Arch Linux User Repository

Trust-DNS has been rebranded to Hickory-DNS. Please install the hickory-dns package instead of this one.

Trust-DNS has been rebranded to Hickory-DNS. Please install the hickory-dns package instead of this one.

@eclairevoyant Thanks for your comment. The --locked flag has been intentionally removed because the latest release locks dependencies to versions with known bugs that have since been fixed. Using --locked means that the trust-dns package will be built against known buggy dependency versions, instead of using compatible, but newer and less buggy versions of those same dependencies. I will use --locked again when there is a new release of trust-dns.

@HLFH Please take the time to actually understand my patch before calling it "unwise" or "buggy". Let me tell you one more time: MY PATCH DOES NOT ALTER ANY CODE OR FEATURES OF THE ENABLED BINARY. All it does is prevent an unused library, openssl, being linked against a binary that uses rustls.

Leaving i686 in is fine. See wiki:

Optionally, AUR packages may choose to additionally support other known working architectures.

That being said, there are some other issues with this package, such as not installing the applicable MIT license:

The BSD, ISC, MIT, zlib/png, Python and OFL licenses are special cases and could not be included in the licenses package, due to them including copyright notices [1]. For the sake of the license array, it is treated as a common license (... license=('MIT') ...), but technically each one is a custom license, because each one has its own copyright line. Any package licensed under these five should have its own unique license file stored in /usr/share/licenses/pkgname/.

as well as missing --frozen (or equivalently, --locked --offline) in build().

In addition you can see here:

• https://wiki.archlinux.org/title/Arch_Linux#The_systemd_era.

That Arch Linux is in the systemd era.
And dropped the i686 support.
So I also believe you can delete the "i686" mention in arch in your PKGBUILD.

@msrd0 The Arch Linux simplicity principle applies here: https://wiki.archlinux.org/title/Arch_Linux#Simplicity.
"Packages are only split when compelling advantages exist".
Most of server applications should have a systemd unit file by default.
And if you don't use it, then don't enable or start the systemd unit,
but don't prevent other Arch Linux users to have one straight away.
If you really don't want a systemd unit file, you should rename your package as "trust-dns-nosystemd"
as you can see there.

Other DNS servers projects like PowerDNS and BIND have systemd unit files.

And:
"We've discussed dropping OpenSSL completely in the past. I don't think there's any strong reason to keep it around now."
Thanks for mentioning your issue and submitting bugs in upstream.
Well, they kept it around and they still support it.
And I don't think any SSL/TLS library will be as powerful as OpenSSL.
Many have tried like LibreSSL and they broke their teeth.
The same fate could happen to rustls that does not support PKCS #12.

Regarding "the URL [that] is taken directly from upstream's Cargo.toml file, which specifies it using the http: protocol", you are right, it should firstly be changed upstream.

As documented here, your buggy patch makes trust-dns fail with PKCS12 keys provided by upstream because rustls does not support it.

Furthermore, I am not ignorant as you try to imply, you certainly know more Rust but you don't necessarily fully comply with the Rust package guidelines.
And I comply with the guidelines for my git version package trust-dns-git.
You can also see I submitted two PRs yesterday on the project that have been merged.

I am not asking or anyone else to be a maintainer if you can maintain it.

Oh and one more comment regarding OpenSSL: https://github.com/bluejekyll/trust-dns/issues/1591

"We've discussed dropping OpenSSL completely in the past. I don't think there's any strong reason to keep it around now."

@HLFH sometimes, people might not have the time to answer straight away, and I am very aware that my responses tend to be unfriendly if I reply under perceived time pressure. However, I feel like I need to speak up.

You claim that the package cannot be used without a systemd file. This is not true. While a systemd file is probably helpful, it is not a necessity if all you want is a oneshot DNS server.

The URL is taken directly from upstream's Cargo.toml file, which specifies it using the http: protocol.

Lastly, I take issue with you claiming my patch is "unwise and creates issues". This is simply not true. The patch only avoids linking against openssl when rustls is already used. It only modifies the features used with dev dependencies.

Overall, you clearly show that you have no idea how Rust packages work yet you want to be the maintainer of this package. I take issue with that.

If someone wants to help maintain this package, please reach out. While fixing the valid part of the issues brought up is theoretically on my todo list, it does not have a high priority. Finally, if you want to take this package away from me, fine, do so. But I ask someone with actual Rust knowledge to take over, not someone how doesn't know what patches are and how features are actually enabled/disabled.

The last issue is: replacing dns-over-native-tls / openssl by dns-over-rustls breaks PKCS12 support as rustls does not support PKCS12.
This patch/mod is unwise and creates issues.

Could you add:

• named.service file (https://aur.archlinux.org/cgit/aur.git/tree/named.service?h=trust-dns-systemd) ;
• update your PKGBUILD accordingly (https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=trust-dns-systemd) ;
• install the MIT license as specified by FabioLolix ;
• use https for url= ;
• add /etc/named/named.toml with some conf. commented or not.