New Port: dns/dnscrypt-wrapper
This is a port of dnscrypt-wrapper, which adds dnscrypt support to any name resolver. It is the server-side counterpart of dnscrypt-proxy, and is in fact derived from its source. PR: 200015 Submitted by: freebsd@toyingwithfate.com Approved by: feld (mentor) Differential Revision: https://reviews.freebsd.org/D3535
This commit is contained in:
Jason Unovitch
parent
8156e93505
commit
c017caeb38
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=395912
7 changed files with 152 additions and 0 deletions
1
UIDs
1
UIDs
|
|
@ -226,6 +226,7 @@ riak:*:667:667::0:0:Riak user:/usr/local/lib/riak:/bin/sh
|
|||
bnetd:*:700:700::0:0:Bnetd user:/nonexistent:/usr/sbin/nologin
|
||||
fastnetmon:*:701:701::0:0:FastNetMon user:/nonexistent:/usr/sbin/nologin
|
||||
bopm:*:717:717::0:0:Blitzed Open Proxy Monitor:/nonexistent:/bin/sh
|
||||
_dnscrypt-wrapper:*:718:65534::0:0:dnscrypt-wrapper user:/var/empty:/usr/sbin/nologin
|
||||
openxpki:*:777:777::0:0:OpenXPKI Owner:/nonexistent:/usr/sbin/nologin
|
||||
zetacoin:*:780:780::0:0:ZetaCoin Daemon:/nonexistent:/usr/sbin/nologin
|
||||
foreman_proxy:*:812:812::0:0:Foreman Smart Proxy:/usr/local/share/foreman-proxy:/usr/sbin/nologin
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@
|
|||
SUBDIR += dnscheck
|
||||
SUBDIR += dnscheckengine
|
||||
SUBDIR += dnscrypt-proxy
|
||||
SUBDIR += dnscrypt-wrapper
|
||||
SUBDIR += dnsdbck
|
||||
SUBDIR += dnsdist
|
||||
SUBDIR += dnsflood
|
||||
|
|
|
|||
32
dns/dnscrypt-wrapper/Makefile
Normal file
32
dns/dnscrypt-wrapper/Makefile
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= dnscrypt-wrapper
|
||||
PORTVERSION= 0.2
|
||||
CATEGORIES= dns
|
||||
|
||||
MAINTAINER= freebsd@toyingwithfate.com
|
||||
COMMENT= Adds dnscrypt support to any name resolver
|
||||
|
||||
LICENSE= GPLv2
|
||||
LICENSE_FILE= ${WRKSRC}/COPYING
|
||||
|
||||
LIB_DEPENDS= libsodium.so:${PORTSDIR}/security/libsodium \
|
||||
libevent.so:${PORTSDIR}/devel/libevent2
|
||||
|
||||
USE_GITHUB= yes
|
||||
GH_ACCOUNT= Cofyc
|
||||
GH_TAGNAME= v${PORTVERSION}
|
||||
|
||||
USERS= _dnscrypt-wrapper
|
||||
ETCDNSCRYPTWRAPPER= ${PREFIX}/etc/${PORTNAME}
|
||||
SUB_LIST+= ETCDNSCRYPTWRAPPER="${ETCDNSCRYPTWRAPPER}" USERS="${USERS}"
|
||||
USE_RC_SUBR= ${PORTNAME}
|
||||
|
||||
USES= gmake
|
||||
MAKE_ARGS= LDFLAGS="-L${LOCALBASE}/lib" CFLAGS="-I${LOCALBASE}/include" PREFIX="${STAGEDIR}${PREFIX}"
|
||||
|
||||
post-install:
|
||||
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/*
|
||||
${MKDIR} ${STAGEDIR}${ETCDNSCRYPTWRAPPER}
|
||||
|
||||
.include <bsd.port.mk>
|
||||
2
dns/dnscrypt-wrapper/distinfo
Normal file
2
dns/dnscrypt-wrapper/distinfo
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
SHA256 (Cofyc-dnscrypt-wrapper-0.2-v0.2_GH0.tar.gz) = 36612c5eb440658a27619ae6e345582e6e3be7a40e9215ea82ac6f65c15de95f
|
||||
SIZE (Cofyc-dnscrypt-wrapper-0.2-v0.2_GH0.tar.gz) = 50925
|
||||
109
dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in
Normal file
109
dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in
Normal file
|
|
@ -0,0 +1,109 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
# PROVIDE: dnscrypt_wrapper
|
||||
# REQUIRE: LOGIN
|
||||
# KEYWORD: shutdown
|
||||
|
||||
# Add the following lines to /etc/rc.conf to enable dnscrypt-wrapper:
|
||||
#
|
||||
# dnscrypt_wrapper_enable (bool): Set to "NO" by default.
|
||||
# Set it to "YES" to enable dnscrypt_wrapper.
|
||||
# dnscrypt_wrapper_uid (str): Set to "%%USERS%%" by default.
|
||||
# User to switch to after starting.
|
||||
# dnscrypt_wrapper_pidfile (str): Set to "/var/run/dnscrypt-wrapper.pid" by default.
|
||||
# Path of the pid file.
|
||||
# dnscrypt_wrapper_logfile (str): Set to "/var/log/dnscrypt-wrapper.log" by default.
|
||||
# Path of the log file.
|
||||
# dnscrypt_wrapper_resolver (str): Set to "127.0.0.1:53" by default.
|
||||
# <address:port> to reach the upstream DNS resolver at.
|
||||
# dnscrypt_wrapper_listen (str): Set to "0.0.0.0:54" by default.
|
||||
# <address:port> to listen on.
|
||||
# dnscrypt_wrapper_crypt_secretkey_file (str): Set to "%%ETCDNSCRYPTWRAPPER%%/crypt_secret.key" by default.
|
||||
# Path of the secret crypt key.
|
||||
# dnscrypt_wrapper_provider_cert_file (str): Set to "%%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert" by default.
|
||||
# Path of the pre-signed certificate.
|
||||
# dnscrypt_wrapper_provider_name (str): Set to "2.dnscrypt-cert.`/bin/hostname`" by default.
|
||||
# Provider name.
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name=dnscrypt_wrapper
|
||||
rcvar=dnscrypt_wrapper_enable
|
||||
|
||||
# read configuration and set defaults
|
||||
load_rc_config ${name}
|
||||
: ${dnscrypt_wrapper_enable:=NO}
|
||||
: ${dnscrypt_wrapper_uid=%%USERS%%}
|
||||
: ${dnscrypt_wrapper_pidfile=/var/run/dnscrypt-wrapper.pid}
|
||||
: ${dnscrypt_wrapper_logfile=/var/log/dnscrypt-wrapper.log}
|
||||
: ${dnscrypt_wrapper_resolver=127.0.0.1:53}
|
||||
: ${dnscrypt_wrapper_listen=0.0.0.0:54}
|
||||
: ${dnscrypt_wrapper_crypt_secretkey_file=%%ETCDNSCRYPTWRAPPER%%/crypt_secret.key}
|
||||
: ${dnscrypt_wrapper_provider_cert_file=%%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert}
|
||||
: ${dnscrypt_wrapper_provider_name=2.dnscrypt-cert.`/bin/hostname`}
|
||||
|
||||
command=%%PREFIX%%/sbin/dnscrypt-wrapper
|
||||
extra_commands="checks check_name keygen"
|
||||
start_precmd="${name}_checks"
|
||||
command_args="-a ${dnscrypt_wrapper_listen} -r ${dnscrypt_wrapper_resolver} -u ${dnscrypt_wrapper_uid} -d -p ${dnscrypt_wrapper_pidfile} -l ${dnscrypt_wrapper_logfile} --crypt-secretkey-file=${dnscrypt_wrapper_crypt_secretkey_file} --provider-cert-file=${dnscrypt_wrapper_provider_cert_file} --provider-name=${dnscrypt_wrapper_provider_name} -V"
|
||||
procname=%%PREFIX%%/sbin/dnscrypt-wrapper
|
||||
pidfile=${dnscrypt_wrapper_pidfile}
|
||||
|
||||
dnscrypt_wrapper_check_name()
|
||||
{
|
||||
if [ -z "${dnscrypt_wrapper_provider_name}" ]; then
|
||||
err 1 '${dnscrypt_wrapper_provider_name} must be set in /etc/rc.conf'
|
||||
fi
|
||||
}
|
||||
|
||||
dnscrypt_wrapper_keygen()
|
||||
{
|
||||
if [ -f %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key -a \
|
||||
-f %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert ]; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
cd %%ETCDNSCRYPTWRAPPER%%/
|
||||
umask 077
|
||||
|
||||
# Can't do anything if dnscrypt-wrapper is not installed
|
||||
[ -x %%PREFIX%%/sbin/dnscrypt-wrapper ] ||
|
||||
err 1 "%%PREFIX%%/sbin/dnscrypt-wrapper does not exist."
|
||||
|
||||
if [ -f %%ETCDNSCRYPTWRAPPER%%/public.key -a \
|
||||
-f %%ETCDNSCRYPTWRAPPER%%/secret.key ]; then
|
||||
echo "You already have a provider keypair in:"
|
||||
echo " %%ETCDNSCRYPTWRAPPER%%/public.key and %%ETCDNSCRYPTWRAPPER%%/secret.key"
|
||||
echo "Skipping provider keypair generation."
|
||||
else
|
||||
%%PREFIX%%/sbin/dnscrypt-wrapper --gen-provider-keypair
|
||||
fi
|
||||
|
||||
if [ -f %%ETCDNSCRYPTWRAPPER%%/crypt_public.key -a \
|
||||
-f %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key ]; then
|
||||
echo "You already have a crypt keypair in:"
|
||||
echo " %%ETCDNSCRYPTWRAPPER%%/crypt_public.key and %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key"
|
||||
echo "Skipping crypt keypair generation."
|
||||
else
|
||||
%%PREFIX%%/sbin/dnscrypt-wrapper --gen-crypt-keypair
|
||||
fi
|
||||
|
||||
if [ -f %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert ]; then
|
||||
echo "You already have a pre-signed certificate in:"
|
||||
echo " %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert"
|
||||
echo "Skipping pre-signed certificate generation."
|
||||
else
|
||||
%%PREFIX%%/sbin/dnscrypt-wrapper --crypt-secretkey-file %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key --provider-publickey-file=%%ETCDNSCRYPTWRAPPER%%/public.key --provider-secretkey-file=%%ETCDNSCRYPTWRAPPER%%/secret.key --gen-cert-file
|
||||
fi
|
||||
}
|
||||
|
||||
dnscrypt_wrapper_checks()
|
||||
{
|
||||
dnscrypt_wrapper_check_name
|
||||
dnscrypt_wrapper_keygen
|
||||
}
|
||||
|
||||
run_rc_command "$1"
|
||||
5
dns/dnscrypt-wrapper/pkg-descr
Normal file
5
dns/dnscrypt-wrapper/pkg-descr
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
This is a port of dnscrypt-wrapper, which adds dnscrypt support to any name
|
||||
resolver. It is the server-side counterpart of dnscrypt-proxy, and is in fact
|
||||
derived from its source.
|
||||
|
||||
WWW: https://github.com/Cofyc/dnscrypt-wrapper/
|
||||
2
dns/dnscrypt-wrapper/pkg-plist
Normal file
2
dns/dnscrypt-wrapper/pkg-plist
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
sbin/dnscrypt-wrapper
|
||||
@dir etc/dnscrypt-wrapper
|
||||
Loading…
Reference in a new issue