[gentoo-commits] repo/gentoo:master commit in: net-dns/knot-resolver/files/, net-dns/knot-resolver/

[gentoo-commits] repo/gentoo:master commit in: net-dns/knot-resolver/files/, net-dns/knot-resolver/

[Matthew Smith]

commit:     c510a209fc1db8d090cdd93a31aaedbc7a436df9
Author:     Matthew Smith <matthew <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 16 13:35:15 2022 +0000
Commit:     Matthew Smith <matthew <AT> gentoo <DOT> org>
CommitDate: Sun Oct 16 13:36:36 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c510a209

net-dns/knot-resolver: new package, add 5.5.3

Signed-off-by: Matthew Smith <matthew <AT> gentoo.org>

 net-dns/knot-resolver/Manifest                     |  2 +
 .../files/knot-resolver-5.5.3-docdir.patch         | 32 ++++++++
 .../files/knot-resolver-5.5.3-nghttp-openssl.patch | 38 +++++++++
 net-dns/knot-resolver/knot-resolver-5.5.3.ebuild   | 90 ++++++++++++++++++++++
 net-dns/knot-resolver/metadata.xml                 | 19 +++++
 5 files changed, 181 insertions(+)

diff --git a/net-dns/knot-resolver/Manifest b/net-dns/knot-resolver/Manifest
new file mode 100644
index 000000000000..fc41ecdcc09b
--- /dev/null
+++ b/net-dns/knot-resolver/Manifest
@@ -0,0 +1,2 @@
+DIST knot-resolver-5.5.3.tar.xz 1921668 BLAKE2B 7efdf1a69081d8f9f43b5bbe1b483826b94b87a0b001a449a5f89988afce070e4e3310e513e6281691bd81274a523ab8c7e52fe56a3d62019efe07809033a5a8 SHA512 7bf29bbf82e71727c1f47095a04a12712ca89a6f34d3a325337625ad116f49a47a90cb402525fdbf59cb0889b64d7083b908c335d65429b24d776603a3a8f28a
+DIST knot-resolver-5.5.3.tar.xz.asc 833 BLAKE2B 7ab348587c2604f14171d09436b2a296e9fb7124e6f899aba91215d32d8642dc5b9ae8300edf55c0790289bc954d5cf95c71b66a20b960c848d15e34469fc2f3 SHA512 1e95fffdb1c78a225b5bf861f978c1c18a9935ecd495e8f708ed4a241308b9302d2cf5a5ec51334dbecf50950af5f775bfff78995663cf1681a3dbc354d3a686

diff --git a/net-dns/knot-resolver/files/knot-resolver-5.5.3-docdir.patch b/net-dns/knot-resolver/files/knot-resolver-5.5.3-docdir.patch
new file mode 100644
index 000000000000..d75b98c3acca
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver-5.5.3-docdir.patch
@@ -0,0 +1,32 @@
+From 4086abfd85e0bacc027ac1773d524093387265f9 Mon Sep 17 00:00:00 2001
+From: Matthew Smith <matthew@gentoo.org>
+Date: Sun, 16 Oct 2022 13:49:25 +0100
+Subject: [PATCH] build: docdir option
+
+--- a/meson.build
++++ b/meson.build
+@@ -46,7 +46,7 @@ endif
+ ## Paths
+ prefix = get_option('prefix')
+ data_dir = prefix / get_option('datadir') / 'knot-resolver'
+-doc_dir = prefix / get_option('datadir') / 'doc' / 'knot-resolver'
++doc_dir = get_option('docdir')
+ info_dir = prefix / get_option('datadir') / 'info'
+ examples_dir = doc_dir / 'examples'
+ etc_dir = prefix / get_option('sysconfdir') / 'knot-resolver'
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -1,6 +1,13 @@
+ # Configuration options
+ # SPDX-License-Identifier: GPL-3.0-or-later
+ 
++option(
++  'docdir',
++  type: 'string',
++  value: '/usr/share/doc/knot-resolver',
++  description: 'path to store documentation',
++)
++
+ option(
+   'keyfile_default',
+   type: 'string',

diff --git a/net-dns/knot-resolver/files/knot-resolver-5.5.3-nghttp-openssl.patch b/net-dns/knot-resolver/files/knot-resolver-5.5.3-nghttp-openssl.patch
new file mode 100644
index 000000000000..49340be1506c
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver-5.5.3-nghttp-openssl.patch
@@ -0,0 +1,38 @@
+From 30087f85bb8d19586350c2a64648c0578c5c096c Mon Sep 17 00:00:00 2001
+From: Matthew Smith <matthew@gentoo.org>
+Date: Sun, 16 Oct 2022 13:44:40 +0100
+Subject: [PATCH] build: Add nghttp2 and openssl options
+
+--- a/meson.build
++++ b/meson.build
+@@ -87,8 +87,8 @@ group = get_option('group')
+ 
+ ## Optional dependencies
+ message('--- optional dependencies ---')
+-nghttp2 = dependency('libnghttp2', required: false)
+-openssl = dependency('openssl', required: false)
++nghttp2 = dependency('libnghttp2', required: get_option('nghttp2'))
++openssl = dependency('openssl', required: get_option('openssl'))
+ 
+ have_asprintf = meson.get_compiler('c').has_function('asprintf',
+   prefix: '#define _GNU_SOURCE\n#include <stdio.h>')
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -205,3 +205,17 @@ option(
+   value: 'auto',
+   description: 'cmocka unit tests',
+ )
++
++option(
++  'nghttp2',
++  type: 'feature',
++  value: 'auto',
++  description: 'dns over https support',
++)
++
++option(
++  'openssl',
++  type: 'feature',
++  value: 'auto',
++  description: 'auxiliary debug library for http module',
++)

diff --git a/net-dns/knot-resolver/knot-resolver-5.5.3.ebuild b/net-dns/knot-resolver/knot-resolver-5.5.3.ebuild
new file mode 100644
index 000000000000..58013de8e63e
--- /dev/null
+++ b/net-dns/knot-resolver/knot-resolver-5.5.3.ebuild
@@ -0,0 +1,90 @@
+# Copyright 2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( luajit )
+
+inherit lua-single meson tmpfiles verify-sig
+
+DESCRIPTION="A scaleable caching DNS resolver"
+HOMEPAGE="https://www.knot-resolver.cz https://gitlab.nic.cz/knot/knot-resolver"
+SRC_URI="
+	https://secure.nic.cz/files/${PN}/${P}.tar.xz
+	verify-sig? ( https://secure.nic.cz/files/${PN}/${P}.tar.xz.asc )
+"
+
+LICENSE="Apache-2.0 BSD CC0-1.0 GPL-3+ LGPL-2.1+ MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="caps dnstap kresc nghttp2 systemd test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="${LUA_REQUIRED_USE}"
+
+RDEPEND="
+	${LUA_DEPS}
+	acct-group/knot-resolver
+	acct-user/knot-resolver
+	dev-db/lmdb:=
+	dev-libs/libuv:=
+	net-dns/knot:=
+	net-libs/gnutls:=
+	caps? ( sys-libs/libcap-ng )
+	dnstap? (
+		dev-libs/fstrm
+		dev-libs/protobuf-c:=
+	)
+	kresc? ( dev-libs/libedit )
+	nghttp2? ( net-libs/nghttp2:= )
+	systemd? ( sys-apps/systemd:= )
+"
+DEPEND="
+	${RDEPEND}
+	test? (
+		  dev-util/cmocka
+	)
+"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-5.5.3-docdir.patch
+	"${FILESDIR}"/${PN}-5.5.3-nghttp-openssl.patch
+)
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/${PN}.gpg
+
+src_unpack() {
+	if use verify-sig; then
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.xz{,.asc}
+	fi
+
+	unpack ${P}.tar.xz
+}
+
+src_configure() {
+	local emesonargs=(
+		--localstatedir "${EPREFIX}"/var # double lib
+		# https://bugs.gentoo.org/870019
+		-Dauto_features=disabled
+		-Ddoc=disabled
+		-Ddocdir="${EPREFIX}"/usr/share/doc/${PF}
+		-Dopenssl=disabled
+		$(meson_feature caps capng)
+		$(meson_feature dnstap)
+		$(meson_feature kresc client)
+		$(meson_feature nghttp2)
+		$(meson_feature test unit_tests)
+		$(meson_feature systemd systemd_files)
+	)
+
+	meson_src_configure
+}
+
+src_install() {
+	meson_src_install
+	fowners -R ${PN}: /etc/${PN}
+}
+
+pkg_postinst() {
+	tmpfiles_process knot-resolver.conf
+}

diff --git a/net-dns/knot-resolver/metadata.xml b/net-dns/knot-resolver/metadata.xml
new file mode 100644
index 000000000000..9f36a2c8cacc
--- /dev/null
+++ b/net-dns/knot-resolver/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>matthew@gentoo.org</email>
+		<name>Matthew Smith</name>
+	</maintainer>
+	<use>
+		<flag name="dnstap">
+			Build dnstap binary logging module
+		</flag>
+		<flag name="kresc">
+			Build (experimental) command-line client
+		</flag>
+		<flag name="nghttp2">
+			DNS-over-HTTPS support
+		</flag>
+	</use>
+</pkgmetadata>

[gentoo-commits] repo/gentoo:master commit in: net-dns/knot-resolver/files/, net-dns/knot-resolver/

[Matthew Smith]

commit:     f78480292d1ae4d2a89762eb33fb72101af5d446
Author:     Spencer Pavkovic <smp <AT> nandre <DOT> com>
AuthorDate: Mon Jul 24 23:51:06 2023 +0000
Commit:     Matthew Smith <matthew <AT> gentoo <DOT> org>
CommitDate: Wed Jul 26 20:33:04 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7848029

net-dns/knot-resolver: added OpenRC init script

Signed-off-by: Spencer Pavkovic <smp <AT> nandre.com>
Closes: https://github.com/gentoo/gentoo/pull/32028
Signed-off-by: Matthew Smith <matthew <AT> gentoo.org>

 net-dns/knot-resolver/files/kresd.confd            |  5 ++
 net-dns/knot-resolver/files/kresd.initd            | 23 ++++++
 .../knot-resolver/knot-resolver-5.6.0-r1.ebuild    | 96 ++++++++++++++++++++++
 3 files changed, 124 insertions(+)

diff --git a/net-dns/knot-resolver/files/kresd.confd b/net-dns/knot-resolver/files/kresd.confd
new file mode 100644
index 000000000000..6749da309845
--- /dev/null
+++ b/net-dns/knot-resolver/files/kresd.confd
@@ -0,0 +1,5 @@
+# Copyright 1999-2023 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+KRESD_OPTS="-n /var/run/kresd"
+
+#KRESD_PIDFILE="/var/run/kresd.pid"
\ No newline at end of file

diff --git a/net-dns/knot-resolver/files/kresd.initd b/net-dns/knot-resolver/files/kresd.initd
new file mode 100644
index 000000000000..b443d98d749d
--- /dev/null
+++ b/net-dns/knot-resolver/files/kresd.initd
@@ -0,0 +1,23 @@
+#!/sbin/openrc-run
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+command="/usr/sbin/kresd"
+command_args="${KRESD_OPTS}"
+pidfile="${KRESD_PIDFILE:-/var/run/${RC_SVCNAME}.pid}"
+command_background=true
+start_stop_daemon_args="--start -bm --pidfile ${pidfile} --exec ${command} -- ${command_args}"
+
+name="knot-resolver"
+description="scaleable caching DNS resolver"
+
+depend() {
+    need net
+    use logger
+    provide dns
+}
+
+start() {
+	checkpath --directory /var/run/kresd
+	default_start
+}

diff --git a/net-dns/knot-resolver/knot-resolver-5.6.0-r1.ebuild b/net-dns/knot-resolver/knot-resolver-5.6.0-r1.ebuild
new file mode 100644
index 000000000000..eb66bdf93586
--- /dev/null
+++ b/net-dns/knot-resolver/knot-resolver-5.6.0-r1.ebuild
@@ -0,0 +1,96 @@
+# Copyright 2022-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( luajit )
+
+inherit lua-single meson tmpfiles verify-sig
+
+DESCRIPTION="A scaleable caching DNS resolver"
+HOMEPAGE="https://www.knot-resolver.cz https://gitlab.nic.cz/knot/knot-resolver"
+SRC_URI="
+	https://secure.nic.cz/files/${PN}/${P}.tar.xz
+	verify-sig? ( https://secure.nic.cz/files/${PN}/${P}.tar.xz.asc )
+"
+
+LICENSE="Apache-2.0 BSD CC0-1.0 GPL-3+ LGPL-2.1+ MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="caps dnstap kresc nghttp2 systemd test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="${LUA_REQUIRED_USE}"
+
+RDEPEND="
+	${LUA_DEPS}
+	acct-group/knot-resolver
+	acct-user/knot-resolver
+	dev-db/lmdb:=
+	dev-libs/libuv:=
+	net-dns/knot:=
+	net-libs/gnutls:=
+	caps? ( sys-libs/libcap-ng )
+	dnstap? (
+		dev-libs/fstrm
+		dev-libs/protobuf-c:=
+	)
+	kresc? ( dev-libs/libedit )
+	nghttp2? ( net-libs/nghttp2:= )
+	systemd? ( sys-apps/systemd:= )
+"
+DEPEND="
+	${RDEPEND}
+	test? (
+		  dev-util/cmocka
+	)
+"
+BDEPEND="
+	virtual/pkgconfig
+	verify-sig? ( sec-keys/openpgp-keys-knot-resolver )
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-5.5.3-docdir.patch
+	"${FILESDIR}"/${PN}-5.5.3-nghttp-openssl.patch
+)
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/${PN}.gpg
+
+src_unpack() {
+	if use verify-sig; then
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.xz{,.asc}
+	fi
+
+	unpack ${P}.tar.xz
+}
+
+src_configure() {
+	local emesonargs=(
+		--localstatedir "${EPREFIX}"/var # double lib
+		# https://bugs.gentoo.org/870019
+		-Dauto_features=disabled
+		-Ddoc=disabled
+		-Ddocdir="${EPREFIX}"/usr/share/doc/${PF}
+		-Dopenssl=disabled
+		$(meson_feature caps capng)
+		$(meson_feature dnstap)
+		$(meson_feature kresc client)
+		$(meson_feature nghttp2)
+		$(meson_feature test unit_tests)
+		$(meson_feature systemd systemd_files)
+	)
+
+	meson_src_configure
+}
+
+src_install() {
+	meson_src_install
+	fowners -R ${PN}: /etc/${PN}
+
+	newinitd "${FILESDIR}"/kresd.initd kresd
+	newconfd "${FILESDIR}"/kresd.confd kresd
+}
+
+pkg_postinst() {
+	use systemd && tmpfiles_process knot-resolver.conf
+}

[gentoo-commits] repo/gentoo:master commit in: net-dns/knot-resolver/files/, net-dns/knot-resolver/

[Matthew Smith]

commit:     a1c699c2a6c5e30dfd7fa8e645756bb90cf87409
Author:     Nicolas PARLANT <nicolas.parlant <AT> parhuet <DOT> fr>
AuthorDate: Sun Sep 17 07:35:57 2023 +0000
Commit:     Matthew Smith <matthew <AT> gentoo <DOT> org>
CommitDate: Sun Sep 17 07:35:57 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1c699c2

net-dns/knot-resolver: drop privileges in kresd.initd

Closes: https://github.com/gentoo/gentoo/pull/32871
Signed-off-by: Nicolas PARLANT <nicolas.parlant <AT> parhuet.fr>
Signed-off-by: Matthew Smith <matthew <AT> gentoo.org>

 net-dns/knot-resolver/files/kresd.confd-r1         |  9 ++
 net-dns/knot-resolver/files/kresd.initd-r1         | 31 +++++++
 .../knot-resolver/knot-resolver-5.6.0-r2.ebuild    | 96 ++++++++++++++++++++++
 3 files changed, 136 insertions(+)

diff --git a/net-dns/knot-resolver/files/kresd.confd-r1 b/net-dns/knot-resolver/files/kresd.confd-r1
new file mode 100644
index 000000000000..2b67587c646a
--- /dev/null
+++ b/net-dns/knot-resolver/files/kresd.confd-r1
@@ -0,0 +1,9 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+#KRESD_USER=knot-resolver
+#KRESD_GROUP=knot-resolver
+#KRESD_CONFIG="/etc/knot-resolver/kresd.conf"
+#KRESD_RUNDIR="/var/run/kresd"
+#KRESD_PIDFILE="/var/run/kresd.pid"
+KRESD_OPTS=""
\ No newline at end of file

diff --git a/net-dns/knot-resolver/files/kresd.initd-r1 b/net-dns/knot-resolver/files/kresd.initd-r1
new file mode 100644
index 000000000000..9732b48cc2cb
--- /dev/null
+++ b/net-dns/knot-resolver/files/kresd.initd-r1
@@ -0,0 +1,31 @@
+#!/sbin/openrc-run
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${KRESD_GROUP:=knot-resolver}
+: ${KRESD_USER:=knot-resolver}
+: ${KRESD_CONFIG:=/etc/knot-resolver/kresd.conf}
+: ${KRESD_RUNDIR:=/var/run/kresd}
+: ${KRESD_PIDFILE:=/var/run/kresd.pid}
+
+command="/usr/sbin/kresd"
+command_args="${KRESD_OPTS} -n -c ${KRESD_CONFIG} ${KRESD_RUNDIR}"
+command_user="${KRESD_USER}:${KRESD_GROUP}"
+pidfile="${KRESD_PIDFILE}"
+command_background=true
+retry="TERM/60/KILL/5"
+
+capabilities="^cap_net_bind_service,^cap_setpcap"
+
+name="knot-resolver"
+description="scaleable caching DNS resolver"
+
+depend() {
+    need net
+    use logger
+    provide dns
+}
+
+start_pre() {
+        checkpath -d -m 0750 -o "${KRESD_USER}:${KRESD_GROUP}" ${KRESD_RUNDIR}
+}

diff --git a/net-dns/knot-resolver/knot-resolver-5.6.0-r2.ebuild b/net-dns/knot-resolver/knot-resolver-5.6.0-r2.ebuild
new file mode 100644
index 000000000000..1c2b1ab746e9
--- /dev/null
+++ b/net-dns/knot-resolver/knot-resolver-5.6.0-r2.ebuild
@@ -0,0 +1,96 @@
+# Copyright 2022-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( luajit )
+
+inherit lua-single meson tmpfiles verify-sig
+
+DESCRIPTION="A scaleable caching DNS resolver"
+HOMEPAGE="https://www.knot-resolver.cz https://gitlab.nic.cz/knot/knot-resolver"
+SRC_URI="
+	https://secure.nic.cz/files/${PN}/${P}.tar.xz
+	verify-sig? ( https://secure.nic.cz/files/${PN}/${P}.tar.xz.asc )
+"
+
+LICENSE="Apache-2.0 BSD CC0-1.0 GPL-3+ LGPL-2.1+ MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="caps dnstap kresc nghttp2 systemd test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="${LUA_REQUIRED_USE}"
+
+RDEPEND="
+	${LUA_DEPS}
+	acct-group/knot-resolver
+	acct-user/knot-resolver
+	dev-db/lmdb:=
+	dev-libs/libuv:=
+	net-dns/knot:=
+	net-libs/gnutls:=
+	caps? ( sys-libs/libcap-ng )
+	dnstap? (
+		dev-libs/fstrm
+		dev-libs/protobuf-c:=
+	)
+	kresc? ( dev-libs/libedit )
+	nghttp2? ( net-libs/nghttp2:= )
+	systemd? ( sys-apps/systemd:= )
+"
+DEPEND="
+	${RDEPEND}
+	test? (
+		  dev-util/cmocka
+	)
+"
+BDEPEND="
+	virtual/pkgconfig
+	verify-sig? ( sec-keys/openpgp-keys-knot-resolver )
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-5.5.3-docdir.patch
+	"${FILESDIR}"/${PN}-5.5.3-nghttp-openssl.patch
+)
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/${PN}.gpg
+
+src_unpack() {
+	if use verify-sig; then
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.xz{,.asc}
+	fi
+
+	unpack ${P}.tar.xz
+}
+
+src_configure() {
+	local emesonargs=(
+		--localstatedir "${EPREFIX}"/var # double lib
+		# https://bugs.gentoo.org/870019
+		-Dauto_features=disabled
+		-Ddoc=disabled
+		-Ddocdir="${EPREFIX}"/usr/share/doc/${PF}
+		-Dopenssl=disabled
+		$(meson_feature caps capng)
+		$(meson_feature dnstap)
+		$(meson_feature kresc client)
+		$(meson_feature nghttp2)
+		$(meson_feature test unit_tests)
+		$(meson_feature systemd systemd_files)
+	)
+
+	meson_src_configure
+}
+
+src_install() {
+	meson_src_install
+	fowners -R ${PN}: /etc/${PN}
+
+	newinitd "${FILESDIR}"/kresd.initd-r1 kresd
+	newconfd "${FILESDIR}"/kresd.confd-r1 kresd
+}
+
+pkg_postinst() {
+	use systemd && tmpfiles_process knot-resolver.conf
+}

[gentoo-commits] repo/gentoo:master commit in: net-dns/knot-resolver/files/, net-dns/knot-resolver/

[Sam James]

commit:     93a2b9e8d3375fbc5c5dfcfd26458452d269dad0
Author:     Nicolas PARLANT <nicolas.parlant <AT> parhuet <DOT> fr>
AuthorDate: Sun Nov 24 06:31:51 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Dec  1 15:16:52 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93a2b9e8

net-dns/knot-resolver: add 6.0.9

Knot DNS API/ABI : >=net-dns/knot-3.3

New optional python component, manager, to start/manage Knot Resolver :
* useflag manager (enabled by default)
* python3_10..12 (no 3.13 due to app-admin/supervisor)
* start with /etc/init.d/knot-resolver or knot-resolver.service
* config file : /etc/conf.d/knot-resolver /etc/knot-resolver/config.yaml
* option garbage collector : /etc/init.d/kres-cache-gc

Old/legacy way to start Knot Resolver is still supported and installed by default, even with the manager enabled by useflag :
* start with /etc/init.d/kresd or kresd' <AT> '.service (installed by default with the meson_feature systemd_legacy_units)
* config file : /etc/conf.d/kresd /etc/kresd.conf (installed by default with -Dinstall_kresd_conf=enabled)

Useflags :
* kresc (removed) : has never gone beyond experiment/alpha
* prometheus (new) : prometheus metrics endpoint for the manager (dev-python/prometheus-client)

Patches :
* 5.X patches to set docdir and optional deps (nghttp, openssl)
* 6.0.9-libsystemd.patch : rebase from 5.7.4. tmpfiles is independent of the systemd option/useflag
* 6.0.9-config-example.patch : for the manager. A default config file is installed in /etc/knot-resolver/config.yaml and examples in /usr/share/doc/
* 6.0.9-sd_notify_alt.patch : upstream, fix systemd dep with sd_notify alternative for manager
* 6.0.9-pytest_tomli.patch : for one pytest, import toml is replaced with tomli

Tests :
* unit_tests for kresd : enabled
* unit_tests for manager : enabled
* config_tests : disabled. It requires external lua modules (basexx, cqueues)
* extra_tests : disabled. Too extra ...

Bug: https://bugs.gentoo.org/939471
Signed-off-by: Nicolas PARLANT <nicolas.parlant <AT> parhuet.fr>
Closes: https://github.com/gentoo/gentoo/pull/39482
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-dns/knot-resolver/Manifest                     |   2 +
 .../files/knot-resolver-6.0.9-config-example.patch |  40 +++++
 .../files/knot-resolver-6.0.9-libsystemd.patch     |  25 +++
 .../files/knot-resolver-6.0.9-pytest_tomli.patch   |  31 ++++
 .../files/knot-resolver-6.0.9-sd_notify_alt.patch  |  82 ++++++++++
 net-dns/knot-resolver/files/knot-resolver.confd    |  10 ++
 net-dns/knot-resolver/files/knot-resolver.initd    |  37 +++++
 net-dns/knot-resolver/files/kres-cache-gc.initd    |  22 +++
 net-dns/knot-resolver/knot-resolver-6.0.9.ebuild   | 175 +++++++++++++++++++++
 net-dns/knot-resolver/metadata.xml                 |   6 +
 10 files changed, 430 insertions(+)

diff --git a/net-dns/knot-resolver/Manifest b/net-dns/knot-resolver/Manifest
index a237914c0214..42913251853c 100644
--- a/net-dns/knot-resolver/Manifest
+++ b/net-dns/knot-resolver/Manifest
@@ -2,3 +2,5 @@ DIST knot-resolver-5.7.2.tar.xz 1928336 BLAKE2B c4f17a050752a5d1ed141bae646f53f3
 DIST knot-resolver-5.7.2.tar.xz.asc 833 BLAKE2B f73f52d7b2326a58a37b821cd8495d20c93017bd1f7bad2cc828f807f1886fc376dc95405b3b36047719f8566e27d7c1052b7ab11fae3d1d67c5563a293d965e SHA512 cf05ceca455400004cf249b1029b93619a1d5fcf839bca1259a7b411a1ddef1da0aff187ea0023c587de1981e91a8d26af3bb22341cf426e5055e8ca1c4024e2
 DIST knot-resolver-5.7.4.tar.xz 1931124 BLAKE2B 670bd0bac1417fde0f7b6a02797e49e22af081e55b63c23e1fcd8dee369f21b7a2a8997fe641f69e7f0de5cbc7960307f32c939eb85c260fb2de015542dfce1e SHA512 5d8ea5b5b0cba5a1058aaa6e04573c838895d6b2c204e8d09c9ad898fb074c52ef7589afdad164b007edf151167d31fd0f940466edfeec597f96e5bc1cd72171
 DIST knot-resolver-5.7.4.tar.xz.asc 833 BLAKE2B 6432bc23ff779998eb351d57db34bcd9e41ea928fa5d83463122012d8adad16edec7afbcbfb0f0b41789c7797c895216b793ced2d6a01d69fdc3b0f2d12879cb SHA512 d34a0e1fd8be372c325199ace5bb6f20b2b395a4fb5a6f6f4c2c89f29741ecfd36234900b0e836c174df831716012589231551b13426a6728e37aba6c74c197f
+DIST knot-resolver-6.0.9.tar.xz 2127432 BLAKE2B 185a78737f6830b4ff036a537f2ceb032388e50ef050c239f0ce21d84a1fa2d1632aa95802a73d4ff80bcb18cef23f444a10b594121cd449cee3c12182dcab2e SHA512 98b3074927d9cb484738592a6cad84b818130aafd91473ee6e17458884c3ff5cb528e22d020d8b8b92b429feb2e3432e9cb77574f505bdf2e5f6f286009ecd59
+DIST knot-resolver-6.0.9.tar.xz.asc 833 BLAKE2B 10c9c895bd3a728b8a9d3769cb72ccc5dbf5c17164df388d1519c5e4734e21ee568c079191ada6ff76f1a150be911d79c5d1ebb02597c32d1aa5003a5ceaf02d SHA512 b46a9346deda328fbe6638657e2d87903052ac36b11ff5d4f68bd145487687c1c2f43a7b62e40585f5853816b7ed66b1af3b98642e882f72e36cf521f5eb1bce

diff --git a/net-dns/knot-resolver/files/knot-resolver-6.0.9-config-example.patch b/net-dns/knot-resolver/files/knot-resolver-6.0.9-config-example.patch
new file mode 100644
index 000000000000..1e20fad33e16
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver-6.0.9-config-example.patch
@@ -0,0 +1,40 @@
+From 432f3078eb506dc002de94a6472e3ccf3097f274 Mon Sep 17 00:00:00 2001
+From: Nicolas PARLANT <nicolas.parlant@parhuet.fr>
+Date: Fri, 22 Nov 2024 13:23:38 +0100
+Subject: [PATCH] Add config.yaml in etc_dir
+
+---
+ etc/config/meson.build | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/etc/config/meson.build b/etc/config/meson.build
+index ca888084..29abb992 100644
+--- a/etc/config/meson.build
++++ b/etc/config/meson.build
+@@ -10,6 +10,11 @@ example_configs = [
+   'config.privacy',
+   'config.personal',
+   'config.splitview',
++  'config.dev.yaml',
++  'config.example.docker.yaml',
++  'config.example.isp.yaml',
++  'config.example.internal.yaml',
++  'config.example.personal.yaml',
+ ]
+ 
+ install_data(
+@@ -17,6 +22,11 @@ install_data(
+   install_dir: examples_dir,
+ )
+ 
++install_data(
++  sources: 'config.example.personal.yaml',
++  rename: 'config.yaml',
++  install_dir: etc_dir,
++)
+ 
+ # kresd.conf
+ install_kresd_conf = get_option('install_kresd_conf') == 'enabled'
+-- 
+2.45.2
+

diff --git a/net-dns/knot-resolver/files/knot-resolver-6.0.9-libsystemd.patch b/net-dns/knot-resolver/files/knot-resolver-6.0.9-libsystemd.patch
new file mode 100644
index 000000000000..6010881b3037
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver-6.0.9-libsystemd.patch
@@ -0,0 +1,25 @@
+--- a/meson.build
++++ b/meson.build
+@@ -145,7 +145,7 @@ xdp = meson.get_compiler('c').has_header('libknot/xdp/xdp.h')
+ ### Systemd
+ systemd_files = get_option('systemd_files')
+ systemd_legacy_units = get_option('systemd_legacy_units')
+-libsystemd = dependency('libsystemd', required: systemd_files == 'enabled')
++libsystemd = dependency('libsystemd', required: get_option('systemd'))
+ 
+ # Uh, lifted this trivial line from tests/meson.build due to dependency sorting:
+ build_extra_tests = get_option('extra_tests') == 'enabled'
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -227,3 +227,10 @@ option(
+   value: 'auto',
+   description: 'add rpath to the knot resolver executables',
+ )
++
++option(
++  'systemd',
++  type: 'feature',
++  value: 'auto',
++  description: 'systemd watchdog support',
++)
+

diff --git a/net-dns/knot-resolver/files/knot-resolver-6.0.9-pytest_tomli.patch b/net-dns/knot-resolver/files/knot-resolver-6.0.9-pytest_tomli.patch
new file mode 100644
index 000000000000..9e9db90ffe66
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver-6.0.9-pytest_tomli.patch
@@ -0,0 +1,31 @@
+From 70d2254de37555167cf60b60d1539ecc9d798fea Mon Sep 17 00:00:00 2001
+From: Nicolas PARLANT <nicolas.parlant@parhuet.fr>
+Date: Mon, 25 Nov 2024 22:21:07 +0000
+Subject: [PATCH] use tomli instead toml for pytest
+
+---
+ tests/manager/test_knot_resolver_manager.py | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tests/manager/test_knot_resolver_manager.py b/tests/manager/test_knot_resolver_manager.py
+index 05d0e61d..b45c79a4 100644
+--- a/tests/manager/test_knot_resolver_manager.py
++++ b/tests/manager/test_knot_resolver_manager.py
+@@ -1,11 +1,11 @@
+-import toml
++import tomli
+ 
+ from knot_resolver import __version__
+ 
+ 
+ def test_version():
+-    with open("pyproject.toml", "r") as f:
+-        pyproject = toml.load(f)
++    with open("pyproject.toml", "rb") as f:
++        pyproject = tomli.load(f)
+ 
+     version = pyproject["tool"]["poetry"]["version"]
+     assert __version__ == version
+-- 
+2.45.2
+

diff --git a/net-dns/knot-resolver/files/knot-resolver-6.0.9-sd_notify_alt.patch b/net-dns/knot-resolver/files/knot-resolver-6.0.9-sd_notify_alt.patch
new file mode 100644
index 000000000000..9752b314cfa0
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver-6.0.9-sd_notify_alt.patch
@@ -0,0 +1,82 @@
+https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1608
+Draft: daemon: add sd_notify alternative
+This allows kresd to run even if libsystemd is not available.
+
+diff --git a/daemon/main.c b/daemon/main.c
+index 44b8ae4c1b745c19ae91f6c9119b895d7738947f..230b1e453217682df387165c08f4115d795cb983 100644
+--- a/daemon/main.c
++++ b/daemon/main.c
+@@ -36,6 +36,8 @@
+ #include <uv.h>
+ #if ENABLE_LIBSYSTEMD
+ #include <systemd/sd-daemon.h>
++#else
++static int notify_ready(const char *state);
+ #endif
+ #include <libknot/error.h>
+ 
+@@ -68,6 +70,7 @@ KR_EXPORT const char *malloc_conf = "narenas:1";
+ #define TCP_BACKLOG_DEFAULT 128
+ #endif
+ 
++
+ /** I don't know why linker is dropping these functions otherwise. TODO: revisit. */
+ KR_EXPORT void kr_misc_unused(void)
+ {
+@@ -209,6 +212,8 @@ static int run_worker(uv_loop_t *loop, bool leader, struct args *args)
+ 	/* Notify supervisor. */
+ #if ENABLE_LIBSYSTEMD
+ 	sd_notify(0, "READY=1");
++#else
++	notify_ready("READY=1");
+ #endif
+ 	/* Run event loop */
+ 	uv_run(loop, UV_RUN_DEFAULT);
+@@ -414,6 +419,47 @@ static int start_listening(flagged_fd_array_t *fds) {
+ 	return some_bad_ret;
+ }
+ 
++#if !ENABLE_LIBSYSTEMD
++/* Notify supervisord about successful inicialization
++ * @note tested only on an abstract address in $NOTIFY_SOCKET*/
++static int notify_ready(const char *state)
++{
++	int sockfd;
++	struct sockaddr_un addr;
++	char *socket_path = getenv("NOTIFY_SOCKET");
++	if (!socket_path) {
++		kr_log_error(WORKER, "Failed retrieving env variable $NOTIFY_SOCKET\n");
++		return EXIT_FAILURE;
++	}
++	if ((sockfd = socket(AF_UNIX, SOCK_DGRAM, 0)) == -1) {
++		kr_log_error(WORKER, "Failed to create unix socket at $NOTIFY_SOCKET ('%s'): %s\n",
++				socket_path, strerror(errno));
++		return EXIT_FAILURE;
++	}
++
++	addr.sun_family = AF_UNIX;
++
++	int addrlen;
++	if (socket_path[0] == '@') {
++		addr.sun_path[0] = '\0';
++		strncpy(&addr.sun_path[1], socket_path + 1, sizeof(addr.sun_path) - 2);
++		addrlen = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path + 1) + 1;
++	} else {
++		strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path) - 1);
++		addrlen = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path) + 1;
++	}
++	if (sendto(sockfd, state, strlen(state), 0, &addr, addrlen) == -1) {
++		kr_log_error(WORKER, "Failed to send notify message to '%s': %s\n",
++			socket_path, strerror(errno));
++		close(sockfd);
++		return EXIT_FAILURE;
++	}
++
++	close(sockfd);
++	return kr_ok();
++}
++#endif /* if !ENABLE_LIBSYSTEMD */
++
+ /* Drop POSIX 1003.1e capabilities. */
+ static void drop_capabilities(void)
+ {

diff --git a/net-dns/knot-resolver/files/knot-resolver.confd b/net-dns/knot-resolver/files/knot-resolver.confd
new file mode 100644
index 000000000000..8c3c65cf5772
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver.confd
@@ -0,0 +1,10 @@
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+#KNOT_RESOLVER_USER=knot-resolver
+#KNOT_RESOLVER_GROUP=knot-resolver
+#KNOT_RESOLVER_CONFIG="/etc/knot-resolver/config.yaml"
+#KNOT_RESOLVER_PIDFILE="/run/knot-resolver.pid"
+
+#LOG TARGET : syslog stdout stderr
+#KNOT_RESOLVER_LOG="syslog"

diff --git a/net-dns/knot-resolver/files/knot-resolver.initd b/net-dns/knot-resolver/files/knot-resolver.initd
new file mode 100644
index 000000000000..79c9ec786a8b
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver.initd
@@ -0,0 +1,37 @@
+#!/sbin/openrc-run
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${KNOT_RESOLVER_USER:=knot-resolver}
+: ${KNOT_RESOLVER_GROUP:=knot-resolver}
+: ${KNOT_RESOLVER_CONFIG:=/etc/knot-resolver/config.yaml}
+: ${KNOT_RESOLVER_PIDFILE:=/run/knot-resolver.pid}
+: ${KNOT_RESOLVER_LOG:=syslog}
+
+export KRES_LOGGING_TARGET="${KNOT_RESOLVER_LOG}"
+
+command="/usr/bin/knot-resolver"
+command_args="-c ${KNOT_RESOLVER_CONFIG}"
+command_user="${KNOT_RESOLVER_USER}:${KNOT_RESOLVER_GROUP}"
+pidfile="${KNOT_RESOLVER_PIDFILE}"
+command_background=true
+retry="TERM/60/KILL/5"
+
+extra_started_commands="reload"
+
+capabilities="^cap_net_bind_service,^cap_setpcap"
+
+name="knot-resolver manager"
+description="scaleable caching DNS resolver"
+
+depend() {
+    need net
+    use logger
+    provide dns
+}
+
+reload() {
+	ebegin "Reloading ${SVCNAME}"
+	/usr/bin/kresctl --config=${KNOT_RESOLVER_CONFIG} reload
+	eend $?
+}

diff --git a/net-dns/knot-resolver/files/kres-cache-gc.initd b/net-dns/knot-resolver/files/kres-cache-gc.initd
new file mode 100644
index 000000000000..2f62e9564d3f
--- /dev/null
+++ b/net-dns/knot-resolver/files/kres-cache-gc.initd
@@ -0,0 +1,22 @@
+#!/sbin/openrc-run
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${KRES_CACHE_GROUP:=knot-resolver}
+: ${KRES_CACHE_USER:=knot-resolver}
+: ${KRES_CACHE_DIR:=/var/cache/knot-resolver}
+: ${KRES_CACHE_PIDFILE:=/var/run/kres-cache-gc.pid}
+: ${KRES_CACHE_OPTS:="-d 1000"}
+
+command="/usr/bin/kres-cache-gc"
+command_args="-c ${KRES_CACHE_DIR} ${KRES_CACHE_OPTS}"
+command_user="${KRES_CACHE_USER}:${KRES_CACHE_GROUP}"
+pidfile="${KRES_CACHE_PIDFILE}"
+command_background=true
+
+name="kres-cache-gc"
+description="Knot Resolver Garbage Collector daemon"
+
+depend() {
+    need kresd
+}

diff --git a/net-dns/knot-resolver/knot-resolver-6.0.9.ebuild b/net-dns/knot-resolver/knot-resolver-6.0.9.ebuild
new file mode 100644
index 000000000000..407e78b02e4d
--- /dev/null
+++ b/net-dns/knot-resolver/knot-resolver-6.0.9.ebuild
@@ -0,0 +1,175 @@
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( luajit )
+DISTUTILS_EXT=1
+DISTUTILS_OPTIONAL=1
+DISTUTILS_SINGLE_IMPL=1
+DISTUTILS_USE_PEP517=poetry
+# waiting app-admin/supervisor for py3_13
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit distutils-r1 lua-single meson tmpfiles verify-sig
+
+DESCRIPTION="A scaleable caching DNS resolver"
+HOMEPAGE="https://www.knot-resolver.cz https://gitlab.nic.cz/knot/knot-resolver"
+SRC_URI="
+	https://knot-resolver.nic.cz/release/${P}.tar.xz
+	verify-sig? ( https://knot-resolver.nic.cz/release/${P}.tar.xz.asc )
+"
+
+LICENSE="Apache-2.0 BSD CC0-1.0 GPL-3+ LGPL-2.1+ MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+
+IUSE="caps dnstap jemalloc +manager nghttp2 prometheus systemd test xdp"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="
+	${LUA_REQUIRED_USE}
+	manager? ( ${PYTHON_REQUIRED_USE} )
+"
+
+RDEPEND="
+	${LUA_DEPS}
+	acct-group/knot-resolver
+	acct-user/knot-resolver
+	dev-db/lmdb:=
+	dev-libs/libuv:=
+	>=net-dns/knot-3.3:=[xdp?]
+	net-libs/gnutls:=
+	caps? ( sys-libs/libcap-ng )
+	dnstap? (
+		dev-libs/fstrm
+		dev-libs/protobuf-c:=
+	)
+	jemalloc? ( dev-libs/jemalloc:= )
+	manager? (
+		${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			app-admin/supervisor[${PYTHON_USEDEP}]
+			dev-python/aiohttp[${PYTHON_USEDEP}]
+			dev-python/jinja2[${PYTHON_USEDEP}]
+			dev-python/pyyaml[${PYTHON_USEDEP}]
+			dev-python/typing-extensions[${PYTHON_USEDEP}]
+			prometheus? ( dev-python/prometheus-client[${PYTHON_USEDEP}] )
+		')
+	)
+	nghttp2? ( net-libs/nghttp2:= )
+	systemd? ( sys-apps/systemd:= )
+"
+DEPEND="
+	${RDEPEND}
+	test? (
+		dev-util/cmocka
+		manager? (
+			$(python_gen_cond_dep '
+				dev-python/pyparsing[${PYTHON_USEDEP}]
+				dev-python/pytest-asyncio[${PYTHON_USEDEP}]
+				dev-python/tomli[${PYTHON_USEDEP}]
+			')
+		)
+	)
+"
+BDEPEND="
+	virtual/pkgconfig
+	manager? (
+		${DISTUTILS_DEPS}
+		${PYTHON_DEPS}
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-knot-resolver-20240304 )
+"
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/${PN}.gpg
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-5.5.3-docdir.patch
+	"${FILESDIR}"/${PN}-5.5.3-nghttp-openssl.patch
+	"${FILESDIR}"/${PN}-6.0.9-libsystemd.patch
+	"${FILESDIR}"/${PN}-6.0.9-config-example.patch
+	"${FILESDIR}"/${PN}-6.0.9-sd_notify_alt.patch
+	"${FILESDIR}"/${PN}-6.0.9-pytest_tomli.patch
+)
+
+pkg_setup() {
+	use manager && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+	use manager && distutils-r1_src_prepare
+}
+
+src_configure() {
+	local emesonargs=(
+		--localstatedir "${EPREFIX}"/var # double lib
+		# https://bugs.gentoo.org/870019
+		-Dauto_features=disabled
+		# requires non-gentoo lua modules (basexx, cqueues)
+		-Dconfig_tests=disabled
+		-Ddoc=disabled
+		-Ddocdir="${EPREFIX}"/usr/share/doc/${PF}
+		-Dinstall_kresd_conf=enabled
+		-Dopenssl=disabled
+		-Dmalloc=$(usex jemalloc jemalloc disabled)
+		-Dsystemd_files=enabled
+		$(meson_feature caps capng)
+		$(meson_feature dnstap)
+		$(meson_feature nghttp2)
+		$(meson_feature systemd)
+		$(meson_feature systemd systemd_legacy_units)
+		$(meson_feature test unit_tests)
+	)
+	meson_src_configure
+}
+
+src_compile() {
+	meson_src_compile
+	use manager && distutils-r1_src_compile
+}
+
+src_test() {
+	meson_src_test
+	use manager && distutils-r1_src_test
+}
+
+python_test() {
+	epytest tests/manager || die
+}
+
+src_install() {
+	meson_src_install
+	if use manager; then
+		distutils-r1_src_install
+		newinitd "${FILESDIR}"/knot-resolver.initd knot-resolver
+		newconfd "${FILESDIR}"/knot-resolver.confd knot-resolver
+	else
+		rm "${ED}"/usr/lib/systemd/system/knot-resolver.service || die
+	fi
+	fowners -R ${PN}: /etc/${PN}
+	newinitd "${FILESDIR}"/kresd.initd-r2 kresd
+	newconfd "${FILESDIR}"/kresd.confd-r1 kresd
+	newinitd "${FILESDIR}"/kres-cache-gc.initd kres-cache-gc
+}
+
+pkg_postinst() {
+	tmpfiles_process knot-resolver.conf
+	if use manager; then
+		elog "You choose the new way, called the manager, to start Knot Resolver :"
+		use systemd && elog "	systemctl start knot-resolver.service"
+		use !systemd && elog "	/etc/init.d/knot-resolver start"
+		elog "Configuration file : /etc/knot-resolver/config.yaml"
+		elog ""
+		elog "The older way, without the manager, is still available :"
+	else
+		elog "You choose the older way, without the manager, to start Knot Resolver :"
+	fi
+	use systemd && elog "	systemctl start kresd@N.service"
+	use !systemd && elog "	/etc/init.d/kresd start"
+	elog "Configuration file : /etc/knot-resolver/kresd.conf"
+	elog ""
+	elog "Optional garbage collector : /etc/init.d/kres-cache-gc"
+	elog ""
+	use !manager && elog "The new way is available with the useflag manager."
+}

diff --git a/net-dns/knot-resolver/metadata.xml b/net-dns/knot-resolver/metadata.xml
index c6e3e25b513e..caa5fc35963b 100644
--- a/net-dns/knot-resolver/metadata.xml
+++ b/net-dns/knot-resolver/metadata.xml
@@ -9,9 +9,15 @@
 		<flag name="kresc">
 			Build (experimental) command-line client
 		</flag>
+		<flag name="manager">
+			Manager is a user-friendly interface and a component handling rolling restarts, config update logic and more.
+		</flag>
 		<flag name="nghttp2">
 			DNS-over-HTTPS support
 		</flag>
+		<flag name="prometheus">
+			Metrics exported in Prometheus
+		</flag>
 		<flag name="xdp">
 			Enable eXpress Data Path
 		</flag>

[gentoo-commits] repo/gentoo:master commit in: net-dns/knot-resolver/files/, net-dns/knot-resolver/

[Sam James]

commit:     62bd8e8690550bcd71c4fdc29150a274312ae299
Author:     Nicolas PARLANT <nicolas.parlant <AT> parhuet <DOT> fr>
AuthorDate: Wed Feb 26 14:47:05 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar 10 02:49:49 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62bd8e86

net-dns/knot-resolver: add to 6.0.11

included patch to revert to absolute path for unix-socket, even if
this issue does not affect the package with the config.yaml provided
by default.
https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1664

Signed-off-by: Nicolas PARLANT <nicolas.parlant <AT> parhuet.fr>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-dns/knot-resolver/Manifest                     |   2 +
 .../knot-resolver-6.0.11-abs_path_socket.patch     | 385 +++++++++++++++++++++
 net-dns/knot-resolver/knot-resolver-6.0.11.ebuild  | 185 ++++++++++
 3 files changed, 572 insertions(+)

diff --git a/net-dns/knot-resolver/Manifest b/net-dns/knot-resolver/Manifest
index c1b1ecd370d2..ce87c6ff3a79 100644
--- a/net-dns/knot-resolver/Manifest
+++ b/net-dns/knot-resolver/Manifest
@@ -2,5 +2,7 @@ DIST knot-resolver-5.7.4.tar.xz 1931124 BLAKE2B 670bd0bac1417fde0f7b6a02797e49e2
 DIST knot-resolver-5.7.4.tar.xz.asc 833 BLAKE2B 6432bc23ff779998eb351d57db34bcd9e41ea928fa5d83463122012d8adad16edec7afbcbfb0f0b41789c7797c895216b793ced2d6a01d69fdc3b0f2d12879cb SHA512 d34a0e1fd8be372c325199ace5bb6f20b2b395a4fb5a6f6f4c2c89f29741ecfd36234900b0e836c174df831716012589231551b13426a6728e37aba6c74c197f
 DIST knot-resolver-6.0.10.tar.xz 2138660 BLAKE2B 9a80e76272b4cb7a30b75b832627529dfbdec7114ef25a576c9a590221e21ef17efef23ec328783f2b687e8f2e0d0cee5b54048a37a0d08a35004ba3e510e14c SHA512 63d5c7a45ca52f02616ac6374625ccddd631cd71a5b6ebc99498e0c28f581eefef1dd5bbb0d8676f1ec53c2023f2b28cebc432e981c51b6166b4b3b1d8443704
 DIST knot-resolver-6.0.10.tar.xz.asc 833 BLAKE2B 5bd7baba40d6577764b3f0d985a2ee7edaff99ce7fc1cd89f42488504c657f1be2a5bf7267eaed225281be6f8154fb21c92ab7ee1d34b844b3001b7ad391d5b6 SHA512 26b8faffe10529559ec9081a567d6c740a9c61f81edf766ea1c32b01129edf9a4049a2844df0c27cb0fd5008e299d6431b099b0a09ac5624f24155d8b1a3b53f
+DIST knot-resolver-6.0.11.tar.xz 2139448 BLAKE2B 0d96790ce3ecb85d9466d90683de77d46f75d360f032ae94d18a7b493eedb58c86f6274a5de2eaed4eca792b3ef6ff673120c3a7526e9167d404b8dd0ccd20f3 SHA512 7a3dd8e925a8ba44c66d00175fd689b4daddacde8ffb96712c3770dbaf1c54a2cb90dda340fe674dc11e1222fdd3e4112aa3df72270f422b4c8d2c60f9af9cea
+DIST knot-resolver-6.0.11.tar.xz.asc 833 BLAKE2B 3e959798699c1dc0698cdb6e0c8509ba8a3287eab485511b18e01cc80e906149095ca9a537b3b4c45969c338022b61afd6377f106506b59f969fdf44d5e729be SHA512 cf6b034a9ad0daf118c18179dea1c32c9de604581735d89127c9c0fe80122a6159b49ec6176bee0955114d12f8ad20e29958a841c9b6464551e3def69d2e3932
 DIST knot-resolver-6.0.9.tar.xz 2127432 BLAKE2B 185a78737f6830b4ff036a537f2ceb032388e50ef050c239f0ce21d84a1fa2d1632aa95802a73d4ff80bcb18cef23f444a10b594121cd449cee3c12182dcab2e SHA512 98b3074927d9cb484738592a6cad84b818130aafd91473ee6e17458884c3ff5cb528e22d020d8b8b92b429feb2e3432e9cb77574f505bdf2e5f6f286009ecd59
 DIST knot-resolver-6.0.9.tar.xz.asc 833 BLAKE2B 10c9c895bd3a728b8a9d3769cb72ccc5dbf5c17164df388d1519c5e4734e21ee568c079191ada6ff76f1a150be911d79c5d1ebb02597c32d1aa5003a5ceaf02d SHA512 b46a9346deda328fbe6638657e2d87903052ac36b11ff5d4f68bd145487687c1c2f43a7b62e40585f5853816b7ed66b1af3b98642e882f72e36cf521f5eb1bce

diff --git a/net-dns/knot-resolver/files/knot-resolver-6.0.11-abs_path_socket.patch b/net-dns/knot-resolver/files/knot-resolver-6.0.11-abs_path_socket.patch
new file mode 100644
index 000000000000..dea7a243bb44
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver-6.0.11-abs_path_socket.patch
@@ -0,0 +1,385 @@
+https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1664.patch
+From a009365df3f0429edfd181d0109372aca1892298 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ale=C5=A1=20Mr=C3=A1zek?= <ales.mrazek@nic.cz>
+Date: Fri, 28 Feb 2025 10:07:08 +0100
+Subject: [PATCH 1/5] Revert "python: constants: added API_SOCKET_NAME"
+
+This reverts commit cee2250c5a52a4d67ea2a37cc97761ba530f856b.
+---
+ python/knot_resolver/constants.py    | 9 +++------
+ python/knot_resolver/constants.py.in | 9 +++------
+ 2 files changed, 6 insertions(+), 12 deletions(-)
+
+diff --git a/python/knot_resolver/constants.py b/python/knot_resolver/constants.py
+index 525e8629c..d65c24acb 100644
+--- a/python/knot_resolver/constants.py
++++ b/python/knot_resolver/constants.py
+@@ -5,18 +5,15 @@ VERSION = "6.0.11"
+ USER = "knot-resolver"
+ GROUP = "knot-resolver"
+ 
+-# default files names
+-API_SOCK_NAME = "kres-api.sock"
+-
+-# default dirs paths
++# dirs paths
+ RUN_DIR = Path("/run/knot-resolver")
+ ETC_DIR = Path("/etc/knot-resolver")
+ SBIN_DIR = Path("/usr/sbin")
+ CACHE_DIR = Path("/var/cache/knot-resolver")
+ 
+-# default files paths
++# files paths
+ CONFIG_FILE = ETC_DIR / "config.yaml"
+-API_SOCK_FILE = RUN_DIR / API_SOCK_NAME
++API_SOCK_FILE = RUN_DIR / "kres-api.sock"
+ 
+ # executables paths
+ KRESD_EXECUTABLE = SBIN_DIR / "kresd"
+diff --git a/python/knot_resolver/constants.py.in b/python/knot_resolver/constants.py.in
+index 8c2974a58..35c25ac64 100644
+--- a/python/knot_resolver/constants.py.in
++++ b/python/knot_resolver/constants.py.in
+@@ -5,18 +5,15 @@ VERSION = "@version@"
+ USER = "@user@"
+ GROUP = "@group@"
+ 
+-# default files names
+-API_SOCK_NAME = "kres-api.sock"
+-
+-# default dirs paths
++# dirs paths
+ RUN_DIR = Path("@run_dir@")
+ ETC_DIR = Path("@etc_dir@")
+ SBIN_DIR = Path("@sbin_dir@")
+ CACHE_DIR = Path("@cache_dir@")
+ 
+-# default files paths
++# files paths
+ CONFIG_FILE = ETC_DIR / "config.yaml"
+-API_SOCK_FILE = RUN_DIR / API_SOCK_NAME
++API_SOCK_FILE = RUN_DIR / "kres-api.sock"
+ 
+ # executables paths
+ KRESD_EXECUTABLE = SBIN_DIR / "kresd"
+-- 
+GitLab
+
+
+From 2b312097f4ed0c0240b70fb365ac5d1f515812bc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ale=C5=A1=20Mr=C3=A1zek?= <ales.mrazek@nic.cz>
+Date: Fri, 28 Feb 2025 10:07:35 +0100
+Subject: [PATCH 2/5] Revert "datamodel: management socket default based on
+ rundir"
+
+This reverts commit 10fb87547af05cd78e76dfb94951c34f4554d090.
+---
+ doc/_static/config.schema.json                |  4 +--
+ python/knot_resolver/client/command.py        | 35 +++++--------------
+ .../knot_resolver/datamodel/config_schema.py  | 17 +++------
+ tests/manager/datamodel/test_config_schema.py | 23 ------------
+ 4 files changed, 15 insertions(+), 64 deletions(-)
+
+diff --git a/doc/_static/config.schema.json b/doc/_static/config.schema.json
+index a429b15dd..0bedbbc4e 100644
+--- a/doc/_static/config.schema.json
++++ b/doc/_static/config.schema.json
+@@ -54,7 +54,7 @@
+             "default": 256
+         },
+         "management": {
+-            "description": "Configuration of management HTTP API. By default, unix-socket is located in 'rundir'.",
++            "description": "Configuration of management HTTP API.",
+             "type": "object",
+             "properties": {
+                 "unix-socket": {
+@@ -75,7 +75,7 @@
+                 }
+             },
+             "default": {
+-                "unix_socket": "kres-api.sock",
++                "unix_socket": "/run/knot-resolver/kres-api.sock",
+                 "interface": null
+             }
+         },
+diff --git a/python/knot_resolver/client/command.py b/python/knot_resolver/client/command.py
+index 464eb16e6..3966f8ca9 100644
+--- a/python/knot_resolver/client/command.py
++++ b/python/knot_resolver/client/command.py
+@@ -4,7 +4,7 @@ from pathlib import Path
+ from typing import Dict, List, Optional, Set, Tuple, Type, TypeVar
+ from urllib.parse import quote
+ 
+-from knot_resolver.constants import API_SOCK_FILE, API_SOCK_NAME, CONFIG_FILE, RUN_DIR
++from knot_resolver.constants import API_SOCK_FILE, CONFIG_FILE
+ from knot_resolver.datamodel.types import IPAddressPort
+ from knot_resolver.utils.modeling import parsing
+ from knot_resolver.utils.modeling.exceptions import DataValidationError
+@@ -154,38 +154,21 @@ def get_socket_from_config(config: Path, optional_file: bool) -> Optional[Socket
+     try:
+         with open(config, "r", encoding="utf8") as f:
+             data = parsing.try_to_parse(f.read())
+-
+-        rkey = "rundir"
+-        rundir = Path(data[rkey]) if rkey in data else RUN_DIR
+-
+         mkey = "management"
+         if mkey in data:
+             management = data[mkey]
+-
+-            ikey = "interface"
+-            if ikey in data[mkey]:
+-                ip = IPAddressPort(data[mkey][ikey], object_path=f"/{mkey}/{ikey}")
++            if "unix-socket" in management:
+                 return SocketDesc(
+-                    f"http://{ip.addr}:{ip.port}",
+-                    f'Key "/management/interface" in "{config}" file',
++                    f'http+unix://{quote(management["unix-socket"], safe="")}/',
++                    f'Key "/management/unix-socket" in "{config}" file',
+                 )
+-
+-            skey = "unix-socket"
+-            if skey in management:
+-                socket = Path(management[skey])
+-                if not socket.is_absolute():
+-                    socket = rundir / socket
++            if "interface" in management:
++                ip = IPAddressPort(management["interface"], object_path=f"/{mkey}/interface")
+                 return SocketDesc(
+-                    f'http+unix://{quote(str(socket), safe="")}/',
+-                    f'Key "/management/unix-socket" in "{config}" file',
++                    f"http://{ip.addr}:{ip.port}",
++                    f'Key "/management/interface" in "{config}" file',
+                 )
+-
+-        socket = rundir / API_SOCK_NAME
+-        return SocketDesc(
+-            f'http+unix://{quote(str(socket), safe="")}/',
+-            f'Key "/rundir" in "{config}" file',
+-        )
+-
++        return None
+     except ValueError as e:
+         raise DataValidationError(*e.args) from e  # pylint: disable=no-value-for-parameter
+     except OSError as e:
+diff --git a/python/knot_resolver/datamodel/config_schema.py b/python/knot_resolver/datamodel/config_schema.py
+index f8733cb11..410e94d7c 100644
+--- a/python/knot_resolver/datamodel/config_schema.py
++++ b/python/knot_resolver/datamodel/config_schema.py
+@@ -1,10 +1,9 @@
+ import logging
+ import os
+ import socket
+-from pathlib import Path
+ from typing import Any, Dict, List, Literal, Optional, Tuple, Union
+ 
+-from knot_resolver.constants import API_SOCK_NAME, RUN_DIR, VERSION
++from knot_resolver.constants import API_SOCK_FILE, RUN_DIR, VERSION
+ from knot_resolver.datamodel.cache_schema import CacheSchema
+ from knot_resolver.datamodel.defer_schema import DeferSchema
+ from knot_resolver.datamodel.dns64_schema import Dns64Schema
+@@ -96,7 +95,7 @@ class KresConfig(ConfigSchema):
+         rundir: Directory where the resolver can create files and which will be it's cwd.
+         workers: The number of running kresd (Knot Resolver daemon) workers. If set to 'auto', it is equal to number of CPUs available.
+         max_workers: The maximum number of workers allowed. Cannot be changed in runtime.
+-        management: Configuration of management HTTP API. By default, unix-socket is located in 'rundir'.
++        management: Configuration of management HTTP API.
+         webmgmt: Configuration of legacy web management endpoint.
+         options: Fine-tuning global parameters of DNS resolver operation.
+         network: Network connections and protocols configuration.
+@@ -119,7 +118,7 @@ class KresConfig(ConfigSchema):
+         rundir: WritableDir = lazy_default(WritableDir, str(RUN_DIR))
+         workers: Union[Literal["auto"], IntPositive] = IntPositive(1)
+         max_workers: IntPositive = IntPositive(WORKERS_MAX)
+-        management: ManagementSchema = lazy_default(ManagementSchema, {"unix-socket": str(API_SOCK_NAME)})
++        management: ManagementSchema = lazy_default(ManagementSchema, {"unix-socket": str(API_SOCK_FILE)})
+         webmgmt: Optional[WebmgmtSchema] = None
+         options: OptionsSchema = OptionsSchema()
+         network: NetworkSchema = NetworkSchema()
+@@ -174,14 +173,6 @@ class KresConfig(ConfigSchema):
+             )
+         return obj.workers
+ 
+-    def _management(self, obj: Raw) -> Any:
+-        if obj.management.unix_socket:
+-            soc = Path(obj.management.unix_socket.serialize())
+-            if soc.is_absolute():
+-                return obj.management
+-            return ManagementSchema({"unix-socket": str(obj.rundir.to_path() / soc)})
+-        return obj.management
+-
+     def _dnssec(self, obj: Raw) -> Any:
+         if obj.dnssec is True:
+             return DnssecSchema()
+@@ -268,7 +259,7 @@ def kres_config_json_schema() -> Dict[str, Any]:
+     """
+ 
+     context = get_global_validation_context()
+-    set_global_validation_context(Context(RUN_DIR, False))
++    set_global_validation_context(Context(None, False))
+ 
+     schema = KresConfig.json_schema(
+         schema_id=f"https://www.knot-resolver.cz/documentation/v{VERSION}/_static/config.schema.json",
+diff --git a/tests/manager/datamodel/test_config_schema.py b/tests/manager/datamodel/test_config_schema.py
+index 437cade8d..9ec2b31b2 100644
+--- a/tests/manager/datamodel/test_config_schema.py
++++ b/tests/manager/datamodel/test_config_schema.py
+@@ -1,9 +1,7 @@
+ import inspect
+ import json
+-import os
+ from typing import Any, Dict, Type, cast
+ 
+-from knot_resolver.constants import API_SOCK_FILE, API_SOCK_NAME, RUN_DIR
+ from knot_resolver.datamodel import KresConfig
+ from knot_resolver.datamodel.lua_schema import LuaSchema
+ from knot_resolver.utils.modeling import BaseSchema
+@@ -51,31 +49,10 @@ def test_config_check_str_type():
+ def test_config_defaults():
+     config = KresConfig()
+ 
+-    # Management API default
+-    assert config.management.unix_socket.to_path() == API_SOCK_FILE
+-
+     # DNS64 default
+     assert config.dns64 == False
+ 
+ 
+-def test_management_unix_socket():
+-    cwd = os.getcwd()
+-    config = KresConfig({"rundir": cwd})
+-    assert str(config.management.unix_socket) == f"{cwd}/{API_SOCK_NAME}"
+-
+-    my_soc = "my-new.soc"
+-    config = KresConfig({"management": {"unix-socket": my_soc}})
+-    assert str(config.management.unix_socket) == f"{RUN_DIR}/{my_soc}"
+-
+-
+-def test_management_interface():
+-    cwd = os.getcwd()
+-    config = KresConfig({"rundir": cwd, "management": {"interface": "127.0.0.1@5000"}})
+-
+-    assert config.management.unix_socket == None
+-    assert str(config.management.interface) == "127.0.0.1@5000"
+-
+-
+ def test_dnssec_false():
+     config = KresConfig({"dnssec": False})
+ 
+-- 
+GitLab
+
+
+From c1f8f7bc043ca31b9aac96c13411769fad17f6b2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ale=C5=A1=20Mr=C3=A1zek?= <ales.mrazek@nic.cz>
+Date: Fri, 28 Feb 2025 10:14:22 +0100
+Subject: [PATCH 3/5] datamodel: management: warning that the unix-socket is
+ not located in rundir
+
+---
+ python/knot_resolver/datamodel/config_schema.py | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/python/knot_resolver/datamodel/config_schema.py b/python/knot_resolver/datamodel/config_schema.py
+index 410e94d7c..713c4a3e2 100644
+--- a/python/knot_resolver/datamodel/config_schema.py
++++ b/python/knot_resolver/datamodel/config_schema.py
+@@ -184,6 +184,14 @@ class KresConfig(ConfigSchema):
+         return obj.dns64
+ 
+     def _validate(self) -> None:
++        # warn about '/management/unix-socket' not located in '/rundir'
++        if self.management.unix_socket and self.management.unix_socket.to_path().parent != self.rundir.to_path():
++            logger.warning(
++                f"The management API unix-socket '{self.management.unix_socket}'"
++                f" is not located in the resolver's rundir '{self.rundir}'."
++                " This can lead to permissions issues."
++            )
++
+         # enforce max-workers config
+         workers_max = _workers_max_count()
+         if int(self.workers) > workers_max:
+-- 
+GitLab
+
+
+From 2c467aceded3cfa6eb077439d63b8637d17155c3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ale=C5=A1=20Mr=C3=A1zek?= <ales.mrazek@nic.cz>
+Date: Fri, 28 Feb 2025 10:17:17 +0100
+Subject: [PATCH 4/5] client: command: get_socket_from_config improved
+
+---
+ python/knot_resolver/client/command.py | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/python/knot_resolver/client/command.py b/python/knot_resolver/client/command.py
+index 3966f8ca9..7a679885a 100644
+--- a/python/knot_resolver/client/command.py
++++ b/python/knot_resolver/client/command.py
+@@ -5,7 +5,7 @@ from typing import Dict, List, Optional, Set, Tuple, Type, TypeVar
+ from urllib.parse import quote
+ 
+ from knot_resolver.constants import API_SOCK_FILE, CONFIG_FILE
+-from knot_resolver.datamodel.types import IPAddressPort
++from knot_resolver.datamodel.types import IPAddressPort, WritableFilePath
+ from knot_resolver.utils.modeling import parsing
+ from knot_resolver.utils.modeling.exceptions import DataValidationError
+ from knot_resolver.utils.requests import SocketDesc
+@@ -154,16 +154,21 @@ def get_socket_from_config(config: Path, optional_file: bool) -> Optional[Socket
+     try:
+         with open(config, "r", encoding="utf8") as f:
+             data = parsing.try_to_parse(f.read())
++
+         mkey = "management"
+         if mkey in data:
+             management = data[mkey]
+-            if "unix-socket" in management:
++
++            skey = "unix-socket"
++            if skey in management:
++                sock = WritableFilePath(management[skey], object_path=f"/{mkey}/{skey}")
+                 return SocketDesc(
+-                    f'http+unix://{quote(management["unix-socket"], safe="")}/',
++                    f'http+unix://{quote(str(sock), safe="")}/',
+                     f'Key "/management/unix-socket" in "{config}" file',
+                 )
+-            if "interface" in management:
+-                ip = IPAddressPort(management["interface"], object_path=f"/{mkey}/interface")
++            ikey = "interface"
++            if ikey in data[mkey]:
++                ip = IPAddressPort(management[ikey], object_path=f"/{mkey}/{ikey}")
+                 return SocketDesc(
+                     f"http://{ip.addr}:{ip.port}",
+                     f'Key "/management/interface" in "{config}" file',
+-- 
+GitLab
+
+
+From f9a75b65cc3664294188de8a5cb93909ea58cadd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ale=C5=A1=20Mr=C3=A1zek?= <ales.mrazek@nic.cz>
+Date: Fri, 28 Feb 2025 10:18:04 +0100
+Subject: [PATCH 5/5] NEWS: update about revert
+
+---
+ NEWS | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/NEWS b/NEWS
+index 70f5db2f0..614177308 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,3 +1,11 @@
++Knot Resolver 6.0.12 (2025-0m-dd)
++=================================
++
++Bugfixes
++--------
++- /management/unix-socket: revert to absolute path (#926, !1664)
++
++
+ Knot Resolver 6.0.11 (2025-02-26)
+ =================================
+ 
+-- 
+GitLab
+

diff --git a/net-dns/knot-resolver/knot-resolver-6.0.11.ebuild b/net-dns/knot-resolver/knot-resolver-6.0.11.ebuild
new file mode 100644
index 000000000000..c7cbc691b42a
--- /dev/null
+++ b/net-dns/knot-resolver/knot-resolver-6.0.11.ebuild
@@ -0,0 +1,185 @@
+# Copyright 2024-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( luajit )
+DISTUTILS_EXT=1
+DISTUTILS_OPTIONAL=1
+DISTUTILS_SINGLE_IMPL=1
+DISTUTILS_USE_PEP517=poetry
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit distutils-r1 lua-single meson optfeature tmpfiles verify-sig
+
+DESCRIPTION="A scaleable caching DNS resolver"
+HOMEPAGE="https://www.knot-resolver.cz https://gitlab.nic.cz/knot/knot-resolver"
+
+SRC_URI="
+	https://knot-resolver.nic.cz/release/${P}.tar.xz
+	verify-sig? ( https://knot-resolver.nic.cz/release/${P}.tar.xz.asc )
+"
+
+LICENSE="Apache-2.0 BSD CC0-1.0 GPL-3+ LGPL-2.1+ MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+
+IUSE="caps dnstap jemalloc +manager nghttp2 systemd test xdp"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="
+	${LUA_REQUIRED_USE}
+	manager? ( ${PYTHON_REQUIRED_USE} )
+"
+
+RDEPEND="
+	${LUA_DEPS}
+	acct-group/knot-resolver
+	acct-user/knot-resolver
+	dev-db/lmdb:=
+	dev-libs/libuv:=
+	>=net-dns/knot-3.3:=[xdp?]
+	net-libs/gnutls:=
+	caps? ( sys-libs/libcap-ng )
+	dnstap? (
+		dev-libs/fstrm
+		dev-libs/protobuf-c:=
+	)
+	jemalloc? ( dev-libs/jemalloc:= )
+	manager? (
+		${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			app-admin/supervisor[${PYTHON_USEDEP}]
+			dev-python/aiohttp[${PYTHON_USEDEP}]
+			dev-python/jinja2[${PYTHON_USEDEP}]
+			dev-python/pyyaml[${PYTHON_USEDEP}]
+			dev-python/typing-extensions[${PYTHON_USEDEP}]
+		')
+	)
+	nghttp2? ( net-libs/nghttp2:= )
+	systemd? ( sys-apps/systemd:= )
+"
+DEPEND="
+	${RDEPEND}
+	test? (
+		dev-util/cmocka
+		manager? (
+			$(python_gen_cond_dep '
+				dev-python/pyparsing[${PYTHON_USEDEP}]
+				dev-python/pytest-asyncio[${PYTHON_USEDEP}]
+				dev-python/tomli[${PYTHON_USEDEP}]
+			')
+		)
+	)
+"
+BDEPEND="
+	virtual/pkgconfig
+	manager? (
+		${DISTUTILS_DEPS}
+		${PYTHON_DEPS}
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-knot-resolver-20240304 )
+"
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/${PN}.gpg
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-5.5.3-docdir.patch
+	"${FILESDIR}"/${PN}-5.5.3-nghttp-openssl.patch
+	"${FILESDIR}"/${PN}-6.0.9-libsystemd.patch
+	"${FILESDIR}"/${PN}-6.0.9-config-example.patch
+	"${FILESDIR}"/${PN}-6.0.9-pytest_tomli.patch
+	# to be removed at next release 6.0.12
+	"${FILESDIR}"/${PN}-6.0.11-abs_path_socket.patch
+)
+
+pkg_setup() {
+	lua-single_pkg_setup
+	use manager && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+	use manager && distutils-r1_src_prepare
+}
+
+src_configure() {
+	local emesonargs=(
+		--localstatedir "${EPREFIX}"/var # double lib
+		# https://bugs.gentoo.org/870019
+		-Dauto_features=disabled
+		# post-install tests
+		-Dconfig_tests=disabled
+		-Ddoc=disabled
+		-Ddocdir="${EPREFIX}"/usr/share/doc/${PF}
+		-Dinstall_kresd_conf=enabled
+		-Dopenssl=disabled
+		-Dmalloc=$(usex jemalloc jemalloc disabled)
+		-Dsystemd_files=enabled
+		$(meson_feature caps capng)
+		$(meson_feature dnstap)
+		$(meson_feature nghttp2)
+		$(meson_feature systemd)
+		$(meson_feature systemd systemd_legacy_units)
+		$(meson_feature test unit_tests)
+	)
+	meson_src_configure
+}
+
+src_compile() {
+	meson_src_compile
+	use manager && distutils-r1_src_compile
+}
+
+src_test() {
+	meson_src_test
+	use manager && distutils-r1_src_test
+}
+
+python_test() {
+	epytest tests/manager
+}
+
+src_install() {
+	meson_src_install
+	if use manager; then
+		distutils-r1_src_install
+		newinitd "${FILESDIR}"/knot-resolver.initd knot-resolver
+		newconfd "${FILESDIR}"/knot-resolver.confd knot-resolver
+	else
+		rm "${ED}"/usr/lib/systemd/system/knot-resolver.service || die
+	fi
+	fowners -R ${PN}: /etc/${PN}
+	newinitd "${FILESDIR}"/kresd.initd-r2 kresd
+	newconfd "${FILESDIR}"/kresd.confd-r1 kresd
+	newinitd "${FILESDIR}"/kres-cache-gc.initd kres-cache-gc
+}
+
+pkg_postinst() {
+	tmpfiles_process knot-resolver.conf
+	if use manager; then
+		elog "You choose the new way, called the manager, to start Knot Resolver:"
+		use systemd && elog "	systemctl start knot-resolver.service"
+		use !systemd && elog "	/etc/init.d/knot-resolver start"
+		elog "Configuration file: /etc/knot-resolver/config.yaml"
+		elog ""
+		elog "The older way, without the manager, is still available:"
+	else
+		elog "You choose the older way, without the manager, to start Knot Resolver:"
+	fi
+	use systemd && elog "	systemctl start kresd@N.service"
+	use !systemd && elog "	/etc/init.d/kresd start"
+	elog "Configuration file: /etc/knot-resolver/kresd.conf"
+	elog "Optional garbage collector: /etc/init.d/kres-cache-gc"
+	elog ""
+	use !manager && elog "The new way is available with the useflag manager."
+	elog ""
+
+	optfeature_header "This package is recommended with Knot Resolver:"
+	optfeature "asynchronous execution, especially with policy module" dev-lua/cqueues
+	elog ""
+	optfeature_header "Other packages may also be useful:"
+	use manager && optfeature "Prometheus metrics (need manager)" dev-python/prometheus-client
+	use manager && optfeature "auto-reload TLS certificate files (need manager)" dev-python/watchdog
+	optfeature "legacy doh and webmgmt (metrics, tracking)" dev-lua/lua-http
+	optfeature "server map with geoIP database (webmgmt)" dev-lua/lua-mmdb
+}