From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5F1141382C5 for ; Sun, 11 Feb 2018 21:21:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7C56AE0ACD; Sun, 11 Feb 2018 21:21:27 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 49408E0ACD for ; Sun, 11 Feb 2018 21:21:27 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id BEECF335C05 for ; Sun, 11 Feb 2018 21:21:25 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 48E1A1F3 for ; Sun, 11 Feb 2018 21:21:24 +0000 (UTC) From: "Michał Górny" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Michał Górny" Message-ID: <1518383750.24cb0cb2acf666aac1803cadf366ed0378a07574.mgorny@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-dns/dnscrypt-proxy/files/, net-dns/dnscrypt-proxy/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-dns/dnscrypt-proxy/Manifest net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.0.ebuild net-dns/dnscrypt-proxy/files/config-full-paths-r2.patch net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r2 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r2 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r2 X-VCS-Directories: net-dns/dnscrypt-proxy/files/ net-dns/dnscrypt-proxy/ X-VCS-Committer: mgorny X-VCS-Committer-Name: Michał Górny X-VCS-Revision: 24cb0cb2acf666aac1803cadf366ed0378a07574 X-VCS-Branch: master Date: Sun, 11 Feb 2018 21:21:24 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 969b11f8-90d4-4486-8ea6-4223bfba06f2 X-Archives-Hash: 0a1bcd4fe3660530b6d011078ed5441d commit: 24cb0cb2acf666aac1803cadf366ed0378a07574 Author: Georgy Yakovlev sysdump net> AuthorDate: Sun Feb 11 08:00:49 2018 +0000 Commit: Michał Górny gentoo org> CommitDate: Sun Feb 11 21:15:50 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24cb0cb2 net-dns/dnscrypt-proxy: bump to 2.0.0, a completely new rewrite in go Closes: https://bugs.gentoo.org/647110 Closes: https://github.com/gentoo/gentoo/pull/7152 Package-Manager: Portage-2.3.19, Repoman-2.3.6 net-dns/dnscrypt-proxy/Manifest | 1 + net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.0.ebuild | 88 ++++++++++++++++++++ .../files/config-full-paths-r2.patch | 95 ++++++++++++++++++++++ .../dnscrypt-proxy/files/dnscrypt-proxy.confd-r2 | 3 + .../dnscrypt-proxy/files/dnscrypt-proxy.initd-r2 | 19 +++++ .../dnscrypt-proxy/files/dnscrypt-proxy.service-r2 | 23 ++++++ 6 files changed, 229 insertions(+) diff --git a/net-dns/dnscrypt-proxy/Manifest b/net-dns/dnscrypt-proxy/Manifest index ffe9265161e..9298a1c8f04 100644 --- a/net-dns/dnscrypt-proxy/Manifest +++ b/net-dns/dnscrypt-proxy/Manifest @@ -1 +1,2 @@ DIST dnscrypt-proxy-1.9.5.tar.bz2 1290573 BLAKE2B 8f16fdb58012e00a8b58d36364377c3bc25158b9484a8df2bd6bc98d1c9cbf5ac758997e31f95ecaeb9da2f6b7272316c5a4a1c069a39549fbc1c1b136857da0 SHA512 84c0f7587521b3a198292cf20dd71cb592ccf8a9e003abbc62c5ca112f6c5ed27c49b1642cf91f403d52b4147e25f24af540b65cecfcf93814338329097df836 +DIST dnscrypt-proxy-2.0.0.tar.gz 725490 BLAKE2B d4c116f81d304b9b3a883ba6b414e2fef810f50ecea9a9175246d02f2755c3e11c9940fed0dfc221e419820e001abc74e4bf4478abb2222b548461ad09f3f57d SHA512 c87420c09fc45496901b0c21ae972283f05c508b07249450de504ba5e287128c2c5e0f772b181ddb2f6478cb6d66e72617e3b0679f47f3b15dde80c92d2ef7ba diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.0.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.0.ebuild new file mode 100644 index 00000000000..5e497f13532 --- /dev/null +++ b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.0.ebuild @@ -0,0 +1,88 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +EGO_PN="github.com/jedisct1/${PN}" + +inherit fcaps golang-build systemd user + +DESCRIPTION="A flexible DNS proxy, with support for encrypted DNS protocols" +HOMEPAGE="https://github.com/jedisct1/dnscrypt-proxy" +SRC_URI="https://${EGO_PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="ISC" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +FILECAPS=( cap_net_bind_service+ep usr/bin/dnscrypt-proxy ) +PATCHES=( "${FILESDIR}"/config-full-paths-r2.patch ) + +pkg_setup() { + enewgroup dnscrypt + enewuser dnscrypt -1 -1 /var/empty dnscrypt +} + +src_compile() { + # Create directory structure suitable for building + mkdir -p "src/${EGO_PN%/*}" || die + mv "${PN}" "src/${EGO_PN}" || die + mv "vendor" "src/" || die + golang-build_src_compile +} + +src_install() { + dobin dnscrypt-proxy + + insinto /etc/dnscrypt-proxy + newins "src/${EGO_PN}"/example-dnscrypt-proxy.toml dnscrypt-proxy.toml + doins "src/${EGO_PN}"/example-{blacklist.txt,cloaking-rules.txt,forwarding-rules.txt} + + insinto "/usr/share/dnscrypt-proxy" + doins -r "utils/generate-domains-blacklists/." + + newinitd "${FILESDIR}"/dnscrypt-proxy.initd-r2 dnscrypt-proxy + newconfd "${FILESDIR}"/dnscrypt-proxy.confd-r2 dnscrypt-proxy + systemd_newunit "${FILESDIR}"/${PN}.service-r2 dnscrypt-proxy.service + systemd_dounit systemd/dnscrypt-proxy.socket + + keepdir /var/log/dnscrypt-proxy + + einstalldocs +} + +pkg_postinst() { + fcaps_pkg_postinst + + if ! use filecaps; then + ewarn "'filecaps' USE flag is disabled" + ewarn "${PN} will fail to listen on port 53 if started via OpenRC" + ewarn "please either change port to > 1024, configure to run ${PN} as root" + ewarn "or re-enable 'filecaps'" + ewarn + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if [[ ${v} == 1.* ]] ; then + elog "Version 2.x.x is a complete rewrite of ${PN}" + elog "please clean up old config/log files" + elog + fi + done + + if systemd_is_booted || has_version sys-apps/systemd; then + elog "To use systemd socket activation with ${PN} you must" + elog "set listen_addresses setting to \"[]\" in the config file" + elog "Edit ${PN}.socket if you need to change port and address" + elog + fi + + elog "After starting the service you will need to update your" + elog "/etc/resolv.conf and replace your current set of resolvers" + elog "with:" + elog + elog "nameserver 127.0.0.1" + elog + elog "Also see https://github.com/jedisct1/${PN}/wiki" +} diff --git a/net-dns/dnscrypt-proxy/files/config-full-paths-r2.patch b/net-dns/dnscrypt-proxy/files/config-full-paths-r2.patch new file mode 100644 index 00000000000..b693f1abbb3 --- /dev/null +++ b/net-dns/dnscrypt-proxy/files/config-full-paths-r2.patch @@ -0,0 +1,95 @@ +--- dnscrypt-proxy-2.0.0/dnscrypt-proxy/example-dnscrypt-proxy.toml 2018-02-06 10:33:58.000000000 -0800 ++++ dnscrypt-proxy-2.0.0/dnscrypt-proxy/dnscrypt-proxy.toml 2018-02-09 19:15:00.105927884 -0800 +@@ -85,7 +85,7 @@ + + ## log file for the application + +-# log_file = 'dnscrypt-proxy.log' ++# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log' + + + ## Use the system logger (syslog on Unix, Event Log on Windows) +@@ -140,7 +140,7 @@ + ## example.com 9.9.9.9 + ## example.net 9.9.9.9,8.8.8.8 + +-# forwarding_rules = 'forwarding-rules.txt' ++# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt' + + + +@@ -156,7 +156,7 @@ + ## example.com 10.1.1.1 + ## www.google.com forcesafesearch.google.com + +-# cloaking_rules = 'cloaking-rules.txt' ++# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt' + + + +@@ -200,7 +200,7 @@ + + ## Path to the query log file (absolute, or relative to the same directory as the executable file) + +- # file = 'query.log' ++ # file = '/var/log/dnscrypt-proxy/query.log' + + + ## Query log format (currently supported: tsv and ltsv) +@@ -226,7 +226,7 @@ + + ## Path to the query log file (absolute, or relative to the same directory as the executable file) + +- # file = 'nx.log' ++ # file = '/var/log/dnscrypt-proxy/nx.log' + + + ## Query log format (currently supported: tsv and ltsv) +@@ -255,12 +255,12 @@ + + ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) + +- # blacklist_file = 'blacklist.txt' ++ # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt' + + + ## Optional path to a file logging blocked queries + +- # log_file = 'blocked.log' ++ # log_file = '/var/log/dnscrypt-proxy/blocked.log' + + + ## Optional log format: tsv or ltsv (default: tsv) +@@ -283,12 +283,12 @@ + + ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) + +- # blacklist_file = 'ip-blacklist.txt' ++ # blacklist_file = '/etc/dnscrypt-proxy/ip-blacklist.txt' + + + ## Optional path to a file logging blocked queries + +- # log_file = 'ip-blocked.log' ++ # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log' + + + ## Optional log format: tsv or ltsv (default: tsv) +@@ -357,7 +357,7 @@ + + [sources.'public-resolvers'] + url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md' +- cache_file = 'public-resolvers.md' ++ cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md' + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + refresh_delay = 72 + prefix = '' +@@ -367,7 +367,7 @@ + + # [sources.'parental-control'] + # url = 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md' +- # cache_file = 'parental-control.md' ++ # cache_file = '/var/cache/dnscrypt-proxy/parental-control.md' + # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + + diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r2 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r2 new file mode 100644 index 00000000000..9934e828b82 --- /dev/null +++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r2 @@ -0,0 +1,3 @@ +#DNSCRYPT_OPTS="--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml" +#DNSCRYPT_USER="dnscrypt" +#DNSCRYPT_GROUP="dnscrypt" diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r2 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r2 new file mode 100644 index 00000000000..dcccd83dab3 --- /dev/null +++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r2 @@ -0,0 +1,19 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +command="/usr/bin/dnscrypt-proxy" +command_args="${DNSCRYPT_OPTS:---config /etc/dnscrypt-proxy/dnscrypt-proxy.toml}" +command_user="${DNSCRYPT_USER:-dnscrypt}:${DNSCRYPT_GROUP:-dnscrypt}" +pidfile="/run/${SVCNAME}.pid" +start_stop_daemon_args="--background --make-pidfile" + +depend() { + use net logger + provide dns +} + +start_pre() { + checkpath -q -d -m 0775 -o "${command_user}" /var/cache/"${SVCNAME}" + checkpath -q -d -m 0775 -o "${command_user}" /var/log/"${SVCNAME}" +} diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r2 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r2 new file mode 100644 index 00000000000..745b094aaa1 --- /dev/null +++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r2 @@ -0,0 +1,23 @@ +[Unit] +Description=DNSCrypt client proxy +Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki +Requires=dnscrypt-proxy.socket +After=network.target +Before=nss-lookup.target +Wants=nss-lookup.target + +[Install] +Also=dnscrypt-proxy.socket +WantedBy=multi-user.target + +[Service] +User=dnscrypt +Group=dnscrypt +Type=simple +NonBlocking=true +ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml +ProtectHome=true +CacheDirectory=dnscrypt-proxy +LogsDirectory=dnscrypt-proxy +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE