knot-resolver: add luaPackages.psl

[SuperSandro2000]

Description of changes

This basically adds support for policy.slice_randomize_psl()

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[vcunat]

It won't build for me

$ nix build -f. luajitPackages.psl

       > Error: Could not find header file for PSL
       >   No file libpsl.h in /nix/store/3gc64ag4cav0y40pk5zd75cs58q25a9l-wrap-lua-hook/include
       >   No file libpsl.h in /nix/store/h523pxxyypw7bk977kirhdzjjv52gzcs-luajit-2.1.1693350652/include
       >   No file libpsl.h in /nix/store/xfc3kaxwvya9i0589b8gn9cnr2h6ah2p-libpsl-0.21.5-bin/include
       > You may have to install PSL in your system and/or pass PSL_DIR or PSL_INCDIR to the luarocks command.
       > Example: luarocks install psl PSL_DIR=/usr/local

[vcunat]

Note: it's been unclear for us whether that randomized approach improves privacy or makes it worse. We haven't implemented support for this in the knot-resolver 6.x configuration model so far, BTW.

[SuperSandro2000]

The other alternative, to send all requests to all servers, would generate more traffic and we use it more to spread the requests somewhat to all servers.

[SuperSandro2000]

I've test this on 23.11 and funnily I think #292260 broke the naive lua approach. pkgconfig file seems correct.

[vcunat]

I'm not aware of such an alternative that increases traffic amount.

[vcunat]

Now it looks good to me. Though the http module won't work until fixes in PR #303527 (guarded by eval error now).

[SuperSandro2000]

I'm not aware of such an alternative that increases traffic amount.

I might have mixed that up with dnsmasq 😅 I did to many DNS things yesterday

[vcunat]

You broke this again. luarocksConfig.variables needs to be used, not luarocksConfig.

[SuperSandro2000]

You broke this again. luarocksConfig.variables needs to be used, not luarocksConfig.

🤦🏼

[SuperSandro2000]

Can we merge this?

resolved

[github-actions]

Successfully created backport PR for release-24.05:

• [Backport release-24.05] knot-resolver: add luaPackages.psl  #314514