1 |
commit: 0b06988e696c9be3c361b61b632225bf0adb0d70 |
2 |
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Dec 26 23:57:05 2015 +0000 |
4 |
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Dec 27 00:05:20 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b06988e |
7 |
|
8 |
net-dns/dnscrypt-proxy: ease of use improvements. |
9 |
|
10 |
Make it possible to select easily select resolver using the |
11 |
upstream-provided CSV file, rather than having to manually specify |
12 |
parameters. Keep the default as the same Cisco OpenDNS provider. |
13 |
|
14 |
Also use ephemeral keys by default to improve security. |
15 |
|
16 |
Package-Manager: portage-2.2.24 |
17 |
|
18 |
.../dnscrypt-proxy/dnscrypt-proxy-1.6.0-r1.ebuild | 58 +++++++++++++++++++++ |
19 |
.../files/dnscrypt-proxy.confd-1.6.0-r1 | 13 +++++ |
20 |
.../files/dnscrypt-proxy.initd-1.6.0-r1 | 60 ++++++++++++++++++++++ |
21 |
3 files changed, 131 insertions(+) |
22 |
|
23 |
diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.6.0-r1.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.6.0-r1.ebuild |
24 |
new file mode 100644 |
25 |
index 0000000..5d52ce9 |
26 |
--- /dev/null |
27 |
+++ b/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.6.0-r1.ebuild |
28 |
@@ -0,0 +1,58 @@ |
29 |
+# Copyright 1999-2015 Gentoo Foundation |
30 |
+# Distributed under the terms of the GNU General Public License v2 |
31 |
+# $Id$ |
32 |
+ |
33 |
+EAPI=5 |
34 |
+ |
35 |
+inherit systemd user |
36 |
+ |
37 |
+DESCRIPTION="A tool for securing communications between a client and a DNS resolver" |
38 |
+HOMEPAGE="http://dnscrypt.org/" |
39 |
+SRC_URI="http://download.dnscrypt.org/${PN}/${P}.tar.gz" |
40 |
+ |
41 |
+LICENSE="ISC" |
42 |
+SLOT="0" |
43 |
+KEYWORDS="~amd64 ~x86" |
44 |
+IUSE="+plugins systemd" |
45 |
+ |
46 |
+CDEPEND=" |
47 |
+ dev-libs/libsodium |
48 |
+ net-libs/ldns |
49 |
+ systemd? ( sys-apps/systemd )" |
50 |
+RDEPEND="${CDEPEND}" |
51 |
+DEPEND="${CDEPEND} |
52 |
+ virtual/pkgconfig" |
53 |
+ |
54 |
+DOCS="AUTHORS ChangeLog NEWS README* TECHNOTES THANKS" |
55 |
+ |
56 |
+pkg_setup() { |
57 |
+ enewgroup dnscrypt |
58 |
+ enewuser dnscrypt -1 -1 /var/empty dnscrypt |
59 |
+} |
60 |
+ |
61 |
+src_configure() { |
62 |
+ econf \ |
63 |
+ $(use_enable plugins) \ |
64 |
+ $(use_with systemd) |
65 |
+} |
66 |
+ |
67 |
+src_install() { |
68 |
+ default |
69 |
+ |
70 |
+ newinitd "${FILESDIR}"/${PN}.initd-1.6.0-r1 ${PN} |
71 |
+ newconfd "${FILESDIR}"/${PN}.confd-1.6.0-r1 ${PN} |
72 |
+ systemd_dounit "${FILESDIR}"/${PN}.service |
73 |
+} |
74 |
+ |
75 |
+pkg_postinst() { |
76 |
+ elog "After starting the service you will need to update your" |
77 |
+ elog "/etc/resolv.conf and replace your current set of resolvers" |
78 |
+ elog "with:" |
79 |
+ elog |
80 |
+ elog "nameserver <DNSCRYPT_LOCALIP>" |
81 |
+ elog |
82 |
+ elog "where <DNSCRYPT_LOCALIP> is what you supplied in" |
83 |
+ elog "/etc/conf.d/dnscrypt-proxy, default is \"127.0.0.1\"." |
84 |
+ elog |
85 |
+ elog "Also see https://github.com/jedisct1/dnscrypt-proxy#usage." |
86 |
+} |
87 |
|
88 |
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-1.6.0-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-1.6.0-r1 |
89 |
new file mode 100644 |
90 |
index 0000000..5b1b28d |
91 |
--- /dev/null |
92 |
+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-1.6.0-r1 |
93 |
@@ -0,0 +1,13 @@ |
94 |
+DNSCRYPT_LOCALIP=127.0.0.1 |
95 |
+DNSCRYPT_LOCALPORT=53 |
96 |
+DNSCRYPT_USER=dnscrypt |
97 |
+DNSCRYPT_OPTIONS="--ephemeral-keys" |
98 |
+# Pick exactly ONE of the following sets: |
99 |
+# option 1) selection from CSV file, uses the first column as the key |
100 |
+DNSCRYPT_RESOLVER_NAME=cisco # Cisco OpenDNS |
101 |
+DNSCRYPT_RESOLVERS_LIST=/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv |
102 |
+# option 2) manually specified parameters |
103 |
+#DNSCRYPT_RESOLVERIP=203.0.133.53 |
104 |
+#DNSCRYPT_RESOLVERPORT=443 |
105 |
+#DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.example.com |
106 |
+#DNSCRYPT_PROVIDER_KEY=1234:5678:90AB:CDEF:DEAD:BEEF:CAFE:BEA7:1234:5678:90AB:CDEF:DEAD:BEEF:CAFE:BEA7 |
107 |
|
108 |
diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-1.6.0-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-1.6.0-r1 |
109 |
new file mode 100644 |
110 |
index 0000000..e79f8f9 |
111 |
--- /dev/null |
112 |
+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-1.6.0-r1 |
113 |
@@ -0,0 +1,60 @@ |
114 |
+#!/sbin/runscript |
115 |
+# Copyright 1999-2014 Gentoo Foundation |
116 |
+# Distributed under the terms of the GNU General Public License v2 |
117 |
+# $Id$ |
118 |
+ |
119 |
+DNSCRYPT_LOGFILE=${DNSCRYPT_LOGFILE:-/var/log/dnscrypt-proxy.log} |
120 |
+DNSCRYPT_RESOLVERS_LIST=${DNSCRYPT_RESOLVERS_LIST:-/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv} |
121 |
+ |
122 |
+rundir=${rundir:-/var/run/dnscrypt-proxy} |
123 |
+pidfile=${pidfile:-${rundir}/dnscrypt-proxy.pid} |
124 |
+rundir=${rundir:-/var/run/dnscrypt-proxy} |
125 |
+runas_user=${runas_user:-dnscrypt} |
126 |
+runas_group=${runas_user:-dnscrypt} |
127 |
+ |
128 |
+depend() { |
129 |
+ use net |
130 |
+ before dns |
131 |
+ after logger |
132 |
+} |
133 |
+ |
134 |
+start() { |
135 |
+ if [ ! -d "${rundir}" ]; then |
136 |
+ mkdir "${rundir}" |
137 |
+ if [ -n "${runas_user}" ]; then |
138 |
+ touch "${DNSCRYPT_LOGFILE}" |
139 |
+ chown ${runas_user}:${runas_group} "${DNSCRYPT_LOGFILE}" |
140 |
+ chown -R ${runas_user}:${runas_group} "${rundir}" |
141 |
+ fi |
142 |
+ fi |
143 |
+ |
144 |
+ if [ -n "$DNSCRYPT_RESOLVER_NAME" -a -n "$DNSCRYPT_RESOLVERIP" ]; then |
145 |
+ eerror "You must set exactly one of DNSCRYPT_RESOLVER_NAME or DNSCRYPT_RESOLVERIP!" |
146 |
+ return 1 |
147 |
+ elif [ -n "$DNSCRYPT_RESOLVER_NAME" ]; then |
148 |
+ resolver_opts="--resolvers-list=${DNSCRYPT_RESOLVERS_LIST} --resolver-name=${DNSCRYPT_RESOLVER_NAME}" |
149 |
+ elif [ -n "$DNSCRYPT_RESOLVERIP" ]; then |
150 |
+ resolver_opts="--resolver-address=${DNSCRYPT_RESOLVERIP}:${DNSCRYPT_RESOLVERPORT} --provider-name=${DNSCRYPT_PROVIDER_NAME} --provider-key=${DNSCRYPT_PROVIDER_KEY}" |
151 |
+ else |
152 |
+ eerror "You must set exactly one of DNSCRYPT_RESOLVER_NAME or DNSCRYPT_RESOLVERIP!" |
153 |
+ return 1 |
154 |
+ fi |
155 |
+ |
156 |
+ ebegin "Starting dnscrypt-proxy" |
157 |
+ start-stop-daemon --start --quiet \ |
158 |
+ --exec /usr/sbin/dnscrypt-proxy \ |
159 |
+ -- \ |
160 |
+ ${DNSCRYPT_OPTIONS} \ |
161 |
+ --pidfile="${pidfile}" \ |
162 |
+ --logfile="${DNSCRYPT_LOGFILE}" \ |
163 |
+ --daemonize --user=${runas_user} \ |
164 |
+ --local-address=${DNSCRYPT_LOCALIP}:${DNSCRYPT_LOCALPORT} \ |
165 |
+ $resolver_opts |
166 |
+ eend $? |
167 |
+} |
168 |
+ |
169 |
+stop() { |
170 |
+ ebegin "Stopping dnscrypt-proxy" |
171 |
+ start-stop-daemon --stop --quiet --exec /usr/sbin/dnscrypt-proxy |
172 |
+ eend $? |
173 |
+} |