Commit 73e5eb1a authored by Stuart Cardall's avatar Stuart Cardall Committed by Natanael Copa

testing/dnscrypt-proxy: upgrade to to 1.33

Complete patch to bump dnscrypt-proxy to version 1.33

Minor changes to APKBUILD to build with the new sources & make-depends.

confd / initd changed to include the additional configurations to set the alternative
resolver ip / public keys.

Separate patch created to build dnscrypt's dependency libsodium / libsodium-dev
(as it no longer forms part of dnscrypt's sources).

Post-install script is just status / info using the $STRONG / $RED / $GREEN
system colours.

Added /sbin/setup-dnscrypt for changing the resolver dnscrypt queries &
optionally installing unbound for dns caching. This also uses the system terminal
colours. This no longer makes any changes to init.d, it only updates conf.d
parent b6f38e06
# Contributor: Francesco Colista <francesco.colista@gmail.com>
# Maintainer: Francesco Colista <francesco.colista@gmail.com>
pkgname=dnscrypt-proxy
pkgver=1.3.0
pkgver=1.3.3
pkgrel=0
pkgdesc="A tool for securing communications between a client and a DNS resolver"
url="http://dnscrypt.org/"
arch="x86"
license="custom"
depends=""
depends_dev=""
depends="libsodium"
depends_dev="libtool automake autoconf libsodium-dev"
makedepends="$depends_dev"
install=""
pkguser=dnscrypt
pkggroup=dnscrypt
subpackages="$pkgname-dev $pkgname-doc"
source="http://download.dnscrypt.org/$pkgname/$pkgname-$pkgver.tar.bz2
install="$pkgname.post-install $pkgname.pre-install"
pkgusers=dnscrypt
pkggroups=dnscrypt
subpackages="$pkgname-doc"
source="saveas-https://github.com/jedisct1/$pkgname/archive/$pkgver.tar.gz/$pkgname-$pkgver.tar.gz
$pkgname.initd
$pkgname.confd
$pkgname.setup
"
_builddir="$srcdir"/$pkgname-$pkgver
build() {
_builddir="$srcdir"/$pkgname-$pkgver
cd "$_builddir"/src/libsodium
make -j1 check
prepare() {
cd "$_builddir"
./autogen.sh
}
cd "$_builddir"
CFLAGS="$CFLAGS -fPIC" ./configure --prefix=/usr
make -j1
build() {
cd "$_builddir"
CFLAGS="$CFLAGS -fPIC" ./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
|| return 1
make || return 1
}
package() {
cd "$_builddir"
make DESTDIR=$pkgdir install
make DESTDIR=$pkgdir install || return 1
mkdir -p "$pkgdir"/var/log/$pkgname
mkdir -p "$pkgdir"/var/run/$pkgname
mkdir -p $pkgdir/usr/share/licenses/$pkgname
install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
install -m755 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
install -m755 -D "$srcdir"/$pkgname.setup "$pkgdir"/sbin/setup-dnscrypt
install -m 644 COPYING $pkgdir/usr/share/licenses/$pkgname
chown dnscrypt "$pkgdir"/var/log/$pkgname
chown dnscrypt "$pkgdir"/var/run/$pkgname
rm -rf $pkgdir/usr/lib/*.la
}
md5sums="33cc94dd06d23f96b4bac3efd1b20c95 dnscrypt-proxy-1.3.0.tar.bz2
9d4858771258a029d00197422d3888b8 dnscrypt-proxy.initd
a7a34c94174eca5c688e7867a87cafb3 dnscrypt-proxy.confd"
sha256sums="211ee2d75acd631b09d012229c73654c2302234d73c9f12425e1c906520dc7c5 dnscrypt-proxy-1.3.0.tar.bz2
f8b9301a8deda8413c6057788644505e622c0e12c8637f1dc7bdddf44f9cbec7 dnscrypt-proxy.initd
e4817f9c73137bf34607df3617f3fa3075ea8cb805cff948e06901ca7259e46b dnscrypt-proxy.confd"
sha512sums="b6d7e6796d24bfe8ef27a16c4e6970122965f4d9fd4f3df997fc4f46e2c762efcd6fd145df7e154c2b66b358771d1ce45f676df3810b14fb6aeec0b182e354b6 dnscrypt-proxy-1.3.0.tar.bz2
34e375faab52b381198bf50d1ce5e47be56132e7e427255782747952cf828951fec4676b523558f3f0bb46c1afa1a58b46960a3d9c550f6196f8de182a03e220 dnscrypt-proxy.initd
544133669bb1ef1ab17992035919afccb911f7f282b71f0369f055a105efe7f6b9d61c1f281f879d684f08a095559800f57e124982dd4ea33b90a12b61352009 dnscrypt-proxy.confd"
md5sums="6a10b1d6018bfeed9a6dbc3b49cc39d8 dnscrypt-proxy-1.3.3.tar.gz
fc51d5d38e7f3066221300fff821d81f dnscrypt-proxy.initd
223bc3032b229ca961bec2a3f3c44d4d dnscrypt-proxy.confd
e946f54916c8ed0f9a1cd6860112f10b dnscrypt-proxy.setup"
sha256sums="b797b1cc2ce6b7a01bc8a8d119367971f0cff20beea506cd0aeaa613fd5eaa24 dnscrypt-proxy-1.3.3.tar.gz
a56cb07b4bcedd0e9bb994f93f5f721c276ba61b576c3059a1bfad4e56c786ac dnscrypt-proxy.initd
8291300235a79932ce753f948f850d0817f374159f28bfbbf527f8a3dcefb1c7 dnscrypt-proxy.confd
ed52fe94bb01ae4494324520a6f9235048ad144009bc424017c9056e2d51f7bc dnscrypt-proxy.setup"
sha512sums="e0d668446eaf65dce358b6d90fc7cf9905e49e267f0ff6c4d399c54b4ccc13d1c9f9622ac68f5fd992ce0b0c275b4e07bd98bc35404c822f521f20a244287dce dnscrypt-proxy-1.3.3.tar.gz
e5516c7e1fd6baf391059407aee65a837c7324698f15a675d0368fd34de10f023fe39671e95bc951bee260254fb4e3613fde6045cdf2faf085f322b769969864 dnscrypt-proxy.initd
70be47b2954bb95341a678b3e6d68c8684e16644b8162b52c736fbac314928e1fa1d7fa9f97b4034b38d443808526fecd833b1d356df1a5e74a443e96e97d8e5 dnscrypt-proxy.confd
01d9c84bd14c1576fa3f0e855f4b278d7db4838829dd8e53247ba6c95beec833046fca7407f04220896219388de757134eaa0c85b62633bdc823da98538b33bd dnscrypt-proxy.setup"
DNSCRYPT_LOGFILE=/var/log/dnscrypt-proxy/dnscrypt-proxy.log
RUNDIR=/var/run/dnscrypt-proxy
PID=/var/run/dnscrypt-proxy/dnscrypt-proxy.pid
DNSCRYPT_USER=dnscrypt
DNSCRYPT_GROUP=dnscrypt
# Set here the IP where DNSCRYPT listen
DNSCRYPT_LOCALIP=127.0.0.1:53
# DNSCRYPT_LOGFILE=/var/log/dnscrypt-proxy/dnscrypt-proxy.log
# override listen address where DNSCRYPT listen
# DNSCRYPT_LOCALIP=127.0.0.1:53
# override the default OpenDNS Resolver here
# RESOLVER=208.67.220.220:443;
# PROVIDER=2.dnscrypt-cert.opendns.com
# PUBKEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79;
#!/sbin/runscript
pidfile=/var/run/dnscrypt-proxy/dnscrypt-proxy.pid
command=/usr/sbin/dnscrypt-proxy
command_args="--pidfile=$pidfile --daemonize
--logfile=${DNSCRYPT_LOGFILE:-/var/log/dnscrypt-proxy/dnscrypt-proxy.log}
--user=${DNSCRYPT_USER:-dnscrypt}
--local-address=${DNSCRYPT_LOCALIP:-127.0.0.1:53}"
depend() {
use net
before dns
after logger
after logger firewall
}
start() {
ebegin "Starting dnscrypt-proxy"
start-stop-daemon --start --quiet --pidfile=${PID} --exec /usr/sbin/dnscrypt-proxy -- -p ${PID} -l ${DNSCRYPT_LOGFILE} -d -u ${DNSCRYPT_GROUP} -a ${DNSCRYPT_LOCALIP}
eend $?
start_pre() {
checkpath --directory ${pidfile%/*}
# by default opendns is used but its possible to override
if [ -n "$RESOLVER" ] && [ -n "$PUBKEY" ] && [ -n "$PROVIDER" ]; then
command_args="$command_args -r ${RESOLVER} -k ${PUBKEY} -N ${PROVIDER}"
fi
}
stop() {
ebegin "Stopping dnscrypt-proxy"
start-stop-daemon --stop --quiet --exec /usr/sbin/dnscrypt-proxy
eend $?
}
#!/bin/sh
NORMAL="\033[1;0m"
STRONG="\033[1;1m"
GREEN="\033[1;32m"
print_strong() {
local prompt="${STRONG}$1 ${GREEN}$2${NORMAL}"
printf "${prompt} %s\n"
}
print_strong "\nTo configure alternative DNS Resolvers & DNS caching please run:" "\n\n/sbin/setup-dnscrypt\n"
exit 0
#!/bin/sh
adduser -H -h /var/empty -g dnscrypt -D -s /bin/false dnscrypt 2>/dev/null
addgroup -S dnscrypt 2>/dev/null
adduser -S -H -h /var/empty -g dnscrypt -D -s /sbin/nologin dnscrypt 2>/dev/null
exit 0
#!/bin/sh
# Contributor: IT Offshore <developer@it-offshore.co.uk>
# dnscrypt-proxy setup script to choose DNS Resolver / install & configure DNS Caching
############################################################################################
NORMAL="\033[1;0m"
STRONG="\033[1;1m"
RED="\033[1;31m"
GREEN="\033[1;32m"
print_question() {
local prompt="${STRONG}$1 ${RED}$2${NORMAL}"
printf "${prompt} %s"
}
print_strong() {
local prompt="${STRONG}$1 ${RED}$2${NORMAL}"
printf "${prompt} %s\n"
}
print_green() {
local prompt="${GREEN}${STRONG}$1 ${NORMAL}"
printf "${prompt} %s\n"
}
print_table() {
local choice="${RED}${STRONG}$1${NORMAL}"
local resolver="${STRONG}$2"
local location="${GREEN}$3"
printf "${choice} ${resolver} ${location} %s\n"
}
die() {
print_table "ERROR:" "$1" > /dev/null 1>&2
exit 1
}
choose_ip(){
IP=none
IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }')
until echo $IPADDR | grep -e $IP 1>/dev/null
do
print_question "\nChoose dnscrypt ip from the following addresses:\n"
print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]"
read IP
if [ ! $IP ] ;then
IP=127.0.0.1; print_green "\nIP: 127.0.0.1 Selected";
fi
done
}
choose_port(){
print_question "\nChoose dnscrypt port:" "[ default = 40 ]"
until [ "$DNSPORT" -gt 0 ] 2>/dev/null
do
read DNSPORT
if [ ! $DNSPORT ]; then
DNSPORT=40; print_green "\nPort: 40 Selected"
fi
case $DNSPORT in
''|*[!0-9]*) print_question "\nChoose NUMERIC dnscrypt port:" "[ default = 40 ]" ;;
*) if [ "$DNSPORT" -gt 65535 ]; then
print_question "\nPlease choose a valid port" "[1 - 65535]";
DNSPORT=0;
fi;;
esac
done
}
update_unbound(){
if [ -f /etc/unbound/unbound.conf ]; then
if grep 'Settings from /sbin/setup-dnscrypt' /etc/unbound/unbound.conf 1>/dev/null; then
#replace previous setting
START=$(sed -n '/Settings from \/sbin\/setup-dnscrypt/=' /etc/unbound/unbound.conf)
LINE=$(expr $START + 5)
sed "$LINE c \ forward-addr: $IP@$DNSPORT" /etc/unbound/unbound.conf -i
else
echo -e '##### Settings from /sbin/setup-dnscrypt #####' >> /etc/unbound/unbound.conf
echo -e 'do-not-query-localhost: no' >> /etc/unbound/unbound.conf
echo >> /etc/unbound/unbound.conf
echo -e 'forward-zone:' >> /etc/unbound/unbound.conf
echo -e ' name: "."' >> /etc/unbound/unbound.conf
echo -e " forward-addr: $IP@$DNSPORT" >> /etc/unbound/unbound.conf
fi
print_strong "\n/etc/unbound/unbound.conf settings updated to:"
print_green "--------------------------------------------------------"
print_table 'forward-zone:'
print_table ' name: "."'
print_table " forward-addr: $IP@$DNSPORT"
print_green "--------------------------------------------------------\n"
fi
}
# Do some sanity checking.
if [ $(/usr/bin/id -u) != "0" ]; then
die 'Must be run by root user'
fi
clear;
print_table "\n DNSCRYPT-PROXY MANAGER"
print_green "-----------------------------------------------------------------"
print_table "1:" "OpenDNS"
print_table "2:" "Cloud NS\t\t : Canberra, Australia" "(No Logs, DNSSEC)"
print_table "3:" "Cloud NS\t\t : Canberra" "(over TOR .onion:443)"
print_table "4:" "Cloud NS\t\t : Sydney, Australia" "(No Logs, DNSSEC)"
print_table "5:" "Cloud NS\t\t : Sydney" "(over TOR .onion:443)"
print_table "6:" "OpenNIC\t\t : Japan" "(No Logs)"
print_table "7:" "DNSCrypt.eu\t\t : Holland" "(No logs, DNSSEC)"
print_table "8:" "Soltysiak.com\t : Poland" "(No logs, DNSSEC)"
print_green "-----------------------------------------------------------------"
print_question "Please choose a DNS Resolver for dnscrypt-proxy to query" "[1 - 8]:"
until [ "$DNS" -gt 0 ] 2>/dev/null
do
read DNS
case $DNS in
1) RESOLVER=208.67.220.220:443;
PROVIDER=2.dnscrypt-cert.opendns.com
PUBKEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79;;
2) RESOLVER=113.20.6.2:443;
PROVIDER=2.dnscrypt-cert.cloudns.com.au;
PUBKEY=1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4;;
3) RESOLVER=gc2tzw6lbmeagrp3.onion:443;
PROVIDER=2.dnscrypt-cert.cloudns.com.au;
PUBKEY=1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4;;
4) RESOLVER=113.20.8.17:443;
PROVIDER=2.dnscrypt-cert-2.cloudns.com.au;
PUBKEY=67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330;;
5) RESOLVER=l65q62lf7wnfme7m.onion:443;
PROVIDER=2.dnscrypt-cert-2.cloudns.com.au;
PUBKEY=67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330;;
6) RESOLVER=106.186.17.181:2053;
PROVIDER=2.dnscrypt-cert.ns2.jp.dns.opennic.glue;
PUBKEY=8768:C3DB:F70A:FBC6:3B64:8630:8167:2FD4:EE6F:E175:ECFD:46C9:22FC:7674:A1AC:2E2A;;
7) RESOLVER=176.56.237.171:443;
PROVIDER=2.dnscrypt-cert.dnscrypt.eu;
PUBKEY=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66;;
8) RESOLVER=178.216.201.222:2053;
PROVIDER=2.dnscrypt-cert.soltysiak.com;
PUBKEY=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21;;
#check for numerical input
''|0|*[!0-9]*) print_question "Please choose a NUMERIC option:" "[1 - 8]" ;;
*) if [ "$DNS" -gt 8 ]; then
print_question "Please choose an option:" "[1 - 8]";
DNS=0;
fi;;
esac
done
# remove existing Resolver config
if grep "RESOLVER" /etc/conf.d/dnscrypt-proxy 1> /dev/null; then
sed -e '/RESOLVER/d' -e '/PROVIDER/d' -e '/PUBKEY/d' /etc/conf.d/dnscrypt-proxy -i
fi
# update Resolver config
echo "RESOLVER=$RESOLVER" >> /etc/conf.d/dnscrypt-proxy
echo "PROVIDER=$PROVIDER" >> /etc/conf.d/dnscrypt-proxy
echo "PUBKEY=$PUBKEY" >> /etc/conf.d/dnscrypt-proxy
print_strong "\n/etc/conf.d/dnscrypt-proxy Resolver Settings updated to:"
print_green "---------------------------------------------------------------------------------------------"
print_table "RESOLVER\t\t:" "$RESOLVER"
print_table "PROVIDER\t\t:" "$PROVIDER"
print_table "PUBLIC KEY :" "$PUBKEY"
print_green "---------------------------------------------------------------------------------------------\n"
# install unbound
if ! which unbound 1> /dev/null; then
print_question "Install Unbound (Caching DNS Server)" "[ Y / N ]"
read installsrv
if [ "$installsrv" = "Y" ] || [ "$installsrv" = "y" ]; then
apk add -q unbound
fi
fi
# choose dnscrypt ip address port
print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]"
read updateip
if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then
choose_ip; choose_port
# update dnscrypt listening ip & port
LINE=$(sed -n '/DNSCRYPT_LOCALIP=/=' /etc/conf.d/dnscrypt-proxy)
sed "$LINE c DNSCRYPT_LOCALIP=$IP:$DNSPORT" /etc/conf.d/dnscrypt-proxy -i
# update dhclient.conf
if [ -f /etc/dhcp/dhclient.conf ]; then
if grep 'supersede domain-name-servers' /etc/dhcp/dhclient.conf 1>/dev/null; then
LINE=$(sed -n '/supersede domain-name-servers/=' /etc/dhcp/dhclient.conf)
sed "$LINE c supersede domain-name-servers $IP" /etc/dhcp/dhclient.conf -i
else
echo "supersede domain-name-servers $IP" >> /etc/dhcp/dhclient.conf
fi
fi
# update resolv.conf & unbound
LINE=$(sed -n '/nameserver/=' /etc/resolv.conf)
sed "$LINE c nameserver $IP" /etc/resolv.conf -i
update_unbound
# add / restart services
for srv in "unbound dnscrypt-proxy"; do
if which $srv 1> /dev/null; then
if ! rc-status | grep $srv; then
rc-update add $srv default
fi
rc-service $srv restart
fi
done
print_strong "/etc/conf.d/dnscrypt-proxy Listening Address updated to:"
print_green "--------------------------------------------------------"
print_table "DNSCRYPT_LOCALIP=$IP:$DNSPORT"
print_green "--------------------------------------------------------\n"
fi
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment