From bbfca0f371d8c41009e812f3e50e5b93eb457cff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Thu, 1 Feb 2018 17:15:28 +0100
Subject: [PATCH] knot-resolver: 1.5.3 -> 2.0.0 (feature update)

Also split extraFeatures into a wrapper derivation.
So far, no changes like user renaming nor systemd unit rework.
---
 nixos/modules/services/networking/kresd.nix |  6 +-
 pkgs/servers/dns/knot-resolver/default.nix  | 71 ++++++++++++---------
 2 files changed, 44 insertions(+), 33 deletions(-)

diff --git a/nixos/modules/services/networking/kresd.nix b/nixos/modules/services/networking/kresd.nix
index 011a9b2f58ea..d0c19c4ecb71 100644
--- a/nixos/modules/services/networking/kresd.nix
+++ b/nixos/modules/services/networking/kresd.nix
@@ -43,7 +43,7 @@ in
       type = with types; listOf str;
       default = [ "::1" "127.0.0.1" ];
       description = ''
-        What addresses the server should listen on.
+        What addresses the server should listen on. (UDP+TCP 53)
       '';
     };
     # TODO: perhaps options for more common stuff like cache size or forwarding
@@ -99,9 +99,9 @@ in
         Restart = "on-failure";
       };
 
+      # Trust anchor goes from dns-root-data by default.
       script = ''
-        exec '${package}/bin/kresd' --config '${configFile}' \
-          -k '${pkgs.dns-root-data}/root.key'
+        exec '${package}/bin/kresd' --config '${configFile}' --forks=1
       '';
 
       requires = [ "kresd.socket" ];
diff --git a/pkgs/servers/dns/knot-resolver/default.nix b/pkgs/servers/dns/knot-resolver/default.nix
index 7a5aa8da550a..2ec12b81f84b 100644
--- a/pkgs/servers/dns/knot-resolver/default.nix
+++ b/pkgs/servers/dns/knot-resolver/default.nix
@@ -1,63 +1,55 @@
-{ stdenv, fetchurl, pkgconfig, hexdump, which
+{ stdenv, fetchurl, runCommand, pkgconfig, hexdump, which
 , knot-dns, luajit, libuv, lmdb, gnutls, nettle
 , cmocka, systemd, dns-root-data, makeWrapper
 , extraFeatures ? false /* catch-all if defaults aren't enough */
 , hiredis, libmemcached, luajitPackages
 }:
+let # un-indented, over the whole file
 
-let
-  inherit (stdenv.lib) optional optionals optionalString;
-in
-stdenv.mkDerivation rec {
+result = if extraFeatures then wrapped-full else unwrapped;
+
+inherit (stdenv.lib) optional optionals optionalString concatStringsSep;
+
+unwrapped = stdenv.mkDerivation rec {
   name = "knot-resolver-${version}";
-  version = "1.5.3";
+  version = "2.0.0";
 
   src = fetchurl {
     url = "http://secure.nic.cz/files/knot-resolver/${name}.tar.xz";
-    sha256 = "03sb05zz6qn966apcprdqhmirkz7kjdbx8hswbvgamk1s2xd7v6f";
+    sha256 = "b40d9dbef05031464dfff57712f476e7cddc0fda26b41daf660c5a33ea203ce0";
   };
 
   outputs = [ "out" "dev" ];
 
   configurePhase = ":";
 
-  nativeBuildInputs = [ pkgconfig which makeWrapper hexdump ];
+  nativeBuildInputs = [ pkgconfig which hexdump ];
 
   # http://knot-resolver.readthedocs.io/en/latest/build.html#requirements
   buildInputs = [ knot-dns luajit libuv gnutls nettle lmdb ]
-    ++ optional doInstallCheck cmocka
+    ++ optional doCheck cmocka
     ++ optional stdenv.isLinux systemd # sd_notify
-    ++ optionals extraFeatures [
-      hiredis libmemcached # additional cache backends
-    ];
-    ## optional dependencies; TODO: libedit, dnstap, http2 module?
+    ## optional dependencies; TODO: libedit, dnstap
+    ;
 
-  makeFlags = [ "PREFIX=$(out)" "ROOTHINTS=${dns-root-data}/root.hints" ];
+  makeFlags = [
+    "PREFIX=$(out)"
+    "ROOTHINTS=${dns-root-data}/root.hints"
+    "KEYFILE_DEFAULT=${dns-root-data}/root.ds"
+  ];
   CFLAGS = [ "-O2" "-DNDEBUG" ];
 
   enableParallelBuilding = true;
 
   doCheck = true;
-  doInstallCheck = true;
+  doInstallCheck = false; # FIXME
   preInstallCheck = ''
     patchShebangs tests/config/runtest.sh
   '';
 
   postInstall = ''
-    rm "$out"/etc/kresd/root.hints # using system-wide instead
-  ''
-  # optional: to allow auto-bootstrapping root trust anchor via https
-  + (with luajitPackages; ''
-      wrapProgram "$out/sbin/kresd" \
-        --set LUA_PATH '${
-          stdenv.lib.concatStringsSep ";"
-            (map getLuaPath [ luasec luasocket ])
-          }' \
-        --set LUA_CPATH '${
-          stdenv.lib.concatStringsSep ";"
-            (map getLuaCPath [ luasec luasocket ])
-          }'
-    '');
+    rm "$out"/etc/knot-resolver/root.hints # using system-wide instead
+  '';
 
   meta = with stdenv.lib; {
     description = "Caching validating DNS resolver, from .cz domain registry";
@@ -67,5 +59,24 @@ stdenv.mkDerivation rec {
     platforms = filter (p: p != "aarch64-linux") platforms.unix;
     maintainers = [ maintainers.vcunat /* upstream developer */ ];
   };
-}
+};
+
+wrapped-full = with luajitPackages; let
+    luaPkgs =  [ luasec luasocket ]; # TODO: cqueues and others for http2 module
+  in runCommand unwrapped.name
+  {
+    nativeBuildInputs = [ makeWrapper ];
+    preferLocalBuild = true;
+    allowSubstitutes = false;
+  }
+  ''
+    mkdir -p "$out/sbin" "$out/share"
+    makeWrapper '${unwrapped}/sbin/kresd' "$out"/sbin/kresd \
+      --set LUA_PATH  '${concatStringsSep ";" (map getLuaPath  luaPkgs)}' \
+      --set LUA_CPATH '${concatStringsSep ";" (map getLuaCPath luaPkgs)}'
+    ln -sr '${unwrapped}/share/man' "$out"/share/
+    ln -sr "$out"/{sbin,bin}
+  '';
+
+in result