From e85e545dbda8bdf09b32e69545ace49b7bc63c23 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Mon, 14 Mar 2022 21:51:32 +0800
Subject: [PATCH 1/2] powerdns: 4.3.1 -> 4.6.1

---
 nixos/tests/powerdns.nix              |  1 +
 pkgs/servers/dns/powerdns/default.nix | 49 +++++++++++++--------------
 2 files changed, 24 insertions(+), 26 deletions(-)

diff --git a/nixos/tests/powerdns.nix b/nixos/tests/powerdns.nix
index d025934ad2b3..70060bad87b6 100644
--- a/nixos/tests/powerdns.nix
+++ b/nixos/tests/powerdns.nix
@@ -10,6 +10,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
     services.powerdns.extraConfig = ''
       launch=gmysql
       gmysql-user=pdns
+      zone-cache-refresh-interval=0
     '';
 
     services.mysql = {
diff --git a/pkgs/servers/dns/powerdns/default.nix b/pkgs/servers/dns/powerdns/default.nix
index cc7bb3317fd4..4f1913e322a6 100644
--- a/pkgs/servers/dns/powerdns/default.nix
+++ b/pkgs/servers/dns/powerdns/default.nix
@@ -1,44 +1,41 @@
-{ lib, stdenv, fetchurl, fetchpatch, pkg-config, nixosTests
+{ lib, stdenv, fetchurl, pkg-config, nixosTests
 , boost, libyamlcpp, libsodium, sqlite, protobuf, openssl, systemd
-, mysql57, postgresql, lua, openldap, geoip, curl, unixODBC
+, mariadb-connector-c, postgresql, lua, openldap, geoip, curl, unixODBC, lmdb, tinycdb
 }:
 
 stdenv.mkDerivation rec {
   pname = "powerdns";
-  version = "4.3.1";
+  version = "4.6.1";
 
   src = fetchurl {
     url = "https://downloads.powerdns.com/releases/pdns-${version}.tar.bz2";
-    sha256 = "0if27znz528sir52y9i4gcfhdsym7yxiwjgffy9lpscf1426q56m";
+    sha256 = "sha256-eRKxSIfWKEUYX3zktH21gOqnuLiX3LHJVV3+D6xe+uM=";
   };
 
-  patches = [
-    (fetchpatch { # remove for >= 4.4.0
-      name = "gcc-10_undefined-reference.diff";
-      url = "https://github.com/PowerDNS/pdns/commit/05c9dd77b28.diff";
-      sha256 = "1m9szbi02h9kcabgw3kb8k9qrb54d34z0qzizrlfiw3hxs6c2zql";
-    })
-  ];
-
   nativeBuildInputs = [ pkg-config ];
   buildInputs = [
-    boost mysql57.connector-c postgresql lua openldap sqlite protobuf geoip
-    libyamlcpp libsodium curl unixODBC openssl systemd
+    boost mariadb-connector-c postgresql lua openldap sqlite protobuf geoip
+    libyamlcpp libsodium curl unixODBC openssl systemd lmdb tinycdb
+  ];
+
+  configureFlags = [
+    "--disable-silent-rules"
+    "--enable-dns-over-tls"
+    "--enable-unit-tests"
+    "--enable-reproducible"
+    "--enable-tools"
+    "--enable-ixfrdist"
+    "--enable-systemd"
+    "--with-libsodium"
+    "--with-sqlite3"
+    "--with-libcrypto=${openssl.dev}"
   ];
 
   # nix destroy with-modules arguments, when using configureFlags
   preConfigure = ''
-    configureFlagsArray=(
-      "--with-modules=bind gmysql geoip godbc gpgsql gsqlite3 ldap lua2 pipe random remote"
-      --with-sqlite3
-      --with-libcrypto=${openssl.dev}
-      --with-libsodium
-      --enable-tools
-      --disable-dependency-tracking
-      --disable-silent-rules
-      --enable-reproducible
-      --enable-unit-tests
-      --enable-systemd
+    configureFlagsArray+=(
+      "--with-modules="
+      "--with-dynmodules=bind geoip gmysql godbc gpgsql gsqlite3 ldap lmdb lua2 pipe remote tinydns"
     )
   '';
 
@@ -55,6 +52,6 @@ stdenv.mkDerivation rec {
     platforms = platforms.unix;
     broken = stdenv.isDarwin;
     license = licenses.gpl2;
-    maintainers = with maintainers; [ mic92 disassembler ];
+    maintainers = with maintainers; [ mic92 disassembler nickcao ];
   };
 }

From fc49bc19edd8e9eaea703c795395c2f78354ba80 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Tue, 15 Mar 2022 11:13:23 +0800
Subject: [PATCH 2/2] powerdns: redact configure flags from version output to
 reduce closure size

---
 pkgs/servers/dns/powerdns/default.nix   |  2 ++
 pkgs/servers/dns/powerdns/version.patch | 13 +++++++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 pkgs/servers/dns/powerdns/version.patch

diff --git a/pkgs/servers/dns/powerdns/default.nix b/pkgs/servers/dns/powerdns/default.nix
index 4f1913e322a6..ff057b48bd54 100644
--- a/pkgs/servers/dns/powerdns/default.nix
+++ b/pkgs/servers/dns/powerdns/default.nix
@@ -11,6 +11,8 @@ stdenv.mkDerivation rec {
     url = "https://downloads.powerdns.com/releases/pdns-${version}.tar.bz2";
     sha256 = "sha256-eRKxSIfWKEUYX3zktH21gOqnuLiX3LHJVV3+D6xe+uM=";
   };
+  # redact configure flags from version output to reduce closure size
+  patches = [ ./version.patch ];
 
   nativeBuildInputs = [ pkg-config ];
   buildInputs = [
diff --git a/pkgs/servers/dns/powerdns/version.patch b/pkgs/servers/dns/powerdns/version.patch
new file mode 100644
index 000000000000..185d07028833
--- /dev/null
+++ b/pkgs/servers/dns/powerdns/version.patch
@@ -0,0 +1,13 @@
+diff --git a/pdns/version.cc b/pdns/version.cc
+index d8f5d40..1368481 100644
+--- a/pdns/version.cc
++++ b/pdns/version.cc
+@@ -155,7 +155,7 @@ void showBuildConfiguration()
+ #ifdef PDNS_CONFIG_ARGS
+ #define double_escape(s) #s
+ #define escape_quotes(s) double_escape(s)
+-  g_log<<Logger::Warning<<"Configured with: "<<escape_quotes(PDNS_CONFIG_ARGS)<<endl;
++  g_log<<Logger::Warning<<"Configured with: "<<"redacted"<<endl;
+ #undef escape_quotes
+ #undef double_escape
+ #endif