Accepting request 817415 from server:dns
Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/817415 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dnscrypt-proxy?expand=0&rev=5
This commit is contained in:
commit
1e3a7d6b24
27
README.openSUSE
Normal file
27
README.openSUSE
Normal file
@ -0,0 +1,27 @@
|
||||
Some tips:
|
||||
|
||||
1. Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first!
|
||||
|
||||
2. Override "ListenStream" and "ListenDatagram" for dnscrypt-proxy.socket
|
||||
according to your setup, especially if dnscrypt-proxy should not be used as
|
||||
your primary name resolver.
|
||||
In this case you might want to forward queries from a tool
|
||||
like "dnsmasq" to dnscrypt-proxy.
|
||||
Then the later should probably not listen on the default adress/port.
|
||||
|
||||
3. If running via systemd, start as root once with
|
||||
|
||||
$ systemctl start dnscrypt-proxy.socket
|
||||
|
||||
For always activating, do
|
||||
|
||||
$ systemctl enable dnscrypt-proxy.socket
|
||||
|
||||
4. Alternatively dnscrypt-proxy.service can be used the same way.
|
||||
This will require you to set or uncomment "listen_addresses" in
|
||||
/etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
||||
In this case the socket configuration described in (2.)
|
||||
has to be done in this file directly.
|
||||
|
||||
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e89f5b9039979ab392302faf369ef7593155d5ea21580402a75bbc46329d1bb6
|
||||
size 1290573
|
3
dnscrypt-proxy-2.0.44.tar.gz
Normal file
3
dnscrypt-proxy-2.0.44.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c2c9968f07a414e973ec5734f4598d756a35c32beedb18268590ea1355794237
|
||||
size 2279842
|
@ -1,57 +0,0 @@
|
||||
Index: b/dnscrypt-proxy.conf
|
||||
===================================================================
|
||||
--- a/dnscrypt-proxy.conf
|
||||
+++ b/dnscrypt-proxy.conf
|
||||
@@ -39,19 +39,21 @@ ResolverName random
|
||||
## Unless you are using systemd, you probably want to change this to "yes"
|
||||
## after having verified that the rest of the configuration works as expected.
|
||||
|
||||
-Daemonize no
|
||||
+Daemonize yes
|
||||
|
||||
|
||||
## Write the PID number to a file
|
||||
+## in openSUSE, the pidfile should be dnscrypt-proxy@[configfile name].pid
|
||||
+## inside /var/run/dnscrypt-proxy/ to make systemd instantiated service work
|
||||
|
||||
-# PidFile /var/run/dnscrypt-proxy.pid
|
||||
+PidFile /var/run/dnscrypt-proxy/dnscrypt-proxy@default.pid
|
||||
|
||||
|
||||
## [NOT AVAILABLE ON WINDOWS] Start the process, bind the required ports, and
|
||||
## run the server as a less-privileged system user.
|
||||
## The value for this parameter is a user name.
|
||||
|
||||
-# User _dnscrypt-proxy
|
||||
+User dnscrypt
|
||||
|
||||
|
||||
|
||||
@@ -66,7 +68,7 @@ Daemonize no
|
||||
## using this option. You should edit systemd's dnscrypt-proxy.socket file
|
||||
## instead.
|
||||
|
||||
-# LocalAddress 127.0.0.1:53
|
||||
+LocalAddress 127.0.0.1:53
|
||||
|
||||
|
||||
## Cache DNS responses to avoid outgoing traffic when the same queries
|
||||
@@ -136,15 +138,16 @@ EphemeralKeys off
|
||||
## Log file to write server errors and information to.
|
||||
## If you use this tool for privacy, keeping logs of any kind is usually not
|
||||
## a good idea.
|
||||
+## in openSUSE, logfile should be /var/log/dnscrypt-proxy/[config filename].log
|
||||
|
||||
-# LogFile /var/log/dnscrypt-proxy.log
|
||||
+LogFile /var/log/dnscrypt-proxy/default.log
|
||||
|
||||
|
||||
## Don't log events with priority above this log level after the service has
|
||||
## been started up. Default is 6.
|
||||
## Valid values are between 0 (critical) to 7 (debug-level messages).
|
||||
|
||||
-# LogLevel 6
|
||||
+LogLevel 7
|
||||
|
||||
|
||||
## [NOT AVAILABLE ON WINDOWS] Send server logs to the syslog daemon
|
@ -1,3 +1,63 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 12 12:00:00 UTC 2020 - cunix@mail.de - 2.0.44
|
||||
|
||||
- Update to version 2.0.44
|
||||
* Netprobes and listening sockets are now ignored when the
|
||||
'-list', '-list-all', '-show-certs' or '-check'
|
||||
command-line switches are used.
|
||||
* 'tls_client_auth' was renamed to 'doh_client_x509_auth'.
|
||||
A section with the previous name is temporarily ignored if empty,
|
||||
but will error out if not.
|
||||
* Updates to the set of block lists.
|
||||
|
||||
- Breaking change from 2.0.43 Update:
|
||||
The 'tls_client_auth' section was renamed to 'doh_client_x509_auth'.
|
||||
If you had a tls_client_auth section in the configuration file,
|
||||
it needs to be updated/renamed/deleted.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 09 16:00:00 UTC 2020 - cunix@mail.de - 2.0.43
|
||||
|
||||
- Minimum golang version now at 1.14
|
||||
|
||||
- Update to version 2.0.43
|
||||
* When stored into a file, service logs now only contain data
|
||||
from the most recent launch. This can be changed with the
|
||||
new 'log_file_latest' option.
|
||||
* Support for DNS64 translation implemented.
|
||||
* Connections to DoH servers can be authenticated
|
||||
using TLS client certificates.
|
||||
* Multiple stamps are now allowed for a single server
|
||||
in resolvers and relays lists.
|
||||
* Updates and additions for the example domain block lists.
|
||||
* Cached configuration files can now be temporarily used if
|
||||
they are out of date, but bootstraping is impossible.
|
||||
* 'generate-domains-blacklists' now tries to deduplicate
|
||||
entries clobbered by wildcard rules.
|
||||
* 'generate-domains-blacklists' can now directly
|
||||
write lists to a file with the `-o` command-line option.
|
||||
* Cache files are now downloaded as the user the daemon will
|
||||
be running as. This fixes permission issues at startup time.
|
||||
* Forwarded queries are now subject to global timeouts,
|
||||
and can be forced to use TCP.
|
||||
* The 'ct' parameter has been removed from DoH queries,
|
||||
as Google doesn't require it any more.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat May 23 12:00:00 UTC 2020 - cunix@mail.de - 2.0.42
|
||||
|
||||
- Upgrade to 2.0.42 (boo#1165343)
|
||||
|
||||
- Spec files from home:darix:apps/dnscrypt-proxy and
|
||||
home:cunix:go/dnscrypt-proxy2 merged into existing spec.
|
||||
|
||||
- v1 of dnscrypt-proxy is not supported anymore and v2 is
|
||||
a new project. This will require v1 users to migrate their
|
||||
configuration.
|
||||
|
||||
- dnscrypt-proxy-default-config.patch deleted because patched
|
||||
file 'dnscrypt-proxy.conf' is not used anymore.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 19 15:27:22 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
|
30
dnscrypt-proxy.service
Normal file
30
dnscrypt-proxy.service
Normal file
@ -0,0 +1,30 @@
|
||||
[Unit]
|
||||
Description=DNSCrypt-proxy client
|
||||
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
||||
# with openSUSE changes
|
||||
Requires=dnscrypt-proxy.socket
|
||||
After=network.target
|
||||
Before=nss-lookup.target
|
||||
Wants=nss-lookup.target
|
||||
|
||||
[Service]
|
||||
NonBlocking=true
|
||||
|
||||
ExecStart=/usr/sbin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
||||
|
||||
Group=dnscrypt
|
||||
User=dnscrypt
|
||||
WorkingDirectory=~
|
||||
RuntimeDirectory=dnscrypt-proxy
|
||||
|
||||
# Missing in Leap 15.0
|
||||
#CacheDirectory=dnscrypt-proxy
|
||||
#LogsDirectory=dnscrypt-proxy
|
||||
|
||||
ProtectHome=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
|
||||
[Install]
|
||||
Also=dnscrypt-proxy.socket
|
||||
WantedBy=multi-user.target
|
23
dnscrypt-proxy.socket
Normal file
23
dnscrypt-proxy.socket
Normal file
@ -0,0 +1,23 @@
|
||||
[Unit]
|
||||
Description=DNSCrypt-proxy socket
|
||||
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
||||
# with openSUSE changes
|
||||
Before=nss-lookup.target
|
||||
Wants=nss-lookup.target
|
||||
|
||||
[Socket]
|
||||
# Choose this for dnscrypt-proxy as primary resolver
|
||||
ListenStream=127.0.0.1:53
|
||||
ListenDatagram=127.0.0.1:53
|
||||
|
||||
# Otherwise forward from your primary local name resolver to somewhere else:
|
||||
#ListenStream=127.0.0.1:5353
|
||||
#ListenDatagram=127.0.0.1:5353
|
||||
|
||||
# Probably not useful and can be overridden
|
||||
# if only listening for udp (ListenDatagram)
|
||||
NoDelay=true
|
||||
DeferAcceptSec=1
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
@ -15,143 +15,159 @@
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
%define _buildshell /bin/bash
|
||||
%define user_group dnscrypt
|
||||
%define config_dir %{_sysconfdir}/%{name}
|
||||
%define home_dir %{_localstatedir}/lib/%{name}
|
||||
%define log_dir %{_localstatedir}/log/%{name}
|
||||
%define services %{name}.socket %{name}.service
|
||||
%define vlic_dir vendored
|
||||
|
||||
Name: dnscrypt-proxy
|
||||
Version: 1.9.5
|
||||
Version: 2.0.44
|
||||
Release: 0
|
||||
Summary: A tool for securing communications between a client and a DNS resolver
|
||||
License: BSD-3-Clause
|
||||
License: ISC
|
||||
Group: Productivity/Networking/DNS/Utilities
|
||||
URL: https://dnscrypt.org/
|
||||
Source: https://download.dnscrypt.org/dnscrypt-proxy/%{name}-%{version}.tar.bz2
|
||||
Source1: %{name}@.service
|
||||
Source5: %{name}.tmpfile
|
||||
Patch0: dnscrypt-proxy-default-config.patch
|
||||
BuildRequires: libsodium-devel
|
||||
BuildRequires: libtool
|
||||
URL: https://dnscrypt.info/
|
||||
Source0: https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz
|
||||
Source1: %{name}.service
|
||||
Source2: %{name}.socket
|
||||
# File to use with sed to modify default configuration.
|
||||
Source3: example-dnscrypt-proxy.toml.sed
|
||||
# Find licenses of vendored packages.
|
||||
Source4: find_licenses.sh
|
||||
# Install licenses of vendored packages.
|
||||
Source5: install_licenses.sh
|
||||
# Some words
|
||||
Source6: README.openSUSE
|
||||
BuildRequires: golang(API) >= 1.14
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: shadow
|
||||
BuildRequires: systemd-rpm-macros
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
Requires(pre): coreutils
|
||||
Requires(pre): diffutils
|
||||
Requires(pre): fillup
|
||||
Requires(pre): grep
|
||||
# for daemon group/user
|
||||
Requires(pre): shadow
|
||||
%{?systemd_requires}
|
||||
Recommends: ca-certificates
|
||||
Provides: dnscrypt = %{version}-%{release}
|
||||
Obsoletes: dnscrypt < %{version}-%{release}
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder,
|
||||
encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server,
|
||||
by default Cisco who run this on their resolvers. (It used to be OpenDNS.)
|
||||
|
||||
The DNSCrypt protocol uses elliptic-curve cryptography and is similar to DNSCurve, but focuses on
|
||||
securing communications between a client and its first-level resolver.
|
||||
|
||||
While not providing end-to-end security, it protects the local network, which is often the weakest point
|
||||
of the chain, against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.
|
||||
|
||||
%package devel
|
||||
Summary: Header files for development of DNSCrypt plugins
|
||||
Group: Development/Languages/C and C++
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description devel
|
||||
Header files for development of DNSCrypt plugins.
|
||||
A flexible DNS proxy, with support for modern encrypted DNS protocols
|
||||
such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
# Strip __DATE__
|
||||
sed -i "s/__DATE__/\"%(date -u -r ChangeLog +%%F)\"/" src/proxy/options.c
|
||||
# Don't install COPYING with make, we use our %%license marcro if possible
|
||||
sed -i "/\tCOPYING / d" Makefile.am
|
||||
sed -i "s/COPYING //" Makefile.in
|
||||
%setup -q -n %{name}-%{version}
|
||||
|
||||
# Find licenses of vendored packages and prepare for installation
|
||||
bash %{SOURCE4} %{vlic_dir}
|
||||
|
||||
# duplicate original config file
|
||||
cp ./%{name}/example-%{name}.toml ./%{name}.toml.default
|
||||
|
||||
# Edit default port and file locations
|
||||
sed -i -f %{SOURCE3} ./%{name}.toml.default
|
||||
|
||||
# duplicate edited config file
|
||||
cp ./%{name}.toml.default ./%{name}.toml
|
||||
|
||||
# Delete "example" to prevent fdupes from deleting the backup config file if run for buildroot
|
||||
sed -i "s/## This is an example configuration file./## This is a configuration file./" ./dnscrypt-proxy.toml
|
||||
|
||||
# python path instead of env
|
||||
sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blacklists/generate-domains-blacklist.py
|
||||
|
||||
%build
|
||||
%configure \
|
||||
%if 0%{?suse_version} >= 1210
|
||||
--with-systemd \
|
||||
%endif
|
||||
--enable-plugins \
|
||||
--docdir=%{_docdir}/%{name}
|
||||
make %{?_smp_mflags}
|
||||
cd dnscrypt-proxy
|
||||
go build -mod=vendor -buildmode=pie
|
||||
|
||||
%install
|
||||
%make_install
|
||||
# Directories
|
||||
install -D -d -m 0750 \
|
||||
%{buildroot}%{log_dir} \
|
||||
%{buildroot}%{home_dir} \
|
||||
%{buildroot}%{config_dir}
|
||||
|
||||
install -d -m 755 %{buildroot}%{_unitdir}
|
||||
install -m 644 %{SOURCE1} %{buildroot}%{_unitdir}
|
||||
install -d -m 755 %{buildroot}%{_libexecdir}/tmpfiles.d/
|
||||
install -m 644 %{SOURCE5} %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf
|
||||
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
||||
install -D -d -m 0755 \
|
||||
%{buildroot}%{_datadir}/%{name}/
|
||||
|
||||
find %{buildroot} -type f -name "*.la" -delete -print
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/%{name}.conf.d
|
||||
mv %{buildroot}%{_sysconfdir}/%{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf.d/default.conf
|
||||
# Binary
|
||||
install -D -m 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name}
|
||||
|
||||
# blacklist generator
|
||||
cp -a utils/generate-domains-blacklists/ %{buildroot}%{_datadir}/%{name}/
|
||||
|
||||
# Config file examples
|
||||
install -D -m 0644 ./%{name}/example-%{name}.toml %{buildroot}/%{_docdir}/%{name}/example-%{name}.toml
|
||||
install -D -m 0644 ./%{name}.toml.default %{buildroot}/%{_docdir}/%{name}/%{name}.toml.default
|
||||
install -D -m 0644 ./%{name}/example-blacklist.txt %{buildroot}/%{_docdir}/%{name}/example-blacklist.txt
|
||||
install -D -m 0644 ./%{name}/example-ip-blacklist.txt %{buildroot}/%{_docdir}/%{name}/example-ip-blacklist.txt
|
||||
install -D -m 0644 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{_docdir}/%{name}/example-cloaking-rules.txt
|
||||
install -D -m 0644 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{_docdir}/%{name}/example-forwarding-rules.txt
|
||||
install -D -m 0644 ./%{name}/example-whitelist.txt %{buildroot}/%{_docdir}/%{name}/example-whitelist.txt
|
||||
|
||||
# Config files
|
||||
install -D -m 0640 ./%{name}.toml %{buildroot}/%{config_dir}/%{name}.toml
|
||||
install -D -m 0640 ./%{name}.toml.default %{buildroot}/%{config_dir}/%{name}.toml.default
|
||||
install -D -m 0640 ./%{name}/example-blacklist.txt %{buildroot}/%{config_dir}/blacklist.txt
|
||||
install -D -m 0640 ./%{name}/example-ip-blacklist.txt %{buildroot}/%{config_dir}/ip-blacklist.txt
|
||||
install -D -m 0640 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{config_dir}/cloaking-rules.txt
|
||||
install -D -m 0640 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{config_dir}/forwarding-rules.txt
|
||||
install -D -m 0640 ./%{name}/example-whitelist.txt %{buildroot}/%{config_dir}/whitelist.txt
|
||||
|
||||
# Systemd
|
||||
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
|
||||
install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket
|
||||
|
||||
# service link
|
||||
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
||||
|
||||
# Vendor Licenses
|
||||
install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir}
|
||||
bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
|
||||
|
||||
# Some hints. Improvements and feedback welcome!
|
||||
cp %{SOURCE6} README.openSUSE
|
||||
|
||||
%pre
|
||||
if ! %{_bindir}/getent group dnscrypt >/dev/null; then
|
||||
%{_sbindir}/groupadd -r dnscrypt
|
||||
fi
|
||||
if ! %{_bindir}/getent passwd dnscrypt >/dev/null; then
|
||||
%{_sbindir}/useradd -c "DNSCrypt daemon" -d %{_localstatedir}/lib/empty -g dnscrypt \
|
||||
-r -s /bin/false dnscrypt
|
||||
fi
|
||||
%if 0%{?suse_version} >= 1210
|
||||
%service_add_pre %{name}@.service
|
||||
%endif
|
||||
# group and user
|
||||
getent group %{user_group} >/dev/null || %{_sbindir}/groupadd -r %{user_group}
|
||||
getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group} \
|
||||
-d %{home_dir} -s /bin/false -c "DNScrypt Proxy" %{user_group}
|
||||
|
||||
%service_add_pre %{services}
|
||||
|
||||
%post
|
||||
%service_add_post %{name}@.service
|
||||
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
|
||||
if [ $1 == 2 ] && [ -r %{_sysconfdir}/sysconfig/%{name} ] ; then
|
||||
rm -f %{_sysconfdir}/sysconfig/%{name}
|
||||
fi
|
||||
if [ $1 == 2 ] && [ -r %{_sysconfdir}/sysconfig/dnscrypt ] ; then
|
||||
rm -f %{_sysconfdir}/sysconfig/dnscrypt
|
||||
fi
|
||||
%service_add_post %{services}
|
||||
|
||||
%preun
|
||||
%if 0%{?suse_version} >= 1210
|
||||
%service_del_preun %{name}@.service
|
||||
%endif
|
||||
%service_del_preun %{services}
|
||||
|
||||
%postun
|
||||
%if 0%{?suse_version} >= 1210
|
||||
%service_del_postun %{name}@.service
|
||||
%endif
|
||||
%service_del_postun %{services}
|
||||
|
||||
%files
|
||||
%doc AUTHORS ChangeLog README.markdown NEWS DNSCRYPT-V2-PROTOCOL.txt
|
||||
%doc THANKS README-PLUGINS.markdown dnscrypt-proxy.conf
|
||||
%if 0%{?leap_version} >= 420200 || 0%{?suse_version} > 1320
|
||||
%license COPYING
|
||||
%else
|
||||
%doc COPYING
|
||||
%endif
|
||||
%dir %{_sysconfdir}/%{name}.conf.d
|
||||
%config %{_sysconfdir}/%{name}.conf.d/default.conf
|
||||
%{_bindir}/hostip
|
||||
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml
|
||||
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/blacklist.txt
|
||||
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/ip-blacklist.txt
|
||||
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/cloaking-rules.txt
|
||||
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt
|
||||
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/whitelist.txt
|
||||
%config %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml.default
|
||||
%{_sbindir}/%{name}
|
||||
%{_sbindir}/rc%{name}
|
||||
%{_unitdir}/%{name}@.service
|
||||
%{_mandir}/man8/hostip.8%{ext_man}
|
||||
%{_mandir}/man8/%{name}.8%{ext_man}
|
||||
%dir %{_datadir}/%{name}
|
||||
%{_datadir}/%{name}/dnscrypt-resolvers.csv
|
||||
%{_datadir}/%{name}/minisign.pub
|
||||
%dir %{_libdir}/%{name}
|
||||
%{_libdir}/%{name}/libdcplugin_example.so
|
||||
%{_libdir}/%{name}/libdcplugin_example_logging.so
|
||||
%{_libdir}/%{name}/libdcplugin_example_cache.so
|
||||
%{_libexecdir}/tmpfiles.d/%{name}.conf
|
||||
%ghost %dir %{_localstatedir}/log/%{name}
|
||||
%ghost %dir /run/%{name}
|
||||
|
||||
%files devel
|
||||
%dir %{_includedir}/dnscrypt/
|
||||
%{_includedir}/dnscrypt/*
|
||||
%{_unitdir}/%{name}.service
|
||||
%{_unitdir}/%{name}.socket
|
||||
%{_datadir}/%{name}/
|
||||
%dir %attr(0750,root,%{user_group}) %{config_dir}
|
||||
%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
|
||||
%dir %attr(0750,%{user_group},%{user_group}) %{log_dir}
|
||||
%{_docdir}/%{name}/
|
||||
%doc ChangeLog README.md README.openSUSE
|
||||
%license LICENSE
|
||||
%{_licensedir}/%{name}/%{vlic_dir}/
|
||||
|
||||
%changelog
|
||||
|
@ -1,2 +0,0 @@
|
||||
d /run/dnscrypt-proxy 0755 dnscrypt dnscrypt
|
||||
d /var/log/dnscrypt-proxy 0755 dnscrypt dnscrypt
|
@ -1,29 +0,0 @@
|
||||
# This file is part of dnscrypt-proxy
|
||||
# Author: Marguerite Su <i@marguerite.su> with some AUR references.
|
||||
# Version: 1.9.4
|
||||
# Description: dnscrypt is a tool that encrypts your DNS queries in order to
|
||||
# protect against man-in-the-middle attacks and DNS hijacking
|
||||
# (commonly seen in China). It uses CiscoDNS resolvers by default.
|
||||
# It is BSD-licensed.
|
||||
# In openSUSE it's licensed under SUSE-Permissive (non-free ware).
|
||||
# For details, refer to its documentation.
|
||||
[Unit]
|
||||
Description=Secure connection between your computer and a DNS resolver
|
||||
Documentation=man:dnscrypt-proxy(8)
|
||||
# NTP always has local servers, and there's nothing to encrypt for time.
|
||||
# and ntp.service isn't native systemd service, if we start before it,
|
||||
# it will take a long time to sync. just save 20000+ms on boot.
|
||||
After=network.target ntp.service
|
||||
Before=nss-lookup.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
NonBlocking=true
|
||||
PIDFile=/var/run/dnscrypt-proxy/dnscrypt-proxy@%i.pid
|
||||
ExecStart=/usr/sbin/dnscrypt-proxy /etc/dnscrypt-proxy.conf.d/%I.conf
|
||||
# Automatically Restart
|
||||
Restart=on-abort
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
DefaultInstance=default
|
21
example-dnscrypt-proxy.toml.sed
Normal file
21
example-dnscrypt-proxy.toml.sed
Normal file
@ -0,0 +1,21 @@
|
||||
# the socket unit should listen
|
||||
s/listen_addresses = \['127.0.0.1:53']/#listen_addresses = ['127.0.0.1:53']\nlisten_addresses = []/
|
||||
|
||||
# absolute paths by default
|
||||
s/# log_file = 'dnscrypt-proxy.log'/# log_file = '\/var\/log\/dnscrypt-proxy\/dnscrypt-proxy.log'/
|
||||
s/# forwarding_rules = 'forwarding-rules.txt'/# forwarding_rules = '\/etc\/dnscrypt-proxy\/forwarding-rules.txt'/
|
||||
s/# cloaking_rules = 'cloaking-rules.txt'/# cloaking_rules = '\/etc\/dnscrypt-proxy\/cloaking-rules.txt'/
|
||||
s/# cert_file = "localhost.pem"/# cert_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/
|
||||
s/# cert_key_file = "localhost.pem"/# cert_key_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/
|
||||
s/ # file = 'query.log'/ # file = '\/var\/log\/dnscrypt-proxy\/query.log'/
|
||||
s/ # file = 'nx.log'/ # file = '\/var\/log\/dnscrypt-proxy\/nx.log'/
|
||||
s/ # blacklist_file = 'blacklist.txt'/ # blacklist_file = '\/etc\/dnscrypt-proxy\/blacklist.txt'/
|
||||
s/ # log_file = 'blocked.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/blocked.log'/
|
||||
s/ # blacklist_file = 'ip-blacklist.txt'/# blacklist_file = '\/etc\/dnscrypt-proxy\/ip-blacklist.txt'/
|
||||
s/ # log_file = 'ip-blocked.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/ip-blocked.log'/
|
||||
s/ # whitelist_file = 'whitelist.txt'/# blacklist_file = '\/etc\/dnscrypt-proxy\/whitelist.txt'/
|
||||
s/ # log_file = 'whitelisted.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/whitelisted.log'/
|
||||
s/ cache_file = 'public-resolvers.md'/ cache_file = '\/var\/lib\/dnscrypt-proxy\/public-resolvers.md'/
|
||||
s/ cache_file = 'relays.md'/ cache_file = '\/var\/lib\/dnscrypt-proxy\/relays.md'/
|
||||
s/ # cache_file = "quad9-resolvers.md"/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/quad9-resolvers.md'/
|
||||
s/ # cache_file = 'parental-control.md'/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/parental-control.md'/
|
96
find_licenses.sh
Normal file
96
find_licenses.sh
Normal file
@ -0,0 +1,96 @@
|
||||
#!/bin/bash
|
||||
|
||||
# written by cunix in 2019
|
||||
#
|
||||
# Tries to find and prepare licenses from vendored packages for
|
||||
# installation as file or link to existing file.
|
||||
#
|
||||
# $1 should be a destination directory for vendored licenses
|
||||
|
||||
vendor_licenses_dir=$1
|
||||
username=$(whoami)
|
||||
workingdir=$(pwd)
|
||||
licenses_file=/tmp/license_files.txt
|
||||
goahead=0
|
||||
hash_list=()
|
||||
filename_list=()
|
||||
|
||||
if [[ -z "$vendor_licenses_dir" ]]
|
||||
then
|
||||
echo missing directory as parameter
|
||||
exit 1
|
||||
else
|
||||
if [[ "$vendor_licenses_dir" = "/" ]] || [[ "$vendor_licenses_dir" = "/home" ]] \
|
||||
|| [[ "$vendor_licenses_dir" = "/home/" ]] || [[ "$vendor_licenses_dir" = "/home/$username" ]] \
|
||||
|| [[ "$vendor_licenses_dir" = "/home/$username/" ]] || [[ "$vendor_licenses_dir" = "$HOME" ]]
|
||||
then
|
||||
echo Do not use "$vendor_licenses_dir" as destination directory.
|
||||
echo It will delete all your files.
|
||||
exit 1
|
||||
else
|
||||
mkdir -pv $vendor_licenses_dir
|
||||
if [[ -d "$vendor_licenses_dir" ]]
|
||||
then
|
||||
echo Searching for licenses ...
|
||||
rm $licenses_file
|
||||
find ./*/ -iname "license*" -fprint $licenses_file
|
||||
find ./*/ -iname "copying*" >> $licenses_file
|
||||
goahead=1
|
||||
else
|
||||
echo "$vendor_licenses_dir" is not a directory.
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -f "$licenses_file" ]]
|
||||
then
|
||||
if [[ $goahead -eq 1 ]]
|
||||
then
|
||||
echo Removing $vendor_licenses_dir
|
||||
rm -r "$vendor_licenses_dir"
|
||||
mkdir -pv $vendor_licenses_dir
|
||||
echo Processing licenses . . .
|
||||
while read line
|
||||
do
|
||||
filenamepre=${line////__}
|
||||
filename=${filenamepre//.__/}
|
||||
hash_output=$(sha256sum $line)
|
||||
hash=${hash_output:0:66}
|
||||
hash_list_len=${#hash_list[@]}
|
||||
if [[ $hash_list_len -eq 0 ]]
|
||||
then
|
||||
cat $line > $vendor_licenses_dir/$filename
|
||||
hash_list[0]=$hash
|
||||
filename_list[0]=$filename
|
||||
else
|
||||
counter=0
|
||||
match=0
|
||||
for item in ${hash_list[@]}
|
||||
do
|
||||
if test $item = $hash
|
||||
then
|
||||
match=1
|
||||
break
|
||||
fi
|
||||
counter=$(($counter+1))
|
||||
done
|
||||
if [[ $match -eq 0 ]]
|
||||
then
|
||||
hash_list[$counter]=$hash
|
||||
filename_list[$counter]=$filename
|
||||
cat $line > $vendor_licenses_dir/$filename
|
||||
else
|
||||
cd $vendor_licenses_dir
|
||||
ln -s ${filename_list[$counter]} $filename
|
||||
cd $workingdir
|
||||
fi
|
||||
fi
|
||||
done < $licenses_file
|
||||
else
|
||||
echo Does not package licenses.
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo No licenses found to package.
|
||||
fi
|
31
install_licenses.sh
Normal file
31
install_licenses.sh
Normal file
@ -0,0 +1,31 @@
|
||||
#!/bin/bash
|
||||
|
||||
# written by cunix in 2019
|
||||
#
|
||||
# Installs or links previously found licenses.
|
||||
#
|
||||
# $1 should be the soure directory, prepared with script "find_licenses.sh"
|
||||
# $2 should be the (already created) destination directory
|
||||
|
||||
vendor_licenses_dir=$1
|
||||
install_licenses_dir=$2
|
||||
licenses_files=/tmp/real_license_files.txt
|
||||
licenses_links=/tmp/link_license_files.txt
|
||||
|
||||
rm $licenses_files
|
||||
rm $licenses_links
|
||||
|
||||
find -P $vendor_licenses_dir -type f -fprintf $licenses_files "%f\n"
|
||||
find -P $vendor_licenses_dir -type l -fprintf $licenses_links "%f %l\n"
|
||||
|
||||
while read line
|
||||
do
|
||||
install -D -m 0644 $vendor_licenses_dir/$line $install_licenses_dir/$line
|
||||
done < $licenses_files
|
||||
|
||||
cd $install_licenses_dir
|
||||
while read line
|
||||
do
|
||||
combo=($line)
|
||||
ln -s ${combo[1]} ${combo[0]}
|
||||
done < $licenses_links
|
Loading…
Reference in New Issue
Block a user