Date: Wed, 18 Apr 2018 02:25:48 +0000 (UTC) From: "Danilo G. Baio" <dbaio@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r467667 - in head: . dns/dnscrypt-proxy2 dns/dnscrypt-proxy2/files Message-ID: <201804180225.w3I2PmX9033490@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dbaio Date: Wed Apr 18 02:25:48 2018 New Revision: 467667 URL: https://svnweb.freebsd.org/changeset/ports/467667 Log: dns/dnscrypt-proxy2: Update to 2.0.10 Main changes in the port: - Improve instructions for using dnscrypt-proxy2 together with unbound. [1] - Add dnscrypt_proxy_suexec option for users who want to run the daemon as root. - Move the configuration file from ${PREFIX}/etc/dnscrypt-proxy.toml to ${PREFIX}/etc/dnscrypt-proxy/dnscrypt-proxy.toml, because by default temporary files will use the path of the config file. This fixes a permission issue when fetching the public resolvers list. Changes: https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/2.0.10/ChangeLog PR: 227129 [1] Submitted by: egypcio@googlemail.com (maintainer) Reported by: erik@nordstroem.no [1] Differential Revision: https://reviews.freebsd.org/D15024 Added: head/dns/dnscrypt-proxy2/files/pkg-message.in - copied, changed from r467666, head/dns/dnscrypt-proxy2/pkg-message Deleted: head/dns/dnscrypt-proxy2/pkg-message Modified: head/UPDATING head/dns/dnscrypt-proxy2/Makefile head/dns/dnscrypt-proxy2/distinfo head/dns/dnscrypt-proxy2/files/dnscrypt-proxy.in head/dns/dnscrypt-proxy2/pkg-plist Modified: head/UPDATING ============================================================================== --- head/UPDATING Wed Apr 18 02:09:46 2018 (r467666) +++ head/UPDATING Wed Apr 18 02:25:48 2018 (r467667) @@ -5,6 +5,14 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20180417: + AFFECTS: users of dns/dnscrypt-proxy2 + AUTHOR: egypcio@googlemail.com + + DNSCrypt-Proxy 2 has been updated to 2.0.10 and the configuration file + has changed from ${PREFIX}/etc/dnscrypt-proxy.toml to + ${PREFIX}/etc/dnscrypt-proxy/dnscrypt-proxy.toml. + 20180416: AFFECTS: users of mail/postgrey AUTHOR: ports.maintainer@evilphi.com Modified: head/dns/dnscrypt-proxy2/Makefile ============================================================================== --- head/dns/dnscrypt-proxy2/Makefile Wed Apr 18 02:09:46 2018 (r467666) +++ head/dns/dnscrypt-proxy2/Makefile Wed Apr 18 02:25:48 2018 (r467667) @@ -1,8 +1,8 @@ # $FreeBSD$ PORTNAME= dnscrypt-proxy -PORTVERSION= 2.0.8 -CATEGORIES= dns security +PORTVERSION= 2.0.10 +CATEGORIES= dns security ipv6 PKGNAMESUFFIX= 2 MAINTAINER= egypcio@googlemail.com @@ -22,6 +22,10 @@ GH_ACCOUNT= jedisct1 USERS= _dnscrypt-proxy GROUPS= _dnscrypt-proxy +PLIST_SUB= USER="${USERS}" GROUP="${GROUPS}" +SUB_LIST= USER="${USERS}" GROUP="${GROUPS}" +SUB_FILES= pkg-message + PORTDOCS= README.* PORTEXAMPLES= example* @@ -36,7 +40,7 @@ do-build: go build -ldflags "-s -w" -o ${WRKDIR}/sbin/${PORTNAME} do-install: - ${INSTALL_PROGRAM} ${WRKDIR}/sbin/${PORTNAME} ${STAGEDIR}${LOCALBASE}/sbin + ${INSTALL_PROGRAM} ${WRKDIR}/sbin/${PORTNAME} ${STAGEDIR}${PREFIX}/sbin do-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR} @@ -47,11 +51,13 @@ do-install-EXAMPLES-on: cd ${WRKSRC}/${PORTNAME} && ${INSTALL_DATA} ${PORTEXAMPLES} ${STAGEDIR}${EXAMPLESDIR} post-install: - # After install examples because of the priv drop issue with Go + ${MKDIR} ${STAGEDIR}${ETCDIR} + # After 'install' examples because of the priv drop issue with Go. + # Keeping original example files. @${REINPLACE_CMD} -e \ "s#\['127.0.0.1:53', '\[::1\]:53'\]#\['127.0.0.1:5353'\]#" \ ${WRKSRC}/${PORTNAME}/example-${PORTNAME}.toml ${INSTALL_DATA} ${WRKSRC}/${PORTNAME}/example-${PORTNAME}.toml \ - ${STAGEDIR}${LOCALBASE}/etc/${PORTNAME}.toml.sample + ${STAGEDIR}${ETCDIR}/${PORTNAME}.toml.sample .include <bsd.port.mk> Modified: head/dns/dnscrypt-proxy2/distinfo ============================================================================== --- head/dns/dnscrypt-proxy2/distinfo Wed Apr 18 02:09:46 2018 (r467666) +++ head/dns/dnscrypt-proxy2/distinfo Wed Apr 18 02:25:48 2018 (r467667) @@ -1,3 +1,3 @@ -TIMESTAMP = 1522496209 -SHA256 (jedisct1-dnscrypt-proxy-2.0.8_GH0.tar.gz) = a99fc2b055618b0578ebe1477769bf9dddff7daa653649bd73f4bcf650bc8d40 -SIZE (jedisct1-dnscrypt-proxy-2.0.8_GH0.tar.gz) = 750606 +TIMESTAMP = 1524007265 +SHA256 (jedisct1-dnscrypt-proxy-2.0.10_GH0.tar.gz) = ec5f68349833b4a501fedc0af3cdbdfd6df2644b3e3e1c43aa86c823ca5a3007 +SIZE (jedisct1-dnscrypt-proxy-2.0.10_GH0.tar.gz) = 2773118 Modified: head/dns/dnscrypt-proxy2/files/dnscrypt-proxy.in ============================================================================== --- head/dns/dnscrypt-proxy2/files/dnscrypt-proxy.in Wed Apr 18 02:09:46 2018 (r467666) +++ head/dns/dnscrypt-proxy2/files/dnscrypt-proxy.in Wed Apr 18 02:25:48 2018 (r467667) @@ -4,7 +4,7 @@ # # PROVIDE: dnscrypt_proxy # REQUIRE: cleanvar SERVERS -# BEFORE: dnsmasq local_unbound unbound named +# BEFORE: dnsmasq local_unbound named nsmasq pdns unbound # # Options to configure dnscrypt-proxy via /etc/rc.conf: # @@ -12,10 +12,13 @@ # Default: NO # # dnscrypt_proxy_conf (str) Config file to use -# Default: %%PREFIX%%/etc/dnscrypt-proxy.toml +# Default: %%ETCDIR%%/dnscrypt-proxy.toml # +# dnscrypt_proxy_suexec (bool) Run dnscrypt_proxy as root +# Default: NO +# # dnscrypt_proxy_uid (str) User to run dnscrypt_proxy as -# Default: _dnscrypt-proxy +# Default: %%USER%% . /etc/rc.subr @@ -26,9 +29,12 @@ procname="%%PREFIX%%/sbin/dnscrypt-proxy" load_rc_config $name -: ${dnscrypt_proxy_enable:=NO} -: ${dnscrypt_proxy_conf:=%%PREFIX%%/etc/dnscrypt-proxy.toml} -: ${dnscrypt_proxy_uid:=_dnscrypt-proxy} +: ${dnscrypt_proxy_enable:="NO"} +: ${dnscrypt_proxy_conf:="%%ETCDIR%%/dnscrypt-proxy.toml"} +: ${dnscrypt_proxy_suexec:="NO"} +: ${dnscrypt_proxy_uid:="%%USER%%"} + +checkyesno dnscrypt_proxy_suexec && dnscrypt_proxy_uid="root" command="/usr/sbin/daemon" command_args="-p ${pidfile} -u ${dnscrypt_proxy_uid} -f ${procname} -config ${dnscrypt_proxy_conf}" Copied and modified: head/dns/dnscrypt-proxy2/files/pkg-message.in (from r467666, head/dns/dnscrypt-proxy2/pkg-message) ============================================================================== --- head/dns/dnscrypt-proxy2/pkg-message Wed Apr 18 02:09:46 2018 (r467666, copy source) +++ head/dns/dnscrypt-proxy2/files/pkg-message.in Wed Apr 18 02:25:48 2018 (r467667) @@ -1,12 +1,11 @@ -===================================================================== +====================================================================== Version 2 of dnscrypt-proxy is written in Go and therefore isn't capable of dropping privileges after binding to a low port on FreeBSD. -By default, the dnscrypt-proxy2 port will listen on (tcp/udp) port 5353 -as the _dnscrypt-proxy user. +By default, this port's daemon will listen on port 5353 (TCP/UDP) as the +%%USER%% user. It's still possible to bind it and listen on port +53 (TCP/UDP), but it's not recommended. -It's possible to change back to port 53, but not recommended. - Below are a few examples on how to redirect local connections from port 5353 to 53. @@ -18,6 +17,7 @@ Below are a few examples on how to redirect local conn ipfw add nat 1 ip from any to 127.0.0.1 via lo0 /etc/rc.conf: + firewall_enable="YES" firewall_nat_enable="YES" /etc/sysctl.conf: @@ -25,16 +25,28 @@ Below are a few examples on how to redirect local conn [pf] + set skip on lo0 rdr pass on lo0 proto { tcp udp } from any to port 53 -> 127.0.0.1 port 5353 + /etc/rc.conf: + pf_enable="YES" + [unbound] - server: - interface: 127.0.0.1 - do-not-query-localhost: no + /etc/rc.conf: + local_unbound_enable="YES" - forward-zone: - name: "." - forward-addr: 127.0.0.1@5353 + /var/unbound/unbound.conf: + server: + interface: 127.0.0.1 + do-not-query-localhost: no -===================================================================== + /var/unbound/forward.conf: + forward-zone: + name: "." + forward-addr: 127.0.0.1@5353 + + If you are using local_unbound, DNSSEC is enabled by default. You should + comment the "auto-trust-anchor-file" line or change dnscrypt-proxy to use + servers with DNSSEC support only. +====================================================================== Modified: head/dns/dnscrypt-proxy2/pkg-plist ============================================================================== --- head/dns/dnscrypt-proxy2/pkg-plist Wed Apr 18 02:09:46 2018 (r467666) +++ head/dns/dnscrypt-proxy2/pkg-plist Wed Apr 18 02:25:48 2018 (r467667) @@ -1,2 +1,3 @@ -@sample etc/dnscrypt-proxy.toml.sample +@dir(%%USER%%,%%GROUP%%) etc/dnscrypt-proxy +@sample %%ETCDIR%%/dnscrypt-proxy.toml.sample sbin/dnscrypt-proxy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804180225.w3I2PmX9033490>