From c07ce093ecc6a62e10a9abff39e96a27540c3fbc Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Thu, 7 May 2020 13:12:38 +0200 Subject: [PATCH] unbound: allow building with systemd support Systemd has to remain an optional (non-default) dependency as otherwise we will have an unpleasant bootstrap cycle. Most (if not all) of the (lib)unbound consumers will likely not care about unbound's systemd integration that only affects the daemon mode, anyway. --- pkgs/tools/networking/unbound/default.nix | 40 ++++++++++++++++++----- 1 file changed, 31 insertions(+), 9 deletions(-) diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/tools/networking/unbound/default.nix index 9b33d53e54f1..72653b672ee3 100644 --- a/pkgs/tools/networking/unbound/default.nix +++ b/pkgs/tools/networking/unbound/default.nix @@ -1,4 +1,24 @@ -{ stdenv, fetchurl, openssl, nettle, expat, libevent, dns-root-data }: +{ stdenv +, lib +, fetchurl +, openssl +, nettle +, expat +, libevent +, dns-root-data +, pkg-config + # + # By default unbound will not be built with systemd support. Unbound is a very + # commmon dependency. The transitive dependency closure of systemd also + # contains unbound. + # Since most (all?) (lib)unbound users outside of the unbound daemon usage do + # not need the systemd integration it is likely best to just default to no + # systemd integration. + # For the daemon use-case, that needs to notify systemd, use `unbound-with-systemd`. + # +, withSystemd ? false +, systemd ? null +}: stdenv.mkDerivation rec { pname = "unbound"; @@ -11,7 +31,7 @@ stdenv.mkDerivation rec { outputs = [ "out" "lib" "man" ]; # "dev" would only split ~20 kB - buildInputs = [ openssl nettle expat libevent ]; + buildInputs = [ openssl nettle expat libevent ] ++ lib.optionals withSystemd [ pkg-config systemd ]; configureFlags = [ "--with-ssl=${openssl.dev}" @@ -25,6 +45,8 @@ stdenv.mkDerivation rec { "--enable-relro-now" ] ++ stdenv.lib.optional stdenv.hostPlatform.isStatic [ "--disable-flto" + ] ++ lib.optionals withSystemd [ + "--enable-systemd" ]; installFlags = [ "configfile=\${out}/etc/unbound/unbound.conf" ]; @@ -33,7 +55,7 @@ stdenv.mkDerivation rec { make unbound-event-install ''; - preFixup = stdenv.lib.optionalString (stdenv.isLinux && !stdenv.hostPlatform.isMusl) # XXX: revisit + preFixup = lib.optionalString (stdenv.isLinux && !stdenv.hostPlatform.isMusl) # XXX: revisit # Build libunbound again, but only against nettle instead of openssl. # This avoids gnutls.out -> unbound.lib -> openssl.out. # There was some problem with this on Darwin; let's not complicate non-Linux. @@ -43,17 +65,17 @@ stdenv.mkDerivation rec { buildPhase installPhase '' - # get rid of runtime dependencies on $dev outputs + # get rid of runtime dependencies on $dev outputs + ''substituteInPlace "$lib/lib/libunbound.la" '' - + stdenv.lib.concatMapStrings - (pkg: " --replace '-L${pkg.dev}/lib' '-L${pkg.out}/lib' --replace '-R${pkg.dev}/lib' '-R${pkg.out}/lib'") - buildInputs; + + lib.concatMapStrings + (pkg: lib.optionalString (pkg ? dev) " --replace '-L${pkg.dev}/lib' '-L${pkg.out}/lib' --replace '-R${pkg.dev}/lib' '-R${pkg.out}/lib'") + (builtins.filter (p: p != null) buildInputs); - meta = with stdenv.lib; { + meta = with lib; { description = "Validating, recursive, and caching DNS resolver"; license = licenses.bsd3; homepage = "https://www.unbound.net"; maintainers = with maintainers; [ ehmry fpletz globin ]; - platforms = stdenv.lib.platforms.unix; + platforms = platforms.unix; }; }