From owner-svn-ports-head@freebsd.org Sun Mar 25 14:46:19 2018 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 09044F4CAD3; Sun, 25 Mar 2018 14:46:19 +0000 (UTC) (envelope-from dbaio@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A9A9468482; Sun, 25 Mar 2018 14:46:18 +0000 (UTC) (envelope-from dbaio@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9EEBE1F725; Sun, 25 Mar 2018 14:46:18 +0000 (UTC) (envelope-from dbaio@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w2PEkIWq096505; Sun, 25 Mar 2018 14:46:18 GMT (envelope-from dbaio@FreeBSD.org) Received: (from dbaio@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w2PEkHTC096497; Sun, 25 Mar 2018 14:46:17 GMT (envelope-from dbaio@FreeBSD.org) Message-Id: <201803251446.w2PEkHTC096497@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dbaio set sender to dbaio@FreeBSD.org using -f From: "Danilo G. Baio" Date: Sun, 25 Mar 2018 14:46:17 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r465521 - in head/dns: . dnscrypt-proxy dnscrypt-proxy2 dnscrypt-proxy2/files X-SVN-Group: ports-head X-SVN-Commit-Author: dbaio X-SVN-Commit-Paths: in head/dns: . dnscrypt-proxy dnscrypt-proxy2 dnscrypt-proxy2/files X-SVN-Commit-Revision: 465521 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Mar 2018 14:46:19 -0000 Author: dbaio Date: Sun Mar 25 14:46:17 2018 New Revision: 465521 URL: https://svnweb.freebsd.org/changeset/ports/465521 Log: Add dns/dnscrypt-proxy2: Flexible DNS proxy with support for encrypted protocols A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP/2. WWW: https://github.com/jedisct1/dnscrypt-proxy Without a repocopy because it's a new port, rewritten from scratch. PR: 225821 Submitted by: Vinícius Zavam Differential Revision: https://reviews.freebsd.org/D14319 Added: head/dns/dnscrypt-proxy2/ head/dns/dnscrypt-proxy2/Makefile (contents, props changed) head/dns/dnscrypt-proxy2/distinfo (contents, props changed) head/dns/dnscrypt-proxy2/files/ head/dns/dnscrypt-proxy2/files/dnscrypt-proxy.in (contents, props changed) head/dns/dnscrypt-proxy2/pkg-descr (contents, props changed) head/dns/dnscrypt-proxy2/pkg-message (contents, props changed) head/dns/dnscrypt-proxy2/pkg-plist (contents, props changed) Modified: head/dns/Makefile head/dns/dnscrypt-proxy/Makefile Modified: head/dns/Makefile ============================================================================== --- head/dns/Makefile Sun Mar 25 14:42:13 2018 (r465520) +++ head/dns/Makefile Sun Mar 25 14:46:17 2018 (r465521) @@ -37,6 +37,7 @@ SUBDIR += dnscheck SUBDIR += dnscheckengine SUBDIR += dnscrypt-proxy + SUBDIR += dnscrypt-proxy2 SUBDIR += dnscrypt-wrapper SUBDIR += dnsdbck SUBDIR += dnsdbq Modified: head/dns/dnscrypt-proxy/Makefile ============================================================================== --- head/dns/dnscrypt-proxy/Makefile Sun Mar 25 14:42:13 2018 (r465520) +++ head/dns/dnscrypt-proxy/Makefile Sun Mar 25 14:46:17 2018 (r465521) @@ -13,19 +13,24 @@ COMMENT= Boost privacy and security of DNS LICENSE= MIT LICENSE_FILE= ${WRKSRC}/COPYING +DEPRECATED= Deprecated by upstream, use dns/dnscrypt-proxy2 instead +EXPIRATION_DATE= 2018-09-25 BROKEN_powerpc64= fails to compile: fpst.c: error: redefinition of typedef 'FPST' LIB_DEPENDS= libsodium.so:security/libsodium +USES= gmake + USERS= _dnscrypt-proxy GROUPS= _dnscrypt-proxy GNU_CONFIGURE= yes -USES= gmake INSTALL_TARGET= install-strip PORTDOCS= AUTHORS ChangeLog INSTALL NEWS README* THANKS + +CONFLICTS_INSTALL= dnscrypt-proxy2 OPTIONS_DEFINE= DOCS PLUGINS PLUGINS_RELAXED PLUGINS_ROOT OPTIONS_SINGLE= RCWHICH Added: head/dns/dnscrypt-proxy2/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnscrypt-proxy2/Makefile Sun Mar 25 14:46:17 2018 (r465521) @@ -0,0 +1,57 @@ +# $FreeBSD$ + +PORTNAME= dnscrypt-proxy +PORTVERSION= 2.0.7 +CATEGORIES= dns security +PKGNAMESUFFIX= 2 + +MAINTAINER= egypcio@googlemail.com +COMMENT= Flexible DNS proxy with support for encrypted protocols + +LICENSE= ISCL +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= go:lang/go +RUN_DEPENDS= ca_root_nss>=3.35:security/ca_root_nss + +USE_RC_SUBR= ${PORTNAME} + +USE_GITHUB= yes +GH_ACCOUNT= jedisct1 + +USERS= _dnscrypt-proxy +GROUPS= _dnscrypt-proxy + +PORTDOCS= ${WRKSRC}/README.* +PORTEXAMPLES= ${WRKSRC}/${PORTNAME}/example* + +CONFLICTS_INSTALL= dnscrypt-proxy + +OPTIONS_DEFINE= DOCS EXAMPLES + +do-build: + ${RLN} ${WRKSRC}/vendor ${WRKSRC}/src + cd ${WRKSRC}/${PORTNAME} && \ + ${SETENV} ${MAKE_ENV} ${BUILD_ENV} GOPATH=${WRKSRC} \ + go build -ldflags "-s -w" -o ${WRKDIR}/sbin/${PORTNAME} + +do-install: + ${INSTALL_PROGRAM} ${WRKDIR}/sbin/${PORTNAME} ${STAGEDIR}${LOCALBASE}/sbin + +do-install-DOCS-on: + ${MKDIR} ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR} + +do-install-EXAMPLES-on: + ${MKDIR} ${STAGEDIR}${EXAMPLESDIR} + ${INSTALL_DATA} ${PORTEXAMPLES} ${STAGEDIR}${EXAMPLESDIR} + +post-install: + # After install examples because of the priv drop issue with Go + @${REINPLACE_CMD} -e \ + "s#\['127.0.0.1:53', '\[::1\]:53'\]#\['127.0.0.1:5353'\]#" \ + ${WRKSRC}/${PORTNAME}/example-${PORTNAME}.toml + ${INSTALL_DATA} ${WRKSRC}/${PORTNAME}/example-${PORTNAME}.toml \ + ${STAGEDIR}${LOCALBASE}/etc/${PORTNAME}.toml.sample + +.include Added: head/dns/dnscrypt-proxy2/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnscrypt-proxy2/distinfo Sun Mar 25 14:46:17 2018 (r465521) @@ -0,0 +1,3 @@ +TIMESTAMP = 1521930002 +SHA256 (jedisct1-dnscrypt-proxy-2.0.7_GH0.tar.gz) = 7278f592217e89e3650d6b70dbd7103cb1a7c7d87bfc38c361664d522e053b5b +SIZE (jedisct1-dnscrypt-proxy-2.0.7_GH0.tar.gz) = 746018 Added: head/dns/dnscrypt-proxy2/files/dnscrypt-proxy.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnscrypt-proxy2/files/dnscrypt-proxy.in Sun Mar 25 14:46:17 2018 (r465521) @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# PROVIDE: dnscrypt_proxy +# REQUIRE: cleanvar SERVERS +# BEFORE: dnsmasq local_unbound unbound named +# +# These are some lines to configure dnscrypt-proxy on /etc/rc.conf: +# +# dnscrypt_proxy_enable (bool): Enable service on boot. Default: NO +# dnscrypt_proxy_conf (str): Config file to use. Default: %%PREFIX%%/etc/dnscrypt-proxy.toml +# dnscrypt_proxy_uid (str): Set to "_dnscrypt-proxy" by default. +# + +. /etc/rc.subr + +name="dnscrypt_proxy" +rcvar="dnscrypt_proxy_enable" +pidfile="/var/run/dnscrypt-proxy.pid" +procname="%%PREFIX%%/sbin/dnscrypt-proxy" + +load_rc_config $name + +: ${dnscrypt_proxy_enable:=NO} +: ${dnscrypt_proxy_conf:=%%PREFIX%%/etc/dnscrypt-proxy.toml} +: ${dnscrypt_proxy_uid:=_dnscrypt-proxy} + +command="/usr/sbin/daemon" +command_args="-p ${pidfile} -u ${dnscrypt_proxy_uid} -f ${procname} -config ${dnscrypt_proxy_conf}" + +run_rc_command "$1" Added: head/dns/dnscrypt-proxy2/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnscrypt-proxy2/pkg-descr Sun Mar 25 14:46:17 2018 (r465521) @@ -0,0 +1,4 @@ +A flexible DNS proxy, with support for modern encrypted DNS protocols such as +DNSCrypt v2 and DNS-over-HTTP/2. + +WWW: https://github.com/jedisct1/dnscrypt-proxy Added: head/dns/dnscrypt-proxy2/pkg-message ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnscrypt-proxy2/pkg-message Sun Mar 25 14:46:17 2018 (r465521) @@ -0,0 +1,46 @@ +===================================================================== +Version 2 of dnscrypt-proxy is written in Go and in FreeBSD it's +not capable to drop root privileges after binding a low port (53), +Go issue [1][2]. + +For default dnscrypt-proxy2 is listening in port 5353 using username +_dnscrypt-proxy. + +You can change your rc.conf/config to use port 53 and root but it's +not recommended. + +It's needed some tweaks to use dnscrypt-proxy2 on port 5353 on your +machine, some examples below to redirect localhost port 53 to 5353: + +[ipfw] + + ipfw nat 1 config if lo0 reset same_ports \ + redirect_port tcp 127.0.0.1:5353 53 \ + redirect_port udp 127.0.0.1:5353 53 + ipfw add nat 1 ip from any to 127.0.0.1 via lo0 + + /etc/rc.conf: + firewall_nat_enable="YES" + + /etc/sysctl.conf: + net.inet.ip.fw.one_pass=0 + +[pf] + + rdr pass on lo0 proto { tcp udp } from any to port 53 -> 127.0.0.1 port 5353 + +[unbound] + + server: + interface: 127.0.0.1 + do-not-query-localhost: no + hide-identity: yes + hide-version: yes + + forward-zone: + name: "." + forward-addr: 127.0.0.1@5353 + +[1] - https://github.com/jedisct1/dnscrypt-proxy/issues/199 +[2] - https://github.com/golang/go/issues/13838 +===================================================================== Added: head/dns/dnscrypt-proxy2/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnscrypt-proxy2/pkg-plist Sun Mar 25 14:46:17 2018 (r465521) @@ -0,0 +1,7 @@ +@sample etc/dnscrypt-proxy.toml.sample +%%PORTDOCS%%%%DOCSDIR%%/README.md +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/example-blacklist.txt +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/example-cloaking-rules.txt +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/example-dnscrypt-proxy.toml +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/example-forwarding-rules.txt +sbin/dnscrypt-proxy