Accepting request 820018 from server:dns
In order to satisfy https://build.opensuse.org/request/show/817415#comment-1258559 i created https://build.opensuse.org/request/show/818413 to wipe out those 2 packages. With accept of https://build.opensuse.org/request/show/817415 this not necessary anymore? Please consider setting 'url' and 'description' in Factory package meta file to values of devel package (or part of it). dnscrypt-proxy v2 differs significantly from v1. OBS-URL: https://build.opensuse.org/request/show/820018 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dnscrypt-proxy?expand=0&rev=6
This commit is contained in:
commit
f9ce9a637e
@ -1,27 +1,73 @@
|
||||
Some tips:
|
||||
***************************************************************************
|
||||
* *
|
||||
* README.openSUSE last edited for version 2.0.44 *
|
||||
* *
|
||||
***************************************************************************
|
||||
|
||||
1. Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first!
|
||||
|
||||
2. Override "ListenStream" and "ListenDatagram" for dnscrypt-proxy.socket
|
||||
according to your setup, especially if dnscrypt-proxy should not be used as
|
||||
your primary name resolver.
|
||||
In this case you might want to forward queries from a tool
|
||||
like "dnsmasq" to dnscrypt-proxy.
|
||||
Then the later should probably not listen on the default adress/port.
|
||||
Some hints:
|
||||
-----------
|
||||
|
||||
3. If running via systemd, start as root once with
|
||||
Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first!
|
||||
|
||||
A.
|
||||
If dnscrypt-proxy should act as your primary resolver and only listen at
|
||||
127.0.0.1:53, start as root once with
|
||||
|
||||
$ systemctl start dnscrypt-proxy.socket
|
||||
|
||||
For always activating, do
|
||||
and if you don't want to repeat this after next boots, do
|
||||
|
||||
$ systemctl enable dnscrypt-proxy.socket
|
||||
|
||||
4. Alternatively dnscrypt-proxy.service can be used the same way.
|
||||
This will require you to set or uncomment "listen_addresses" in
|
||||
/etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
||||
In this case the socket configuration described in (2.)
|
||||
has to be done in this file directly.
|
||||
|
||||
B.
|
||||
If you have some other resolver listening on 127.0.0.1:53 that should forward
|
||||
queries to dnscrypt-proxy it is recommended to create as root the directory
|
||||
|
||||
/etc/systemd/system/dnscrypt-proxy.socket.d
|
||||
|
||||
and copy the file
|
||||
|
||||
dnscrypt-proxy.socket.conf
|
||||
|
||||
into the created directory.
|
||||
An example file should be available in this doc directory:
|
||||
/usr/share/doc/packages/dnscrypt-proxy
|
||||
|
||||
Afterwards you have to start/enable the socket unit as described above in A.
|
||||
Additionally your primary resolver has to be configured to forward requests to
|
||||
the address specified in file dnscrypt-proxy.socket.conf - 127.0.0.1:5353 for
|
||||
example.
|
||||
|
||||
|
||||
C.
|
||||
Alternatively the unit dnscrypt-proxy.service can be used the same way as the
|
||||
socket unit described in A for starting and enabling.
|
||||
|
||||
This will require you to set "listen_addresses" in file
|
||||
|
||||
/etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
||||
|
||||
In this case dnscrypt-proxy has to setup the sockets itself and because it is
|
||||
by default executed as user "dnscrypt" it is not allowed to listen on
|
||||
ports < 1024.
|
||||
|
||||
If dnscrypt-proxy should listen on these lower ports
|
||||
a) the socket unit should be used or
|
||||
b) the program has to be started directly by root or
|
||||
c) the user settings in the service unit have to be overridden
|
||||
as described in B with files ending with ".conf"
|
||||
in a to be created directory at
|
||||
|
||||
/etc/systemd/system/dnscrypt-proxy.service.d
|
||||
|
||||
|
||||
D.
|
||||
The socket OR the service unit should be started/enabled - not both.
|
||||
If the socket unit is used, it will start the service unit when queries are sent
|
||||
to one of its configured addresses.
|
||||
|
||||
If using systemd, the PID should be available in file
|
||||
/run/dnscrypt-proxy/dnscrypt-proxy.pid
|
||||
|
||||
|
@ -1,3 +1,14 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 30 12:00:00 UTC 2020 - cunix@mail.de
|
||||
|
||||
- Made PID available in /run/dnscrypt-proxy/dnscrypt-proxy.pid
|
||||
through systemd service unit.
|
||||
|
||||
- README.openSUSE updated.
|
||||
|
||||
- dnscrypt-proxy.socket.conf added as example for a systemd
|
||||
drop-in file to override the socket unit.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 12 12:00:00 UTC 2020 - cunix@mail.de - 2.0.44
|
||||
|
||||
|
@ -2,7 +2,8 @@
|
||||
Description=DNSCrypt-proxy client
|
||||
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
||||
# with openSUSE changes
|
||||
Requires=dnscrypt-proxy.socket
|
||||
Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
|
||||
PartOf=dnscrypt-proxy.socket
|
||||
After=network.target
|
||||
Before=nss-lookup.target
|
||||
Wants=nss-lookup.target
|
||||
@ -12,6 +13,10 @@ NonBlocking=true
|
||||
|
||||
ExecStart=/usr/sbin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
||||
|
||||
# May substitute command line option "pidfile".
|
||||
PIDFile=/run/dnscrypt-proxy/dnscrypt-proxy.pid
|
||||
ExecStartPost=-/bin/bash -c '/bin/echo -n $MAINPID > /run/dnscrypt-proxy/dnscrypt-proxy.pid'
|
||||
|
||||
Group=dnscrypt
|
||||
User=dnscrypt
|
||||
WorkingDirectory=~
|
||||
@ -26,5 +31,5 @@ ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
|
||||
[Install]
|
||||
Also=dnscrypt-proxy.socket
|
||||
# Also=dnscrypt-proxy.socket
|
||||
WantedBy=multi-user.target
|
||||
|
@ -2,6 +2,7 @@
|
||||
Description=DNSCrypt-proxy socket
|
||||
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
||||
# with openSUSE changes
|
||||
Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
|
||||
Before=nss-lookup.target
|
||||
Wants=nss-lookup.target
|
||||
|
||||
|
9
dnscrypt-proxy.socket.conf
Normal file
9
dnscrypt-proxy.socket.conf
Normal file
@ -0,0 +1,9 @@
|
||||
[Unit]
|
||||
Description=DNSCrypt-proxy forward config
|
||||
Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
|
||||
|
||||
[Socket]
|
||||
ListenStream=
|
||||
ListenDatagram=
|
||||
ListenDatagram=127.0.0.1:5353
|
||||
#ListenDatagram=[::1]:5353
|
@ -41,12 +41,16 @@ Source4: find_licenses.sh
|
||||
Source5: install_licenses.sh
|
||||
# Some words
|
||||
Source6: README.openSUSE
|
||||
# Example how to override socket unit
|
||||
Source7: %{name}.socket.conf
|
||||
BuildRequires: golang(API) >= 1.14
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: shadow
|
||||
BuildRequires: systemd-rpm-macros
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
# For systemd pidfile solution.
|
||||
Requires: bash
|
||||
# for daemon group/user
|
||||
Requires(pre): shadow
|
||||
%{?systemd_requires}
|
||||
@ -81,7 +85,7 @@ sed -i "s/## This is an example configuration file./## This is a configuration f
|
||||
sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blacklists/generate-domains-blacklist.py
|
||||
|
||||
%build
|
||||
cd dnscrypt-proxy
|
||||
cd %{name}
|
||||
go build -mod=vendor -buildmode=pie
|
||||
|
||||
%install
|
||||
@ -91,8 +95,7 @@ install -D -d -m 0750 \
|
||||
%{buildroot}%{home_dir} \
|
||||
%{buildroot}%{config_dir}
|
||||
|
||||
install -D -d -m 0755 \
|
||||
%{buildroot}%{_datadir}/%{name}/
|
||||
install -D -d -m 0755 %{buildroot}%{_datadir}/%{name}/
|
||||
|
||||
# Binary
|
||||
install -D -m 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name}
|
||||
@ -132,6 +135,9 @@ bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
|
||||
# Some hints. Improvements and feedback welcome!
|
||||
cp %{SOURCE6} README.openSUSE
|
||||
|
||||
# Example drop-in.
|
||||
cp %{SOURCE7} %{name}.socket.conf
|
||||
|
||||
%pre
|
||||
# group and user
|
||||
getent group %{user_group} >/dev/null || %{_sbindir}/groupadd -r %{user_group}
|
||||
@ -166,7 +172,7 @@ getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group
|
||||
%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
|
||||
%dir %attr(0750,%{user_group},%{user_group}) %{log_dir}
|
||||
%{_docdir}/%{name}/
|
||||
%doc ChangeLog README.md README.openSUSE
|
||||
%doc ChangeLog README.md README.openSUSE %{name}.socket.conf
|
||||
%license LICENSE
|
||||
%{_licensedir}/%{name}/%{vlic_dir}/
|
||||
|
||||
|
@ -1,6 +1,10 @@
|
||||
# the socket unit should listen
|
||||
s/listen_addresses = \['127.0.0.1:53']/#listen_addresses = ['127.0.0.1:53']\nlisten_addresses = []/
|
||||
|
||||
# point to shipped distro specific documentation
|
||||
12c\\n##********************************************************************##\n## ##
|
||||
13c\## README.openSUSE in directory ##\n## \/usr\/share\/doc\/packages\/dnscrypt-proxy ##\n## might be useful to read. ##\n## ##\n##********************************************************************##
|
||||
|
||||
# absolute paths by default
|
||||
s/# log_file = 'dnscrypt-proxy.log'/# log_file = '\/var\/log\/dnscrypt-proxy\/dnscrypt-proxy.log'/
|
||||
s/# forwarding_rules = 'forwarding-rules.txt'/# forwarding_rules = '\/etc\/dnscrypt-proxy\/forwarding-rules.txt'/
|
||||
|
Loading…
Reference in New Issue
Block a user