205 lines
6.5 KiB
Makefile
Raw Normal View History

2011-02-19 08:50:15 +00:00
#
# Copyright (C) 2006-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
2005-03-21 08:12:49 +00:00
include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_UPSTREAM_VERSION:=2.89
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
PKG_RELEASE:=7
2005-03-21 08:12:49 +00:00
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
PKG_SOURCE_URL:=https://thekelleys.org.uk/dnsmasq/
PKG_HASH:=02bd230346cf0b9d5909f5e151df168b2707103785eb616b56685855adebb609
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:thekelleys:dnsmasq
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_UPSTREAM_VERSION)
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
PKG_BUILD_FLAGS:=lto
PKG_ASLR_PIE_REGULAR:=1
PKG_CONFIG_DEPENDS:= CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcp \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset \
dnsmasq: Support nftables nftsets Add build option for nftables sets. By default disable iptables ipset support. By default enable nftable nftset support since this is what fw4 uses. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: nftset: serve from ipset config Use existing ipset configs as source for nftsets to be compatible with existing configs. As the OS can either have iptables XOR nftables support, it's fine to provide both to dnsmasq. dnsmasq will silently fail for the present one. Depending on the dnsmasq compile time options, the ipsets or nftsets option will not be added to the dnsmasq config file. dnsmasq will try to add the IP addresses to all sets, regardless of the IP version defined for the set. Adding an IPv6 to an IPv4 set and vice versa will silently fail. Signed-off-by: Mathias Kresin <dev@kresin.me> dnsmasq: support populating nftsets in addition to ipsets Tell dnsmasq to populate nftsets instead of ipsets, if firewall4 is present in the system. Keep the same configuration syntax in /etc/config/dhcp, for compatibility purposes. Huge thanks to Jo-Philipp Wich for basically writing the function. Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> dnsmasq: obtain nftset ip family from nft Unfortunately dnsmasq nft is noisy if an attempt to add a mismatched ip address family to an nft set is made. Heuristic to guess which ip family a nft set might belong by inferring from the set name. In order of preference: If setname ends with standalone '4' or '6' use that, else if setname has '4' or '6' delimited by '-' or '_' use that (eg foo-4-bar) else If setname begins with '4' or '6' standalone use that. By standalone I mean not as part of a larger number eg. 24 If the above fails then use the existing nft set query mechanism and if that fails, well you're stuffed! With-thanks-to: Jo-Philipp Wich <jo@mein.io> who improved my regexp knowledge. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: specify firewall table for nftset Permit ipsets to specify an nftables table for the set. New config parameter is 'table'. If not specified the default of 'fw4' is used. config ipset list name 'BK_4,BK_6' option table 'dscpclassify' option table_family 'ip' option family '4' list domain 'ms-acdc.office.com' list domain 'windowsupdate.com' list domain 'update.microsoft.com' list domain 'graph.microsoft.com' list domain '1drv.ms' list domain '1drv.com' The table family can also be specified, usually 'ip' or 'ip6' else the default 'inet' capable of both ipv4 & ipv6 is used. If the table family is not specified then finally a family option is available to specify either '4' or '6' for ipv4 or ipv6 respectively. This is all in addition to the existing heuristic that will look in the nftset name for an ip family clue, or in total desperation, query the value from the nftset itself. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-11-29 17:16:39 +00:00
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_nftset \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_conntrack \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_broken_rtc \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_tftp
include $(INCLUDE_DIR)/package.mk
define Package/dnsmasq/Default
SECTION:=net
CATEGORY:=Base system
TITLE:=DNS and DHCP server
URL:=http://www.thekelleys.org.uk/dnsmasq/
DEPENDS:=+libubus
USERID:=dnsmasq=453:dnsmasq=453
endef
define Package/dnsmasq
$(call Package/dnsmasq/Default)
VARIANT:=nodhcpv6
endef
define Package/dnsmasq-dhcpv6
$(call Package/dnsmasq/Default)
TITLE += (with DHCPv6 support)
DEPENDS+=@IPV6
VARIANT:=dhcpv6
PROVIDES:=dnsmasq
endef
define Package/dnsmasq-full
$(call Package/dnsmasq/Default)
dnsmasq: Support nftables nftsets Add build option for nftables sets. By default disable iptables ipset support. By default enable nftable nftset support since this is what fw4 uses. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: nftset: serve from ipset config Use existing ipset configs as source for nftsets to be compatible with existing configs. As the OS can either have iptables XOR nftables support, it's fine to provide both to dnsmasq. dnsmasq will silently fail for the present one. Depending on the dnsmasq compile time options, the ipsets or nftsets option will not be added to the dnsmasq config file. dnsmasq will try to add the IP addresses to all sets, regardless of the IP version defined for the set. Adding an IPv6 to an IPv4 set and vice versa will silently fail. Signed-off-by: Mathias Kresin <dev@kresin.me> dnsmasq: support populating nftsets in addition to ipsets Tell dnsmasq to populate nftsets instead of ipsets, if firewall4 is present in the system. Keep the same configuration syntax in /etc/config/dhcp, for compatibility purposes. Huge thanks to Jo-Philipp Wich for basically writing the function. Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> dnsmasq: obtain nftset ip family from nft Unfortunately dnsmasq nft is noisy if an attempt to add a mismatched ip address family to an nft set is made. Heuristic to guess which ip family a nft set might belong by inferring from the set name. In order of preference: If setname ends with standalone '4' or '6' use that, else if setname has '4' or '6' delimited by '-' or '_' use that (eg foo-4-bar) else If setname begins with '4' or '6' standalone use that. By standalone I mean not as part of a larger number eg. 24 If the above fails then use the existing nft set query mechanism and if that fails, well you're stuffed! With-thanks-to: Jo-Philipp Wich <jo@mein.io> who improved my regexp knowledge. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: specify firewall table for nftset Permit ipsets to specify an nftables table for the set. New config parameter is 'table'. If not specified the default of 'fw4' is used. config ipset list name 'BK_4,BK_6' option table 'dscpclassify' option table_family 'ip' option family '4' list domain 'ms-acdc.office.com' list domain 'windowsupdate.com' list domain 'update.microsoft.com' list domain 'graph.microsoft.com' list domain '1drv.ms' list domain '1drv.com' The table family can also be specified, usually 'ip' or 'ip6' else the default 'inet' capable of both ipv4 & ipv6 is used. If the table family is not specified then finally a family option is available to specify either '4' or '6' for ipv4 or ipv6 respectively. This is all in addition to the existing heuristic that will look in the nftset name for an ip family clue, or in total desperation, query the value from the nftset itself. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-11-29 17:16:39 +00:00
TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset, Nftset, Conntrack, NO_ID enabled by default)
DEPENDS+=+PACKAGE_dnsmasq_full_dnssec:libnettle \
+PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset \
dnsmasq: Support nftables nftsets Add build option for nftables sets. By default disable iptables ipset support. By default enable nftable nftset support since this is what fw4 uses. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: nftset: serve from ipset config Use existing ipset configs as source for nftsets to be compatible with existing configs. As the OS can either have iptables XOR nftables support, it's fine to provide both to dnsmasq. dnsmasq will silently fail for the present one. Depending on the dnsmasq compile time options, the ipsets or nftsets option will not be added to the dnsmasq config file. dnsmasq will try to add the IP addresses to all sets, regardless of the IP version defined for the set. Adding an IPv6 to an IPv4 set and vice versa will silently fail. Signed-off-by: Mathias Kresin <dev@kresin.me> dnsmasq: support populating nftsets in addition to ipsets Tell dnsmasq to populate nftsets instead of ipsets, if firewall4 is present in the system. Keep the same configuration syntax in /etc/config/dhcp, for compatibility purposes. Huge thanks to Jo-Philipp Wich for basically writing the function. Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> dnsmasq: obtain nftset ip family from nft Unfortunately dnsmasq nft is noisy if an attempt to add a mismatched ip address family to an nft set is made. Heuristic to guess which ip family a nft set might belong by inferring from the set name. In order of preference: If setname ends with standalone '4' or '6' use that, else if setname has '4' or '6' delimited by '-' or '_' use that (eg foo-4-bar) else If setname begins with '4' or '6' standalone use that. By standalone I mean not as part of a larger number eg. 24 If the above fails then use the existing nft set query mechanism and if that fails, well you're stuffed! With-thanks-to: Jo-Philipp Wich <jo@mein.io> who improved my regexp knowledge. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: specify firewall table for nftset Permit ipsets to specify an nftables table for the set. New config parameter is 'table'. If not specified the default of 'fw4' is used. config ipset list name 'BK_4,BK_6' option table 'dscpclassify' option table_family 'ip' option family '4' list domain 'ms-acdc.office.com' list domain 'windowsupdate.com' list domain 'update.microsoft.com' list domain 'graph.microsoft.com' list domain '1drv.ms' list domain '1drv.com' The table family can also be specified, usually 'ip' or 'ip6' else the default 'inet' capable of both ipv4 & ipv6 is used. If the table family is not specified then finally a family option is available to specify either '4' or '6' for ipv4 or ipv6 respectively. This is all in addition to the existing heuristic that will look in the nftset name for an ip family clue, or in total desperation, query the value from the nftset itself. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-11-29 17:16:39 +00:00
+PACKAGE_dnsmasq_full_conntrack:libnetfilter-conntrack \
+PACKAGE_dnsmasq_full_nftset:nftables-json
VARIANT:=full
PROVIDES:=dnsmasq
endef
define Package/dnsmasq/description
It is intended to provide coupled DNS and DHCP service to a LAN.
endef
define Package/dnsmasq-dhcpv6/description
$(call Package/dnsmasq/description)
This is a variant with DHCPv6 support
endef
define Package/dnsmasq-full/description
$(call Package/dnsmasq/description)
This is a fully configurable variant with DHCPv4, DHCPv6, DNSSEC, Authoritative DNS
dnsmasq: Support nftables nftsets Add build option for nftables sets. By default disable iptables ipset support. By default enable nftable nftset support since this is what fw4 uses. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: nftset: serve from ipset config Use existing ipset configs as source for nftsets to be compatible with existing configs. As the OS can either have iptables XOR nftables support, it's fine to provide both to dnsmasq. dnsmasq will silently fail for the present one. Depending on the dnsmasq compile time options, the ipsets or nftsets option will not be added to the dnsmasq config file. dnsmasq will try to add the IP addresses to all sets, regardless of the IP version defined for the set. Adding an IPv6 to an IPv4 set and vice versa will silently fail. Signed-off-by: Mathias Kresin <dev@kresin.me> dnsmasq: support populating nftsets in addition to ipsets Tell dnsmasq to populate nftsets instead of ipsets, if firewall4 is present in the system. Keep the same configuration syntax in /etc/config/dhcp, for compatibility purposes. Huge thanks to Jo-Philipp Wich for basically writing the function. Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> dnsmasq: obtain nftset ip family from nft Unfortunately dnsmasq nft is noisy if an attempt to add a mismatched ip address family to an nft set is made. Heuristic to guess which ip family a nft set might belong by inferring from the set name. In order of preference: If setname ends with standalone '4' or '6' use that, else if setname has '4' or '6' delimited by '-' or '_' use that (eg foo-4-bar) else If setname begins with '4' or '6' standalone use that. By standalone I mean not as part of a larger number eg. 24 If the above fails then use the existing nft set query mechanism and if that fails, well you're stuffed! With-thanks-to: Jo-Philipp Wich <jo@mein.io> who improved my regexp knowledge. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: specify firewall table for nftset Permit ipsets to specify an nftables table for the set. New config parameter is 'table'. If not specified the default of 'fw4' is used. config ipset list name 'BK_4,BK_6' option table 'dscpclassify' option table_family 'ip' option family '4' list domain 'ms-acdc.office.com' list domain 'windowsupdate.com' list domain 'update.microsoft.com' list domain 'graph.microsoft.com' list domain '1drv.ms' list domain '1drv.com' The table family can also be specified, usually 'ip' or 'ip6' else the default 'inet' capable of both ipv4 & ipv6 is used. If the table family is not specified then finally a family option is available to specify either '4' or '6' for ipv4 or ipv6 respectively. This is all in addition to the existing heuristic that will look in the nftset name for an ip family clue, or in total desperation, query the value from the nftset itself. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-11-29 17:16:39 +00:00
and nftset, Conntrack support & NO_ID enabled by default.
endef
define Package/dnsmasq/conffiles
/etc/config/dhcp
/etc/dnsmasq.conf
/etc/dnsmasq.d/
endef
define Package/dnsmasq-full/config
if PACKAGE_dnsmasq-full
config PACKAGE_dnsmasq_full_dhcp
bool "Build with DHCP support."
default y
config PACKAGE_dnsmasq_full_dhcpv6
bool "Build with DHCPv6 support."
depends on IPV6 && PACKAGE_dnsmasq_full_dhcp
default y
config PACKAGE_dnsmasq_full_dnssec
bool "Build with DNSSEC support."
default y
config PACKAGE_dnsmasq_full_auth
bool "Build with the facility to act as an authoritative DNS server."
default y
config PACKAGE_dnsmasq_full_ipset
bool "Build with IPset support."
dnsmasq: Support nftables nftsets Add build option for nftables sets. By default disable iptables ipset support. By default enable nftable nftset support since this is what fw4 uses. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: nftset: serve from ipset config Use existing ipset configs as source for nftsets to be compatible with existing configs. As the OS can either have iptables XOR nftables support, it's fine to provide both to dnsmasq. dnsmasq will silently fail for the present one. Depending on the dnsmasq compile time options, the ipsets or nftsets option will not be added to the dnsmasq config file. dnsmasq will try to add the IP addresses to all sets, regardless of the IP version defined for the set. Adding an IPv6 to an IPv4 set and vice versa will silently fail. Signed-off-by: Mathias Kresin <dev@kresin.me> dnsmasq: support populating nftsets in addition to ipsets Tell dnsmasq to populate nftsets instead of ipsets, if firewall4 is present in the system. Keep the same configuration syntax in /etc/config/dhcp, for compatibility purposes. Huge thanks to Jo-Philipp Wich for basically writing the function. Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> dnsmasq: obtain nftset ip family from nft Unfortunately dnsmasq nft is noisy if an attempt to add a mismatched ip address family to an nft set is made. Heuristic to guess which ip family a nft set might belong by inferring from the set name. In order of preference: If setname ends with standalone '4' or '6' use that, else if setname has '4' or '6' delimited by '-' or '_' use that (eg foo-4-bar) else If setname begins with '4' or '6' standalone use that. By standalone I mean not as part of a larger number eg. 24 If the above fails then use the existing nft set query mechanism and if that fails, well you're stuffed! With-thanks-to: Jo-Philipp Wich <jo@mein.io> who improved my regexp knowledge. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: specify firewall table for nftset Permit ipsets to specify an nftables table for the set. New config parameter is 'table'. If not specified the default of 'fw4' is used. config ipset list name 'BK_4,BK_6' option table 'dscpclassify' option table_family 'ip' option family '4' list domain 'ms-acdc.office.com' list domain 'windowsupdate.com' list domain 'update.microsoft.com' list domain 'graph.microsoft.com' list domain '1drv.ms' list domain '1drv.com' The table family can also be specified, usually 'ip' or 'ip6' else the default 'inet' capable of both ipv4 & ipv6 is used. If the table family is not specified then finally a family option is available to specify either '4' or '6' for ipv4 or ipv6 respectively. This is all in addition to the existing heuristic that will look in the nftset name for an ip family clue, or in total desperation, query the value from the nftset itself. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-11-29 17:16:39 +00:00
default n
config PACKAGE_dnsmasq_full_nftset
bool "Build with Nftset support."
default y
config PACKAGE_dnsmasq_full_conntrack
bool "Build with Conntrack support."
default y
config PACKAGE_dnsmasq_full_noid
bool "Build with NO_ID. (hide *.bind pseudo domain)"
default y
config PACKAGE_dnsmasq_full_broken_rtc
bool "Build with HAVE_BROKEN_RTC."
default n
config PACKAGE_dnsmasq_full_tftp
bool "Build with TFTP server support."
default y
endif
endef
Package/dnsmasq-dhcpv6/conffiles = $(Package/dnsmasq/conffiles)
Package/dnsmasq-full/conffiles = $(Package/dnsmasq/conffiles)
COPTS = -DHAVE_UBUS -DHAVE_POLL_H \
$(if $(CONFIG_IPV6),,-DNO_IPV6)
ifeq ($(BUILD_VARIANT),nodhcpv6)
COPTS += -DNO_DHCP6
endif
ifeq ($(BUILD_VARIANT),full)
COPTS += $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcp),,-DNO_DHCP) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6),,-DNO_DHCP6) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec),-DHAVE_DNSSEC) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth),,-DNO_AUTH) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET) \
dnsmasq: Support nftables nftsets Add build option for nftables sets. By default disable iptables ipset support. By default enable nftable nftset support since this is what fw4 uses. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: nftset: serve from ipset config Use existing ipset configs as source for nftsets to be compatible with existing configs. As the OS can either have iptables XOR nftables support, it's fine to provide both to dnsmasq. dnsmasq will silently fail for the present one. Depending on the dnsmasq compile time options, the ipsets or nftsets option will not be added to the dnsmasq config file. dnsmasq will try to add the IP addresses to all sets, regardless of the IP version defined for the set. Adding an IPv6 to an IPv4 set and vice versa will silently fail. Signed-off-by: Mathias Kresin <dev@kresin.me> dnsmasq: support populating nftsets in addition to ipsets Tell dnsmasq to populate nftsets instead of ipsets, if firewall4 is present in the system. Keep the same configuration syntax in /etc/config/dhcp, for compatibility purposes. Huge thanks to Jo-Philipp Wich for basically writing the function. Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> dnsmasq: obtain nftset ip family from nft Unfortunately dnsmasq nft is noisy if an attempt to add a mismatched ip address family to an nft set is made. Heuristic to guess which ip family a nft set might belong by inferring from the set name. In order of preference: If setname ends with standalone '4' or '6' use that, else if setname has '4' or '6' delimited by '-' or '_' use that (eg foo-4-bar) else If setname begins with '4' or '6' standalone use that. By standalone I mean not as part of a larger number eg. 24 If the above fails then use the existing nft set query mechanism and if that fails, well you're stuffed! With-thanks-to: Jo-Philipp Wich <jo@mein.io> who improved my regexp knowledge. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: specify firewall table for nftset Permit ipsets to specify an nftables table for the set. New config parameter is 'table'. If not specified the default of 'fw4' is used. config ipset list name 'BK_4,BK_6' option table 'dscpclassify' option table_family 'ip' option family '4' list domain 'ms-acdc.office.com' list domain 'windowsupdate.com' list domain 'update.microsoft.com' list domain 'graph.microsoft.com' list domain '1drv.ms' list domain '1drv.com' The table family can also be specified, usually 'ip' or 'ip6' else the default 'inet' capable of both ipv4 & ipv6 is used. If the table family is not specified then finally a family option is available to specify either '4' or '6' for ipv4 or ipv6 respectively. This is all in addition to the existing heuristic that will look in the nftset name for an ip family clue, or in total desperation, query the value from the nftset itself. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-11-29 17:16:39 +00:00
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_nftset),-DHAVE_NFTSET,) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_conntrack),-DHAVE_CONNTRACK,) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid),-DNO_ID,) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_broken_rtc),-DHAVE_BROKEN_RTC) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_tftp),,-DNO_TFTP)
COPTS += $(if $(CONFIG_LIBNETTLE_MINI),-DNO_GMP,)
else
COPTS += -DNO_AUTH -DNO_IPSET -DNO_ID
endif
MAKE_FLAGS := \
$(TARGET_CONFIGURE_OPTS) \
CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS)" \
LDFLAGS="$(TARGET_LDFLAGS)" \
COPTS="$(COPTS)" \
PREFIX="/usr"
define Package/dnsmasq/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/dnsmasq $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/dhcp.conf $(1)/etc/config/dhcp
$(INSTALL_CONF) ./files/dnsmasq.conf $(1)/etc/dnsmasq.conf
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/dnsmasq.init $(1)/etc/init.d/dnsmasq
$(INSTALL_DIR) $(1)/etc/hotplug.d/dhcp
$(INSTALL_DIR) $(1)/etc/hotplug.d/neigh
dnsmasq: dnssec time handling uses ntpd hotplug Change dnsmasq's dnssec time check handling to use time validity indicated by ntpd rather than maintaining a cross boot/upgrade /etc/dnsmasq.time timestamp file. This saves flash device wear. If ntpd client is configured in uci and you're using dnssec, then dnsmasq will not check dnssec timestamp validity until ntpd hotplug indicates sync via a stratum change. The ntpd hotplug leaves a status flag file to indicate to dnsmasq.init that time is valid and that it should now start in 'check dnssec timestamp valid' mode. If ntpd client is not configured and you're using dnssec, then it is presumed you're using an alternate time sync mechanism and that time is correct, thus dnsmasq checks dnssec timestamps are valid from 1st start. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> V2 - stratum & step ntp changes indicate time is valid V3 - on initial flag file step signal dnsmasq with SIGHUP if running V4 - only accept step ntp changes. Accepting both stratum & step could result in unpleasant script race conditions V5 - Actually only accepting stratum is the correct thing to do after further testing V6 - improve handling of non busybox ntpd if sysntpd not executable dnsmasq checks dnssec timestamps else sysntp script disabled - look for timestamp file - allows external mechanism to use hotplug flag file sysntp script enabled & uci ntp enabled - look for timestamp file sysntp script enabled & uci ntp disabled - dnsmasq checks dnssec timestamps fi
2016-06-14 11:00:21 +01:00
$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp
$(INSTALL_DIR) $(1)/etc/hotplug.d/tftp
$(INSTALL_DATA) ./files/dnsmasqsec.hotplug $(1)/etc/hotplug.d/ntp/25-dnsmasqsec
$(INSTALL_DIR) $(1)/usr/share/dnsmasq
$(INSTALL_CONF) ./files/dhcpbogushostname.conf $(1)/usr/share/dnsmasq/
$(INSTALL_CONF) ./files/rfc6761.conf $(1)/usr/share/dnsmasq/
$(INSTALL_DIR) $(1)/usr/lib/dnsmasq
$(INSTALL_BIN) ./files/dhcp-script.sh $(1)/usr/lib/dnsmasq/dhcp-script.sh
$(INSTALL_DIR) $(1)/usr/share/acl.d
$(INSTALL_DATA) ./files/dnsmasq_acl.json $(1)/usr/share/acl.d/
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/50-dnsmasq-migrate-resolv-conf-auto.sh $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/50-dnsmasq-migrate-ipset.sh $(1)/etc/uci-defaults
endef
Package/dnsmasq-dhcpv6/install = $(Package/dnsmasq/install)
define Package/dnsmasq-full/install
$(call Package/dnsmasq/install,$(1))
ifneq ($(CONFIG_PACKAGE_dnsmasq_full_dnssec),)
$(INSTALL_DIR) $(1)/usr/share/dnsmasq
$(INSTALL_CONF) $(PKG_BUILD_DIR)/trust-anchors.conf $(1)/usr/share/dnsmasq
endif
endef
$(eval $(call BuildPackage,dnsmasq))
$(eval $(call BuildPackage,dnsmasq-dhcpv6))
$(eval $(call BuildPackage,dnsmasq-full))