Merge pull request #13348 from rgacogne/ddist-powerdns-h2o-h2-rapid-r…

…eset dnsdist: Switch to our fork of h2o to mitigate http2 rapid reset
PowerDNS · Oct 11, 2023 · a68b083 · a68b083
2 parents ca1fd3c + 97d18cb
commit a68b083
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 7 deletions.
diff --git a/builder-support/debian/dnsdist/debian-buster/control b/builder-support/debian/dnsdist/debian-buster/control
@@ -10,7 +10,6 @@ Build-Depends: debhelper (>= 10),
                libedit-dev,
                libfstrm-dev,
                libgnutls28-dev,
-               libh2o-evloop-dev,
                liblmdb-dev,
                libluajit-5.1-dev [!arm64 !s390x],
                liblua5.3-dev [arm64 s390x],

diff --git a/builder-support/debian/dnsdist/debian-buster/rules b/builder-support/debian/dnsdist/debian-buster/rules
@@ -36,8 +36,6 @@ override_dh_auto_clean:
 	dh_auto_clean
 
 override_dh_auto_configure:
-	# LIBS has been added because Ubuntu Bionic and Cosmic don't have the fix for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908124 pulled in
-	LIBS='-lwslay' \
 	./configure \
 	  --host=$(DEB_HOST_GNU_TYPE) \
 	  --build=$(DEB_BUILD_GNU_TYPE) \
@@ -61,7 +59,8 @@ override_dh_auto_configure:
 	  --with-ebpf \
 	  --with-service-user='_dnsdist' \
 	  --with-service-group='_dnsdist' \
-	  $(CONFIGURE_ARGS)
+	  $(CONFIGURE_ARGS) \
+	  PKG_CONFIG_PATH=/opt/lib/pkgconfig
 
 override_dh_auto_build-arch:
 	dh_auto_build -- V=1

diff --git a/builder-support/dockerfiles/Dockerfile.debbuild b/builder-support/dockerfiles/Dockerfile.debbuild
@@ -16,6 +16,12 @@ RUN mv pdns-recursor*.deb /dist; mv pdns-recursor*.ddeb /dist || true
 @ENDIF
 
 @IF [ -n "$M_dnsdist$M_all" ]
+RUN mkdir /libh2o && cd /libh2o && \
+      apt-get update && apt-get install -y cmake curl libssl-dev zlib1g-dev && \
+      curl -f -L https://github.com/PowerDNS/h2o/archive/refs/tags/v2.2.6+pdns2.tar.gz | tar xz && \
+      CFLAGS='-fPIC' cmake -DWITH_PICOTLS=off -DWITH_BUNDLED_SSL=off -DWITH_MRUBY=off -DCMAKE_INSTALL_PREFIX=/opt ./h2o-2.2.6-pdns2 && \
+      make install
+
 RUN builder/helpers/build-debs.sh dnsdist-${BUILDER_VERSION}
 
 RUN mv dnsdist*.deb /dist; mv dnsdist*.ddeb /dist || true

diff --git a/builder-support/dockerfiles/Dockerfile.rpmbuild b/builder-support/dockerfiles/Dockerfile.rpmbuild
@@ -52,8 +52,8 @@ RUN touch /var/lib/rpm/* &&  if $(grep -q 'release 7' /etc/redhat-release); then
 # this is fine because --allowerasing is only there to deal with libcurl conflicting with libcurl-minimal on some el9 images
 RUN touch /var/lib/rpm/* && mkdir /libh2o && cd /libh2o && \
       yum install -y --allowerasing curl libcurl openssl-devel cmake || yum install -y curl libcurl openssl-devel cmake && \
-      curl -L https://github.com/h2o/h2o/archive/v2.2.6.tar.gz | tar xz && \
-      CFLAGS='-fPIC' cmake -DWITH_PICOTLS=off -DWITH_BUNDLED_SSL=off -DWITH_MRUBY=off -DCMAKE_INSTALL_PREFIX=/opt ./h2o-2.2.6 && \
+      curl -f -L https://github.com/PowerDNS/h2o/archive/refs/tags/v2.2.6+pdns2.tar.gz | tar xz && \
+      CFLAGS='-fPIC' cmake -DWITH_PICOTLS=off -DWITH_BUNDLED_SSL=off -DWITH_MRUBY=off -DCMAKE_INSTALL_PREFIX=/opt ./h2o-2.2.6-pdns2 && \
       make install
 
 RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \

diff --git a/builder-support/helpers/install_rust.sh b/builder-support/helpers/install_rust.sh
@@ -35,7 +35,7 @@ fi
 cd /tmp
 echo $0: Downloading $RUST_TARBALL
 
-curl -o $RUST_TARBALL $SITE/$RUST_TARBALL
+curl -f -o $RUST_TARBALL $SITE/$RUST_TARBALL
 # Line below should echo two spaces between digest and name
 echo $VALUE"  "$RUST_TARBALL | sha256sum -c -
 tar -zxf $RUST_TARBALL