Accepting request 817415 from server:dns

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/817415
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dnscrypt-proxy?expand=0&rev=5

README.openSUSE

@@ -0,0 +1,27 @@
+Some tips:
+
+1. Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first!
+
+2. Override "ListenStream" and "ListenDatagram" for dnscrypt-proxy.socket
+   according to your setup, especially if dnscrypt-proxy should not be used as
+   your primary name resolver.
+   In this case you might want to forward queries from a tool
+   like "dnsmasq" to dnscrypt-proxy.
+   Then the later should probably not listen on the default adress/port.
+
+3. If running via systemd, start as root once with
+
+      $ systemctl start dnscrypt-proxy.socket
+
+   For always activating, do
+
+      $ systemctl enable dnscrypt-proxy.socket
+
+4. Alternatively dnscrypt-proxy.service can be used the same way.
+   This will require you to set or uncomment "listen_addresses" in
+   /etc/dnscrypt-proxy/dnscrypt-proxy.toml
+   In this case the socket configuration described in (2.)
+   has to be done in this file directly.
+
+
+

dnscrypt-proxy-1.9.5.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e89f5b9039979ab392302faf369ef7593155d5ea21580402a75bbc46329d1bb6
-size 1290573

dnscrypt-proxy-2.0.44.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c2c9968f07a414e973ec5734f4598d756a35c32beedb18268590ea1355794237
+size 2279842

dnscrypt-proxy-default-config.patch

@@ -1,57 +0,0 @@
-Index: b/dnscrypt-proxy.conf
-===================================================================
---- a/dnscrypt-proxy.conf
-+++ b/dnscrypt-proxy.conf
-@@ -39,19 +39,21 @@ ResolverName random
- ## Unless you are using systemd, you probably want to change this to "yes"
- ## after having verified that the rest of the configuration works as expected.
- 
--Daemonize no
-+Daemonize yes
- 
- 
- ## Write the PID number to a file
-+## in openSUSE, the pidfile should be dnscrypt-proxy@[configfile name].pid
-+## inside /var/run/dnscrypt-proxy/ to make systemd instantiated service work
- 
--# PidFile /var/run/dnscrypt-proxy.pid
-+PidFile /var/run/dnscrypt-proxy/dnscrypt-proxy@default.pid
- 
- 
- ## [NOT AVAILABLE ON WINDOWS] Start the process, bind the required ports, and
- ## run the server as a less-privileged system user.
- ## The value for this parameter is a user name.
- 
--# User _dnscrypt-proxy
-+User dnscrypt
- 
- 
- 
-@@ -66,7 +68,7 @@ Daemonize no
- ## using this option. You should edit systemd's dnscrypt-proxy.socket file
- ## instead.
- 
--# LocalAddress 127.0.0.1:53
-+LocalAddress 127.0.0.1:53
- 
- 
- ## Cache DNS responses to avoid outgoing traffic when the same queries
-@@ -136,15 +138,16 @@ EphemeralKeys off
- ## Log file to write server errors and information to.
- ## If you use this tool for privacy, keeping logs of any kind is usually not
- ## a good idea.
-+## in openSUSE, logfile should be /var/log/dnscrypt-proxy/[config filename].log
- 
--# LogFile /var/log/dnscrypt-proxy.log
-+LogFile /var/log/dnscrypt-proxy/default.log
- 
- 
- ## Don't log events with priority above this log level after the service has
- ## been started up. Default is 6.
- ## Valid values are between 0 (critical) to 7 (debug-level messages).
- 
--# LogLevel 6
-+LogLevel 7
- 
- 
- ## [NOT AVAILABLE ON WINDOWS] Send server logs to the syslog daemon

dnscrypt-proxy.changes

@@ -1,3 +1,63 @@
+-------------------------------------------------------------------
+Fri Jun 12 12:00:00 UTC 2020 - cunix@mail.de - 2.0.44
+
+- Update to version 2.0.44
+  * Netprobes and listening sockets are now ignored when the
+    '-list', '-list-all', '-show-certs' or '-check'
+    command-line switches are used.
+  * 'tls_client_auth' was renamed to 'doh_client_x509_auth'.
+    A section with the previous name is temporarily ignored if empty,
+    but will error out if not.
+  * Updates to the set of block lists.
+
+- Breaking change from 2.0.43 Update:
+  The 'tls_client_auth' section was renamed to 'doh_client_x509_auth'.
+  If you had a tls_client_auth section in the configuration file,
+  it needs to be updated/renamed/deleted.
+
+-------------------------------------------------------------------
+Tue Jun 09 16:00:00 UTC 2020 - cunix@mail.de - 2.0.43
+
+- Minimum golang version now at 1.14
+
+- Update to version 2.0.43
+  * When stored into a file, service logs now only contain data
+    from the most recent launch. This can be changed with the
+    new 'log_file_latest' option.
+  * Support for DNS64 translation implemented.
+  * Connections to DoH servers can be authenticated
+    using TLS client certificates.
+  * Multiple stamps are now allowed for a single server
+    in resolvers and relays lists.
+  * Updates and additions for the example domain block lists.
+  * Cached configuration files can now be temporarily used if
+    they are out of date, but bootstraping is impossible.
+  * 'generate-domains-blacklists' now tries to deduplicate
+    entries clobbered by wildcard rules.
+  * 'generate-domains-blacklists' can now directly
+    write lists to a file with the `-o` command-line option.
+  * Cache files are now downloaded as the user the daemon will
+    be running as. This fixes permission issues at startup time.
+  * Forwarded queries are now subject to global timeouts,
+    and can be forced to use TCP.
+  * The 'ct' parameter has been removed from DoH queries,
+    as Google doesn't require it any more.
+
+-------------------------------------------------------------------
+Sat May 23 12:00:00 UTC 2020 - cunix@mail.de - 2.0.42
+
+- Upgrade to 2.0.42 (boo#1165343)
+
+- Spec files from home:darix:apps/dnscrypt-proxy and
+  home:cunix:go/dnscrypt-proxy2 merged into existing spec.
+
+- v1 of dnscrypt-proxy is not supported anymore and v2 is
+  a new project. This will require v1 users to migrate their
+  configuration.
+
+- dnscrypt-proxy-default-config.patch deleted because patched
+  file 'dnscrypt-proxy.conf' is not used anymore.
+
 -------------------------------------------------------------------
 Thu Dec 19 15:27:22 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
 

dnscrypt-proxy.service

@@ -0,0 +1,30 @@
+[Unit]
+Description=DNSCrypt-proxy client
+Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
+# with openSUSE changes
+Requires=dnscrypt-proxy.socket
+After=network.target
+Before=nss-lookup.target
+Wants=nss-lookup.target
+
+[Service]
+NonBlocking=true
+
+ExecStart=/usr/sbin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
+
+Group=dnscrypt
+User=dnscrypt
+WorkingDirectory=~
+RuntimeDirectory=dnscrypt-proxy
+
+# Missing in Leap 15.0
+#CacheDirectory=dnscrypt-proxy
+#LogsDirectory=dnscrypt-proxy
+
+ProtectHome=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+
+[Install]
+Also=dnscrypt-proxy.socket
+WantedBy=multi-user.target

dnscrypt-proxy.socket

@@ -0,0 +1,23 @@
+[Unit]
+Description=DNSCrypt-proxy socket
+Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
+# with openSUSE changes
+Before=nss-lookup.target
+Wants=nss-lookup.target
+
+[Socket]
+# Choose this for dnscrypt-proxy as primary resolver
+ListenStream=127.0.0.1:53
+ListenDatagram=127.0.0.1:53
+
+# Otherwise forward from your primary local name resolver to somewhere else:
+#ListenStream=127.0.0.1:5353
+#ListenDatagram=127.0.0.1:5353
+
+# Probably not useful and can be overridden
+#  if only listening for udp (ListenDatagram)
+NoDelay=true
+DeferAcceptSec=1
+
+[Install]
+WantedBy=sockets.target

dnscrypt-proxy.spec

@@ -15,143 +15,159 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
+%define _buildshell /bin/bash
+%define user_group  dnscrypt
+%define config_dir  %{_sysconfdir}/%{name}
+%define home_dir    %{_localstatedir}/lib/%{name}
+%define log_dir     %{_localstatedir}/log/%{name}
+%define services    %{name}.socket %{name}.service
+%define vlic_dir  vendored
 
 Name:           dnscrypt-proxy
-Version:        1.9.5
+Version:        2.0.44
 Release:        0
 Summary:        A tool for securing communications between a client and a DNS resolver
-License:        BSD-3-Clause
+License:        ISC
 Group:          Productivity/Networking/DNS/Utilities
-URL:            https://dnscrypt.org/
-Source:         https://download.dnscrypt.org/dnscrypt-proxy/%{name}-%{version}.tar.bz2
-Source1:        %{name}@.service
-Source5:        %{name}.tmpfile
-Patch0:         dnscrypt-proxy-default-config.patch
-BuildRequires:  libsodium-devel
-BuildRequires:  libtool
+URL:            https://dnscrypt.info/
+Source0:        https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz
+Source1:        %{name}.service
+Source2:        %{name}.socket
+# File to use with sed to modify default configuration.
+Source3:        example-dnscrypt-proxy.toml.sed
+# Find licenses of vendored packages.
+Source4:        find_licenses.sh
+# Install licenses of vendored packages.
+Source5:        install_licenses.sh
+# Some words
+Source6:        README.openSUSE
+BuildRequires:  golang(API) >= 1.14
+BuildRequires:  golang-packaging
 BuildRequires:  pkgconfig
 BuildRequires:  shadow
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  pkgconfig(libsystemd)
-Requires(pre):  coreutils
-Requires(pre):  diffutils
-Requires(pre):  fillup
-Requires(pre):  grep
+# for daemon group/user
+Requires(pre):  shadow
 %{?systemd_requires}
+Recommends:     ca-certificates
 Provides:       dnscrypt = %{version}-%{release}
 Obsoletes:      dnscrypt < %{version}-%{release}
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
-dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder,
-encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server,
-by default Cisco who run this on their resolvers. (It used to be OpenDNS.)
-
-The DNSCrypt protocol uses elliptic-curve cryptography and is similar to DNSCurve, but focuses on
-securing communications between a client and its first-level resolver.
-
-While not providing end-to-end security, it protects the local network, which is often the weakest point
-of the chain, against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.
-
-%package devel
-Summary:        Header files for development of DNSCrypt plugins
-Group:          Development/Languages/C and C++
-Requires:       %{name} = %{version}
-
-%description devel
-Header files for development of DNSCrypt plugins.
+A flexible DNS proxy, with support for modern encrypted DNS protocols
+such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt.
 
 %prep
-%setup -q
-%patch0 -p1
-# Strip __DATE__
-sed -i "s/__DATE__/\"%(date -u -r ChangeLog +%%F)\"/" src/proxy/options.c
-# Don't install COPYING with make, we use our %%license marcro if possible
-sed -i "/\tCOPYING / d" Makefile.am
-sed -i "s/COPYING //" Makefile.in
+%setup -q -n %{name}-%{version}
+
+# Find licenses of vendored packages and prepare for installation
+bash %{SOURCE4} %{vlic_dir}
+
+# duplicate original config file
+cp ./%{name}/example-%{name}.toml ./%{name}.toml.default
+
+# Edit default port and file locations
+sed -i -f %{SOURCE3} ./%{name}.toml.default
+
+# duplicate edited config file
+cp ./%{name}.toml.default ./%{name}.toml
+
+# Delete "example" to prevent fdupes from deleting the backup config file if run for buildroot
+sed -i "s/## This is an example configuration file./## This is a configuration file./" ./dnscrypt-proxy.toml
+
+# python path instead of env
+sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blacklists/generate-domains-blacklist.py
 
 %build
-%configure \
-%if 0%{?suse_version} >= 1210
-	--with-systemd \
-%endif
-	--enable-plugins \
-	--docdir=%{_docdir}/%{name}
-make %{?_smp_mflags}
+cd dnscrypt-proxy
+go build -mod=vendor -buildmode=pie
 
 %install
-%make_install
+# Directories
+install -D -d -m 0750               \
+  %{buildroot}%{log_dir}            \
+  %{buildroot}%{home_dir}           \
+  %{buildroot}%{config_dir}
 
-install -d -m 755 %{buildroot}%{_unitdir}
-install -m 644 %{SOURCE1} %{buildroot}%{_unitdir}
-install -d -m 755 %{buildroot}%{_libexecdir}/tmpfiles.d/
-install -m 644 %{SOURCE5} %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf
-ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
+install -D -d -m 0755               \
+  %{buildroot}%{_datadir}/%{name}/
 
-find %{buildroot} -type f -name "*.la" -delete -print
-mkdir -p %{buildroot}%{_sysconfdir}/%{name}.conf.d
-mv %{buildroot}%{_sysconfdir}/%{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf.d/default.conf
+# Binary
+install -D -m 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name}
+
+# blacklist generator
+cp -a utils/generate-domains-blacklists/ %{buildroot}%{_datadir}/%{name}/
+
+# Config file examples
+install -D -m 0644 ./%{name}/example-%{name}.toml %{buildroot}/%{_docdir}/%{name}/example-%{name}.toml
+install -D -m 0644 ./%{name}.toml.default %{buildroot}/%{_docdir}/%{name}/%{name}.toml.default
+install -D -m 0644 ./%{name}/example-blacklist.txt %{buildroot}/%{_docdir}/%{name}/example-blacklist.txt
+install -D -m 0644 ./%{name}/example-ip-blacklist.txt %{buildroot}/%{_docdir}/%{name}/example-ip-blacklist.txt
+install -D -m 0644 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{_docdir}/%{name}/example-cloaking-rules.txt
+install -D -m 0644 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{_docdir}/%{name}/example-forwarding-rules.txt
+install -D -m 0644 ./%{name}/example-whitelist.txt %{buildroot}/%{_docdir}/%{name}/example-whitelist.txt
+
+# Config files
+install -D -m 0640 ./%{name}.toml %{buildroot}/%{config_dir}/%{name}.toml
+install -D -m 0640 ./%{name}.toml.default %{buildroot}/%{config_dir}/%{name}.toml.default
+install -D -m 0640 ./%{name}/example-blacklist.txt %{buildroot}/%{config_dir}/blacklist.txt
+install -D -m 0640 ./%{name}/example-ip-blacklist.txt %{buildroot}/%{config_dir}/ip-blacklist.txt
+install -D -m 0640 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{config_dir}/cloaking-rules.txt
+install -D -m 0640 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{config_dir}/forwarding-rules.txt
+install -D -m 0640 ./%{name}/example-whitelist.txt %{buildroot}/%{config_dir}/whitelist.txt
+
+# Systemd
+install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
+install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket
+
+# service link
+ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
+
+# Vendor Licenses
+install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir}
+bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
+
+# Some hints. Improvements and feedback welcome!
+cp %{SOURCE6} README.openSUSE
 
 %pre
-if ! %{_bindir}/getent group dnscrypt >/dev/null; then
-    %{_sbindir}/groupadd -r dnscrypt
-fi
-if ! %{_bindir}/getent passwd dnscrypt >/dev/null; then
-    %{_sbindir}/useradd -c "DNSCrypt daemon" -d %{_localstatedir}/lib/empty -g dnscrypt \
-  -r -s /bin/false dnscrypt
-fi
-%if 0%{?suse_version} >= 1210
-%service_add_pre %{name}@.service
-%endif
+# group and user
+getent group %{user_group} >/dev/null || %{_sbindir}/groupadd -r %{user_group}
+getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group} \
+  -d %{home_dir} -s /bin/false -c "DNScrypt Proxy" %{user_group}
+
+%service_add_pre %{services}
 
 %post
-%service_add_post %{name}@.service
-%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
-if [ $1 == 2 ] && [ -r %{_sysconfdir}/sysconfig/%{name} ] ; then
-	rm -f %{_sysconfdir}/sysconfig/%{name}
-fi
-if [ $1 == 2 ] && [ -r %{_sysconfdir}/sysconfig/dnscrypt ] ; then
-	rm -f %{_sysconfdir}/sysconfig/dnscrypt
-fi
+%service_add_post %{services}
 
 %preun
-%if 0%{?suse_version} >= 1210
-%service_del_preun %{name}@.service
-%endif
+%service_del_preun %{services}
 
 %postun
-%if 0%{?suse_version} >= 1210
-%service_del_postun %{name}@.service
-%endif
+%service_del_postun %{services}
 
 %files
-%doc AUTHORS ChangeLog README.markdown NEWS DNSCRYPT-V2-PROTOCOL.txt 
-%doc THANKS README-PLUGINS.markdown dnscrypt-proxy.conf
-%if 0%{?leap_version} >= 420200 || 0%{?suse_version} > 1320
-%license COPYING
-%else
-%doc COPYING
-%endif
-%dir %{_sysconfdir}/%{name}.conf.d
-%config %{_sysconfdir}/%{name}.conf.d/default.conf
-%{_bindir}/hostip
+%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml
+%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/blacklist.txt
+%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/ip-blacklist.txt
+%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/cloaking-rules.txt
+%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt
+%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/whitelist.txt
+%config %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml.default
 %{_sbindir}/%{name}
 %{_sbindir}/rc%{name}
-%{_unitdir}/%{name}@.service
-%{_mandir}/man8/hostip.8%{ext_man}
-%{_mandir}/man8/%{name}.8%{ext_man}
-%dir %{_datadir}/%{name}
-%{_datadir}/%{name}/dnscrypt-resolvers.csv
-%{_datadir}/%{name}/minisign.pub
-%dir %{_libdir}/%{name}
-%{_libdir}/%{name}/libdcplugin_example.so
-%{_libdir}/%{name}/libdcplugin_example_logging.so
-%{_libdir}/%{name}/libdcplugin_example_cache.so
-%{_libexecdir}/tmpfiles.d/%{name}.conf
-%ghost %dir %{_localstatedir}/log/%{name}
-%ghost %dir /run/%{name}
-
-%files devel
-%dir %{_includedir}/dnscrypt/
-%{_includedir}/dnscrypt/*
+%{_unitdir}/%{name}.service
+%{_unitdir}/%{name}.socket
+%{_datadir}/%{name}/
+%dir %attr(0750,root,%{user_group}) %{config_dir}
+%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
+%dir %attr(0750,%{user_group},%{user_group}) %{log_dir}
+%{_docdir}/%{name}/
+%doc ChangeLog README.md README.openSUSE
+%license LICENSE
+%{_licensedir}/%{name}/%{vlic_dir}/
 
 %changelog

dnscrypt-proxy.tmpfile

@@ -1,2 +0,0 @@
-d /run/dnscrypt-proxy 0755 dnscrypt dnscrypt
-d /var/log/dnscrypt-proxy 0755 dnscrypt dnscrypt

dnscrypt-proxy@.service

@@ -1,29 +0,0 @@
-# This file is part of dnscrypt-proxy
-# Author: Marguerite Su <i@marguerite.su> with some AUR references.
-# Version: 1.9.4
-# Description: dnscrypt is a tool that encrypts your DNS queries in order to
-#              protect against man-in-the-middle attacks and DNS hijacking
-#              (commonly seen in China). It uses CiscoDNS resolvers by default.
-#              It is BSD-licensed.
-#              In openSUSE it's licensed under SUSE-Permissive (non-free ware).
-#              For details, refer to its documentation.
-[Unit]
-Description=Secure connection between your computer and a DNS resolver
-Documentation=man:dnscrypt-proxy(8)
-# NTP always has local servers, and there's nothing to encrypt for time.
-# and ntp.service isn't native systemd service, if we start before it,
-# it will take a long time to sync. just save 20000+ms on boot.
-After=network.target ntp.service
-Before=nss-lookup.target
-
-[Service]
-Type=forking
-NonBlocking=true
-PIDFile=/var/run/dnscrypt-proxy/dnscrypt-proxy@%i.pid
-ExecStart=/usr/sbin/dnscrypt-proxy /etc/dnscrypt-proxy.conf.d/%I.conf
-# Automatically Restart
-Restart=on-abort
-
-[Install]
-WantedBy=multi-user.target
-DefaultInstance=default

example-dnscrypt-proxy.toml.sed

@@ -0,0 +1,21 @@
+# the socket unit should listen
+s/listen_addresses = \['127.0.0.1:53']/#listen_addresses = ['127.0.0.1:53']\nlisten_addresses = []/
+
+# absolute paths by default
+s/# log_file = 'dnscrypt-proxy.log'/# log_file = '\/var\/log\/dnscrypt-proxy\/dnscrypt-proxy.log'/
+s/# forwarding_rules = 'forwarding-rules.txt'/# forwarding_rules = '\/etc\/dnscrypt-proxy\/forwarding-rules.txt'/
+s/# cloaking_rules = 'cloaking-rules.txt'/# cloaking_rules = '\/etc\/dnscrypt-proxy\/cloaking-rules.txt'/
+s/# cert_file = "localhost.pem"/# cert_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/
+s/# cert_key_file = "localhost.pem"/# cert_key_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/
+s/  # file = 'query.log'/  # file = '\/var\/log\/dnscrypt-proxy\/query.log'/
+s/  # file = 'nx.log'/  # file = '\/var\/log\/dnscrypt-proxy\/nx.log'/
+s/  # blacklist_file = 'blacklist.txt'/  # blacklist_file = '\/etc\/dnscrypt-proxy\/blacklist.txt'/
+s/  # log_file = 'blocked.log'/  # log_file = '\/var\/log\/dnscrypt-proxy\/blocked.log'/
+s/  # blacklist_file = 'ip-blacklist.txt'/# blacklist_file = '\/etc\/dnscrypt-proxy\/ip-blacklist.txt'/
+s/  # log_file = 'ip-blocked.log'/  # log_file = '\/var\/log\/dnscrypt-proxy\/ip-blocked.log'/
+s/  # whitelist_file = 'whitelist.txt'/# blacklist_file = '\/etc\/dnscrypt-proxy\/whitelist.txt'/
+s/  # log_file = 'whitelisted.log'/  # log_file = '\/var\/log\/dnscrypt-proxy\/whitelisted.log'/
+s/  cache_file = 'public-resolvers.md'/  cache_file = '\/var\/lib\/dnscrypt-proxy\/public-resolvers.md'/
+s/  cache_file = 'relays.md'/  cache_file = '\/var\/lib\/dnscrypt-proxy\/relays.md'/
+s/  #  cache_file = "quad9-resolvers.md"/  #  cache_file = '\/var\/lib\/dnscrypt-proxy\/quad9-resolvers.md'/
+s/  #  cache_file = 'parental-control.md'/  #  cache_file = '\/var\/lib\/dnscrypt-proxy\/parental-control.md'/

find_licenses.sh

@@ -0,0 +1,96 @@
+#!/bin/bash
+
+# written by cunix in 2019
+#
+# Tries to find and prepare licenses from vendored packages for
+# installation as file or link to existing file.
+#
+# $1 should be a destination directory for vendored licenses
+
+vendor_licenses_dir=$1
+username=$(whoami)
+workingdir=$(pwd)
+licenses_file=/tmp/license_files.txt
+goahead=0
+hash_list=()
+filename_list=()
+
+if [[ -z "$vendor_licenses_dir" ]]
+  then
+    echo missing directory as parameter
+    exit 1
+  else
+    if [[ "$vendor_licenses_dir" = "/" ]] || [[ "$vendor_licenses_dir" = "/home" ]] \
+      || [[ "$vendor_licenses_dir" = "/home/" ]] || [[ "$vendor_licenses_dir" = "/home/$username" ]] \
+      || [[ "$vendor_licenses_dir" = "/home/$username/" ]] || [[ "$vendor_licenses_dir" = "$HOME" ]]
+      then
+        echo Do not use "$vendor_licenses_dir" as destination directory.
+        echo It will delete all your files.
+        exit 1
+      else
+        mkdir -pv $vendor_licenses_dir
+        if [[ -d "$vendor_licenses_dir" ]]
+          then
+            echo Searching for licenses ...
+            rm $licenses_file
+            find ./*/ -iname  "license*" -fprint $licenses_file
+            find ./*/ -iname  "copying*" >> $licenses_file
+            goahead=1
+          else
+            echo "$vendor_licenses_dir" is not a directory.
+            exit 1
+          fi
+      fi
+  fi
+
+if [[ -f "$licenses_file" ]]
+  then
+    if [[ $goahead -eq 1 ]]
+      then
+        echo Removing $vendor_licenses_dir
+        rm -r "$vendor_licenses_dir"
+        mkdir -pv $vendor_licenses_dir
+        echo Processing licenses . . .
+        while read line
+          do
+            filenamepre=${line////__}
+            filename=${filenamepre//.__/}
+            hash_output=$(sha256sum $line)
+            hash=${hash_output:0:66}
+            hash_list_len=${#hash_list[@]}
+            if [[ $hash_list_len -eq 0 ]]
+              then
+                cat $line > $vendor_licenses_dir/$filename
+                hash_list[0]=$hash
+                filename_list[0]=$filename
+              else
+                counter=0
+                match=0
+                for item in ${hash_list[@]}
+                  do
+                    if test $item = $hash
+                      then
+                        match=1
+                        break
+                      fi
+                    counter=$(($counter+1))
+                  done
+                if [[ $match -eq 0 ]]
+                  then
+                    hash_list[$counter]=$hash
+                    filename_list[$counter]=$filename
+                    cat $line > $vendor_licenses_dir/$filename
+                  else
+                    cd $vendor_licenses_dir
+                    ln -s ${filename_list[$counter]} $filename
+                    cd $workingdir
+                  fi
+              fi
+          done < $licenses_file
+      else
+        echo Does not package licenses.
+        exit 1
+      fi
+  else
+    echo No licenses found to package.
+  fi

install_licenses.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# written by cunix in 2019
+#
+# Installs or links previously found licenses.
+#
+# $1 should be the soure directory, prepared with script "find_licenses.sh"
+# $2 should be the (already created) destination directory
+
+vendor_licenses_dir=$1
+install_licenses_dir=$2
+licenses_files=/tmp/real_license_files.txt
+licenses_links=/tmp/link_license_files.txt
+
+rm $licenses_files
+rm $licenses_links
+
+find -P $vendor_licenses_dir -type f -fprintf $licenses_files "%f\n"
+find -P $vendor_licenses_dir -type l -fprintf $licenses_links "%f %l\n"
+
+while read line
+  do
+    install -D -m 0644 $vendor_licenses_dir/$line $install_licenses_dir/$line
+  done < $licenses_files
+
+cd $install_licenses_dir
+while read line
+  do
+    combo=($line)
+    ln -s ${combo[1]} ${combo[0]}
+  done < $licenses_links