unbound: refactor build options to select switches

The two unique packages "Unbound light" and "Unbound heavy"
were not working well due to the fact that Unbound is mostly
its library. Tools and helpers would crash. Instead a reasonable
default Unbound is built. Also up select options like python
are added. libevent and libpthreads are options to down select.

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>

diff --git a/net/libreswan/Makefile b/net/libreswan/Makefile
index c040039c4a5152cb928b50d3c2ca886c07d415b8..d45f79326c84aa696aeb1c28c3814346c6606b15 100644 (file)
--- a/net/libreswan/Makefile
+++ b/net/libreswan/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libreswan
 PKG_VERSION:=3.32
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://download.libreswan.org/
@@ -45,7 +45,7 @@ $(call Package/libreswan/Default)
        +kmod-crypto-aead +kmod-crypto-authenc +kmod-crypto-gcm \
        +kmod-crypto-hash +kmod-crypto-rng +kmod-ip-vti +kmod-ipsec \
        +kmod-ipsec4 +kmod-ipt-ipsec +libevent2 +libevent2-pthreads \
-       +libldns +librt +libunbound-heavy +nss-utils +nspr +libcap-ng
+       +libldns +librt +libunbound +nss-utils +nspr +libcap-ng
   PROVIDES:=openswan
   CONFLICTS:=strongswan
   TITLE+= IPsec Server

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index fff82d1d19b9eef1fd462b64d8c0d91b6c7e85c9..12f0e3a8ffa6ffc42d2934ef5a99ce9156ea0980 100644 (file)
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
 PKG_VERSION:=1.10.1
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound
@@ -24,6 +24,13 @@ PKG_BUILD_PARALLEL:=1
 PKG_FIXUP:=autoreconf
 PKG_INSTALL:=1
 
+PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_libunbound_dnscrypt \
+       CONFIG_PACKAGE_libunbound_ipset \
+       CONFIG_PACKAGE_libunbound_libevent \
+       CONFIG_PACKAGE_libunbound_libpthread \
+       CONFIG_PACKAGE_libunbound_pythonmodule \
+       CONFIG_PACKAGE_libunbound_subnet
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/unbound/Default
@@ -38,63 +45,34 @@ endef
 
 define Package/unbound-daemon
   $(call Package/unbound/Default)
-  TITLE+= (daemon, light traffic)
-  DEPENDS+= +libunbound-light
-  VARIANT:=light
+  TITLE+= (daemon)
+  DEPENDS+= +libunbound
 endef
 
 define Package/unbound-daemon/description
-  This package contains the Unbound daemon with basic includes
-  necessary to meet the needs of UCI/LuCI configuration optoins.
+  This package contains the Unbound daemon including 'libevent', 'libmnl', and
+  'libpthread' to better handle large networks with heavy query loads. Options
+  are available under libraries/network/libunbound to custom trim Unbound for
+  smaller targets.
 endef
 
-define Package/unbound-daemon-heavy
-  $(call Package/unbound/Default)
-  TITLE+= (daemon, heavy traffic)
-  URL:=https://nlnetlabs.nl/documentation/unbound/howto-optimise
-  DEPENDS+= +libunbound-heavy +libpthread +libevent2 +libevent2-pthreads +libmnl
-  VARIANT:=heavy
-  PROVIDES:=unbound-daemon
-endef
-
-define Package/unbound-daemon-heavy/description
-  This package contains the Unbound daemon including 'libevent' and
-  'libpthread' to better handle large networks with heavy query loads.
-  It also offers ipset support.
-endef
-
-define Package/libunbound-light
+define Package/libunbound
   $(call Package/unbound/Default)
   SECTION:=libs
   CATEGORY:=Libraries
   SUBMENU:=Networking
-  TITLE+= (library, light traffic)
-  VARIANT:=light
-  PROVIDES:=libunbound
-  DEFAULT_VARIANT:=1
+  TITLE+= (library)
+  DEPENDS+=+PACKAGE_libunbound_dnscrypt:libsodium \
+    +PACKAGE_libunbound_ipset:libmnl \
+    +PACKAGE_libunbound_libevent:libevent2 \
+       +PACKAGE_libunbound_libpthread:libpthread \
+       +PACKAGE_libunbound_pythonmodule:python3-base
 endef
 
-define Package/libunbound-light/description
-  This package contains the Unbound shared library with basic includes
-  necessary to meet the needs of UCI/LuCI configuration options.
-endef
-
-define Package/libunbound-heavy
-  $(call Package/unbound/Default)
-  SECTION:=libs
-  CATEGORY:=Libraries
-  SUBMENU:=Networking
-  TITLE+= (library, heavy traffic)
-  URL:=https://nlnetlabs.nl/documentation/unbound/howto-optimise
-  DEPENDS+= +libpthread +libevent2 +libevent2-pthreads +libmnl
-  VARIANT:=heavy
-  PROVIDES:=libunbound
-endef
-
-define Package/libunbound-heavy/description
-  This package contains the Unbound shared library including 'libevent' and
-  'libpthread' to better handle large networks with heavy query loads. It
-  also offers ipset support.
+define Package/libunbound/description
+  This package contains the Unbound library including 'libevent', 'libmnl', and
+  'libpthread' to better handle large networks with heavy query loads. Options
+  are available to custom trim Unbound for smaller targets.
 endef
 
 define Package/unbound-anchor
@@ -147,6 +125,29 @@ define Package/unbound-host/description
   This package contains the Unbound DNS lookup utility.
 endef
 
+define Package/libunbound/config
+       if PACKAGE_libunbound
+       config PACKAGE_libunbound_dnscrypt
+               bool "Build with DNSCRYPT support."
+               default n
+       config PACKAGE_libunbound_ipset
+               bool "Build with IPSET (libmnl) support."
+               default y
+       config PACKAGE_libunbound_libevent
+               bool "Build with expanded network resource (libevent) support."
+               default y
+       config PACKAGE_libunbound_libpthread
+               bool "Build with POSIX threading (libpthread) support."
+               default y
+       config PACKAGE_libunbound_pythonmodule
+               bool "Build with PYTHON module for prototyping and data analysis."
+               default n
+       config PACKAGE_libunbound_subnet
+               bool "Build with SUBNET cache module support."
+               default n
+       endif
+endef
+
 CONFIGURE_ARGS += \
        --disable-dsa \
        --disable-gost \
@@ -159,21 +160,17 @@ CONFIGURE_ARGS += \
        --with-user=unbound \
        --with-run-dir=/var/lib/unbound \
        --with-conf-file=/var/lib/unbound/unbound.conf \
-       --with-pidfile=/var/run/unbound.pid
-
-ifeq ($(BUILD_VARIANT),heavy)
-       CONFIGURE_ARGS += \
-               --enable-ipset \
-               --with-pthreads \
-               --with-libevent="$(STAGING_DIR)/usr" \
-               --with-libmnl="$(STAGING_DIR)/usr" \
-               --enable-event-api
-else
-    CONFIGURE_ARGS += \
-               --without-pthreads \
-               --without-solaris-threads \
-               --without-libevent
-endif
+       --with-pidfile=/var/run/unbound.pid \
+    $(if $(CONFIG_PACKAGE_libunbound_dnscrypt), \
+        --enable-dnscrypt --with-libsodium="$(STAGING_DIR)/usr",) \
+    $(if $(CONFIG_PACKAGE_libunbound_ipset), \
+        --enable-ipset --with-libmnl="$(STAGING_DIR)/usr",) \
+    $(if $(CONFIG_PACKAGE_libunbound_libevent), \
+        --enable-event-api --with-libevent="$(STAGING_DIR)/usr",--without-libevent) \
+    $(if $(CONFIG_PACKAGE_libunbound_libpthread), \
+        --with-pthreads,--without-pthreads --without-solaris-threads) \
+    $(if $(CONFIG_PACKAGE_libunbound_python),--with-pythonmodule,) \
+    $(if $(CONFIG_PACKAGE_libunbound_subnet),--enable-subnet,) \
 
 define Package/unbound-daemon/conffiles
 /etc/config/unbound
@@ -182,14 +179,12 @@ define Package/unbound-daemon/conffiles
 /etc/unbound/unbound_srv.conf
 endef
 
-Package/unbound-daemon-heavy/conffiles = $(Package/unbound-daemon/conffiles)
-
 define Build/InstallDev
        $(INSTALL_DIR) $(1)/usr/lib
        $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libunbound.{so*,a,la} $(1)/usr/lib/
        $(INSTALL_DIR) $(1)/usr/include
        $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/unbound.h $(1)/usr/include/
-ifeq ($(BUILD_VARIANT),heavy)
+ifneq ($(CONFIG_PACKAGE_libunbound_libevent),)
        $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/unbound-event.h $(1)/usr/include/
 endif
 endef
@@ -221,15 +216,11 @@ define Package/unbound-daemon/install
        $(INSTALL_DATA) ./files/unbound.sh $(1)/usr/lib/unbound/unbound.sh
 endef
 
-Package/unbound-daemon-heavy/install = $(Package/unbound-daemon/install)
-
-define Package/libunbound-light/install
+define Package/libunbound/install
        $(INSTALL_DIR) $(1)/usr/lib
        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libunbound.so.* $(1)/usr/lib/
 endef
 
-Package/libunbound-heavy/install = $(Package/libunbound-light/install)
-
 define Package/unbound-anchor/install
        $(INSTALL_DIR) $(1)/usr/sbin
        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/unbound-anchor $(1)/usr/sbin/
@@ -256,9 +247,7 @@ define Package/unbound-host/install
 endef
 
 $(eval $(call BuildPackage,unbound-daemon))
-$(eval $(call BuildPackage,unbound-daemon-heavy))
-$(eval $(call BuildPackage,libunbound-light))
-$(eval $(call BuildPackage,libunbound-heavy))
+$(eval $(call BuildPackage,libunbound))
 $(eval $(call BuildPackage,unbound-anchor))
 $(eval $(call BuildPackage,unbound-checkconf))
 $(eval $(call BuildPackage,unbound-control))

diff --git a/net/unbound/files/README.md b/net/unbound/files/README.md
index ec06de5a0629b291bcecfc3e1416d0a51030db58..64f8eeb104339571dc2519b54f97a46491ba0ad2 100644 (file)
--- a/net/unbound/files/README.md
+++ b/net/unbound/files/README.md
@@ -190,6 +190,11 @@ config zone
   list zone_name '.'
 ```
 
+## Optional Compile Switches
+Unbound can be changed by toggling switches within `make menuconfig` Libraries/Network/libunbound. Disable libevent, libpthread, and ipset to attempt to gain performance and size on small single core targets. These downgrade options are well tested, but they are not needed unless Unbound will not fit. Take care before enabling subnetcache, dnscrypt, and python options. These enhancements are not fully tested within OpenWrt and python is a large dependency. These enhancements are default off and they do not have UCI. You will need to use the files `/etc/unbound/unbound_srv.conf` and `/etc/unbound/unbound_ext.conf` to configure these modules. The `server:` clause line `module: subnetcache validator python iterator` will be filled out if the modules are compiled in.
+
+Note: if you use python, then you will need to manual configure and you cannot use chroot. The scripts are not yet enhanced enough to set up the directory binding.
+
 ## Complete List of UCI Options
 **/etc/config/unbound**:
 ```

diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index a57d81d4ea4083c9ad50b731f3bb5e378c9b6c14..ed5a89a05c20785e5751f2811b7e2c4d86cf13c8 100644 (file)
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -547,7 +547,7 @@ unbound_zone() {
 ##############################################################################
 
 unbound_conf() {
-  local rt_mem rt_conn rt_buff modulestring domain ifsubnet
+  local rt_mem rt_conn rt_buff modulestring domain ifsubnet moduleopts
 
   {
     # server: for this whole function
@@ -768,9 +768,17 @@ unbound_conf() {
 
 
   # Assembly of module-config: options is tricky; order matters
+  moduleopts="$( /usr/sbin/unbound -V )"
   modulestring="iterator"
 
 
+  case $moduleopts in
+  *with-python*)
+    modulestring="python $modulestring"
+    ;;
+  esac
+
+
   if [ "$UB_B_DNSSEC" -gt 0 ] ; then
     if [ "$UB_B_NTP_BOOT" -gt 0 ] ; then
       # DNSSEC chicken and egg with getting NTP time
@@ -789,6 +797,13 @@ unbound_conf() {
   fi
 
 
+  case $moduleopts in
+  *enable-subnet*)
+    modulestring="subnetcache $modulestring"
+    ;;
+  esac
+
+
   if [ "$UB_B_DNS64" -gt 0 ] ; then
     echo "  dns64-prefix: $UB_IP_DNS64" >> $UB_CORE_CONF