Accepting request 864131 from server:dns
Added optional resolvconf support via systemd unit. OBS-URL: https://build.opensuse.org/request/show/864131 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dnscrypt-proxy?expand=0&rev=9
This commit is contained in:
commit
369879eef2
@ -1,6 +1,6 @@
|
|||||||
***************************************************************************
|
***************************************************************************
|
||||||
* *
|
* *
|
||||||
* README.openSUSE last edited by cunix for version 2.0.44 *
|
* README.openSUSE last edited by cunix for version 2.0.45 *
|
||||||
* *
|
* *
|
||||||
***************************************************************************
|
***************************************************************************
|
||||||
|
|
||||||
@ -43,7 +43,7 @@ example.
|
|||||||
|
|
||||||
C.
|
C.
|
||||||
Alternatively the unit dnscrypt-proxy.service can be used the same way as the
|
Alternatively the unit dnscrypt-proxy.service can be used the same way as the
|
||||||
socket unit described in A for starting and enabling.
|
socket unit described in A. for starting and enabling.
|
||||||
|
|
||||||
This will require you to set "listen_addresses" in file
|
This will require you to set "listen_addresses" in file
|
||||||
|
|
||||||
@ -56,18 +56,78 @@ ports < 1024.
|
|||||||
If dnscrypt-proxy should listen on these lower ports
|
If dnscrypt-proxy should listen on these lower ports
|
||||||
a) the socket unit should be used or
|
a) the socket unit should be used or
|
||||||
b) the program has to be started directly by root or
|
b) the program has to be started directly by root or
|
||||||
c) the user settings in the service unit have to be overridden
|
c) the user and group settings in the service unit have to be overridden
|
||||||
as described in B with files ending with ".conf"
|
as described in B. with files ending with ".conf"
|
||||||
in a to be created directory at
|
in a to be created directory at
|
||||||
|
|
||||||
/etc/systemd/system/dnscrypt-proxy.service.d
|
/etc/systemd/system/dnscrypt-proxy.service.d
|
||||||
|
|
||||||
|
|
||||||
D.
|
D.
|
||||||
The socket OR the service unit should be started/enabled - not both.
|
To make applications aware of the local domain name resolver and
|
||||||
If the socket unit is used, it will start the service unit when queries are sent
|
to make the setups described above operational, you might have
|
||||||
to one of its configured addresses.
|
to add a line like for example
|
||||||
|
|
||||||
|
nameserver 127.0.0.1
|
||||||
|
|
||||||
|
to the file
|
||||||
|
|
||||||
|
/etc/resolv.conf
|
||||||
|
|
||||||
|
|
||||||
|
E.
|
||||||
|
If dnscrypt-proxy should be started by socket activation as described
|
||||||
|
in A. or B. and step D. should be automated, "resolvconf" can be utilized:
|
||||||
|
|
||||||
|
- Package "openresolv" has to be installed.
|
||||||
|
|
||||||
|
- Instead of the unit dnscrypt-proxy.socket or dnscrypt-proxy.service ,
|
||||||
|
the systemd unit dnscrypt-proxy-resolvconf.service has to be used.
|
||||||
|
|
||||||
|
- The file /etc/resolv.conf will be edited temporarily.
|
||||||
|
Do not use this approach if this unintended.
|
||||||
|
|
||||||
|
- You should be aware of and ready to deal with possible fallout taking this
|
||||||
|
not really tested route.
|
||||||
|
For example manual edits to /etc/resolv.conf will be lost if resolvconf is
|
||||||
|
in control of this file, the clean-up on shutdown might fail, custom
|
||||||
|
or invalid resolvconf configuration might prevent startup of dnscrypt-proxy
|
||||||
|
and possibly more, ...
|
||||||
|
|
||||||
|
Make sure the other units are deactivated (as root):
|
||||||
|
|
||||||
|
$ systemctl stop dnscrypt-proxy.socket
|
||||||
|
|
||||||
|
$ systemctl disable dnscrypt-proxy.socket
|
||||||
|
|
||||||
|
$ systemctl stop dnscrypt-proxy.service
|
||||||
|
|
||||||
|
$ systemctl disable dnscrypt-proxy.service
|
||||||
|
|
||||||
|
Now start, and if you don't want to restart manually after reboot,
|
||||||
|
enable (as root):
|
||||||
|
|
||||||
|
$ systemctl start dnscrypt-proxy-resolvconf.service
|
||||||
|
|
||||||
|
$ systemctl enable dnscrypt-proxy-resolvconf.service
|
||||||
|
|
||||||
|
This will not work as intended for a setup as described in C., where
|
||||||
|
the "listen_addresses" is not configured through the socket unit.
|
||||||
|
|
||||||
|
|
||||||
|
F.
|
||||||
|
The socket OR one of the service unit should be started/enabled - not all
|
||||||
|
and not two of them.
|
||||||
|
|
||||||
|
If the socket unit is used, it will start the dnscrypt-proxy.service unit
|
||||||
|
when queries are sent to one of its configured addresses.
|
||||||
|
|
||||||
|
On the other hand dnscrypt-proxy-resolvconf.service can be made responsible for
|
||||||
|
activating dnscrypt-proxy.socket.
|
||||||
|
|
||||||
|
|
||||||
|
G.
|
||||||
If using systemd, the PID should be available in file
|
If using systemd, the PID should be available in file
|
||||||
|
|
||||||
/run/dnscrypt-proxy/dnscrypt-proxy.pid
|
/run/dnscrypt-proxy/dnscrypt-proxy.pid
|
||||||
|
|
||||||
|
25
dnscrypt-proxy-resolvconf.service
Normal file
25
dnscrypt-proxy-resolvconf.service
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=DNSCrypt proxy resolvconf support
|
||||||
|
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
||||||
|
# with openSUSE changes
|
||||||
|
Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
|
||||||
|
Before=nss-lookup.target
|
||||||
|
Wants=nss-lookup.target
|
||||||
|
After=dnscrypt-proxy.socket
|
||||||
|
BindsTo=dnscrypt-proxy.socket
|
||||||
|
# available in package openresolv
|
||||||
|
ConditionFileIsExecutable=/usr/sbin/resolvconf
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=true
|
||||||
|
ExecStart=/bin/sh -c 'systemctl show dnscrypt-proxy.socket \
|
||||||
|
| grep "Listen.*Datagram" \
|
||||||
|
| cut -d "=" -f 2 \
|
||||||
|
| cut -d ":" -f 1 \
|
||||||
|
| awk \'{ print "nameserver " $1 }\' \
|
||||||
|
| /usr/sbin/resolvconf -a lo.dnscrypt-proxy'
|
||||||
|
ExecStop=/usr/sbin/resolvconf -d lo.dnscrypt-proxy
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 7 20:00:00 UTC 2021 - cunix@mail.de
|
||||||
|
|
||||||
|
- Added optional resolvconf support via systemd unit.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 4 20:00:00 UTC 2021 - cunix@mail.de
|
Mon Jan 4 20:00:00 UTC 2021 - cunix@mail.de
|
||||||
|
|
||||||
|
@ -31,5 +31,4 @@ ProtectControlGroups=yes
|
|||||||
ProtectKernelModules=yes
|
ProtectKernelModules=yes
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
# Also=dnscrypt-proxy.socket
|
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
@ -3,6 +3,7 @@ Description=DNSCrypt-proxy socket
|
|||||||
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
||||||
# with openSUSE changes
|
# with openSUSE changes
|
||||||
Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
|
Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
|
||||||
|
PartOf=dnscrypt-proxy-resolvconf.service
|
||||||
Before=nss-lookup.target
|
Before=nss-lookup.target
|
||||||
Wants=nss-lookup.target
|
Wants=nss-lookup.target
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@
|
|||||||
%define config_dir %{_sysconfdir}/%{name}
|
%define config_dir %{_sysconfdir}/%{name}
|
||||||
%define home_dir %{_localstatedir}/lib/%{name}
|
%define home_dir %{_localstatedir}/lib/%{name}
|
||||||
%define log_dir %{_localstatedir}/log/%{name}
|
%define log_dir %{_localstatedir}/log/%{name}
|
||||||
%define services %{name}.socket %{name}.service
|
%define services %{name}.socket %{name}.service %{name}-resolvconf.service
|
||||||
%define vlic_dir vendored
|
%define vlic_dir vendored
|
||||||
|
|
||||||
Name: dnscrypt-proxy
|
Name: dnscrypt-proxy
|
||||||
@ -34,16 +34,17 @@ URL: https://dnscrypt.info/
|
|||||||
Source0: https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz
|
Source0: https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz
|
||||||
Source1: %{name}.service
|
Source1: %{name}.service
|
||||||
Source2: %{name}.socket
|
Source2: %{name}.socket
|
||||||
|
Source3: %{name}-resolvconf.service
|
||||||
# File to use with sed to modify default configuration.
|
# File to use with sed to modify default configuration.
|
||||||
Source3: example-dnscrypt-proxy.toml.sed
|
Source4: example-dnscrypt-proxy.toml.sed
|
||||||
# Find licenses of vendored packages.
|
# Find licenses of vendored packages.
|
||||||
Source4: find_licenses.sh
|
Source5: find_licenses.sh
|
||||||
# Install licenses of vendored packages.
|
# Install licenses of vendored packages.
|
||||||
Source5: install_licenses.sh
|
Source6: install_licenses.sh
|
||||||
# Some words
|
# Some words
|
||||||
Source6: README.openSUSE
|
Source7: README.openSUSE
|
||||||
# Example how to override socket unit
|
# Example how to override socket unit
|
||||||
Source7: %{name}.socket.conf
|
Source8: %{name}.socket.conf
|
||||||
BuildRequires: golang-packaging
|
BuildRequires: golang-packaging
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
BuildRequires: shadow
|
BuildRequires: shadow
|
||||||
@ -56,6 +57,8 @@ Requires: bash
|
|||||||
Requires(pre): shadow
|
Requires(pre): shadow
|
||||||
%{?systemd_requires}
|
%{?systemd_requires}
|
||||||
Recommends: ca-certificates
|
Recommends: ca-certificates
|
||||||
|
# needed for resolvconf support
|
||||||
|
Suggests: openresolv
|
||||||
Provides: dnscrypt = %{version}-%{release}
|
Provides: dnscrypt = %{version}-%{release}
|
||||||
Obsoletes: dnscrypt < %{version}-%{release}
|
Obsoletes: dnscrypt < %{version}-%{release}
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
@ -68,13 +71,13 @@ such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt.
|
|||||||
%setup -q -n %{name}-%{version}
|
%setup -q -n %{name}-%{version}
|
||||||
|
|
||||||
# Find licenses of vendored packages and prepare for installation
|
# Find licenses of vendored packages and prepare for installation
|
||||||
bash %{SOURCE4} %{vlic_dir}
|
bash %{SOURCE5} %{vlic_dir}
|
||||||
|
|
||||||
# duplicate original config file
|
# duplicate original config file
|
||||||
cp ./%{name}/example-%{name}.toml ./%{name}.toml.default
|
cp ./%{name}/example-%{name}.toml ./%{name}.toml.default
|
||||||
|
|
||||||
# Edit default port and file locations
|
# Edit default port and file locations
|
||||||
sed -i -f %{SOURCE3} ./%{name}.toml.default
|
sed -i -f %{SOURCE4} ./%{name}.toml.default
|
||||||
|
|
||||||
# duplicate edited config file
|
# duplicate edited config file
|
||||||
cp ./%{name}.toml.default ./%{name}.toml
|
cp ./%{name}.toml.default ./%{name}.toml
|
||||||
@ -118,19 +121,21 @@ install -D -m 0640 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{config_
|
|||||||
# Systemd
|
# Systemd
|
||||||
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
|
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
|
||||||
install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket
|
install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket
|
||||||
|
install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}-resolvconf.service
|
||||||
|
|
||||||
# service link
|
# service link
|
||||||
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
||||||
|
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-resolvconf
|
||||||
|
|
||||||
# Vendor Licenses
|
# Vendor Licenses
|
||||||
install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir}
|
install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir}
|
||||||
bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
|
bash %{SOURCE6} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
|
||||||
|
|
||||||
# Some hints. Improvements and feedback welcome!
|
# Some hints. Improvements and feedback welcome!
|
||||||
cp %{SOURCE6} README.openSUSE
|
cp %{SOURCE7} README.openSUSE
|
||||||
|
|
||||||
# Example drop-in.
|
# Example drop-in.
|
||||||
cp %{SOURCE7} %{name}.socket.conf
|
cp %{SOURCE8} %{name}.socket.conf
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
# group and user
|
# group and user
|
||||||
@ -163,8 +168,10 @@ getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group
|
|||||||
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt
|
||||||
%{_sbindir}/%{name}
|
%{_sbindir}/%{name}
|
||||||
%{_sbindir}/rc%{name}
|
%{_sbindir}/rc%{name}
|
||||||
|
%{_sbindir}/rc%{name}-resolvconf
|
||||||
%{_unitdir}/%{name}.service
|
%{_unitdir}/%{name}.service
|
||||||
%{_unitdir}/%{name}.socket
|
%{_unitdir}/%{name}.socket
|
||||||
|
%{_unitdir}/%{name}-resolvconf.service
|
||||||
%{_datadir}/%{name}/
|
%{_datadir}/%{name}/
|
||||||
%dir %attr(0750,root,%{user_group}) %{config_dir}
|
%dir %attr(0750,root,%{user_group}) %{config_dir}
|
||||||
%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
|
%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
|
||||||
|
Loading…
Reference in New Issue
Block a user