2
2
[alpine-aports] [PATCH] community/dnscrypt-proxy: Fix launch as service
* To able to bind on port 53, capabilities of binary file has to be changed via post-install script
* Clarify license (ISC), thus removed -doc subpackage
* Dynamically fetched server list file moved to /var/cache instead of /etc
* Example configuration files moved to /usr/share instead of /etc
* Configuration file patch added to ensure logs to be stored in /var/log
---
community/dnscrypt-proxy/APKBUILD | 64 ++++++--------
.../dnscrypt-proxy/config-full-paths.patch | 86 +++++++++++++++++++
community/dnscrypt-proxy/dnscrypt-proxy.confd | 2 +-
community/dnscrypt-proxy/dnscrypt-proxy.initd | 4 +-
.../dnscrypt-proxy.post-install | 2 +
5 files changed, 116 insertions(+), 42 deletions(-)
create mode 100644 community/dnscrypt-proxy/config-full-paths.patch
create mode 100644 community/dnscrypt-proxy/dnscrypt-proxy.post-install
diff --git a/community/dnscrypt-proxy/APKBUILD b/community/dnscrypt-proxy/APKBUILD
index 7f375af8..bf60f917 100644
--- a/community/dnscrypt-proxy/APKBUILD
@@ -2,71 +2,57 @@
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=dnscrypt-proxy
pkgver=2.0.9b2
-pkgrel=2
+pkgrel=3
pkgdesc="A tool for securing communications between a client and a DNS resolver"
url="https://dnscrypt.info"
arch="all"
-license="custom"
-makedepends="$depends_dev libsodium-dev ldns-dev go"
-install="$pkgname.pre-install"
-options="!check" #upstream does not provide check/test
+license="ISC"
+depends="libcap"
+makedepends="go"
+install="$pkgname.pre-install $pkgname.post-install"
pkgusers=dnscrypt
pkggroups=dnscrypt
-subpackages="$pkgname-doc $pkgname-setup::noarch"
-source="$pkgname-$pkgver.tar.gz::https://github.com/jedisct1/$pkgname/archive/$pkgver.tar.gz
+subpackages="$pkgname-setup::noarch"
+source="${pkgname}-${pkgver}.tar.gz::https://github.com/jedisct1/${pkgname}/archive/${pkgver}.tar.gz
$pkgname.initd
$pkgname.confd
$pkgname.setup
+ config-full-paths.patch
"
-builddir="$srcdir"/$pkgname-$pkgver
+options="!check"
prepare() {
- default_prepare
cd "$builddir"
- export GOPATH=$(pwd)
- ln -sfv vendor src
+ ln -sf vendor src
+ default_prepare
}
build() {
- cd "$builddir"/$pkgname
- go build -ldflags="-s -w" -v
+ cd "$builddir"/"$pkgname"
+ GOPATH="$builddir" go build -ldflags="-s -w" -v
}
package() {
cd "$builddir"/$pkgname
+ mkdir -p "$pkgdir"/etc/$pkgname
mkdir -p "$pkgdir"/var/log/$pkgname
- mkdir -p "$pkgdir"/var/run/$pkgname
- mkdir -p "$pkgdir"/var/empty
- mkdir -p $pkgdir/usr/share/licenses/$pkgname
- install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+ mkdir -p "$pkgdir"/usr/share/$pkgname
+ install -m755 -D dnscrypt-proxy "$pkgdir"/usr/bin/dnscrypt-proxy
+ install -m644 -D example-dnscrypt-proxy.toml "$pkgdir"/etc/$pkgname/dnscrypt-proxy.toml
+ install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
- install -m755 -D $pkgname "$pkgdir"/usr/bin/$pkgname
- install -vDm 644 "example-${pkgname}.toml" \
- "${pkgdir}/etc/${pkgname}/${pkgname}.toml"
- install -vDm 644 "example-blacklist.txt" \
- "${pkgdir}/etc/${pkgname}/example-blacklist.txt"
- install -vDm 644 "example-cloaking-rules.txt" \
- "${pkgdir}/etc/${pkgname}/example-cloaking-rules.txt"
- install -vDm 644 "example-forwarding-rules.txt" \
- "${pkgdir}/etc/${pkgname}/example-forwarding-rules.txt"
- install -vDm 644 "example-whitelist.txt" \
- "${pkgdir}/etc/${pkgname}/example-whitelist.txt"
chown dnscrypt "$pkgdir"/var/log/$pkgname
- chown dnscrypt "$pkgdir"/var/run/$pkgname
- chown dnscrypt "$pkgdir"/var/empty
- chown dnscrypt "$pkgdir"/etc/$pkgname
- install -m 644 ../LICENSE $pkgdir/usr/share/licenses/$pkgname
+ for i in example-*; do install -m644 -D "$i" "$pkgdir"/usr/share/$pkgname/"$i"; done
}
setup() {
- pkgdesc="Script for setting up DNSCrypt Proxy"
+ pkgdesc="Script for setting up dnscrypt-proxy"
depends="sed wget $pkgname"
-
- mkdir -p "$subpkgdir"/sbin
- install -m755 -D "$srcdir"/$pkgname.setup "$subpkgdir"/sbin/setup-dnscrypt
+ install -m755 -D "$srcdir"/$pkgname.setup "$subpkgdir"/usr/sbin/setup-dnscrypt
}
sha512sums="d64cc8e0b61e1e548b63531dc4c733af1605ccda89a9f905227e97cb966a3488104ac9af229521909ca88bde283dce224e712326b4d1717af70be2d04821c6c2 dnscrypt-proxy-2.0.9b2.tar.gz
-c38095ee38054fb0d3b51c002b5038cb073b8b9ec0ababf975e70d27e4c1bd90c0c3f846863e052f30ff2ac6d4ce84c5d4192ebae0eebfa013eb08edf840f8bf dnscrypt-proxy.initd
-44a2d792aa80a048ea6bdb4a79c1e436bcad3610a28a963ebed5c0e77a8b2a733c45311a66268fc4026d1c4c9b1f222813aeeea9c619832bbcb7c227542b65a8 dnscrypt-proxy.confd
-66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0 dnscrypt-proxy.setup"
+b4913fada4172a12521d1beb731cc63e12fd45380a3973bedcefff394b244401c15ec74108b5e18c0aa34f0803b4e5abe90d33c1342b32bb9137aa598a7daf4a dnscrypt-proxy.initd
+c001ae39da1b2db71764cab568f9ed18e4de0cea3d1a4e7bd6dd01a5668b81a888ea9eef99de6beac08857ad7f8eb1a32d730e946ac3563e4dcfa27147e35052 dnscrypt-proxy.confd
+66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0 dnscrypt-proxy.setup
+898d71dfba3d2af78ee5b26455073cc6d6ecd4ae2bb08b6f04537e9f30989da5053f364dc504a5c2f78e3da3b27b6f92ef301ed860abd4aa23b062043d317b64 config-full-paths.patch"
diff --git a/community/dnscrypt-proxy/config-full-paths.patch b/community/dnscrypt-proxy/config-full-paths.patch
new file mode 100644
index 00000000..5e22153f
--- /dev/null
@@ -0,0 +1,86 @@
+--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
++++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
+@@ -96,7 +96,7 @@
+
+ ## log file for the application
+
+-# log_file = 'dnscrypt-proxy.log'
++ log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
+
+
+ ## Use the system logger (syslog on Unix, Event Log on Windows)
+@@ -255,7 +255,7 @@
+
+ ## Path to the query log file (absolute, or relative to the same directory as the executable file)
+
+- # file = 'query.log'
++ # file = '/var/log/dnscrypt-proxy/query.log'
+
+
+ ## Query log format (currently supported: tsv and ltsv)
+@@ -281,7 +281,7 @@
+
+ ## Path to the query log file (absolute, or relative to the same directory as the executable file)
+
+- # file = 'nx.log'
++ # file = '/var/log/dnscrypt-proxy/nx.log'
+
+
+ ## Query log format (currently supported: tsv and ltsv)
+@@ -311,12 +311,12 @@
+
+ ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
+
+- # blacklist_file = 'blacklist.txt'
++ # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
+
+
+ ## Optional path to a file logging blocked queries
+
+- # log_file = 'blocked.log'
++ # log_file = '/var/log/dnscrypt-proxy/blocked.log'
+
+
+ ## Optional log format: tsv or ltsv (default: tsv)
+@@ -344,7 +344,7 @@
+
+ ## Optional path to a file logging blocked queries
+
+- # log_file = 'ip-blocked.log'
++ # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
+
+
+ ## Optional log format: tsv or ltsv (default: tsv)
+@@ -367,12 +367,12 @@
+
+ ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file)
+
+- # whitelist_file = 'whitelist.txt'
++ # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt'
+
+
+ ## Optional path to a file logging whitelisted queries
+
+- # log_file = 'whitelisted.log'
++ # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
+
+
+ ## Optional log format: tsv or ltsv (default: tsv)
+@@ -442,7 +442,7 @@
+
+ [sources.'public-resolvers']
+ urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
+- cache_file = 'public-resolvers.md'
++ cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
+ minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+ refresh_delay = 72
+ prefix = ''
+@@ -452,7 +452,7 @@
+
+ # [sources.'parental-control']
+ # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md']
+- # cache_file = 'parental-control.md'
++ # cache_file = '/var/cache/dnscrypt-proxy/parental-control.md'
+ # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+
+
diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.confd b/community/dnscrypt-proxy/dnscrypt-proxy.confd
index 070ba95d..a1dc6a69 100644
--- a/community/dnscrypt-proxy/dnscrypt-proxy.confd
@@ -1,4 +1,4 @@
-#DNSCRYPT_OPTS="--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
+#DNSCRYPT_OPTS="-config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
#DNSCRYPT_USER="dnscrypt"
#DNSCRYPT_GROUP="dnscrypt"
diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.initd b/community/dnscrypt-proxy/dnscrypt-proxy.initd
index e24085f1..c52ba746 100644
--- a/community/dnscrypt-proxy/dnscrypt-proxy.initd
@@ -3,9 +3,9 @@
# Distributed under the terms of the GNU General Public License v2
command="/usr/bin/dnscrypt-proxy"
-command_args="${DNSCRYPT_OPTS:---config /etc/dnscrypt-proxy/dnscrypt-proxy.toml}"
+command_args="${DNSCRYPT_OPTS:--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml}"
command_user="${DNSCRYPT_USER:-dnscrypt}:${DNSCRYPT_GROUP:-dnscrypt}"
-pidfile="/run/dnscrypt-proxy/${SVCNAME}.pid"
+pidfile="/run/${SVCNAME}.pid"
start_stop_daemon_args="--background --make-pidfile"
depend() {
diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.post-install b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
new file mode 100644
index 00000000..7a7f4af3
--- /dev/null
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/sbin/setcap cap_net_bind_service=+pe /usr/bin/dnscrypt-proxy
--
2.17.0
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---
Hi,
not sure if it's still needed, but needs be rebased against latest version.
Thanks
On Thu, Apr 12, 2018 at 1:36 PM, Taner Tas <taner76@gmail.com> wrote:
> * To able to bind on port 53, capabilities of binary file has to be
> changed via post-install script
> * Clarify license (ISC), thus removed -doc subpackage
> * Dynamically fetched server list file moved to /var/cache instead of /etc
> * Example configuration files moved to /usr/share instead of /etc
> * Configuration file patch added to ensure logs to be stored in /var/log
> ---
> community/dnscrypt-proxy/APKBUILD | 64 ++++++--------
> .../dnscrypt-proxy/config-full-paths.patch | 86 +++++++++++++++++++
> community/dnscrypt-proxy/dnscrypt-proxy.confd | 2 +-
> community/dnscrypt-proxy/dnscrypt-proxy.initd | 4 +-
> .../dnscrypt-proxy.post-install | 2 +
> 5 files changed, 116 insertions(+), 42 deletions(-)
> create mode 100644 community/dnscrypt-proxy/config-full-paths.patch
> create mode 100644 community/dnscrypt-proxy/dnscrypt-proxy.post-install
>
> diff --git a/community/dnscrypt-proxy/APKBUILD b/community/dnscrypt-proxy/
> APKBUILD
> index 7f375af8..bf60f917 100644
> --- a/community/dnscrypt-proxy/APKBUILD
> +++ b/community/dnscrypt-proxy/APKBUILD
> @@ -2,71 +2,57 @@
> # Maintainer: Francesco Colista <fcolista@alpinelinux.org>
> pkgname=dnscrypt-proxy
> pkgver=2.0.9b2
> -pkgrel=2
> +pkgrel=3
> pkgdesc="A tool for securing communications between a client and a DNS
> resolver"
> url="https://dnscrypt.info"
> arch="all"
> -license="custom"
> -makedepends="$depends_dev libsodium-dev ldns-dev go"
> -install="$pkgname.pre-install"
> -options="!check" #upstream does not provide check/test
> +license="ISC"
> +depends="libcap"
> +makedepends="go"
> +install="$pkgname.pre-install $pkgname.post-install"
> pkgusers=dnscrypt
> pkggroups=dnscrypt
> -subpackages="$pkgname-doc $pkgname-setup::noarch"
> -source="$pkgname-$pkgver.tar.gz::https://github.com/
> jedisct1/$pkgname/archive/$pkgver.tar.gz
> +subpackages="$pkgname-setup::noarch"
> +source="${pkgname}-${pkgver}.tar.gz::https://github.com/
> jedisct1/${pkgname}/archive/${pkgver}.tar.gz
> $pkgname.initd
> $pkgname.confd
> $pkgname.setup
> + config-full-paths.patch
> "
> -builddir="$srcdir"/$pkgname-$pkgver
> +options="!check"
>
> prepare() {
> - default_prepare
> cd "$builddir"
> - export GOPATH=$(pwd)
> - ln -sfv vendor src
> + ln -sf vendor src
> + default_prepare
> }
>
> build() {
> - cd "$builddir"/$pkgname
> - go build -ldflags="-s -w" -v
> + cd "$builddir"/"$pkgname"
> + GOPATH="$builddir" go build -ldflags="-s -w" -v
> }
>
> package() {
> cd "$builddir"/$pkgname
> + mkdir -p "$pkgdir"/etc/$pkgname
> mkdir -p "$pkgdir"/var/log/$pkgname
> - mkdir -p "$pkgdir"/var/run/$pkgname
> - mkdir -p "$pkgdir"/var/empty
> - mkdir -p $pkgdir/usr/share/licenses/$pkgname
> - install -m755 -D "$srcdir"/$pkgname.initd
> "$pkgdir"/etc/init.d/$pkgname
> + mkdir -p "$pkgdir"/usr/share/$pkgname
> + install -m755 -D dnscrypt-proxy "$pkgdir"/usr/bin/dnscrypt-proxy
> + install -m644 -D example-dnscrypt-proxy.toml
> "$pkgdir"/etc/$pkgname/dnscrypt-proxy.toml
> + install -m755 -D "$srcdir"/$pkgname.initd
> "$pkgdir"/etc/init.d/$pkgname
> install -m644 -D "$srcdir"/$pkgname.confd
> "$pkgdir"/etc/conf.d/$pkgname
> - install -m755 -D $pkgname "$pkgdir"/usr/bin/$pkgname
> - install -vDm 644 "example-${pkgname}.toml" \
> - "${pkgdir}/etc/${pkgname}/${pkgname}.toml"
> - install -vDm 644 "example-blacklist.txt" \
> - "${pkgdir}/etc/${pkgname}/example-blacklist.txt"
> - install -vDm 644 "example-cloaking-rules.txt" \
> - "${pkgdir}/etc/${pkgname}/example-cloaking-rules.txt"
> - install -vDm 644 "example-forwarding-rules.txt" \
> - "${pkgdir}/etc/${pkgname}/example-forwarding-rules.txt"
> - install -vDm 644 "example-whitelist.txt" \
> - "${pkgdir}/etc/${pkgname}/example-whitelist.txt"
> chown dnscrypt "$pkgdir"/var/log/$pkgname
> - chown dnscrypt "$pkgdir"/var/run/$pkgname
> - chown dnscrypt "$pkgdir"/var/empty
> - chown dnscrypt "$pkgdir"/etc/$pkgname
> - install -m 644 ../LICENSE $pkgdir/usr/share/licenses/$pkgname
> + for i in example-*; do install -m644 -D "$i"
> "$pkgdir"/usr/share/$pkgname/"$i"; done
> }
>
> setup() {
> - pkgdesc="Script for setting up DNSCrypt Proxy"
> + pkgdesc="Script for setting up dnscrypt-proxy"
> depends="sed wget $pkgname"
> -
> - mkdir -p "$subpkgdir"/sbin
> - install -m755 -D "$srcdir"/$pkgname.setup "$subpkgdir"/sbin/setup-
> dnscrypt
> + install -m755 -D "$srcdir"/$pkgname.setup
> "$subpkgdir"/usr/sbin/setup-dnscrypt
> }
>
> sha512sums="d64cc8e0b61e1e548b63531dc4c733af1605ccda89a9f905227e97cb966a
> 3488104ac9af229521909ca88bde283dce224e712326b4d1717af70be2d04821c6c2
> dnscrypt-proxy-2.0.9b2.tar.gz
> -c38095ee38054fb0d3b51c002b5038cb073b8b9ec0ababf975e70d27e4c1
> bd90c0c3f846863e052f30ff2ac6d4ce84c5d4192ebae0eebfa013eb08edf840f8bf
> dnscrypt-proxy.initd
> -44a2d792aa80a048ea6bdb4a79c1e436bcad3610a28a963ebed5c0e77a8b
> 2a733c45311a66268fc4026d1c4c9b1f222813aeeea9c619832bbcb7c227542b65a8
> dnscrypt-proxy.confd
> -66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21
> f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0
> dnscrypt-proxy.setup"
> +b4913fada4172a12521d1beb731cc63e12fd45380a3973bedcefff394b24
> 4401c15ec74108b5e18c0aa34f0803b4e5abe90d33c1342b32bb9137aa598a7daf4a
> dnscrypt-proxy.initd
> +c001ae39da1b2db71764cab568f9ed18e4de0cea3d1a4e7bd6dd01a5668b
> 81a888ea9eef99de6beac08857ad7f8eb1a32d730e946ac3563e4dcfa27147e35052
> dnscrypt-proxy.confd
> +66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21
> f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0
> dnscrypt-proxy.setup
> +898d71dfba3d2af78ee5b26455073cc6d6ecd4ae2bb08b6f04537e9f3098
> 9da5053f364dc504a5c2f78e3da3b27b6f92ef301ed860abd4aa23b062043d317b64
> config-full-paths.patch"
> diff --git a/community/dnscrypt-proxy/config-full-paths.patch
> b/community/dnscrypt-proxy/config-full-paths.patch
> new file mode 100644
> index 00000000..5e22153f
> --- /dev/null
> +++ b/community/dnscrypt-proxy/config-full-paths.patch
> @@ -0,0 +1,86 @@
> +--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
> ++++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
> +@@ -96,7 +96,7 @@
> +
> + ## log file for the application
> +
> +-# log_file = 'dnscrypt-proxy.log'
> ++ log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
> +
> +
> + ## Use the system logger (syslog on Unix, Event Log on Windows)
> +@@ -255,7 +255,7 @@
> +
> + ## Path to the query log file (absolute, or relative to the same
> directory as the executable file)
> +
> +- # file = 'query.log'
> ++ # file = '/var/log/dnscrypt-proxy/query.log'
> +
> +
> + ## Query log format (currently supported: tsv and ltsv)
> +@@ -281,7 +281,7 @@
> +
> + ## Path to the query log file (absolute, or relative to the same
> directory as the executable file)
> +
> +- # file = 'nx.log'
> ++ # file = '/var/log/dnscrypt-proxy/nx.log'
> +
> +
> + ## Query log format (currently supported: tsv and ltsv)
> +@@ -311,12 +311,12 @@
> +
> + ## Path to the file of blocking rules (absolute, or relative to the
> same directory as the executable file)
> +
> +- # blacklist_file = 'blacklist.txt'
> ++ # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
> +
> +
> + ## Optional path to a file logging blocked queries
> +
> +- # log_file = 'blocked.log'
> ++ # log_file = '/var/log/dnscrypt-proxy/blocked.log'
> +
> +
> + ## Optional log format: tsv or ltsv (default: tsv)
> +@@ -344,7 +344,7 @@
> +
> + ## Optional path to a file logging blocked queries
> +
> +- # log_file = 'ip-blocked.log'
> ++ # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
> +
> +
> + ## Optional log format: tsv or ltsv (default: tsv)
> +@@ -367,12 +367,12 @@
> +
> + ## Path to the file of whitelisting rules (absolute, or relative to
> the same directory as the executable file)
> +
> +- # whitelist_file = 'whitelist.txt'
> ++ # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt'
> +
> +
> + ## Optional path to a file logging whitelisted queries
> +
> +- # log_file = 'whitelisted.log'
> ++ # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
> +
> +
> + ## Optional log format: tsv or ltsv (default: tsv)
> +@@ -442,7 +442,7 @@
> +
> + [sources.'public-resolvers']
> + urls = ['https://raw.githubusercontent.com/
> DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', '
> https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
> +- cache_file = 'public-resolvers.md'
> ++ cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
> + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPp
> vWucNSCh1CBM0QTaLn73Y7GFO3'
> + refresh_delay = 72
> + prefix = ''
> +@@ -452,7 +452,7 @@
> +
> + # [sources.'parental-control']
> + # urls = ['https://raw.githubusercontent.com/
> DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', '
> https://download.dnscrypt.info/resolvers-list/v2/parental-control.md']
> +- # cache_file = 'parental-control.md'
> ++ # cache_file = '/var/cache/dnscrypt-proxy/parental-control.md'
> + # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPp
> vWucNSCh1CBM0QTaLn73Y7GFO3'
> +
> +
> diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.confd
> b/community/dnscrypt-proxy/dnscrypt-proxy.confd
> index 070ba95d..a1dc6a69 100644
> --- a/community/dnscrypt-proxy/dnscrypt-proxy.confd
> +++ b/community/dnscrypt-proxy/dnscrypt-proxy.confd
> @@ -1,4 +1,4 @@
> -#DNSCRYPT_OPTS="--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
> +#DNSCRYPT_OPTS="-config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
> #DNSCRYPT_USER="dnscrypt"
> #DNSCRYPT_GROUP="dnscrypt"
>
> diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.initd
> b/community/dnscrypt-proxy/dnscrypt-proxy.initd
> index e24085f1..c52ba746 100644
> --- a/community/dnscrypt-proxy/dnscrypt-proxy.initd
> +++ b/community/dnscrypt-proxy/dnscrypt-proxy.initd
> @@ -3,9 +3,9 @@
> # Distributed under the terms of the GNU General Public License v2
>
> command="/usr/bin/dnscrypt-proxy"
> -command_args="${DNSCRYPT_OPTS:---config /etc/dnscrypt-proxy/dnscrypt-
> proxy.toml}"
> +command_args="${DNSCRYPT_OPTS:--config /etc/dnscrypt-proxy/dnscrypt-
> proxy.toml}"
> command_user="${DNSCRYPT_USER:-dnscrypt}:${DNSCRYPT_GROUP:-dnscrypt}"
> -pidfile="/run/dnscrypt-proxy/${SVCNAME}.pid"
> +pidfile="/run/${SVCNAME}.pid"
> start_stop_daemon_args="--background --make-pidfile"
>
> depend() {
> diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.post-install
> b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
> new file mode 100644
> index 00000000..7a7f4af3
> --- /dev/null
> +++ b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
> @@ -0,0 +1,2 @@
> +#!/bin/sh
> +/usr/sbin/setcap cap_net_bind_service=+pe /usr/bin/dnscrypt-proxy
> --
> 2.17.0
>
>
>
> ---
> Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
> Help: alpine-aports+help@lists.alpinelinux.org
> ---
>
>
Hi,
This is no longer needed.
Thanks.
---
Taner
On 17.07.2018 16:22, Leonardo Arena wrote:
> Hi,
>
> not sure if it's still needed, but needs be rebased against latest
> version.
>
> Thanks
>
> On Thu, Apr 12, 2018 at 1:36 PM, Taner Tas <taner76@gmail.com
> <taner76@gmail.com>> wrote:
>
> * To able to bind on port 53, capabilities of binary file has to
> be changed via post-install script
> * Clarify license (ISC), thus removed -doc subpackage
> * Dynamically fetched server list file moved to /var/cache instead
> of /etc
> * Example configuration files moved to /usr/share instead of /etc
> * Configuration file patch added to ensure logs to be stored in
> /var/log
> ---
> community/dnscrypt-proxy/APKBUILD | 64 ++++++--------
> .../dnscrypt-proxy/config-full-paths.patch | 86
> +++++++++++++++++++
> community/dnscrypt-proxy/dnscrypt-proxy.confd | 2 +-
> community/dnscrypt-proxy/dnscrypt-proxy.initd | 4 +-
> .../dnscrypt-proxy.post-install | 2 +
> 5 files changed, 116 insertions(+), 42 deletions(-)
> create mode 100644 community/dnscrypt-proxy/config-full-paths.patch
> create mode 100644
> community/dnscrypt-proxy/dnscrypt-proxy.post-install
>
> diff --git a/community/dnscrypt-proxy/APKBUILD
> b/community/dnscrypt-proxy/APKBUILD
> index 7f375af8..bf60f917 100644
> --- a/community/dnscrypt-proxy/APKBUILD
> +++ b/community/dnscrypt-proxy/APKBUILD
> @@ -2,71 +2,57 @@
> # Maintainer: Francesco Colista <fcolista@alpinelinux.org
> <fcolista@alpinelinux.org>>
> pkgname=dnscrypt-proxy
> pkgver=2.0.9b2
> -pkgrel=2
> +pkgrel=3
> pkgdesc="A tool for securing communications between a client and
> a DNS resolver"
> url="https://dnscrypt.info"
> arch="all"
> -license="custom"
> -makedepends="$depends_dev libsodium-dev ldns-dev go"
> -install="$pkgname.pre-install"
> -options="!check" #upstream does not provide check/test
> +license="ISC"
> +depends="libcap"
> +makedepends="go"
> +install="$pkgname.pre-install $pkgname.post-install"
> pkgusers=dnscrypt
> pkggroups=dnscrypt
> -subpackages="$pkgname-doc $pkgname-setup::noarch"
> -source="$pkgname-$pkgver.tar.gz::https://github.com/jedisct1/$pkgname/archive/$pkgver.tar.gz
> <https://github.com/jedisct1/$pkgname/archive/$pkgver.tar.gz>
> +subpackages="$pkgname-setup::noarch"
> +source="${pkgname}-${pkgver}.tar.gz::https://github.com/jedisct1/${pkgname}/archive/${pkgver}.tar.gz
> <https://github.com/jedisct1/$%7Bpkgname%7D/archive/$%7Bpkgver%7D.tar.gz>
> $pkgname.initd
> $pkgname.confd
> $pkgname.setup
> + config-full-paths.patch
> "
> -builddir="$srcdir"/$pkgname-$pkgver
> +options="!check"
>
> prepare() {
> - default_prepare
> cd "$builddir"
> - export GOPATH=$(pwd)
> - ln -sfv vendor src
> + ln -sf vendor src
> + default_prepare
> }
>
> build() {
> - cd "$builddir"/$pkgname
> - go build -ldflags="-s -w" -v
> + cd "$builddir"/"$pkgname"
> + GOPATH="$builddir" go build -ldflags="-s -w" -v
> }
>
> package() {
> cd "$builddir"/$pkgname
> + mkdir -p "$pkgdir"/etc/$pkgname
> mkdir -p "$pkgdir"/var/log/$pkgname
> - mkdir -p "$pkgdir"/var/run/$pkgname
> - mkdir -p "$pkgdir"/var/empty
> - mkdir -p $pkgdir/usr/share/licenses/$pkgname
> - install -m755 -D "$srcdir"/$pkgname.initd
> "$pkgdir"/etc/init.d/$pkgname
> + mkdir -p "$pkgdir"/usr/share/$pkgname
> + install -m755 -D dnscrypt-proxy
> "$pkgdir"/usr/bin/dnscrypt-proxy
> + install -m644 -D example-dnscrypt-proxy.toml
> "$pkgdir"/etc/$pkgname/dnscrypt-proxy.toml
> + install -m755 -D "$srcdir"/$pkgname.initd
> "$pkgdir"/etc/init.d/$pkgname
> install -m644 -D "$srcdir"/$pkgname.confd
> "$pkgdir"/etc/conf.d/$pkgname
> - install -m755 -D $pkgname "$pkgdir"/usr/bin/$pkgname
> - install -vDm 644 "example-${pkgname}.toml" \
> - "${pkgdir}/etc/${pkgname}/${pkgname}.toml"
> - install -vDm 644 "example-blacklist.txt" \
> - "${pkgdir}/etc/${pkgname}/example-blacklist.txt"
> - install -vDm 644 "example-cloaking-rules.txt" \
> - "${pkgdir}/etc/${pkgname}/example-cloaking-rules.txt"
> - install -vDm 644 "example-forwarding-rules.txt" \
> -
> "${pkgdir}/etc/${pkgname}/example-forwarding-rules.txt"
> - install -vDm 644 "example-whitelist.txt" \
> - "${pkgdir}/etc/${pkgname}/example-whitelist.txt"
> chown dnscrypt "$pkgdir"/var/log/$pkgname
> - chown dnscrypt "$pkgdir"/var/run/$pkgname
> - chown dnscrypt "$pkgdir"/var/empty
> - chown dnscrypt "$pkgdir"/etc/$pkgname
> - install -m 644 ../LICENSE $pkgdir/usr/share/licenses/$pkgname
> + for i in example-*; do install -m644 -D "$i"
> "$pkgdir"/usr/share/$pkgname/"$i"; done
> }
>
> setup() {
> - pkgdesc="Script for setting up DNSCrypt Proxy"
> + pkgdesc="Script for setting up dnscrypt-proxy"
> depends="sed wget $pkgname"
> -
> - mkdir -p "$subpkgdir"/sbin
> - install -m755 -D "$srcdir"/$pkgname.setup
> "$subpkgdir"/sbin/setup-dnscrypt
> + install -m755 -D "$srcdir"/$pkgname.setup
> "$subpkgdir"/usr/sbin/setup-dnscrypt
> }
>
> sha512sums="d64cc8e0b61e1e548b63531dc4c733af1605ccda89a9f905227e97cb966a3488104ac9af229521909ca88bde283dce224e712326b4d1717af70be2d04821c6c2
> dnscrypt-proxy-2.0.9b2.tar.gz
> -c38095ee38054fb0d3b51c002b5038cb073b8b9ec0ababf975e70d27e4c1bd90c0c3f846863e052f30ff2ac6d4ce84c5d4192ebae0eebfa013eb08edf840f8bf
> dnscrypt-proxy.initd
> -44a2d792aa80a048ea6bdb4a79c1e436bcad3610a28a963ebed5c0e77a8b2a733c45311a66268fc4026d1c4c9b1f222813aeeea9c619832bbcb7c227542b65a8
> dnscrypt-proxy.confd
> -66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0
> dnscrypt-proxy.setup"
> +b4913fada4172a12521d1beb731cc63e12fd45380a3973bedcefff394b244401c15ec74108b5e18c0aa34f0803b4e5abe90d33c1342b32bb9137aa598a7daf4a
> dnscrypt-proxy.initd
> +c001ae39da1b2db71764cab568f9ed18e4de0cea3d1a4e7bd6dd01a5668b81a888ea9eef99de6beac08857ad7f8eb1a32d730e946ac3563e4dcfa27147e35052
> dnscrypt-proxy.confd
> +66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0
> dnscrypt-proxy.setup
> +898d71dfba3d2af78ee5b26455073cc6d6ecd4ae2bb08b6f04537e9f30989da5053f364dc504a5c2f78e3da3b27b6f92ef301ed860abd4aa23b062043d317b64
> config-full-paths.patch"
> diff --git a/community/dnscrypt-proxy/config-full-paths.patch
> b/community/dnscrypt-proxy/config-full-paths.patch
> new file mode 100644
> index 00000000..5e22153f
> --- /dev/null
> +++ b/community/dnscrypt-proxy/config-full-paths.patch
> @@ -0,0 +1,86 @@
> +--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
> ++++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
> +@@ -96,7 +96,7 @@
> +
> + ## log file for the application
> +
> +-# log_file = 'dnscrypt-proxy.log'
> ++ log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
> +
> +
> + ## Use the system logger (syslog on Unix, Event Log on Windows)
> +@@ -255,7 +255,7 @@
> +
> + ## Path to the query log file (absolute, or relative to the
> same directory as the executable file)
> +
> +- # file = 'query.log'
> ++ # file = '/var/log/dnscrypt-proxy/query.log'
> +
> +
> + ## Query log format (currently supported: tsv and ltsv)
> +@@ -281,7 +281,7 @@
> +
> + ## Path to the query log file (absolute, or relative to the
> same directory as the executable file)
> +
> +- # file = 'nx.log'
> ++ # file = '/var/log/dnscrypt-proxy/nx.log'
> +
> +
> + ## Query log format (currently supported: tsv and ltsv)
> +@@ -311,12 +311,12 @@
> +
> + ## Path to the file of blocking rules (absolute, or relative
> to the same directory as the executable file)
> +
> +- # blacklist_file = 'blacklist.txt'
> ++ # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
> +
> +
> + ## Optional path to a file logging blocked queries
> +
> +- # log_file = 'blocked.log'
> ++ # log_file = '/var/log/dnscrypt-proxy/blocked.log'
> +
> +
> + ## Optional log format: tsv or ltsv (default: tsv)
> +@@ -344,7 +344,7 @@
> +
> + ## Optional path to a file logging blocked queries
> +
> +- # log_file = 'ip-blocked.log'
> ++ # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
> +
> +
> + ## Optional log format: tsv or ltsv (default: tsv)
> +@@ -367,12 +367,12 @@
> +
> + ## Path to the file of whitelisting rules (absolute, or
> relative to the same directory as the executable file)
> +
> +- # whitelist_file = 'whitelist.txt'
> ++ # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt'
> +
> +
> + ## Optional path to a file logging whitelisted queries
> +
> +- # log_file = 'whitelisted.log'
> ++ # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
> +
> +
> + ## Optional log format: tsv or ltsv (default: tsv)
> +@@ -442,7 +442,7 @@
> +
> + [sources.'public-resolvers']
> + urls =
> ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md
> <https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md>',
> 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md
> <https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md>']
> +- cache_file = 'public-resolvers.md'
> ++ cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
> + minisign_key =
> 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
> + refresh_delay = 72
> + prefix = ''
> +@@ -452,7 +452,7 @@
> +
> + # [sources.'parental-control']
> + # urls =
> ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md
> <https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md>',
> 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md
> <https://download.dnscrypt.info/resolvers-list/v2/parental-control.md>']
> +- # cache_file = 'parental-control.md'
> ++ # cache_file = '/var/cache/dnscrypt-proxy/parental-control.md'
> + # minisign_key =
> 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
> +
> +
> diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.confd
> b/community/dnscrypt-proxy/dnscrypt-proxy.confd
> index 070ba95d..a1dc6a69 100644
> --- a/community/dnscrypt-proxy/dnscrypt-proxy.confd
> +++ b/community/dnscrypt-proxy/dnscrypt-proxy.confd
> @@ -1,4 +1,4 @@
> -#DNSCRYPT_OPTS="--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
> +#DNSCRYPT_OPTS="-config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
> #DNSCRYPT_USER="dnscrypt"
> #DNSCRYPT_GROUP="dnscrypt"
>
> diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.initd
> b/community/dnscrypt-proxy/dnscrypt-proxy.initd
> index e24085f1..c52ba746 100644
> --- a/community/dnscrypt-proxy/dnscrypt-proxy.initd
> +++ b/community/dnscrypt-proxy/dnscrypt-proxy.initd
> @@ -3,9 +3,9 @@
> # Distributed under the terms of the GNU General Public License v2
>
> command="/usr/bin/dnscrypt-proxy"
> -command_args="${DNSCRYPT_OPTS:---config
> /etc/dnscrypt-proxy/dnscrypt-proxy.toml}"
> +command_args="${DNSCRYPT_OPTS:--config
> /etc/dnscrypt-proxy/dnscrypt-proxy.toml}"
> command_user="${DNSCRYPT_USER:-dnscrypt}:${DNSCRYPT_GROUP:-dnscrypt}"
> -pidfile="/run/dnscrypt-proxy/${SVCNAME}.pid"
> +pidfile="/run/${SVCNAME}.pid"
> start_stop_daemon_args="--background --make-pidfile"
>
> depend() {
> diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.post-install
> b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
> new file mode 100644
> index 00000000..7a7f4af3
> --- /dev/null
> +++ b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
> @@ -0,0 +1,2 @@
> +#!/bin/sh
> +/usr/sbin/setcap cap_net_bind_service=+pe /usr/bin/dnscrypt-proxy
> --
> 2.17.0
>
>
>
> ---
> Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
> <alpine-aports%2Bunsubscribe@lists.alpinelinux.org>
> Help: alpine-aports+help@lists.alpinelinux.org
> <alpine-aports%2Bhelp@lists.alpinelinux.org>
> ---
>
>