Accepting request 817415 from server:dns

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/817415 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dnscrypt-proxy?expand=0&rev=5
2020-07-10 12:12:38 +00:00 · 2020-07-10 12:12:38 +00:00 · 1e3a7d6b24
commit 1e3a7d6b24
parent 963519b5ec 3e4219e68d
13 changed files with 411 additions and 195 deletions
--- a/README.openSUSE
+++ b/README.openSUSE
@ -0,0 +1,27 @@
 Some tips:
 1. Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first!
 2. Override "ListenStream" and "ListenDatagram" for dnscrypt-proxy.socket
   according to your setup, especially if dnscrypt-proxy should not be used as
   your primary name resolver.
   In this case you might want to forward queries from a tool
   like "dnsmasq" to dnscrypt-proxy.
   Then the later should probably not listen on the default adress/port.
 3. If running via systemd, start as root once with
      $ systemctl start dnscrypt-proxy.socket
   For always activating, do
      $ systemctl enable dnscrypt-proxy.socket
 4. Alternatively dnscrypt-proxy.service can be used the same way.
   This will require you to set or uncomment "listen_addresses" in
   /etc/dnscrypt-proxy/dnscrypt-proxy.toml
   In this case the socket configuration described in (2.)
   has to be done in this file directly.
--- a/dnscrypt-proxy-1.9.5.tar.bz2
+++ b/dnscrypt-proxy-1.9.5.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e89f5b9039979ab392302faf369ef7593155d5ea21580402a75bbc46329d1bb6
 size 1290573
--- a/dnscrypt-proxy-2.0.44.tar.gz
+++ b/dnscrypt-proxy-2.0.44.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:c2c9968f07a414e973ec5734f4598d756a35c32beedb18268590ea1355794237
 size 2279842
--- a/dnscrypt-proxy-default-config.patch
+++ b/dnscrypt-proxy-default-config.patch
@ -1,57 +0,0 @@
 Index: b/dnscrypt-proxy.conf
 ===================================================================
 --- a/dnscrypt-proxy.conf
 +++ b/dnscrypt-proxy.conf
@@ -39,19 +39,21 @@ ResolverName random
 ## Unless you are using systemd, you probably want to change this to "yes"
 ## after having verified that the rest of the configuration works as expected.
 -Daemonize no
 +Daemonize yes
 ## Write the PID number to a file
 +## in openSUSE, the pidfile should be dnscrypt-proxy@[configfile name].pid
 +## inside /var/run/dnscrypt-proxy/ to make systemd instantiated service work
 -# PidFile /var/run/dnscrypt-proxy.pid
 +PidFile /var/run/dnscrypt-proxy/dnscrypt-proxy@default.pid
 ## [NOT AVAILABLE ON WINDOWS] Start the process, bind the required ports, and
 ## run the server as a less-privileged system user.
 ## The value for this parameter is a user name.
 -# User _dnscrypt-proxy
 +User dnscrypt
@@ -66,7 +68,7 @@ Daemonize no
 ## using this option. You should edit systemd's dnscrypt-proxy.socket file
 ## instead.
 -# LocalAddress 127.0.0.1:53
 +LocalAddress 127.0.0.1:53
 ## Cache DNS responses to avoid outgoing traffic when the same queries
@@ -136,15 +138,16 @@ EphemeralKeys off
 ## Log file to write server errors and information to.
 ## If you use this tool for privacy, keeping logs of any kind is usually not
 ## a good idea.
 +## in openSUSE, logfile should be /var/log/dnscrypt-proxy/[config filename].log
 -# LogFile /var/log/dnscrypt-proxy.log
 +LogFile /var/log/dnscrypt-proxy/default.log
 ## Don't log events with priority above this log level after the service has
 ## been started up. Default is 6.
 ## Valid values are between 0 (critical) to 7 (debug-level messages).
 -# LogLevel 6
 +LogLevel 7
 ## [NOT AVAILABLE ON WINDOWS] Send server logs to the syslog daemon
--- a/dnscrypt-proxy.changes
+++ b/dnscrypt-proxy.changes
@ -1,3 +1,63 @@
 -------------------------------------------------------------------
 Fri Jun 12 12:00:00 UTC 2020 - cunix@mail.de - 2.0.44
 - Update to version 2.0.44
  * Netprobes and listening sockets are now ignored when the
    '-list', '-list-all', '-show-certs' or '-check'
    command-line switches are used.
  * 'tls_client_auth' was renamed to 'doh_client_x509_auth'.
    A section with the previous name is temporarily ignored if empty,
    but will error out if not.
  * Updates to the set of block lists.
 - Breaking change from 2.0.43 Update:
  The 'tls_client_auth' section was renamed to 'doh_client_x509_auth'.
  If you had a tls_client_auth section in the configuration file,
  it needs to be updated/renamed/deleted.
 -------------------------------------------------------------------
 Tue Jun 09 16:00:00 UTC 2020 - cunix@mail.de - 2.0.43
 - Minimum golang version now at 1.14
 - Update to version 2.0.43
  * When stored into a file, service logs now only contain data
    from the most recent launch. This can be changed with the
    new 'log_file_latest' option.
  * Support for DNS64 translation implemented.
  * Connections to DoH servers can be authenticated
    using TLS client certificates.
  * Multiple stamps are now allowed for a single server
    in resolvers and relays lists.
  * Updates and additions for the example domain block lists.
  * Cached configuration files can now be temporarily used if
    they are out of date, but bootstraping is impossible.
  * 'generate-domains-blacklists' now tries to deduplicate
    entries clobbered by wildcard rules.
  * 'generate-domains-blacklists' can now directly
    write lists to a file with the `-o` command-line option.
  * Cache files are now downloaded as the user the daemon will
    be running as. This fixes permission issues at startup time.
  * Forwarded queries are now subject to global timeouts,
    and can be forced to use TCP.
  * The 'ct' parameter has been removed from DoH queries,
    as Google doesn't require it any more.
 -------------------------------------------------------------------
 Sat May 23 12:00:00 UTC 2020 - cunix@mail.de - 2.0.42
 - Upgrade to 2.0.42 (boo#1165343)
 - Spec files from home:darix:apps/dnscrypt-proxy and
  home:cunix:go/dnscrypt-proxy2 merged into existing spec.
 - v1 of dnscrypt-proxy is not supported anymore and v2 is
  a new project. This will require v1 users to migrate their
  configuration.
 - dnscrypt-proxy-default-config.patch deleted because patched
  file 'dnscrypt-proxy.conf' is not used anymore.
 -------------------------------------------------------------------
 Thu Dec 19 15:27:22 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
--- a/dnscrypt-proxy.service
+++ b/dnscrypt-proxy.service
@ -0,0 +1,30 @@
 [Unit]
 Description=DNSCrypt-proxy client
 Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
 # with openSUSE changes
 Requires=dnscrypt-proxy.socket
 After=network.target
 Before=nss-lookup.target
 Wants=nss-lookup.target
 [Service]
 NonBlocking=true
 ExecStart=/usr/sbin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
 Group=dnscrypt
 User=dnscrypt
 WorkingDirectory=~
 RuntimeDirectory=dnscrypt-proxy
 # Missing in Leap 15.0
 #CacheDirectory=dnscrypt-proxy
 #LogsDirectory=dnscrypt-proxy
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 [Install]
 Also=dnscrypt-proxy.socket
 WantedBy=multi-user.target
--- a/dnscrypt-proxy.socket
+++ b/dnscrypt-proxy.socket
@ -0,0 +1,23 @@
 [Unit]
 Description=DNSCrypt-proxy socket
 Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
 # with openSUSE changes
 Before=nss-lookup.target
 Wants=nss-lookup.target
 [Socket]
 # Choose this for dnscrypt-proxy as primary resolver
 ListenStream=127.0.0.1:53
 ListenDatagram=127.0.0.1:53
 # Otherwise forward from your primary local name resolver to somewhere else:
 #ListenStream=127.0.0.1:5353
 #ListenDatagram=127.0.0.1:5353
 # Probably not useful and can be overridden
 #  if only listening for udp (ListenDatagram)
 NoDelay=true
 DeferAcceptSec=1
 [Install]
 WantedBy=sockets.target
--- a/dnscrypt-proxy.spec
+++ b/dnscrypt-proxy.spec
@ -15,143 +15,159 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 %define _buildshell /bin/bash
 %define user_group  dnscrypt
 %define config_dir  %{_sysconfdir}/%{name}
 %define home_dir    %{_localstatedir}/lib/%{name}
 %define log_dir     %{_localstatedir}/log/%{name}
 %define services    %{name}.socket %{name}.service
 %define vlic_dir  vendored
 Name:           dnscrypt-proxy
-Version:        1.9.5
+Version:        2.0.44
 Release:        0
 Summary:        A tool for securing communications between a client and a DNS resolver
-License:        BSD-3-Clause
+License:        ISC
 Group:          Productivity/Networking/DNS/Utilities
-URL:            https://dnscrypt.org/
+URL:            https://dnscrypt.info/
-Source:         https://download.dnscrypt.org/dnscrypt-proxy/%{name}-%{version}.tar.bz2
+Source0:        https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz
-Source1:        %{name}@.service
+Source1:        %{name}.service
-Source5:        %{name}.tmpfile
+Source2:        %{name}.socket
-Patch0:         dnscrypt-proxy-default-config.patch
+# File to use with sed to modify default configuration.
-BuildRequires:  libsodium-devel
+Source3:        example-dnscrypt-proxy.toml.sed
-BuildRequires:  libtool
+# Find licenses of vendored packages.
 Source4:        find_licenses.sh
 # Install licenses of vendored packages.
 Source5:        install_licenses.sh
 # Some words
 Source6:        README.openSUSE
 BuildRequires:  golang(API) >= 1.14
 BuildRequires:  golang-packaging
 BuildRequires:  pkgconfig
 BuildRequires:  shadow
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  pkgconfig(libsystemd)
-Requires(pre):  coreutils
+# for daemon group/user
-Requires(pre):  diffutils
+Requires(pre):  shadow
 Requires(pre):  fillup
 Requires(pre):  grep
 %{?systemd_requires}
 Recommends:     ca-certificates
 Provides:       dnscrypt = %{version}-%{release}
 Obsoletes:      dnscrypt < %{version}-%{release}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %description
-dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder,
+A flexible DNS proxy, with support for modern encrypted DNS protocols
-encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server,
+such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt.
 by default Cisco who run this on their resolvers. (It used to be OpenDNS.)
 The DNSCrypt protocol uses elliptic-curve cryptography and is similar to DNSCurve, but focuses on
 securing communications between a client and its first-level resolver.
 While not providing end-to-end security, it protects the local network, which is often the weakest point
 of the chain, against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.
 %package devel
 Summary:        Header files for development of DNSCrypt plugins
 Group:          Development/Languages/C and C++
 Requires:       %{name} = %{version}
 %description devel
 Header files for development of DNSCrypt plugins.
 %prep
-%setup -q
+%setup -q -n %{name}-%{version}
-%patch0 -p1
+
-# Strip __DATE__
+# Find licenses of vendored packages and prepare for installation
-sed -i "s/__DATE__/\"%(date -u -r ChangeLog +%%F)\"/" src/proxy/options.c
+bash %{SOURCE4} %{vlic_dir}
-# Don't install COPYING with make, we use our %%license marcro if possible
+
-sed -i "/\tCOPYING / d" Makefile.am
+# duplicate original config file
-sed -i "s/COPYING //" Makefile.in
+cp ./%{name}/example-%{name}.toml ./%{name}.toml.default
 # Edit default port and file locations
 sed -i -f %{SOURCE3} ./%{name}.toml.default
 # duplicate edited config file
 cp ./%{name}.toml.default ./%{name}.toml
 # Delete "example" to prevent fdupes from deleting the backup config file if run for buildroot
 sed -i "s/## This is an example configuration file./## This is a configuration file./" ./dnscrypt-proxy.toml
 # python path instead of env
 sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blacklists/generate-domains-blacklist.py
 %build
-%configure \
+cd dnscrypt-proxy
-%if 0%{?suse_version} >= 1210
+go build -mod=vendor -buildmode=pie
 	--with-systemd \
 %endif
 	--enable-plugins \
 	--docdir=%{_docdir}/%{name}
 make %{?_smp_mflags}
 %install
-%make_install
+# Directories
 install -D -d -m 0750               \
  %{buildroot}%{log_dir}            \
  %{buildroot}%{home_dir}           \
  %{buildroot}%{config_dir}
-install -d -m 755 %{buildroot}%{_unitdir}
+install -D -d -m 0755               \
-install -m 644 %{SOURCE1} %{buildroot}%{_unitdir}
+  %{buildroot}%{_datadir}/%{name}/
 install -d -m 755 %{buildroot}%{_libexecdir}/tmpfiles.d/
 install -m 644 %{SOURCE5} %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf
 ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
-find %{buildroot} -type f -name "*.la" -delete -print
+# Binary
-mkdir -p %{buildroot}%{_sysconfdir}/%{name}.conf.d
+install -D -m 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name}
-mv %{buildroot}%{_sysconfdir}/%{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf.d/default.conf
+
 # blacklist generator
 cp -a utils/generate-domains-blacklists/ %{buildroot}%{_datadir}/%{name}/
 # Config file examples
 install -D -m 0644 ./%{name}/example-%{name}.toml %{buildroot}/%{_docdir}/%{name}/example-%{name}.toml
 install -D -m 0644 ./%{name}.toml.default %{buildroot}/%{_docdir}/%{name}/%{name}.toml.default
 install -D -m 0644 ./%{name}/example-blacklist.txt %{buildroot}/%{_docdir}/%{name}/example-blacklist.txt
 install -D -m 0644 ./%{name}/example-ip-blacklist.txt %{buildroot}/%{_docdir}/%{name}/example-ip-blacklist.txt
 install -D -m 0644 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{_docdir}/%{name}/example-cloaking-rules.txt
 install -D -m 0644 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{_docdir}/%{name}/example-forwarding-rules.txt
 install -D -m 0644 ./%{name}/example-whitelist.txt %{buildroot}/%{_docdir}/%{name}/example-whitelist.txt
 # Config files
 install -D -m 0640 ./%{name}.toml %{buildroot}/%{config_dir}/%{name}.toml
 install -D -m 0640 ./%{name}.toml.default %{buildroot}/%{config_dir}/%{name}.toml.default
 install -D -m 0640 ./%{name}/example-blacklist.txt %{buildroot}/%{config_dir}/blacklist.txt
 install -D -m 0640 ./%{name}/example-ip-blacklist.txt %{buildroot}/%{config_dir}/ip-blacklist.txt
 install -D -m 0640 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{config_dir}/cloaking-rules.txt
 install -D -m 0640 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{config_dir}/forwarding-rules.txt
 install -D -m 0640 ./%{name}/example-whitelist.txt %{buildroot}/%{config_dir}/whitelist.txt
 # Systemd
 install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
 install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket
 # service link
 ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
 # Vendor Licenses
 install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir}
 bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
 # Some hints. Improvements and feedback welcome!
 cp %{SOURCE6} README.openSUSE
 %pre
-if ! %{_bindir}/getent group dnscrypt >/dev/null; then
+# group and user
-    %{_sbindir}/groupadd -r dnscrypt
+getent group %{user_group} >/dev/null || %{_sbindir}/groupadd -r %{user_group}
-fi
+getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group} \
-if ! %{_bindir}/getent passwd dnscrypt >/dev/null; then
+  -d %{home_dir} -s /bin/false -c "DNScrypt Proxy" %{user_group}
-    %{_sbindir}/useradd -c "DNSCrypt daemon" -d %{_localstatedir}/lib/empty -g dnscrypt \
+
-  -r -s /bin/false dnscrypt
+%service_add_pre %{services}
 fi
 %if 0%{?suse_version} >= 1210
 %service_add_pre %{name}@.service
 %endif
 %post
-%service_add_post %{name}@.service
+%service_add_post %{services}
 %tmpfiles_create %{_tmpfilesdir}/%{name}.conf
 if [ $1 == 2 ] && [ -r %{_sysconfdir}/sysconfig/%{name} ] ; then
 	rm -f %{_sysconfdir}/sysconfig/%{name}
 fi
 if [ $1 == 2 ] && [ -r %{_sysconfdir}/sysconfig/dnscrypt ] ; then
 	rm -f %{_sysconfdir}/sysconfig/dnscrypt
 fi
 %preun
-%if 0%{?suse_version} >= 1210
+%service_del_preun %{services}
 %service_del_preun %{name}@.service
 %endif
 %postun
-%if 0%{?suse_version} >= 1210
+%service_del_postun %{services}
 %service_del_postun %{name}@.service
 %endif
 %files
-%doc AUTHORS ChangeLog README.markdown NEWS DNSCRYPT-V2-PROTOCOL.txt 
+%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml
-%doc THANKS README-PLUGINS.markdown dnscrypt-proxy.conf
+%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/blacklist.txt
-%if 0%{?leap_version} >= 420200 || 0%{?suse_version} > 1320
+%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/ip-blacklist.txt
-%license COPYING
+%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/cloaking-rules.txt
-%else
+%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt
-%doc COPYING
+%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/whitelist.txt
-%endif
+%config %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml.default
 %dir %{_sysconfdir}/%{name}.conf.d
 %config %{_sysconfdir}/%{name}.conf.d/default.conf
 %{_bindir}/hostip
 %{_sbindir}/%{name}
 %{_sbindir}/rc%{name}
-%{_unitdir}/%{name}@.service
+%{_unitdir}/%{name}.service
-%{_mandir}/man8/hostip.8%{ext_man}
+%{_unitdir}/%{name}.socket
-%{_mandir}/man8/%{name}.8%{ext_man}
+%{_datadir}/%{name}/
-%dir %{_datadir}/%{name}
+%dir %attr(0750,root,%{user_group}) %{config_dir}
-%{_datadir}/%{name}/dnscrypt-resolvers.csv
+%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
-%{_datadir}/%{name}/minisign.pub
+%dir %attr(0750,%{user_group},%{user_group}) %{log_dir}
-%dir %{_libdir}/%{name}
+%{_docdir}/%{name}/
-%{_libdir}/%{name}/libdcplugin_example.so
+%doc ChangeLog README.md README.openSUSE
-%{_libdir}/%{name}/libdcplugin_example_logging.so
+%license LICENSE
-%{_libdir}/%{name}/libdcplugin_example_cache.so
+%{_licensedir}/%{name}/%{vlic_dir}/
 %{_libexecdir}/tmpfiles.d/%{name}.conf
 %ghost %dir %{_localstatedir}/log/%{name}
 %ghost %dir /run/%{name}
 %files devel
 %dir %{_includedir}/dnscrypt/
 %{_includedir}/dnscrypt/*
 %changelog
--- a/dnscrypt-proxy.tmpfile
+++ b/dnscrypt-proxy.tmpfile
@ -1,2 +0,0 @@
 d /run/dnscrypt-proxy 0755 dnscrypt dnscrypt
 d /var/log/dnscrypt-proxy 0755 dnscrypt dnscrypt
--- a/dnscrypt-proxy@.service
+++ b/dnscrypt-proxy@.service
@ -1,29 +0,0 @@
 # This file is part of dnscrypt-proxy
 # Author: Marguerite Su <i@marguerite.su> with some AUR references.
 # Version: 1.9.4
 # Description: dnscrypt is a tool that encrypts your DNS queries in order to
 #              protect against man-in-the-middle attacks and DNS hijacking
 #              (commonly seen in China). It uses CiscoDNS resolvers by default.
 #              It is BSD-licensed.
 #              In openSUSE it's licensed under SUSE-Permissive (non-free ware).
 #              For details, refer to its documentation.
 [Unit]
 Description=Secure connection between your computer and a DNS resolver
 Documentation=man:dnscrypt-proxy(8)
 # NTP always has local servers, and there's nothing to encrypt for time.
 # and ntp.service isn't native systemd service, if we start before it,
 # it will take a long time to sync. just save 20000+ms on boot.
 After=network.target ntp.service
 Before=nss-lookup.target
 [Service]
 Type=forking
 NonBlocking=true
 PIDFile=/var/run/dnscrypt-proxy/dnscrypt-proxy@%i.pid
 ExecStart=/usr/sbin/dnscrypt-proxy /etc/dnscrypt-proxy.conf.d/%I.conf
 # Automatically Restart
 Restart=on-abort
 [Install]
 WantedBy=multi-user.target
 DefaultInstance=default
--- a/example-dnscrypt-proxy.toml.sed
+++ b/example-dnscrypt-proxy.toml.sed
@ -0,0 +1,21 @@
 # the socket unit should listen
 s/listen_addresses = \['127.0.0.1:53']/#listen_addresses = ['127.0.0.1:53']\nlisten_addresses = []/
 # absolute paths by default
 s/# log_file = 'dnscrypt-proxy.log'/# log_file = '\/var\/log\/dnscrypt-proxy\/dnscrypt-proxy.log'/
 s/# forwarding_rules = 'forwarding-rules.txt'/# forwarding_rules = '\/etc\/dnscrypt-proxy\/forwarding-rules.txt'/
 s/# cloaking_rules = 'cloaking-rules.txt'/# cloaking_rules = '\/etc\/dnscrypt-proxy\/cloaking-rules.txt'/
 s/# cert_file = "localhost.pem"/# cert_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/
 s/# cert_key_file = "localhost.pem"/# cert_key_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/
 s/  # file = 'query.log'/  # file = '\/var\/log\/dnscrypt-proxy\/query.log'/
 s/  # file = 'nx.log'/  # file = '\/var\/log\/dnscrypt-proxy\/nx.log'/
 s/  # blacklist_file = 'blacklist.txt'/  # blacklist_file = '\/etc\/dnscrypt-proxy\/blacklist.txt'/
 s/  # log_file = 'blocked.log'/  # log_file = '\/var\/log\/dnscrypt-proxy\/blocked.log'/
 s/  # blacklist_file = 'ip-blacklist.txt'/# blacklist_file = '\/etc\/dnscrypt-proxy\/ip-blacklist.txt'/
 s/  # log_file = 'ip-blocked.log'/  # log_file = '\/var\/log\/dnscrypt-proxy\/ip-blocked.log'/
 s/  # whitelist_file = 'whitelist.txt'/# blacklist_file = '\/etc\/dnscrypt-proxy\/whitelist.txt'/
 s/  # log_file = 'whitelisted.log'/  # log_file = '\/var\/log\/dnscrypt-proxy\/whitelisted.log'/
 s/  cache_file = 'public-resolvers.md'/  cache_file = '\/var\/lib\/dnscrypt-proxy\/public-resolvers.md'/
 s/  cache_file = 'relays.md'/  cache_file = '\/var\/lib\/dnscrypt-proxy\/relays.md'/
 s/  #  cache_file = "quad9-resolvers.md"/  #  cache_file = '\/var\/lib\/dnscrypt-proxy\/quad9-resolvers.md'/
 s/  #  cache_file = 'parental-control.md'/  #  cache_file = '\/var\/lib\/dnscrypt-proxy\/parental-control.md'/
--- a/find_licenses.sh
+++ b/find_licenses.sh
@ -0,0 +1,96 @@
 #!/bin/bash
 # written by cunix in 2019
 #
 # Tries to find and prepare licenses from vendored packages for
 # installation as file or link to existing file.
 #
 # $1 should be a destination directory for vendored licenses
 vendor_licenses_dir=$1
 username=$(whoami)
 workingdir=$(pwd)
 licenses_file=/tmp/license_files.txt
 goahead=0
 hash_list=()
 filename_list=()
 if [[ -z "$vendor_licenses_dir" ]]
  then
    echo missing directory as parameter
    exit 1
  else
    if [[ "$vendor_licenses_dir" = "/" ]] || [[ "$vendor_licenses_dir" = "/home" ]] \
      || [[ "$vendor_licenses_dir" = "/home/" ]] || [[ "$vendor_licenses_dir" = "/home/$username" ]] \
      || [[ "$vendor_licenses_dir" = "/home/$username/" ]] || [[ "$vendor_licenses_dir" = "$HOME" ]]
      then
        echo Do not use "$vendor_licenses_dir" as destination directory.
        echo It will delete all your files.
        exit 1
      else
        mkdir -pv $vendor_licenses_dir
        if [[ -d "$vendor_licenses_dir" ]]
          then
            echo Searching for licenses ...
            rm $licenses_file
            find ./*/ -iname  "license*" -fprint $licenses_file
            find ./*/ -iname  "copying*" >> $licenses_file
            goahead=1
          else
            echo "$vendor_licenses_dir" is not a directory.
            exit 1
          fi
      fi
  fi
 if [[ -f "$licenses_file" ]]
  then
    if [[ $goahead -eq 1 ]]
      then
        echo Removing $vendor_licenses_dir
        rm -r "$vendor_licenses_dir"
        mkdir -pv $vendor_licenses_dir
        echo Processing licenses . . .
        while read line
          do
            filenamepre=${line////__}
            filename=${filenamepre//.__/}
            hash_output=$(sha256sum $line)
            hash=${hash_output:0:66}
            hash_list_len=${#hash_list[@]}
            if [[ $hash_list_len -eq 0 ]]
              then
                cat $line > $vendor_licenses_dir/$filename
                hash_list[0]=$hash
                filename_list[0]=$filename
              else
                counter=0
                match=0
                for item in ${hash_list[@]}
                  do
                    if test $item = $hash
                      then
                        match=1
                        break
                      fi
                    counter=$(($counter+1))
                  done
                if [[ $match -eq 0 ]]
                  then
                    hash_list[$counter]=$hash
                    filename_list[$counter]=$filename
                    cat $line > $vendor_licenses_dir/$filename
                  else
                    cd $vendor_licenses_dir
                    ln -s ${filename_list[$counter]} $filename
                    cd $workingdir
                  fi
              fi
          done < $licenses_file
      else
        echo Does not package licenses.
        exit 1
      fi
  else
    echo No licenses found to package.
  fi
--- a/install_licenses.sh
+++ b/install_licenses.sh
@ -0,0 +1,31 @@
 #!/bin/bash
 # written by cunix in 2019
 #
 # Installs or links previously found licenses.
 #
 # $1 should be the soure directory, prepared with script "find_licenses.sh"
 # $2 should be the (already created) destination directory
 vendor_licenses_dir=$1
 install_licenses_dir=$2
 licenses_files=/tmp/real_license_files.txt
 licenses_links=/tmp/link_license_files.txt
 rm $licenses_files
 rm $licenses_links
 find -P $vendor_licenses_dir -type f -fprintf $licenses_files "%f\n"
 find -P $vendor_licenses_dir -type l -fprintf $licenses_links "%f %l\n"
 while read line
  do
    install -D -m 0644 $vendor_licenses_dir/$line $install_licenses_dir/$line
  done < $licenses_files
 cd $install_licenses_dir
 while read line
  do
    combo=($line)
    ln -s ${combo[1]} ${combo[0]}
  done < $licenses_links
		`@ -1,2 +0,0 @@`
			`d /run/dnscrypt-proxy 0755 dnscrypt dnscrypt`
			`d /var/log/dnscrypt-proxy 0755 dnscrypt dnscrypt`