pool/dnscrypt-proxy
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1fd8aa9304
dnscrypt-proxy/dnscrypt-proxy.spec
c unix 1fd8aa9304 Accepting request 860171 from home:namtrac:branches:server:dns 
- Update to version 2.0.45
  * Configuration changes (to be required in versions 2.1.x):
    - [blacklist] has been renamed to [blocked_names]
    - [ip_blacklist] has been renamed to [blocked_ips]
    - [whitelist] has been renamed to [allowed_names]
    - generate-domains-blacklist.py has been renamed to
      generate-domains-blocklist.py, and the configuration files
      have been renamed as well.
  * dnscrypt-proxy -resolve has been completely revamped, and now
    requires the configuration file to be accessible. It will send
    a query to an IP address of the dnscrypt-proxy server by default.
    Sending queries to arbitrary servers is also supported with the
    new -resolve name,address syntax.
  * Relay lists can be set to * for automatic relay selection.
    When a wildcard is used, either for the list of servers or relays,
    the proxy ensures that relays and servers are on distinct networks.
  * Lying resolvers are detected and reported.
  * New return code: NOT_READY for queries received before the proxy
    has been initialized.
  * Server lists can't be older than a week any more, even if directory
    permissions are incorrect and cache files cannot be written.
  * New feature: allowed_ips, to configure a set of IP addresses to never
    block no matter what DNS name resolves to them.
  * Hard-coded IP addresses can be immediately returned for test queries
    sent by operating systems in order to check for connectivity and captive portals.
    Such responses can be sent even before an interface is considered as enabled by the
    operating system. This can be configured in a new section called [captive_portals].
  * On Linux, OpenBSD and FreeBSD, listen_addresses can now include IP addresses
    that haven't been assigned to an interface yet.
  * generate-domains-blocklist.py: regular expressions are now ignored in time-based entries.

OBS-URL: https://build.opensuse.org/request/show/860171
OBS-URL: https://build.opensuse.org/package/show/server:dns/dnscrypt-proxy?expand=0&rev=30
2021-01-04 18:36:28 +00:00

174 lines
6.2 KiB
RPMSpec
Raw Blame History

#
# spec file for package dnscrypt-proxy
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define _buildshell /bin/bash
%define user_group dnscrypt
%define config_dir %{_sysconfdir}/%{name}
%define home_dir %{_localstatedir}/lib/%{name}
%define log_dir %{_localstatedir}/log/%{name}
%define services %{name}.socket %{name}.service
%define vlic_dir vendored
Name: dnscrypt-proxy
Version: 2.0.45
Release: 0
Summary: A tool for securing communications between a client and a DNS resolver
License: ISC
Group: Productivity/Networking/DNS/Utilities
URL: https://dnscrypt.info/
Source0: https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz
Source1: %{name}.service
Source2: %{name}.socket
# File to use with sed to modify default configuration.
Source3: example-dnscrypt-proxy.toml.sed
# Find licenses of vendored packages.
Source4: find_licenses.sh
# Install licenses of vendored packages.
Source5: install_licenses.sh
# Some words
Source6: README.openSUSE
# Example how to override socket unit
Source7: %{name}.socket.conf
BuildRequires: golang-packaging
BuildRequires: pkgconfig
BuildRequires: shadow
BuildRequires: systemd-rpm-macros
BuildRequires: golang(API) >= 1.14
BuildRequires: pkgconfig(libsystemd)
# For systemd pidfile solution.
Requires: bash
# for daemon group/user
Requires(pre): shadow
%{?systemd_requires}
Recommends: ca-certificates
Provides: dnscrypt = %{version}-%{release}
Obsoletes: dnscrypt < %{version}-%{release}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
A flexible DNS proxy, with support for modern encrypted DNS protocols
such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt.
%prep
%setup -q -n %{name}-%{version}
# Find licenses of vendored packages and prepare for installation
bash %{SOURCE4} %{vlic_dir}
# duplicate original config file
cp ./%{name}/example-%{name}.toml ./%{name}.toml.default
# Edit default port and file locations
sed -i -f %{SOURCE3} ./%{name}.toml.default
# duplicate edited config file
cp ./%{name}.toml.default ./%{name}.toml
# Delete "example" to prevent fdupes from deleting the backup config file if run for buildroot
sed -i "s/## This is an example configuration file./## This is a configuration file./" ./dnscrypt-proxy.toml
# python path instead of env
sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blocklist/generate-domains-blocklist.py
%build
cd %{name}
go build -mod=vendor -buildmode=pie
%install
# Directories
install -D -d -m 0750 \
%{buildroot}%{log_dir} \
%{buildroot}%{home_dir} \
%{buildroot}%{config_dir}
install -D -d -m 0755 %{buildroot}%{_datadir}/%{name}/
# Binary
install -D -m 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name}
# blocklist generator
cp -a utils/generate-domains-blocklist/ %{buildroot}%{_datadir}/%{name}/
# Config files
install -D -m 0640 ./%{name}.toml %{buildroot}/%{config_dir}/%{name}.toml
install -D -m 0640 ./%{name}.toml.default %{buildroot}/%{config_dir}/%{name}.toml.default
install -D -m 0640 ./%{name}/example-blocked-names.txt %{buildroot}/%{config_dir}/blocked-names.txt
install -D -m 0640 ./%{name}/example-blocked-ips.txt %{buildroot}/%{config_dir}/blocked-ips.txt
install -D -m 0640 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{config_dir}/cloaking-rules.txt
install -D -m 0640 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{config_dir}/forwarding-rules.txt
install -D -m 0640 ./%{name}/example-allowed-names.txt %{buildroot}/%{config_dir}/allowed-names.txt
install -D -m 0640 ./%{name}/example-allowed-ips.txt %{buildroot}/%{config_dir}/allowed-ips.txt
# Systemd
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket
# service link
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
# Vendor Licenses
install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir}
bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
# Some hints. Improvements and feedback welcome!
cp %{SOURCE6} README.openSUSE
# Example drop-in.
cp %{SOURCE7} %{name}.socket.conf
%pre
# group and user
getent group %{user_group} >/dev/null || %{_sbindir}/groupadd -r %{user_group}
getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group} \
-d %{home_dir} -s /bin/false -c "DNScrypt Proxy" %{user_group}
%service_add_pre %{services}
%post
%service_add_post %{services}
%preun
%service_del_preun %{services}
%postun
%service_del_postun %{services}
%files
%doc ChangeLog README.md README.openSUSE %{name}.socket.conf
%doc dnscrypt-proxy/example-*
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/blocked-names.txt
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/blocked-ips.txt
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/cloaking-rules.txt
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/allowed-names.txt
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/allowed-ips.txt
%config %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml.default
%{_sbindir}/%{name}
%{_sbindir}/rc%{name}
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}.socket
%{_datadir}/%{name}/
%dir %attr(0750,root,%{user_group}) %{config_dir}
%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
%dir %attr(0750,%{user_group},%{user_group}) %{log_dir}
%license LICENSE
%{_licensedir}/%{name}/%{vlic_dir}/
%changelog
Reference in New Issue View Git Blame Copy Permalink