svn commit: r467667 - in head: . dns/dnscrypt-proxy2 dns/dnscrypt-proxy2/files
Danilo G. Baio
dbaio at FreeBSD.org
Wed Apr 18 02:25:49 UTC 2018
Author: dbaio
Date: Wed Apr 18 02:25:48 2018
New Revision: 467667
URL: https://svnweb.freebsd.org/changeset/ports/467667
Log:
dns/dnscrypt-proxy2: Update to 2.0.10
Main changes in the port:
- Improve instructions for using dnscrypt-proxy2 together with unbound. [1]
- Add dnscrypt_proxy_suexec option for users who want to run the daemon as
root.
- Move the configuration file from ${PREFIX}/etc/dnscrypt-proxy.toml to
${PREFIX}/etc/dnscrypt-proxy/dnscrypt-proxy.toml, because by default
temporary files will use the path of the config file.
This fixes a permission issue when fetching the public resolvers list.
Changes: https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/2.0.10/ChangeLog
PR: 227129 [1]
Submitted by: egypcio at googlemail.com (maintainer)
Reported by: erik at nordstroem.no [1]
Differential Revision: https://reviews.freebsd.org/D15024
Added:
head/dns/dnscrypt-proxy2/files/pkg-message.in
- copied, changed from r467666, head/dns/dnscrypt-proxy2/pkg-message
Deleted:
head/dns/dnscrypt-proxy2/pkg-message
Modified:
head/UPDATING
head/dns/dnscrypt-proxy2/Makefile
head/dns/dnscrypt-proxy2/distinfo
head/dns/dnscrypt-proxy2/files/dnscrypt-proxy.in
head/dns/dnscrypt-proxy2/pkg-plist
Modified: head/UPDATING
==============================================================================
--- head/UPDATING Wed Apr 18 02:09:46 2018 (r467666)
+++ head/UPDATING Wed Apr 18 02:25:48 2018 (r467667)
@@ -5,6 +5,14 @@ they are unavoidable.
You should get into the habit of checking this file for changes each time
you update your ports collection, before attempting any port upgrades.
+20180417:
+ AFFECTS: users of dns/dnscrypt-proxy2
+ AUTHOR: egypcio at googlemail.com
+
+ DNSCrypt-Proxy 2 has been updated to 2.0.10 and the configuration file
+ has changed from ${PREFIX}/etc/dnscrypt-proxy.toml to
+ ${PREFIX}/etc/dnscrypt-proxy/dnscrypt-proxy.toml.
+
20180416:
AFFECTS: users of mail/postgrey
AUTHOR: ports.maintainer at evilphi.com
Modified: head/dns/dnscrypt-proxy2/Makefile
==============================================================================
--- head/dns/dnscrypt-proxy2/Makefile Wed Apr 18 02:09:46 2018 (r467666)
+++ head/dns/dnscrypt-proxy2/Makefile Wed Apr 18 02:25:48 2018 (r467667)
@@ -1,8 +1,8 @@
# $FreeBSD$
PORTNAME= dnscrypt-proxy
-PORTVERSION= 2.0.8
-CATEGORIES= dns security
+PORTVERSION= 2.0.10
+CATEGORIES= dns security ipv6
PKGNAMESUFFIX= 2
MAINTAINER= egypcio at googlemail.com
@@ -22,6 +22,10 @@ GH_ACCOUNT= jedisct1
USERS= _dnscrypt-proxy
GROUPS= _dnscrypt-proxy
+PLIST_SUB= USER="${USERS}" GROUP="${GROUPS}"
+SUB_LIST= USER="${USERS}" GROUP="${GROUPS}"
+SUB_FILES= pkg-message
+
PORTDOCS= README.*
PORTEXAMPLES= example*
@@ -36,7 +40,7 @@ do-build:
go build -ldflags "-s -w" -o ${WRKDIR}/sbin/${PORTNAME}
do-install:
- ${INSTALL_PROGRAM} ${WRKDIR}/sbin/${PORTNAME} ${STAGEDIR}${LOCALBASE}/sbin
+ ${INSTALL_PROGRAM} ${WRKDIR}/sbin/${PORTNAME} ${STAGEDIR}${PREFIX}/sbin
do-install-DOCS-on:
${MKDIR} ${STAGEDIR}${DOCSDIR}
@@ -47,11 +51,13 @@ do-install-EXAMPLES-on:
cd ${WRKSRC}/${PORTNAME} && ${INSTALL_DATA} ${PORTEXAMPLES} ${STAGEDIR}${EXAMPLESDIR}
post-install:
- # After install examples because of the priv drop issue with Go
+ ${MKDIR} ${STAGEDIR}${ETCDIR}
+ # After 'install' examples because of the priv drop issue with Go.
+ # Keeping original example files.
@${REINPLACE_CMD} -e \
"s#\['127.0.0.1:53', '\[::1\]:53'\]#\['127.0.0.1:5353'\]#" \
${WRKSRC}/${PORTNAME}/example-${PORTNAME}.toml
${INSTALL_DATA} ${WRKSRC}/${PORTNAME}/example-${PORTNAME}.toml \
- ${STAGEDIR}${LOCALBASE}/etc/${PORTNAME}.toml.sample
+ ${STAGEDIR}${ETCDIR}/${PORTNAME}.toml.sample
.include <bsd.port.mk>
Modified: head/dns/dnscrypt-proxy2/distinfo
==============================================================================
--- head/dns/dnscrypt-proxy2/distinfo Wed Apr 18 02:09:46 2018 (r467666)
+++ head/dns/dnscrypt-proxy2/distinfo Wed Apr 18 02:25:48 2018 (r467667)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1522496209
-SHA256 (jedisct1-dnscrypt-proxy-2.0.8_GH0.tar.gz) = a99fc2b055618b0578ebe1477769bf9dddff7daa653649bd73f4bcf650bc8d40
-SIZE (jedisct1-dnscrypt-proxy-2.0.8_GH0.tar.gz) = 750606
+TIMESTAMP = 1524007265
+SHA256 (jedisct1-dnscrypt-proxy-2.0.10_GH0.tar.gz) = ec5f68349833b4a501fedc0af3cdbdfd6df2644b3e3e1c43aa86c823ca5a3007
+SIZE (jedisct1-dnscrypt-proxy-2.0.10_GH0.tar.gz) = 2773118
Modified: head/dns/dnscrypt-proxy2/files/dnscrypt-proxy.in
==============================================================================
--- head/dns/dnscrypt-proxy2/files/dnscrypt-proxy.in Wed Apr 18 02:09:46 2018 (r467666)
+++ head/dns/dnscrypt-proxy2/files/dnscrypt-proxy.in Wed Apr 18 02:25:48 2018 (r467667)
@@ -4,7 +4,7 @@
#
# PROVIDE: dnscrypt_proxy
# REQUIRE: cleanvar SERVERS
-# BEFORE: dnsmasq local_unbound unbound named
+# BEFORE: dnsmasq local_unbound named nsmasq pdns unbound
#
# Options to configure dnscrypt-proxy via /etc/rc.conf:
#
@@ -12,10 +12,13 @@
# Default: NO
#
# dnscrypt_proxy_conf (str) Config file to use
-# Default: %%PREFIX%%/etc/dnscrypt-proxy.toml
+# Default: %%ETCDIR%%/dnscrypt-proxy.toml
#
+# dnscrypt_proxy_suexec (bool) Run dnscrypt_proxy as root
+# Default: NO
+#
# dnscrypt_proxy_uid (str) User to run dnscrypt_proxy as
-# Default: _dnscrypt-proxy
+# Default: %%USER%%
. /etc/rc.subr
@@ -26,9 +29,12 @@ procname="%%PREFIX%%/sbin/dnscrypt-proxy"
load_rc_config $name
-: ${dnscrypt_proxy_enable:=NO}
-: ${dnscrypt_proxy_conf:=%%PREFIX%%/etc/dnscrypt-proxy.toml}
-: ${dnscrypt_proxy_uid:=_dnscrypt-proxy}
+: ${dnscrypt_proxy_enable:="NO"}
+: ${dnscrypt_proxy_conf:="%%ETCDIR%%/dnscrypt-proxy.toml"}
+: ${dnscrypt_proxy_suexec:="NO"}
+: ${dnscrypt_proxy_uid:="%%USER%%"}
+
+checkyesno dnscrypt_proxy_suexec && dnscrypt_proxy_uid="root"
command="/usr/sbin/daemon"
command_args="-p ${pidfile} -u ${dnscrypt_proxy_uid} -f ${procname} -config ${dnscrypt_proxy_conf}"
Copied and modified: head/dns/dnscrypt-proxy2/files/pkg-message.in (from r467666, head/dns/dnscrypt-proxy2/pkg-message)
==============================================================================
--- head/dns/dnscrypt-proxy2/pkg-message Wed Apr 18 02:09:46 2018 (r467666, copy source)
+++ head/dns/dnscrypt-proxy2/files/pkg-message.in Wed Apr 18 02:25:48 2018 (r467667)
@@ -1,12 +1,11 @@
-=====================================================================
+======================================================================
Version 2 of dnscrypt-proxy is written in Go and therefore isn't capable
of dropping privileges after binding to a low port on FreeBSD.
-By default, the dnscrypt-proxy2 port will listen on (tcp/udp) port 5353
-as the _dnscrypt-proxy user.
+By default, this port's daemon will listen on port 5353 (TCP/UDP) as the
+%%USER%% user. It's still possible to bind it and listen on port
+53 (TCP/UDP), but it's not recommended.
-It's possible to change back to port 53, but not recommended.
-
Below are a few examples on how to redirect local connections from port
5353 to 53.
@@ -18,6 +17,7 @@ Below are a few examples on how to redirect local conn
ipfw add nat 1 ip from any to 127.0.0.1 via lo0
/etc/rc.conf:
+ firewall_enable="YES"
firewall_nat_enable="YES"
/etc/sysctl.conf:
@@ -25,16 +25,28 @@ Below are a few examples on how to redirect local conn
[pf]
+ set skip on lo0
rdr pass on lo0 proto { tcp udp } from any to port 53 -> 127.0.0.1 port 5353
+ /etc/rc.conf:
+ pf_enable="YES"
+
[unbound]
- server:
- interface: 127.0.0.1
- do-not-query-localhost: no
+ /etc/rc.conf:
+ local_unbound_enable="YES"
- forward-zone:
- name: "."
- forward-addr: 127.0.0.1 at 5353
+ /var/unbound/unbound.conf:
+ server:
+ interface: 127.0.0.1
+ do-not-query-localhost: no
-=====================================================================
+ /var/unbound/forward.conf:
+ forward-zone:
+ name: "."
+ forward-addr: 127.0.0.1 at 5353
+
+ If you are using local_unbound, DNSSEC is enabled by default. You should
+ comment the "auto-trust-anchor-file" line or change dnscrypt-proxy to use
+ servers with DNSSEC support only.
+======================================================================
Modified: head/dns/dnscrypt-proxy2/pkg-plist
==============================================================================
--- head/dns/dnscrypt-proxy2/pkg-plist Wed Apr 18 02:09:46 2018 (r467666)
+++ head/dns/dnscrypt-proxy2/pkg-plist Wed Apr 18 02:25:48 2018 (r467667)
@@ -1,2 +1,3 @@
- at sample etc/dnscrypt-proxy.toml.sample
+ at dir(%%USER%%,%%GROUP%%) etc/dnscrypt-proxy
+ at sample %%ETCDIR%%/dnscrypt-proxy.toml.sample
sbin/dnscrypt-proxy
More information about the svn-ports-all
mailing list