getdns: add option to compile for stub mode only

nixos/modules/services/networking/stubby.nix

@@ -30,7 +30,7 @@ in {
       settings = mkOption {
         type = types.attrsOf settingsFormat.type;
         example = lib.literalExpression ''
-          pkgs.stubby.passthru.settingsExample // {
+          (builtins.fromJSON (builtins.readFile pkgs.stubby.stubbyExampleJson)) // {
             upstream_recursive_servers = [{
               address_data = "158.64.1.29";
               tls_auth_name = "kaitain.restena.lu";
@@ -43,9 +43,8 @@ in {
         '';
         description = ''
           Content of the Stubby configuration file. All Stubby settings may be set or queried
-          here. The default settings are available at
-          `pkgs.stubby.passthru.settingsExample`. See
-          <https://dnsprivacy.org/wiki/display/DP/Configuring+Stubby>.
+          here. The default settings are available at `pkgs.stubby.stubbyExampleJson`.
+          See <https://dnsprivacy.org/wiki/display/DP/Configuring+Stubby>.
           A list of the public recursive servers can be found here:
           <https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers>.
         '';

pkgs/by-name/ge/getdns/package.nix

@@ -0,0 +1,73 @@
+{
+  lib,
+  stdenv,
+  fetchurl,
+  cmake,
+  doxygen,
+  libidn2,
+  openssl,
+  unbound,
+  yq,
+
+  enableStubOnly ? false,
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "getdns";
+  version = "1.7.3";
+  outputs = [
+    "out"
+    "dev"
+    "lib"
+    "man"
+  ];
+
+  src = fetchurl {
+    url = "https://getdnsapi.net/releases/getdns-${lib.concatStringsSep "-" (lib.splitVersion finalAttrs.version)}/getdns-${finalAttrs.version}.tar.gz";
+    # upstream publishes hashes in hex format
+    sha256 = "f1404ca250f02e37a118aa00cf0ec2cbe11896e060c6d369c6761baea7d55a2c";
+  };
+
+  nativeBuildInputs = [
+    cmake
+    doxygen
+  ];
+
+  buildInputs = [
+    libidn2
+    openssl
+  ] ++ lib.optional (!enableStubOnly) unbound;
+
+  cmakeFlags = [ (lib.strings.cmakeBool "ENABLE_STUB_ONLY" enableStubOnly) ];
+
+  # https://github.com/getdnsapi/getdns/issues/517
+  postPatch = ''
+    substituteInPlace getdns.pc.in \
+      --replace '$'{exec_prefix}/@CMAKE_INSTALL_LIBDIR@ @CMAKE_INSTALL_FULL_LIBDIR@ \
+      --replace '$'{prefix}/@CMAKE_INSTALL_INCLUDEDIR@ @CMAKE_INSTALL_FULL_INCLUDEDIR@
+  '';
+
+  postInstall = "rm -r $out/share/doc";
+
+  meta = {
+    description = "Modern asynchronous DNS API";
+    longDescription = ''
+      getdns is an implementation of a modern asynchronous DNS API; the
+      specification was originally edited by Paul Hoffman. It is intended to make all
+      types of DNS information easily available to application developers and non-DNS
+      experts. DNSSEC offers a unique global infrastructure for establishing and
+      enhancing cryptographic trust relations. With the development of this API the
+      developers intend to offer application developers a modern and flexible
+      interface that enables end-to-end trust in the DNS architecture, and which will
+      inspire application developers to implement innovative security solutions in
+      their applications.
+    '';
+    homepage = "https://getdnsapi.net";
+    maintainers = with lib.maintainers; [
+      leenaars
+      ehmry
+    ];
+    license = lib.licenses.bsd3;
+    platforms = lib.platforms.all;
+  };
+})

pkgs/by-name/st/stubby/package.nix

@@ -0,0 +1,64 @@
+# Getdns and Stubby are released together, see https://getdnsapi.net/releases/
+# ../../ge/getdns/package.nix
+
+{
+  lib,
+  stdenv,
+  cmake,
+  darwin,
+  getdns,
+  libyaml,
+  openssl,
+  systemd,
+  yq,
+}:
+
+let
+  self = stdenv.mkDerivation (finalAttrs: {
+    pname = "stubby";
+    version = "0.4.3";
+    outputs = [
+      "out"
+      "man"
+      "stubbyExampleJson"
+    ];
+
+    inherit (getdns) src;
+    sourceRoot = "${getdns.pname}-${getdns.version}/stubby";
+
+    nativeBuildInputs = [
+      cmake
+      yq
+    ];
+
+    buildInputs = [
+      getdns
+      libyaml
+      openssl
+      systemd
+    ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ darwin.Security ];
+
+    postInstall = ''
+      rm -r $out/share/doc
+      yq \
+        < $NIX_BUILD_TOP/$sourceRoot/stubby.yml.example \
+        > $stubbyExampleJson
+    '';
+
+    passthru.settingsExample = builtins.fromJSON (builtins.readFile self.stubbyExampleJson);
+
+    meta = getdns.meta // {
+      description = "Local DNS Privacy stub resolver (using DNS-over-TLS)";
+      mainProgram = "stubby";
+      longDescription = ''
+        Stubby is an application that acts as a local DNS Privacy stub
+        resolver (using RFC 7858, aka DNS-over-TLS). Stubby encrypts DNS
+        queries sent from a client machine (desktop or laptop) to a DNS
+        Privacy resolver increasing end user privacy. Stubby is developed by
+        the getdns team.
+      '';
+      homepage = "https://dnsprivacy.org/dns_privacy_daemon_-_stubby/";
+    };
+  });
+in
+self

pkgs/top-level/all-packages.nix

@@ -9106,9 +9106,6 @@ with pkgs;
 
   geos_3_9 = callPackage ../development/libraries/geos/3.9.nix { };
 
-  inherit (callPackages ../development/libraries/getdns { })
-    getdns stubby;
-
   gettext = callPackage ../development/libraries/gettext { };
 
   gd = callPackage ../development/libraries/gd {