Accepting request 864131 from server:dns
Added optional resolvconf support via systemd unit. OBS-URL: https://build.opensuse.org/request/show/864131 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dnscrypt-proxy?expand=0&rev=9
This commit is contained in:
commit
369879eef2
@ -1,6 +1,6 @@
|
||||
***************************************************************************
|
||||
* *
|
||||
* README.openSUSE last edited by cunix for version 2.0.44 *
|
||||
* README.openSUSE last edited by cunix for version 2.0.45 *
|
||||
* *
|
||||
***************************************************************************
|
||||
|
||||
@ -43,7 +43,7 @@ example.
|
||||
|
||||
C.
|
||||
Alternatively the unit dnscrypt-proxy.service can be used the same way as the
|
||||
socket unit described in A for starting and enabling.
|
||||
socket unit described in A. for starting and enabling.
|
||||
|
||||
This will require you to set "listen_addresses" in file
|
||||
|
||||
@ -56,18 +56,78 @@ ports < 1024.
|
||||
If dnscrypt-proxy should listen on these lower ports
|
||||
a) the socket unit should be used or
|
||||
b) the program has to be started directly by root or
|
||||
c) the user settings in the service unit have to be overridden
|
||||
as described in B with files ending with ".conf"
|
||||
c) the user and group settings in the service unit have to be overridden
|
||||
as described in B. with files ending with ".conf"
|
||||
in a to be created directory at
|
||||
|
||||
/etc/systemd/system/dnscrypt-proxy.service.d
|
||||
|
||||
|
||||
D.
|
||||
The socket OR the service unit should be started/enabled - not both.
|
||||
If the socket unit is used, it will start the service unit when queries are sent
|
||||
to one of its configured addresses.
|
||||
To make applications aware of the local domain name resolver and
|
||||
to make the setups described above operational, you might have
|
||||
to add a line like for example
|
||||
|
||||
nameserver 127.0.0.1
|
||||
|
||||
to the file
|
||||
|
||||
/etc/resolv.conf
|
||||
|
||||
|
||||
E.
|
||||
If dnscrypt-proxy should be started by socket activation as described
|
||||
in A. or B. and step D. should be automated, "resolvconf" can be utilized:
|
||||
|
||||
- Package "openresolv" has to be installed.
|
||||
|
||||
- Instead of the unit dnscrypt-proxy.socket or dnscrypt-proxy.service ,
|
||||
the systemd unit dnscrypt-proxy-resolvconf.service has to be used.
|
||||
|
||||
- The file /etc/resolv.conf will be edited temporarily.
|
||||
Do not use this approach if this unintended.
|
||||
|
||||
- You should be aware of and ready to deal with possible fallout taking this
|
||||
not really tested route.
|
||||
For example manual edits to /etc/resolv.conf will be lost if resolvconf is
|
||||
in control of this file, the clean-up on shutdown might fail, custom
|
||||
or invalid resolvconf configuration might prevent startup of dnscrypt-proxy
|
||||
and possibly more, ...
|
||||
|
||||
Make sure the other units are deactivated (as root):
|
||||
|
||||
$ systemctl stop dnscrypt-proxy.socket
|
||||
|
||||
$ systemctl disable dnscrypt-proxy.socket
|
||||
|
||||
$ systemctl stop dnscrypt-proxy.service
|
||||
|
||||
$ systemctl disable dnscrypt-proxy.service
|
||||
|
||||
Now start, and if you don't want to restart manually after reboot,
|
||||
enable (as root):
|
||||
|
||||
$ systemctl start dnscrypt-proxy-resolvconf.service
|
||||
|
||||
$ systemctl enable dnscrypt-proxy-resolvconf.service
|
||||
|
||||
This will not work as intended for a setup as described in C., where
|
||||
the "listen_addresses" is not configured through the socket unit.
|
||||
|
||||
|
||||
F.
|
||||
The socket OR one of the service unit should be started/enabled - not all
|
||||
and not two of them.
|
||||
|
||||
If the socket unit is used, it will start the dnscrypt-proxy.service unit
|
||||
when queries are sent to one of its configured addresses.
|
||||
|
||||
On the other hand dnscrypt-proxy-resolvconf.service can be made responsible for
|
||||
activating dnscrypt-proxy.socket.
|
||||
|
||||
|
||||
G.
|
||||
If using systemd, the PID should be available in file
|
||||
|
||||
/run/dnscrypt-proxy/dnscrypt-proxy.pid
|
||||
|
||||
|
25
dnscrypt-proxy-resolvconf.service
Normal file
25
dnscrypt-proxy-resolvconf.service
Normal file
@ -0,0 +1,25 @@
|
||||
[Unit]
|
||||
Description=DNSCrypt proxy resolvconf support
|
||||
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
||||
# with openSUSE changes
|
||||
Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
|
||||
Before=nss-lookup.target
|
||||
Wants=nss-lookup.target
|
||||
After=dnscrypt-proxy.socket
|
||||
BindsTo=dnscrypt-proxy.socket
|
||||
# available in package openresolv
|
||||
ConditionFileIsExecutable=/usr/sbin/resolvconf
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=true
|
||||
ExecStart=/bin/sh -c 'systemctl show dnscrypt-proxy.socket \
|
||||
| grep "Listen.*Datagram" \
|
||||
| cut -d "=" -f 2 \
|
||||
| cut -d ":" -f 1 \
|
||||
| awk \'{ print "nameserver " $1 }\' \
|
||||
| /usr/sbin/resolvconf -a lo.dnscrypt-proxy'
|
||||
ExecStop=/usr/sbin/resolvconf -d lo.dnscrypt-proxy
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 7 20:00:00 UTC 2021 - cunix@mail.de
|
||||
|
||||
- Added optional resolvconf support via systemd unit.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 4 20:00:00 UTC 2021 - cunix@mail.de
|
||||
|
||||
|
@ -31,5 +31,4 @@ ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
|
||||
[Install]
|
||||
# Also=dnscrypt-proxy.socket
|
||||
WantedBy=multi-user.target
|
||||
|
@ -3,6 +3,7 @@ Description=DNSCrypt-proxy socket
|
||||
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
||||
# with openSUSE changes
|
||||
Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
|
||||
PartOf=dnscrypt-proxy-resolvconf.service
|
||||
Before=nss-lookup.target
|
||||
Wants=nss-lookup.target
|
||||
|
||||
|
@ -21,7 +21,7 @@
|
||||
%define config_dir %{_sysconfdir}/%{name}
|
||||
%define home_dir %{_localstatedir}/lib/%{name}
|
||||
%define log_dir %{_localstatedir}/log/%{name}
|
||||
%define services %{name}.socket %{name}.service
|
||||
%define services %{name}.socket %{name}.service %{name}-resolvconf.service
|
||||
%define vlic_dir vendored
|
||||
|
||||
Name: dnscrypt-proxy
|
||||
@ -34,16 +34,17 @@ URL: https://dnscrypt.info/
|
||||
Source0: https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz
|
||||
Source1: %{name}.service
|
||||
Source2: %{name}.socket
|
||||
Source3: %{name}-resolvconf.service
|
||||
# File to use with sed to modify default configuration.
|
||||
Source3: example-dnscrypt-proxy.toml.sed
|
||||
Source4: example-dnscrypt-proxy.toml.sed
|
||||
# Find licenses of vendored packages.
|
||||
Source4: find_licenses.sh
|
||||
Source5: find_licenses.sh
|
||||
# Install licenses of vendored packages.
|
||||
Source5: install_licenses.sh
|
||||
Source6: install_licenses.sh
|
||||
# Some words
|
||||
Source6: README.openSUSE
|
||||
Source7: README.openSUSE
|
||||
# Example how to override socket unit
|
||||
Source7: %{name}.socket.conf
|
||||
Source8: %{name}.socket.conf
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: shadow
|
||||
@ -56,6 +57,8 @@ Requires: bash
|
||||
Requires(pre): shadow
|
||||
%{?systemd_requires}
|
||||
Recommends: ca-certificates
|
||||
# needed for resolvconf support
|
||||
Suggests: openresolv
|
||||
Provides: dnscrypt = %{version}-%{release}
|
||||
Obsoletes: dnscrypt < %{version}-%{release}
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
@ -68,13 +71,13 @@ such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt.
|
||||
%setup -q -n %{name}-%{version}
|
||||
|
||||
# Find licenses of vendored packages and prepare for installation
|
||||
bash %{SOURCE4} %{vlic_dir}
|
||||
bash %{SOURCE5} %{vlic_dir}
|
||||
|
||||
# duplicate original config file
|
||||
cp ./%{name}/example-%{name}.toml ./%{name}.toml.default
|
||||
|
||||
# Edit default port and file locations
|
||||
sed -i -f %{SOURCE3} ./%{name}.toml.default
|
||||
sed -i -f %{SOURCE4} ./%{name}.toml.default
|
||||
|
||||
# duplicate edited config file
|
||||
cp ./%{name}.toml.default ./%{name}.toml
|
||||
@ -118,19 +121,21 @@ install -D -m 0640 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{config_
|
||||
# Systemd
|
||||
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
|
||||
install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket
|
||||
install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}-resolvconf.service
|
||||
|
||||
# service link
|
||||
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
||||
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-resolvconf
|
||||
|
||||
# Vendor Licenses
|
||||
install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir}
|
||||
bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
|
||||
bash %{SOURCE6} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
|
||||
|
||||
# Some hints. Improvements and feedback welcome!
|
||||
cp %{SOURCE6} README.openSUSE
|
||||
cp %{SOURCE7} README.openSUSE
|
||||
|
||||
# Example drop-in.
|
||||
cp %{SOURCE7} %{name}.socket.conf
|
||||
cp %{SOURCE8} %{name}.socket.conf
|
||||
|
||||
%pre
|
||||
# group and user
|
||||
@ -163,8 +168,10 @@ getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group
|
||||
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt
|
||||
%{_sbindir}/%{name}
|
||||
%{_sbindir}/rc%{name}
|
||||
%{_sbindir}/rc%{name}-resolvconf
|
||||
%{_unitdir}/%{name}.service
|
||||
%{_unitdir}/%{name}.socket
|
||||
%{_unitdir}/%{name}-resolvconf.service
|
||||
%{_datadir}/%{name}/
|
||||
%dir %attr(0750,root,%{user_group}) %{config_dir}
|
||||
%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
|
||||
|
Loading…
Reference in New Issue
Block a user