Accepting request 864131 from server:dns

Added optional resolvconf support via systemd unit. OBS-URL: https://build.opensuse.org/request/show/864131 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dnscrypt-proxy?expand=0&rev=9
2021-01-19 15:02:28 +00:00 · 2021-01-19 15:02:28 +00:00 · 369879eef2
commit 369879eef2
parent 8ceeae4f6e d240b79b45
6 changed files with 116 additions and 19 deletions
--- a/README.openSUSE
+++ b/README.openSUSE
@ -1,6 +1,6 @@
 ***************************************************************************
 *                                                                         *
-*        README.openSUSE last edited by cunix for version 2.0.44          *
+*        README.openSUSE last edited by cunix for version 2.0.45          *
 *                                                                         *
 ***************************************************************************

@ -43,7 +43,7 @@ example.

 C.
 Alternatively the unit dnscrypt-proxy.service can be used the same way as the
-socket unit described in A for starting and enabling.
+socket unit described in A. for starting and enabling.

 This will require you to set "listen_addresses" in file

@ -56,18 +56,78 @@ ports < 1024.
 If dnscrypt-proxy should listen on these lower ports
 a) the socket unit should be used or
 b) the program has to be started directly by root or
-c) the user settings in the service unit have to be overridden
-   as described in B with files ending with ".conf"
+c) the user and group settings in the service unit have to be overridden
+   as described in B. with files ending with ".conf"
   in a to be created directory at

   /etc/systemd/system/dnscrypt-proxy.service.d


 D.
-The socket OR the service unit should be started/enabled - not both.
-If the socket unit is used, it will start the service unit when queries are sent
-to one of its configured addresses.
+To make applications aware of the local domain name resolver and
+to make the setups described above operational, you might have
+to add a line like for example

+nameserver 127.0.0.1
+
+to the file
+
+/etc/resolv.conf
+
+
+E.
+If dnscrypt-proxy should be started by socket activation as described
+in A. or B. and step D. should be automated, "resolvconf" can be utilized:
+
+- Package "openresolv" has to be installed.
+
+- Instead of the unit dnscrypt-proxy.socket or dnscrypt-proxy.service ,
+  the systemd unit dnscrypt-proxy-resolvconf.service has to be used.
+
+- The file /etc/resolv.conf will be edited temporarily.
+  Do not use this approach if this unintended.
+
+- You should be aware of and ready to deal with possible fallout taking this
+  not really tested route.
+  For example manual edits to /etc/resolv.conf will be lost if resolvconf is
+  in control of this file, the clean-up on shutdown might fail, custom
+  or invalid resolvconf configuration might prevent startup of dnscrypt-proxy
+  and possibly more, ...
+
+Make sure the other units are deactivated (as root):
+
+      $ systemctl stop dnscrypt-proxy.socket
+
+      $ systemctl disable dnscrypt-proxy.socket
+
+      $ systemctl stop dnscrypt-proxy.service
+
+      $ systemctl disable dnscrypt-proxy.service
+
+Now start, and if you don't want to restart manually after reboot,
+enable (as root):
+
+      $ systemctl start dnscrypt-proxy-resolvconf.service
+
+      $ systemctl enable dnscrypt-proxy-resolvconf.service
+
+This will not work as intended for a setup as described in C., where
+the "listen_addresses" is not configured through the socket unit.
+
+
+F.
+The socket OR one of the service unit should be started/enabled - not all
+and not two of them.
+
+If the socket unit is used, it will start the dnscrypt-proxy.service unit
+when queries are sent to one of its configured addresses.
+
+On the other hand dnscrypt-proxy-resolvconf.service can be made responsible for
+activating dnscrypt-proxy.socket.
+
+
+G.
 If using systemd, the PID should be available in file
+
 /run/dnscrypt-proxy/dnscrypt-proxy.pid

--- a/dnscrypt-proxy-resolvconf.service
+++ b/dnscrypt-proxy-resolvconf.service
@ -0,0 +1,25 @@
+[Unit]
+Description=DNSCrypt proxy resolvconf support
+Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
+# with openSUSE changes
+Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
+Before=nss-lookup.target
+Wants=nss-lookup.target
+After=dnscrypt-proxy.socket
+BindsTo=dnscrypt-proxy.socket
+# available in package openresolv
+ConditionFileIsExecutable=/usr/sbin/resolvconf
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStart=/bin/sh -c 'systemctl show dnscrypt-proxy.socket \
+                    | grep "Listen.*Datagram" \
+                    | cut -d "=" -f 2 \
+                    | cut -d ":" -f 1 \
+                    | awk \'{ print "nameserver " $1 }\' \
+                    | /usr/sbin/resolvconf -a lo.dnscrypt-proxy'
+ExecStop=/usr/sbin/resolvconf -d lo.dnscrypt-proxy
+
+[Install]
+WantedBy=multi-user.target
--- a/dnscrypt-proxy.changes
+++ b/dnscrypt-proxy.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Jan  7 20:00:00 UTC 2021 - cunix@mail.de
+
+- Added optional resolvconf support via systemd unit.
+
 -------------------------------------------------------------------
 Mon Jan  4 20:00:00 UTC 2021 - cunix@mail.de

--- a/dnscrypt-proxy.service
+++ b/dnscrypt-proxy.service
@ -31,5 +31,4 @@ ProtectControlGroups=yes
 ProtectKernelModules=yes

 [Install]
-# Also=dnscrypt-proxy.socket
 WantedBy=multi-user.target
--- a/dnscrypt-proxy.socket
+++ b/dnscrypt-proxy.socket
@ -3,6 +3,7 @@ Description=DNSCrypt-proxy socket
 Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
 # with openSUSE changes
 Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
+PartOf=dnscrypt-proxy-resolvconf.service
 Before=nss-lookup.target
 Wants=nss-lookup.target

--- a/dnscrypt-proxy.spec
+++ b/dnscrypt-proxy.spec
@ -21,7 +21,7 @@
 %define config_dir  %{_sysconfdir}/%{name}
 %define home_dir    %{_localstatedir}/lib/%{name}
 %define log_dir     %{_localstatedir}/log/%{name}
-%define services    %{name}.socket %{name}.service
+%define services    %{name}.socket %{name}.service %{name}-resolvconf.service
 %define vlic_dir  vendored

 Name:           dnscrypt-proxy
@ -34,16 +34,17 @@ URL:            https://dnscrypt.info/
 Source0:        https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz
 Source1:        %{name}.service
 Source2:        %{name}.socket
+Source3:        %{name}-resolvconf.service
 # File to use with sed to modify default configuration.
-Source3:        example-dnscrypt-proxy.toml.sed
+Source4:        example-dnscrypt-proxy.toml.sed
 # Find licenses of vendored packages.
-Source4:        find_licenses.sh
+Source5:        find_licenses.sh
 # Install licenses of vendored packages.
-Source5:        install_licenses.sh
+Source6:        install_licenses.sh
 # Some words
-Source6:        README.openSUSE
+Source7:        README.openSUSE
 # Example how to override socket unit
-Source7:        %{name}.socket.conf
+Source8:        %{name}.socket.conf
 BuildRequires:  golang-packaging
 BuildRequires:  pkgconfig
 BuildRequires:  shadow
@ -56,6 +57,8 @@ Requires:       bash
 Requires(pre):  shadow
 %{?systemd_requires}
 Recommends:     ca-certificates
+# needed for resolvconf support
+Suggests:       openresolv
 Provides:       dnscrypt = %{version}-%{release}
 Obsoletes:      dnscrypt < %{version}-%{release}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@ -68,13 +71,13 @@ such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt.
 %setup -q -n %{name}-%{version}

 # Find licenses of vendored packages and prepare for installation
-bash %{SOURCE4} %{vlic_dir}
+bash %{SOURCE5} %{vlic_dir}

 # duplicate original config file
 cp ./%{name}/example-%{name}.toml ./%{name}.toml.default

 # Edit default port and file locations
-sed -i -f %{SOURCE3} ./%{name}.toml.default
+sed -i -f %{SOURCE4} ./%{name}.toml.default

 # duplicate edited config file
 cp ./%{name}.toml.default ./%{name}.toml
@ -118,19 +121,21 @@ install -D -m 0640 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{config_
 # Systemd
 install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
 install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket
+install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}-resolvconf.service

 # service link
 ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
+ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-resolvconf

 # Vendor Licenses
 install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir}
-bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
+bash %{SOURCE6} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}

 # Some hints. Improvements and feedback welcome!
-cp %{SOURCE6} README.openSUSE
+cp %{SOURCE7} README.openSUSE

 # Example drop-in.
-cp %{SOURCE7} %{name}.socket.conf
+cp %{SOURCE8} %{name}.socket.conf

 %pre
 # group and user
@ -163,8 +168,10 @@ getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group
 %config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt
 %{_sbindir}/%{name}
 %{_sbindir}/rc%{name}
+%{_sbindir}/rc%{name}-resolvconf
 %{_unitdir}/%{name}.service
 %{_unitdir}/%{name}.socket
+%{_unitdir}/%{name}-resolvconf.service
 %{_datadir}/%{name}/
 %dir %attr(0750,root,%{user_group}) %{config_dir}
 %dir %attr(0750,%{user_group},%{user_group}) %{home_dir}