From cb3e8c6af7661fbcafdcacc7e0ecdfb610d098fa Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 9 Jun 2018 09:27:03 +0100 Subject: gentoo resync : 09.06.2018 --- net-dns/dnscrypt-proxy/Manifest | 21 +- .../dnscrypt-proxy/dnscrypt-proxy-1.9.5-r1.ebuild | 72 ------ .../dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild | 8 +- .../dnscrypt-proxy/dnscrypt-proxy-2.0.15.ebuild | 97 +++++++++ .../dnscrypt-proxy/files/dnscrypt-proxy-2.confd | 3 - .../dnscrypt-proxy/files/dnscrypt-proxy-2.initd | 19 -- .../dnscrypt-proxy/files/dnscrypt-proxy-2.service | 39 ---- .../dnscrypt-proxy/files/dnscrypt-proxy-2.socket | 21 -- net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf | 242 --------------------- net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd | 4 + .../dnscrypt-proxy/files/dnscrypt-proxy.confd-r1 | 1 - net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd | 19 ++ .../dnscrypt-proxy/files/dnscrypt-proxy.initd-r1 | 11 - .../dnscrypt-proxy/files/dnscrypt-proxy.service | 39 ++++ .../dnscrypt-proxy/files/dnscrypt-proxy.service-r1 | 18 -- net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket | 21 ++ .../dnscrypt-proxy/files/dnscrypt-proxy.socket-r1 | 9 - net-dns/dnscrypt-proxy/metadata.xml | 10 +- 18 files changed, 194 insertions(+), 460 deletions(-) delete mode 100644 net-dns/dnscrypt-proxy/dnscrypt-proxy-1.9.5-r1.ebuild create mode 100644 net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.15.ebuild delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.confd delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.initd delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.service delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.socket delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf create mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r1 create mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r1 create mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r1 create mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket-r1 (limited to 'net-dns/dnscrypt-proxy') diff --git a/net-dns/dnscrypt-proxy/Manifest b/net-dns/dnscrypt-proxy/Manifest index 5c0c9d0fc35c..a28c6bc76cd8 100644 --- a/net-dns/dnscrypt-proxy/Manifest +++ b/net-dns/dnscrypt-proxy/Manifest @@ -1,15 +1,10 @@ AUX config-full-paths-r10.patch 2487 BLAKE2B a0c7ff420a9000903ec8fdf446c463ef367db2ec934147817f08c12277d5e1704db7c7ec89ec068a5cdc26f88eb794f8caf6d9eb318764783ad62e22ce9a2798 SHA512 15a8af5fff20d9f9d7931faf40d2f9ff1a960a764d7330287af65290e85e986892f0b94a6b311e8ae0be60be3b78caa10c71e438275f20d44706850c2a61d407 -AUX dnscrypt-proxy-2.confd 148 BLAKE2B 064ea4c9fc7f63091d4c20e9d978a3c8863711176c84707b99438a1caa29865eb1739e7ec4ae492f7e4e37c7834b8e20250fadd2483ad0267645ea636f70b22e SHA512 cacf0553e24b8adbe013133adbc5c77c98c5b8f4253497ffe986ceb8501f9b697ed773994e852dd8d9ea394f7a0fb4405f4297b48186f77f31dd1b597a46d4aa -AUX dnscrypt-proxy-2.initd 646 BLAKE2B 3ede3fd925b6fad6f42ce4b52184ebdaa9c9cc881886e2b18d45f10476a7957ea09037ba2faf8d9ff12f4a0352e982f5d267410a9f3531f1d0ad8f5558d6576d SHA512 faa119b18765eb59ddacad1340752f1bbd9d10acf59f6b79bc4c31fcbe9f0e5f08bf6cd214ce2a5bdafe13c5d1a116aacea2e09a181699f8f06f3ec34fb9dcaa -AUX dnscrypt-proxy-2.service 1204 BLAKE2B 879571cc00eab424b10f6ed79d9d52ba1ee835fd3ad7ef295d113b21afed075b3670066cf5dbdf0647c02853bb242c6d037f6ad962e0e6a7225b86fe88a3c9ab SHA512 3ae8f2dbe93169a6ddf71db85103a297210287006a63c71e9837ddfb62cecf6de28dd3ead6028e2f239edc4dab5a16d27c3c84fd2fcc23e41ba71b7b8fbf8b1f -AUX dnscrypt-proxy-2.socket 517 BLAKE2B afa07d5a441b55de46059935a0fa9b7f61bcbfced925b24282be27978a507248303a43f32f2785d585e79c6a9f456a9c3118028014cb78cde5df4ea1be150b6c SHA512 9620307006642cd211b8032939b2e4f592f73d041c6a499f1c74160812853b03543ff84619e8060e064b99a3b7c44b794907722fe485233937e3804b49e29a36 -AUX dnscrypt-proxy.conf 8912 BLAKE2B ea1b196528dae0c9536c12e3ed6b9839830ae4f89203ea19332d8238cbeba599a202557c75de1d77e2e4f306db1d2a1dd2bc352891bbc2f8a3595c8aa253fa6d SHA512 1e45f38a46383af14695cd44531335801ae315d819e9593e931be0fd513059c87ddfc9128158a532c6bc26cf113635c9630d8694764dff5a46a6a98c5ea8b42a -AUX dnscrypt-proxy.confd-r1 41 BLAKE2B e73624ac07b382c9dd66970e12da3e00a669d548a32b16aec6e4227a0af73980f294444507c86fa0ae26e8f9f19c6d533f83ecdcbdcf9d8c28a8c47439844d77 SHA512 2f381c21e92a8f74d47f6c5d3d18bcc32a2713d3b7d82f260d8e2770bfb6aea0a46f8d957796c64d02e6a0445f92c31b83b29724b8004ba9fcc7f6fcc93afaf3 -AUX dnscrypt-proxy.initd-r1 258 BLAKE2B 86ceff0c2affc0508cafa782803498be680f46520a380eb64eb2fde026c65cd349a4a5f995e5a285c35db1514a77e95b5067c96cd41905f253e101bffa453f41 SHA512 700849b9a0b8a3a224d0c149091937f751461bb42c7ac4a4bccecf28d9a7b64dd2f47601bee1f8d5c08bdfad2defdcab0c0bc22c7393873612f56d78cd0edc6a -AUX dnscrypt-proxy.service-r1 445 BLAKE2B f6e6af96d6b11892aa8d7aa111ca42dfe6589abbb6e5e214253fdc4f6d6686484e22dc24f45f05b23223bb8ada91e594bd0d015d35ed4850ce47e90d778a7867 SHA512 ff226e1f6416de04b42828ab89a0df48b4eac1385f489ccad594b5e07cbceb57249006951f25237a55effdd2acaf8ce7e0fb2c36fc17799f963d506696b0cb4f -AUX dnscrypt-proxy.socket-r1 152 BLAKE2B e4eb7875f749646f77675b39c7c74f57d5674d825329891b0f128e190ac3625d28f81df8004975828080c6eb9665a8c0825826b5ccf305694c03c2e196da3dd7 SHA512 920014c202344726e645f3bfa5def0f194c215cc0ce6e45750e82cee3434399497b9ad3fb5268afb1823689ced0fa8d177d6411b3153661b97fbd55984752a87 -DIST dnscrypt-proxy-1.9.5.tar.bz2 1290573 BLAKE2B 8f16fdb58012e00a8b58d36364377c3bc25158b9484a8df2bd6bc98d1c9cbf5ac758997e31f95ecaeb9da2f6b7272316c5a4a1c069a39549fbc1c1b136857da0 SHA512 84c0f7587521b3a198292cf20dd71cb592ccf8a9e003abbc62c5ca112f6c5ed27c49b1642cf91f403d52b4147e25f24af540b65cecfcf93814338329097df836 +AUX dnscrypt-proxy.confd 162 BLAKE2B 4547fc4a4ec00a809bac7b55bd7a7c8efb54e526179a7e2103fdf716711912987961969619e6b6e6b2e201253e90f828ffa5eb011c0870c112a028c4cfd89ce5 SHA512 25ccbc09df7b51bc0fa4587f7a715429ba11517c64db53086dd09df24470da71b81dbacebe227bd41d1f9576b4560dc58729969eb7b33aa233ec6a6a07d573ab +AUX dnscrypt-proxy.initd 646 BLAKE2B 3ede3fd925b6fad6f42ce4b52184ebdaa9c9cc881886e2b18d45f10476a7957ea09037ba2faf8d9ff12f4a0352e982f5d267410a9f3531f1d0ad8f5558d6576d SHA512 faa119b18765eb59ddacad1340752f1bbd9d10acf59f6b79bc4c31fcbe9f0e5f08bf6cd214ce2a5bdafe13c5d1a116aacea2e09a181699f8f06f3ec34fb9dcaa +AUX dnscrypt-proxy.service 1204 BLAKE2B 879571cc00eab424b10f6ed79d9d52ba1ee835fd3ad7ef295d113b21afed075b3670066cf5dbdf0647c02853bb242c6d037f6ad962e0e6a7225b86fe88a3c9ab SHA512 3ae8f2dbe93169a6ddf71db85103a297210287006a63c71e9837ddfb62cecf6de28dd3ead6028e2f239edc4dab5a16d27c3c84fd2fcc23e41ba71b7b8fbf8b1f +AUX dnscrypt-proxy.socket 517 BLAKE2B afa07d5a441b55de46059935a0fa9b7f61bcbfced925b24282be27978a507248303a43f32f2785d585e79c6a9f456a9c3118028014cb78cde5df4ea1be150b6c SHA512 9620307006642cd211b8032939b2e4f592f73d041c6a499f1c74160812853b03543ff84619e8060e064b99a3b7c44b794907722fe485233937e3804b49e29a36 DIST dnscrypt-proxy-2.0.14.tar.gz 2876583 BLAKE2B f93b2ba8991668691d503a5c039c4bb8eee0f474893c99ebd68067faa2a530832434c08654f61482a9d5b876ecf10329117b76a20b837fde00d72521170a1d86 SHA512 2574f900b6e2f75eeeee2f634e22df41145243c23cd9a890fcfa73f13b7d032bc2b029cbb6498f5c2cd33e212392ca2298a1dce6bb369be5c9afccc21a706613 -EBUILD dnscrypt-proxy-1.9.5-r1.ebuild 1817 BLAKE2B bb0c48cadf271b942beeaee69c49dbb2582c41f86176b84c6e929ad5dd5b55deacfa03d15143b2180d05ab03913a93702315712afc73bbbea53b152e43ab30f8 SHA512 87a35841daf4da9b666bae888f9b73fa7205f9e7054afe5bdc47d1112525e2eb1237416fa7702c38bc63ce0878fc61d752f6851af1cc07a0f9b5a3591b8f0704 -EBUILD dnscrypt-proxy-2.0.14.ebuild 2876 BLAKE2B 1d8617576f87525d517f7a32be2d4f044fdcfc865cc11278a4469c1c2ff9c6f550f8d244adc97852ca48d03388845259335f9d837e5e40d2893bbe74cf7e47d3 SHA512 f77bb0d9cb3bea881c4bb15cf027564937bfbde26fbcaad3e58ceefc39dfb935dc165428b9365810af1e4df7a7d00526a41d6b2d749ad357fcab1273d0006cbf -MISC metadata.xml 941 BLAKE2B 234421b342985e6980a870bc0f7e4dc96e2867d89aa589ac23723a7a7cc4767109de7f046c817c3a21ea1bab23d352210941dc092b002dd3a7374be6c459877c SHA512 6bad822978132f7467756a88695e9e87a3ec2c007af04b423496f7befc1fc4de781a78bac17167b6de6682688e3ef445e5dce7f6f3f3e9c25a632e6222268918 +DIST dnscrypt-proxy-2.0.15.tar.gz 2887764 BLAKE2B 7c4dd36f8305494566cb8548e478d9b89eed799dab124e574c0840c606f6c51cafb73818a07b18928a6457756a122d7bceabc108b1114b2b546d3db707d2ef3a SHA512 4517ab7b7eb1474f8c9e133a289caf6c02f472b51b910f1fbe1e5ffd6d389943626c8878e68f7f27a47b00301a427dfe9c563bc82b67cafab32f4ab3bc4c84b9 +EBUILD dnscrypt-proxy-2.0.14.ebuild 2868 BLAKE2B aa4eb4cf21e09fdb4926f6dc7f8047f3c107ab8dbcb892d3f3f791f898f24ed0b0e6e3b79cbed09661c069e2c090378ec03efd7b5d02c12c8df1763513542656 SHA512 4d9cdee6adc23292c4e9b9f66ef936875915c82f1d5b94991052b41873a4c7d5a7996e2ccd0e3aad6096579e0662601e8e7ddca4abc178182157bf31ff1e9fb6 +EBUILD dnscrypt-proxy-2.0.15.ebuild 2868 BLAKE2B aa4eb4cf21e09fdb4926f6dc7f8047f3c107ab8dbcb892d3f3f791f898f24ed0b0e6e3b79cbed09661c069e2c090378ec03efd7b5d02c12c8df1763513542656 SHA512 4d9cdee6adc23292c4e9b9f66ef936875915c82f1d5b94991052b41873a4c7d5a7996e2ccd0e3aad6096579e0662601e8e7ddca4abc178182157bf31ff1e9fb6 +MISC metadata.xml 741 BLAKE2B 301593e47c2511e5160a1fa8729df605be436feb3e1b1e14de5cbceb584c89c856c2af3081a1325c354919fbf691dcdc94773f5596ba13598f451ab55b6b09f8 SHA512 f1eaeede9bb33d5341ef874b344fc9f34be7111c2e789c6088386d75ae864e68cb658246dc939ca0a0adda3898cdf88cdc321ccf1af3d8a5579cddf259852cb0 diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.9.5-r1.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.9.5-r1.ebuild deleted file mode 100644 index f72136ca55b0..000000000000 --- a/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.9.5-r1.ebuild +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit systemd user - -DESCRIPTION="A tool for securing communications between a client and a DNS resolver" -HOMEPAGE="https://dnscrypt.org" -SRC_URI="https://download.dnscrypt.org/${PN}/${P}.tar.bz2" - -LICENSE="ISC" -SLOT="0" -KEYWORDS="~amd64 ~arm ~x86" -IUSE="hardened libressl +plugins ssl systemd" - -RDEPEND=" - dev-libs/libsodium:= - net-libs/ldns - ssl? ( - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:0= ) - ) - systemd? ( sys-apps/systemd )" -DEPEND="${RDEPEND} - virtual/pkgconfig" - -pkg_setup() { - enewgroup dnscrypt - enewuser dnscrypt -1 -1 /var/empty dnscrypt -} - -src_configure() { - econf \ - $(use_enable hardened pie) \ - $(use_enable plugins) \ - $(use_enable ssl openssl) \ - $(use_with systemd) -} - -src_install() { - local DOCS=( AUTHORS ChangeLog NEWS README* THANKS *txt ) - - default - - newinitd "${FILESDIR}"/${PN}.initd-r1 ${PN} - newconfd "${FILESDIR}"/${PN}.confd-r1 ${PN} - systemd_newunit "${FILESDIR}"/${PN}.service-r1 ${PN}.service - systemd_newunit "${FILESDIR}"/${PN}.socket-r1 ${PN}.socket - insinto /etc - doins "${FILESDIR}"/${PN}.conf /etc -} - -pkg_preinst() { - # ship working default configuration for systemd users - if use systemd; then - sed -i 's/Daemonize yes/Daemonize no/g' "${D}"/etc/${PN}.conf - fi -} - -pkg_postinst() { - elog "After starting the service you will need to update your" - elog "/etc/resolv.conf and replace your current set of resolvers" - elog "with:" - elog - elog "nameserver 127.0.0.1" - elog - use systemd && elog "with systemd dnscrypt-proxy ignores LocalAddress setting in the config file" - use systemd && elog "edit dnscrypt-proxy.socket if you need to change the defaults" - elog - elog "Also see https://github.com/jedisct1/dnscrypt-proxy#usage." -} diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild index 0b64d8b992e3..5b04253b9c9b 100644 --- a/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild +++ b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild @@ -42,10 +42,10 @@ src_install() { insinto "/usr/share/dnscrypt-proxy" doins -r "utils/generate-domains-blacklists/." - newinitd "${FILESDIR}"/dnscrypt-proxy-2.initd dnscrypt-proxy - newconfd "${FILESDIR}"/dnscrypt-proxy-2.confd dnscrypt-proxy - systemd_newunit "${FILESDIR}"/dnscrypt-proxy-2.service dnscrypt-proxy.service - systemd_newunit "${FILESDIR}"/dnscrypt-proxy-2.socket dnscrypt-proxy.socket + newinitd "${FILESDIR}"/dnscrypt-proxy.initd dnscrypt-proxy + newconfd "${FILESDIR}"/dnscrypt-proxy.confd dnscrypt-proxy + systemd_newunit "${FILESDIR}"/dnscrypt-proxy.service dnscrypt-proxy.service + systemd_newunit "${FILESDIR}"/dnscrypt-proxy.socket dnscrypt-proxy.socket einstalldocs } diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.15.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.15.ebuild new file mode 100644 index 000000000000..5b04253b9c9b --- /dev/null +++ b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.15.ebuild @@ -0,0 +1,97 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +EGO_PN="github.com/jedisct1/${PN}" + +inherit fcaps golang-build systemd user + +DESCRIPTION="A flexible DNS proxy, with support for encrypted DNS protocols" +HOMEPAGE="https://github.com/jedisct1/dnscrypt-proxy" +SRC_URI="https://${EGO_PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="ISC" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" + +FILECAPS=( cap_net_bind_service+ep usr/bin/dnscrypt-proxy ) +PATCHES=( "${FILESDIR}"/config-full-paths-r10.patch ) + +pkg_setup() { + enewgroup dnscrypt-proxy + enewuser dnscrypt-proxy -1 -1 /var/empty dnscrypt-proxy +} + +src_prepare() { + default + # Create directory structure suitable for building + mkdir -p "src/${EGO_PN%/*}" || die + mv "${PN}" "src/${EGO_PN}" || die + mv "vendor" "src/" || die +} + +src_install() { + dobin dnscrypt-proxy + + insinto /etc/dnscrypt-proxy + newins "src/${EGO_PN}"/example-dnscrypt-proxy.toml dnscrypt-proxy.toml + doins "src/${EGO_PN}"/example-{blacklist.txt,whitelist.txt} + doins "src/${EGO_PN}"/example-{cloaking-rules.txt,forwarding-rules.txt} + + insinto "/usr/share/dnscrypt-proxy" + doins -r "utils/generate-domains-blacklists/." + + newinitd "${FILESDIR}"/dnscrypt-proxy.initd dnscrypt-proxy + newconfd "${FILESDIR}"/dnscrypt-proxy.confd dnscrypt-proxy + systemd_newunit "${FILESDIR}"/dnscrypt-proxy.service dnscrypt-proxy.service + systemd_newunit "${FILESDIR}"/dnscrypt-proxy.socket dnscrypt-proxy.socket + + einstalldocs +} + +pkg_postinst() { + fcaps_pkg_postinst + + if ! use filecaps; then + ewarn "'filecaps' USE flag is disabled" + ewarn "${PN} will fail to listen on port 53" + ewarn "please do one the following:" + ewarn "1) re-enable 'filecaps'" + ewarn "2) change port to > 1024" + ewarn "3) configure to run ${PN} as root (not recommended)" + ewarn + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if [[ ${v} == 1.* ]] ; then + elog "Version 2 is a complete rewrite of ${PN}" + elog "please clean up old config/log files" + elog + fi + if [[ ${v} == 2.* ]] ; then + elog "As of version 2.0.12 of ${PN} runs as an 'dnscrypt-proxy' user/group" + elog "you can remove obsolete 'dnscrypt' accounts from the system" + elog + fi + done + + if systemd_is_booted || has_version sys-apps/systemd; then + elog "Using systemd socket activation may cause issues with speed" + elog "latency and reliability of ${PN} and is discouraged by upstream" + elog "Existing installations advised to disable 'dnscrypt-proxy.socket'" + elog "It is disabled by default for new installations" + elog "check "$(systemd_get_systemunitdir)/${PN}.service" for details" + elog + + fi + + elog "After starting the service you will need to update your" + elog "/etc/resolv.conf and replace your current set of resolvers" + elog "with:" + elog + elog "nameserver 127.0.0.1" + elog + elog "Also see https://github.com/jedisct1/${PN}/wiki" +} diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.confd b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.confd deleted file mode 100644 index 492b2fc22940..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.confd +++ /dev/null @@ -1,3 +0,0 @@ -#DNSCRYPT_PROXY_OPTS="-config /etc/dnscrypt-proxy/dnscrypt-proxy.toml" -#DNSCRYPT_PROXY_USER="dnscrypt-proxy" -#DNSCRYPT_PROXY_GROUP="dnscrypt-proxy" diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.initd b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.initd deleted file mode 100644 index 4a46acdc4bb3..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.initd +++ /dev/null @@ -1,19 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -command="/usr/bin/dnscrypt-proxy" -command_args="${DNSCRYPT_PROXY_OPTS:--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml}" -command_user="${DNSCRYPT_PROXY_USER:-dnscrypt-proxy}:${DNSCRYPT_PROXY_GROUP:-dnscrypt-proxy}" -pidfile="/run/${RC_SVCNAME}.pid" -start_stop_daemon_args="--background --make-pidfile" - -depend() { - use net logger - provide dns -} - -start_pre() { - checkpath -q -d -m 0775 -o "${command_user}" /var/cache/"${RC_SVCNAME}" - checkpath -q -d -m 0775 -o "${command_user}" /var/log/"${RC_SVCNAME}" -} diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.service b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.service deleted file mode 100644 index ed02955621ba..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.service +++ /dev/null @@ -1,39 +0,0 @@ -[Unit] -Description=DNSCrypt-proxy client -Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki - -## systemd sockets - Do not enable unless you are very familiar with the systemd socket activation mechanism. -## Always try without systemd sockets before reporting any issues related to speed, latency or reliability. -## If you enable this, the `listen_addresses` list in the main configuration file can be empty. -## Or, at least, the addresses it contains should not overlap with the systemd socket addresses. - -# Requires=dnscrypt-proxy.socket - -After=network.target -Wants=network.target -Before=nss-lookup.target -Wants=nss-lookup.target - -[Service] -ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml -NonBlocking=true - -DynamicUser=yes - -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes - -CacheDirectory=dnscrypt-proxy -ConfigurationDirectory=dnscrypt-proxy -LogsDirectory=dnscrypt-proxy -RuntimeDirectory=dnscrypt-proxy - -## Allow binding to 127.0.0.1:53 as non-root user -## without the .socket unit -CapabilityBoundingSet=CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_BIND_SERVICE - -[Install] -Also=dnscrypt-proxy.socket -WantedBy=multi-user.target diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.socket b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.socket deleted file mode 100644 index ea38c90e8a5d..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.socket +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=DNSCrypt-proxy socket -Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki - -[Socket] -## Listen on TCP socket. -ListenStream=127.0.0.1:53 - -## Listen on UDP socket. -ListenDatagram=127.0.0.1:53 - -## Below options are valid only for TCP socket. -## Applying them to UDP socket will result in warnings: -## TCP_NODELAY failed: Protocol not available -## TCP_DEFER_ACCEPT failed: Protocol not available -## Those can be safely ignored. -NoDelay=true -DeferAcceptSec=1 - -[Install] -WantedBy=sockets.target diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf deleted file mode 100644 index 52487c09c878..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf +++ /dev/null @@ -1,242 +0,0 @@ -###################################################### -# # -# Sample configuration file for dnscrypt-proxy # -# # -###################################################### - - -############## Resolver settings ############## - -## [CHANGE THIS] Short name of the resolver to use -## Usually the only thing you need to change in this configuration file. -## This corresponds to the first column in the dnscrypt-resolvers.csv file. -## Alternatively, "random" (without quotes) picks a random random resolver -## accessible over IPv4, that doesn't log and supports DNSSEC. - -ResolverName random - - -## Full path to the list of available DNSCrypt resolvers (dnscrypt-resolvers.csv) -## An up-to-date list is available here: -## https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv -## and the dnscrypt-update-resolvers.sh script can be used in order to -## automatically download and verify updates. - -ResolversList /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv - - -## Manual settings, only for a custom resolver not present in the CSV file - -#ProviderName 2.dnscrypt.some.provider.name.tld -#ProviderKey 0000:1111:2222:3333:4444:5555:6666:7777:8888:9999:AAAA:BBBB:CCCC:DDDD:EEEE:FFFF -#ResolverAddress 111.222.333.444:56789 - - - -############## Process options ############## - -## [NOT AVAILABLE ON WINDOWS] Run the proxy as a background process. -## Unless you are using systemd, you probably want to change this to "yes" -## after having verified that the rest of the configuration works as expected. - -Daemonize yes - - -## Write the PID number to a file - -PidFile /run/dnscrypt-proxy.pid - - -## [NOT AVAILABLE ON WINDOWS] Start the process, bind the required ports, and -## run the server as a less-privileged system user. -## The value for this parameter is a user name. - -User dnscrypt - - -############## Network/protocol settings ############## - -## Local address and port to listen to. -## A 127.0.0.x address is recommended for local use, but 0.0.0.0 or -## a specific interface address can be used on a router, or to -## configure a single machine to act as a DNS proxy for different -## devices. -## If the socket is created by systemd, the proxy cannot change the address -## using this option. You should edit systemd's dnscrypt-proxy.socket file -## instead. - -LocalAddress 127.0.0.1:53 - - -## Cache DNS responses to avoid outgoing traffic when the same queries -## are repeated multiple times in a row. - -LocalCache on - - -## Creates a new key pair for every query. -## This prevents logging servers from correlating client public keys with -## IP addresses. However, this option implies extra CPU load, and is not -## very useful with trusted/non-logging servers. - -EphemeralKeys off - - -## Maximum number of active requests waiting for a response. -## Keep it reasonable relative to the expected number of clients. - -# MaxActiveRequests 250 - - -## This is the maximum payload size allowed when using the UDP protocol. -## The default is safe, and rarely needs to be changed. - -# EDNSPayloadSize 1252 - - -## Ignore the time stamps when checking the certificates -## Do not enable this option ever, unless you know that you need it. - -# IgnoreTimestamps no - - -## Do not send queries using UDP. Only use TCP. -## Even if some resolvers mitigate this, DNS over TCP is almost always slower -## than UDP and doesn't offer additional security. -## Only enable this option if UDP doesn't work on your network. - -# TCPOnly no - - -## Forward queries for specific zones to one or more non-DNSCrypt resolvers. -## For instance, this can be used to redirect queries for local domains to -## the router, or queries for an internal domain to an internal DNS server. -## Multiple whitespace-delimited zones and IP addresses can be specified. -## Do not enable this unless you absolutely know you need it. -## If you see useless queries to these zones, you'd better block them with -## the BlackList feature instead of sending them in clear text to the router. -## This uses a plugin that requires dnscrypt-proxy to be compiled with -## the ldns library. - -#Forward domains:"localdomain" to:"192.168.0.1" - - -############## Logging ############## - -## Log the received DNS queries to a file, so you can watch in real-time what -## is happening on the network. -## The value for this parameter is a full path to the log file. -## The file name can be prefixed with ltsv: in order to store logs using the -## LTSV format (ex: ltsv:/tmp/dns-queries.log). - -# QueryLogFile /tmp/dns-queries.log - - -## Log file to write server errors and information to. -## If you use this tool for privacy, keeping logs of any kind is usually not -## a good idea. - -# LogFile /var/log/dnscrypt-proxy.log - - -## Don't log events with priority above this log level after the service has -## been started up. Default is 6. -## Valid values are between 0 (critical) to 7 (debug-level messages). - -# LogLevel 6 - - -## [NOT AVAILABLE ON WINDOWS] Send server logs to the syslog daemon -## Log entries can optionally be prefixed with a string. - -Syslog on -# SyslogPrefix dnscrypt - - - -############## Local filtering ############## - -## If your network doesn't support IPv6, chances are that your -## applications are still constantly trying to resolve IPv6 addresses, -## causing unnecessary slowdowns. -## This causes the proxy to immediately reply to IPv6 requests, -## without having to send a useless request to upstream resolvers, and -## having to wait for a response. -## This uses a plugin that requires dnscrypt-proxy to be compiled with -## the ldns library. - -BlockIPv6 no - - -## Want to filter ads, malware, sensitive or inappropriate websites and -## domain names? This feature can block lists of IP addresses and names -## matching a list of patterns. The list of rules remains private, and -## the filtering process directly happens on your own network. In order -## to filter IP addresses, the list of IPs has to be put into a text -## file, with one IP address per line. Lists of domain names can also be -## blocked as well. Put the list into a text file, one domain per line. -## Domains can include wildcards (*) in order to match patterns. For -## example *sex* will match any name that contains the sex substring, and -## ads.* will match anything starting with ads. The Internet has plenty -## of free feeds of IP addresses and domain names used for malware, -## phishing and spam that you can use with this feature. -## -## This uses a plugin that requires dnscrypt-proxy to be compiled with -## the ldns library. -## -## To enable, uncomment one of the following definitions: - -## Block query names matching the rules stored in that file: -# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" - -## Block responses whose IP addresses match IPs stored in that file: -# BlackList ips:"/etc/dnscrypt-blacklist-ips.txt" - -## Block both domain names and IP addresses: -# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" ips:"/etc/dnscrypt-blacklist-ips.txt" - -## Same as the above + log the blocked queries in a file. -## The log file can be prefixed with ltsv: (ex: ltsv:/tmp/log.txt) in order to -## store logs using the LTSV format. -# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" logfile:"/var/log/dnscrypt-blocked.log" -# BlackList ips:"/etc/dnscrypt-blacklist-ips.txt" logfile:"/var/log/dnscrypt-blocked.log" -# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" ips:"/etc/dnscrypt-blacklist-ips.txt" logfile:"/var/log/dnscrypt-blocked.log" - - - -############## User identification ############## - -## Use a client public key for identification -## By default, the client uses a randomized key pair in order to make tracking -## more difficult. This option does the opposite and uses a static key pair, so -## that DNS providers can offer premium services to queries signed with a known -## set of public keys. A client cannot decrypt the received responses without -## also knowing the secret key. -## The value for this property is the path to a file containing the secret key, -## encoded as a hexadecimal string. The corresponding public key is computed -## automatically. - -# ClientKey /etc/dnscrypt-client-secret.key - - - -############## Monitoring ############## - -## Do not actually start the proxy, but check that a valid certificate can be -## retrieved from the server and that it will remain valid for the specified -## time period. The process exit code is 0 if a valid certificate can be used, -## 2 if no valid certificates can be used, 3 if a timeout occurred, and 4 if a -## currently valid certificate is going to expire before the given margin. -## Useful in a cron job to monitor your own dnscrypt-servers. -## The margin is specified in minutes. - -# Test 2880 - - - -############## Recursive configuration ############## - -## A configuration file can include other configuration files by inserting -## the `Include` directive anywhere (the full path required, no quotes): - -# Include /etc/dnscrypt-proxy-common.conf diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd new file mode 100644 index 000000000000..a8db66a6ecd5 --- /dev/null +++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd @@ -0,0 +1,4 @@ +#rc_use="tor" +#DNSCRYPT_PROXY_OPTS="-config /etc/dnscrypt-proxy/dnscrypt-proxy.toml" +#DNSCRYPT_PROXY_USER="dnscrypt-proxy" +#DNSCRYPT_PROXY_GROUP="dnscrypt-proxy" diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r1 deleted file mode 100644 index 9137e1836fe0..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r1 +++ /dev/null @@ -1 +0,0 @@ -DNSCRYPT_OPTS="/etc/dnscrypt-proxy.conf" diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd new file mode 100644 index 000000000000..4a46acdc4bb3 --- /dev/null +++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd @@ -0,0 +1,19 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +command="/usr/bin/dnscrypt-proxy" +command_args="${DNSCRYPT_PROXY_OPTS:--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml}" +command_user="${DNSCRYPT_PROXY_USER:-dnscrypt-proxy}:${DNSCRYPT_PROXY_GROUP:-dnscrypt-proxy}" +pidfile="/run/${RC_SVCNAME}.pid" +start_stop_daemon_args="--background --make-pidfile" + +depend() { + use net logger + provide dns +} + +start_pre() { + checkpath -q -d -m 0775 -o "${command_user}" /var/cache/"${RC_SVCNAME}" + checkpath -q -d -m 0775 -o "${command_user}" /var/log/"${RC_SVCNAME}" +} diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r1 deleted file mode 100644 index 08196ff1a7c9..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r1 +++ /dev/null @@ -1,11 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -command="/usr/sbin/dnscrypt-proxy" -command_args="${DNSCRYPT_OPTS}" -pidfile="/run/${SVCNAME}.pid" - -depend() { - use net dns logger -} diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service new file mode 100644 index 000000000000..ed02955621ba --- /dev/null +++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service @@ -0,0 +1,39 @@ +[Unit] +Description=DNSCrypt-proxy client +Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki + +## systemd sockets - Do not enable unless you are very familiar with the systemd socket activation mechanism. +## Always try without systemd sockets before reporting any issues related to speed, latency or reliability. +## If you enable this, the `listen_addresses` list in the main configuration file can be empty. +## Or, at least, the addresses it contains should not overlap with the systemd socket addresses. + +# Requires=dnscrypt-proxy.socket + +After=network.target +Wants=network.target +Before=nss-lookup.target +Wants=nss-lookup.target + +[Service] +ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml +NonBlocking=true + +DynamicUser=yes + +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes + +CacheDirectory=dnscrypt-proxy +ConfigurationDirectory=dnscrypt-proxy +LogsDirectory=dnscrypt-proxy +RuntimeDirectory=dnscrypt-proxy + +## Allow binding to 127.0.0.1:53 as non-root user +## without the .socket unit +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +Also=dnscrypt-proxy.socket +WantedBy=multi-user.target diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r1 deleted file mode 100644 index 8cbf5f1a4143..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r1 +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=DNSCrypt client proxy -Documentation=man:dnscrypt-proxy(8) -Requires=dnscrypt-proxy.socket -After=network.target -Before=nss-lookup.target - -[Install] -Also=dnscrypt-proxy.socket -WantedBy=multi-user.target - -[Service] -Type=simple -NonBlocking=true - -# Edit the configuration file appropriately, or the service will not start. -# See https://dnscrypt.org for more information. -ExecStart=/usr/sbin/dnscrypt-proxy /etc/dnscrypt-proxy.conf diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket new file mode 100644 index 000000000000..ea38c90e8a5d --- /dev/null +++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket @@ -0,0 +1,21 @@ +[Unit] +Description=DNSCrypt-proxy socket +Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki + +[Socket] +## Listen on TCP socket. +ListenStream=127.0.0.1:53 + +## Listen on UDP socket. +ListenDatagram=127.0.0.1:53 + +## Below options are valid only for TCP socket. +## Applying them to UDP socket will result in warnings: +## TCP_NODELAY failed: Protocol not available +## TCP_DEFER_ACCEPT failed: Protocol not available +## Those can be safely ignored. +NoDelay=true +DeferAcceptSec=1 + +[Install] +WantedBy=sockets.target diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket-r1 deleted file mode 100644 index 5ee0e4502cf1..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket-r1 +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=dnscrypt-proxy listening socket - -[Socket] -ListenStream=127.0.0.53:53 -ListenDatagram=127.0.0.53:53 - -[Install] -WantedBy=sockets.target diff --git a/net-dns/dnscrypt-proxy/metadata.xml b/net-dns/dnscrypt-proxy/metadata.xml index c1a85090aac5..d67745d93d23 100644 --- a/net-dns/dnscrypt-proxy/metadata.xml +++ b/net-dns/dnscrypt-proxy/metadata.xml @@ -12,15 +12,9 @@ dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder, encrypting and authenticating - requests using the DNSCrypt protocol and passing them to upstream - servers. + requests using the DNSCrypt or DNS-over-HTTPS protocol and passing them + to upstream servers. - - Enable plugin support to inspect and modify - queries and responses - Use systemd's socket activation instead of - creating the sockets itself - jedisct1/dnscrypt-proxy -- cgit v1.2.3