Accepting request 820018 from server:dns
In order to satisfy https://build.opensuse.org/request/show/817415#comment-1258559 i created https://build.opensuse.org/request/show/818413 to wipe out those 2 packages. With accept of https://build.opensuse.org/request/show/817415 this not necessary anymore? Please consider setting 'url' and 'description' in Factory package meta file to values of devel package (or part of it). dnscrypt-proxy v2 differs significantly from v1. OBS-URL: https://build.opensuse.org/request/show/820018 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dnscrypt-proxy?expand=0&rev=6
This commit is contained in:
commit
f9ce9a637e
@ -1,27 +1,73 @@
|
|||||||
Some tips:
|
***************************************************************************
|
||||||
|
* *
|
||||||
|
* README.openSUSE last edited for version 2.0.44 *
|
||||||
|
* *
|
||||||
|
***************************************************************************
|
||||||
|
|
||||||
1. Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first!
|
|
||||||
|
|
||||||
2. Override "ListenStream" and "ListenDatagram" for dnscrypt-proxy.socket
|
Some hints:
|
||||||
according to your setup, especially if dnscrypt-proxy should not be used as
|
-----------
|
||||||
your primary name resolver.
|
|
||||||
In this case you might want to forward queries from a tool
|
|
||||||
like "dnsmasq" to dnscrypt-proxy.
|
|
||||||
Then the later should probably not listen on the default adress/port.
|
|
||||||
|
|
||||||
3. If running via systemd, start as root once with
|
Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first!
|
||||||
|
|
||||||
|
A.
|
||||||
|
If dnscrypt-proxy should act as your primary resolver and only listen at
|
||||||
|
127.0.0.1:53, start as root once with
|
||||||
|
|
||||||
$ systemctl start dnscrypt-proxy.socket
|
$ systemctl start dnscrypt-proxy.socket
|
||||||
|
|
||||||
For always activating, do
|
and if you don't want to repeat this after next boots, do
|
||||||
|
|
||||||
$ systemctl enable dnscrypt-proxy.socket
|
$ systemctl enable dnscrypt-proxy.socket
|
||||||
|
|
||||||
4. Alternatively dnscrypt-proxy.service can be used the same way.
|
|
||||||
This will require you to set or uncomment "listen_addresses" in
|
B.
|
||||||
/etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
If you have some other resolver listening on 127.0.0.1:53 that should forward
|
||||||
In this case the socket configuration described in (2.)
|
queries to dnscrypt-proxy it is recommended to create as root the directory
|
||||||
has to be done in this file directly.
|
|
||||||
|
/etc/systemd/system/dnscrypt-proxy.socket.d
|
||||||
|
|
||||||
|
and copy the file
|
||||||
|
|
||||||
|
dnscrypt-proxy.socket.conf
|
||||||
|
|
||||||
|
into the created directory.
|
||||||
|
An example file should be available in this doc directory:
|
||||||
|
/usr/share/doc/packages/dnscrypt-proxy
|
||||||
|
|
||||||
|
Afterwards you have to start/enable the socket unit as described above in A.
|
||||||
|
Additionally your primary resolver has to be configured to forward requests to
|
||||||
|
the address specified in file dnscrypt-proxy.socket.conf - 127.0.0.1:5353 for
|
||||||
|
example.
|
||||||
|
|
||||||
|
|
||||||
|
C.
|
||||||
|
Alternatively the unit dnscrypt-proxy.service can be used the same way as the
|
||||||
|
socket unit described in A for starting and enabling.
|
||||||
|
|
||||||
|
This will require you to set "listen_addresses" in file
|
||||||
|
|
||||||
|
/etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
||||||
|
|
||||||
|
In this case dnscrypt-proxy has to setup the sockets itself and because it is
|
||||||
|
by default executed as user "dnscrypt" it is not allowed to listen on
|
||||||
|
ports < 1024.
|
||||||
|
|
||||||
|
If dnscrypt-proxy should listen on these lower ports
|
||||||
|
a) the socket unit should be used or
|
||||||
|
b) the program has to be started directly by root or
|
||||||
|
c) the user settings in the service unit have to be overridden
|
||||||
|
as described in B with files ending with ".conf"
|
||||||
|
in a to be created directory at
|
||||||
|
|
||||||
|
/etc/systemd/system/dnscrypt-proxy.service.d
|
||||||
|
|
||||||
|
|
||||||
|
D.
|
||||||
|
The socket OR the service unit should be started/enabled - not both.
|
||||||
|
If the socket unit is used, it will start the service unit when queries are sent
|
||||||
|
to one of its configured addresses.
|
||||||
|
|
||||||
|
If using systemd, the PID should be available in file
|
||||||
|
/run/dnscrypt-proxy/dnscrypt-proxy.pid
|
||||||
|
|
||||||
|
@ -1,3 +1,14 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 30 12:00:00 UTC 2020 - cunix@mail.de
|
||||||
|
|
||||||
|
- Made PID available in /run/dnscrypt-proxy/dnscrypt-proxy.pid
|
||||||
|
through systemd service unit.
|
||||||
|
|
||||||
|
- README.openSUSE updated.
|
||||||
|
|
||||||
|
- dnscrypt-proxy.socket.conf added as example for a systemd
|
||||||
|
drop-in file to override the socket unit.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jun 12 12:00:00 UTC 2020 - cunix@mail.de - 2.0.44
|
Fri Jun 12 12:00:00 UTC 2020 - cunix@mail.de - 2.0.44
|
||||||
|
|
||||||
|
@ -2,7 +2,8 @@
|
|||||||
Description=DNSCrypt-proxy client
|
Description=DNSCrypt-proxy client
|
||||||
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
||||||
# with openSUSE changes
|
# with openSUSE changes
|
||||||
Requires=dnscrypt-proxy.socket
|
Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
|
||||||
|
PartOf=dnscrypt-proxy.socket
|
||||||
After=network.target
|
After=network.target
|
||||||
Before=nss-lookup.target
|
Before=nss-lookup.target
|
||||||
Wants=nss-lookup.target
|
Wants=nss-lookup.target
|
||||||
@ -12,6 +13,10 @@ NonBlocking=true
|
|||||||
|
|
||||||
ExecStart=/usr/sbin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
ExecStart=/usr/sbin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
||||||
|
|
||||||
|
# May substitute command line option "pidfile".
|
||||||
|
PIDFile=/run/dnscrypt-proxy/dnscrypt-proxy.pid
|
||||||
|
ExecStartPost=-/bin/bash -c '/bin/echo -n $MAINPID > /run/dnscrypt-proxy/dnscrypt-proxy.pid'
|
||||||
|
|
||||||
Group=dnscrypt
|
Group=dnscrypt
|
||||||
User=dnscrypt
|
User=dnscrypt
|
||||||
WorkingDirectory=~
|
WorkingDirectory=~
|
||||||
@ -26,5 +31,5 @@ ProtectControlGroups=yes
|
|||||||
ProtectKernelModules=yes
|
ProtectKernelModules=yes
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
Also=dnscrypt-proxy.socket
|
# Also=dnscrypt-proxy.socket
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
Description=DNSCrypt-proxy socket
|
Description=DNSCrypt-proxy socket
|
||||||
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
|
||||||
# with openSUSE changes
|
# with openSUSE changes
|
||||||
|
Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
|
||||||
Before=nss-lookup.target
|
Before=nss-lookup.target
|
||||||
Wants=nss-lookup.target
|
Wants=nss-lookup.target
|
||||||
|
|
||||||
|
9
dnscrypt-proxy.socket.conf
Normal file
9
dnscrypt-proxy.socket.conf
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=DNSCrypt-proxy forward config
|
||||||
|
Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
|
||||||
|
|
||||||
|
[Socket]
|
||||||
|
ListenStream=
|
||||||
|
ListenDatagram=
|
||||||
|
ListenDatagram=127.0.0.1:5353
|
||||||
|
#ListenDatagram=[::1]:5353
|
@ -41,12 +41,16 @@ Source4: find_licenses.sh
|
|||||||
Source5: install_licenses.sh
|
Source5: install_licenses.sh
|
||||||
# Some words
|
# Some words
|
||||||
Source6: README.openSUSE
|
Source6: README.openSUSE
|
||||||
|
# Example how to override socket unit
|
||||||
|
Source7: %{name}.socket.conf
|
||||||
BuildRequires: golang(API) >= 1.14
|
BuildRequires: golang(API) >= 1.14
|
||||||
BuildRequires: golang-packaging
|
BuildRequires: golang-packaging
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
BuildRequires: shadow
|
BuildRequires: shadow
|
||||||
BuildRequires: systemd-rpm-macros
|
BuildRequires: systemd-rpm-macros
|
||||||
BuildRequires: pkgconfig(libsystemd)
|
BuildRequires: pkgconfig(libsystemd)
|
||||||
|
# For systemd pidfile solution.
|
||||||
|
Requires: bash
|
||||||
# for daemon group/user
|
# for daemon group/user
|
||||||
Requires(pre): shadow
|
Requires(pre): shadow
|
||||||
%{?systemd_requires}
|
%{?systemd_requires}
|
||||||
@ -81,7 +85,7 @@ sed -i "s/## This is an example configuration file./## This is a configuration f
|
|||||||
sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blacklists/generate-domains-blacklist.py
|
sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blacklists/generate-domains-blacklist.py
|
||||||
|
|
||||||
%build
|
%build
|
||||||
cd dnscrypt-proxy
|
cd %{name}
|
||||||
go build -mod=vendor -buildmode=pie
|
go build -mod=vendor -buildmode=pie
|
||||||
|
|
||||||
%install
|
%install
|
||||||
@ -91,8 +95,7 @@ install -D -d -m 0750 \
|
|||||||
%{buildroot}%{home_dir} \
|
%{buildroot}%{home_dir} \
|
||||||
%{buildroot}%{config_dir}
|
%{buildroot}%{config_dir}
|
||||||
|
|
||||||
install -D -d -m 0755 \
|
install -D -d -m 0755 %{buildroot}%{_datadir}/%{name}/
|
||||||
%{buildroot}%{_datadir}/%{name}/
|
|
||||||
|
|
||||||
# Binary
|
# Binary
|
||||||
install -D -m 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name}
|
install -D -m 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name}
|
||||||
@ -132,6 +135,9 @@ bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
|
|||||||
# Some hints. Improvements and feedback welcome!
|
# Some hints. Improvements and feedback welcome!
|
||||||
cp %{SOURCE6} README.openSUSE
|
cp %{SOURCE6} README.openSUSE
|
||||||
|
|
||||||
|
# Example drop-in.
|
||||||
|
cp %{SOURCE7} %{name}.socket.conf
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
# group and user
|
# group and user
|
||||||
getent group %{user_group} >/dev/null || %{_sbindir}/groupadd -r %{user_group}
|
getent group %{user_group} >/dev/null || %{_sbindir}/groupadd -r %{user_group}
|
||||||
@ -166,7 +172,7 @@ getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group
|
|||||||
%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
|
%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
|
||||||
%dir %attr(0750,%{user_group},%{user_group}) %{log_dir}
|
%dir %attr(0750,%{user_group},%{user_group}) %{log_dir}
|
||||||
%{_docdir}/%{name}/
|
%{_docdir}/%{name}/
|
||||||
%doc ChangeLog README.md README.openSUSE
|
%doc ChangeLog README.md README.openSUSE %{name}.socket.conf
|
||||||
%license LICENSE
|
%license LICENSE
|
||||||
%{_licensedir}/%{name}/%{vlic_dir}/
|
%{_licensedir}/%{name}/%{vlic_dir}/
|
||||||
|
|
||||||
|
@ -1,6 +1,10 @@
|
|||||||
# the socket unit should listen
|
# the socket unit should listen
|
||||||
s/listen_addresses = \['127.0.0.1:53']/#listen_addresses = ['127.0.0.1:53']\nlisten_addresses = []/
|
s/listen_addresses = \['127.0.0.1:53']/#listen_addresses = ['127.0.0.1:53']\nlisten_addresses = []/
|
||||||
|
|
||||||
|
# point to shipped distro specific documentation
|
||||||
|
12c\\n##********************************************************************##\n## ##
|
||||||
|
13c\## README.openSUSE in directory ##\n## \/usr\/share\/doc\/packages\/dnscrypt-proxy ##\n## might be useful to read. ##\n## ##\n##********************************************************************##
|
||||||
|
|
||||||
# absolute paths by default
|
# absolute paths by default
|
||||||
s/# log_file = 'dnscrypt-proxy.log'/# log_file = '\/var\/log\/dnscrypt-proxy\/dnscrypt-proxy.log'/
|
s/# log_file = 'dnscrypt-proxy.log'/# log_file = '\/var\/log\/dnscrypt-proxy\/dnscrypt-proxy.log'/
|
||||||
s/# forwarding_rules = 'forwarding-rules.txt'/# forwarding_rules = '\/etc\/dnscrypt-proxy\/forwarding-rules.txt'/
|
s/# forwarding_rules = 'forwarding-rules.txt'/# forwarding_rules = '\/etc\/dnscrypt-proxy\/forwarding-rules.txt'/
|
||||||
|
Loading…
Reference in New Issue
Block a user