1fd8aa9304
- Update to version 2.0.45 * Configuration changes (to be required in versions 2.1.x): - [blacklist] has been renamed to [blocked_names] - [ip_blacklist] has been renamed to [blocked_ips] - [whitelist] has been renamed to [allowed_names] - generate-domains-blacklist.py has been renamed to generate-domains-blocklist.py, and the configuration files have been renamed as well. * dnscrypt-proxy -resolve has been completely revamped, and now requires the configuration file to be accessible. It will send a query to an IP address of the dnscrypt-proxy server by default. Sending queries to arbitrary servers is also supported with the new -resolve name,address syntax. * Relay lists can be set to * for automatic relay selection. When a wildcard is used, either for the list of servers or relays, the proxy ensures that relays and servers are on distinct networks. * Lying resolvers are detected and reported. * New return code: NOT_READY for queries received before the proxy has been initialized. * Server lists can't be older than a week any more, even if directory permissions are incorrect and cache files cannot be written. * New feature: allowed_ips, to configure a set of IP addresses to never block no matter what DNS name resolves to them. * Hard-coded IP addresses can be immediately returned for test queries sent by operating systems in order to check for connectivity and captive portals. Such responses can be sent even before an interface is considered as enabled by the operating system. This can be configured in a new section called [captive_portals]. * On Linux, OpenBSD and FreeBSD, listen_addresses can now include IP addresses that haven't been assigned to an interface yet. * generate-domains-blocklist.py: regular expressions are now ignored in time-based entries. OBS-URL: https://build.opensuse.org/request/show/860171 OBS-URL: https://build.opensuse.org/package/show/server:dns/dnscrypt-proxy?expand=0&rev=30
174 lines
6.2 KiB
RPMSpec
174 lines
6.2 KiB
RPMSpec
#
|
|
# spec file for package dnscrypt-proxy
|
|
#
|
|
# Copyright (c) 2021 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%define _buildshell /bin/bash
|
|
%define user_group dnscrypt
|
|
%define config_dir %{_sysconfdir}/%{name}
|
|
%define home_dir %{_localstatedir}/lib/%{name}
|
|
%define log_dir %{_localstatedir}/log/%{name}
|
|
%define services %{name}.socket %{name}.service
|
|
%define vlic_dir vendored
|
|
|
|
Name: dnscrypt-proxy
|
|
Version: 2.0.45
|
|
Release: 0
|
|
Summary: A tool for securing communications between a client and a DNS resolver
|
|
License: ISC
|
|
Group: Productivity/Networking/DNS/Utilities
|
|
URL: https://dnscrypt.info/
|
|
Source0: https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz
|
|
Source1: %{name}.service
|
|
Source2: %{name}.socket
|
|
# File to use with sed to modify default configuration.
|
|
Source3: example-dnscrypt-proxy.toml.sed
|
|
# Find licenses of vendored packages.
|
|
Source4: find_licenses.sh
|
|
# Install licenses of vendored packages.
|
|
Source5: install_licenses.sh
|
|
# Some words
|
|
Source6: README.openSUSE
|
|
# Example how to override socket unit
|
|
Source7: %{name}.socket.conf
|
|
BuildRequires: golang-packaging
|
|
BuildRequires: pkgconfig
|
|
BuildRequires: shadow
|
|
BuildRequires: systemd-rpm-macros
|
|
BuildRequires: golang(API) >= 1.14
|
|
BuildRequires: pkgconfig(libsystemd)
|
|
# For systemd pidfile solution.
|
|
Requires: bash
|
|
# for daemon group/user
|
|
Requires(pre): shadow
|
|
%{?systemd_requires}
|
|
Recommends: ca-certificates
|
|
Provides: dnscrypt = %{version}-%{release}
|
|
Obsoletes: dnscrypt < %{version}-%{release}
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
|
|
%description
|
|
A flexible DNS proxy, with support for modern encrypted DNS protocols
|
|
such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt.
|
|
|
|
%prep
|
|
%setup -q -n %{name}-%{version}
|
|
|
|
# Find licenses of vendored packages and prepare for installation
|
|
bash %{SOURCE4} %{vlic_dir}
|
|
|
|
# duplicate original config file
|
|
cp ./%{name}/example-%{name}.toml ./%{name}.toml.default
|
|
|
|
# Edit default port and file locations
|
|
sed -i -f %{SOURCE3} ./%{name}.toml.default
|
|
|
|
# duplicate edited config file
|
|
cp ./%{name}.toml.default ./%{name}.toml
|
|
|
|
# Delete "example" to prevent fdupes from deleting the backup config file if run for buildroot
|
|
sed -i "s/## This is an example configuration file./## This is a configuration file./" ./dnscrypt-proxy.toml
|
|
|
|
# python path instead of env
|
|
sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blocklist/generate-domains-blocklist.py
|
|
|
|
%build
|
|
cd %{name}
|
|
go build -mod=vendor -buildmode=pie
|
|
|
|
%install
|
|
# Directories
|
|
install -D -d -m 0750 \
|
|
%{buildroot}%{log_dir} \
|
|
%{buildroot}%{home_dir} \
|
|
%{buildroot}%{config_dir}
|
|
|
|
install -D -d -m 0755 %{buildroot}%{_datadir}/%{name}/
|
|
|
|
# Binary
|
|
install -D -m 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name}
|
|
|
|
# blocklist generator
|
|
cp -a utils/generate-domains-blocklist/ %{buildroot}%{_datadir}/%{name}/
|
|
|
|
# Config files
|
|
install -D -m 0640 ./%{name}.toml %{buildroot}/%{config_dir}/%{name}.toml
|
|
install -D -m 0640 ./%{name}.toml.default %{buildroot}/%{config_dir}/%{name}.toml.default
|
|
install -D -m 0640 ./%{name}/example-blocked-names.txt %{buildroot}/%{config_dir}/blocked-names.txt
|
|
install -D -m 0640 ./%{name}/example-blocked-ips.txt %{buildroot}/%{config_dir}/blocked-ips.txt
|
|
install -D -m 0640 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{config_dir}/cloaking-rules.txt
|
|
install -D -m 0640 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{config_dir}/forwarding-rules.txt
|
|
install -D -m 0640 ./%{name}/example-allowed-names.txt %{buildroot}/%{config_dir}/allowed-names.txt
|
|
install -D -m 0640 ./%{name}/example-allowed-ips.txt %{buildroot}/%{config_dir}/allowed-ips.txt
|
|
|
|
# Systemd
|
|
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
|
|
install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket
|
|
|
|
# service link
|
|
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
|
|
|
# Vendor Licenses
|
|
install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir}
|
|
bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
|
|
|
|
# Some hints. Improvements and feedback welcome!
|
|
cp %{SOURCE6} README.openSUSE
|
|
|
|
# Example drop-in.
|
|
cp %{SOURCE7} %{name}.socket.conf
|
|
|
|
%pre
|
|
# group and user
|
|
getent group %{user_group} >/dev/null || %{_sbindir}/groupadd -r %{user_group}
|
|
getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group} \
|
|
-d %{home_dir} -s /bin/false -c "DNScrypt Proxy" %{user_group}
|
|
|
|
%service_add_pre %{services}
|
|
|
|
%post
|
|
%service_add_post %{services}
|
|
|
|
%preun
|
|
%service_del_preun %{services}
|
|
|
|
%postun
|
|
%service_del_postun %{services}
|
|
|
|
%files
|
|
%doc ChangeLog README.md README.openSUSE %{name}.socket.conf
|
|
%doc dnscrypt-proxy/example-*
|
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml
|
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/blocked-names.txt
|
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/blocked-ips.txt
|
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/cloaking-rules.txt
|
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt
|
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/allowed-names.txt
|
|
%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/allowed-ips.txt
|
|
%config %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml.default
|
|
%{_sbindir}/%{name}
|
|
%{_sbindir}/rc%{name}
|
|
%{_unitdir}/%{name}.service
|
|
%{_unitdir}/%{name}.socket
|
|
%{_datadir}/%{name}/
|
|
%dir %attr(0750,root,%{user_group}) %{config_dir}
|
|
%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
|
|
%dir %attr(0750,%{user_group},%{user_group}) %{log_dir}
|
|
%license LICENSE
|
|
%{_licensedir}/%{name}/%{vlic_dir}/
|
|
|
|
%changelog
|