Mail archive
alpine-aports

Re: [alpine-aports] [PATCH] community/dnscrypt-proxy: Fix launch as service

From: Leonardo Arena <rnalrd_at_gmail.com>
Date: Tue, 17 Jul 2018 15:22:54 +0200

Hi,

not sure if it's still needed, but needs be rebased against latest version.

Thanks

On Thu, Apr 12, 2018 at 1:36 PM, Taner Tas <taner76_at_gmail.com> wrote:

> * To able to bind on port 53, capabilities of binary file has to be
> changed via post-install script
> * Clarify license (ISC), thus removed -doc subpackage
> * Dynamically fetched server list file moved to /var/cache instead of /etc
> * Example configuration files moved to /usr/share instead of /etc
> * Configuration file patch added to ensure logs to be stored in /var/log
> ---
> community/dnscrypt-proxy/APKBUILD | 64 ++++++--------
> .../dnscrypt-proxy/config-full-paths.patch | 86 +++++++++++++++++++
> community/dnscrypt-proxy/dnscrypt-proxy.confd | 2 +-
> community/dnscrypt-proxy/dnscrypt-proxy.initd | 4 +-
> .../dnscrypt-proxy.post-install | 2 +
> 5 files changed, 116 insertions(+), 42 deletions(-)
> create mode 100644 community/dnscrypt-proxy/config-full-paths.patch
> create mode 100644 community/dnscrypt-proxy/dnscrypt-proxy.post-install
>
> diff --git a/community/dnscrypt-proxy/APKBUILD b/community/dnscrypt-proxy/
> APKBUILD
> index 7f375af8..bf60f917 100644
> --- a/community/dnscrypt-proxy/APKBUILD
> +++ b/community/dnscrypt-proxy/APKBUILD
> _at__at_ -2,71 +2,57 @@
> # Maintainer: Francesco Colista <fcolista_at_alpinelinux.org>
> pkgname=dnscrypt-proxy
> pkgver=2.0.9b2
> -pkgrel=2
> +pkgrel=3
> pkgdesc="A tool for securing communications between a client and a DNS
> resolver"
> url="https://dnscrypt.info"
> arch="all"
> -license="custom"
> -makedepends="$depends_dev libsodium-dev ldns-dev go"
> -install="$pkgname.pre-install"
> -options="!check" #upstream does not provide check/test
> +license="ISC"
> +depends="libcap"
> +makedepends="go"
> +install="$pkgname.pre-install $pkgname.post-install"
> pkgusers=dnscrypt
> pkggroups=dnscrypt
> -subpackages="$pkgname-doc $pkgname-setup::noarch"
> -source="$pkgname-$pkgver.tar.gz::https://github.com/
> jedisct1/$pkgname/archive/$pkgver.tar.gz
> +subpackages="$pkgname-setup::noarch"
> +source="${pkgname}-${pkgver}.tar.gz::https://github.com/
> jedisct1/${pkgname}/archive/${pkgver}.tar.gz
> $pkgname.initd
> $pkgname.confd
> $pkgname.setup
> + config-full-paths.patch
> "
> -builddir="$srcdir"/$pkgname-$pkgver
> +options="!check"
>
> prepare() {
> - default_prepare
> cd "$builddir"
> - export GOPATH=$(pwd)
> - ln -sfv vendor src
> + ln -sf vendor src
> + default_prepare
> }
>
> build() {
> - cd "$builddir"/$pkgname
> - go build -ldflags="-s -w" -v
> + cd "$builddir"/"$pkgname"
> + GOPATH="$builddir" go build -ldflags="-s -w" -v
> }
>
> package() {
> cd "$builddir"/$pkgname
> + mkdir -p "$pkgdir"/etc/$pkgname
> mkdir -p "$pkgdir"/var/log/$pkgname
> - mkdir -p "$pkgdir"/var/run/$pkgname
> - mkdir -p "$pkgdir"/var/empty
> - mkdir -p $pkgdir/usr/share/licenses/$pkgname
> - install -m755 -D "$srcdir"/$pkgname.initd
> "$pkgdir"/etc/init.d/$pkgname
> + mkdir -p "$pkgdir"/usr/share/$pkgname
> + install -m755 -D dnscrypt-proxy "$pkgdir"/usr/bin/dnscrypt-proxy
> + install -m644 -D example-dnscrypt-proxy.toml
> "$pkgdir"/etc/$pkgname/dnscrypt-proxy.toml
> + install -m755 -D "$srcdir"/$pkgname.initd
> "$pkgdir"/etc/init.d/$pkgname
> install -m644 -D "$srcdir"/$pkgname.confd
> "$pkgdir"/etc/conf.d/$pkgname
> - install -m755 -D $pkgname "$pkgdir"/usr/bin/$pkgname
> - install -vDm 644 "example-${pkgname}.toml" \
> - "${pkgdir}/etc/${pkgname}/${pkgname}.toml"
> - install -vDm 644 "example-blacklist.txt" \
> - "${pkgdir}/etc/${pkgname}/example-blacklist.txt"
> - install -vDm 644 "example-cloaking-rules.txt" \
> - "${pkgdir}/etc/${pkgname}/example-cloaking-rules.txt"
> - install -vDm 644 "example-forwarding-rules.txt" \
> - "${pkgdir}/etc/${pkgname}/example-forwarding-rules.txt"
> - install -vDm 644 "example-whitelist.txt" \
> - "${pkgdir}/etc/${pkgname}/example-whitelist.txt"
> chown dnscrypt "$pkgdir"/var/log/$pkgname
> - chown dnscrypt "$pkgdir"/var/run/$pkgname
> - chown dnscrypt "$pkgdir"/var/empty
> - chown dnscrypt "$pkgdir"/etc/$pkgname
> - install -m 644 ../LICENSE $pkgdir/usr/share/licenses/$pkgname
> + for i in example-*; do install -m644 -D "$i"
> "$pkgdir"/usr/share/$pkgname/"$i"; done
> }
>
> setup() {
> - pkgdesc="Script for setting up DNSCrypt Proxy"
> + pkgdesc="Script for setting up dnscrypt-proxy"
> depends="sed wget $pkgname"
> -
> - mkdir -p "$subpkgdir"/sbin
> - install -m755 -D "$srcdir"/$pkgname.setup "$subpkgdir"/sbin/setup-
> dnscrypt
> + install -m755 -D "$srcdir"/$pkgname.setup
> "$subpkgdir"/usr/sbin/setup-dnscrypt
> }
>
> sha512sums="d64cc8e0b61e1e548b63531dc4c733af1605ccda89a9f905227e97cb966a
> 3488104ac9af229521909ca88bde283dce224e712326b4d1717af70be2d04821c6c2
> dnscrypt-proxy-2.0.9b2.tar.gz
> -c38095ee38054fb0d3b51c002b5038cb073b8b9ec0ababf975e70d27e4c1
> bd90c0c3f846863e052f30ff2ac6d4ce84c5d4192ebae0eebfa013eb08edf840f8bf
> dnscrypt-proxy.initd
> -44a2d792aa80a048ea6bdb4a79c1e436bcad3610a28a963ebed5c0e77a8b
> 2a733c45311a66268fc4026d1c4c9b1f222813aeeea9c619832bbcb7c227542b65a8
> dnscrypt-proxy.confd
> -66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21
> f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0
> dnscrypt-proxy.setup"
> +b4913fada4172a12521d1beb731cc63e12fd45380a3973bedcefff394b24
> 4401c15ec74108b5e18c0aa34f0803b4e5abe90d33c1342b32bb9137aa598a7daf4a
> dnscrypt-proxy.initd
> +c001ae39da1b2db71764cab568f9ed18e4de0cea3d1a4e7bd6dd01a5668b
> 81a888ea9eef99de6beac08857ad7f8eb1a32d730e946ac3563e4dcfa27147e35052
> dnscrypt-proxy.confd
> +66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21
> f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0
> dnscrypt-proxy.setup
> +898d71dfba3d2af78ee5b26455073cc6d6ecd4ae2bb08b6f04537e9f3098
> 9da5053f364dc504a5c2f78e3da3b27b6f92ef301ed860abd4aa23b062043d317b64
> config-full-paths.patch"
> diff --git a/community/dnscrypt-proxy/config-full-paths.patch
> b/community/dnscrypt-proxy/config-full-paths.patch
> new file mode 100644
> index 00000000..5e22153f
> --- /dev/null
> +++ b/community/dnscrypt-proxy/config-full-paths.patch
> _at__at_ -0,0 +1,86 @@
> +--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
> ++++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
> +_at__at_ -96,7 +96,7 @@
> +
> + ## log file for the application
> +
> +-# log_file = 'dnscrypt-proxy.log'
> ++ log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
> +
> +
> + ## Use the system logger (syslog on Unix, Event Log on Windows)
> +_at__at_ -255,7 +255,7 @@
> +
> + ## Path to the query log file (absolute, or relative to the same
> directory as the executable file)
> +
> +- # file = 'query.log'
> ++ # file = '/var/log/dnscrypt-proxy/query.log'
> +
> +
> + ## Query log format (currently supported: tsv and ltsv)
> +_at__at_ -281,7 +281,7 @@
> +
> + ## Path to the query log file (absolute, or relative to the same
> directory as the executable file)
> +
> +- # file = 'nx.log'
> ++ # file = '/var/log/dnscrypt-proxy/nx.log'
> +
> +
> + ## Query log format (currently supported: tsv and ltsv)
> +_at__at_ -311,12 +311,12 @@
> +
> + ## Path to the file of blocking rules (absolute, or relative to the
> same directory as the executable file)
> +
> +- # blacklist_file = 'blacklist.txt'
> ++ # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
> +
> +
> + ## Optional path to a file logging blocked queries
> +
> +- # log_file = 'blocked.log'
> ++ # log_file = '/var/log/dnscrypt-proxy/blocked.log'
> +
> +
> + ## Optional log format: tsv or ltsv (default: tsv)
> +_at__at_ -344,7 +344,7 @@
> +
> + ## Optional path to a file logging blocked queries
> +
> +- # log_file = 'ip-blocked.log'
> ++ # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
> +
> +
> + ## Optional log format: tsv or ltsv (default: tsv)
> +_at__at_ -367,12 +367,12 @@
> +
> + ## Path to the file of whitelisting rules (absolute, or relative to
> the same directory as the executable file)
> +
> +- # whitelist_file = 'whitelist.txt'
> ++ # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt'
> +
> +
> + ## Optional path to a file logging whitelisted queries
> +
> +- # log_file = 'whitelisted.log'
> ++ # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
> +
> +
> + ## Optional log format: tsv or ltsv (default: tsv)
> +_at__at_ -442,7 +442,7 @@
> +
> + [sources.'public-resolvers']
> + urls = ['https://raw.githubusercontent.com/
> DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', '
> https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
> +- cache_file = 'public-resolvers.md'
> ++ cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
> + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPp
> vWucNSCh1CBM0QTaLn73Y7GFO3'
> + refresh_delay = 72
> + prefix = ''
> +_at__at_ -452,7 +452,7 @@
> +
> + # [sources.'parental-control']
> + # urls = ['https://raw.githubusercontent.com/
> DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', '
> https://download.dnscrypt.info/resolvers-list/v2/parental-control.md']
> +- # cache_file = 'parental-control.md'
> ++ # cache_file = '/var/cache/dnscrypt-proxy/parental-control.md'
> + # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPp
> vWucNSCh1CBM0QTaLn73Y7GFO3'
> +
> +
> diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.confd
> b/community/dnscrypt-proxy/dnscrypt-proxy.confd
> index 070ba95d..a1dc6a69 100644
> --- a/community/dnscrypt-proxy/dnscrypt-proxy.confd
> +++ b/community/dnscrypt-proxy/dnscrypt-proxy.confd
> _at__at_ -1,4 +1,4 @@
> -#DNSCRYPT_OPTS="--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
> +#DNSCRYPT_OPTS="-config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
> #DNSCRYPT_USER="dnscrypt"
> #DNSCRYPT_GROUP="dnscrypt"
>
> diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.initd
> b/community/dnscrypt-proxy/dnscrypt-proxy.initd
> index e24085f1..c52ba746 100644
> --- a/community/dnscrypt-proxy/dnscrypt-proxy.initd
> +++ b/community/dnscrypt-proxy/dnscrypt-proxy.initd
> _at__at_ -3,9 +3,9 @@
> # Distributed under the terms of the GNU General Public License v2
>
> command="/usr/bin/dnscrypt-proxy"
> -command_args="${DNSCRYPT_OPTS:---config /etc/dnscrypt-proxy/dnscrypt-
> proxy.toml}"
> +command_args="${DNSCRYPT_OPTS:--config /etc/dnscrypt-proxy/dnscrypt-
> proxy.toml}"
> command_user="${DNSCRYPT_USER:-dnscrypt}:${DNSCRYPT_GROUP:-dnscrypt}"
> -pidfile="/run/dnscrypt-proxy/${SVCNAME}.pid"
> +pidfile="/run/${SVCNAME}.pid"
> start_stop_daemon_args="--background --make-pidfile"
>
> depend() {
> diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.post-install
> b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
> new file mode 100644
> index 00000000..7a7f4af3
> --- /dev/null
> +++ b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
> _at__at_ -0,0 +1,2 @@
> +#!/bin/sh
> +/usr/sbin/setcap cap_net_bind_service=+pe /usr/bin/dnscrypt-proxy
> --
> 2.17.0
>
>
>
> ---
> Unsubscribe: alpine-aports+unsubscribe_at_lists.alpinelinux.org
> Help: alpine-aports+help_at_lists.alpinelinux.org
> ---
>
>



---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Tue Jul 17 2018 - 15:22:54 UTC