Accepting request 820018 from server:dns

In order to satisfy https://build.opensuse.org/request/show/817415#comment-1258559 i created https://build.opensuse.org/request/show/818413 to wipe out those 2 packages. With accept of https://build.opensuse.org/request/show/817415 this not necessary anymore? Please consider setting 'url' and 'description' in Factory package meta file to values of devel package (or part of it). dnscrypt-proxy v2 differs significantly from v1. OBS-URL: https://build.opensuse.org/request/show/820018 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dnscrypt-proxy?expand=0&rev=6
2020-07-14 05:57:54 +00:00 · 2020-07-14 05:57:54 +00:00 · f9ce9a637e
commit f9ce9a637e
parent 1e3a7d6b24 1e6073025e
7 changed files with 103 additions and 21 deletions
--- a/README.openSUSE
+++ b/README.openSUSE
@ -1,27 +1,73 @@
-Some tips:
+***************************************************************************
+*                                                                         *
+*            README.openSUSE last edited for version 2.0.44               *
+*                                                                         *
+***************************************************************************

-1. Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first!

-2. Override "ListenStream" and "ListenDatagram" for dnscrypt-proxy.socket
-   according to your setup, especially if dnscrypt-proxy should not be used as
-   your primary name resolver.
-   In this case you might want to forward queries from a tool
-   like "dnsmasq" to dnscrypt-proxy.
-   Then the later should probably not listen on the default adress/port.
+Some hints:
+-----------

-3. If running via systemd, start as root once with
+Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first!
+
+A.
+If dnscrypt-proxy should act as your primary resolver and only listen at
+127.0.0.1:53, start as root once with

      $ systemctl start dnscrypt-proxy.socket

-   For always activating, do
+  and if you don't want to repeat this after next boots, do

      $ systemctl enable dnscrypt-proxy.socket

-4. Alternatively dnscrypt-proxy.service can be used the same way.
-   This will require you to set or uncomment "listen_addresses" in
-   /etc/dnscrypt-proxy/dnscrypt-proxy.toml
-   In this case the socket configuration described in (2.)
-   has to be done in this file directly.
+
+B.
+If you have some other resolver listening on 127.0.0.1:53 that should forward
+queries to dnscrypt-proxy it is recommended to create as root the directory
+
+/etc/systemd/system/dnscrypt-proxy.socket.d
+
+and copy the file
+
+dnscrypt-proxy.socket.conf
+
+into the created directory.
+An example  file should be available in this doc directory:
+/usr/share/doc/packages/dnscrypt-proxy
+
+Afterwards you have to start/enable the socket unit as described above in A.
+Additionally your primary resolver has to be configured to forward requests to
+the address specified in file dnscrypt-proxy.socket.conf - 127.0.0.1:5353 for
+example.


+C.
+Alternatively the unit dnscrypt-proxy.service can be used the same way as the
+socket unit described in A for starting and enabling.
+
+This will require you to set "listen_addresses" in file
+
+/etc/dnscrypt-proxy/dnscrypt-proxy.toml
+
+In this case dnscrypt-proxy has to setup the sockets itself and because it is
+by default executed as user "dnscrypt" it is not allowed to listen on
+ports < 1024.
+
+If dnscrypt-proxy should listen on these lower ports
+a) the socket unit should be used or
+b) the program has to be started directly by root or
+c) the user settings in the service unit have to be overridden
+   as described in B with files ending with ".conf"
+   in a to be created directory at
+
+   /etc/systemd/system/dnscrypt-proxy.service.d
+
+
+D.
+The socket OR the service unit should be started/enabled - not both.
+If the socket unit is used, it will start the service unit when queries are sent
+to one of its configured addresses.
+
+If using systemd, the PID should be available in file
+/run/dnscrypt-proxy/dnscrypt-proxy.pid

--- a/dnscrypt-proxy.changes
+++ b/dnscrypt-proxy.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Tue Jun 30 12:00:00 UTC 2020 - cunix@mail.de
+
+- Made PID available in /run/dnscrypt-proxy/dnscrypt-proxy.pid
+  through systemd service unit.
+
+- README.openSUSE updated.
+
+- dnscrypt-proxy.socket.conf added as example for a systemd
+  drop-in file to override the socket unit.
+
 -------------------------------------------------------------------
 Fri Jun 12 12:00:00 UTC 2020 - cunix@mail.de - 2.0.44

--- a/dnscrypt-proxy.service
+++ b/dnscrypt-proxy.service
@ -2,7 +2,8 @@
 Description=DNSCrypt-proxy client
 Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
 # with openSUSE changes
-Requires=dnscrypt-proxy.socket
+Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
+PartOf=dnscrypt-proxy.socket
 After=network.target
 Before=nss-lookup.target
 Wants=nss-lookup.target
@ -12,6 +13,10 @@ NonBlocking=true

 ExecStart=/usr/sbin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml

+# May substitute command line option "pidfile".
+PIDFile=/run/dnscrypt-proxy/dnscrypt-proxy.pid
+ExecStartPost=-/bin/bash -c '/bin/echo -n $MAINPID > /run/dnscrypt-proxy/dnscrypt-proxy.pid'
+
 Group=dnscrypt
 User=dnscrypt
 WorkingDirectory=~
@ -26,5 +31,5 @@ ProtectControlGroups=yes
 ProtectKernelModules=yes

 [Install]
-Also=dnscrypt-proxy.socket
+# Also=dnscrypt-proxy.socket
 WantedBy=multi-user.target
--- a/dnscrypt-proxy.socket
+++ b/dnscrypt-proxy.socket
@ -2,6 +2,7 @@
 Description=DNSCrypt-proxy socket
 Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
 # with openSUSE changes
+Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
 Before=nss-lookup.target
 Wants=nss-lookup.target

--- a/dnscrypt-proxy.socket.conf
+++ b/dnscrypt-proxy.socket.conf
@ -0,0 +1,9 @@
+[Unit]
+Description=DNSCrypt-proxy forward config
+Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
+
+[Socket]
+ListenStream=
+ListenDatagram=
+ListenDatagram=127.0.0.1:5353
+#ListenDatagram=[::1]:5353
--- a/dnscrypt-proxy.spec
+++ b/dnscrypt-proxy.spec
@ -41,12 +41,16 @@ Source4:        find_licenses.sh
 Source5:        install_licenses.sh
 # Some words
 Source6:        README.openSUSE
+# Example how to override socket unit
+Source7:        %{name}.socket.conf
 BuildRequires:  golang(API) >= 1.14
 BuildRequires:  golang-packaging
 BuildRequires:  pkgconfig
 BuildRequires:  shadow
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  pkgconfig(libsystemd)
+# For systemd pidfile solution.
+Requires:       bash
 # for daemon group/user
 Requires(pre):  shadow
 %{?systemd_requires}
@ -81,7 +85,7 @@ sed -i "s/## This is an example configuration file./## This is a configuration f
 sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blacklists/generate-domains-blacklist.py

 %build
-cd dnscrypt-proxy
+cd %{name}
 go build -mod=vendor -buildmode=pie

 %install
@ -91,8 +95,7 @@ install -D -d -m 0750               \
  %{buildroot}%{home_dir}           \
  %{buildroot}%{config_dir}

-install -D -d -m 0755               \
-  %{buildroot}%{_datadir}/%{name}/
+install -D -d -m 0755 %{buildroot}%{_datadir}/%{name}/

 # Binary
 install -D -m 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name}
@ -132,6 +135,9 @@ bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
 # Some hints. Improvements and feedback welcome!
 cp %{SOURCE6} README.openSUSE

+# Example drop-in.
+cp %{SOURCE7} %{name}.socket.conf
+
 %pre
 # group and user
 getent group %{user_group} >/dev/null || %{_sbindir}/groupadd -r %{user_group}
@ -166,7 +172,7 @@ getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group
 %dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
 %dir %attr(0750,%{user_group},%{user_group}) %{log_dir}
 %{_docdir}/%{name}/
-%doc ChangeLog README.md README.openSUSE
+%doc ChangeLog README.md README.openSUSE %{name}.socket.conf
 %license LICENSE
 %{_licensedir}/%{name}/%{vlic_dir}/

--- a/example-dnscrypt-proxy.toml.sed
+++ b/example-dnscrypt-proxy.toml.sed
@ -1,6 +1,10 @@
 # the socket unit should listen
 s/listen_addresses = \['127.0.0.1:53']/#listen_addresses = ['127.0.0.1:53']\nlisten_addresses = []/

+# point to shipped distro specific documentation
+12c\\n##********************************************************************##\n##                                                                    ##
+13c\##                    README.openSUSE in directory                    ##\n##              \/usr\/share\/doc\/packages\/dnscrypt-proxy                ##\n##                       might be useful to read.                     ##\n##                                                                    ##\n##********************************************************************##
+
 # absolute paths by default
 s/# log_file = 'dnscrypt-proxy.log'/# log_file = '\/var\/log\/dnscrypt-proxy\/dnscrypt-proxy.log'/
 s/# forwarding_rules = 'forwarding-rules.txt'/# forwarding_rules = '\/etc\/dnscrypt-proxy\/forwarding-rules.txt'/