[Buildroot] [PATCH] nsd: new package

[Buildroot] [PATCH] nsd: new package

[Eric Le Bihan]

This package provides NSD, an authoritative only, high performance,
simple and open source name server.

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
---
 package/Config.in       |  1 +
 package/nsd/Config.in   | 15 ++++++++++++++
 package/nsd/S80nsd      | 54 +++++++++++++++++++++++++++++++++++++++++++++++++
 package/nsd/nsd.mk      | 50 +++++++++++++++++++++++++++++++++++++++++++++
 package/nsd/nsd.service | 13 ++++++++++++
 5 files changed, 133 insertions(+)
 create mode 100644 package/nsd/Config.in
 create mode 100644 package/nsd/S80nsd
 create mode 100644 package/nsd/nsd.mk
 create mode 100644 package/nsd/nsd.service

diff --git a/package/Config.in b/package/Config.in
index 73ba86a..c655ee0 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1030,6 +1030,7 @@ endif
 	source "package/ngrep/Config.in"
 	source "package/nmap/Config.in"
 	source "package/noip/Config.in"
+	source "package/nsd/Config.in"
 	source "package/ntp/Config.in"
 	source "package/nuttcp/Config.in"
 	source "package/odhcploc/Config.in"
diff --git a/package/nsd/Config.in b/package/nsd/Config.in
new file mode 100644
index 0000000..de9d213
--- /dev/null
+++ b/package/nsd/Config.in
@@ -0,0 +1,15 @@
+config BR2_PACKAGE_NSD
+	bool "nsd"
+	depends on BR2_USE_MMU # fork()
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	select BR2_PACKAGE_LIBEVENT
+	select BR2_PACKAGE_OPENSSL
+	help
+	  NSD is an authoritative only, high performance, simple and open
+	  source name server.
+
+	  http://www.nlnetlabs.nl/projects/nsd/
+
+comment "nsd needs a toolchain w/ threads"
+	depends on BR2_USE_MMU
+	depends on !BR2_TOOLCHAIN_HAS_THREADS
diff --git a/package/nsd/S80nsd b/package/nsd/S80nsd
new file mode 100644
index 0000000..22c320d
--- /dev/null
+++ b/package/nsd/S80nsd
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# Starts nsd Name Server Daemon
+#
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+NAME=nsd
+DESC="Name Server Daemon"
+DAEMON=/usr/sbin/nsd
+DAEMONCTL=/usr/sbin/nsdc
+DAEMON_ARGS="-c /etc/nsd/nsd.conf"
+PIDFILE=/var/run/$NAME.pid
+
+test -r /etc/default/$NAME && . /etc/default/$NAME
+
+DAEMON_ARGS="$DAEMON_ARGS $OPTIONS"
+
+do_start() {
+    start-stop-daemon -S -q -p $PIDFILE --exec $DAEMON -- $DAEMON_ARGS
+}
+
+do_stop() {
+    start-stop-daemon -K -q -p $PIDFILE
+}
+
+do_reload() {
+    $DAEMONCTL reload >/dev/null
+}
+
+case "$1" in
+    start)
+        echo -n "Starting $DESC: "
+        do_start
+        [ $? == 0 ] && echo "OK" || echo "FAIL"
+        ;;
+    stop)
+        echo -n "Stopping $DESC: "
+        do_stop
+        [ $? == 0 ] && echo "OK" || echo "FAIL"
+        ;;
+    reload)
+        do_reload
+        ;;
+    restart)
+        do_stop
+        sleep 1
+        do_start
+        ;;
+     *)
+        echo "Usage: $0 {start|stop|restart|reload}"
+        exit 1
+esac
+
+exit $?
diff --git a/package/nsd/nsd.mk b/package/nsd/nsd.mk
new file mode 100644
index 0000000..0b008c2
--- /dev/null
+++ b/package/nsd/nsd.mk
@@ -0,0 +1,50 @@
+################################################################################
+#
+# nsd
+#
+################################################################################
+
+NSD_VERSION = 4.0.3
+NSD_SITE = http://www.nlnetlabs.nl/downloads/nsd/
+NSD_LICENSE = BSD-3c
+NSD_LICENSE_FILES = LICENSE
+
+NSD_DEPENDENCIES = libevent openssl
+
+NSD_CONF_OPT = \
+	--prefix=/ \
+	--datarootdir=/usr/share
+
+ifeq ($(BR2_PACKAGE_SYSTEMD),y)
+NSD_CONF_OPT += --with-pidfile=/run/nsd/nsd.pid
+endif
+
+define NSD_INSTALL_INIT_SYSV
+	$(INSTALL) -D -m 755 package/nsd/S80nsd \
+		$(TARGET_DIR)/etc/init.d/S80nsd
+endef
+
+define NSD_INSTALL_INIT_SYSTEMD
+	$(INSTALL) -D -m 644 package/nsd/nsd.service \
+		$(TARGET_DIR)/lib/systemd/system/nsd.service
+
+	mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
+
+	ln -sf ../../../../lib/systemd/system/nsd.service \
+		$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/nsd.service
+
+	$(INSTALL) -d -m 0755 $(TARGET_DIR)/usr/lib/tmpfiles.d
+	echo "d /run/nsd 0755 nsd nsd -" > $(TARGET_DIR)/usr/lib/tmpfiles.d/nsd.conf
+endef
+
+define NSD_USERS
+	nsd -1 nsd -1 * /var/db/nsd - - Domain Name Server
+endef
+
+define NSD_REMOVE_SAMPLE_CONF
+	$(RM) $(TARGET_DIR)/etc/nsd/nsd.conf.sample
+endef
+
+NSD_POST_INSTALL_TARGET_HOOKS += NSD_REMOVE_SAMPLE_CONF
+
+$(eval $(autotools-package))
diff --git a/package/nsd/nsd.service b/package/nsd/nsd.service
new file mode 100644
index 0000000..5089e85
--- /dev/null
+++ b/package/nsd/nsd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=NSD Name Server Daemon
+After=network.target
+
+[Service]
+PIDFile=/run/nsd/nsd.pid
+ExecStart=/usr/sbin/nsd -d -c /etc/nsd/nsd.conf
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStop=/bin/kill -TERM $MAINPID
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
-- 
1.9.3

[Buildroot] [PATCH] unbound: new package

[Eric Le Bihan]

This package provides Unbound, a validating, recursive, and caching DNS
resolver.

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
---
 package/Config.in               |  1 +
 package/unbound/Config.in       | 17 +++++++++++++
 package/unbound/S80unbound      | 54 +++++++++++++++++++++++++++++++++++++++++
 package/unbound/unbound.mk      | 43 ++++++++++++++++++++++++++++++++
 package/unbound/unbound.service | 12 +++++++++
 5 files changed, 127 insertions(+)
 create mode 100644 package/unbound/Config.in
 create mode 100644 package/unbound/S80unbound
 create mode 100644 package/unbound/unbound.mk
 create mode 100644 package/unbound/unbound.service

diff --git a/package/Config.in b/package/Config.in
index c655ee0..9506b6e 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1084,6 +1084,7 @@ endif
 	source "package/tvheadend/Config.in"
 	source "package/udpcast/Config.in"
 	source "package/ulogd/Config.in"
+	source "package/unbound/Config.in"
 	source "package/ushare/Config.in"
 	source "package/ussp-push/Config.in"
 	source "package/vde2/Config.in"
diff --git a/package/unbound/Config.in b/package/unbound/Config.in
new file mode 100644
index 0000000..57bc09f
--- /dev/null
+++ b/package/unbound/Config.in
@@ -0,0 +1,17 @@
+config BR2_PACKAGE_UNBOUND
+	bool "unbound"
+	depends on BR2_USE_MMU # fork()
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_PREFER_STATIC_LIB # dlopen()
+	select BR2_PACKAGE_EXPAT
+	select BR2_PACKAGE_LIBEVENT
+	select BR2_PACKAGE_OPENSSL
+	help
+	  Unbound is a validating, recursive, and caching DNS resolver.
+
+	  http://unbound.net/
+
+comment "unbound needs a toolchain w/ threads, dynamic library"
+	depends on BR2_USE_MMU
+	depends on !BR2_TOOLCHAIN_HAS_THREADS
+	depends on BR2_PREFER_STATIC_LIB
diff --git a/package/unbound/S80unbound b/package/unbound/S80unbound
new file mode 100644
index 0000000..655be88
--- /dev/null
+++ b/package/unbound/S80unbound
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# Starts unbound DNS resolver
+#
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+NAME=nsd
+DESC="DNS Resolver"
+DAEMON=/usr/sbin/unbound
+DAEMONCTL=/usr/sbin/unbound-control
+DAEMON_ARGS="-c /etc/unbound/unbound.conf"
+PIDFILE=/var/run/$NAME.pid
+
+test -r /etc/default/$NAME && . /etc/default/$NAME
+
+DAEMON_ARGS="$DAEMON_ARGS $OPTIONS"
+
+do_start() {
+    start-stop-daemon -S -q -p $PIDFILE --exec $DAEMON -- $DAEMON_ARGS
+}
+
+do_stop() {
+    start-stop-daemon -K -q -p $PIDFILE
+}
+
+do_reload() {
+    $DAEMONCTL reload >/dev/null
+}
+
+case "$1" in
+    start)
+        echo -n "Starting $DESC: "
+        do_start
+        [ $? == 0 ] && echo "OK" || echo "FAIL"
+        ;;
+    stop)
+        echo -n "Stopping $DESC: "
+        do_stop
+        [ $? == 0 ] && echo "OK" || echo "FAIL"
+        ;;
+    reload)
+        do_reload
+        ;;
+    restart)
+        do_stop
+        sleep 1
+        do_start
+        ;;
+     *)
+        echo "Usage: $0 {start|stop|restart|reload}"
+        exit 1
+esac
+
+exit $?
diff --git a/package/unbound/unbound.mk b/package/unbound/unbound.mk
new file mode 100644
index 0000000..7be956f
--- /dev/null
+++ b/package/unbound/unbound.mk
@@ -0,0 +1,43 @@
+################################################################################
+#
+# unbound
+#
+################################################################################
+
+UNBOUND_VERSION = 1.4.22
+UNBOUND_SITE = http://unbound.net/downloads/
+UNBOUND_LICENSE = BSD-3c
+UNBOUND_LICENSE_FILES = LICENSE
+
+UNBOUND_DEPENDENCIES = expat libevent openssl
+
+UNBOUND_CONF_OPT = \
+	--prefix=/usr \
+	--sysconfdir=/etc \
+	--disable-rpath \
+	--localstatedir=/var
+
+ifeq ($(BR2_PACKAGE_SYSTEMD),y)
+UNBOUND_CONF_OPT += --with-pidfile=/run/unbound.pid
+endif
+
+define UNBOUND_INSTALL_INIT_SYSV
+	$(INSTALL) -D -m 755 package/unbound/S80unbound \
+		$(TARGET_DIR)/etc/init.d/S80unbound
+endef
+
+define UNBOUND_INSTALL_INIT_SYSTEMD
+	$(INSTALL) -D -m 644 package/unbound/unbound.service \
+		$(TARGET_DIR)/lib/systemd/system/unbound.service
+
+	mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
+
+	ln -sf ../../../../lib/systemd/system/unbound.service \
+		$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/unbound.service
+endef
+
+define UNBOUND_USERS
+	unbound -1 unbound -1 * - - - DNS Resolver
+endef
+
+$(eval $(autotools-package))
diff --git a/package/unbound/unbound.service b/package/unbound/unbound.service
new file mode 100644
index 0000000..8e59e5a
--- /dev/null
+++ b/package/unbound/unbound.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Unbound DNS Resolver
+After=network.target
+
+[Service]
+PIDFile=/run/unbound.pid
+ExecStart=/usr/sbin/unbound -d
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
-- 
1.9.3

[Buildroot] [PATCH] unbound: new package

[Floris Bos]

Hi,

On 09/15/2014 10:46 PM, Eric Le Bihan wrote:
> This package provides Unbound, a validating, recursive, and caching DNS
> resolver.

Nice addition.
We're an unbound user as well, but never got around to submitting our 
local package, and I know unbound has some odd issues.


Some points:

- Unbound (at least when using your package with sysv) currently creates 
a pid file in /etc/unbound/unbound.pid
Suggest that to be changed to /var/run/unbound.pid, so it also works on 
read-only file systems.

- Unbound is currently broken when IPv6 is disabled in the buildroot 
configuration.

Listens on both 127.0.0.1 and ::1 by default, and errors out on the ::1

==
unbound[118:0] error: node ::1:53 getaddrinfo: ai_family not supported
[13] unbound[118:0] fatal error: could not open ports
FAIL
==

You do can override the default by specifying "interface: 127.0.0.1" in 
unbound.conf but then it errors out on:

==
"error: cannot parse access control: ::0/0 refuse"
==

Don't no how to override that internal ACL rule.
Might need to let the package depend on IPv6


- Unbound is typically used as local resolving nameserver.
I was wondering if the startup script shouldn't put "nameserver 
127.0.0.1" in /etc/resolv.conf
Possibly with an option to turn that off by a setting in 
/etc/default/unbound

- Unbound expects /etc/unbound to be owned by user unbound
Or if you do enable DNSSEC by uncommenting the "auto-trust-anchor-file" 
line in /etc/unbound/unbound.conf, you get errors that it is unable to 
create files:

==
error: could not open autotrust file for writing, /root.key.306-0: 
Permission denied
==

- I also wonder if there shouldn't be an option to let the startup 
script run unbound-anchor prior to starting the unbound daemon.
This updates the DNSSEC trust anchor files.
(Enabling DNSSEC validation has some caveats though, in particular it 
requires the system to have correct date/time settings, so should be 
left disabled by default)

> +NAME=nsd

nsd -> unbound

> +UNBOUND_DEPENDENCIES = expat libevent openssl

libevent is an optional dependency. (don't have it in my local package)

> +++ b/package/unbound/S80unbound

- Wondering if S80unbound shouldn't be a lower number like S41 for 
systems that intend to use it as local resolver.
So that other services like S49ntp can use it to resolve pool.ntp.org.


Yours sincerely,

Floris Bos

[Buildroot] [PATCH] nsd: new package

[Thomas Petazzoni]

Dear Eric Le Bihan,

On Mon, 15 Sep 2014 22:46:21 +0200, Eric Le Bihan wrote:
> This package provides NSD, an authoritative only, high performance,
> simple and open source name server.
> 
> Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>

This looks good. Just a few questions below, not really critical.

> +NSD_VERSION = 4.0.3

There is a new version that has been released 4.1.0. Though I don't
mind seeing the 4.0.3 being packaged in Buildroot for now, and then
later if you have the time, a bump to 4.1.0.

> +NSD_SITE = http://www.nlnetlabs.nl/downloads/nsd/
> +NSD_LICENSE = BSD-3c
> +NSD_LICENSE_FILES = LICENSE
> +
> +NSD_DEPENDENCIES = libevent openssl
> +
> +NSD_CONF_OPT = \
> +	--prefix=/ \
> +	--datarootdir=/usr/share

This is fairly unusual, especially the --prefix=/, so having a comment
above would be useful.

> +ifeq ($(BR2_PACKAGE_SYSTEMD),y)
> +NSD_CONF_OPT += --with-pidfile=/run/nsd/nsd.pid
> +endif

Ok, so for systemd the pidfile location is defined at compile time, but
for sysv/busybox init, it's passed through the init script.

> +define NSD_REMOVE_SAMPLE_CONF
> +	$(RM) $(TARGET_DIR)/etc/nsd/nsd.conf.sample
> +endef
> +
> +NSD_POST_INSTALL_TARGET_HOOKS += NSD_REMOVE_SAMPLE_CONF

Is there a non sample file installed?

Also, when build testing, I faced an issue:

checking for libevent... configure: error: Cannot find the libevent library.
You can restart ./configure --with-libevent=no to use a builtin alternative.
make: *** [/home/thomas/projets/buildroot/output/build/nsd-4.0.3/.stamp_configured] Erreur 1

Configuration used is:

BR2_arm=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.org/toolchains/tarballs/br-arm-full-2014.08.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_HEADERS_3_16=y
BR2_TOOLCHAIN_EXTERNAL_LARGEFILE=y
BR2_TOOLCHAIN_EXTERNAL_INET_IPV6=y
BR2_TOOLCHAIN_EXTERNAL_LOCALE=y
# BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS_DEBUG is not set
BR2_TOOLCHAIN_EXTERNAL_INET_RPC=y
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_PACKAGE_NSD=y

I see libevent being built. The config.log of nsd contains:

configure:5427: checking for libevent
configure:5453: error: Cannot find the libevent library.
You can restart ./configure --with-libevent=no to use a builtin alternative.

The same happens with OpenSSL:

checking for SSL... configure: error: Cannot find the SSL libraries in /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/sfw /usr/local /usr

You probably need to pass --with-{libevent,ssl}=/some/path, but I
haven't figured out which path (I haven't looked too much, only tested
$(STAGING_DIR) and $(STAGING_DIR)/usr/lib).

Also, your package makes openssl and libevent mandatory dependencies of
nsd, which is not the case: you can pass --with-libevent=no and
--with-ssl=no and you can build without those dependencies. This is
something we should support to allow building a more lightweight
version of nsd.

Then, at boot time, I get:

Starting Name Server Daemon: Could not open /etc/nsd/nsd.conf: No such file or directory
[1410900412] nsd[525]: error: could not read config: /etc/nsd/nsd.conf

We generally like to have a default configuration file installed, so
that the service works in a minimal way "out of the box".

Could you have a look at those issues?

Thanks a lot!

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

[Buildroot] [PATCH] unbound: new package

[Eric Le Bihan]

Hi!
On Tue, Sep 16, 2014 at 01:20:48AM +0200, Floris Bos wrote:
> Hi,
>
> On 09/15/2014 10:46 PM, Eric Le Bihan wrote:
> >This package provides Unbound, a validating, recursive, and caching DNS
> >resolver.
>
> Nice addition.
> We're an unbound user as well, but never got around to submitting our local
> package, and I know unbound has some odd issues.
>
>
> Some points:
>
> - Unbound (at least when using your package with sysv) currently creates a
> pid file in /etc/unbound/unbound.pid
> Suggest that to be changed to /var/run/unbound.pid, so it also works on
> read-only file systems.

I did it in the case where systemd is chosen as init system, but not when
chosing SysV/Busybox. Good catch.

> - Unbound is currently broken when IPv6 is disabled in the buildroot
> configuration.
>
> Listens on both 127.0.0.1 and ::1 by default, and errors out on the ::1
>
> ==
> unbound[118:0] error: node ::1:53 getaddrinfo: ai_family not supported
> [13] unbound[118:0] fatal error: could not open ports
> FAIL
> ==
>
> You do can override the default by specifying "interface: 127.0.0.1" in
> unbound.conf but then it errors out on:
>
> ==
> "error: cannot parse access control: ::0/0 refuse"
> ==
>
> Don't no how to override that internal ACL rule.
> Might need to let the package depend on IPv6

I'll test this.

>
> - Unbound is typically used as local resolving nameserver.
> I was wondering if the startup script shouldn't put "nameserver 127.0.0.1"
> in /etc/resolv.conf
> Possibly with an option to turn that off by a setting in
> /etc/default/unbound
>
> - Unbound expects /etc/unbound to be owned by user unbound
> Or if you do enable DNSSEC by uncommenting the "auto-trust-anchor-file" line
> in /etc/unbound/unbound.conf, you get errors that it is unable to create
> files:
>
> ==
> error: could not open autotrust file for writing, /root.key.306-0:
> Permission denied
> ==
>
> - I also wonder if there shouldn't be an option to let the startup script
> run unbound-anchor prior to starting the unbound daemon.
> This updates the DNSSEC trust anchor files.
> (Enabling DNSSEC validation has some caveats though, in particular it
> requires the system to have correct date/time settings, so should be left
> disabled by default)

I am not (yet) familiar with DNSSEC, nor with the chroot case. Maybe this
should be left for the user to customize? I'll provide a minimal default
configuration file, so the service starts without error, anyway.

> >+NAME=nsd
>
> nsd -> unbound

Of course!
>
> >+UNBOUND_DEPENDENCIES = expat libevent openssl
>
> libevent is an optional dependency. (don't have it in my local package)

I will take this into account.

> >+++ b/package/unbound/S80unbound
>
> - Wondering if S80unbound shouldn't be a lower number like S41 for systems
> that intend to use it as local resolver.
> So that other services like S49ntp can use it to resolve pool.ntp.org.

If this is a specific user case, I think changing the priority of the service
should be left to the user.

Thanks for the review!

Best regards,
ELB

[Buildroot] [PATCH] nsd: new package

[Eric Le Bihan]

Hi!

On Tue, Sep 16, 2014 at 10:48:20PM +0200, Thomas Petazzoni wrote:
> Dear Eric Le Bihan,
>
> On Mon, 15 Sep 2014 22:46:21 +0200, Eric Le Bihan wrote:
> > This package provides NSD, an authoritative only, high performance,
> > simple and open source name server.
> >
> > Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
>
> This looks good. Just a few questions below, not really critical.
>
> > +NSD_VERSION = 4.0.3
>
> There is a new version that has been released 4.1.0. Though I don't
> mind seeing the 4.0.3 being packaged in Buildroot for now, and then
> later if you have the time, a bump to 4.1.0.

I'll go for 4.1.0!

>
> > +NSD_SITE = http://www.nlnetlabs.nl/downloads/nsd/
> > +NSD_LICENSE = BSD-3c
> > +NSD_LICENSE_FILES = LICENSE
> > +
> > +NSD_DEPENDENCIES = libevent openssl
> > +
> > +NSD_CONF_OPT = \
> > +	--prefix=/ \
> > +	--datarootdir=/usr/share
>
> This is fairly unusual, especially the --prefix=/, so having a comment
> above would be useful.

If --prefix was set to /usr, the program was looking for stuff in
/usr/var/db. But this can be removed if using --with-dbfile and --datarootdir.

> > +ifeq ($(BR2_PACKAGE_SYSTEMD),y)
> > +NSD_CONF_OPT += --with-pidfile=/run/nsd/nsd.pid
> > +endif
>
> Ok, so for systemd the pidfile location is defined at compile time, but
> for sysv/busybox init, it's passed through the init script.

For SysV/Busybox, I'll use --with-pidfile=/var/run/nsd.pid and adapt the
script.

> > +define NSD_REMOVE_SAMPLE_CONF
> > +	$(RM) $(TARGET_DIR)/etc/nsd/nsd.conf.sample
> > +endef
> > +
> > +NSD_POST_INSTALL_TARGET_HOOKS += NSD_REMOVE_SAMPLE_CONF
>
> Is there a non sample file installed?

No, but I'll provide a minimal default configuration file.

> Also, when build testing, I faced an issue:
>
> checking for libevent... configure: error: Cannot find the libevent library.
> You can restart ./configure --with-libevent=no to use a builtin alternative.
> make: *** [/home/thomas/projets/buildroot/output/build/nsd-4.0.3/.stamp_configured] Erreur 1
>
> Configuration used is:
>
> BR2_arm=y
> BR2_TOOLCHAIN_EXTERNAL=y
> BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
> BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
> BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.org/toolchains/tarballs/br-arm-full-2014.08.tar.bz2"
> BR2_TOOLCHAIN_EXTERNAL_HEADERS_3_16=y
> BR2_TOOLCHAIN_EXTERNAL_LARGEFILE=y
> BR2_TOOLCHAIN_EXTERNAL_INET_IPV6=y
> BR2_TOOLCHAIN_EXTERNAL_LOCALE=y
> # BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS_DEBUG is not set
> BR2_TOOLCHAIN_EXTERNAL_INET_RPC=y
> BR2_TOOLCHAIN_EXTERNAL_CXX=y
> BR2_PACKAGE_NSD=y
>
> I see libevent being built. The config.log of nsd contains:
>
> configure:5427: checking for libevent
> configure:5453: error: Cannot find the libevent library.
> You can restart ./configure --with-libevent=no to use a builtin alternative.
>
> The same happens with OpenSSL:
>
> checking for SSL... configure: error: Cannot find the SSL libraries in /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/sfw /usr/local /usr
>
> You probably need to pass --with-{libevent,ssl}=/some/path, but I
> haven't figured out which path (I haven't looked too much, only tested
> $(STAGING_DIR) and $(STAGING_DIR)/usr/lib).

And the correct answer is... --with-libevent=$(STAGING_DIR)/usr!

> Also, your package makes openssl and libevent mandatory dependencies of
> nsd, which is not the case: you can pass --with-libevent=no and
> --with-ssl=no and you can build without those dependencies. This is
> something we should support to allow building a more lightweight
> version of nsd.

I make libevent and openssl optional dependencies.

Thanks for the review!

Best regards,
ELB