gentoo resync : 09.06.2018

14 files changed, 112 insertions, 378 deletions

diff --git a/net-dns/dnscrypt-proxy/Manifest b/net-dns/dnscrypt-proxy/Manifest
index 5c0c9d0fc35c..a28c6bc76cd8 100644
--- a/net-dns/dnscrypt-proxy/Manifest
+++ b/net-dns/dnscrypt-proxy/Manifest
@@ -1,15 +1,10 @@
 AUX config-full-paths-r10.patch 2487 BLAKE2B a0c7ff420a9000903ec8fdf446c463ef367db2ec934147817f08c12277d5e1704db7c7ec89ec068a5cdc26f88eb794f8caf6d9eb318764783ad62e22ce9a2798 SHA512 15a8af5fff20d9f9d7931faf40d2f9ff1a960a764d7330287af65290e85e986892f0b94a6b311e8ae0be60be3b78caa10c71e438275f20d44706850c2a61d407
-AUX dnscrypt-proxy-2.confd 148 BLAKE2B 064ea4c9fc7f63091d4c20e9d978a3c8863711176c84707b99438a1caa29865eb1739e7ec4ae492f7e4e37c7834b8e20250fadd2483ad0267645ea636f70b22e SHA512 cacf0553e24b8adbe013133adbc5c77c98c5b8f4253497ffe986ceb8501f9b697ed773994e852dd8d9ea394f7a0fb4405f4297b48186f77f31dd1b597a46d4aa
-AUX dnscrypt-proxy-2.initd 646 BLAKE2B 3ede3fd925b6fad6f42ce4b52184ebdaa9c9cc881886e2b18d45f10476a7957ea09037ba2faf8d9ff12f4a0352e982f5d267410a9f3531f1d0ad8f5558d6576d SHA512 faa119b18765eb59ddacad1340752f1bbd9d10acf59f6b79bc4c31fcbe9f0e5f08bf6cd214ce2a5bdafe13c5d1a116aacea2e09a181699f8f06f3ec34fb9dcaa
-AUX dnscrypt-proxy-2.service 1204 BLAKE2B 879571cc00eab424b10f6ed79d9d52ba1ee835fd3ad7ef295d113b21afed075b3670066cf5dbdf0647c02853bb242c6d037f6ad962e0e6a7225b86fe88a3c9ab SHA512 3ae8f2dbe93169a6ddf71db85103a297210287006a63c71e9837ddfb62cecf6de28dd3ead6028e2f239edc4dab5a16d27c3c84fd2fcc23e41ba71b7b8fbf8b1f
-AUX dnscrypt-proxy-2.socket 517 BLAKE2B afa07d5a441b55de46059935a0fa9b7f61bcbfced925b24282be27978a507248303a43f32f2785d585e79c6a9f456a9c3118028014cb78cde5df4ea1be150b6c SHA512 9620307006642cd211b8032939b2e4f592f73d041c6a499f1c74160812853b03543ff84619e8060e064b99a3b7c44b794907722fe485233937e3804b49e29a36
-AUX dnscrypt-proxy.conf 8912 BLAKE2B ea1b196528dae0c9536c12e3ed6b9839830ae4f89203ea19332d8238cbeba599a202557c75de1d77e2e4f306db1d2a1dd2bc352891bbc2f8a3595c8aa253fa6d SHA512 1e45f38a46383af14695cd44531335801ae315d819e9593e931be0fd513059c87ddfc9128158a532c6bc26cf113635c9630d8694764dff5a46a6a98c5ea8b42a
-AUX dnscrypt-proxy.confd-r1 41 BLAKE2B e73624ac07b382c9dd66970e12da3e00a669d548a32b16aec6e4227a0af73980f294444507c86fa0ae26e8f9f19c6d533f83ecdcbdcf9d8c28a8c47439844d77 SHA512 2f381c21e92a8f74d47f6c5d3d18bcc32a2713d3b7d82f260d8e2770bfb6aea0a46f8d957796c64d02e6a0445f92c31b83b29724b8004ba9fcc7f6fcc93afaf3
-AUX dnscrypt-proxy.initd-r1 258 BLAKE2B 86ceff0c2affc0508cafa782803498be680f46520a380eb64eb2fde026c65cd349a4a5f995e5a285c35db1514a77e95b5067c96cd41905f253e101bffa453f41 SHA512 700849b9a0b8a3a224d0c149091937f751461bb42c7ac4a4bccecf28d9a7b64dd2f47601bee1f8d5c08bdfad2defdcab0c0bc22c7393873612f56d78cd0edc6a
-AUX dnscrypt-proxy.service-r1 445 BLAKE2B f6e6af96d6b11892aa8d7aa111ca42dfe6589abbb6e5e214253fdc4f6d6686484e22dc24f45f05b23223bb8ada91e594bd0d015d35ed4850ce47e90d778a7867 SHA512 ff226e1f6416de04b42828ab89a0df48b4eac1385f489ccad594b5e07cbceb57249006951f25237a55effdd2acaf8ce7e0fb2c36fc17799f963d506696b0cb4f
-AUX dnscrypt-proxy.socket-r1 152 BLAKE2B e4eb7875f749646f77675b39c7c74f57d5674d825329891b0f128e190ac3625d28f81df8004975828080c6eb9665a8c0825826b5ccf305694c03c2e196da3dd7 SHA512 920014c202344726e645f3bfa5def0f194c215cc0ce6e45750e82cee3434399497b9ad3fb5268afb1823689ced0fa8d177d6411b3153661b97fbd55984752a87
-DIST dnscrypt-proxy-1.9.5.tar.bz2 1290573 BLAKE2B 8f16fdb58012e00a8b58d36364377c3bc25158b9484a8df2bd6bc98d1c9cbf5ac758997e31f95ecaeb9da2f6b7272316c5a4a1c069a39549fbc1c1b136857da0 SHA512 84c0f7587521b3a198292cf20dd71cb592ccf8a9e003abbc62c5ca112f6c5ed27c49b1642cf91f403d52b4147e25f24af540b65cecfcf93814338329097df836
+AUX dnscrypt-proxy.confd 162 BLAKE2B 4547fc4a4ec00a809bac7b55bd7a7c8efb54e526179a7e2103fdf716711912987961969619e6b6e6b2e201253e90f828ffa5eb011c0870c112a028c4cfd89ce5 SHA512 25ccbc09df7b51bc0fa4587f7a715429ba11517c64db53086dd09df24470da71b81dbacebe227bd41d1f9576b4560dc58729969eb7b33aa233ec6a6a07d573ab
+AUX dnscrypt-proxy.initd 646 BLAKE2B 3ede3fd925b6fad6f42ce4b52184ebdaa9c9cc881886e2b18d45f10476a7957ea09037ba2faf8d9ff12f4a0352e982f5d267410a9f3531f1d0ad8f5558d6576d SHA512 faa119b18765eb59ddacad1340752f1bbd9d10acf59f6b79bc4c31fcbe9f0e5f08bf6cd214ce2a5bdafe13c5d1a116aacea2e09a181699f8f06f3ec34fb9dcaa
+AUX dnscrypt-proxy.service 1204 BLAKE2B 879571cc00eab424b10f6ed79d9d52ba1ee835fd3ad7ef295d113b21afed075b3670066cf5dbdf0647c02853bb242c6d037f6ad962e0e6a7225b86fe88a3c9ab SHA512 3ae8f2dbe93169a6ddf71db85103a297210287006a63c71e9837ddfb62cecf6de28dd3ead6028e2f239edc4dab5a16d27c3c84fd2fcc23e41ba71b7b8fbf8b1f
+AUX dnscrypt-proxy.socket 517 BLAKE2B afa07d5a441b55de46059935a0fa9b7f61bcbfced925b24282be27978a507248303a43f32f2785d585e79c6a9f456a9c3118028014cb78cde5df4ea1be150b6c SHA512 9620307006642cd211b8032939b2e4f592f73d041c6a499f1c74160812853b03543ff84619e8060e064b99a3b7c44b794907722fe485233937e3804b49e29a36
 DIST dnscrypt-proxy-2.0.14.tar.gz 2876583 BLAKE2B f93b2ba8991668691d503a5c039c4bb8eee0f474893c99ebd68067faa2a530832434c08654f61482a9d5b876ecf10329117b76a20b837fde00d72521170a1d86 SHA512 2574f900b6e2f75eeeee2f634e22df41145243c23cd9a890fcfa73f13b7d032bc2b029cbb6498f5c2cd33e212392ca2298a1dce6bb369be5c9afccc21a706613
-EBUILD dnscrypt-proxy-1.9.5-r1.ebuild 1817 BLAKE2B bb0c48cadf271b942beeaee69c49dbb2582c41f86176b84c6e929ad5dd5b55deacfa03d15143b2180d05ab03913a93702315712afc73bbbea53b152e43ab30f8 SHA512 87a35841daf4da9b666bae888f9b73fa7205f9e7054afe5bdc47d1112525e2eb1237416fa7702c38bc63ce0878fc61d752f6851af1cc07a0f9b5a3591b8f0704
-EBUILD dnscrypt-proxy-2.0.14.ebuild 2876 BLAKE2B 1d8617576f87525d517f7a32be2d4f044fdcfc865cc11278a4469c1c2ff9c6f550f8d244adc97852ca48d03388845259335f9d837e5e40d2893bbe74cf7e47d3 SHA512 f77bb0d9cb3bea881c4bb15cf027564937bfbde26fbcaad3e58ceefc39dfb935dc165428b9365810af1e4df7a7d00526a41d6b2d749ad357fcab1273d0006cbf
-MISC metadata.xml 941 BLAKE2B 234421b342985e6980a870bc0f7e4dc96e2867d89aa589ac23723a7a7cc4767109de7f046c817c3a21ea1bab23d352210941dc092b002dd3a7374be6c459877c SHA512 6bad822978132f7467756a88695e9e87a3ec2c007af04b423496f7befc1fc4de781a78bac17167b6de6682688e3ef445e5dce7f6f3f3e9c25a632e6222268918
+DIST dnscrypt-proxy-2.0.15.tar.gz 2887764 BLAKE2B 7c4dd36f8305494566cb8548e478d9b89eed799dab124e574c0840c606f6c51cafb73818a07b18928a6457756a122d7bceabc108b1114b2b546d3db707d2ef3a SHA512 4517ab7b7eb1474f8c9e133a289caf6c02f472b51b910f1fbe1e5ffd6d389943626c8878e68f7f27a47b00301a427dfe9c563bc82b67cafab32f4ab3bc4c84b9
+EBUILD dnscrypt-proxy-2.0.14.ebuild 2868 BLAKE2B aa4eb4cf21e09fdb4926f6dc7f8047f3c107ab8dbcb892d3f3f791f898f24ed0b0e6e3b79cbed09661c069e2c090378ec03efd7b5d02c12c8df1763513542656 SHA512 4d9cdee6adc23292c4e9b9f66ef936875915c82f1d5b94991052b41873a4c7d5a7996e2ccd0e3aad6096579e0662601e8e7ddca4abc178182157bf31ff1e9fb6
+EBUILD dnscrypt-proxy-2.0.15.ebuild 2868 BLAKE2B aa4eb4cf21e09fdb4926f6dc7f8047f3c107ab8dbcb892d3f3f791f898f24ed0b0e6e3b79cbed09661c069e2c090378ec03efd7b5d02c12c8df1763513542656 SHA512 4d9cdee6adc23292c4e9b9f66ef936875915c82f1d5b94991052b41873a4c7d5a7996e2ccd0e3aad6096579e0662601e8e7ddca4abc178182157bf31ff1e9fb6
+MISC metadata.xml 741 BLAKE2B 301593e47c2511e5160a1fa8729df605be436feb3e1b1e14de5cbceb584c89c856c2af3081a1325c354919fbf691dcdc94773f5596ba13598f451ab55b6b09f8 SHA512 f1eaeede9bb33d5341ef874b344fc9f34be7111c2e789c6088386d75ae864e68cb658246dc939ca0a0adda3898cdf88cdc321ccf1af3d8a5579cddf259852cb0
diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.9.5-r1.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.9.5-r1.ebuild
deleted file mode 100644
index f72136ca55b0..000000000000
--- a/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.9.5-r1.ebuild
+++ /dev/null
@@ -1,72 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit systemd user
-
-DESCRIPTION="A tool for securing communications between a client and a DNS resolver"
-HOMEPAGE="https://dnscrypt.org"
-SRC_URI="https://download.dnscrypt.org/${PN}/${P}.tar.bz2"
-
-LICENSE="ISC"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~x86"
-IUSE="hardened libressl +plugins ssl systemd"
-
-RDEPEND="
-	dev-libs/libsodium:=
-	net-libs/ldns
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:0= )
-	)
-	systemd? ( sys-apps/systemd )"
-DEPEND="${RDEPEND}
-	virtual/pkgconfig"
-
-pkg_setup() {
-	enewgroup dnscrypt
-	enewuser dnscrypt -1 -1 /var/empty dnscrypt
-}
-
-src_configure() {
-	econf \
-		$(use_enable hardened pie) \
-		$(use_enable plugins) \
-		$(use_enable ssl openssl) \
-		$(use_with systemd)
-}
-
-src_install() {
-	local DOCS=( AUTHORS ChangeLog NEWS README* THANKS *txt )
-
-	default
-
-	newinitd "${FILESDIR}"/${PN}.initd-r1 ${PN}
-	newconfd "${FILESDIR}"/${PN}.confd-r1 ${PN}
-	systemd_newunit "${FILESDIR}"/${PN}.service-r1 ${PN}.service
-	systemd_newunit "${FILESDIR}"/${PN}.socket-r1 ${PN}.socket
-	insinto /etc
-	doins "${FILESDIR}"/${PN}.conf /etc
-}
-
-pkg_preinst() {
-	# ship working default configuration for systemd users
-	if use systemd; then
-		sed -i 's/Daemonize yes/Daemonize no/g' "${D}"/etc/${PN}.conf
-	fi
-}
-
-pkg_postinst() {
-	elog "After starting the service you will need to update your"
-	elog "/etc/resolv.conf and replace your current set of resolvers"
-	elog "with:"
-	elog
-	elog "nameserver 127.0.0.1"
-	elog
-	use systemd && elog "with systemd dnscrypt-proxy ignores LocalAddress setting in the config file"
-	use systemd && elog "edit dnscrypt-proxy.socket if you need to change the defaults"
-	elog
-	elog "Also see https://github.com/jedisct1/dnscrypt-proxy#usage."
-}
diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild
index 0b64d8b992e3..5b04253b9c9b 100644
--- a/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild
+++ b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild
@@ -42,10 +42,10 @@ src_install() {
 	insinto "/usr/share/dnscrypt-proxy"
 	doins -r "utils/generate-domains-blacklists/."
 
-	newinitd "${FILESDIR}"/dnscrypt-proxy-2.initd dnscrypt-proxy
-	newconfd "${FILESDIR}"/dnscrypt-proxy-2.confd dnscrypt-proxy
-	systemd_newunit "${FILESDIR}"/dnscrypt-proxy-2.service dnscrypt-proxy.service
-	systemd_newunit "${FILESDIR}"/dnscrypt-proxy-2.socket dnscrypt-proxy.socket
+	newinitd "${FILESDIR}"/dnscrypt-proxy.initd dnscrypt-proxy
+	newconfd "${FILESDIR}"/dnscrypt-proxy.confd dnscrypt-proxy
+	systemd_newunit "${FILESDIR}"/dnscrypt-proxy.service dnscrypt-proxy.service
+	systemd_newunit "${FILESDIR}"/dnscrypt-proxy.socket dnscrypt-proxy.socket
 
 	einstalldocs
 }
diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.15.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.15.ebuild
new file mode 100644
index 000000000000..5b04253b9c9b
--- /dev/null
+++ b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.15.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+EGO_PN="github.com/jedisct1/${PN}"
+
+inherit fcaps golang-build systemd user
+
+DESCRIPTION="A flexible DNS proxy, with support for encrypted DNS protocols"
+HOMEPAGE="https://github.com/jedisct1/dnscrypt-proxy"
+SRC_URI="https://${EGO_PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="ISC"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~x86"
+
+FILECAPS=( cap_net_bind_service+ep usr/bin/dnscrypt-proxy )
+PATCHES=( "${FILESDIR}"/config-full-paths-r10.patch )
+
+pkg_setup() {
+	enewgroup dnscrypt-proxy
+	enewuser dnscrypt-proxy -1 -1 /var/empty dnscrypt-proxy
+}
+
+src_prepare() {
+	default
+	# Create directory structure suitable for building
+	mkdir -p "src/${EGO_PN%/*}" || die
+	mv "${PN}" "src/${EGO_PN}" || die
+	mv "vendor" "src/" || die
+}
+
+src_install() {
+	dobin dnscrypt-proxy
+
+	insinto /etc/dnscrypt-proxy
+	newins "src/${EGO_PN}"/example-dnscrypt-proxy.toml dnscrypt-proxy.toml
+	doins "src/${EGO_PN}"/example-{blacklist.txt,whitelist.txt}
+	doins "src/${EGO_PN}"/example-{cloaking-rules.txt,forwarding-rules.txt}
+
+	insinto "/usr/share/dnscrypt-proxy"
+	doins -r "utils/generate-domains-blacklists/."
+
+	newinitd "${FILESDIR}"/dnscrypt-proxy.initd dnscrypt-proxy
+	newconfd "${FILESDIR}"/dnscrypt-proxy.confd dnscrypt-proxy
+	systemd_newunit "${FILESDIR}"/dnscrypt-proxy.service dnscrypt-proxy.service
+	systemd_newunit "${FILESDIR}"/dnscrypt-proxy.socket dnscrypt-proxy.socket
+
+	einstalldocs
+}
+
+pkg_postinst() {
+	fcaps_pkg_postinst
+
+	if ! use filecaps; then
+		ewarn "'filecaps' USE flag is disabled"
+		ewarn "${PN} will fail to listen on port 53"
+		ewarn "please do one the following:"
+		ewarn "1) re-enable 'filecaps'"
+		ewarn "2) change port to > 1024"
+		ewarn "3) configure to run ${PN} as root (not recommended)"
+		ewarn
+	fi
+
+	local v
+	for v in ${REPLACING_VERSIONS}; do
+		if [[ ${v} == 1.* ]] ; then
+			elog "Version 2 is a complete rewrite of ${PN}"
+			elog "please clean up old config/log files"
+			elog
+		fi
+		if [[ ${v} == 2.* ]] ; then
+			elog "As of version 2.0.12 of ${PN} runs as an 'dnscrypt-proxy' user/group"
+			elog "you can remove obsolete 'dnscrypt' accounts from the system"
+			elog
+		fi
+	done
+
+	if systemd_is_booted || has_version sys-apps/systemd; then
+		elog "Using systemd socket activation may cause issues with speed"
+		elog "latency and reliability of ${PN} and is discouraged by upstream"
+		elog "Existing installations advised to disable 'dnscrypt-proxy.socket'"
+		elog "It is disabled by default for new installations"
+		elog "check "$(systemd_get_systemunitdir)/${PN}.service" for details"
+		elog
+
+	fi
+
+	elog "After starting the service you will need to update your"
+	elog "/etc/resolv.conf and replace your current set of resolvers"
+	elog "with:"
+	elog
+	elog "nameserver 127.0.0.1"
+	elog
+	elog "Also see https://github.com/jedisct1/${PN}/wiki"
+}
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf
deleted file mode 100644
index 52487c09c878..000000000000
--- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf
+++ /dev/null
@@ -1,242 +0,0 @@
-######################################################
-#                                                    #
-#    Sample configuration file for dnscrypt-proxy    #
-#                                                    #
-######################################################
-
-
-############## Resolver settings ##############
-
-## [CHANGE THIS] Short name of the resolver to use
-## Usually the only thing you need to change in this configuration file.
-## This corresponds to the first column in the dnscrypt-resolvers.csv file.
-## Alternatively, "random" (without quotes) picks a random random resolver
-## accessible over IPv4, that doesn't log and supports DNSSEC.
-
-ResolverName random
-
-
-## Full path to the list of available DNSCrypt resolvers (dnscrypt-resolvers.csv)
-## An up-to-date list is available here:
-## https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv
-## and the dnscrypt-update-resolvers.sh script can be used in order to
-## automatically download and verify updates.
-
-ResolversList /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
-
-
-## Manual settings, only for a custom resolver not present in the CSV file
-
-#ProviderName    2.dnscrypt.some.provider.name.tld
-#ProviderKey     0000:1111:2222:3333:4444:5555:6666:7777:8888:9999:AAAA:BBBB:CCCC:DDDD:EEEE:FFFF
-#ResolverAddress 111.222.333.444:56789
-
-
-
-############## Process options ##############
-
-## [NOT AVAILABLE ON WINDOWS] Run the proxy as a background process.
-## Unless you are using systemd, you probably want to change this to "yes"
-## after having verified that the rest of the configuration works as expected.
-
-Daemonize yes
-
-
-## Write the PID number to a file
-
-PidFile /run/dnscrypt-proxy.pid
-
-
-## [NOT AVAILABLE ON WINDOWS] Start the process, bind the required ports, and
-## run the server as a less-privileged system user.
-## The value for this parameter is a user name.
-
-User dnscrypt
-
-
-############## Network/protocol settings ##############
-
-## Local address and port to listen to.
-## A 127.0.0.x address is recommended for local use, but 0.0.0.0 or
-## a specific interface address can be used on a router, or to
-## configure a single machine to act as a DNS proxy for different
-## devices.
-## If the socket is created by systemd, the proxy cannot change the address
-## using this option. You should edit systemd's dnscrypt-proxy.socket file
-## instead.
-
-LocalAddress 127.0.0.1:53
-
-
-## Cache DNS responses to avoid outgoing traffic when the same queries
-## are repeated multiple times in a row.
-
-LocalCache on
-
-
-## Creates a new key pair for every query.
-## This prevents logging servers from correlating client public keys with
-## IP addresses. However, this option implies extra CPU load, and is not
-## very useful with trusted/non-logging servers.
-
-EphemeralKeys off
-
-
-## Maximum number of active requests waiting for a response.
-## Keep it reasonable relative to the expected number of clients.
-
-# MaxActiveRequests 250
-
-
-## This is the maximum payload size allowed when using the UDP protocol.
-## The default is safe, and rarely needs to be changed.
-
-# EDNSPayloadSize 1252
-
-
-## Ignore the time stamps when checking the certificates
-## Do not enable this option ever, unless you know that you need it.
-
-# IgnoreTimestamps no
-
-
-## Do not send queries using UDP. Only use TCP.
-## Even if some resolvers mitigate this, DNS over TCP is almost always slower
-## than UDP and doesn't offer additional security.
-## Only enable this option if UDP doesn't work on your network.
-
-# TCPOnly no
-
-
-## Forward queries for specific zones to one or more non-DNSCrypt resolvers.
-## For instance, this can be used to redirect queries for local domains to
-## the router, or queries for an internal domain to an internal DNS server.
-## Multiple whitespace-delimited zones and IP addresses can be specified.
-## Do not enable this unless you absolutely know you need it.
-## If you see useless queries to these zones, you'd better block them with
-## the BlackList feature instead of sending them in clear text to the router.
-## This uses a plugin that requires dnscrypt-proxy to be compiled with
-## the ldns library.
-
-#Forward domains:"localdomain" to:"192.168.0.1"
-
-
-############## Logging ##############
-
-## Log the received DNS queries to a file, so you can watch in real-time what
-## is happening on the network.
-## The value for this parameter is a full path to the log file.
-## The file name can be prefixed with ltsv: in order to store logs using the
-## LTSV format (ex: ltsv:/tmp/dns-queries.log).
-
-# QueryLogFile /tmp/dns-queries.log
-
-
-## Log file to write server errors and information to.
-## If you use this tool for privacy, keeping logs of any kind is usually not
-## a good idea.
-
-# LogFile /var/log/dnscrypt-proxy.log
-
-
-## Don't log events with priority above this log level after the service has
-## been started up. Default is 6.
-## Valid values are between 0 (critical) to 7 (debug-level messages).
-
-# LogLevel 6
-
-
-## [NOT AVAILABLE ON WINDOWS] Send server logs to the syslog daemon
-## Log entries can optionally be prefixed with a string.
-
-Syslog       on
-# SyslogPrefix dnscrypt
-
-
-
-############## Local filtering ##############
-
-## If your network doesn't support IPv6, chances are that your
-## applications are still constantly trying to resolve IPv6 addresses,
-## causing unnecessary slowdowns.
-## This causes the proxy to immediately reply to IPv6 requests,
-## without having to send a useless request to upstream resolvers, and
-## having to wait for a response.
-## This uses a plugin that requires dnscrypt-proxy to be compiled with
-## the ldns library.
-
-BlockIPv6 no
-
-
-## Want to filter ads, malware, sensitive or inappropriate websites and
-## domain names? This feature can block lists of IP addresses and names
-## matching a list of patterns. The list of rules remains private, and
-## the filtering process directly happens on your own network. In order
-## to filter IP addresses, the list of IPs has to be put into a text
-## file, with one IP address per line. Lists of domain names can also be
-## blocked as well. Put the list into a text file, one domain per line.
-## Domains can include wildcards (*) in order to match patterns. For
-## example *sex* will match any name that contains the sex substring, and
-## ads.* will match anything starting with ads. The Internet has plenty
-## of free feeds of IP addresses and domain names used for malware,
-## phishing and spam that you can use with this feature.
-##
-## This uses a plugin that requires dnscrypt-proxy to be compiled with
-## the ldns library.
-##
-## To enable, uncomment one of the following definitions:
-
-## Block query names matching the rules stored in that file:
-# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt"
-
-## Block responses whose IP addresses match IPs stored in that file:
-# BlackList ips:"/etc/dnscrypt-blacklist-ips.txt"
-
-## Block both domain names and IP addresses:
-# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" ips:"/etc/dnscrypt-blacklist-ips.txt"
-
-## Same as the above + log the blocked queries in a file.
-## The log file can be prefixed with ltsv: (ex: ltsv:/tmp/log.txt) in order to
-## store logs using the LTSV format.
-# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" logfile:"/var/log/dnscrypt-blocked.log"
-# BlackList ips:"/etc/dnscrypt-blacklist-ips.txt" logfile:"/var/log/dnscrypt-blocked.log"
-# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" ips:"/etc/dnscrypt-blacklist-ips.txt" logfile:"/var/log/dnscrypt-blocked.log"
-
-
-
-############## User identification ##############
-
-## Use a client public key for identification
-## By default, the client uses a randomized key pair in order to make tracking
-## more difficult. This option does the opposite and uses a static key pair, so
-## that DNS providers can offer premium services to queries signed with a known
-## set of public keys. A client cannot decrypt the received responses without
-## also knowing the secret key.
-## The value for this property is the path to a file containing the secret key,
-## encoded as a hexadecimal string. The corresponding public key is computed
-## automatically.
-
-# ClientKey /etc/dnscrypt-client-secret.key
-
-
-
-############## Monitoring ##############
-
-## Do not actually start the proxy, but check that a valid certificate can be
-## retrieved from the server and that it will remain valid for the specified
-## time period. The process exit code is 0 if a valid certificate can be used,
-## 2 if no valid certificates can be used, 3 if a timeout occurred, and 4 if a
-## currently valid certificate is going to expire before the given margin.
-## Useful in a cron job to monitor your own dnscrypt-servers.
-## The margin is specified in minutes.
-
-# Test 2880
-
-
-
-############## Recursive configuration ##############
-
-## A configuration file can include other configuration files by inserting
-## the `Include` directive anywhere (the full path required, no quotes):
-
-# Include /etc/dnscrypt-proxy-common.conf
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.confd b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd
index 492b2fc22940..a8db66a6ecd5 100644
--- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.confd
+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd
@@ -1,3 +1,4 @@
+#rc_use="tor"
 #DNSCRYPT_PROXY_OPTS="-config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
 #DNSCRYPT_PROXY_USER="dnscrypt-proxy"
 #DNSCRYPT_PROXY_GROUP="dnscrypt-proxy"
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r1
deleted file mode 100644
index 9137e1836fe0..000000000000
--- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r1
+++ /dev/null
@@ -1 +0,0 @@
-DNSCRYPT_OPTS="/etc/dnscrypt-proxy.conf"
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.initd b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd
index 4a46acdc4bb3..4a46acdc4bb3 100644
--- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.initd
+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r1
deleted file mode 100644
index 08196ff1a7c9..000000000000
--- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r1
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-command="/usr/sbin/dnscrypt-proxy"
-command_args="${DNSCRYPT_OPTS}"
-pidfile="/run/${SVCNAME}.pid"
-
-depend() {
-	use net dns logger
-}
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.service b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service
index ed02955621ba..ed02955621ba 100644
--- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.service
+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r1
deleted file mode 100644
index 8cbf5f1a4143..000000000000
--- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r1
+++ /dev/null
@@ -1,18 +0,0 @@
-[Unit]
-Description=DNSCrypt client proxy
-Documentation=man:dnscrypt-proxy(8)
-Requires=dnscrypt-proxy.socket
-After=network.target
-Before=nss-lookup.target
-
-[Install]
-Also=dnscrypt-proxy.socket
-WantedBy=multi-user.target
-
-[Service]
-Type=simple
-NonBlocking=true
-
-# Edit the configuration file appropriately, or the service will not start.
-# See https://dnscrypt.org for more information.
-ExecStart=/usr/sbin/dnscrypt-proxy /etc/dnscrypt-proxy.conf
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.socket b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket
index ea38c90e8a5d..ea38c90e8a5d 100644
--- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.socket
+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket-r1
deleted file mode 100644
index 5ee0e4502cf1..000000000000
--- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket-r1
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=dnscrypt-proxy listening socket
-
-[Socket]
-ListenStream=127.0.0.53:53
-ListenDatagram=127.0.0.53:53
-
-[Install]
-WantedBy=sockets.target
diff --git a/net-dns/dnscrypt-proxy/metadata.xml b/net-dns/dnscrypt-proxy/metadata.xml
index c1a85090aac5..d67745d93d23 100644
--- a/net-dns/dnscrypt-proxy/metadata.xml
+++ b/net-dns/dnscrypt-proxy/metadata.xml
@@ -12,15 +12,9 @@
 	<longdescription lang="en">
 		dnscrypt-proxy provides local service which can be used directly as your
 		local resolver or as a DNS forwarder, encrypting and authenticating
-		requests using the DNSCrypt protocol and passing them to upstream
-		servers.
+		requests using the DNSCrypt or DNS-over-HTTPS protocol and passing them
+		to upstream servers.
 	</longdescription>
-	<use>
-		<flag name="plugins">Enable plugin support to inspect and modify
-			queries and responses</flag>
-		<flag name="systemd">Use systemd's socket activation instead of
-			creating the sockets itself</flag>
-	</use>
 	<upstream>
 		<remote-id type="github">jedisct1/dnscrypt-proxy</remote-id>
 	</upstream>