Re: enable quic functionality in net/knot
[I'm not subscribed, sorry for not following the original Message-ID] On 2023-11-14 15:03, Landry Breuil wrote: > Here is a small patch to add DNS over QUIC with knot DNS client. > What do you think? had a look at configure.ac, and it build its embedded ngtcp2 because its explicitely looks for a gnutls-enabled ngtcp2. net/ngtcp2 is built against libressl. Hello, I already made some attempt to make an ngtcp2 subpackage with gnutls, but I didn't find time to finish it to be acceptable. https://marc.info/?t=16794024896&r=1&w=2 I have to return to it. Regards, David P.S. Please Cc me in replies, I'm not subscribed to the list.
Re: enable quic functionality in net/knot
On 11/16/23 00:04, Theo Buehler wrote: > On Thu, Nov 16, 2023 at 05:54:43AM +0100, Theo Buehler wrote: >> On Wed, Nov 15, 2023 at 10:39:10PM -0500, A Tammy wrote: >>> On 11/14/23 09:46, Renaud Allard wrote: Hello, Here is a small patch to add DNS over QUIC with knot DNS client. What do you think? Thank you, Best Regards >>> From the discussion it looks like, there's no choice but to use the >>> embedded library, as building ngtcp2 with gnutls isn't going to be possible. >> Nor desirable... >> >>> I'm ok with enabling quic on knot. I'm assuming someone else might have >>> an opinion on using embedded libraries. >> Well, if you use the embedded ngtcp2, keep an eye on it. The differences >> between 0.17.0 and 1.0.1 are very small, so it likely doesn't matter at >> this point. ngtcp2 is a small library, so building an extra copy is >> cheap. >> >>> Debian - https://packages.debian.org/sid/knot - and Fedora - >>> https://packages.fedoraproject.org/pkgs/knot/knot/fedora-rawhide.html#dependencies >>> - both use the embedded ngtcp2 library, so we won't be doing anything >>> weirdly different from other OSs. >>> >>> OKs? comments? opinions? >> Given that it uses the embedded ngtcp2, the dep on net/ngtcp2 doesn't >> look right. >> >> The main question knot users need to ask themselves is if they're really >> ok with depending on gnutls for a critical service. If I used this, I >> wouldn't be happy about it, but I am biased. Ultimately it's your choice >> as a maintainer and I won't object. >> > Ah, but it already does. So, really, I think it's fine if it's done > right. Haha, yea, even more surprisingly, it doesn't even link to libssl/crypto!
Re: enable quic functionality in net/knot
On Thu, Nov 16, 2023 at 05:54:43AM +0100, Theo Buehler wrote: > On Wed, Nov 15, 2023 at 10:39:10PM -0500, A Tammy wrote: > > > > On 11/14/23 09:46, Renaud Allard wrote: > > > Hello, > > > > > > Here is a small patch to add DNS over QUIC with knot DNS client. > > > What do you think? > > > > > > Thank you, > > > Best Regards > > > > From the discussion it looks like, there's no choice but to use the > > embedded library, as building ngtcp2 with gnutls isn't going to be possible. > > Nor desirable... > > > I'm ok with enabling quic on knot. I'm assuming someone else might have > > an opinion on using embedded libraries. > > Well, if you use the embedded ngtcp2, keep an eye on it. The differences > between 0.17.0 and 1.0.1 are very small, so it likely doesn't matter at > this point. ngtcp2 is a small library, so building an extra copy is > cheap. > > > Debian - https://packages.debian.org/sid/knot - and Fedora - > > https://packages.fedoraproject.org/pkgs/knot/knot/fedora-rawhide.html#dependencies > > - both use the embedded ngtcp2 library, so we won't be doing anything > > weirdly different from other OSs. > > > > OKs? comments? opinions? > > Given that it uses the embedded ngtcp2, the dep on net/ngtcp2 doesn't > look right. > > The main question knot users need to ask themselves is if they're really > ok with depending on gnutls for a critical service. If I used this, I > wouldn't be happy about it, but I am biased. Ultimately it's your choice > as a maintainer and I won't object. > Ah, but it already does. So, really, I think it's fine if it's done right.
Re: enable quic functionality in net/knot
On Wed, Nov 15, 2023 at 10:39:10PM -0500, A Tammy wrote: > > On 11/14/23 09:46, Renaud Allard wrote: > > Hello, > > > > Here is a small patch to add DNS over QUIC with knot DNS client. > > What do you think? > > > > Thank you, > > Best Regards > > From the discussion it looks like, there's no choice but to use the > embedded library, as building ngtcp2 with gnutls isn't going to be possible. Nor desirable... > I'm ok with enabling quic on knot. I'm assuming someone else might have > an opinion on using embedded libraries. Well, if you use the embedded ngtcp2, keep an eye on it. The differences between 0.17.0 and 1.0.1 are very small, so it likely doesn't matter at this point. ngtcp2 is a small library, so building an extra copy is cheap. > Debian - https://packages.debian.org/sid/knot - and Fedora - > https://packages.fedoraproject.org/pkgs/knot/knot/fedora-rawhide.html#dependencies > - both use the embedded ngtcp2 library, so we won't be doing anything > weirdly different from other OSs. > > OKs? comments? opinions? Given that it uses the embedded ngtcp2, the dep on net/ngtcp2 doesn't look right. The main question knot users need to ask themselves is if they're really ok with depending on gnutls for a critical service. If I used this, I wouldn't be happy about it, but I am biased. Ultimately it's your choice as a maintainer and I won't object.
Re: enable quic functionality in net/knot
On 11/14/23 09:46, Renaud Allard wrote: > Hello, > > Here is a small patch to add DNS over QUIC with knot DNS client. > What do you think? > > Thank you, > Best Regards >From the discussion it looks like, there's no choice but to use the embedded library, as building ngtcp2 with gnutls isn't going to be possible. I'm ok with enabling quic on knot. I'm assuming someone else might have an opinion on using embedded libraries. Debian - https://packages.debian.org/sid/knot - and Fedora - https://packages.fedoraproject.org/pkgs/knot/knot/fedora-rawhide.html#dependencies - both use the embedded ngtcp2 library, so we won't be doing anything weirdly different from other OSs. OKs? comments? opinions? Aisha
Re: enable quic functionality in net/knot
Le Tue, Nov 14, 2023 at 03:46:46PM +0100, Renaud Allard a écrit : > Hello, > > Here is a small patch to add DNS over QUIC with knot DNS client. > What do you think? had a look at configure.ac, and it build its embedded ngtcp2 because its explicitely looks for a gnutls-enabled ngtcp2. net/ngtcp2 is built against libressl. cf libngtcp2_crypto_gnutls in https://github.com/CZ-NIC/knot/blob/master/configure.ac#L572 Landry
enable quic functionality in net/knot
Hello,
Here is a small patch to add DNS over QUIC with knot DNS client.
What do you think?
Thank you,
Best RegardsIndex: Makefile
===
RCS file: /cvs/ports/net/knot/Makefile,v
retrieving revision 1.81
diff -u -p -r1.81 Makefile
--- Makefile 27 Sep 2023 14:18:13 - 1.81
+++ Makefile 14 Nov 2023 14:44:13 -
@@ -2,6 +2,7 @@ COMMENT = authoritative DNS server
# update net/py-libknot when updating this
DISTNAME = knot-3.2.9
+REVISION = 0
SHARED_LIBS += dnssec 3.1 # .9.0
SHARED_LIBS += knot 8.0 # .13.0
@@ -29,7 +30,8 @@ DEBUG_PACKAGES = ${BUILD_PACKAGES}
COMPILER = base-clang ports-gcc
COMPILER_LANGS = c
-BUILD_DEPENDS = devel/bison
+BUILD_DEPENDS = devel/bison \
+ net/ngtcp2
LIB_DEPENDS = devel/gettext,-runtime \
devel/libidn2 \
devel/liburcu \
@@ -40,6 +42,7 @@ LIB_DEPENDS = devel/gettext,-runtime \
CONFIGURE_STYLE = gnu
CONFIGURE_ARGS += --with-storage=${LOCALSTATEDIR}/db/knot \
--with-libidn \
+ --enable-quic \
--disable-dnstap \
--disable-maxminddb
smime.p7s
Description: S/MIME Cryptographic Signature
