Commit 5213bcab authored by Stuart Cardall's avatar Stuart Cardall Committed by Natanael Copa

Revised dnscrypt-proxy setup script

I did a little more testing on the /sbin/setup-dnscrypt script (once I
knew I could install the APK's I made). This fixes previous bugs with
setting up dns caching (a 2nd loopback is created & the proxy now
listens on 127.0.0.2:40 by default if caching is enabled). Errors in
setting up & starting the services are also fixed.
parent d6ffa09d
......@@ -2,7 +2,7 @@
# Maintainer: Francesco Colista <francesco.colista@gmail.com>
pkgname=dnscrypt-proxy
pkgver=1.3.3
pkgrel=0
pkgrel=1
pkgdesc="A tool for securing communications between a client and a DNS resolver"
url="http://dnscrypt.org/"
arch="x86"
......@@ -55,12 +55,12 @@ package() {
md5sums="6a10b1d6018bfeed9a6dbc3b49cc39d8 dnscrypt-proxy-1.3.3.tar.gz
fc51d5d38e7f3066221300fff821d81f dnscrypt-proxy.initd
223bc3032b229ca961bec2a3f3c44d4d dnscrypt-proxy.confd
e946f54916c8ed0f9a1cd6860112f10b dnscrypt-proxy.setup"
b24f47765020c342ba6df8c65f4f593d dnscrypt-proxy.setup"
sha256sums="b797b1cc2ce6b7a01bc8a8d119367971f0cff20beea506cd0aeaa613fd5eaa24 dnscrypt-proxy-1.3.3.tar.gz
a56cb07b4bcedd0e9bb994f93f5f721c276ba61b576c3059a1bfad4e56c786ac dnscrypt-proxy.initd
8291300235a79932ce753f948f850d0817f374159f28bfbbf527f8a3dcefb1c7 dnscrypt-proxy.confd
ed52fe94bb01ae4494324520a6f9235048ad144009bc424017c9056e2d51f7bc dnscrypt-proxy.setup"
1b07365a4859ba94fa39cf1ed017744995876f75cbfc62b9865401b41723f96e dnscrypt-proxy.setup"
sha512sums="e0d668446eaf65dce358b6d90fc7cf9905e49e267f0ff6c4d399c54b4ccc13d1c9f9622ac68f5fd992ce0b0c275b4e07bd98bc35404c822f521f20a244287dce dnscrypt-proxy-1.3.3.tar.gz
e5516c7e1fd6baf391059407aee65a837c7324698f15a675d0368fd34de10f023fe39671e95bc951bee260254fb4e3613fde6045cdf2faf085f322b769969864 dnscrypt-proxy.initd
70be47b2954bb95341a678b3e6d68c8684e16644b8162b52c736fbac314928e1fa1d7fa9f97b4034b38d443808526fecd833b1d356df1a5e74a443e96e97d8e5 dnscrypt-proxy.confd
01d9c84bd14c1576fa3f0e855f4b278d7db4838829dd8e53247ba6c95beec833046fca7407f04220896219388de757134eaa0c85b62633bdc823da98538b33bd dnscrypt-proxy.setup"
9161f14bee77b935fd12fa36ed60a2dd5c74c761eb75804ddb661eabc8f1cf7dd2b6506665dbc2e0f2f92540cb18e56463409c5ec5a9ceb55635bd0aba28d949 dnscrypt-proxy.setup"
......@@ -36,18 +36,39 @@ die() {
exit 1
}
restart_interface(){
INTERFACES=$(echo | ifconfig | grep "Link encap" | sed '/lo/d' | cut -d"L" -f1)
print_question "\nChoose external interface to restart from the following:"
print_question "\n\n$INTERFACES" "[ default - eth0 ]"
read RESTART
if [ ! $RESTART ] ;then
RESTART=eth0; print_green "\nInterface: $RESTART Selected\n";
if echo $INTERFACES | grep $RESTART 1> /dev/null; then
ifdown $RESTART && ifup $RESTART
fi
fi
}
choose_ip(){
IP=none
IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }')
until echo $IPADDR | grep -e $IP 1>/dev/null
do
print_question "\nChoose dnscrypt ip from the following addresses:\n"
print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]"
read IP
if [ ! $IP ] ;then
IP=127.0.0.1; print_green "\nIP: 127.0.0.1 Selected";
fi
done
if [ ! $IP ]; then
IP=none
IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }')
until echo $IPADDR | grep -e $IP 1>/dev/null
do
print_question "\nChoose dnscrypt ip from the following addresses:\n"
print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]"
read IP
if [ ! $IP ] ;then
IP=127.0.0.1; print_green "\nIP: $IP Selected";
fi
done
else
#ip already set to 2nd loopback for dns caching
print_green "\nIP: $IP will be configured for dnscrypt-proxy";
fi
}
choose_port(){
......@@ -72,24 +93,28 @@ done
update_unbound(){
if [ -f /etc/unbound/unbound.conf ]; then
if grep 'Settings from /sbin/setup-dnscrypt' /etc/unbound/unbound.conf 1>/dev/null; then
#replace previous setting
#update forward zone
START=$(sed -n '/Settings from \/sbin\/setup-dnscrypt/=' /etc/unbound/unbound.conf)
LINE=$(expr $START + 5)
LINE=$(expr $START + 4)
sed "$LINE c \ forward-addr: $IP@$DNSPORT" /etc/unbound/unbound.conf -i
else
# allow querying of localhost
START=$(sed -n '/do-not-query-localhost:/=' /etc/unbound/unbound.conf)
sed "$START c \do-not-query-localhost: no #set by /sbin/setup-dnscrypt" /etc/unbound/unbound.conf -i
# create catch all forward zone
echo -e '##### Settings from /sbin/setup-dnscrypt #####' >> /etc/unbound/unbound.conf
echo -e 'do-not-query-localhost: no' >> /etc/unbound/unbound.conf
echo >> /etc/unbound/unbound.conf
echo -e 'forward-zone:' >> /etc/unbound/unbound.conf
echo -e ' name: "."' >> /etc/unbound/unbound.conf
echo -e " forward-addr: $IP@$DNSPORT" >> /etc/unbound/unbound.conf
fi
print_strong "\n/etc/unbound/unbound.conf settings updated to:"
print_green "--------------------------------------------------------"
print_table "do-not-query-localhost: no"
print_table ""
print_table 'forward-zone:'
print_table ' name: "."'
print_table " forward-addr: $IP@$DNSPORT"
print_green "--------------------------------------------------------\n"
print_green "--------------------------------------------------------"
fi
}
......@@ -167,7 +192,7 @@ print_green "-------------------------------------------------------------------
print_table "RESOLVER\t\t:" "$RESOLVER"
print_table "PROVIDER\t\t:" "$PROVIDER"
print_table "PUBLIC KEY :" "$PUBKEY"
print_green "---------------------------------------------------------------------------------------------\n"
print_green "---------------------------------------------------------------------------------------------"
# install unbound
if ! which unbound 1> /dev/null; then
......@@ -178,9 +203,31 @@ if ! which unbound 1> /dev/null; then
fi
fi
# check for / setup secondary loopback for dns caching
if which unbound 1> /dev/null && ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then
print_question "Configure DNS Caching (this will create a 2nd loopback interface @ 127.0.0.2) " "[ Y / N ]"
read install2ndloop
if [ "$install2ndloop" = "Y" ] || [ "$install2ndloop" = "y" ]; then
IP=127.0.0.2
echo "auto lo:1" >> /etc/network/interfaces
echo "iface lo:1 inet static" >> /etc/network/interfaces
echo "address 127.0.0.2" >> /etc/network/interfaces
echo "netmask 255.0.0.0" >> /etc/network/interfaces
ifconfig lo:1 127.0.0.2 up
fi
fi
# choose dnscrypt ip address port
print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]"
read updateip
if ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then
print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]"
read updateip
else
#ip is already the 2nd loopback
updateip=Y; IP=127.0.0.2
print_green "\nDNS Caching configured"
fi
if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then
choose_ip; choose_port
......@@ -200,20 +247,23 @@ if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then
# update resolv.conf & unbound
LINE=$(sed -n '/nameserver/=' /etc/resolv.conf)
sed "$LINE c nameserver $IP" /etc/resolv.conf -i
sed "$LINE c nameserver 127.0.0.1" /etc/resolv.conf -i
update_unbound
restart_interface
# add / restart services
for srv in "unbound dnscrypt-proxy"; do
for srv in "unbound" "dnscrypt-proxy"; do
if which $srv 1> /dev/null; then
if ! rc-status | grep $srv; then
rc-status default | grep $srv 1> /dev/null
if [ "$?" != "0" ]; then
rc-update add $srv default
fi
rc-service $srv restart
fi
done
print_strong "/etc/conf.d/dnscrypt-proxy Listening Address updated to:"
print_strong "\n/etc/conf.d/dnscrypt-proxy Listening Address updated to:"
print_green "--------------------------------------------------------"
print_table "DNSCRYPT_LOCALIP=$IP:$DNSPORT"
print_green "--------------------------------------------------------\n"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment