GNU bug report logs - #41363
knot-resolver: Enable reloading of policy files (add lua-cqueues)

Previous Next

Package: guix-patches;

Reported by: Simon South <simon <at> simonsouth.net>

Date: Sun, 17 May 2020 15:50:01 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #33 received at 41363-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Simon South <simon <at> simonsouth.net>
Cc: 41363-done <at> debbugs.gnu.org
Subject: Re: [bug#41363] knot-resolver: Enable reloading of policy files (add
 lua-cqueues)
Date: Thu, 25 Jun 2020 12:26:38 +0200

Hi Simon,

Simon South <simon <at> simonsouth.net> skribis:

> This patch series enables the automatic reloading of response-policy
> zone (RPZ) files by Knot Resolver. Specifically these patches
>
> - Add package definitions for the cqueues Lua extension module and the
>   luaossl module on which it relies, and
>
> - Add lua5.1-cqueues as an input to knot-resolver.
>
> With these changes applied, Knot Resolver can be configured with lines
> like
>
>     modules = { 'policy' }
>     policy.add(policy.rpz(policy.DENY, '/etc/dns/blacklist.txt', true))
>
> and it will automatically reload RPZ rules from /etc/dns/blacklist.txt
> whenever that file changes. This makes it easy to use Knot Resolver to
> block unwanted sites using a list of domains downloaded periodically
> from the Internet.
>
> I've tested these changes on x86-64 and aarch64. On x86-64 everything
> works as expected.

I went ahead and applied this patch series (builds fine on x86_64).

> On aarch64, the packages build and install fine but Knot Resolver fails
> to load the configuration above with
>
>     policy.lua:430: [poli] lua-cqueues required to watch and reload RPZ file
>
> This is due to a known issue with LuaJIT on aarch64 (see e.g.
> https://github.com/LuaJIT/LuaJIT/pull/230):
>
>     $ ./pre-inst-env guix environment knot-resolver --ad-hoc knot-resolver
>     $ $(head -n 3 `which kresd` | tail -n 2)  # set LUA_PATH, LUA_CPATH
>     $ luajit -e 'require("cqueues")'
>     luajit: bad light userdata pointer
>     stack traceback:
>             [C]: at 0xffffa556a960
>             [C]: in function 'require'
>             ...
>     $
>
> Otherwise (i.e. after changing "true" to "false" in the configuration
> above) Knot Resolver continues to work as it did before, so I expect
> existing users will not be affected.
>
> I'll work on diagnosing the upstream bug but thought I'd submit these
> patches in the meantime.

Should we disable the Lua dependency on AArch64?

Thank you, and apologies for the delay!

Ludo’.
This bug report was last modified 4 years and 331 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.