Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[new release] dns, dns-tsig, dns-stub, dns-server, dns-resolver, dns-mirage, dns-client, dns-cli and dns-certify (6.0.0) #19803

Merged
merged 5 commits into from
Oct 19, 2021
Merged

[new release] dns, dns-tsig, dns-stub, dns-server, dns-resolver, dns-mirage, dns-client, dns-cli and dns-certify (6.0.0) #19803

merged 5 commits into from
Oct 19, 2021

Conversation

hannesm
Copy link
Member

@hannesm hannesm commented Oct 18, 2021

An opinionated Domain Name System (DNS) library

CHANGES:

@hannesm
[new release] dns, dns-tsig, dns-stub, dns-server, dns-resolver, dns-…
6ea8b2f 
…mirage, dns-client, dns-cli and dns-certify (6.0.0)

CHANGES:

* use Cstruct.length instead of deprecated Cstruct.len
* avoid deprecated fmt functions

* BREAKING dns: Rr_map.get_ttl is now ttl, and takes 'a key -> 'a -> int32
  (instead of b -> int32), Rr_map.with_ttl now is 'a key -> 'a -> int32 -> 'a
  (instead of b -> int32 -> b) (mirage/ocaml-dns#264 @hannesm)
* BREAKING dns: Rr_map.A now uses Ipaddr.V4.Set.t, Aaaa uses Ipaddr.V6.Set.t
  (requires ipaddr 5.2.0) (mirage/ocaml-dns#268 @hannesm)

* BREAKING dns.cache: type entry now is polymorphic ('a entry = `Entry of 'a ...)
  (instead of `Entry of Rr_map.b) (mirage/ocaml-dns#263 @reynir and @hannesm)
* BREAKING dns.cache: use a LRU.F.t instead of LRU.M.t (mirage/ocaml-dns#256 @hannesm)
* dns.cache: provide get_or_cname and get_any function (mirage/ocaml-dns#256 mirage/ocaml-dns#257 @hannesm)
* BUGFIX dns.cache: update if time to live of cached entry expired
  (reported in mirage/ocaml-dns#259 by @dinosaure, fix by @reynir and @hannesm)

* dns-client support DNS-over-TLS (RFC 7858): the type io_addr is now a variant
  of `Plaintext (Ipaddr.t * int) or `Tls (Tls.Config.client * Ipaddr.t * int)
  By default, ca-certs (ca-certs-nss for MirageOS) are used as trust anchors,
  and the certificate is expected to contain the IP address of the resolver.
  The default resolver (anycast.uncensoreddns.org) certificate is verified by
  hostname, since the let's encrypt certificate does not include an IP address
  in SubjectAlternativeNames (mirage/ocaml-dns#270 @hannesm)
* BREAKING dns-client.mirage.Make is extended by a Mirage_clock.PCLOCK
  (mirage/ocaml-dns#270 @hannesm)
* BREAKING dns-client, dns-stub: use Dns.proto instead of custom [`TCP|`UDP]
  (mirage/ocaml-dns#266 @hannesm)
* dns-client: use a `mutable timeout_ns : int64` instead of
  `timeout_ns : int64 ref` (mirage/ocaml-dns#259 @hannesm)
* BREAKING dns-client: remove `?nameserver` from
  getaddrinfo/gethostbyname/gehostbyname6/get_resource_record - if a custom
  nameserver should be queried, a distinct Dns_client.t can be constructed
  (mirage/ocaml-dns#269 @reynir and @hannesm)
* dns-client: multiplex over TCP connections (mirage/ocaml-dns#269 @reynir and @hannesm)
* dns-client: use happy-eyeballs to connect to all nameservers from
  /etc/resolv.conf sequentially (lwt and mirage) (mirage/ocaml-dns#269 @reynir and @hannesm)
* BREAKING dns-client remove UDP support from lwt (mirage/ocaml-dns#270 @reynir and @hannesm)

* BREAKING dns-resolver remove "mode" from codebase, default to recursive
  (a stub resolver is available as dns-stub) (mirage/ocaml-dns#260 @hannesm)
* dns-resolver: use dns.cache instead of copy in Dns_resolver_cache
  (mirage/ocaml-dns#256 @hannesm)
* BUGFIX dns-resolver: fix responses to queries (reported in mirage/ocaml-dns#255 by @dinosaure,
  fix in mirage/ocaml-dns#258 by @reynir and @hannesm)
* dns-resolver: refactor and cleanup code, remove statistics, remove dead code
  (mirage/ocaml-dns#258 mirage/ocaml-dns#261 @reynir @hannesm)

* dns-stub: reconnect to resolver, resend all outstanding queries
  (mirage/ocaml-dns#259 @hannesm)
@hannesm
Copy link
Member Author

hannesm commented Oct 18, 2021

it is very likely that reverse dependencies are failing, I'll wait for CI and add some upper bounds.

@dinosaure
Copy link
Contributor

Note that I'm currently try to fix lower-bounds on dkim here #19801 - so please don't care about CI errors about lower-bounds error on this specific package.

dinosaure
dinosaure approved these changes Oct 18, 2021
View reviewed changes
Copy link
Contributor

@dinosaure dinosaure left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Waiting the CI for few packages but it seems ready to merge.

@hannesm
Copy link
Member Author

hannesm commented Oct 18, 2021

indeed that looks very good to me.

@mseri
Copy link
Member

mseri commented Oct 19, 2021

dkim is already being fixed here: #19801
conduit-mirage 4 lower bounds can be fixed in a separate PR, could you send a PR for that before we merge this?

The rest look good.

@mseri
Copy link
Member

mseri commented Oct 19, 2021

Feel free to merge once that fix is in a PR

@hannesm
Copy link
Member Author

hannesm commented Oct 19, 2021

conduit-mirage 4 lower bounds can be fixed in a separate PR, could you send a PR for that before we merge this?

I'm not sure I understand the issue and how to solve it -- it may be that eqaf.cstruct used to be only installed (depopt) if something was installed... imho this PR is fine to merge, and the conduit-mirage 4.0.0 lower bounds can be fixed subsequently (sorry I don't have a fix at my hands, so leaving this for later).

@hannesm
Copy link
Member Author

hannesm commented Oct 19, 2021

ok, I pushed a dependency for mirage-crypto-pk 0.8.0 (bigarray-compat) which is needed to get (in eqaf < 0.8.0) eqaf.cstruct. in mirage-crypto-0.8.1+, this dependency is already present. the way forward is to depend on eqaf >= 0.8.0 which does no longer require bigarray-compat for eqaf.cstruct.

@hannesm
Copy link
Member Author

hannesm commented Oct 19, 2021

so from my point of view this PR is ready to be merged. remaining CI faliures are unrelated (and dkim is fixed in a separate PR).

@mseri
Copy link
Member

mseri commented Oct 19, 2021

I agree

@mseri mseri merged commit e468258 into ocaml:master Oct 19, 2021
@mseri
Copy link
Member

mseri commented Oct 19, 2021
edited
Loading

Question, do we need to make mirage-crypto-pk.0.8.0 incompatible with arm32 bit systems?

arm32
    mirage-crypto-pk.0.8.0
        tests (failed: All:3:RSA:3:RSA-OAEP(SHA1)-ENC:2:selftest.)

I merged to avoid retriggering so many builds with the extra fix. This can be fixed separately if needed

@mseri mseri mentioned this pull request Oct 19, 2021
Closed
@hannesm
Copy link
Member Author

hannesm commented Oct 20, 2021

@mseri please don't. it is supposed to work. previous threads: #19754 (comment) #19689 (comment)

if someone has time to look into the CI system and what signal -22 is meaning -- maybe finds a reproducible way with qemu, I'm happy to look into it.

@hannesm hannesm deleted the release-dns-v6.0.0 branch October 20, 2021 08:10
This was referenced Oct 20, 2021
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dinosaure dinosaure dinosaure approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hannesm @dinosaure @mseri @robur-team