[gentoo-commits] repo/gentoo:master commit in: net-dns/dnscrypt-proxy/, net-dns/dnscrypt-proxy/files/ - gentoo-commits

From:	"Robin H. Johnson" <robbat2@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-dns/dnscrypt-proxy/, net-dns/dnscrypt-proxy/files/
Date:	Sun, 27 Dec 2015 00:05:40
Message-Id:	`1451174720.0b06988e696c9be3c361b61b632225bf0adb0d70.robbat2@gentoo`

1

commit:     0b06988e696c9be3c361b61b632225bf0adb0d70

2

Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>

3

AuthorDate: Sat Dec 26 23:57:05 2015 +0000

4

Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>

5

CommitDate: Sun Dec 27 00:05:20 2015 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b06988e

7

8

net-dns/dnscrypt-proxy: ease of use improvements.

9

10

Make it possible to select easily select resolver using the

11

upstream-provided CSV file, rather than having to manually specify

12

parameters. Keep the default as the same Cisco OpenDNS provider.

13

14

Also use ephemeral keys by default to improve security.

15

16

Package-Manager: portage-2.2.24

17

18

 .../dnscrypt-proxy/dnscrypt-proxy-1.6.0-r1.ebuild  | 58 +++++++++++++++++++++

19

 .../files/dnscrypt-proxy.confd-1.6.0-r1            | 13 +++++

20

 .../files/dnscrypt-proxy.initd-1.6.0-r1            | 60 ++++++++++++++++++++++

21

 3 files changed, 131 insertions(+)

22

23

diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.6.0-r1.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.6.0-r1.ebuild

24

new file mode 100644

25

index 0000000..5d52ce9

26

--- /dev/null

27

+++ b/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.6.0-r1.ebuild

28

@@ -0,0 +1,58 @@

29

+# Copyright 1999-2015 Gentoo Foundation

30

+# Distributed under the terms of the GNU General Public License v2

31

+# $Id$

32

+

33

+EAPI=5

34

+

35

+inherit systemd user

36

+

37

+DESCRIPTION="A tool for securing communications between a client and a DNS resolver"

38

+HOMEPAGE="http://dnscrypt.org/"

39

+SRC_URI="http://download.dnscrypt.org/${PN}/${P}.tar.gz"

40

+

41

+LICENSE="ISC"

42

+SLOT="0"

43

+KEYWORDS="~amd64 ~x86"

44

+IUSE="+plugins systemd"

45

+

46

+CDEPEND="

47

+	dev-libs/libsodium

48

+	net-libs/ldns

49

+	systemd? ( sys-apps/systemd )"

50

+RDEPEND="${CDEPEND}"

51

+DEPEND="${CDEPEND}

52

+	virtual/pkgconfig"

53

+

54

+DOCS="AUTHORS ChangeLog NEWS README* TECHNOTES THANKS"

55

+

56

+pkg_setup() {

57

+	enewgroup dnscrypt

58

+	enewuser dnscrypt -1 -1 /var/empty dnscrypt

59

+}

60

+

61

+src_configure() {

62

+	econf \

63

+		$(use_enable plugins) \

64

+		$(use_with systemd)

65

+}

66

+

67

+src_install() {

68

+	default

69

+

70

+	newinitd "${FILESDIR}"/${PN}.initd-1.6.0-r1 ${PN}

71

+	newconfd "${FILESDIR}"/${PN}.confd-1.6.0-r1 ${PN}

72

+	systemd_dounit "${FILESDIR}"/${PN}.service

73

+}

74

+

75

+pkg_postinst() {

76

+	elog "After starting the service you will need to update your"

77

+	elog "/etc/resolv.conf and replace your current set of resolvers"

78

+	elog "with:"

79

+	elog

80

+	elog "nameserver <DNSCRYPT_LOCALIP>"

81

+	elog

82

+	elog "where <DNSCRYPT_LOCALIP> is what you supplied in"

83

+	elog "/etc/conf.d/dnscrypt-proxy, default is \"127.0.0.1\"."

84

+	elog

85

+	elog "Also see https://github.com/jedisct1/dnscrypt-proxy#usage."

86

+}

87

88

diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-1.6.0-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-1.6.0-r1

89

new file mode 100644

90

index 0000000..5b1b28d

91

--- /dev/null

92

+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-1.6.0-r1

93

@@ -0,0 +1,13 @@

94

+DNSCRYPT_LOCALIP=127.0.0.1

95

+DNSCRYPT_LOCALPORT=53

96

+DNSCRYPT_USER=dnscrypt

97

+DNSCRYPT_OPTIONS="--ephemeral-keys"

98

+# Pick exactly ONE of the following sets:

99

+# option 1) selection from CSV file, uses the first column as the key

100

+DNSCRYPT_RESOLVER_NAME=cisco # Cisco OpenDNS

101

+DNSCRYPT_RESOLVERS_LIST=/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv

102

+# option 2) manually specified parameters

103

+#DNSCRYPT_RESOLVERIP=203.0.133.53

104

+#DNSCRYPT_RESOLVERPORT=443

105

+#DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.example.com

106

+#DNSCRYPT_PROVIDER_KEY=1234:5678:90AB:CDEF:DEAD:BEEF:CAFE:BEA7:1234:5678:90AB:CDEF:DEAD:BEEF:CAFE:BEA7

107

108

diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-1.6.0-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-1.6.0-r1

109

new file mode 100644

110

index 0000000..e79f8f9

111

--- /dev/null

112

+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-1.6.0-r1

113

@@ -0,0 +1,60 @@

114

+#!/sbin/runscript

115

+# Copyright 1999-2014 Gentoo Foundation

116

+# Distributed under the terms of the GNU General Public License v2

117

+# $Id$

118

+

119

+DNSCRYPT_LOGFILE=${DNSCRYPT_LOGFILE:-/var/log/dnscrypt-proxy.log}

120

+DNSCRYPT_RESOLVERS_LIST=${DNSCRYPT_RESOLVERS_LIST:-/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv}

121

+

122

+rundir=${rundir:-/var/run/dnscrypt-proxy}

123

+pidfile=${pidfile:-${rundir}/dnscrypt-proxy.pid}

124

+rundir=${rundir:-/var/run/dnscrypt-proxy}

125

+runas_user=${runas_user:-dnscrypt}

126

+runas_group=${runas_user:-dnscrypt}

127

+

128

+depend() {

129

+	use net

130

+	before dns

131

+	after logger

132

+}

133

+

134

+start() {

135

+	if [ ! -d "${rundir}" ]; then

136

+		mkdir "${rundir}"

137

+		if [ -n "${runas_user}" ]; then

138

+			touch "${DNSCRYPT_LOGFILE}"

139

+			chown ${runas_user}:${runas_group} "${DNSCRYPT_LOGFILE}"

140

+			chown -R ${runas_user}:${runas_group} "${rundir}"

141

+		fi

142

+	fi

143

+

144

+	if [ -n "$DNSCRYPT_RESOLVER_NAME" -a -n "$DNSCRYPT_RESOLVERIP" ]; then

145

+		eerror "You must set exactly one of DNSCRYPT_RESOLVER_NAME or DNSCRYPT_RESOLVERIP!"

146

+		return 1

147

+	elif [ -n "$DNSCRYPT_RESOLVER_NAME" ]; then

148

+		resolver_opts="--resolvers-list=${DNSCRYPT_RESOLVERS_LIST} --resolver-name=${DNSCRYPT_RESOLVER_NAME}"

149

+	elif [ -n "$DNSCRYPT_RESOLVERIP" ]; then

150

+		resolver_opts="--resolver-address=${DNSCRYPT_RESOLVERIP}:${DNSCRYPT_RESOLVERPORT} --provider-name=${DNSCRYPT_PROVIDER_NAME} --provider-key=${DNSCRYPT_PROVIDER_KEY}"

151

+	else

152

+		eerror "You must set exactly one of DNSCRYPT_RESOLVER_NAME or DNSCRYPT_RESOLVERIP!"

153

+		return 1

154

+	fi

155

+

156

+	ebegin "Starting dnscrypt-proxy"

157

+	start-stop-daemon --start --quiet \

158

+		--exec /usr/sbin/dnscrypt-proxy \

159

+		-- \

160

+		${DNSCRYPT_OPTIONS} \

161

+		--pidfile="${pidfile}" \

162

+		--logfile="${DNSCRYPT_LOGFILE}" \

163

+		--daemonize --user=${runas_user} \

164

+		--local-address=${DNSCRYPT_LOCALIP}:${DNSCRYPT_LOCALPORT} \

165

+		$resolver_opts

166

+	eend $?

167

+}

168

+

169

+stop() {

170

+	ebegin "Stopping dnscrypt-proxy"

171

+	start-stop-daemon --stop --quiet --exec /usr/sbin/dnscrypt-proxy

172

+	eend $?

173

+}

1	commit: 0b06988e696c9be3c361b61b632225bf0adb0d70
2	Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
3	AuthorDate: Sat Dec 26 23:57:05 2015 +0000
4	Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
5	CommitDate: Sun Dec 27 00:05:20 2015 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b06988e
7
8	net-dns/dnscrypt-proxy: ease of use improvements.
9
10	Make it possible to select easily select resolver using the
11	upstream-provided CSV file, rather than having to manually specify
12	parameters. Keep the default as the same Cisco OpenDNS provider.
13
14	Also use ephemeral keys by default to improve security.
15
16	Package-Manager: portage-2.2.24
17
18	.../dnscrypt-proxy/dnscrypt-proxy-1.6.0-r1.ebuild \| 58 +++++++++++++++++++++
19	.../files/dnscrypt-proxy.confd-1.6.0-r1 \| 13 +++++
20	.../files/dnscrypt-proxy.initd-1.6.0-r1 \| 60 ++++++++++++++++++++++
21	3 files changed, 131 insertions(+)
22
23	diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.6.0-r1.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.6.0-r1.ebuild
24	new file mode 100644
25	index 0000000..5d52ce9
26	--- /dev/null
27	+++ b/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.6.0-r1.ebuild
28	@@ -0,0 +1,58 @@
29	+# Copyright 1999-2015 Gentoo Foundation
30	+# Distributed under the terms of the GNU General Public License v2
31	+# $Id$
32	+
33	+EAPI=5
34	+
35	+inherit systemd user
36	+
37	+DESCRIPTION="A tool for securing communications between a client and a DNS resolver"
38	+HOMEPAGE="http://dnscrypt.org/"
39	+SRC_URI="http://download.dnscrypt.org/${PN}/${P}.tar.gz"
40	+
41	+LICENSE="ISC"
42	+SLOT="0"
43	+KEYWORDS="~amd64 ~x86"
44	+IUSE="+plugins systemd"
45	+
46	+CDEPEND="
47	+ dev-libs/libsodium
48	+ net-libs/ldns
49	+ systemd? ( sys-apps/systemd )"
50	+RDEPEND="${CDEPEND}"
51	+DEPEND="${CDEPEND}
52	+ virtual/pkgconfig"
53	+
54	+DOCS="AUTHORS ChangeLog NEWS README* TECHNOTES THANKS"
55	+
56	+pkg_setup() {
57	+ enewgroup dnscrypt
58	+ enewuser dnscrypt -1 -1 /var/empty dnscrypt
59	+}
60	+
61	+src_configure() {
62	+ econf \
63	+ $(use_enable plugins) \
64	+ $(use_with systemd)
65	+}
66	+
67	+src_install() {
68	+ default
69	+
70	+ newinitd "${FILESDIR}"/${PN}.initd-1.6.0-r1 ${PN}
71	+ newconfd "${FILESDIR}"/${PN}.confd-1.6.0-r1 ${PN}
72	+ systemd_dounit "${FILESDIR}"/${PN}.service
73	+}
74	+
75	+pkg_postinst() {
76	+ elog "After starting the service you will need to update your"
77	+ elog "/etc/resolv.conf and replace your current set of resolvers"
78	+ elog "with:"
79	+ elog
80	+ elog "nameserver <DNSCRYPT_LOCALIP>"
81	+ elog
82	+ elog "where <DNSCRYPT_LOCALIP> is what you supplied in"
83	+ elog "/etc/conf.d/dnscrypt-proxy, default is \"127.0.0.1\"."
84	+ elog
85	+ elog "Also see https://github.com/jedisct1/dnscrypt-proxy#usage."
86	+}
87
88	diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-1.6.0-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-1.6.0-r1
89	new file mode 100644
90	index 0000000..5b1b28d
91	--- /dev/null
92	+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-1.6.0-r1
93	@@ -0,0 +1,13 @@
94	+DNSCRYPT_LOCALIP=127.0.0.1
95	+DNSCRYPT_LOCALPORT=53
96	+DNSCRYPT_USER=dnscrypt
97	+DNSCRYPT_OPTIONS="--ephemeral-keys"
98	+# Pick exactly ONE of the following sets:
99	+# option 1) selection from CSV file, uses the first column as the key
100	+DNSCRYPT_RESOLVER_NAME=cisco # Cisco OpenDNS
101	+DNSCRYPT_RESOLVERS_LIST=/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
102	+# option 2) manually specified parameters
103	+#DNSCRYPT_RESOLVERIP=203.0.133.53
104	+#DNSCRYPT_RESOLVERPORT=443
105	+#DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.example.com
106	+#DNSCRYPT_PROVIDER_KEY=1234:5678:90AB:CDEF:DEAD:BEEF:CAFE:BEA7:1234:5678:90AB:CDEF:DEAD:BEEF:CAFE:BEA7
107
108	diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-1.6.0-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-1.6.0-r1
109	new file mode 100644
110	index 0000000..e79f8f9
111	--- /dev/null
112	+++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-1.6.0-r1
113	@@ -0,0 +1,60 @@
114	+#!/sbin/runscript
115	+# Copyright 1999-2014 Gentoo Foundation
116	+# Distributed under the terms of the GNU General Public License v2
117	+# $Id$
118	+
119	+DNSCRYPT_LOGFILE=${DNSCRYPT_LOGFILE:-/var/log/dnscrypt-proxy.log}
120	+DNSCRYPT_RESOLVERS_LIST=${DNSCRYPT_RESOLVERS_LIST:-/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv}
121	+
122	+rundir=${rundir:-/var/run/dnscrypt-proxy}
123	+pidfile=${pidfile:-${rundir}/dnscrypt-proxy.pid}
124	+rundir=${rundir:-/var/run/dnscrypt-proxy}
125	+runas_user=${runas_user:-dnscrypt}
126	+runas_group=${runas_user:-dnscrypt}
127	+
128	+depend() {
129	+ use net
130	+ before dns
131	+ after logger
132	+}
133	+
134	+start() {
135	+ if [ ! -d "${rundir}" ]; then
136	+ mkdir "${rundir}"
137	+ if [ -n "${runas_user}" ]; then
138	+ touch "${DNSCRYPT_LOGFILE}"
139	+ chown ${runas_user}:${runas_group} "${DNSCRYPT_LOGFILE}"
140	+ chown -R ${runas_user}:${runas_group} "${rundir}"
141	+ fi
142	+ fi
143	+
144	+ if [ -n "$DNSCRYPT_RESOLVER_NAME" -a -n "$DNSCRYPT_RESOLVERIP" ]; then
145	+ eerror "You must set exactly one of DNSCRYPT_RESOLVER_NAME or DNSCRYPT_RESOLVERIP!"
146	+ return 1
147	+ elif [ -n "$DNSCRYPT_RESOLVER_NAME" ]; then
148	+ resolver_opts="--resolvers-list=${DNSCRYPT_RESOLVERS_LIST} --resolver-name=${DNSCRYPT_RESOLVER_NAME}"
149	+ elif [ -n "$DNSCRYPT_RESOLVERIP" ]; then
150	+ resolver_opts="--resolver-address=${DNSCRYPT_RESOLVERIP}:${DNSCRYPT_RESOLVERPORT} --provider-name=${DNSCRYPT_PROVIDER_NAME} --provider-key=${DNSCRYPT_PROVIDER_KEY}"
151	+ else
152	+ eerror "You must set exactly one of DNSCRYPT_RESOLVER_NAME or DNSCRYPT_RESOLVERIP!"
153	+ return 1
154	+ fi
155	+
156	+ ebegin "Starting dnscrypt-proxy"
157	+ start-stop-daemon --start --quiet \
158	+ --exec /usr/sbin/dnscrypt-proxy \
159	+ -- \
160	+ ${DNSCRYPT_OPTIONS} \
161	+ --pidfile="${pidfile}" \
162	+ --logfile="${DNSCRYPT_LOGFILE}" \
163	+ --daemonize --user=${runas_user} \
164	+ --local-address=${DNSCRYPT_LOCALIP}:${DNSCRYPT_LOCALPORT} \
165	+ $resolver_opts
166	+ eend $?
167	+}
168	+
169	+stop() {
170	+ ebegin "Stopping dnscrypt-proxy"
171	+ start-stop-daemon --stop --quiet --exec /usr/sbin/dnscrypt-proxy
172	+ eend $?
173	+}

Gentoo Archives: gentoo-commits