dns/dnscrypt-proxy2: Update to 2.0.10
Main changes in the port:
- Improve instructions for using dnscrypt-proxy2 together with unbound. [1]
- Add dnscrypt_proxy_suexec option for users who want to run the daemon as
root.
- Move the configuration file from ${PREFIX}/etc/dnscrypt-proxy.toml to
${PREFIX}/etc/dnscrypt-proxy/dnscrypt-proxy.toml, because by default
temporary files will use the path of the config file.
This fixes a permission issue when fetching the public resolvers list.
Changes: https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/2.0.10/ChangeLog
PR: 227129 [1]
Submitted by: egypcio@googlemail.com (maintainer)
Reported by: erik@nordstroem.no [1]
Differential Revision: https://reviews.freebsd.org/D15024
This commit is contained in:
Danilo G. Baio
parent
8594d78a0c
commit
b0c5358af0
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=467667
6 changed files with 60 additions and 27 deletions
8
UPDATING
8
UPDATING
|
|
@ -5,6 +5,14 @@ they are unavoidable.
|
|||
You should get into the habit of checking this file for changes each time
|
||||
you update your ports collection, before attempting any port upgrades.
|
||||
|
||||
20180417:
|
||||
AFFECTS: users of dns/dnscrypt-proxy2
|
||||
AUTHOR: egypcio@googlemail.com
|
||||
|
||||
DNSCrypt-Proxy 2 has been updated to 2.0.10 and the configuration file
|
||||
has changed from ${PREFIX}/etc/dnscrypt-proxy.toml to
|
||||
${PREFIX}/etc/dnscrypt-proxy/dnscrypt-proxy.toml.
|
||||
|
||||
20180416:
|
||||
AFFECTS: users of mail/postgrey
|
||||
AUTHOR: ports.maintainer@evilphi.com
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= dnscrypt-proxy
|
||||
PORTVERSION= 2.0.8
|
||||
CATEGORIES= dns security
|
||||
PORTVERSION= 2.0.10
|
||||
CATEGORIES= dns security ipv6
|
||||
PKGNAMESUFFIX= 2
|
||||
|
||||
MAINTAINER= egypcio@googlemail.com
|
||||
|
|
@ -22,6 +22,10 @@ GH_ACCOUNT= jedisct1
|
|||
USERS= _dnscrypt-proxy
|
||||
GROUPS= _dnscrypt-proxy
|
||||
|
||||
PLIST_SUB= USER="${USERS}" GROUP="${GROUPS}"
|
||||
SUB_LIST= USER="${USERS}" GROUP="${GROUPS}"
|
||||
SUB_FILES= pkg-message
|
||||
|
||||
PORTDOCS= README.*
|
||||
PORTEXAMPLES= example*
|
||||
|
||||
|
|
@ -36,7 +40,7 @@ do-build:
|
|||
go build -ldflags "-s -w" -o ${WRKDIR}/sbin/${PORTNAME}
|
||||
|
||||
do-install:
|
||||
${INSTALL_PROGRAM} ${WRKDIR}/sbin/${PORTNAME} ${STAGEDIR}${LOCALBASE}/sbin
|
||||
${INSTALL_PROGRAM} ${WRKDIR}/sbin/${PORTNAME} ${STAGEDIR}${PREFIX}/sbin
|
||||
|
||||
do-install-DOCS-on:
|
||||
${MKDIR} ${STAGEDIR}${DOCSDIR}
|
||||
|
|
@ -47,11 +51,13 @@ do-install-EXAMPLES-on:
|
|||
cd ${WRKSRC}/${PORTNAME} && ${INSTALL_DATA} ${PORTEXAMPLES} ${STAGEDIR}${EXAMPLESDIR}
|
||||
|
||||
post-install:
|
||||
# After install examples because of the priv drop issue with Go
|
||||
${MKDIR} ${STAGEDIR}${ETCDIR}
|
||||
# After 'install' examples because of the priv drop issue with Go.
|
||||
# Keeping original example files.
|
||||
@${REINPLACE_CMD} -e \
|
||||
"s#\['127.0.0.1:53', '\[::1\]:53'\]#\['127.0.0.1:5353'\]#" \
|
||||
${WRKSRC}/${PORTNAME}/example-${PORTNAME}.toml
|
||||
${INSTALL_DATA} ${WRKSRC}/${PORTNAME}/example-${PORTNAME}.toml \
|
||||
${STAGEDIR}${LOCALBASE}/etc/${PORTNAME}.toml.sample
|
||||
${STAGEDIR}${ETCDIR}/${PORTNAME}.toml.sample
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
TIMESTAMP = 1522496209
|
||||
SHA256 (jedisct1-dnscrypt-proxy-2.0.8_GH0.tar.gz) = a99fc2b055618b0578ebe1477769bf9dddff7daa653649bd73f4bcf650bc8d40
|
||||
SIZE (jedisct1-dnscrypt-proxy-2.0.8_GH0.tar.gz) = 750606
|
||||
TIMESTAMP = 1524007265
|
||||
SHA256 (jedisct1-dnscrypt-proxy-2.0.10_GH0.tar.gz) = ec5f68349833b4a501fedc0af3cdbdfd6df2644b3e3e1c43aa86c823ca5a3007
|
||||
SIZE (jedisct1-dnscrypt-proxy-2.0.10_GH0.tar.gz) = 2773118
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
#
|
||||
# PROVIDE: dnscrypt_proxy
|
||||
# REQUIRE: cleanvar SERVERS
|
||||
# BEFORE: dnsmasq local_unbound unbound named
|
||||
# BEFORE: dnsmasq local_unbound named nsmasq pdns unbound
|
||||
#
|
||||
# Options to configure dnscrypt-proxy via /etc/rc.conf:
|
||||
#
|
||||
|
|
@ -12,10 +12,13 @@
|
|||
# Default: NO
|
||||
#
|
||||
# dnscrypt_proxy_conf (str) Config file to use
|
||||
# Default: %%PREFIX%%/etc/dnscrypt-proxy.toml
|
||||
# Default: %%ETCDIR%%/dnscrypt-proxy.toml
|
||||
#
|
||||
# dnscrypt_proxy_suexec (bool) Run dnscrypt_proxy as root
|
||||
# Default: NO
|
||||
#
|
||||
# dnscrypt_proxy_uid (str) User to run dnscrypt_proxy as
|
||||
# Default: _dnscrypt-proxy
|
||||
# Default: %%USER%%
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
|
|
@ -26,9 +29,12 @@ procname="%%PREFIX%%/sbin/dnscrypt-proxy"
|
|||
|
||||
load_rc_config $name
|
||||
|
||||
: ${dnscrypt_proxy_enable:=NO}
|
||||
: ${dnscrypt_proxy_conf:=%%PREFIX%%/etc/dnscrypt-proxy.toml}
|
||||
: ${dnscrypt_proxy_uid:=_dnscrypt-proxy}
|
||||
: ${dnscrypt_proxy_enable:="NO"}
|
||||
: ${dnscrypt_proxy_conf:="%%ETCDIR%%/dnscrypt-proxy.toml"}
|
||||
: ${dnscrypt_proxy_suexec:="NO"}
|
||||
: ${dnscrypt_proxy_uid:="%%USER%%"}
|
||||
|
||||
checkyesno dnscrypt_proxy_suexec && dnscrypt_proxy_uid="root"
|
||||
|
||||
command="/usr/sbin/daemon"
|
||||
command_args="-p ${pidfile} -u ${dnscrypt_proxy_uid} -f ${procname} -config ${dnscrypt_proxy_conf}"
|
||||
|
|
|
|||
|
|
@ -1,11 +1,10 @@
|
|||
=====================================================================
|
||||
======================================================================
|
||||
Version 2 of dnscrypt-proxy is written in Go and therefore isn't capable
|
||||
of dropping privileges after binding to a low port on FreeBSD.
|
||||
|
||||
By default, the dnscrypt-proxy2 port will listen on (tcp/udp) port 5353
|
||||
as the _dnscrypt-proxy user.
|
||||
|
||||
It's possible to change back to port 53, but not recommended.
|
||||
By default, this port's daemon will listen on port 5353 (TCP/UDP) as the
|
||||
%%USER%% user. It's still possible to bind it and listen on port
|
||||
53 (TCP/UDP), but it's not recommended.
|
||||
|
||||
Below are a few examples on how to redirect local connections from port
|
||||
5353 to 53.
|
||||
|
|
@ -18,6 +17,7 @@ Below are a few examples on how to redirect local connections from port
|
|||
ipfw add nat 1 ip from any to 127.0.0.1 via lo0
|
||||
|
||||
/etc/rc.conf:
|
||||
firewall_enable="YES"
|
||||
firewall_nat_enable="YES"
|
||||
|
||||
/etc/sysctl.conf:
|
||||
|
|
@ -25,16 +25,28 @@ Below are a few examples on how to redirect local connections from port
|
|||
|
||||
[pf]
|
||||
|
||||
set skip on lo0
|
||||
rdr pass on lo0 proto { tcp udp } from any to port 53 -> 127.0.0.1 port 5353
|
||||
|
||||
/etc/rc.conf:
|
||||
pf_enable="YES"
|
||||
|
||||
[unbound]
|
||||
|
||||
server:
|
||||
interface: 127.0.0.1
|
||||
do-not-query-localhost: no
|
||||
/etc/rc.conf:
|
||||
local_unbound_enable="YES"
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: 127.0.0.1@5353
|
||||
/var/unbound/unbound.conf:
|
||||
server:
|
||||
interface: 127.0.0.1
|
||||
do-not-query-localhost: no
|
||||
|
||||
=====================================================================
|
||||
/var/unbound/forward.conf:
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: 127.0.0.1@5353
|
||||
|
||||
If you are using local_unbound, DNSSEC is enabled by default. You should
|
||||
comment the "auto-trust-anchor-file" line or change dnscrypt-proxy to use
|
||||
servers with DNSSEC support only.
|
||||
======================================================================
|
||||
|
|
@ -1,2 +1,3 @@
|
|||
@sample etc/dnscrypt-proxy.toml.sample
|
||||
@dir(%%USER%%,%%GROUP%%) etc/dnscrypt-proxy
|
||||
@sample %%ETCDIR%%/dnscrypt-proxy.toml.sample
|
||||
sbin/dnscrypt-proxy
|
||||
|
|
|
|||
Loading…
Reference in a new issue