281087 – dns/knot3 + dns/py-libknot: upgrade to 3.4.0

Bug 281087 - dns/knot3 + dns/py-libknot: upgrade to 3.4.0

Summary: dns/knot3 + dns/py-libknot: upgrade to 3.4.0

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Vladimir Druzenko

URL:	https://www.knot-dns.cz/2024-09-02-ve...
Keywords:

Depends on:
Blocks:

Reported:	2024-08-27 09:50 UTC by Leo Vandewoestijne
Modified:	2024-10-04 00:06 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
knot changes (1.66 KB, patch) 2024-08-27 09:50 UTC, Leo Vandewoestijne	freebsd: maintainer-approval+	Details \| Diff
knot / py-libknot 3.3.9 (2.80 KB, patch) 2024-08-28 11:06 UTC, Leo Vandewoestijne	no flags	Details \| Diff
knot 3.4.0 (7.39 KB, patch) 2024-09-04 18:32 UTC, Leo Vandewoestijne	freebsd: maintainer-approval+	Details \| Diff
knot 3.4.0 update v2 (6.04 KB, patch) 2024-09-24 14:18 UTC, Leo Vandewoestijne	freebsd: maintainer-approval+	Details \| Diff
Makefile v1 (5.07 KB, text/plain) 2024-09-30 22:07 UTC, Vladimir Druzenko	no flags	Details
Makefile v2 (5.30 KB, text/plain) 2024-09-30 22:51 UTC, Vladimir Druzenko	vvd: maintainer-approval?	Details
knot 3.4.0 update v3 (5.95 KB, patch) 2024-10-03 12:39 UTC, Leo Vandewoestijne	freebsd: maintainer-approval+	Details \| Diff
Show Obsolete (5) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Leo Vandewoestijne 2024-08-27 09:50:49 UTC

Created attachment 253115 [details]
knot changes

This patch 
- updates dns/knot3 from 3.3.8 to 3.3.9
- updates dns/py-libknot from 3.3.8 to 3.3.9
- moves distfile of dns/py-libknot to dns/knot3/distinfo.py-libknot, to simplify future versions changes simple / avoid glitches.
- removes absolete dns/py-libknot/distinfo

Changes both dns/knot3 as well as dns/py-libknot are all tested succesfully in Poudriere (13.2, 14.0 and 14.1 - AMD64).

As libngtcp2 1.7.0 is released, this PR is best applied after PR 281038
(to avoid another PORTREVISION).

Comment 1 Leo Vandewoestijne 2024-08-27 09:54:58 UTC

(In reply to Leo Vandewoestijne from comment #0)
> best applied after PR 281038
FYI: my testing was done with libngtcp2 1.7.0 in place.

Comment 2 Vladimir Druzenko freebsd_committer

2024-08-27 16:09:23 UTC

dns/knot3 build without net/libngtcp2 if version is < 0.17.0:
checking for libngtcp2 >= 0.17.0 libngtcp2_crypto_gnutls... no

Comment 3 Vladimir Druzenko freebsd_committer

2024-08-27 16:11:25 UTC

(In reply to Vladimir Druzenko from comment #2)
But net/libngtcp2 is 1.6.0 > 0.17.0…

Comment 4 Leo Vandewoestijne 2024-08-28 11:06:43 UTC

Created attachment 253145 [details]
knot / py-libknot 3.3.9

(In reply to Vladimir Druzenko from comment #3)
> checking for libngtcp2 >= 0.17.0 libngtcp2_crypto_gnutls... no
> But net/libngtcp2 is 1.6.0 > 0.17.0…
I'm puzzled why I don't have any version definitions.
I guess I lost those when recreating the port, when 3.0.0 was released.

Anyway, in the Knot 3.3 manual I found:
- Knot DNS requires liburcu >= 0.5.4
- ED25519 requires gnutls 3.6.0+.
- ED448 requires gnutls 3.6.12+ and nettle 3.6+.
- DoQ requires gnutls >= 3.7.3

So I've added few adjustments. Including libngctp2 >= 1.7.0
(though the manual indeed specifies 0.17.0 as minimum).
And so requires the patch from PR 281038:
https://bugs.freebsd.org/bugzilla/attachment.cgi?id=253064

Again tested in poudriere. All fine.
But (@Vladimir): could you please disclose how I maybe could replicate that error you've encountered?

Comment 5 Vladimir Druzenko freebsd_committer

2024-08-28 11:10:15 UTC

(In reply to Leo Vandewoestijne from comment #4)
It's message from configure stage in poudriere.

Comment 6 Vladimir Druzenko freebsd_committer

2024-08-28 12:19:12 UTC

(In reply to Leo Vandewoestijne from comment #4)
With ngtcp2 1.7.0 and new patch:
…
checking for libngtcp2 >= 0.17.0 libngtcp2_crypto_gnutls... no
…
DoQ support:            no

Check configure:
configure --help
  --enable-quic=auto|yes|no|embedded
                          Support DoQ (needs libngtcp2 >= 0.17.0, gnutls >=
                          3.7.3) [default=auto]
If add:
DOQ_CONFIGURE_ENABLE=          quic=yes
or
DOQ_CONFIGURE_ON=               --enable-quic=yes
then:
checking for libngtcp2 >= 0.17.0 libngtcp2_crypto_gnutls... no
    DoQ support:            embedded

Result is plist error:
====> Running Q/A tests (stage-qa)
Warning: you might not need LIB_DEPENDS on libnettle.so
Warning: you might not need LIB_DEPENDS on libngtcp2.so
Warning: you might not need LIB_DEPENDS on libedit.so.0
====> Checking for pkg-plist issues (check-plist)
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
Error: Orphaned: include/lib%%USERS%%/quic/quic.h
Error: Orphaned: include/lib%%USERS%%/quic/quic_conn.h
===> Checking for items in pkg-plist which are not in STAGEDIR
===> Error: Plist issues found.
*** Error code 1


Also:
1.
OPTIONS_DEFAULT=                DAEMON UTILS FASTPARSER DOH DOQ IDN MODACL MODAUTH MODCOOKIES
OPTIONS_DEFAULT+=               MODPROXY MODNOUDP MODPROBE MODRRL MODSIGN MODSTATS MODSYNTH MODWHOAMI
=>
OPTIONS_DEFAULT=                DAEMON UTILS FASTPARSER DOH DOQ IDN MODACL \
                                MODAUTH MODCOOKIES MODPROXY MODNOUDP MODPROBE \
                                MODRRL MODSIGN MODSTATS MODSYNTH MODWHOAMI
2.
OPTIONS_GROUP_DAEMONGR=         DNSTAP FASTPARSER MODACL MODAUTH MODCOOKIES MODPROXY MODGEO
OPTIONS_GROUP_DAEMONGR+=        MODNOUDP MODPROBE MODRRL MODSIGN MODSTATS MODSYNTH MODWHOAMI
=>
OPTIONS_GROUP_DAEMONGR=         DNSTAP FASTPARSER MODACL MODAUTH MODCOOKIES \
                                MODPROXY MODGEO MODNOUDP MODPROBE MODRRL \
                                MODSIGN MODSTATS MODSYNTH MODWHOAMI

3. Typo:
DEAMON_BUILD_DEPENDS=           liburcu>=0.5.4:sysutils/liburcu
=>
DAEMON_BUILD_DEPENDS=           liburcu>=0.5.4:sysutils/liburcu

4.
DAEMON_CONFIGURE_ENABLE=        daemon
DAEMON_CONFIGURE_ENABLE+=       modules
=>
DAEMON_CONFIGURE_ENABLE=        daemon modules

5.
DAEMON_CONFIGURE_WITH=          rundir=${RUNDIR}
DAEMON_CONFIGURE_WITH+=         storage=${DATADIR}
=>
DAEMON_CONFIGURE_WITH=          rundir=${RUNDIR} storage=${DATADIR}

Comment 7 Leo Vandewoestijne 2024-09-04 18:32:36 UTC

Created attachment 253330 [details]
knot 3.4.0

Meanwhile 3.4.0 was released.

As the libngtcp2 PR is taking longer than I'd expected, I lowered the need to the current portversion (1.6.0).

Also something is preventing the manual to be installed (the default).
And I was unable to to find the cause (yet).

Comment 8 Vladimir Druzenko freebsd_committer

2024-09-06 20:12:38 UTC

To support DoQ with external libngtcp2 (not embedded) port net/libngtcp2 must build with:
1) CMAKE_ON+=ENABLE_GNUTLS.
2) LIB_DEPENDS+=libgnutls.so:security/gnutls
3) and add to pkg-plist:
include/ngtcp2/ngtcp2_crypto.h
include/ngtcp2/ngtcp2_crypto_gnutls.h
lib/libngtcp2_crypto_gnutls.a
lib/libngtcp2_crypto_gnutls.so
lib/libngtcp2_crypto_gnutls.so.8
lib/libngtcp2_crypto_gnutls.so.8.1.1
libdata/pkgconfig/libngtcp2_crypto_gnutls.pc

This can be default option GNUTLS or mandatory on.

Or you can use embedded copy of libngtcp2 and remove dependency from port net/libngtcp2.

What is your decision?

BTW, why do you need libnettle.so:security/nettle?
It isn't used:
Warning: you might not need LIB_DEPENDS on libnettle.so

Comment 9 Vladimir Druzenko freebsd_committer

2024-09-06 22:15:14 UTC

Also you don't need this:
BUILD_DEPENDS=  gnutls>=3.7.3:security/gnutls \
                lmdb>=0.9.15:databases/lmdb
Current versions in port are newer: 3.8.7.1 and 0.9.33.

Comment 10 Leo Vandewoestijne 2024-09-24 14:18:46 UTC

Created attachment 253794 [details]
knot 3.4.0 update v2

> BTW, why do you need libnettle.so:security/nettle?
>
Various options return even more alike warnings.

====> Running Q/A tests (stage-qa)
Warning: you might not need LIB_DEPENDS on libnettle.so
Warning: you might not need LIB_DEPENDS on libngtcp2.so
Warning: you might not need LIB_DEPENDS on libedit.so.0

- nettle is according the manual needed for Ed448 support, but whatever combination of options you set, the warning always remains.
  https://www.knot-dns.cz/docs/3.4/singlehtml/#required-libraries

- libngtcp2 see below.

- libedit is unclear when required or when not, so rather safe than sorry.



> Or you can use embedded copy of libngtcp2 and remove dependency from port net/libngtcp2.
> What is your decision?
>
NIC.CZ prefers the systems copy over their embedded one.
However, whatever I do, I never get anything other than
    DoQ support:            embedded

Your gnutls instructions don't seem to work for me, so I guess I misunderstand something.
So now the net/libngtcp2 seems never used - which likely must be my shortcoming somewhere, because at some point I saw the same plist entries.
For now it works. Or better said: doesn't fail. But needs to be addressed in the future.

Other than that, attached patch should address all uglyness, and looks fine to me now.

Comment 11 Vladimir Druzenko freebsd_committer

2024-09-24 14:33:55 UTC

    Use recvmmsg:           no
    Use SO_REUSEPORT(_LB):  yes
    XDP support:            no
    DoQ support:            yes
    Socket polling:         kqueue
    Atomic support:         C11
    Memory allocator:       auto

Build net/libngtcp2 with my patch:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281038#c4

Comment 12 Leo Vandewoestijne 2024-09-25 12:18:39 UTC

Aha, I found out I was testing too hard.
If I start from the begin and do exactly what you wrote, then it's all fine.

Comment 13 Vladimir Druzenko freebsd_committer

2024-09-30 22:07:16 UTC

Created attachment 253913 [details]
Makefile v1

net/libngtcp2_gnutls fixed!

> nettle is according the manual needed for Ed448 support
nettle used by gnutls, but knot doesn't use it directly.

I have:
    Ed448 support:          yes
even without nettle in Makefile.

Also we don't need BUILD_DEPENDS=port if we have LIB_DEPENDS=port.

So I suggest to commit my Makefile.

Comment 14 Vladimir Druzenko freebsd_committer

2024-09-30 22:51:29 UTC

Created attachment 253922 [details]
Makefile v2

Merged your changes from last patch.

Comment 15 Leo Vandewoestijne 2024-10-03 12:39:42 UTC

Created attachment 253980 [details]
knot 3.4.0 update v3

> Merged your changes from last patch.

Yes, looks like we're exactly on the same page.
However I think I'm maybe missing

USES= compiler:c11

DOCS_BUILD_DEPENDS=            sphinx-build:textproc/py-sphinx

It's what NIC.CZ indicates to be needed, but maybe a non-issue.

Plus, wish to ensure that
DISTINFO_FILE= ${.CURDIR}/../knot3/distinfo.py-libknot
is truly added to dns/py-libknot/Makefile
(and the refered file contains the desired checksums).

Other than that, yes, also yours LFTM.

Comment 16 commit-hook freebsd_committer

2024-10-04 00:06:05 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6e304f0fa332ddd7ea35bd83b85f38a7d288f2d6

commit 6e304f0fa332ddd7ea35bd83b85f38a7d288f2d6
Author:     Leo Vandewoestijne <freebsd@dns.company>
AuthorDate: 2024-10-03 23:50:26 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2024-10-04 00:05:09 +0000

    dns/{knot3,py-libknot}: Update 3.3.8 → 3.4.0, improve ports

    Changelog:
    https://www.knot-dns.cz/2024-09-02-version-340.html

    PR:     281087

 dns/knot3/Makefile                  | 66 +++++++++++++++++++------------------
 dns/knot3/distinfo                  |  6 ++--
 dns/knot3/distinfo.py-libknot (new) |  3 ++
 dns/knot3/knotdns.mk                |  2 +-
 dns/knot3/pkg-plist                 |  9 +++--
 dns/py-libknot/Makefile             |  4 ++-
 dns/py-libknot/distinfo (gone)      |  3 --
 7 files changed, 51 insertions(+), 42 deletions(-)

Comment 17 Vladimir Druzenko freebsd_committer

2024-10-04 00:06:55 UTC

Committed!