Mail archive
alpine-aports

[alpine-aports] [PATCH] community/dnscrypt-proxy: Fix launch as service

From: Taner Tas <taner76_at_gmail.com>
Date: Thu, 12 Apr 2018 14:36:35 +0300

* To able to bind on port 53, capabilities of binary file has to be changed via post-install script
* Clarify license (ISC), thus removed -doc subpackage
* Dynamically fetched server list file moved to /var/cache instead of /etc
* Example configuration files moved to /usr/share instead of /etc
* Configuration file patch added to ensure logs to be stored in /var/log
---
 community/dnscrypt-proxy/APKBUILD             | 64 ++++++--------
 .../dnscrypt-proxy/config-full-paths.patch    | 86 +++++++++++++++++++
 community/dnscrypt-proxy/dnscrypt-proxy.confd |  2 +-
 community/dnscrypt-proxy/dnscrypt-proxy.initd |  4 +-
 .../dnscrypt-proxy.post-install               |  2 +
 5 files changed, 116 insertions(+), 42 deletions(-)
 create mode 100644 community/dnscrypt-proxy/config-full-paths.patch
 create mode 100644 community/dnscrypt-proxy/dnscrypt-proxy.post-install
diff --git a/community/dnscrypt-proxy/APKBUILD b/community/dnscrypt-proxy/APKBUILD
index 7f375af8..bf60f917 100644
--- a/community/dnscrypt-proxy/APKBUILD
+++ b/community/dnscrypt-proxy/APKBUILD
_at_@ -2,71 +2,57 @@
 # Maintainer: Francesco Colista <fcolista_at_alpinelinux.org>
 pkgname=dnscrypt-proxy
 pkgver=2.0.9b2
-pkgrel=2
+pkgrel=3
 pkgdesc="A tool for securing communications between a client and a DNS resolver"
 url="https://dnscrypt.info"
 arch="all"
-license="custom"
-makedepends="$depends_dev libsodium-dev ldns-dev go"
-install="$pkgname.pre-install"
-options="!check" #upstream does not provide check/test
+license="ISC"
+depends="libcap"
+makedepends="go"
+install="$pkgname.pre-install $pkgname.post-install"
 pkgusers=dnscrypt
 pkggroups=dnscrypt
-subpackages="$pkgname-doc $pkgname-setup::noarch"
-source="$pkgname-$pkgver.tar.gz::https://github.com/jedisct1/$pkgname/archive/$pkgver.tar.gz
+subpackages="$pkgname-setup::noarch"
+source="${pkgname}-${pkgver}.tar.gz::https://github.com/jedisct1/${pkgname}/archive/${pkgver}.tar.gz
 	$pkgname.initd
 	$pkgname.confd
 	$pkgname.setup
+	config-full-paths.patch
 	"
-builddir="$srcdir"/$pkgname-$pkgver
+options="!check"
 
 prepare() {
-	default_prepare
 	cd "$builddir"
-	export GOPATH=$(pwd)
-	ln -sfv vendor src
+	ln -sf vendor src
+	default_prepare
 }
 
 build() {
-	cd "$builddir"/$pkgname
-	go build -ldflags="-s -w" -v
+	cd "$builddir"/"$pkgname"
+	GOPATH="$builddir" go build -ldflags="-s -w" -v
 }
 
 package() {
 	cd "$builddir"/$pkgname
+	mkdir -p "$pkgdir"/etc/$pkgname
 	mkdir -p "$pkgdir"/var/log/$pkgname
-	mkdir -p "$pkgdir"/var/run/$pkgname
-	mkdir -p "$pkgdir"/var/empty
-	mkdir -p $pkgdir/usr/share/licenses/$pkgname
-    install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	mkdir -p "$pkgdir"/usr/share/$pkgname
+        install -m755 -D dnscrypt-proxy "$pkgdir"/usr/bin/dnscrypt-proxy
+        install -m644 -D example-dnscrypt-proxy.toml "$pkgdir"/etc/$pkgname/dnscrypt-proxy.toml
+        install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
 	install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
-	install -m755 -D $pkgname "$pkgdir"/usr/bin/$pkgname
-	install -vDm 644 "example-${pkgname}.toml" \
-		"${pkgdir}/etc/${pkgname}/${pkgname}.toml"
-	install -vDm 644 "example-blacklist.txt" \
-		"${pkgdir}/etc/${pkgname}/example-blacklist.txt"
-	install -vDm 644 "example-cloaking-rules.txt" \
-		"${pkgdir}/etc/${pkgname}/example-cloaking-rules.txt"
-	install -vDm 644 "example-forwarding-rules.txt" \
-		"${pkgdir}/etc/${pkgname}/example-forwarding-rules.txt"
-	install -vDm 644 "example-whitelist.txt" \
-		"${pkgdir}/etc/${pkgname}/example-whitelist.txt"
 	chown dnscrypt "$pkgdir"/var/log/$pkgname
-	chown dnscrypt "$pkgdir"/var/run/$pkgname
-	chown dnscrypt "$pkgdir"/var/empty
-	chown dnscrypt "$pkgdir"/etc/$pkgname
-	install -m 644 ../LICENSE $pkgdir/usr/share/licenses/$pkgname
+	for i in example-*; do install -m644 -D "$i" "$pkgdir"/usr/share/$pkgname/"$i"; done
 }
 
 setup() {
-	pkgdesc="Script for setting up DNSCrypt Proxy"
+	pkgdesc="Script for setting up dnscrypt-proxy"
 	depends="sed wget $pkgname"
-
-	mkdir -p "$subpkgdir"/sbin
-	install -m755 -D "$srcdir"/$pkgname.setup "$subpkgdir"/sbin/setup-dnscrypt
+	install -m755 -D "$srcdir"/$pkgname.setup "$subpkgdir"/usr/sbin/setup-dnscrypt
 }
 
 sha512sums="d64cc8e0b61e1e548b63531dc4c733af1605ccda89a9f905227e97cb966a3488104ac9af229521909ca88bde283dce224e712326b4d1717af70be2d04821c6c2  dnscrypt-proxy-2.0.9b2.tar.gz
-c38095ee38054fb0d3b51c002b5038cb073b8b9ec0ababf975e70d27e4c1bd90c0c3f846863e052f30ff2ac6d4ce84c5d4192ebae0eebfa013eb08edf840f8bf  dnscrypt-proxy.initd
-44a2d792aa80a048ea6bdb4a79c1e436bcad3610a28a963ebed5c0e77a8b2a733c45311a66268fc4026d1c4c9b1f222813aeeea9c619832bbcb7c227542b65a8  dnscrypt-proxy.confd
-66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0  dnscrypt-proxy.setup"
+b4913fada4172a12521d1beb731cc63e12fd45380a3973bedcefff394b244401c15ec74108b5e18c0aa34f0803b4e5abe90d33c1342b32bb9137aa598a7daf4a  dnscrypt-proxy.initd
+c001ae39da1b2db71764cab568f9ed18e4de0cea3d1a4e7bd6dd01a5668b81a888ea9eef99de6beac08857ad7f8eb1a32d730e946ac3563e4dcfa27147e35052  dnscrypt-proxy.confd
+66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0  dnscrypt-proxy.setup
+898d71dfba3d2af78ee5b26455073cc6d6ecd4ae2bb08b6f04537e9f30989da5053f364dc504a5c2f78e3da3b27b6f92ef301ed860abd4aa23b062043d317b64  config-full-paths.patch"
diff --git a/community/dnscrypt-proxy/config-full-paths.patch b/community/dnscrypt-proxy/config-full-paths.patch
new file mode 100644
index 00000000..5e22153f
--- /dev/null
+++ b/community/dnscrypt-proxy/config-full-paths.patch
_at_@ -0,0 +1,86 @@
+--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
++++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
+_at_@ -96,7 +96,7 @@
+ 
+ ## log file for the application
+ 
+-# log_file = 'dnscrypt-proxy.log'
++ log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
+ 
+ 
+ ## Use the system logger (syslog on Unix, Event Log on Windows)
+_at_@ -255,7 +255,7 @@
+ 
+   ## Path to the query log file (absolute, or relative to the same directory as the executable file)
+ 
+-  # file = 'query.log'
++  # file = '/var/log/dnscrypt-proxy/query.log'
+ 
+ 
+   ## Query log format (currently supported: tsv and ltsv)
+_at_@ -281,7 +281,7 @@
+ 
+   ## Path to the query log file (absolute, or relative to the same directory as the executable file)
+ 
+-  # file = 'nx.log'
++  # file = '/var/log/dnscrypt-proxy/nx.log'
+ 
+ 
+   ## Query log format (currently supported: tsv and ltsv)
+_at_@ -311,12 +311,12 @@
+ 
+   ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
+ 
+-  # blacklist_file = 'blacklist.txt'
++  # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
+ 
+ 
+   ## Optional path to a file logging blocked queries
+ 
+-  # log_file = 'blocked.log'
++  # log_file = '/var/log/dnscrypt-proxy/blocked.log'
+ 
+ 
+   ## Optional log format: tsv or ltsv (default: tsv)
+_at_@ -344,7 +344,7 @@
+ 
+   ## Optional path to a file logging blocked queries
+ 
+-  # log_file = 'ip-blocked.log'
++  # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
+ 
+ 
+   ## Optional log format: tsv or ltsv (default: tsv)
+_at_@ -367,12 +367,12 @@
+ 
+   ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file)
+ 
+-  # whitelist_file = 'whitelist.txt'
++  # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt'
+ 
+ 
+   ## Optional path to a file logging whitelisted queries
+ 
+-  # log_file = 'whitelisted.log'
++  # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
+ 
+ 
+   ## Optional log format: tsv or ltsv (default: tsv)
+_at_@ -442,7 +442,7 @@
+ 
+   [sources.'public-resolvers']
+   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
+-  cache_file = 'public-resolvers.md'
++  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
+   minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+   refresh_delay = 72
+   prefix = ''
+_at_@ -452,7 +452,7 @@
+ 
+   #  [sources.'parental-control']
+   #  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md']
+-  #  cache_file = 'parental-control.md'
++  #  cache_file = '/var/cache/dnscrypt-proxy/parental-control.md'
+   #  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+ 
+ 
diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.confd b/community/dnscrypt-proxy/dnscrypt-proxy.confd
index 070ba95d..a1dc6a69 100644
--- a/community/dnscrypt-proxy/dnscrypt-proxy.confd
+++ b/community/dnscrypt-proxy/dnscrypt-proxy.confd
_at_@ -1,4 +1,4 @@
-#DNSCRYPT_OPTS="--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
+#DNSCRYPT_OPTS="-config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
 #DNSCRYPT_USER="dnscrypt"
 #DNSCRYPT_GROUP="dnscrypt"
 
diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.initd b/community/dnscrypt-proxy/dnscrypt-proxy.initd
index e24085f1..c52ba746 100644
--- a/community/dnscrypt-proxy/dnscrypt-proxy.initd
+++ b/community/dnscrypt-proxy/dnscrypt-proxy.initd
_at_@ -3,9 +3,9 @@
 # Distributed under the terms of the GNU General Public License v2
 
 command="/usr/bin/dnscrypt-proxy"
-command_args="${DNSCRYPT_OPTS:---config /etc/dnscrypt-proxy/dnscrypt-proxy.toml}"
+command_args="${DNSCRYPT_OPTS:--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml}"
 command_user="${DNSCRYPT_USER:-dnscrypt}:${DNSCRYPT_GROUP:-dnscrypt}"
-pidfile="/run/dnscrypt-proxy/${SVCNAME}.pid"
+pidfile="/run/${SVCNAME}.pid"
 start_stop_daemon_args="--background --make-pidfile"
 
 depend() {
diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.post-install b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
new file mode 100644
index 00000000..7a7f4af3
--- /dev/null
+++ b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
_at_@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/sbin/setcap cap_net_bind_service=+pe /usr/bin/dnscrypt-proxy
-- 
2.17.0
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Thu Apr 12 2018 - 14:36:35 GMT