feat: add support for debian 13 (trixie)

2025-08-06 14:30:26 +02:00 · 2025-08-06 14:30:26 +02:00 · 14ae02d552
commit 14ae02d552
parent d2ad01fd37
6 changed files with 67 additions and 0 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -17,6 +17,7 @@ steps:
      - sleep 5 # give docker enough time to start
      - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
      - ./debian/12/build.sh
+      - ./debian/13/build.sh
    when:
      branch:
      - master
--- a/README.md
+++ b/README.md
@ -8,6 +8,7 @@
 # Supported tags and respective `Dockerfile` links

 -	[`4.6-bookworm`, `latest`](https://github.com/pommi/docker-powerdns/blob/master/debian/12/Dockerfile)
+-	[`4.9-trixie`](https://github.com/pommi/docker-powerdns/blob/master/debian/13/Dockerfile)

 # Usage

--- a/build/rebuild.sh
+++ b/build/rebuild.sh
@ -14,3 +14,7 @@ updates_available () {
 if updates_available pommib/powerdns:4.6-bookworm; then
    ./debian/12/build.sh
 fi
+
+if updates_available pommib/powerdns:4.9-trixie; then
+    ./debian/13/build.sh
+fi
--- a/debian/13/Dockerfile
+++ b/debian/13/Dockerfile
@ -0,0 +1,22 @@
+FROM debian:trixie-slim
+
+RUN set -eux && \
+	apt-get update && \
+	DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \
+	DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+		pdns-server \
+		pdns-backend-bind \
+		sqlite3 \
+		bind9-dnsutils \
+		inotify-tools \
+	&& \
+	rm -rf /var/lib/apt/lists/*
+
+ADD start.sh /
+
+EXPOSE 53/tcp 53/udp
+VOLUME ["/var/lib/powerdns"]
+
+CMD /start.sh
+
+HEALTHCHECK CMD dig +timeout=1 @127.0.0.1 || exit 1
--- a/debian/13/build.sh
+++ b/debian/13/build.sh
@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -ex
+
+IMAGE=pommib/powerdns:4.9-trixie
+#docker pull $IMAGE
+docker pull debian:trixie-slim
+docker build --no-cache -t $IMAGE ./debian/13/
+docker push $IMAGE
--- a/debian/13/start.sh
+++ b/debian/13/start.sh
@ -0,0 +1,30 @@
+#!/bin/bash
+
+# create sqlite database for DNSSEC
+if test ! -e /var/lib/powerdns/bind-dnssec-db.sqlite3; then
+    echo [$0] Initializing /var/lib/powerdns/bind-dnssec-db.sqlite3
+    /usr/bin/pdnsutil create-bind-db /var/lib/powerdns/bind-dnssec-db.sqlite3
+fi
+sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db.sqlite3/' /etc/powerdns/pdns.d/bind.conf
+
+# start powerdns server
+/usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no &
+
+# watch for zone changes
+inotifywait -mqre modify --exclude '.*(\.git|.*\.swp)' --format '%w%f' "/var/lib/powerdns/zones/" |
+    while read -r path; do
+        zone=$(basename $path)
+        echo [$0] A modification was detected in $path
+        echo [$0] Executing \`/usr/bin/pdns_control bind-reload-now $zone\`
+        /usr/bin/pdns_control bind-reload-now $zone
+        if pdnsutil show-zone $zone 2>/dev/null | grep -q "Zone is not actively secured"; then
+            echo [$0] Zone is not actively secured, skipping \`pdnsutil rectify-zone $zone\`
+        else
+            echo [$0] DNSSEC secured zone. Executing \`pdnsutil rectify-zone $zone\`
+            /usr/bin/pdnsutil rectify-zone $zone
+        fi
+    done &
+
+wait -n
+
+exit $?