Accepting request 419162 from home:MargueriteSu:branches:server:dns
OBS-URL: https://build.opensuse.org/request/show/419162 OBS-URL: https://build.opensuse.org/package/show/server:dns/dnscrypt-proxy?expand=0&rev=11
This commit is contained in:
parent
633d7e1337
commit
216bf3e165
20
dnscrypt
20
dnscrypt
@ -1,20 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# wrapper to feed dnscrypt-proxy with user config
|
|
||||||
|
|
||||||
if test -f /etc/sysconfig/dnscrypt; then
|
|
||||||
source /etc/sysconfig/dnscrypt
|
|
||||||
fi
|
|
||||||
|
|
||||||
/usr/sbin/dnscrypt-proxy \
|
|
||||||
${DNSCRYPT_LOCAL_ADDRESS:+--local-address "$DNSCRYPT_LOCAL_ADDRESS"} \
|
|
||||||
${DNSCRYPT_USER:+--user "$DNSCRYPT_USER"} \
|
|
||||||
--resolver-name "${DNSCRYPT_RESOLVER_NAME:-cisco}" \
|
|
||||||
${DNSCRYPT_EPHEMERAL_KEYS:+--ephemeral-keys} \
|
|
||||||
${DNSCRYPT_LOGFILE:+--logfile "$DNSCRYPT_LOGFILE"} \
|
|
||||||
${DNSCRYPT_PLUGIN1:+--plugin "$DNSCRYPT_PLUGIN1"} \
|
|
||||||
${DNSCRYPT_PLUGIN2:+--plugin "$DNSCRYPT_PLUGIN2"} \
|
|
||||||
${DNSCRYPT_PLUGIN3:+--plugin "$DNSCRYPT_PLUGIN3"} \
|
|
||||||
${DNSCRYPT_PLUGIN4:+--plugin "$DNSCRYPT_PLUGIN4"} \
|
|
||||||
${DNSCRYPT_OPTIONS} \
|
|
||||||
"$@"
|
|
@ -1,3 +1,24 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Aug 13 13:52:25 UTC 2016 - i@marguerite.su
|
||||||
|
|
||||||
|
- switched to systemd template service. in the future, users
|
||||||
|
should use 'sudo systemctl start dnscrypt-proxy@127.0.0.1:53.service'
|
||||||
|
to start the service. any local address can be used.
|
||||||
|
- dropped dnscrypt-proxy.socket again. the listen address in the
|
||||||
|
socket can't be substituted at runtime that makes it impossible
|
||||||
|
to use multiple instances. and it doesn't work together with
|
||||||
|
the forking method in our systemd service.
|
||||||
|
- move pidfile and logfile into their own directories. in previous
|
||||||
|
submit, we finnaly used the user 'dnscrypt' to start the job, but
|
||||||
|
that user doesn't have write permission for /var/run and /var/log.
|
||||||
|
- dropped the /usr/sbin/dnscrypt wrapper that broke the systemd
|
||||||
|
service from forking. we used EnvironmentFile in systemd service
|
||||||
|
to load the user-customizable variables.
|
||||||
|
- changed /etc/sysconfig/dnscrypt to /etc/sysconfig/dnscrypt-proxy.
|
||||||
|
deleted those plugin items that can't be loaded by systemd. users
|
||||||
|
can use DNSCRYPT_OPTIONS to configure the plugins anyway, no need
|
||||||
|
to keep those placeholders.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Aug 6 04:14:25 UTC 2016 - i@marguerite.su
|
Sat Aug 6 04:14:25 UTC 2016 - i@marguerite.su
|
||||||
|
|
||||||
|
@ -25,10 +25,10 @@ Group: Productivity/Networking/DNS/Utilities
|
|||||||
#Git-Url: https://github.com/jedisct1/dnscrypt-proxy
|
#Git-Url: https://github.com/jedisct1/dnscrypt-proxy
|
||||||
Url: https://dnscrypt.org
|
Url: https://dnscrypt.org
|
||||||
Source: https://download.dnscrypt.org/dnscrypt-proxy/%{name}-%{version}.tar.bz2
|
Source: https://download.dnscrypt.org/dnscrypt-proxy/%{name}-%{version}.tar.bz2
|
||||||
Source1: %{name}.service
|
Source1: %{name}@.service
|
||||||
Source2: dnscrypt
|
Source3: sysconfig.%{name}
|
||||||
Source3: sysconfig.dnscrypt
|
|
||||||
Source4: https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv
|
Source4: https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv
|
||||||
|
Source5: %{name}.tmpfile
|
||||||
BuildRequires: libsodium-devel
|
BuildRequires: libsodium-devel
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
BuildRequires: pkg-config
|
BuildRequires: pkg-config
|
||||||
@ -78,12 +78,11 @@ make %{?_smp_mflags}
|
|||||||
|
|
||||||
install -d -m 755 %{buildroot}%{_unitdir}
|
install -d -m 755 %{buildroot}%{_unitdir}
|
||||||
install -m 644 %{SOURCE1} %{buildroot}%{_unitdir}
|
install -m 644 %{SOURCE1} %{buildroot}%{_unitdir}
|
||||||
install -m 644 dnscrypt-proxy.socket %{buildroot}%{_unitdir}
|
|
||||||
install -d -m 755 %{buildroot}%{_sbindir}
|
|
||||||
install -m 755 %{SOURCE2} %{buildroot}%{_sbindir}
|
|
||||||
install -m 755 -d %{buildroot}%{_localstatedir}/adm/fillup-templates
|
install -m 755 -d %{buildroot}%{_localstatedir}/adm/fillup-templates
|
||||||
install -m 644 -D %{SOURCE3} %{buildroot}%{_localstatedir}/adm/fillup-templates
|
install -m 644 -D %{SOURCE3} %{buildroot}%{_localstatedir}/adm/fillup-templates
|
||||||
install -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/%{name}/dnscrypt-resolvers.csv
|
install -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/%{name}/dnscrypt-resolvers.csv
|
||||||
|
install -d -m 755 %{buildroot}%{_libexecdir}/tmpfiles.d/
|
||||||
|
install -m 644 %{SOURCE5} %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf
|
||||||
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
||||||
|
|
||||||
find %{buildroot} -name "*.la" -delete -print
|
find %{buildroot} -name "*.la" -delete -print
|
||||||
@ -97,43 +96,45 @@ if ! %{_bindir}/getent passwd dnscrypt >/dev/null; then
|
|||||||
-r -s /bin/false dnscrypt 2>/dev/null || :
|
-r -s /bin/false dnscrypt 2>/dev/null || :
|
||||||
fi
|
fi
|
||||||
%if 0%{?suse_version} >= 1210
|
%if 0%{?suse_version} >= 1210
|
||||||
%service_add_pre %{name}.service
|
%service_add_pre %{name}@.service
|
||||||
|
|
||||||
%post
|
%post
|
||||||
%service_add_post %{name}.service
|
%service_add_post %{name}@.service
|
||||||
%{fillup_only -n dnscrypt}
|
%if 0%{?suse_version} > 1320
|
||||||
|
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
|
||||||
|
%endif
|
||||||
|
%{fillup_only -n %{name}}
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
%service_del_preun %{name}.service
|
%service_del_preun %{name}@.service
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
%service_del_postun %{name}.service
|
%service_del_postun %{name}@.service
|
||||||
%else
|
%else
|
||||||
|
|
||||||
# non-systemd
|
# non-systemd
|
||||||
|
|
||||||
%post
|
%post
|
||||||
%{fillup_only -n dnscrypt}
|
%{fillup_only -n %{name}}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%doc AUTHORS ChangeLog README COPYING NEWS DNSCRYPT-V2-PROTOCOL.txt THANKS
|
%doc AUTHORS ChangeLog README COPYING NEWS DNSCRYPT-V2-PROTOCOL.txt THANKS
|
||||||
%{_bindir}/hostip
|
%{_bindir}/hostip
|
||||||
%{_sbindir}/dnscrypt
|
|
||||||
%{_sbindir}/%{name}
|
%{_sbindir}/%{name}
|
||||||
%{_sbindir}/rc%{name}
|
%{_sbindir}/rc%{name}
|
||||||
%{_unitdir}/%{name}.service
|
%{_unitdir}/%{name}@.service
|
||||||
%{_unitdir}/%{name}.socket
|
|
||||||
%{_mandir}/man8/hostip.8%{ext_man}
|
%{_mandir}/man8/hostip.8%{ext_man}
|
||||||
%{_mandir}/man8/%{name}.8%{ext_man}
|
%{_mandir}/man8/%{name}.8%{ext_man}
|
||||||
%dir %{_datadir}/%{name}
|
%dir %{_datadir}/%{name}
|
||||||
%{_datadir}/%{name}/dnscrypt-resolvers.csv
|
%{_datadir}/%{name}/dnscrypt-resolvers.csv
|
||||||
%{_datadir}/%{name}/minisign.pub
|
%{_datadir}/%{name}/minisign.pub
|
||||||
%{_localstatedir}/adm/fillup-templates/sysconfig.dnscrypt
|
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
|
||||||
%dir %{_libdir}/%{name}
|
%dir %{_libdir}/%{name}
|
||||||
%{_libdir}/%{name}/libdcplugin_example.so
|
%{_libdir}/%{name}/libdcplugin_example.so
|
||||||
%{_libdir}/%{name}/libdcplugin_example_logging.so
|
%{_libdir}/%{name}/libdcplugin_example_logging.so
|
||||||
|
%{_libexecdir}/tmpfiles.d/%{name}.conf
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
|
2
dnscrypt-proxy.tmpfile
Normal file
2
dnscrypt-proxy.tmpfile
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
d /var/run/dnscrypt-proxy 0755 dnscrypt dnscrypt
|
||||||
|
d /var/log/dnscrypt-proxy 0755 dnscrypt dnscrypt
|
@ -3,37 +3,36 @@
|
|||||||
# Version: 1.7.0
|
# Version: 1.7.0
|
||||||
# Description: dnscrypt is a tool that encrypts your DNS queries in order to
|
# Description: dnscrypt is a tool that encrypts your DNS queries in order to
|
||||||
# protect against man-in-the-middle attacks and DNS hijacking
|
# protect against man-in-the-middle attacks and DNS hijacking
|
||||||
# (commonly seen in China). It uses OpenDNS resolvers by default.
|
# (commonly seen in China). It uses CiscoDNS resolvers by default.
|
||||||
# It is BSD-licensed.
|
# It is BSD-licensed.
|
||||||
# In openSUSE it's licensed under SuSE-Permissive (non-free ware).
|
# In openSUSE it's licensed under SuSE-Permissive (non-free ware).
|
||||||
# For details, refer to its documentation.
|
# For details, refer to its documentation.
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Secure connection between your computer and a DNS resolver
|
Description=Secure connection between your computer and a DNS resolver
|
||||||
Documentation=man:dnscrypt-proxy(8)
|
Documentation=man:dnscrypt-proxy(8)
|
||||||
Requires=dnscrypt-proxy.socket
|
|
||||||
After=network.target ntp.service
|
|
||||||
# NTP always has local servers, and there's nothing to encrypt for time.
|
# NTP always has local servers, and there's nothing to encrypt for time.
|
||||||
# and ntp.service isn't native systemd service, if we start before it,
|
# and ntp.service isn't native systemd service, if we start before it,
|
||||||
# it will take a long time to sync. just save 20000+ms on boot.
|
# it will take a long time to sync. just save 20000+ms on boot.
|
||||||
|
After=network.target ntp.service
|
||||||
Before=nss-lookup.target
|
Before=nss-lookup.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=forking
|
Type=forking
|
||||||
NonBlocking=true
|
NonBlocking=true
|
||||||
PIDFile=/var/run/dnscrypt-proxy.pid
|
PIDFile=/var/run/dnscrypt-proxy/dnscrypt-proxy@%i.pid
|
||||||
# Execute a wrapper that calls the dnscrypt-proxy with config from
|
EnvironmentFile=-/etc/sysconfig/dnscrypt-proxy
|
||||||
# /etc/sysconfig/dnscrypt and substitutes defaults that cannot be passed
|
ExecStart=/usr/sbin/dnscrypt-proxy \
|
||||||
# to ExecStart in combination with EnvironmentFile
|
|
||||||
ExecStart=/usr/sbin/dnscrypt \
|
|
||||||
--daemonize \
|
--daemonize \
|
||||||
--pidfile=/var/run/dnscrypt-proxy.pid \
|
--pidfile=/var/run/dnscrypt-proxy/dnscrypt-proxy@%i.pid \
|
||||||
--user=dnscrypt \
|
--local-address=%i \
|
||||||
--resolvers-list=/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv \
|
--user=${DNSCRYPT_USER} \
|
||||||
--logfile=/var/log/dnscrypt-proxy.log
|
--resolver-name=${DNSCRYPT_RESOLVER_NAME} \
|
||||||
|
${DNSCRYPT_EPHEMERAL_KEYS} \
|
||||||
|
${DNSCRYPT_OPTIONS} \
|
||||||
|
--logfile=/var/log/dnscrypt-proxy/dnscrypt-proxy@%i.log \
|
||||||
|
--loglevel=${DNSCRYPT_LOGLEVEL}
|
||||||
# Automatically Restart
|
# Automatically Restart
|
||||||
Restart=on-abort
|
Restart=on-abort
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
Also=dnscrypt-proxy.socket
|
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
Alias=dnscrypt.service
|
|
@ -1,107 +0,0 @@
|
|||||||
## Path: Network/DNS/DNSCrypt
|
|
||||||
## Description: Local address
|
|
||||||
## Type: string
|
|
||||||
## Default: ""
|
|
||||||
#
|
|
||||||
# Address and port where the dnscrypt-proxy daemon listens. Format is
|
|
||||||
# address:port, with dnscrypt-proxy's default 127.0.0.1:53 .
|
|
||||||
#
|
|
||||||
DNSCRYPT_LOCAL_ADDRESS=
|
|
||||||
|
|
||||||
## Path: Network/DNS/DNSCrypt
|
|
||||||
## Description: Run daemon under specified user
|
|
||||||
## Type: string
|
|
||||||
## Default: "dnscrypt"
|
|
||||||
#
|
|
||||||
# The recommended user is 'dnscrypt' but the empty value will not pass
|
|
||||||
# any --user parameter to dnscrypt-proxy if this is desired by the user.
|
|
||||||
#
|
|
||||||
DNSCRYPT_USER=dnscrypt
|
|
||||||
|
|
||||||
## Path: Network/DNS/DNSCrypt
|
|
||||||
## Description: Resolver name
|
|
||||||
## Type: string
|
|
||||||
## Default: "cisco"
|
|
||||||
#
|
|
||||||
# Short name of resolver, see /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
|
|
||||||
# for the full list.
|
|
||||||
#
|
|
||||||
# If the value is empty, the default is substituted.
|
|
||||||
#
|
|
||||||
DNSCRYPT_RESOLVER_NAME=
|
|
||||||
|
|
||||||
## Path: Network/DNS/DNSCrypt
|
|
||||||
## Description: Log file
|
|
||||||
## Type: string
|
|
||||||
## Default: "/var/log/dnscrypt-proxy.log"
|
|
||||||
#
|
|
||||||
# Use the given log file instead of standard out, where the output is possibly
|
|
||||||
# grabbed by the system logger.
|
|
||||||
#
|
|
||||||
DNSCRYPT_LOGFILE=/var/log/dnscrypt-proxy.log
|
|
||||||
|
|
||||||
## Path: Network/DNS/DNSCrypt
|
|
||||||
## Description: Log level
|
|
||||||
## Type: string
|
|
||||||
## Default: ""
|
|
||||||
#
|
|
||||||
# Don't log events with priority above this level after the service has been
|
|
||||||
# started up. Default is the value for LOG_INFO.
|
|
||||||
#
|
|
||||||
# NOTE: currently unused
|
|
||||||
#
|
|
||||||
DNSCRYPT_LOGLEVEL=
|
|
||||||
|
|
||||||
## Path: Network/DNS/DNSCrypt
|
|
||||||
## Description: Optional plugin (1)
|
|
||||||
## Type: string
|
|
||||||
## Default: ""
|
|
||||||
#
|
|
||||||
# Use the given dnscrypt plugin.
|
|
||||||
#
|
|
||||||
DNSCRYPT_PLUGIN1=
|
|
||||||
|
|
||||||
## Path: Network/DNS/DNSCrypt
|
|
||||||
## Description: Optional plugin (2)
|
|
||||||
## Type: string
|
|
||||||
## Default: ""
|
|
||||||
#
|
|
||||||
# Use the given dnscrypt plugin.
|
|
||||||
#
|
|
||||||
DNSCRYPT_PLUGIN2=
|
|
||||||
|
|
||||||
## Path: Network/DNS/DNSCrypt
|
|
||||||
## Description: Optional plugin (3)
|
|
||||||
## Type: string
|
|
||||||
## Default: ""
|
|
||||||
#
|
|
||||||
# Use the given dnscrypt plugin.
|
|
||||||
#
|
|
||||||
DNSCRYPT_PLUGIN3=
|
|
||||||
|
|
||||||
## Path: Network/DNS/DNSCrypt
|
|
||||||
## Description: Optional plugin (4)
|
|
||||||
## Type: string
|
|
||||||
## Default: ""
|
|
||||||
#
|
|
||||||
# Use the given dnscrypt plugin.
|
|
||||||
#
|
|
||||||
DNSCRYPT_PLUGIN4=
|
|
||||||
|
|
||||||
## Path: Network/DNS/DNSCrypt
|
|
||||||
## Description: Other options
|
|
||||||
## Type: string
|
|
||||||
## Default: ""
|
|
||||||
#
|
|
||||||
# Additional user options
|
|
||||||
#
|
|
||||||
DNSCRYPT_OPTIONS=
|
|
||||||
|
|
||||||
## Path: Network/DNS/DNSCrypt
|
|
||||||
## Description: Use ephemeral keys
|
|
||||||
## Type: string
|
|
||||||
## Default: "yes"
|
|
||||||
#
|
|
||||||
# Enable ephemeral keys for connections.
|
|
||||||
#
|
|
||||||
DNSCRYPT_EPHEMERAL_KEYS=
|
|
57
sysconfig.dnscrypt-proxy
Normal file
57
sysconfig.dnscrypt-proxy
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
## Path: Network/DNS/DNSCrypt
|
||||||
|
## Description: Run daemon under specified user
|
||||||
|
## Type: string
|
||||||
|
## Default: "dnscrypt"
|
||||||
|
#
|
||||||
|
# The recommended user is 'dnscrypt' but the empty value will not pass
|
||||||
|
# any --user parameter to dnscrypt-proxy if this is desired by the user.
|
||||||
|
#
|
||||||
|
DNSCRYPT_USER="dnscrypt"
|
||||||
|
|
||||||
|
## Path: Network/DNS/DNSCrypt
|
||||||
|
## Description: Resolver name
|
||||||
|
## Type: string
|
||||||
|
## Default: "cisco"
|
||||||
|
#
|
||||||
|
# Short name of resolver, see /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
|
||||||
|
# for the full list.
|
||||||
|
#
|
||||||
|
DNSCRYPT_RESOLVER_NAME="cisco"
|
||||||
|
|
||||||
|
## Path: Network/DNS/DNSCrypt
|
||||||
|
## Description: Log level
|
||||||
|
## Type: string
|
||||||
|
## Default: "7"
|
||||||
|
#
|
||||||
|
# Don't log events with priority above this level after the service has been
|
||||||
|
# started up.
|
||||||
|
#
|
||||||
|
# Valid values are:
|
||||||
|
# 0 (system is unusable)
|
||||||
|
# 1 (action must be taken immediately)
|
||||||
|
# 2 (critical conditions)
|
||||||
|
# 3 (error conditions)
|
||||||
|
# 4 (warning conditions)
|
||||||
|
# 5 (normal but significant condition)
|
||||||
|
# 6 (informational)
|
||||||
|
# 7 (debug-level messages)
|
||||||
|
#
|
||||||
|
DNSCRYPT_LOGLEVEL="7"
|
||||||
|
|
||||||
|
## Path: Network/DNS/DNSCrypt
|
||||||
|
## Description: Other options
|
||||||
|
## Type: string
|
||||||
|
## Default: ""
|
||||||
|
#
|
||||||
|
# Additional user options, plugin can be configured here
|
||||||
|
#
|
||||||
|
DNSCRYPT_OPTIONS=""
|
||||||
|
|
||||||
|
## Path: Network/DNS/DNSCrypt
|
||||||
|
## Description: Use ephemeral keys
|
||||||
|
## Type: string
|
||||||
|
## Default: "--ephemeral-keys"
|
||||||
|
#
|
||||||
|
# Enable ephemeral keys for connections.
|
||||||
|
#
|
||||||
|
DNSCRYPT_EPHEMERAL_KEYS="--ephemeral-keys"
|
Loading…
Reference in New Issue
Block a user