pool/dnscrypt-proxy
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 419162 from home:MargueriteSu:branches:server:dns

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/419162
OBS-URL: https://build.opensuse.org/package/show/server:dns/dnscrypt-proxy?expand=0&rev=11
This commit is contained in:
Marguerite Su 2016-08-13 14:32:32 +00:00 committed by Git OBS Bridge
parent 633d7e1337
commit 216bf3e165
7 changed files with 110 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
dnscrypt
View File

@ -1,20 +0,0 @@
#!/bin/sh
# wrapper to feed dnscrypt-proxy with user config
if test -f /etc/sysconfig/dnscrypt; then
source /etc/sysconfig/dnscrypt
fi
/usr/sbin/dnscrypt-proxy \
${DNSCRYPT_LOCAL_ADDRESS:+--local-address "$DNSCRYPT_LOCAL_ADDRESS"} \
${DNSCRYPT_USER:+--user "$DNSCRYPT_USER"} \
--resolver-name "${DNSCRYPT_RESOLVER_NAME:-cisco}" \
${DNSCRYPT_EPHEMERAL_KEYS:+--ephemeral-keys} \
${DNSCRYPT_LOGFILE:+--logfile "$DNSCRYPT_LOGFILE"} \
${DNSCRYPT_PLUGIN1:+--plugin "$DNSCRYPT_PLUGIN1"} \
${DNSCRYPT_PLUGIN2:+--plugin "$DNSCRYPT_PLUGIN2"} \
${DNSCRYPT_PLUGIN3:+--plugin "$DNSCRYPT_PLUGIN3"} \
${DNSCRYPT_PLUGIN4:+--plugin "$DNSCRYPT_PLUGIN4"} \
${DNSCRYPT_OPTIONS} \
"$@"

21
dnscrypt-proxy.changes
View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Sat Aug 13 13:52:25 UTC 2016 - i@marguerite.su
- switched to systemd template service. in the future, users
should use 'sudo systemctl start dnscrypt-proxy@127.0.0.1:53.service'
to start the service. any local address can be used.
- dropped dnscrypt-proxy.socket again. the listen address in the
socket can't be substituted at runtime that makes it impossible
to use multiple instances. and it doesn't work together with
the forking method in our systemd service.
- move pidfile and logfile into their own directories. in previous
submit, we finnaly used the user 'dnscrypt' to start the job, but
that user doesn't have write permission for /var/run and /var/log.
- dropped the /usr/sbin/dnscrypt wrapper that broke the systemd
service from forking. we used EnvironmentFile in systemd service
to load the user-customizable variables.
- changed /etc/sysconfig/dnscrypt to /etc/sysconfig/dnscrypt-proxy.
deleted those plugin items that can't be loaded by systemd. users
can use DNSCRYPT_OPTIONS to configure the plugins anyway, no need
to keep those placeholders.
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Aug 6 04:14:25 UTC 2016 - i@marguerite.su Sat Aug 6 04:14:25 UTC 2016 - i@marguerite.su

33
dnscrypt-proxy.spec
View File

@ -25,10 +25,10 @@ Group: Productivity/Networking/DNS/Utilities
#Git-Url: https://github.com/jedisct1/dnscrypt-proxy #Git-Url: https://github.com/jedisct1/dnscrypt-proxy
Url: https://dnscrypt.org Url: https://dnscrypt.org
Source: https://download.dnscrypt.org/dnscrypt-proxy/%{name}-%{version}.tar.bz2 Source: https://download.dnscrypt.org/dnscrypt-proxy/%{name}-%{version}.tar.bz2
Source1: %{name}.service Source1: %{name}@.service
Source2: dnscrypt Source3: sysconfig.%{name}
Source3: sysconfig.dnscrypt
Source4: https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv Source4: https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv
Source5: %{name}.tmpfile
BuildRequires: libsodium-devel BuildRequires: libsodium-devel
BuildRequires: libtool BuildRequires: libtool
BuildRequires: pkg-config BuildRequires: pkg-config
@ -78,12 +78,11 @@ make %{?_smp_mflags}
install -d -m 755 %{buildroot}%{_unitdir} install -d -m 755 %{buildroot}%{_unitdir}
install -m 644 %{SOURCE1} %{buildroot}%{_unitdir} install -m 644 %{SOURCE1} %{buildroot}%{_unitdir}
install -m 644 dnscrypt-proxy.socket %{buildroot}%{_unitdir}
install -d -m 755 %{buildroot}%{_sbindir}
install -m 755 %{SOURCE2} %{buildroot}%{_sbindir}
install -m 755 -d %{buildroot}%{_localstatedir}/adm/fillup-templates install -m 755 -d %{buildroot}%{_localstatedir}/adm/fillup-templates
install -m 644 -D %{SOURCE3} %{buildroot}%{_localstatedir}/adm/fillup-templates install -m 644 -D %{SOURCE3} %{buildroot}%{_localstatedir}/adm/fillup-templates
install -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/%{name}/dnscrypt-resolvers.csv install -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/%{name}/dnscrypt-resolvers.csv
install -d -m 755 %{buildroot}%{_libexecdir}/tmpfiles.d/
install -m 644 %{SOURCE5} %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
find %{buildroot} -name "*.la" -delete -print find %{buildroot} -name "*.la" -delete -print
@ -97,43 +96,45 @@ if ! %{_bindir}/getent passwd dnscrypt >/dev/null; then
-r -s /bin/false dnscrypt 2>/dev/null || : -r -s /bin/false dnscrypt 2>/dev/null || :
fi fi
%if 0%{?suse_version} >= 1210 %if 0%{?suse_version} >= 1210
%service_add_pre %{name}.service %service_add_pre %{name}@.service
%post %post
%service_add_post %{name}.service %service_add_post %{name}@.service
%{fillup_only -n dnscrypt} %if 0%{?suse_version} > 1320
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
%endif
%{fillup_only -n %{name}}
%preun %preun
%service_del_preun %{name}.service %service_del_preun %{name}@.service
%postun %postun
%service_del_postun %{name}.service %service_del_postun %{name}@.service
%else %else
# non-systemd # non-systemd
%post %post
%{fillup_only -n dnscrypt} %{fillup_only -n %{name}}
%endif %endif
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%doc AUTHORS ChangeLog README COPYING NEWS DNSCRYPT-V2-PROTOCOL.txt THANKS %doc AUTHORS ChangeLog README COPYING NEWS DNSCRYPT-V2-PROTOCOL.txt THANKS
%{_bindir}/hostip %{_bindir}/hostip
%{_sbindir}/dnscrypt
%{_sbindir}/%{name} %{_sbindir}/%{name}
%{_sbindir}/rc%{name} %{_sbindir}/rc%{name}
%{_unitdir}/%{name}.service %{_unitdir}/%{name}@.service
%{_unitdir}/%{name}.socket
%{_mandir}/man8/hostip.8%{ext_man} %{_mandir}/man8/hostip.8%{ext_man}
%{_mandir}/man8/%{name}.8%{ext_man} %{_mandir}/man8/%{name}.8%{ext_man}
%dir %{_datadir}/%{name} %dir %{_datadir}/%{name}
%{_datadir}/%{name}/dnscrypt-resolvers.csv %{_datadir}/%{name}/dnscrypt-resolvers.csv
%{_datadir}/%{name}/minisign.pub %{_datadir}/%{name}/minisign.pub
%{_localstatedir}/adm/fillup-templates/sysconfig.dnscrypt %{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
%dir %{_libdir}/%{name} %dir %{_libdir}/%{name}
%{_libdir}/%{name}/libdcplugin_example.so %{_libdir}/%{name}/libdcplugin_example.so
%{_libdir}/%{name}/libdcplugin_example_logging.so %{_libdir}/%{name}/libdcplugin_example_logging.so
%{_libexecdir}/tmpfiles.d/%{name}.conf
%files devel %files devel
%defattr(-,root,root) %defattr(-,root,root)

2
dnscrypt-proxy.tmpfile Normal file
View File

@ -0,0 +1,2 @@
d /var/run/dnscrypt-proxy 0755 dnscrypt dnscrypt
d /var/log/dnscrypt-proxy 0755 dnscrypt dnscrypt

27
dnscrypt-proxy.service → dnscrypt-proxy@.service
View File

@ -3,37 +3,36 @@
# Version: 1.7.0 # Version: 1.7.0
# Description: dnscrypt is a tool that encrypts your DNS queries in order to # Description: dnscrypt is a tool that encrypts your DNS queries in order to
# protect against man-in-the-middle attacks and DNS hijacking # protect against man-in-the-middle attacks and DNS hijacking
# (commonly seen in China). It uses OpenDNS resolvers by default. # (commonly seen in China). It uses CiscoDNS resolvers by default.
# It is BSD-licensed. # It is BSD-licensed.
# In openSUSE it's licensed under SuSE-Permissive (non-free ware). # In openSUSE it's licensed under SuSE-Permissive (non-free ware).
# For details, refer to its documentation. # For details, refer to its documentation.
[Unit] [Unit]
Description=Secure connection between your computer and a DNS resolver Description=Secure connection between your computer and a DNS resolver
Documentation=man:dnscrypt-proxy(8) Documentation=man:dnscrypt-proxy(8)
Requires=dnscrypt-proxy.socket
After=network.target ntp.service
# NTP always has local servers, and there's nothing to encrypt for time. # NTP always has local servers, and there's nothing to encrypt for time.
# and ntp.service isn't native systemd service, if we start before it, # and ntp.service isn't native systemd service, if we start before it,
# it will take a long time to sync. just save 20000+ms on boot. # it will take a long time to sync. just save 20000+ms on boot.
After=network.target ntp.service
Before=nss-lookup.target Before=nss-lookup.target
[Service] [Service]
Type=forking Type=forking
NonBlocking=true NonBlocking=true
PIDFile=/var/run/dnscrypt-proxy.pid PIDFile=/var/run/dnscrypt-proxy/dnscrypt-proxy@%i.pid
# Execute a wrapper that calls the dnscrypt-proxy with config from EnvironmentFile=-/etc/sysconfig/dnscrypt-proxy
# /etc/sysconfig/dnscrypt and substitutes defaults that cannot be passed ExecStart=/usr/sbin/dnscrypt-proxy \
# to ExecStart in combination with EnvironmentFile
ExecStart=/usr/sbin/dnscrypt \
--daemonize \ --daemonize \
--pidfile=/var/run/dnscrypt-proxy.pid \ --pidfile=/var/run/dnscrypt-proxy/dnscrypt-proxy@%i.pid \
--user=dnscrypt \ --local-address=%i \
--resolvers-list=/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv \ --user=${DNSCRYPT_USER} \
--logfile=/var/log/dnscrypt-proxy.log --resolver-name=${DNSCRYPT_RESOLVER_NAME} \
${DNSCRYPT_EPHEMERAL_KEYS} \
${DNSCRYPT_OPTIONS} \
--logfile=/var/log/dnscrypt-proxy/dnscrypt-proxy@%i.log \
--loglevel=${DNSCRYPT_LOGLEVEL}
# Automatically Restart # Automatically Restart
Restart=on-abort Restart=on-abort
[Install] [Install]
Also=dnscrypt-proxy.socket
WantedBy=multi-user.target WantedBy=multi-user.target
Alias=dnscrypt.service

107
sysconfig.dnscrypt
View File

@ -1,107 +0,0 @@
## Path: Network/DNS/DNSCrypt
## Description: Local address
## Type: string
## Default: ""
#
# Address and port where the dnscrypt-proxy daemon listens. Format is
# address:port, with dnscrypt-proxy's default 127.0.0.1:53 .
#
DNSCRYPT_LOCAL_ADDRESS=
## Path: Network/DNS/DNSCrypt
## Description: Run daemon under specified user
## Type: string
## Default: "dnscrypt"
#
# The recommended user is 'dnscrypt' but the empty value will not pass
# any --user parameter to dnscrypt-proxy if this is desired by the user.
#
DNSCRYPT_USER=dnscrypt
## Path: Network/DNS/DNSCrypt
## Description: Resolver name
## Type: string
## Default: "cisco"
#
# Short name of resolver, see /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
# for the full list.
#
# If the value is empty, the default is substituted.
#
DNSCRYPT_RESOLVER_NAME=
## Path: Network/DNS/DNSCrypt
## Description: Log file
## Type: string
## Default: "/var/log/dnscrypt-proxy.log"
#
# Use the given log file instead of standard out, where the output is possibly
# grabbed by the system logger.
#
DNSCRYPT_LOGFILE=/var/log/dnscrypt-proxy.log
## Path: Network/DNS/DNSCrypt
## Description: Log level
## Type: string
## Default: ""
#
# Don't log events with priority above this level after the service has been
# started up. Default is the value for LOG_INFO.
#
# NOTE: currently unused
#
DNSCRYPT_LOGLEVEL=
## Path: Network/DNS/DNSCrypt
## Description: Optional plugin (1)
## Type: string
## Default: ""
#
# Use the given dnscrypt plugin.
#
DNSCRYPT_PLUGIN1=
## Path: Network/DNS/DNSCrypt
## Description: Optional plugin (2)
## Type: string
## Default: ""
#
# Use the given dnscrypt plugin.
#
DNSCRYPT_PLUGIN2=
## Path: Network/DNS/DNSCrypt
## Description: Optional plugin (3)
## Type: string
## Default: ""
#
# Use the given dnscrypt plugin.
#
DNSCRYPT_PLUGIN3=
## Path: Network/DNS/DNSCrypt
## Description: Optional plugin (4)
## Type: string
## Default: ""
#
# Use the given dnscrypt plugin.
#
DNSCRYPT_PLUGIN4=
## Path: Network/DNS/DNSCrypt
## Description: Other options
## Type: string
## Default: ""
#
# Additional user options
#
DNSCRYPT_OPTIONS=
## Path: Network/DNS/DNSCrypt
## Description: Use ephemeral keys
## Type: string
## Default: "yes"
#
# Enable ephemeral keys for connections.
#
DNSCRYPT_EPHEMERAL_KEYS=

57
sysconfig.dnscrypt-proxy Normal file
View File

@ -0,0 +1,57 @@
## Path: Network/DNS/DNSCrypt
## Description: Run daemon under specified user
## Type: string
## Default: "dnscrypt"
#
# The recommended user is 'dnscrypt' but the empty value will not pass
# any --user parameter to dnscrypt-proxy if this is desired by the user.
#
DNSCRYPT_USER="dnscrypt"
## Path: Network/DNS/DNSCrypt
## Description: Resolver name
## Type: string
## Default: "cisco"
#
# Short name of resolver, see /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
# for the full list.
#
DNSCRYPT_RESOLVER_NAME="cisco"
## Path: Network/DNS/DNSCrypt
## Description: Log level
## Type: string
## Default: "7"
#
# Don't log events with priority above this level after the service has been
# started up.
#
# Valid values are:
# 0 (system is unusable)
# 1 (action must be taken immediately)
# 2 (critical conditions)
# 3 (error conditions)
# 4 (warning conditions)
# 5 (normal but significant condition)
# 6 (informational)
# 7 (debug-level messages)
#
DNSCRYPT_LOGLEVEL="7"
## Path: Network/DNS/DNSCrypt
## Description: Other options
## Type: string
## Default: ""
#
# Additional user options, plugin can be configured here
#
DNSCRYPT_OPTIONS=""
## Path: Network/DNS/DNSCrypt
## Description: Use ephemeral keys
## Type: string
## Default: "--ephemeral-keys"
#
# Enable ephemeral keys for connections.
#
DNSCRYPT_EPHEMERAL_KEYS="--ephemeral-keys"