gentoo resync : 11.05.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-05-11 16:02:49 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2018-05-11 16:02:49 +0100
commit: 88ebe56470c37b02a044e1091cad6b2df0f3be8f (patch)
tree: d80b2d9337c01c4a0fe11a2ef9691fc3153ed6d3 /net-dns/dnscrypt-proxy
parent: 4645b6f17f0da81e9fe84081fb126a37102ba153 (diff)
9 files changed, 110 insertions, 73 deletions
diff --git a/net-dns/dnscrypt-proxy/Manifest b/net-dns/dnscrypt-proxy/Manifest
index ed1078b9b202..1d42f439c168 100644
--- a/net-dns/dnscrypt-proxy/Manifest
+++ b/net-dns/dnscrypt-proxy/Manifest
@@ -1,14 +1,15 @@
 AUX config-full-paths-r10.patch 2487 BLAKE2B a0c7ff420a9000903ec8fdf446c463ef367db2ec934147817f08c12277d5e1704db7c7ec89ec068a5cdc26f88eb794f8caf6d9eb318764783ad62e22ce9a2798 SHA512 15a8af5fff20d9f9d7931faf40d2f9ff1a960a764d7330287af65290e85e986892f0b94a6b311e8ae0be60be3b78caa10c71e438275f20d44706850c2a61d407
+AUX dnscrypt-proxy-2.confd 149 BLAKE2B 8b20be543525918f825feb1c32238f2ae5ca55e8cc18bee8f952a82a712d9abc358a38f2bfd4dcdf0f4e21717c0c218fbddfa9a7a675fcb6b6435b3eeb862571 SHA512 cdd1699551eb6b3cbb9592c45f73f33cef6916a8a05dd3a94055643d7c1de53cdb09b9a1d4d0dd69c6d3d41fe0c8256f53e9b31e087e2b30a2f38331f464727d
+AUX dnscrypt-proxy-2.initd 640 BLAKE2B b459fcc99c952ed8987d816bb6e5370b3b9906410a0321186fb37f3fcad5effdd0e87710e2bdee2ba566c89b5a441f02d097f0f18d1cef0f7ed3835570073cb5 SHA512 5106abf823c33873d23bc91ed463121999d14e7e65fbbd4168cd09ff3390e7e8367018229beed6d6b553e72f42de5854db2baa9a9b94a819426b9431101ccddb
+AUX dnscrypt-proxy-2.service 1204 BLAKE2B 879571cc00eab424b10f6ed79d9d52ba1ee835fd3ad7ef295d113b21afed075b3670066cf5dbdf0647c02853bb242c6d037f6ad962e0e6a7225b86fe88a3c9ab SHA512 3ae8f2dbe93169a6ddf71db85103a297210287006a63c71e9837ddfb62cecf6de28dd3ead6028e2f239edc4dab5a16d27c3c84fd2fcc23e41ba71b7b8fbf8b1f
+AUX dnscrypt-proxy-2.socket 517 BLAKE2B afa07d5a441b55de46059935a0fa9b7f61bcbfced925b24282be27978a507248303a43f32f2785d585e79c6a9f456a9c3118028014cb78cde5df4ea1be150b6c SHA512 9620307006642cd211b8032939b2e4f592f73d041c6a499f1c74160812853b03543ff84619e8060e064b99a3b7c44b794907722fe485233937e3804b49e29a36
 AUX dnscrypt-proxy.conf 8912 BLAKE2B ea1b196528dae0c9536c12e3ed6b9839830ae4f89203ea19332d8238cbeba599a202557c75de1d77e2e4f306db1d2a1dd2bc352891bbc2f8a3595c8aa253fa6d SHA512 1e45f38a46383af14695cd44531335801ae315d819e9593e931be0fd513059c87ddfc9128158a532c6bc26cf113635c9630d8694764dff5a46a6a98c5ea8b42a
 AUX dnscrypt-proxy.confd-r1 41 BLAKE2B e73624ac07b382c9dd66970e12da3e00a669d548a32b16aec6e4227a0af73980f294444507c86fa0ae26e8f9f19c6d533f83ecdcbdcf9d8c28a8c47439844d77 SHA512 2f381c21e92a8f74d47f6c5d3d18bcc32a2713d3b7d82f260d8e2770bfb6aea0a46f8d957796c64d02e6a0445f92c31b83b29724b8004ba9fcc7f6fcc93afaf3
-AUX dnscrypt-proxy.confd-r2 119 BLAKE2B 00c216f87133aaf606c9c753ba5eb3d400363406abb4c25bd8f203aec8b8fe3e5c621deb4dea4f2db801c26ec92b3af609cc5a7bb954181641c1deeefa3aafcb SHA512 b144cd8f67b6ff06156841cf619ab4cd94855104f00fb1877c83308b6bf4d8addfd59ab1134c51855465a6daabbcd445550976c9d956d0795fa09f3b0482ac80
 AUX dnscrypt-proxy.initd-r1 258 BLAKE2B 86ceff0c2affc0508cafa782803498be680f46520a380eb64eb2fde026c65cd349a4a5f995e5a285c35db1514a77e95b5067c96cd41905f253e101bffa453f41 SHA512 700849b9a0b8a3a224d0c149091937f751461bb42c7ac4a4bccecf28d9a7b64dd2f47601bee1f8d5c08bdfad2defdcab0c0bc22c7393873612f56d78cd0edc6a
-AUX dnscrypt-proxy.initd-r2 594 BLAKE2B 633906a42693dc99103eafa2694e9537f1622d757ced10f026b4564f7a3fa20c0c59871870f0e9eb8c1f9e8f1aaf63d073c6d4688da3362dd0b69ba9b00ceedd SHA512 d671c63b461c8e58aea0d4a7903dfd05ad458020f289c12d48140cd10416eb1c0b34f0ebb2833e8f129496e59df166a3014bf92d9b3d8e7c32ddc1030f2bbab6
 AUX dnscrypt-proxy.service-r1 445 BLAKE2B f6e6af96d6b11892aa8d7aa111ca42dfe6589abbb6e5e214253fdc4f6d6686484e22dc24f45f05b23223bb8ada91e594bd0d015d35ed4850ce47e90d778a7867 SHA512 ff226e1f6416de04b42828ab89a0df48b4eac1385f489ccad594b5e07cbceb57249006951f25237a55effdd2acaf8ce7e0fb2c36fc17799f963d506696b0cb4f
-AUX dnscrypt-proxy.service-r2 581 BLAKE2B 1d873041005135b5ca01aa2b24f373056a4281604a8e69675912d86ec7de34c318c899a1628bcd758019c8c105179d231630dd6aad520ab5a8e86fe64b8592b7 SHA512 40552beb4f640881bbad0cf0c40406e5c1e4ec236b4e1d89a88af4eef888f91c8170732273990bc4041c39e742516664651cc89f7686fba941697a148b9345d4
 AUX dnscrypt-proxy.socket-r1 152 BLAKE2B e4eb7875f749646f77675b39c7c74f57d5674d825329891b0f128e190ac3625d28f81df8004975828080c6eb9665a8c0825826b5ccf305694c03c2e196da3dd7 SHA512 920014c202344726e645f3bfa5def0f194c215cc0ce6e45750e82cee3434399497b9ad3fb5268afb1823689ced0fa8d177d6411b3153661b97fbd55984752a87
 DIST dnscrypt-proxy-1.9.5.tar.bz2 1290573 BLAKE2B 8f16fdb58012e00a8b58d36364377c3bc25158b9484a8df2bd6bc98d1c9cbf5ac758997e31f95ecaeb9da2f6b7272316c5a4a1c069a39549fbc1c1b136857da0 SHA512 84c0f7587521b3a198292cf20dd71cb592ccf8a9e003abbc62c5ca112f6c5ed27c49b1642cf91f403d52b4147e25f24af540b65cecfcf93814338329097df836
-DIST dnscrypt-proxy-2.0.11.tar.gz 2774458 BLAKE2B 36c9109a682a0d70c32910a44a64f49ebf0a958660154c10bf3687da3fdaa405e8add43717267f30a79d96941160cda5994704060a78e2ee6bbeddc55ff87766 SHA512 5e306c3bff65d0375b650666e2191c6f54e72bb0d2d2f6f8f7b941ffc063eb7eb244a52eb69b0b008dc566e9a6ce8a8f75929edb6762fad4751d966aa2da98a0
+DIST dnscrypt-proxy-2.0.12.tar.gz 2775112 BLAKE2B c3a1085c7c4d005d323d2d3e803b7bce447b86a8f2e9bff0eb7e5e145d275dd19fe6913c805be9469ba0a492f7a479a146af56a769432d8120790375628bb936 SHA512 757a7a88e8f6ed61462736184f0ca8426c40f800f54727881412de44c527e4334a6b42aa6906c19ecf9287d462a1ec7bd55cb471781bd94c2a0faa8ad7055137
 EBUILD dnscrypt-proxy-1.9.5-r1.ebuild 1817 BLAKE2B bb0c48cadf271b942beeaee69c49dbb2582c41f86176b84c6e929ad5dd5b55deacfa03d15143b2180d05ab03913a93702315712afc73bbbea53b152e43ab30f8 SHA512 87a35841daf4da9b666bae888f9b73fa7205f9e7054afe5bdc47d1112525e2eb1237416fa7702c38bc63ce0878fc61d752f6851af1cc07a0f9b5a3591b8f0704
-EBUILD dnscrypt-proxy-2.0.11.ebuild 2692 BLAKE2B 72884728ad3012578ac8b1eb3799c5cca44ec8daeef67f045409e6ddd99a9dcd58ab2bec22a0cc47a74e3ef4e8ac09325ebc99e881dcc69b162bc60b75ab0c63 SHA512 330ecba2bf86b48b3308decbb5464d9572d5522d65188ab9de2f12b39ec5dc24870b39c81706cc62e7aab57073c1193a708e11a63f5a65ef66eea58c45fc614b
+EBUILD dnscrypt-proxy-2.0.12.ebuild 2876 BLAKE2B 1d8617576f87525d517f7a32be2d4f044fdcfc865cc11278a4469c1c2ff9c6f550f8d244adc97852ca48d03388845259335f9d837e5e40d2893bbe74cf7e47d3 SHA512 f77bb0d9cb3bea881c4bb15cf027564937bfbde26fbcaad3e58ceefc39dfb935dc165428b9365810af1e4df7a7d00526a41d6b2d749ad357fcab1273d0006cbf
 MISC metadata.xml 941 BLAKE2B 234421b342985e6980a870bc0f7e4dc96e2867d89aa589ac23723a7a7cc4767109de7f046c817c3a21ea1bab23d352210941dc092b002dd3a7374be6c459877c SHA512 6bad822978132f7467756a88695e9e87a3ec2c007af04b423496f7befc1fc4de781a78bac17167b6de6682688e3ef445e5dce7f6f3f3e9c25a632e6222268918
diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.11.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.12.ebuild
index 948f785d3d5f..0b64d8b992e3 100644
--- a/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.11.ebuild
+++ b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.12.ebuild
@@ -14,14 +14,13 @@ SRC_URI="https://${EGO_PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
 LICENSE="ISC"
 SLOT="0"
 KEYWORDS="~amd64 ~arm ~x86"
-IUSE="systemd"
 
 FILECAPS=( cap_net_bind_service+ep usr/bin/dnscrypt-proxy )
 PATCHES=( "${FILESDIR}"/config-full-paths-r10.patch )
 
 pkg_setup() {
-	enewgroup dnscrypt
-	enewuser dnscrypt -1 -1 /var/empty dnscrypt
+	enewgroup dnscrypt-proxy
+	enewuser dnscrypt-proxy -1 -1 /var/empty dnscrypt-proxy
 }
 
 src_prepare() {
@@ -30,11 +29,6 @@ src_prepare() {
 	mkdir -p "src/${EGO_PN%/*}" || die
 	mv "${PN}" "src/${EGO_PN}" || die
 	mv "vendor" "src/" || die
-
-	if use systemd; then
-		sed -i 's|\['\''127\.0\.0\.1:53'\'', '\''\[::1\]:53'\''\]|\[\]|' \
-			"src/${EGO_PN}"/example-dnscrypt-proxy.toml || die
-	fi
 }
 
 src_install() {
@@ -48,10 +42,10 @@ src_install() {
 	insinto "/usr/share/dnscrypt-proxy"
 	doins -r "utils/generate-domains-blacklists/."
 
-	newinitd "${FILESDIR}"/dnscrypt-proxy.initd-r2 dnscrypt-proxy
-	newconfd "${FILESDIR}"/dnscrypt-proxy.confd-r2 dnscrypt-proxy
-	systemd_dounit systemd/dnscrypt-proxy.service
-	systemd_dounit systemd/dnscrypt-proxy.socket
+	newinitd "${FILESDIR}"/dnscrypt-proxy-2.initd dnscrypt-proxy
+	newconfd "${FILESDIR}"/dnscrypt-proxy-2.confd dnscrypt-proxy
+	systemd_newunit "${FILESDIR}"/dnscrypt-proxy-2.service dnscrypt-proxy.service
+	systemd_newunit "${FILESDIR}"/dnscrypt-proxy-2.socket dnscrypt-proxy.socket
 
 	einstalldocs
 }
@@ -61,29 +55,34 @@ pkg_postinst() {
 
 	if ! use filecaps; then
 		ewarn "'filecaps' USE flag is disabled"
-		ewarn "${PN} will fail to listen on port 53 if started via OpenRC"
-		ewarn "please either change port to > 1024, configure to run ${PN} as root"
-		ewarn "or re-enable 'filecaps'"
+		ewarn "${PN} will fail to listen on port 53"
+		ewarn "please do one the following:"
+		ewarn "1) re-enable 'filecaps'"
+		ewarn "2) change port to > 1024"
+		ewarn "3) configure to run ${PN} as root (not recommended)"
 		ewarn
 	fi
 
 	local v
 	for v in ${REPLACING_VERSIONS}; do
 		if [[ ${v} == 1.* ]] ; then
-			elog "Version 2.x.x is a complete rewrite of ${PN}"
+			elog "Version 2 is a complete rewrite of ${PN}"
 			elog "please clean up old config/log files"
 			elog
 		fi
+		if [[ ${v} == 2.* ]] ; then
+			elog "As of version 2.0.12 of ${PN} runs as an 'dnscrypt-proxy' user/group"
+			elog "you can remove obsolete 'dnscrypt' accounts from the system"
+			elog
+		fi
 	done
 
 	if systemd_is_booted || has_version sys-apps/systemd; then
-		elog "Starting with version 2.0.9 ${PN} unit changed:"
-		elog "It now runs as an unprivileged user with dynamic UID/GID"
-		elog "and privately stores log and cache files"
-		elog
-		elog "See man:systemd.exec, man:nss-systemd"
-		elog
-		elog "Edit ${PN}.socket if you need to change port and address"
+		elog "Using systemd socket activation may cause issues with speed"
+		elog "latency and reliability of ${PN} and is discouraged by upstream"
+		elog "Existing installations advised to disable 'dnscrypt-proxy.socket'"
+		elog "It is disabled by default for new installations"
+		elog "check "$(systemd_get_systemunitdir)/${PN}.service" for details"
 		elog
 
 	fi
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.confd b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.confd
new file mode 100644
index 000000000000..fb40827a77ef
--- /dev/null
+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.confd
@@ -0,0 +1,3 @@
+#DNSCRYPT_PROXY_OPTS="--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
+#DNSCRYPT_PROXY_USER="dnscrypt-proxy"
+#DNSCRYPT_PROXY_GROUP="dnscrypt-proxy"
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.initd b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.initd
new file mode 100644
index 000000000000..74c2dad63f7b
--- /dev/null
+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.initd
@@ -0,0 +1,19 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+command="/usr/bin/dnscrypt-proxy"
+command_args="${DNSCRYPT_PROXY_OPTS:--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml}"
+command_user="${DNSCRYPT_PROXY_USER:-dnscrypt-proxy}:${DNSCRYPT_PROXY_GROUP:-dnscrypt-proxy}"
+pidfile="/run/${RC_SVCNAME}.pid"
+start_stop_daemon_args="--background --make-pidfile"
+
+depend() {
+	use net logger
+	provide dns
+}
+
+start_pre() {
+        checkpath -q -d -m 0775 -o "${command_user}" /var/cache/"${SVCNAME}"
+        checkpath -q -d -m 0775 -o "${command_user}" /var/log/"${SVCNAME}"
+}
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.service b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.service
new file mode 100644
index 000000000000..ed02955621ba
--- /dev/null
+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.service
@@ -0,0 +1,39 @@
+[Unit]
+Description=DNSCrypt-proxy client
+Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
+
+## systemd sockets - Do not enable unless you are very familiar with the systemd socket activation mechanism.
+## Always try without systemd sockets before reporting any issues related to speed, latency or reliability.
+## If you enable this, the `listen_addresses` list in the main configuration file can be empty.
+## Or, at least, the addresses it contains should not overlap with the systemd socket addresses.
+
+# Requires=dnscrypt-proxy.socket
+
+After=network.target
+Wants=network.target
+Before=nss-lookup.target
+Wants=nss-lookup.target
+
+[Service]
+ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
+NonBlocking=true
+
+DynamicUser=yes
+
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+
+CacheDirectory=dnscrypt-proxy
+ConfigurationDirectory=dnscrypt-proxy
+LogsDirectory=dnscrypt-proxy
+RuntimeDirectory=dnscrypt-proxy
+
+## Allow binding to 127.0.0.1:53 as non-root user
+## without the .socket unit
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+Also=dnscrypt-proxy.socket
+WantedBy=multi-user.target
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.socket b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.socket
new file mode 100644
index 000000000000..ea38c90e8a5d
--- /dev/null
+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.socket
@@ -0,0 +1,21 @@
+[Unit]
+Description=DNSCrypt-proxy socket
+Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
+
+[Socket]
+## Listen on TCP socket.
+ListenStream=127.0.0.1:53
+
+## Listen on UDP socket.
+ListenDatagram=127.0.0.1:53
+
+## Below options are valid only for TCP socket.
+## Applying them to UDP socket will result in warnings:
+## TCP_NODELAY failed: Protocol not available
+## TCP_DEFER_ACCEPT failed: Protocol not available
+## Those can be safely ignored.
+NoDelay=true
+DeferAcceptSec=1
+
+[Install]
+WantedBy=sockets.target
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r2 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r2
deleted file mode 100644
index 9934e828b82a..000000000000
--- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r2
+++ /dev/null
@@ -1,3 +0,0 @@
-#DNSCRYPT_OPTS="--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
-#DNSCRYPT_USER="dnscrypt"
-#DNSCRYPT_GROUP="dnscrypt"
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r2 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r2
deleted file mode 100644
index dcccd83dab3d..000000000000
--- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r2
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-command="/usr/bin/dnscrypt-proxy"
-command_args="${DNSCRYPT_OPTS:---config /etc/dnscrypt-proxy/dnscrypt-proxy.toml}"
-command_user="${DNSCRYPT_USER:-dnscrypt}:${DNSCRYPT_GROUP:-dnscrypt}"
-pidfile="/run/${SVCNAME}.pid"
-start_stop_daemon_args="--background --make-pidfile"
-
-depend() {
-	use net logger
-	provide dns
-}
-
-start_pre() {
-	checkpath -q -d -m 0775 -o "${command_user}" /var/cache/"${SVCNAME}"
-	checkpath -q -d -m 0775 -o "${command_user}" /var/log/"${SVCNAME}"
-}
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r2 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r2
deleted file mode 100644
index 745b094aaa16..000000000000
--- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r2
+++ /dev/null
@@ -1,23 +0,0 @@
-[Unit]
-Description=DNSCrypt client proxy
-Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
-Requires=dnscrypt-proxy.socket
-After=network.target
-Before=nss-lookup.target
-Wants=nss-lookup.target
-
-[Install]
-Also=dnscrypt-proxy.socket
-WantedBy=multi-user.target
-
-[Service]
-User=dnscrypt
-Group=dnscrypt
-Type=simple
-NonBlocking=true
-ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
-ProtectHome=true
-CacheDirectory=dnscrypt-proxy
-LogsDirectory=dnscrypt-proxy
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-AmbientCapabilities=CAP_NET_BIND_SERVICE
author	V3n3RiX <venerix@redcorelinux.org>	2018-05-11 16:02:49 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2018-05-11 16:02:49 +0100
commit	88ebe56470c37b02a044e1091cad6b2df0f3be8f (patch)
tree	d80b2d9337c01c4a0fe11a2ef9691fc3153ed6d3 /net-dns/dnscrypt-proxy
parent	4645b6f17f0da81e9fe84081fb126a37102ba153 (diff)