Skip to content

Commit

Permalink
Merge pull request #13348 from rgacogne/ddist-powerdns-h2o-h2-rapid-r…
Browse files Browse the repository at this point in the history
…eset

dnsdist: Switch to our fork of h2o to mitigate http2 rapid reset
  • Loading branch information
rgacogne committed Oct 11, 2023
2 parents ca1fd3c + 97d18cb commit a68b083
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 7 deletions.
1 change: 0 additions & 1 deletion builder-support/debian/dnsdist/debian-buster/control
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ Build-Depends: debhelper (>= 10),
libedit-dev,
libfstrm-dev,
libgnutls28-dev,
libh2o-evloop-dev,
liblmdb-dev,
libluajit-5.1-dev [!arm64 !s390x],
liblua5.3-dev [arm64 s390x],
Expand Down
5 changes: 2 additions & 3 deletions builder-support/debian/dnsdist/debian-buster/rules
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,6 @@ override_dh_auto_clean:
dh_auto_clean

override_dh_auto_configure:
# LIBS has been added because Ubuntu Bionic and Cosmic don't have the fix for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908124 pulled in
LIBS='-lwslay' \
./configure \
--host=$(DEB_HOST_GNU_TYPE) \
--build=$(DEB_BUILD_GNU_TYPE) \
Expand All @@ -61,7 +59,8 @@ override_dh_auto_configure:
--with-ebpf \
--with-service-user='_dnsdist' \
--with-service-group='_dnsdist' \
$(CONFIGURE_ARGS)
$(CONFIGURE_ARGS) \
PKG_CONFIG_PATH=/opt/lib/pkgconfig

override_dh_auto_build-arch:
dh_auto_build -- V=1
Expand Down
6 changes: 6 additions & 0 deletions builder-support/dockerfiles/Dockerfile.debbuild
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,12 @@ RUN mv pdns-recursor*.deb /dist; mv pdns-recursor*.ddeb /dist || true
@ENDIF

@IF [ -n "$M_dnsdist$M_all" ]
RUN mkdir /libh2o && cd /libh2o && \
apt-get update && apt-get install -y cmake curl libssl-dev zlib1g-dev && \
curl -f -L https://github.com/PowerDNS/h2o/archive/refs/tags/v2.2.6+pdns2.tar.gz | tar xz && \
CFLAGS='-fPIC' cmake -DWITH_PICOTLS=off -DWITH_BUNDLED_SSL=off -DWITH_MRUBY=off -DCMAKE_INSTALL_PREFIX=/opt ./h2o-2.2.6-pdns2 && \
make install

RUN builder/helpers/build-debs.sh dnsdist-${BUILDER_VERSION}

RUN mv dnsdist*.deb /dist; mv dnsdist*.ddeb /dist || true
Expand Down
4 changes: 2 additions & 2 deletions builder-support/dockerfiles/Dockerfile.rpmbuild
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,8 @@ RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then
# this is fine because --allowerasing is only there to deal with libcurl conflicting with libcurl-minimal on some el9 images
RUN touch /var/lib/rpm/* && mkdir /libh2o && cd /libh2o && \
yum install -y --allowerasing curl libcurl openssl-devel cmake || yum install -y curl libcurl openssl-devel cmake && \
curl -L https://github.com/h2o/h2o/archive/v2.2.6.tar.gz | tar xz && \
CFLAGS='-fPIC' cmake -DWITH_PICOTLS=off -DWITH_BUNDLED_SSL=off -DWITH_MRUBY=off -DCMAKE_INSTALL_PREFIX=/opt ./h2o-2.2.6 && \
curl -f -L https://github.com/PowerDNS/h2o/archive/refs/tags/v2.2.6+pdns2.tar.gz | tar xz && \
CFLAGS='-fPIC' cmake -DWITH_PICOTLS=off -DWITH_BUNDLED_SSL=off -DWITH_MRUBY=off -DCMAKE_INSTALL_PREFIX=/opt ./h2o-2.2.6-pdns2 && \
make install

RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \
Expand Down
2 changes: 1 addition & 1 deletion builder-support/helpers/install_rust.sh
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ fi
cd /tmp
echo $0: Downloading $RUST_TARBALL

curl -o $RUST_TARBALL $SITE/$RUST_TARBALL
curl -f -o $RUST_TARBALL $SITE/$RUST_TARBALL
# Line below should echo two spaces between digest and name
echo $VALUE" "$RUST_TARBALL | sha256sum -c -
tar -zxf $RUST_TARBALL
Expand Down

0 comments on commit a68b083

Please sign in to comment.