l8rf5sjq37hr6ygdxrmkbb-nsd-4.1.21/bin/nsd-checkzone passed the binary check.
- Warning: no invocation of /nix/store/vwidqdayh0l8rf5sjq37hr6ygdxrmkbb-nsd-4.1.21/bin/nsd-control had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/vwidqdayh0l8rf5sjq37hr6ygdxrmkbb-nsd-4.1.21/bin/nsd-control-setup had a zero exit code or showed the expected version
- 2 of 5 passed binary check by having a zero exit code.
- 0 of 5 passed binary check by having the new version present in output.
- found 4.1.21 with grep in /nix/store/vwidqdayh0l8rf5sjq37hr6ygdxrmkbb-nsd-4.1.21
- directory tree listing: https://gist.github.com/57f572db82ca8e038bcf1c970d13f10e
- du listing: https://gist.github.com/11c687e733f7222872d6e3733c5f9d0b
Semi-automatic update. These checks were performed:
- built on NixOS
- ran `/nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20/bin/nsd -h` got 0 exit code
- ran `/nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20/bin/nsd -v` and found version 4.1.20
- ran `/nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20/bin/nsd -h` and found version 4.1.20
- ran `/nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20/bin/nsd-checkzone -h` got 0 exit code
- ran `/nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20/bin/nsd-checkzone -h` and found version 4.1.20
- found 4.1.20 with grep in /nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20
- found 4.1.20 in filename of file in /nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20
cc "@hrdinka"
* Fix#1132 for SERVFAIL zones perform backoff, and remembers the timeout on next startup.
* Fix null memcpy for radixtree with single link element.
* Robust fix against missing master in tcp_open for xfrd.
* Fix wildcards in include: config statements with chroot enabled.
* suppress compile warning in lex files.
* Fix to try every master once, then wait for timeout or notify.
* Save backoff timeout into xfrd.state file, this file has a higher version number now. Old files are skipped silently (causes refresh) and created as new files upon exit.
* Fix restart of zone transfers when new config becomes available.
4.1.12
======
Bugfixes
--------
Fix malformed edns query assertion failure, reported by Michal Kepien (NASK).
4.1.11
======
Features
--------
* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix#790: size-limit-xfr can stop NSD from downloading infinite zone transfer data size, from Toshifumi Sakaguchi. Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.
Bugfixes
--------
* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix#783: Trying to run a root server without having configured it silently gives wrong answers.
* Fix#782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.
4.1.10
======
Features
--------
* ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option for Linux, binds to interfaces and addresses that are down.
* NSD includes AAAA before A for queries over IPV6 (in delegations). And TC is set if no glue can be provided with a delegation because of packet size.
* print notice that nsd is starting before taking off.
Bugfixes
--------
* Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl.
* Fix#751: NSD fails to occlude names below a DNAME.
* If set without nsd.db print "" as the default in the man pages.
* Fix#755: NSD spins after a zone update and a lot of TCP queries.
* Fix for NSEC3 with zone signed without exact match for empty nonterminals, the answer for that domain gets closest encloser.
* #772 Document that recvmmsg has IPv6 problems on some linux kernels.
4.1.9
=====
Bugfixes
--------
* Change the nsd.db file version because of nanosecond precision fix.
Features
========
* Fix#732: tcp-mss, outgoing-tcp-mss options for nsd.conf, patch from Daisuke Higashi.
* Fix#739: zonefile changes when mtime is small are detected on reload, if filesystem supports precision mtime values.
* RR type CSYNC (RFC7477) syntax is supported.
Bugfixes
========
* Change the nsd.db file version because of nanosecond precision fix.
* take advantage of arc4random_uniform if available, patch from Loganaden Velvindron.
* Fix flto check for OSX clang.
* Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on Linux.
* Fix#736: segfault during zone transfer.
* Fix#744: Fix that NSD replies for configured but unloaded zone with SERVFAIL, not REFUSED.
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
Allowing to use nixpkgs config to provide different defaults is not
going to help us here, so we would like to use nsd.override {} in order
to supply the correct options in the module.
Eventually removing the nixpkgs config option would make sense here as
well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>