Accepting request 813333 from home:cunix:server_dns
Build fails where golang is too old. If acceptable, i'm asking to not immediately submit to Factory. OBS-URL: https://build.opensuse.org/request/show/813333 OBS-URL: https://build.opensuse.org/package/show/server:dns/dnscrypt-proxy?expand=0&rev=22
This commit is contained in:
parent
9f3237cf5a
commit
0af77d3229
27
README.openSUSE
Normal file
27
README.openSUSE
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
Some tips:
|
||||||
|
|
||||||
|
1. Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first!
|
||||||
|
|
||||||
|
2. Override "ListenStream" and "ListenDatagram" for dnscrypt-proxy.socket
|
||||||
|
according to your setup, especially if dnscrypt-proxy should not be used as
|
||||||
|
your primary name resolver.
|
||||||
|
In this case you might want to forward queries from a tool
|
||||||
|
like "dnsmasq" to dnscrypt-proxy.
|
||||||
|
Then the later should probably not listen on the default adress/port.
|
||||||
|
|
||||||
|
3. If running via systemd, start as root once with
|
||||||
|
|
||||||
|
$ systemctl start dnscrypt-proxy.socket
|
||||||
|
|
||||||
|
For always activating, do
|
||||||
|
|
||||||
|
$ systemctl enable dnscrypt-proxy.socket
|
||||||
|
|
||||||
|
4. Alternatively dnscrypt-proxy.service can be used the same way.
|
||||||
|
This will require you to set or uncomment "listen_addresses" in
|
||||||
|
/etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
||||||
|
In this case the socket configuration described in (2.)
|
||||||
|
has to be done in this file directly.
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:e89f5b9039979ab392302faf369ef7593155d5ea21580402a75bbc46329d1bb6
|
|
||||||
size 1290573
|
|
3
dnscrypt-proxy-2.0.43.tar.gz
Normal file
3
dnscrypt-proxy-2.0.43.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:5e3a300ca3d6303dc272afb2583e177dfcb2eea3f640f3181e383c22360a57d4
|
||||||
|
size 2279744
|
@ -1,57 +0,0 @@
|
|||||||
Index: b/dnscrypt-proxy.conf
|
|
||||||
===================================================================
|
|
||||||
--- a/dnscrypt-proxy.conf
|
|
||||||
+++ b/dnscrypt-proxy.conf
|
|
||||||
@@ -39,19 +39,21 @@ ResolverName random
|
|
||||||
## Unless you are using systemd, you probably want to change this to "yes"
|
|
||||||
## after having verified that the rest of the configuration works as expected.
|
|
||||||
|
|
||||||
-Daemonize no
|
|
||||||
+Daemonize yes
|
|
||||||
|
|
||||||
|
|
||||||
## Write the PID number to a file
|
|
||||||
+## in openSUSE, the pidfile should be dnscrypt-proxy@[configfile name].pid
|
|
||||||
+## inside /var/run/dnscrypt-proxy/ to make systemd instantiated service work
|
|
||||||
|
|
||||||
-# PidFile /var/run/dnscrypt-proxy.pid
|
|
||||||
+PidFile /var/run/dnscrypt-proxy/dnscrypt-proxy@default.pid
|
|
||||||
|
|
||||||
|
|
||||||
## [NOT AVAILABLE ON WINDOWS] Start the process, bind the required ports, and
|
|
||||||
## run the server as a less-privileged system user.
|
|
||||||
## The value for this parameter is a user name.
|
|
||||||
|
|
||||||
-# User _dnscrypt-proxy
|
|
||||||
+User dnscrypt
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -66,7 +68,7 @@ Daemonize no
|
|
||||||
## using this option. You should edit systemd's dnscrypt-proxy.socket file
|
|
||||||
## instead.
|
|
||||||
|
|
||||||
-# LocalAddress 127.0.0.1:53
|
|
||||||
+LocalAddress 127.0.0.1:53
|
|
||||||
|
|
||||||
|
|
||||||
## Cache DNS responses to avoid outgoing traffic when the same queries
|
|
||||||
@@ -136,15 +138,16 @@ EphemeralKeys off
|
|
||||||
## Log file to write server errors and information to.
|
|
||||||
## If you use this tool for privacy, keeping logs of any kind is usually not
|
|
||||||
## a good idea.
|
|
||||||
+## in openSUSE, logfile should be /var/log/dnscrypt-proxy/[config filename].log
|
|
||||||
|
|
||||||
-# LogFile /var/log/dnscrypt-proxy.log
|
|
||||||
+LogFile /var/log/dnscrypt-proxy/default.log
|
|
||||||
|
|
||||||
|
|
||||||
## Don't log events with priority above this log level after the service has
|
|
||||||
## been started up. Default is 6.
|
|
||||||
## Valid values are between 0 (critical) to 7 (debug-level messages).
|
|
||||||
|
|
||||||
-# LogLevel 6
|
|
||||||
+LogLevel 7
|
|
||||||
|
|
||||||
|
|
||||||
## [NOT AVAILABLE ON WINDOWS] Send server logs to the syslog daemon
|
|
@ -1,3 +1,43 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 09 16:00:00 UTC 2020 - cunix@mail.de - 2.0.43
|
||||||
|
|
||||||
|
- Minimum golang version now at 1.14
|
||||||
|
|
||||||
|
- Update to version 2.0.43
|
||||||
|
* When stored into a file, service logs now only contain data
|
||||||
|
from the most recent launch. This can be changed with the
|
||||||
|
new 'log_file_latest' option.
|
||||||
|
* Support for DNS64 translation implemented.
|
||||||
|
* Connections to DoH servers can be authenticated
|
||||||
|
using TLS client certificates.
|
||||||
|
* Multiple stamps are now allowed for a single server
|
||||||
|
in resolvers and relays lists.
|
||||||
|
* Updates and additions for the example domain block lists.
|
||||||
|
* Cached configuration files can now be temporarily used if
|
||||||
|
they are out of date, but bootstraping is impossible.
|
||||||
|
* 'generate-domains-blacklists' now tries to deduplicate
|
||||||
|
entries clobbered by wildcard rules.
|
||||||
|
* 'generate-domains-blacklists' can now directly
|
||||||
|
write lists to a file with the `-o` command-line option.
|
||||||
|
* Cache files are now downloaded as the user the daemon will
|
||||||
|
be running as. This fixes permission issues at startup time.
|
||||||
|
* Forwarded queries are now subject to global timeouts,
|
||||||
|
and can be forced to use TCP.
|
||||||
|
* The 'ct' parameter has been removed from DoH queries,
|
||||||
|
as Google doesn't require it any more.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat May 23 12:00:00 UTC 2020 - cunix@mail.de - 2.0.42
|
||||||
|
|
||||||
|
- Upgrade to 2.0.42 (boo#1165343)
|
||||||
|
|
||||||
|
- Spec files from home:darix:apps/dnscrypt-proxy and
|
||||||
|
home:cunix:go/dnscrypt-proxy2 merged into existing spec.
|
||||||
|
|
||||||
|
- v1 of dnscrypt-proxy is not supported anymore and v2 is
|
||||||
|
a new project. This will require v1 users to migrate their
|
||||||
|
configuration.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Dec 19 15:27:22 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
|
Thu Dec 19 15:27:22 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||||
|
|
||||||
|
30
dnscrypt-proxy.service
Normal file
30
dnscrypt-proxy.service
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=DNSCrypt-proxy client
|
||||||
|
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
||||||
|
# with openSUSE changes
|
||||||
|
Requires=dnscrypt-proxy.socket
|
||||||
|
After=network.target
|
||||||
|
Before=nss-lookup.target
|
||||||
|
Wants=nss-lookup.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
NonBlocking=true
|
||||||
|
|
||||||
|
ExecStart=/usr/sbin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
||||||
|
|
||||||
|
Group=dnscrypt
|
||||||
|
User=dnscrypt
|
||||||
|
WorkingDirectory=~
|
||||||
|
RuntimeDirectory=dnscrypt-proxy
|
||||||
|
|
||||||
|
# Missing in Leap 15.0
|
||||||
|
#CacheDirectory=dnscrypt-proxy
|
||||||
|
#LogsDirectory=dnscrypt-proxy
|
||||||
|
|
||||||
|
ProtectHome=yes
|
||||||
|
ProtectControlGroups=yes
|
||||||
|
ProtectKernelModules=yes
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
Also=dnscrypt-proxy.socket
|
||||||
|
WantedBy=multi-user.target
|
23
dnscrypt-proxy.socket
Normal file
23
dnscrypt-proxy.socket
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=DNSCrypt-proxy socket
|
||||||
|
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
||||||
|
# with openSUSE changes
|
||||||
|
Before=nss-lookup.target
|
||||||
|
Wants=nss-lookup.target
|
||||||
|
|
||||||
|
[Socket]
|
||||||
|
# Choose this for dnscrypt-proxy as primary resolver
|
||||||
|
ListenStream=127.0.0.1:53
|
||||||
|
ListenDatagram=127.0.0.1:53
|
||||||
|
|
||||||
|
# Otherwise forward from your primary local name resolver to somewhere else:
|
||||||
|
#ListenStream=127.0.0.1:5353
|
||||||
|
#ListenDatagram=127.0.0.1:5353
|
||||||
|
|
||||||
|
# Probably not useful and can be overridden
|
||||||
|
# if only listening for udp (ListenDatagram)
|
||||||
|
NoDelay=true
|
||||||
|
DeferAcceptSec=1
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sockets.target
|
@ -15,143 +15,159 @@
|
|||||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
#
|
#
|
||||||
|
|
||||||
|
%define _buildshell /bin/bash
|
||||||
|
%define user_group dnscrypt
|
||||||
|
%define config_dir %{_sysconfdir}/%{name}
|
||||||
|
%define home_dir %{_localstatedir}/lib/%{name}
|
||||||
|
%define log_dir %{_localstatedir}/log/%{name}
|
||||||
|
%define services %{name}.socket %{name}.service
|
||||||
|
%define vlic_dir vendored
|
||||||
|
|
||||||
Name: dnscrypt-proxy
|
Name: dnscrypt-proxy
|
||||||
Version: 1.9.5
|
Version: 2.0.43
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: A tool for securing communications between a client and a DNS resolver
|
Summary: A tool for securing communications between a client and a DNS resolver
|
||||||
License: BSD-3-Clause
|
License: ISC
|
||||||
Group: Productivity/Networking/DNS/Utilities
|
Group: Productivity/Networking/DNS/Utilities
|
||||||
URL: https://dnscrypt.org/
|
URL: https://dnscrypt.info/
|
||||||
Source: https://download.dnscrypt.org/dnscrypt-proxy/%{name}-%{version}.tar.bz2
|
Source0: https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz
|
||||||
Source1: %{name}@.service
|
Source1: %{name}.service
|
||||||
Source5: %{name}.tmpfile
|
Source2: %{name}.socket
|
||||||
Patch0: dnscrypt-proxy-default-config.patch
|
# File to use with sed to modify default configuration.
|
||||||
BuildRequires: libsodium-devel
|
Source3: example-dnscrypt-proxy.toml.sed
|
||||||
BuildRequires: libtool
|
# Find licenses of vendored packages.
|
||||||
|
Source4: find_licenses.sh
|
||||||
|
# Install licenses of vendored packages.
|
||||||
|
Source5: install_licenses.sh
|
||||||
|
# Some words
|
||||||
|
Source6: README.openSUSE
|
||||||
|
BuildRequires: golang(API) >= 1.14
|
||||||
|
BuildRequires: golang-packaging
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
BuildRequires: shadow
|
BuildRequires: shadow
|
||||||
BuildRequires: systemd-rpm-macros
|
BuildRequires: systemd-rpm-macros
|
||||||
BuildRequires: pkgconfig(libsystemd)
|
BuildRequires: pkgconfig(libsystemd)
|
||||||
Requires(pre): coreutils
|
# for daemon group/user
|
||||||
Requires(pre): diffutils
|
Requires(pre): shadow
|
||||||
Requires(pre): fillup
|
|
||||||
Requires(pre): grep
|
|
||||||
%{?systemd_requires}
|
%{?systemd_requires}
|
||||||
|
Recommends: ca-certificates
|
||||||
Provides: dnscrypt = %{version}-%{release}
|
Provides: dnscrypt = %{version}-%{release}
|
||||||
Obsoletes: dnscrypt < %{version}-%{release}
|
Obsoletes: dnscrypt < %{version}-%{release}
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
%description
|
%description
|
||||||
dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder,
|
A flexible DNS proxy, with support for modern encrypted DNS protocols
|
||||||
encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server,
|
such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt.
|
||||||
by default Cisco who run this on their resolvers. (It used to be OpenDNS.)
|
|
||||||
|
|
||||||
The DNSCrypt protocol uses elliptic-curve cryptography and is similar to DNSCurve, but focuses on
|
|
||||||
securing communications between a client and its first-level resolver.
|
|
||||||
|
|
||||||
While not providing end-to-end security, it protects the local network, which is often the weakest point
|
|
||||||
of the chain, against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.
|
|
||||||
|
|
||||||
%package devel
|
|
||||||
Summary: Header files for development of DNSCrypt plugins
|
|
||||||
Group: Development/Languages/C and C++
|
|
||||||
Requires: %{name} = %{version}
|
|
||||||
|
|
||||||
%description devel
|
|
||||||
Header files for development of DNSCrypt plugins.
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q -n %{name}-%{version}
|
||||||
%patch0 -p1
|
|
||||||
# Strip __DATE__
|
# Find licenses of vendored packages and prepare for installation
|
||||||
sed -i "s/__DATE__/\"%(date -u -r ChangeLog +%%F)\"/" src/proxy/options.c
|
bash %{SOURCE4} %{vlic_dir}
|
||||||
# Don't install COPYING with make, we use our %%license marcro if possible
|
|
||||||
sed -i "/\tCOPYING / d" Makefile.am
|
# duplicate original config file
|
||||||
sed -i "s/COPYING //" Makefile.in
|
cp ./%{name}/example-%{name}.toml ./%{name}.toml.default
|
||||||
|
|
||||||
|
# Edit default port and file locations
|
||||||
|
sed -i -f %{SOURCE3} ./%{name}.toml.default
|
||||||
|
|
||||||
|
# duplicate edited config file
|
||||||
|
cp ./%{name}.toml.default ./%{name}.toml
|
||||||
|
|
||||||
|
# Delete "example" to prevent fdupes from deleting the backup config file if run for buildroot
|
||||||
|
sed -i "s/## This is an example configuration file./## This is a configuration file./" ./dnscrypt-proxy.toml
|
||||||
|
|
||||||
|
# python path instead of env
|
||||||
|
sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blacklists/generate-domains-blacklist.py
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure \
|
cd dnscrypt-proxy
|
||||||
%if 0%{?suse_version} >= 1210
|
go build -mod=vendor -buildmode=pie
|
||||||
--with-systemd \
|
|
||||||
%endif
|
|
||||||
--enable-plugins \
|
|
||||||
--docdir=%{_docdir}/%{name}
|
|
||||||
make %{?_smp_mflags}
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%make_install
|
# Directories
|
||||||
|
install -D -d -m 0750 \
|
||||||
|
%{buildroot}%{log_dir} \
|
||||||
|
%{buildroot}%{home_dir} \
|
||||||
|
%{buildroot}%{config_dir}
|
||||||
|
|
||||||
install -d -m 755 %{buildroot}%{_unitdir}
|
install -D -d -m 0755 \
|
||||||
install -m 644 %{SOURCE1} %{buildroot}%{_unitdir}
|
%{buildroot}%{_datadir}/%{name}/
|
||||||
install -d -m 755 %{buildroot}%{_libexecdir}/tmpfiles.d/
|
|
||||||
install -m 644 %{SOURCE5} %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf
|
|
||||||
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
|
||||||
|
|
||||||
find %{buildroot} -type f -name "*.la" -delete -print
|
# Binary
|
||||||
mkdir -p %{buildroot}%{_sysconfdir}/%{name}.conf.d
|
install -D -m 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name}
|
||||||
mv %{buildroot}%{_sysconfdir}/%{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf.d/default.conf
|
|
||||||
|
# blacklist generator
|
||||||
|
cp -a utils/generate-domains-blacklists/ %{buildroot}%{_datadir}/%{name}/
|
||||||
|
|
||||||
|
# Config file examples
|
||||||
|
install -D -m 0644 ./%{name}/example-%{name}.toml %{buildroot}/%{_docdir}/%{name}/example-%{name}.toml
|
||||||
|
install -D -m 0644 ./%{name}.toml.default %{buildroot}/%{_docdir}/%{name}/%{name}.toml.default
|
||||||
|
install -D -m 0644 ./%{name}/example-blacklist.txt %{buildroot}/%{_docdir}/%{name}/example-blacklist.txt
|
||||||
|
install -D -m 0644 ./%{name}/example-ip-blacklist.txt %{buildroot}/%{_docdir}/%{name}/example-ip-blacklist.txt
|
||||||
|
install -D -m 0644 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{_docdir}/%{name}/example-cloaking-rules.txt
|
||||||
|
install -D -m 0644 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{_docdir}/%{name}/example-forwarding-rules.txt
|
||||||
|
install -D -m 0644 ./%{name}/example-whitelist.txt %{buildroot}/%{_docdir}/%{name}/example-whitelist.txt
|
||||||
|
|
||||||
|
# Config files
|
||||||
|
install -D -m 0640 ./%{name}.toml %{buildroot}/%{config_dir}/%{name}.toml
|
||||||
|
install -D -m 0640 ./%{name}.toml.default %{buildroot}/%{config_dir}/%{name}.toml.default
|
||||||
|
install -D -m 0640 ./%{name}/example-blacklist.txt %{buildroot}/%{config_dir}/blacklist.txt
|
||||||
|
install -D -m 0640 ./%{name}/example-ip-blacklist.txt %{buildroot}/%{config_dir}/ip-blacklist.txt
|
||||||
|
install -D -m 0640 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{config_dir}/cloaking-rules.txt
|
||||||
|
install -D -m 0640 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{config_dir}/forwarding-rules.txt
|
||||||
|
install -D -m 0640 ./%{name}/example-whitelist.txt %{buildroot}/%{config_dir}/whitelist.txt
|
||||||
|
|
||||||
|
# Systemd
|
||||||
|
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
|
||||||
|
install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket
|
||||||
|
|
||||||
|
# service link
|
||||||
|
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
||||||
|
|
||||||
|
# Vendor Licenses
|
||||||
|
install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir}
|
||||||
|
bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
|
||||||
|
|
||||||
|
# Some hints. Improvements and feedback welcome!
|
||||||
|
cp %{SOURCE6} README.openSUSE
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
if ! %{_bindir}/getent group dnscrypt >/dev/null; then
|
# group and user
|
||||||
%{_sbindir}/groupadd -r dnscrypt
|
getent group %{user_group} >/dev/null || %{_sbindir}/groupadd -r %{user_group}
|
||||||
fi
|
getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group} \
|
||||||
if ! %{_bindir}/getent passwd dnscrypt >/dev/null; then
|
-d %{home_dir} -s /bin/false -c "DNScrypt Proxy" %{user_group}
|
||||||
%{_sbindir}/useradd -c "DNSCrypt daemon" -d %{_localstatedir}/lib/empty -g dnscrypt \
|
|
||||||
-r -s /bin/false dnscrypt
|
%service_add_pre %{services}
|
||||||
fi
|
|
||||||
%if 0%{?suse_version} >= 1210
|
|
||||||
%service_add_pre %{name}@.service
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%post
|
%post
|
||||||
%service_add_post %{name}@.service
|
%service_add_post %{services}
|
||||||
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
|
|
||||||
if [ $1 == 2 ] && [ -r %{_sysconfdir}/sysconfig/%{name} ] ; then
|
|
||||||
rm -f %{_sysconfdir}/sysconfig/%{name}
|
|
||||||
fi
|
|
||||||
if [ $1 == 2 ] && [ -r %{_sysconfdir}/sysconfig/dnscrypt ] ; then
|
|
||||||
rm -f %{_sysconfdir}/sysconfig/dnscrypt
|
|
||||||
fi
|
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
%if 0%{?suse_version} >= 1210
|
%service_del_preun %{services}
|
||||||
%service_del_preun %{name}@.service
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
%if 0%{?suse_version} >= 1210
|
%service_del_postun %{services}
|
||||||
%service_del_postun %{name}@.service
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%doc AUTHORS ChangeLog README.markdown NEWS DNSCRYPT-V2-PROTOCOL.txt
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml
|
||||||
%doc THANKS README-PLUGINS.markdown dnscrypt-proxy.conf
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/blacklist.txt
|
||||||
%if 0%{?leap_version} >= 420200 || 0%{?suse_version} > 1320
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/ip-blacklist.txt
|
||||||
%license COPYING
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/cloaking-rules.txt
|
||||||
%else
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt
|
||||||
%doc COPYING
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/whitelist.txt
|
||||||
%endif
|
%config %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml.default
|
||||||
%dir %{_sysconfdir}/%{name}.conf.d
|
|
||||||
%config %{_sysconfdir}/%{name}.conf.d/default.conf
|
|
||||||
%{_bindir}/hostip
|
|
||||||
%{_sbindir}/%{name}
|
%{_sbindir}/%{name}
|
||||||
%{_sbindir}/rc%{name}
|
%{_sbindir}/rc%{name}
|
||||||
%{_unitdir}/%{name}@.service
|
%{_unitdir}/%{name}.service
|
||||||
%{_mandir}/man8/hostip.8%{ext_man}
|
%{_unitdir}/%{name}.socket
|
||||||
%{_mandir}/man8/%{name}.8%{ext_man}
|
%{_datadir}/%{name}/
|
||||||
%dir %{_datadir}/%{name}
|
%dir %attr(0750,root,%{user_group}) %{config_dir}
|
||||||
%{_datadir}/%{name}/dnscrypt-resolvers.csv
|
%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
|
||||||
%{_datadir}/%{name}/minisign.pub
|
%dir %attr(0750,%{user_group},%{user_group}) %{log_dir}
|
||||||
%dir %{_libdir}/%{name}
|
%{_docdir}/%{name}/
|
||||||
%{_libdir}/%{name}/libdcplugin_example.so
|
%doc ChangeLog README.md README.openSUSE
|
||||||
%{_libdir}/%{name}/libdcplugin_example_logging.so
|
%license LICENSE
|
||||||
%{_libdir}/%{name}/libdcplugin_example_cache.so
|
%{_licensedir}/%{name}/%{vlic_dir}/
|
||||||
%{_libexecdir}/tmpfiles.d/%{name}.conf
|
|
||||||
%ghost %dir %{_localstatedir}/log/%{name}
|
|
||||||
%ghost %dir /run/%{name}
|
|
||||||
|
|
||||||
%files devel
|
|
||||||
%dir %{_includedir}/dnscrypt/
|
|
||||||
%{_includedir}/dnscrypt/*
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
@ -1,2 +0,0 @@
|
|||||||
d /run/dnscrypt-proxy 0755 dnscrypt dnscrypt
|
|
||||||
d /var/log/dnscrypt-proxy 0755 dnscrypt dnscrypt
|
|
@ -1,29 +0,0 @@
|
|||||||
# This file is part of dnscrypt-proxy
|
|
||||||
# Author: Marguerite Su <i@marguerite.su> with some AUR references.
|
|
||||||
# Version: 1.9.4
|
|
||||||
# Description: dnscrypt is a tool that encrypts your DNS queries in order to
|
|
||||||
# protect against man-in-the-middle attacks and DNS hijacking
|
|
||||||
# (commonly seen in China). It uses CiscoDNS resolvers by default.
|
|
||||||
# It is BSD-licensed.
|
|
||||||
# In openSUSE it's licensed under SUSE-Permissive (non-free ware).
|
|
||||||
# For details, refer to its documentation.
|
|
||||||
[Unit]
|
|
||||||
Description=Secure connection between your computer and a DNS resolver
|
|
||||||
Documentation=man:dnscrypt-proxy(8)
|
|
||||||
# NTP always has local servers, and there's nothing to encrypt for time.
|
|
||||||
# and ntp.service isn't native systemd service, if we start before it,
|
|
||||||
# it will take a long time to sync. just save 20000+ms on boot.
|
|
||||||
After=network.target ntp.service
|
|
||||||
Before=nss-lookup.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=forking
|
|
||||||
NonBlocking=true
|
|
||||||
PIDFile=/var/run/dnscrypt-proxy/dnscrypt-proxy@%i.pid
|
|
||||||
ExecStart=/usr/sbin/dnscrypt-proxy /etc/dnscrypt-proxy.conf.d/%I.conf
|
|
||||||
# Automatically Restart
|
|
||||||
Restart=on-abort
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
DefaultInstance=default
|
|
21
example-dnscrypt-proxy.toml.sed
Normal file
21
example-dnscrypt-proxy.toml.sed
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# the socket unit should listen
|
||||||
|
s/listen_addresses = \['127.0.0.1:53']/#listen_addresses = ['127.0.0.1:53']\nlisten_addresses = []/
|
||||||
|
|
||||||
|
# absolute paths by default
|
||||||
|
s/# log_file = 'dnscrypt-proxy.log'/# log_file = '\/var\/log\/dnscrypt-proxy\/dnscrypt-proxy.log'/
|
||||||
|
s/# forwarding_rules = 'forwarding-rules.txt'/# forwarding_rules = '\/etc\/dnscrypt-proxy\/forwarding-rules.txt'/
|
||||||
|
s/# cloaking_rules = 'cloaking-rules.txt'/# cloaking_rules = '\/etc\/dnscrypt-proxy\/cloaking-rules.txt'/
|
||||||
|
s/# cert_file = "localhost.pem"/# cert_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/
|
||||||
|
s/# cert_key_file = "localhost.pem"/# cert_key_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/
|
||||||
|
s/ # file = 'query.log'/ # file = '\/var\/log\/dnscrypt-proxy\/query.log'/
|
||||||
|
s/ # file = 'nx.log'/ # file = '\/var\/log\/dnscrypt-proxy\/nx.log'/
|
||||||
|
s/ # blacklist_file = 'blacklist.txt'/ # blacklist_file = '\/etc\/dnscrypt-proxy\/blacklist.txt'/
|
||||||
|
s/ # log_file = 'blocked.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/blocked.log'/
|
||||||
|
s/ # blacklist_file = 'ip-blacklist.txt'/# blacklist_file = '\/etc\/dnscrypt-proxy\/ip-blacklist.txt'/
|
||||||
|
s/ # log_file = 'ip-blocked.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/ip-blocked.log'/
|
||||||
|
s/ # whitelist_file = 'whitelist.txt'/# blacklist_file = '\/etc\/dnscrypt-proxy\/whitelist.txt'/
|
||||||
|
s/ # log_file = 'whitelisted.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/whitelisted.log'/
|
||||||
|
s/ cache_file = 'public-resolvers.md'/ cache_file = '\/var\/lib\/dnscrypt-proxy\/public-resolvers.md'/
|
||||||
|
s/ cache_file = 'relays.md'/ cache_file = '\/var\/lib\/dnscrypt-proxy\/relays.md'/
|
||||||
|
s/ # cache_file = "quad9-resolvers.md"/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/quad9-resolvers.md'/
|
||||||
|
s/ # cache_file = 'parental-control.md'/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/parental-control.md'/
|
96
find_licenses.sh
Normal file
96
find_licenses.sh
Normal file
@ -0,0 +1,96 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# written by cunix in 2019
|
||||||
|
#
|
||||||
|
# Tries to find and prepare licenses from vendored packages for
|
||||||
|
# installation as file or link to existing file.
|
||||||
|
#
|
||||||
|
# $1 should be a destination directory for vendored licenses
|
||||||
|
|
||||||
|
vendor_licenses_dir=$1
|
||||||
|
username=$(whoami)
|
||||||
|
workingdir=$(pwd)
|
||||||
|
licenses_file=/tmp/license_files.txt
|
||||||
|
goahead=0
|
||||||
|
hash_list=()
|
||||||
|
filename_list=()
|
||||||
|
|
||||||
|
if [[ -z "$vendor_licenses_dir" ]]
|
||||||
|
then
|
||||||
|
echo missing directory as parameter
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
if [[ "$vendor_licenses_dir" = "/" ]] || [[ "$vendor_licenses_dir" = "/home" ]] \
|
||||||
|
|| [[ "$vendor_licenses_dir" = "/home/" ]] || [[ "$vendor_licenses_dir" = "/home/$username" ]] \
|
||||||
|
|| [[ "$vendor_licenses_dir" = "/home/$username/" ]] || [[ "$vendor_licenses_dir" = "$HOME" ]]
|
||||||
|
then
|
||||||
|
echo Do not use "$vendor_licenses_dir" as destination directory.
|
||||||
|
echo It will delete all your files.
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
mkdir -pv $vendor_licenses_dir
|
||||||
|
if [[ -d "$vendor_licenses_dir" ]]
|
||||||
|
then
|
||||||
|
echo Searching for licenses ...
|
||||||
|
rm $licenses_file
|
||||||
|
find ./*/ -iname "license*" -fprint $licenses_file
|
||||||
|
find ./*/ -iname "copying*" >> $licenses_file
|
||||||
|
goahead=1
|
||||||
|
else
|
||||||
|
echo "$vendor_licenses_dir" is not a directory.
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -f "$licenses_file" ]]
|
||||||
|
then
|
||||||
|
if [[ $goahead -eq 1 ]]
|
||||||
|
then
|
||||||
|
echo Removing $vendor_licenses_dir
|
||||||
|
rm -r "$vendor_licenses_dir"
|
||||||
|
mkdir -pv $vendor_licenses_dir
|
||||||
|
echo Processing licenses . . .
|
||||||
|
while read line
|
||||||
|
do
|
||||||
|
filenamepre=${line////__}
|
||||||
|
filename=${filenamepre//.__/}
|
||||||
|
hash_output=$(sha256sum $line)
|
||||||
|
hash=${hash_output:0:66}
|
||||||
|
hash_list_len=${#hash_list[@]}
|
||||||
|
if [[ $hash_list_len -eq 0 ]]
|
||||||
|
then
|
||||||
|
cat $line > $vendor_licenses_dir/$filename
|
||||||
|
hash_list[0]=$hash
|
||||||
|
filename_list[0]=$filename
|
||||||
|
else
|
||||||
|
counter=0
|
||||||
|
match=0
|
||||||
|
for item in ${hash_list[@]}
|
||||||
|
do
|
||||||
|
if test $item = $hash
|
||||||
|
then
|
||||||
|
match=1
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
counter=$(($counter+1))
|
||||||
|
done
|
||||||
|
if [[ $match -eq 0 ]]
|
||||||
|
then
|
||||||
|
hash_list[$counter]=$hash
|
||||||
|
filename_list[$counter]=$filename
|
||||||
|
cat $line > $vendor_licenses_dir/$filename
|
||||||
|
else
|
||||||
|
cd $vendor_licenses_dir
|
||||||
|
ln -s ${filename_list[$counter]} $filename
|
||||||
|
cd $workingdir
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done < $licenses_file
|
||||||
|
else
|
||||||
|
echo Does not package licenses.
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo No licenses found to package.
|
||||||
|
fi
|
31
install_licenses.sh
Normal file
31
install_licenses.sh
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# written by cunix in 2019
|
||||||
|
#
|
||||||
|
# Installs or links previously found licenses.
|
||||||
|
#
|
||||||
|
# $1 should be the soure directory, prepared with script "find_licenses.sh"
|
||||||
|
# $2 should be the (already created) destination directory
|
||||||
|
|
||||||
|
vendor_licenses_dir=$1
|
||||||
|
install_licenses_dir=$2
|
||||||
|
licenses_files=/tmp/real_license_files.txt
|
||||||
|
licenses_links=/tmp/link_license_files.txt
|
||||||
|
|
||||||
|
rm $licenses_files
|
||||||
|
rm $licenses_links
|
||||||
|
|
||||||
|
find -P $vendor_licenses_dir -type f -fprintf $licenses_files "%f\n"
|
||||||
|
find -P $vendor_licenses_dir -type l -fprintf $licenses_links "%f %l\n"
|
||||||
|
|
||||||
|
while read line
|
||||||
|
do
|
||||||
|
install -D -m 0644 $vendor_licenses_dir/$line $install_licenses_dir/$line
|
||||||
|
done < $licenses_files
|
||||||
|
|
||||||
|
cd $install_licenses_dir
|
||||||
|
while read line
|
||||||
|
do
|
||||||
|
combo=($line)
|
||||||
|
ln -s ${combo[1]} ${combo[0]}
|
||||||
|
done < $licenses_links
|
Loading…
Reference in New Issue
Block a user