From 0af77d322909db14fa4ccfcb6e70cb5e4b1df7e50508e48c24778374d589d131 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Thu, 11 Jun 2020 20:29:58 +0000 Subject: [PATCH] Accepting request 813333 from home:cunix:server_dns Build fails where golang is too old. If acceptable, i'm asking to not immediately submit to Factory. OBS-URL: https://build.opensuse.org/request/show/813333 OBS-URL: https://build.opensuse.org/package/show/server:dns/dnscrypt-proxy?expand=0&rev=22 --- README.openSUSE | 27 ++++ dnscrypt-proxy-1.9.5.tar.bz2 | 3 - dnscrypt-proxy-2.0.43.tar.gz | 3 + dnscrypt-proxy-default-config.patch | 57 ------- dnscrypt-proxy.changes | 40 +++++ dnscrypt-proxy.service | 30 ++++ dnscrypt-proxy.socket | 23 +++ dnscrypt-proxy.spec | 224 +++++++++++++++------------- dnscrypt-proxy.tmpfile | 2 - dnscrypt-proxy@.service | 29 ---- example-dnscrypt-proxy.toml.sed | 21 +++ find_licenses.sh | 96 ++++++++++++ install_licenses.sh | 31 ++++ 13 files changed, 391 insertions(+), 195 deletions(-) create mode 100644 README.openSUSE delete mode 100644 dnscrypt-proxy-1.9.5.tar.bz2 create mode 100644 dnscrypt-proxy-2.0.43.tar.gz delete mode 100644 dnscrypt-proxy-default-config.patch create mode 100644 dnscrypt-proxy.service create mode 100644 dnscrypt-proxy.socket delete mode 100644 dnscrypt-proxy.tmpfile delete mode 100644 dnscrypt-proxy@.service create mode 100644 example-dnscrypt-proxy.toml.sed create mode 100644 find_licenses.sh create mode 100644 install_licenses.sh diff --git a/README.openSUSE b/README.openSUSE new file mode 100644 index 0000000..cf3068b --- /dev/null +++ b/README.openSUSE @@ -0,0 +1,27 @@ +Some tips: + +1. Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first! + +2. Override "ListenStream" and "ListenDatagram" for dnscrypt-proxy.socket + according to your setup, especially if dnscrypt-proxy should not be used as + your primary name resolver. + In this case you might want to forward queries from a tool + like "dnsmasq" to dnscrypt-proxy. + Then the later should probably not listen on the default adress/port. + +3. If running via systemd, start as root once with + + $ systemctl start dnscrypt-proxy.socket + + For always activating, do + + $ systemctl enable dnscrypt-proxy.socket + +4. Alternatively dnscrypt-proxy.service can be used the same way. + This will require you to set or uncomment "listen_addresses" in + /etc/dnscrypt-proxy/dnscrypt-proxy.toml + In this case the socket configuration described in (2.) + has to be done in this file directly. + + + diff --git a/dnscrypt-proxy-1.9.5.tar.bz2 b/dnscrypt-proxy-1.9.5.tar.bz2 deleted file mode 100644 index cb56aec..0000000 --- a/dnscrypt-proxy-1.9.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e89f5b9039979ab392302faf369ef7593155d5ea21580402a75bbc46329d1bb6 -size 1290573 diff --git a/dnscrypt-proxy-2.0.43.tar.gz b/dnscrypt-proxy-2.0.43.tar.gz new file mode 100644 index 0000000..bb722d7 --- /dev/null +++ b/dnscrypt-proxy-2.0.43.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5e3a300ca3d6303dc272afb2583e177dfcb2eea3f640f3181e383c22360a57d4 +size 2279744 diff --git a/dnscrypt-proxy-default-config.patch b/dnscrypt-proxy-default-config.patch deleted file mode 100644 index bb61955..0000000 --- a/dnscrypt-proxy-default-config.patch +++ /dev/null @@ -1,57 +0,0 @@ -Index: b/dnscrypt-proxy.conf -=================================================================== ---- a/dnscrypt-proxy.conf -+++ b/dnscrypt-proxy.conf -@@ -39,19 +39,21 @@ ResolverName random - ## Unless you are using systemd, you probably want to change this to "yes" - ## after having verified that the rest of the configuration works as expected. - --Daemonize no -+Daemonize yes - - - ## Write the PID number to a file -+## in openSUSE, the pidfile should be dnscrypt-proxy@[configfile name].pid -+## inside /var/run/dnscrypt-proxy/ to make systemd instantiated service work - --# PidFile /var/run/dnscrypt-proxy.pid -+PidFile /var/run/dnscrypt-proxy/dnscrypt-proxy@default.pid - - - ## [NOT AVAILABLE ON WINDOWS] Start the process, bind the required ports, and - ## run the server as a less-privileged system user. - ## The value for this parameter is a user name. - --# User _dnscrypt-proxy -+User dnscrypt - - - -@@ -66,7 +68,7 @@ Daemonize no - ## using this option. You should edit systemd's dnscrypt-proxy.socket file - ## instead. - --# LocalAddress 127.0.0.1:53 -+LocalAddress 127.0.0.1:53 - - - ## Cache DNS responses to avoid outgoing traffic when the same queries -@@ -136,15 +138,16 @@ EphemeralKeys off - ## Log file to write server errors and information to. - ## If you use this tool for privacy, keeping logs of any kind is usually not - ## a good idea. -+## in openSUSE, logfile should be /var/log/dnscrypt-proxy/[config filename].log - --# LogFile /var/log/dnscrypt-proxy.log -+LogFile /var/log/dnscrypt-proxy/default.log - - - ## Don't log events with priority above this log level after the service has - ## been started up. Default is 6. - ## Valid values are between 0 (critical) to 7 (debug-level messages). - --# LogLevel 6 -+LogLevel 7 - - - ## [NOT AVAILABLE ON WINDOWS] Send server logs to the syslog daemon diff --git a/dnscrypt-proxy.changes b/dnscrypt-proxy.changes index 2249075..743dc70 100644 --- a/dnscrypt-proxy.changes +++ b/dnscrypt-proxy.changes @@ -1,3 +1,43 @@ +------------------------------------------------------------------- +Tue Jun 09 16:00:00 UTC 2020 - cunix@mail.de - 2.0.43 + +- Minimum golang version now at 1.14 + +- Update to version 2.0.43 + * When stored into a file, service logs now only contain data + from the most recent launch. This can be changed with the + new 'log_file_latest' option. + * Support for DNS64 translation implemented. + * Connections to DoH servers can be authenticated + using TLS client certificates. + * Multiple stamps are now allowed for a single server + in resolvers and relays lists. + * Updates and additions for the example domain block lists. + * Cached configuration files can now be temporarily used if + they are out of date, but bootstraping is impossible. + * 'generate-domains-blacklists' now tries to deduplicate + entries clobbered by wildcard rules. + * 'generate-domains-blacklists' can now directly + write lists to a file with the `-o` command-line option. + * Cache files are now downloaded as the user the daemon will + be running as. This fixes permission issues at startup time. + * Forwarded queries are now subject to global timeouts, + and can be forced to use TCP. + * The 'ct' parameter has been removed from DoH queries, + as Google doesn't require it any more. + +------------------------------------------------------------------- +Sat May 23 12:00:00 UTC 2020 - cunix@mail.de - 2.0.42 + +- Upgrade to 2.0.42 (boo#1165343) + +- Spec files from home:darix:apps/dnscrypt-proxy and + home:cunix:go/dnscrypt-proxy2 merged into existing spec. + +- v1 of dnscrypt-proxy is not supported anymore and v2 is + a new project. This will require v1 users to migrate their + configuration. + ------------------------------------------------------------------- Thu Dec 19 15:27:22 UTC 2019 - Dominique Leuenberger diff --git a/dnscrypt-proxy.service b/dnscrypt-proxy.service new file mode 100644 index 0000000..bde995a --- /dev/null +++ b/dnscrypt-proxy.service @@ -0,0 +1,30 @@ +[Unit] +Description=DNSCrypt-proxy client +Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd +# with openSUSE changes +Requires=dnscrypt-proxy.socket +After=network.target +Before=nss-lookup.target +Wants=nss-lookup.target + +[Service] +NonBlocking=true + +ExecStart=/usr/sbin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml + +Group=dnscrypt +User=dnscrypt +WorkingDirectory=~ +RuntimeDirectory=dnscrypt-proxy + +# Missing in Leap 15.0 +#CacheDirectory=dnscrypt-proxy +#LogsDirectory=dnscrypt-proxy + +ProtectHome=yes +ProtectControlGroups=yes +ProtectKernelModules=yes + +[Install] +Also=dnscrypt-proxy.socket +WantedBy=multi-user.target diff --git a/dnscrypt-proxy.socket b/dnscrypt-proxy.socket new file mode 100644 index 0000000..d8d0806 --- /dev/null +++ b/dnscrypt-proxy.socket @@ -0,0 +1,23 @@ +[Unit] +Description=DNSCrypt-proxy socket +Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd +# with openSUSE changes +Before=nss-lookup.target +Wants=nss-lookup.target + +[Socket] +# Choose this for dnscrypt-proxy as primary resolver +ListenStream=127.0.0.1:53 +ListenDatagram=127.0.0.1:53 + +# Otherwise forward from your primary local name resolver to somewhere else: +#ListenStream=127.0.0.1:5353 +#ListenDatagram=127.0.0.1:5353 + +# Probably not useful and can be overridden +# if only listening for udp (ListenDatagram) +NoDelay=true +DeferAcceptSec=1 + +[Install] +WantedBy=sockets.target diff --git a/dnscrypt-proxy.spec b/dnscrypt-proxy.spec index 2448f15..a92d868 100644 --- a/dnscrypt-proxy.spec +++ b/dnscrypt-proxy.spec @@ -15,143 +15,159 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # +%define _buildshell /bin/bash +%define user_group dnscrypt +%define config_dir %{_sysconfdir}/%{name} +%define home_dir %{_localstatedir}/lib/%{name} +%define log_dir %{_localstatedir}/log/%{name} +%define services %{name}.socket %{name}.service +%define vlic_dir vendored Name: dnscrypt-proxy -Version: 1.9.5 +Version: 2.0.43 Release: 0 Summary: A tool for securing communications between a client and a DNS resolver -License: BSD-3-Clause +License: ISC Group: Productivity/Networking/DNS/Utilities -URL: https://dnscrypt.org/ -Source: https://download.dnscrypt.org/dnscrypt-proxy/%{name}-%{version}.tar.bz2 -Source1: %{name}@.service -Source5: %{name}.tmpfile -Patch0: dnscrypt-proxy-default-config.patch -BuildRequires: libsodium-devel -BuildRequires: libtool +URL: https://dnscrypt.info/ +Source0: https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz +Source1: %{name}.service +Source2: %{name}.socket +# File to use with sed to modify default configuration. +Source3: example-dnscrypt-proxy.toml.sed +# Find licenses of vendored packages. +Source4: find_licenses.sh +# Install licenses of vendored packages. +Source5: install_licenses.sh +# Some words +Source6: README.openSUSE +BuildRequires: golang(API) >= 1.14 +BuildRequires: golang-packaging BuildRequires: pkgconfig BuildRequires: shadow BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(libsystemd) -Requires(pre): coreutils -Requires(pre): diffutils -Requires(pre): fillup -Requires(pre): grep +# for daemon group/user +Requires(pre): shadow %{?systemd_requires} +Recommends: ca-certificates Provides: dnscrypt = %{version}-%{release} Obsoletes: dnscrypt < %{version}-%{release} +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder, -encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server, -by default Cisco who run this on their resolvers. (It used to be OpenDNS.) - -The DNSCrypt protocol uses elliptic-curve cryptography and is similar to DNSCurve, but focuses on -securing communications between a client and its first-level resolver. - -While not providing end-to-end security, it protects the local network, which is often the weakest point -of the chain, against man-in-the-middle attacks. It also provides some confidentiality to DNS queries. - -%package devel -Summary: Header files for development of DNSCrypt plugins -Group: Development/Languages/C and C++ -Requires: %{name} = %{version} - -%description devel -Header files for development of DNSCrypt plugins. +A flexible DNS proxy, with support for modern encrypted DNS protocols +such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt. %prep -%setup -q -%patch0 -p1 -# Strip __DATE__ -sed -i "s/__DATE__/\"%(date -u -r ChangeLog +%%F)\"/" src/proxy/options.c -# Don't install COPYING with make, we use our %%license marcro if possible -sed -i "/\tCOPYING / d" Makefile.am -sed -i "s/COPYING //" Makefile.in +%setup -q -n %{name}-%{version} + +# Find licenses of vendored packages and prepare for installation +bash %{SOURCE4} %{vlic_dir} + +# duplicate original config file +cp ./%{name}/example-%{name}.toml ./%{name}.toml.default + +# Edit default port and file locations +sed -i -f %{SOURCE3} ./%{name}.toml.default + +# duplicate edited config file +cp ./%{name}.toml.default ./%{name}.toml + +# Delete "example" to prevent fdupes from deleting the backup config file if run for buildroot +sed -i "s/## This is an example configuration file./## This is a configuration file./" ./dnscrypt-proxy.toml + +# python path instead of env +sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blacklists/generate-domains-blacklist.py %build -%configure \ -%if 0%{?suse_version} >= 1210 - --with-systemd \ -%endif - --enable-plugins \ - --docdir=%{_docdir}/%{name} -make %{?_smp_mflags} +cd dnscrypt-proxy +go build -mod=vendor -buildmode=pie %install -%make_install +# Directories +install -D -d -m 0750 \ + %{buildroot}%{log_dir} \ + %{buildroot}%{home_dir} \ + %{buildroot}%{config_dir} -install -d -m 755 %{buildroot}%{_unitdir} -install -m 644 %{SOURCE1} %{buildroot}%{_unitdir} -install -d -m 755 %{buildroot}%{_libexecdir}/tmpfiles.d/ -install -m 644 %{SOURCE5} %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf -ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +install -D -d -m 0755 \ + %{buildroot}%{_datadir}/%{name}/ -find %{buildroot} -type f -name "*.la" -delete -print -mkdir -p %{buildroot}%{_sysconfdir}/%{name}.conf.d -mv %{buildroot}%{_sysconfdir}/%{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf.d/default.conf +# Binary +install -D -m 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name} + +# blacklist generator +cp -a utils/generate-domains-blacklists/ %{buildroot}%{_datadir}/%{name}/ + +# Config file examples +install -D -m 0644 ./%{name}/example-%{name}.toml %{buildroot}/%{_docdir}/%{name}/example-%{name}.toml +install -D -m 0644 ./%{name}.toml.default %{buildroot}/%{_docdir}/%{name}/%{name}.toml.default +install -D -m 0644 ./%{name}/example-blacklist.txt %{buildroot}/%{_docdir}/%{name}/example-blacklist.txt +install -D -m 0644 ./%{name}/example-ip-blacklist.txt %{buildroot}/%{_docdir}/%{name}/example-ip-blacklist.txt +install -D -m 0644 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{_docdir}/%{name}/example-cloaking-rules.txt +install -D -m 0644 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{_docdir}/%{name}/example-forwarding-rules.txt +install -D -m 0644 ./%{name}/example-whitelist.txt %{buildroot}/%{_docdir}/%{name}/example-whitelist.txt + +# Config files +install -D -m 0640 ./%{name}.toml %{buildroot}/%{config_dir}/%{name}.toml +install -D -m 0640 ./%{name}.toml.default %{buildroot}/%{config_dir}/%{name}.toml.default +install -D -m 0640 ./%{name}/example-blacklist.txt %{buildroot}/%{config_dir}/blacklist.txt +install -D -m 0640 ./%{name}/example-ip-blacklist.txt %{buildroot}/%{config_dir}/ip-blacklist.txt +install -D -m 0640 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{config_dir}/cloaking-rules.txt +install -D -m 0640 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{config_dir}/forwarding-rules.txt +install -D -m 0640 ./%{name}/example-whitelist.txt %{buildroot}/%{config_dir}/whitelist.txt + +# Systemd +install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service +install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket + +# service link +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} + +# Vendor Licenses +install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir} +bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir} + +# Some hints. Improvements and feedback welcome! +cp %{SOURCE6} README.openSUSE %pre -if ! %{_bindir}/getent group dnscrypt >/dev/null; then - %{_sbindir}/groupadd -r dnscrypt -fi -if ! %{_bindir}/getent passwd dnscrypt >/dev/null; then - %{_sbindir}/useradd -c "DNSCrypt daemon" -d %{_localstatedir}/lib/empty -g dnscrypt \ - -r -s /bin/false dnscrypt -fi -%if 0%{?suse_version} >= 1210 -%service_add_pre %{name}@.service -%endif +# group and user +getent group %{user_group} >/dev/null || %{_sbindir}/groupadd -r %{user_group} +getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group} \ + -d %{home_dir} -s /bin/false -c "DNScrypt Proxy" %{user_group} + +%service_add_pre %{services} %post -%service_add_post %{name}@.service -%tmpfiles_create %{_tmpfilesdir}/%{name}.conf -if [ $1 == 2 ] && [ -r %{_sysconfdir}/sysconfig/%{name} ] ; then - rm -f %{_sysconfdir}/sysconfig/%{name} -fi -if [ $1 == 2 ] && [ -r %{_sysconfdir}/sysconfig/dnscrypt ] ; then - rm -f %{_sysconfdir}/sysconfig/dnscrypt -fi +%service_add_post %{services} %preun -%if 0%{?suse_version} >= 1210 -%service_del_preun %{name}@.service -%endif +%service_del_preun %{services} %postun -%if 0%{?suse_version} >= 1210 -%service_del_postun %{name}@.service -%endif +%service_del_postun %{services} %files -%doc AUTHORS ChangeLog README.markdown NEWS DNSCRYPT-V2-PROTOCOL.txt -%doc THANKS README-PLUGINS.markdown dnscrypt-proxy.conf -%if 0%{?leap_version} >= 420200 || 0%{?suse_version} > 1320 -%license COPYING -%else -%doc COPYING -%endif -%dir %{_sysconfdir}/%{name}.conf.d -%config %{_sysconfdir}/%{name}.conf.d/default.conf -%{_bindir}/hostip +%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml +%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/blacklist.txt +%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/ip-blacklist.txt +%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/cloaking-rules.txt +%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt +%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/whitelist.txt +%config %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml.default %{_sbindir}/%{name} %{_sbindir}/rc%{name} -%{_unitdir}/%{name}@.service -%{_mandir}/man8/hostip.8%{ext_man} -%{_mandir}/man8/%{name}.8%{ext_man} -%dir %{_datadir}/%{name} -%{_datadir}/%{name}/dnscrypt-resolvers.csv -%{_datadir}/%{name}/minisign.pub -%dir %{_libdir}/%{name} -%{_libdir}/%{name}/libdcplugin_example.so -%{_libdir}/%{name}/libdcplugin_example_logging.so -%{_libdir}/%{name}/libdcplugin_example_cache.so -%{_libexecdir}/tmpfiles.d/%{name}.conf -%ghost %dir %{_localstatedir}/log/%{name} -%ghost %dir /run/%{name} - -%files devel -%dir %{_includedir}/dnscrypt/ -%{_includedir}/dnscrypt/* +%{_unitdir}/%{name}.service +%{_unitdir}/%{name}.socket +%{_datadir}/%{name}/ +%dir %attr(0750,root,%{user_group}) %{config_dir} +%dir %attr(0750,%{user_group},%{user_group}) %{home_dir} +%dir %attr(0750,%{user_group},%{user_group}) %{log_dir} +%{_docdir}/%{name}/ +%doc ChangeLog README.md README.openSUSE +%license LICENSE +%{_licensedir}/%{name}/%{vlic_dir}/ %changelog diff --git a/dnscrypt-proxy.tmpfile b/dnscrypt-proxy.tmpfile deleted file mode 100644 index 857902e..0000000 --- a/dnscrypt-proxy.tmpfile +++ /dev/null @@ -1,2 +0,0 @@ -d /run/dnscrypt-proxy 0755 dnscrypt dnscrypt -d /var/log/dnscrypt-proxy 0755 dnscrypt dnscrypt diff --git a/dnscrypt-proxy@.service b/dnscrypt-proxy@.service deleted file mode 100644 index be452c8..0000000 --- a/dnscrypt-proxy@.service +++ /dev/null @@ -1,29 +0,0 @@ -# This file is part of dnscrypt-proxy -# Author: Marguerite Su with some AUR references. -# Version: 1.9.4 -# Description: dnscrypt is a tool that encrypts your DNS queries in order to -# protect against man-in-the-middle attacks and DNS hijacking -# (commonly seen in China). It uses CiscoDNS resolvers by default. -# It is BSD-licensed. -# In openSUSE it's licensed under SUSE-Permissive (non-free ware). -# For details, refer to its documentation. -[Unit] -Description=Secure connection between your computer and a DNS resolver -Documentation=man:dnscrypt-proxy(8) -# NTP always has local servers, and there's nothing to encrypt for time. -# and ntp.service isn't native systemd service, if we start before it, -# it will take a long time to sync. just save 20000+ms on boot. -After=network.target ntp.service -Before=nss-lookup.target - -[Service] -Type=forking -NonBlocking=true -PIDFile=/var/run/dnscrypt-proxy/dnscrypt-proxy@%i.pid -ExecStart=/usr/sbin/dnscrypt-proxy /etc/dnscrypt-proxy.conf.d/%I.conf -# Automatically Restart -Restart=on-abort - -[Install] -WantedBy=multi-user.target -DefaultInstance=default diff --git a/example-dnscrypt-proxy.toml.sed b/example-dnscrypt-proxy.toml.sed new file mode 100644 index 0000000..059c15d --- /dev/null +++ b/example-dnscrypt-proxy.toml.sed @@ -0,0 +1,21 @@ +# the socket unit should listen +s/listen_addresses = \['127.0.0.1:53']/#listen_addresses = ['127.0.0.1:53']\nlisten_addresses = []/ + +# absolute paths by default +s/# log_file = 'dnscrypt-proxy.log'/# log_file = '\/var\/log\/dnscrypt-proxy\/dnscrypt-proxy.log'/ +s/# forwarding_rules = 'forwarding-rules.txt'/# forwarding_rules = '\/etc\/dnscrypt-proxy\/forwarding-rules.txt'/ +s/# cloaking_rules = 'cloaking-rules.txt'/# cloaking_rules = '\/etc\/dnscrypt-proxy\/cloaking-rules.txt'/ +s/# cert_file = "localhost.pem"/# cert_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/ +s/# cert_key_file = "localhost.pem"/# cert_key_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/ +s/ # file = 'query.log'/ # file = '\/var\/log\/dnscrypt-proxy\/query.log'/ +s/ # file = 'nx.log'/ # file = '\/var\/log\/dnscrypt-proxy\/nx.log'/ +s/ # blacklist_file = 'blacklist.txt'/ # blacklist_file = '\/etc\/dnscrypt-proxy\/blacklist.txt'/ +s/ # log_file = 'blocked.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/blocked.log'/ +s/ # blacklist_file = 'ip-blacklist.txt'/# blacklist_file = '\/etc\/dnscrypt-proxy\/ip-blacklist.txt'/ +s/ # log_file = 'ip-blocked.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/ip-blocked.log'/ +s/ # whitelist_file = 'whitelist.txt'/# blacklist_file = '\/etc\/dnscrypt-proxy\/whitelist.txt'/ +s/ # log_file = 'whitelisted.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/whitelisted.log'/ +s/ cache_file = 'public-resolvers.md'/ cache_file = '\/var\/lib\/dnscrypt-proxy\/public-resolvers.md'/ +s/ cache_file = 'relays.md'/ cache_file = '\/var\/lib\/dnscrypt-proxy\/relays.md'/ +s/ # cache_file = "quad9-resolvers.md"/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/quad9-resolvers.md'/ +s/ # cache_file = 'parental-control.md'/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/parental-control.md'/ diff --git a/find_licenses.sh b/find_licenses.sh new file mode 100644 index 0000000..0e4aba7 --- /dev/null +++ b/find_licenses.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +# written by cunix in 2019 +# +# Tries to find and prepare licenses from vendored packages for +# installation as file or link to existing file. +# +# $1 should be a destination directory for vendored licenses + +vendor_licenses_dir=$1 +username=$(whoami) +workingdir=$(pwd) +licenses_file=/tmp/license_files.txt +goahead=0 +hash_list=() +filename_list=() + +if [[ -z "$vendor_licenses_dir" ]] + then + echo missing directory as parameter + exit 1 + else + if [[ "$vendor_licenses_dir" = "/" ]] || [[ "$vendor_licenses_dir" = "/home" ]] \ + || [[ "$vendor_licenses_dir" = "/home/" ]] || [[ "$vendor_licenses_dir" = "/home/$username" ]] \ + || [[ "$vendor_licenses_dir" = "/home/$username/" ]] || [[ "$vendor_licenses_dir" = "$HOME" ]] + then + echo Do not use "$vendor_licenses_dir" as destination directory. + echo It will delete all your files. + exit 1 + else + mkdir -pv $vendor_licenses_dir + if [[ -d "$vendor_licenses_dir" ]] + then + echo Searching for licenses ... + rm $licenses_file + find ./*/ -iname "license*" -fprint $licenses_file + find ./*/ -iname "copying*" >> $licenses_file + goahead=1 + else + echo "$vendor_licenses_dir" is not a directory. + exit 1 + fi + fi + fi + +if [[ -f "$licenses_file" ]] + then + if [[ $goahead -eq 1 ]] + then + echo Removing $vendor_licenses_dir + rm -r "$vendor_licenses_dir" + mkdir -pv $vendor_licenses_dir + echo Processing licenses . . . + while read line + do + filenamepre=${line////__} + filename=${filenamepre//.__/} + hash_output=$(sha256sum $line) + hash=${hash_output:0:66} + hash_list_len=${#hash_list[@]} + if [[ $hash_list_len -eq 0 ]] + then + cat $line > $vendor_licenses_dir/$filename + hash_list[0]=$hash + filename_list[0]=$filename + else + counter=0 + match=0 + for item in ${hash_list[@]} + do + if test $item = $hash + then + match=1 + break + fi + counter=$(($counter+1)) + done + if [[ $match -eq 0 ]] + then + hash_list[$counter]=$hash + filename_list[$counter]=$filename + cat $line > $vendor_licenses_dir/$filename + else + cd $vendor_licenses_dir + ln -s ${filename_list[$counter]} $filename + cd $workingdir + fi + fi + done < $licenses_file + else + echo Does not package licenses. + exit 1 + fi + else + echo No licenses found to package. + fi diff --git a/install_licenses.sh b/install_licenses.sh new file mode 100644 index 0000000..6286ae8 --- /dev/null +++ b/install_licenses.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# written by cunix in 2019 +# +# Installs or links previously found licenses. +# +# $1 should be the soure directory, prepared with script "find_licenses.sh" +# $2 should be the (already created) destination directory + +vendor_licenses_dir=$1 +install_licenses_dir=$2 +licenses_files=/tmp/real_license_files.txt +licenses_links=/tmp/link_license_files.txt + +rm $licenses_files +rm $licenses_links + +find -P $vendor_licenses_dir -type f -fprintf $licenses_files "%f\n" +find -P $vendor_licenses_dir -type l -fprintf $licenses_links "%f %l\n" + +while read line + do + install -D -m 0644 $vendor_licenses_dir/$line $install_licenses_dir/$line + done < $licenses_files + +cd $install_licenses_dir +while read line + do + combo=($line) + ln -s ${combo[1]} ${combo[0]} + done < $licenses_links