~alpine/aports

2 2

[alpine-aports] [PATCH] community/dnscrypt-proxy: Fix launch as service

Details
Message ID
<20180412113635.27251-1-taner76@gmail.com>
Sender timestamp
1523532995
DKIM signature
missing
Download raw message
Patch: +116 -42
* To able to bind on port 53, capabilities of binary file has to be changed via post-install script
* Clarify license (ISC), thus removed -doc subpackage
* Dynamically fetched server list file moved to /var/cache instead of /etc
* Example configuration files moved to /usr/share instead of /etc
* Configuration file patch added to ensure logs to be stored in /var/log
---
 community/dnscrypt-proxy/APKBUILD             | 64 ++++++--------
 .../dnscrypt-proxy/config-full-paths.patch    | 86 +++++++++++++++++++
 community/dnscrypt-proxy/dnscrypt-proxy.confd |  2 +-
 community/dnscrypt-proxy/dnscrypt-proxy.initd |  4 +-
 .../dnscrypt-proxy.post-install               |  2 +
 5 files changed, 116 insertions(+), 42 deletions(-)
 create mode 100644 community/dnscrypt-proxy/config-full-paths.patch
 create mode 100644 community/dnscrypt-proxy/dnscrypt-proxy.post-install

diff --git a/community/dnscrypt-proxy/APKBUILD b/community/dnscrypt-proxy/APKBUILD
index 7f375af8..bf60f917 100644
--- a/community/dnscrypt-proxy/APKBUILD
+++ b/community/dnscrypt-proxy/APKBUILD
@@ -2,71 +2,57 @@
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=dnscrypt-proxy
pkgver=2.0.9b2
pkgrel=2
pkgrel=3
pkgdesc="A tool for securing communications between a client and a DNS resolver"
url="https://dnscrypt.info"
arch="all"
license="custom"
makedepends="$depends_dev libsodium-dev ldns-dev go"
install="$pkgname.pre-install"
options="!check" #upstream does not provide check/test
license="ISC"
depends="libcap"
makedepends="go"
install="$pkgname.pre-install $pkgname.post-install"
pkgusers=dnscrypt
pkggroups=dnscrypt
subpackages="$pkgname-doc $pkgname-setup::noarch"
source="$pkgname-$pkgver.tar.gz::https://github.com/jedisct1/$pkgname/archive/$pkgver.tar.gz
subpackages="$pkgname-setup::noarch"
source="${pkgname}-${pkgver}.tar.gz::https://github.com/jedisct1/${pkgname}/archive/${pkgver}.tar.gz
	$pkgname.initd
	$pkgname.confd
	$pkgname.setup
	config-full-paths.patch
	"
builddir="$srcdir"/$pkgname-$pkgver
options="!check"

prepare() {
	default_prepare
	cd "$builddir"
	export GOPATH=$(pwd)
	ln -sfv vendor src
	ln -sf vendor src
	default_prepare
}

build() {
	cd "$builddir"/$pkgname
	go build -ldflags="-s -w" -v
	cd "$builddir"/"$pkgname"
	GOPATH="$builddir" go build -ldflags="-s -w" -v
}

package() {
	cd "$builddir"/$pkgname
	mkdir -p "$pkgdir"/etc/$pkgname
	mkdir -p "$pkgdir"/var/log/$pkgname
	mkdir -p "$pkgdir"/var/run/$pkgname
	mkdir -p "$pkgdir"/var/empty
	mkdir -p $pkgdir/usr/share/licenses/$pkgname
    install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
	mkdir -p "$pkgdir"/usr/share/$pkgname
        install -m755 -D dnscrypt-proxy "$pkgdir"/usr/bin/dnscrypt-proxy
        install -m644 -D example-dnscrypt-proxy.toml "$pkgdir"/etc/$pkgname/dnscrypt-proxy.toml
        install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
	install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
	install -m755 -D $pkgname "$pkgdir"/usr/bin/$pkgname
	install -vDm 644 "example-${pkgname}.toml" \
		"${pkgdir}/etc/${pkgname}/${pkgname}.toml"
	install -vDm 644 "example-blacklist.txt" \
		"${pkgdir}/etc/${pkgname}/example-blacklist.txt"
	install -vDm 644 "example-cloaking-rules.txt" \
		"${pkgdir}/etc/${pkgname}/example-cloaking-rules.txt"
	install -vDm 644 "example-forwarding-rules.txt" \
		"${pkgdir}/etc/${pkgname}/example-forwarding-rules.txt"
	install -vDm 644 "example-whitelist.txt" \
		"${pkgdir}/etc/${pkgname}/example-whitelist.txt"
	chown dnscrypt "$pkgdir"/var/log/$pkgname
	chown dnscrypt "$pkgdir"/var/run/$pkgname
	chown dnscrypt "$pkgdir"/var/empty
	chown dnscrypt "$pkgdir"/etc/$pkgname
	install -m 644 ../LICENSE $pkgdir/usr/share/licenses/$pkgname
	for i in example-*; do install -m644 -D "$i" "$pkgdir"/usr/share/$pkgname/"$i"; done
}

setup() {
	pkgdesc="Script for setting up DNSCrypt Proxy"
	pkgdesc="Script for setting up dnscrypt-proxy"
	depends="sed wget $pkgname"

	mkdir -p "$subpkgdir"/sbin
	install -m755 -D "$srcdir"/$pkgname.setup "$subpkgdir"/sbin/setup-dnscrypt
	install -m755 -D "$srcdir"/$pkgname.setup "$subpkgdir"/usr/sbin/setup-dnscrypt
}

sha512sums="d64cc8e0b61e1e548b63531dc4c733af1605ccda89a9f905227e97cb966a3488104ac9af229521909ca88bde283dce224e712326b4d1717af70be2d04821c6c2  dnscrypt-proxy-2.0.9b2.tar.gz
c38095ee38054fb0d3b51c002b5038cb073b8b9ec0ababf975e70d27e4c1bd90c0c3f846863e052f30ff2ac6d4ce84c5d4192ebae0eebfa013eb08edf840f8bf  dnscrypt-proxy.initd
44a2d792aa80a048ea6bdb4a79c1e436bcad3610a28a963ebed5c0e77a8b2a733c45311a66268fc4026d1c4c9b1f222813aeeea9c619832bbcb7c227542b65a8  dnscrypt-proxy.confd
66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0  dnscrypt-proxy.setup"
b4913fada4172a12521d1beb731cc63e12fd45380a3973bedcefff394b244401c15ec74108b5e18c0aa34f0803b4e5abe90d33c1342b32bb9137aa598a7daf4a  dnscrypt-proxy.initd
c001ae39da1b2db71764cab568f9ed18e4de0cea3d1a4e7bd6dd01a5668b81a888ea9eef99de6beac08857ad7f8eb1a32d730e946ac3563e4dcfa27147e35052  dnscrypt-proxy.confd
66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0  dnscrypt-proxy.setup
898d71dfba3d2af78ee5b26455073cc6d6ecd4ae2bb08b6f04537e9f30989da5053f364dc504a5c2f78e3da3b27b6f92ef301ed860abd4aa23b062043d317b64  config-full-paths.patch"
diff --git a/community/dnscrypt-proxy/config-full-paths.patch b/community/dnscrypt-proxy/config-full-paths.patch
new file mode 100644
index 00000000..5e22153f
--- /dev/null
+++ b/community/dnscrypt-proxy/config-full-paths.patch
@@ -0,0 +1,86 @@
--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
+++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
@@ -96,7 +96,7 @@
 
 ## log file for the application
 
-# log_file = 'dnscrypt-proxy.log'
+ log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
 
 
 ## Use the system logger (syslog on Unix, Event Log on Windows)
@@ -255,7 +255,7 @@
 
   ## Path to the query log file (absolute, or relative to the same directory as the executable file)
 
-  # file = 'query.log'
+  # file = '/var/log/dnscrypt-proxy/query.log'
 
 
   ## Query log format (currently supported: tsv and ltsv)
@@ -281,7 +281,7 @@
 
   ## Path to the query log file (absolute, or relative to the same directory as the executable file)
 
-  # file = 'nx.log'
+  # file = '/var/log/dnscrypt-proxy/nx.log'
 
 
   ## Query log format (currently supported: tsv and ltsv)
@@ -311,12 +311,12 @@
 
   ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
 
-  # blacklist_file = 'blacklist.txt'
+  # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
 
 
   ## Optional path to a file logging blocked queries
 
-  # log_file = 'blocked.log'
+  # log_file = '/var/log/dnscrypt-proxy/blocked.log'
 
 
   ## Optional log format: tsv or ltsv (default: tsv)
@@ -344,7 +344,7 @@
 
   ## Optional path to a file logging blocked queries
 
-  # log_file = 'ip-blocked.log'
+  # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
 
 
   ## Optional log format: tsv or ltsv (default: tsv)
@@ -367,12 +367,12 @@
 
   ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file)
 
-  # whitelist_file = 'whitelist.txt'
+  # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt'
 
 
   ## Optional path to a file logging whitelisted queries
 
-  # log_file = 'whitelisted.log'
+  # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
 
 
   ## Optional log format: tsv or ltsv (default: tsv)
@@ -442,7 +442,7 @@
 
   [sources.'public-resolvers']
   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
-  cache_file = 'public-resolvers.md'
+  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
   minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
   refresh_delay = 72
   prefix = ''
@@ -452,7 +452,7 @@
 
   #  [sources.'parental-control']
   #  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md']
-  #  cache_file = 'parental-control.md'
+  #  cache_file = '/var/cache/dnscrypt-proxy/parental-control.md'
   #  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
 
 
diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.confd b/community/dnscrypt-proxy/dnscrypt-proxy.confd
index 070ba95d..a1dc6a69 100644
--- a/community/dnscrypt-proxy/dnscrypt-proxy.confd
+++ b/community/dnscrypt-proxy/dnscrypt-proxy.confd
@@ -1,4 +1,4 @@
#DNSCRYPT_OPTS="--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
#DNSCRYPT_OPTS="-config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
#DNSCRYPT_USER="dnscrypt"
#DNSCRYPT_GROUP="dnscrypt"

diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.initd b/community/dnscrypt-proxy/dnscrypt-proxy.initd
index e24085f1..c52ba746 100644
--- a/community/dnscrypt-proxy/dnscrypt-proxy.initd
+++ b/community/dnscrypt-proxy/dnscrypt-proxy.initd
@@ -3,9 +3,9 @@
# Distributed under the terms of the GNU General Public License v2

command="/usr/bin/dnscrypt-proxy"
command_args="${DNSCRYPT_OPTS:---config /etc/dnscrypt-proxy/dnscrypt-proxy.toml}"
command_args="${DNSCRYPT_OPTS:--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml}"
command_user="${DNSCRYPT_USER:-dnscrypt}:${DNSCRYPT_GROUP:-dnscrypt}"
pidfile="/run/dnscrypt-proxy/${SVCNAME}.pid"
pidfile="/run/${SVCNAME}.pid"
start_stop_daemon_args="--background --make-pidfile"

depend() {
diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.post-install b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
new file mode 100644
index 00000000..7a7f4af3
--- /dev/null
+++ b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
@@ -0,0 +1,2 @@
#!/bin/sh
/usr/sbin/setcap cap_net_bind_service=+pe /usr/bin/dnscrypt-proxy
-- 
2.17.0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Leonardo Arena <rnalrd@gmail.com>
Details
Message ID
<CAGG_d8BW2taG4AVjqfh2J1MeV_NMGf5dpqYTF3Li6vbqQJJpqg@mail.gmail.com>
In-Reply-To
<20180412113635.27251-1-taner76@gmail.com> (view parent)
Sender timestamp
1531833774
DKIM signature
missing
Download raw message
Hi,

not sure if it's still needed, but needs be rebased against latest version.

Thanks

On Thu, Apr 12, 2018 at 1:36 PM, Taner Tas <taner76@gmail.com> wrote:

> * To able to bind on port 53, capabilities of binary file has to be
> changed via post-install script
> * Clarify license (ISC), thus removed -doc subpackage
> * Dynamically fetched server list file moved to /var/cache instead of /etc
> * Example configuration files moved to /usr/share instead of /etc
> * Configuration file patch added to ensure logs to be stored in /var/log
> ---
>  community/dnscrypt-proxy/APKBUILD             | 64 ++++++--------
>  .../dnscrypt-proxy/config-full-paths.patch    | 86 +++++++++++++++++++
>  community/dnscrypt-proxy/dnscrypt-proxy.confd |  2 +-
>  community/dnscrypt-proxy/dnscrypt-proxy.initd |  4 +-
>  .../dnscrypt-proxy.post-install               |  2 +
>  5 files changed, 116 insertions(+), 42 deletions(-)
>  create mode 100644 community/dnscrypt-proxy/config-full-paths.patch
>  create mode 100644 community/dnscrypt-proxy/dnscrypt-proxy.post-install
>
> diff --git a/community/dnscrypt-proxy/APKBUILD b/community/dnscrypt-proxy/
> APKBUILD
> index 7f375af8..bf60f917 100644
> --- a/community/dnscrypt-proxy/APKBUILD
> +++ b/community/dnscrypt-proxy/APKBUILD
> @@ -2,71 +2,57 @@
>  # Maintainer: Francesco Colista <fcolista@alpinelinux.org>
>  pkgname=dnscrypt-proxy
>  pkgver=2.0.9b2
> -pkgrel=2
> +pkgrel=3
>  pkgdesc="A tool for securing communications between a client and a DNS
> resolver"
>  url="https://dnscrypt.info"
>  arch="all"
> -license="custom"
> -makedepends="$depends_dev libsodium-dev ldns-dev go"
> -install="$pkgname.pre-install"
> -options="!check" #upstream does not provide check/test
> +license="ISC"
> +depends="libcap"
> +makedepends="go"
> +install="$pkgname.pre-install $pkgname.post-install"
>  pkgusers=dnscrypt
>  pkggroups=dnscrypt
> -subpackages="$pkgname-doc $pkgname-setup::noarch"
> -source="$pkgname-$pkgver.tar.gz::https://github.com/
> jedisct1/$pkgname/archive/$pkgver.tar.gz
> +subpackages="$pkgname-setup::noarch"
> +source="${pkgname}-${pkgver}.tar.gz::https://github.com/
> jedisct1/${pkgname}/archive/${pkgver}.tar.gz
>         $pkgname.initd
>         $pkgname.confd
>         $pkgname.setup
> +       config-full-paths.patch
>         "
> -builddir="$srcdir"/$pkgname-$pkgver
> +options="!check"
>
>  prepare() {
> -       default_prepare
>         cd "$builddir"
> -       export GOPATH=$(pwd)
> -       ln -sfv vendor src
> +       ln -sf vendor src
> +       default_prepare
>  }
>
>  build() {
> -       cd "$builddir"/$pkgname
> -       go build -ldflags="-s -w" -v
> +       cd "$builddir"/"$pkgname"
> +       GOPATH="$builddir" go build -ldflags="-s -w" -v
>  }
>
>  package() {
>         cd "$builddir"/$pkgname
> +       mkdir -p "$pkgdir"/etc/$pkgname
>         mkdir -p "$pkgdir"/var/log/$pkgname
> -       mkdir -p "$pkgdir"/var/run/$pkgname
> -       mkdir -p "$pkgdir"/var/empty
> -       mkdir -p $pkgdir/usr/share/licenses/$pkgname
> -    install -m755 -D "$srcdir"/$pkgname.initd
> "$pkgdir"/etc/init.d/$pkgname
> +       mkdir -p "$pkgdir"/usr/share/$pkgname
> +        install -m755 -D dnscrypt-proxy "$pkgdir"/usr/bin/dnscrypt-proxy
> +        install -m644 -D example-dnscrypt-proxy.toml
> "$pkgdir"/etc/$pkgname/dnscrypt-proxy.toml
> +        install -m755 -D "$srcdir"/$pkgname.initd
> "$pkgdir"/etc/init.d/$pkgname
>         install -m644 -D "$srcdir"/$pkgname.confd
> "$pkgdir"/etc/conf.d/$pkgname
> -       install -m755 -D $pkgname "$pkgdir"/usr/bin/$pkgname
> -       install -vDm 644 "example-${pkgname}.toml" \
> -               "${pkgdir}/etc/${pkgname}/${pkgname}.toml"
> -       install -vDm 644 "example-blacklist.txt" \
> -               "${pkgdir}/etc/${pkgname}/example-blacklist.txt"
> -       install -vDm 644 "example-cloaking-rules.txt" \
> -               "${pkgdir}/etc/${pkgname}/example-cloaking-rules.txt"
> -       install -vDm 644 "example-forwarding-rules.txt" \
> -               "${pkgdir}/etc/${pkgname}/example-forwarding-rules.txt"
> -       install -vDm 644 "example-whitelist.txt" \
> -               "${pkgdir}/etc/${pkgname}/example-whitelist.txt"
>         chown dnscrypt "$pkgdir"/var/log/$pkgname
> -       chown dnscrypt "$pkgdir"/var/run/$pkgname
> -       chown dnscrypt "$pkgdir"/var/empty
> -       chown dnscrypt "$pkgdir"/etc/$pkgname
> -       install -m 644 ../LICENSE $pkgdir/usr/share/licenses/$pkgname
> +       for i in example-*; do install -m644 -D "$i"
> "$pkgdir"/usr/share/$pkgname/"$i"; done
>  }
>
>  setup() {
> -       pkgdesc="Script for setting up DNSCrypt Proxy"
> +       pkgdesc="Script for setting up dnscrypt-proxy"
>         depends="sed wget $pkgname"
> -
> -       mkdir -p "$subpkgdir"/sbin
> -       install -m755 -D "$srcdir"/$pkgname.setup "$subpkgdir"/sbin/setup-
> dnscrypt
> +       install -m755 -D "$srcdir"/$pkgname.setup
> "$subpkgdir"/usr/sbin/setup-dnscrypt
>  }
>
>  sha512sums="d64cc8e0b61e1e548b63531dc4c733af1605ccda89a9f905227e97cb966a
> 3488104ac9af229521909ca88bde283dce224e712326b4d1717af70be2d04821c6c2
> dnscrypt-proxy-2.0.9b2.tar.gz
> -c38095ee38054fb0d3b51c002b5038cb073b8b9ec0ababf975e70d27e4c1
> bd90c0c3f846863e052f30ff2ac6d4ce84c5d4192ebae0eebfa013eb08edf840f8bf
> dnscrypt-proxy.initd
> -44a2d792aa80a048ea6bdb4a79c1e436bcad3610a28a963ebed5c0e77a8b
> 2a733c45311a66268fc4026d1c4c9b1f222813aeeea9c619832bbcb7c227542b65a8
> dnscrypt-proxy.confd
> -66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21
> f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0
> dnscrypt-proxy.setup"
> +b4913fada4172a12521d1beb731cc63e12fd45380a3973bedcefff394b24
> 4401c15ec74108b5e18c0aa34f0803b4e5abe90d33c1342b32bb9137aa598a7daf4a
> dnscrypt-proxy.initd
> +c001ae39da1b2db71764cab568f9ed18e4de0cea3d1a4e7bd6dd01a5668b
> 81a888ea9eef99de6beac08857ad7f8eb1a32d730e946ac3563e4dcfa27147e35052
> dnscrypt-proxy.confd
> +66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21
> f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0
> dnscrypt-proxy.setup
> +898d71dfba3d2af78ee5b26455073cc6d6ecd4ae2bb08b6f04537e9f3098
> 9da5053f364dc504a5c2f78e3da3b27b6f92ef301ed860abd4aa23b062043d317b64
> config-full-paths.patch"
> diff --git a/community/dnscrypt-proxy/config-full-paths.patch
> b/community/dnscrypt-proxy/config-full-paths.patch
> new file mode 100644
> index 00000000..5e22153f
> --- /dev/null
> +++ b/community/dnscrypt-proxy/config-full-paths.patch
> @@ -0,0 +1,86 @@
> +--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
> ++++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
> +@@ -96,7 +96,7 @@
> +
> + ## log file for the application
> +
> +-# log_file = 'dnscrypt-proxy.log'
> ++ log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
> +
> +
> + ## Use the system logger (syslog on Unix, Event Log on Windows)
> +@@ -255,7 +255,7 @@
> +
> +   ## Path to the query log file (absolute, or relative to the same
> directory as the executable file)
> +
> +-  # file = 'query.log'
> ++  # file = '/var/log/dnscrypt-proxy/query.log'
> +
> +
> +   ## Query log format (currently supported: tsv and ltsv)
> +@@ -281,7 +281,7 @@
> +
> +   ## Path to the query log file (absolute, or relative to the same
> directory as the executable file)
> +
> +-  # file = 'nx.log'
> ++  # file = '/var/log/dnscrypt-proxy/nx.log'
> +
> +
> +   ## Query log format (currently supported: tsv and ltsv)
> +@@ -311,12 +311,12 @@
> +
> +   ## Path to the file of blocking rules (absolute, or relative to the
> same directory as the executable file)
> +
> +-  # blacklist_file = 'blacklist.txt'
> ++  # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
> +
> +
> +   ## Optional path to a file logging blocked queries
> +
> +-  # log_file = 'blocked.log'
> ++  # log_file = '/var/log/dnscrypt-proxy/blocked.log'
> +
> +
> +   ## Optional log format: tsv or ltsv (default: tsv)
> +@@ -344,7 +344,7 @@
> +
> +   ## Optional path to a file logging blocked queries
> +
> +-  # log_file = 'ip-blocked.log'
> ++  # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
> +
> +
> +   ## Optional log format: tsv or ltsv (default: tsv)
> +@@ -367,12 +367,12 @@
> +
> +   ## Path to the file of whitelisting rules (absolute, or relative to
> the same directory as the executable file)
> +
> +-  # whitelist_file = 'whitelist.txt'
> ++  # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt'
> +
> +
> +   ## Optional path to a file logging whitelisted queries
> +
> +-  # log_file = 'whitelisted.log'
> ++  # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
> +
> +
> +   ## Optional log format: tsv or ltsv (default: tsv)
> +@@ -442,7 +442,7 @@
> +
> +   [sources.'public-resolvers']
> +   urls = ['https://raw.githubusercontent.com/
> DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', '
> https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
> +-  cache_file = 'public-resolvers.md'
> ++  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
> +   minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPp
> vWucNSCh1CBM0QTaLn73Y7GFO3'
> +   refresh_delay = 72
> +   prefix = ''
> +@@ -452,7 +452,7 @@
> +
> +   #  [sources.'parental-control']
> +   #  urls = ['https://raw.githubusercontent.com/
> DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', '
> https://download.dnscrypt.info/resolvers-list/v2/parental-control.md']
> +-  #  cache_file = 'parental-control.md'
> ++  #  cache_file = '/var/cache/dnscrypt-proxy/parental-control.md'
> +   #  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPp
> vWucNSCh1CBM0QTaLn73Y7GFO3'
> +
> +
> diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.confd
> b/community/dnscrypt-proxy/dnscrypt-proxy.confd
> index 070ba95d..a1dc6a69 100644
> --- a/community/dnscrypt-proxy/dnscrypt-proxy.confd
> +++ b/community/dnscrypt-proxy/dnscrypt-proxy.confd
> @@ -1,4 +1,4 @@
> -#DNSCRYPT_OPTS="--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
> +#DNSCRYPT_OPTS="-config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
>  #DNSCRYPT_USER="dnscrypt"
>  #DNSCRYPT_GROUP="dnscrypt"
>
> diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.initd
> b/community/dnscrypt-proxy/dnscrypt-proxy.initd
> index e24085f1..c52ba746 100644
> --- a/community/dnscrypt-proxy/dnscrypt-proxy.initd
> +++ b/community/dnscrypt-proxy/dnscrypt-proxy.initd
> @@ -3,9 +3,9 @@
>  # Distributed under the terms of the GNU General Public License v2
>
>  command="/usr/bin/dnscrypt-proxy"
> -command_args="${DNSCRYPT_OPTS:---config /etc/dnscrypt-proxy/dnscrypt-
> proxy.toml}"
> +command_args="${DNSCRYPT_OPTS:--config /etc/dnscrypt-proxy/dnscrypt-
> proxy.toml}"
>  command_user="${DNSCRYPT_USER:-dnscrypt}:${DNSCRYPT_GROUP:-dnscrypt}"
> -pidfile="/run/dnscrypt-proxy/${SVCNAME}.pid"
> +pidfile="/run/${SVCNAME}.pid"
>  start_stop_daemon_args="--background --make-pidfile"
>
>  depend() {
> diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.post-install
> b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
> new file mode 100644
> index 00000000..7a7f4af3
> --- /dev/null
> +++ b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
> @@ -0,0 +1,2 @@
> +#!/bin/sh
> +/usr/sbin/setcap cap_net_bind_service=+pe /usr/bin/dnscrypt-proxy
> --
> 2.17.0
>
>
>
> ---
> Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
> Help:         alpine-aports+help@lists.alpinelinux.org
> ---
>
>
Details
Message ID
<6082faba-4223-d5e9-d218-45035abd2ff6@gmail.com>
In-Reply-To
<CAGG_d8BW2taG4AVjqfh2J1MeV_NMGf5dpqYTF3Li6vbqQJJpqg@mail.gmail.com> (view parent)
Sender timestamp
1531834676
DKIM signature
missing
Download raw message
Hi,

This is no longer needed.

Thanks.

---
Taner

On 17.07.2018 16:22, Leonardo Arena wrote:
> Hi,
>
> not sure if it's still needed, but needs be rebased against latest 
> version.
>
> Thanks
>
> On Thu, Apr 12, 2018 at 1:36 PM, Taner Tas <taner76@gmail.com 
> <taner76@gmail.com>> wrote:
>
>     * To able to bind on port 53, capabilities of binary file has to
>     be changed via post-install script
>     * Clarify license (ISC), thus removed -doc subpackage
>     * Dynamically fetched server list file moved to /var/cache instead
>     of /etc
>     * Example configuration files moved to /usr/share instead of /etc
>     * Configuration file patch added to ensure logs to be stored in
>     /var/log
>     ---
>      community/dnscrypt-proxy/APKBUILD             | 64 ++++++--------
>      .../dnscrypt-proxy/config-full-paths.patch    | 86
>     +++++++++++++++++++
>      community/dnscrypt-proxy/dnscrypt-proxy.confd |  2 +-
>      community/dnscrypt-proxy/dnscrypt-proxy.initd |  4 +-
>      .../dnscrypt-proxy.post-install               |  2 +
>      5 files changed, 116 insertions(+), 42 deletions(-)
>      create mode 100644 community/dnscrypt-proxy/config-full-paths.patch
>      create mode 100644
>     community/dnscrypt-proxy/dnscrypt-proxy.post-install
>
>     diff --git a/community/dnscrypt-proxy/APKBUILD
>     b/community/dnscrypt-proxy/APKBUILD
>     index 7f375af8..bf60f917 100644
>     --- a/community/dnscrypt-proxy/APKBUILD
>     +++ b/community/dnscrypt-proxy/APKBUILD
>     @@ -2,71 +2,57 @@
>      # Maintainer: Francesco Colista <fcolista@alpinelinux.org
>     <fcolista@alpinelinux.org>>
>      pkgname=dnscrypt-proxy
>      pkgver=2.0.9b2
>     -pkgrel=2
>     +pkgrel=3
>      pkgdesc="A tool for securing communications between a client and
>     a DNS resolver"
>      url="https://dnscrypt.info"
>      arch="all"
>     -license="custom"
>     -makedepends="$depends_dev libsodium-dev ldns-dev go"
>     -install="$pkgname.pre-install"
>     -options="!check" #upstream does not provide check/test
>     +license="ISC"
>     +depends="libcap"
>     +makedepends="go"
>     +install="$pkgname.pre-install $pkgname.post-install"
>      pkgusers=dnscrypt
>      pkggroups=dnscrypt
>     -subpackages="$pkgname-doc $pkgname-setup::noarch"
>     -source="$pkgname-$pkgver.tar.gz::https://github.com/jedisct1/$pkgname/archive/$pkgver.tar.gz
>     <https://github.com/jedisct1/$pkgname/archive/$pkgver.tar.gz>
>     +subpackages="$pkgname-setup::noarch"
>     +source="${pkgname}-${pkgver}.tar.gz::https://github.com/jedisct1/${pkgname}/archive/${pkgver}.tar.gz
>     <https://github.com/jedisct1/$%7Bpkgname%7D/archive/$%7Bpkgver%7D.tar.gz>
>             $pkgname.initd
>             $pkgname.confd
>             $pkgname.setup
>     +       config-full-paths.patch
>             "
>     -builddir="$srcdir"/$pkgname-$pkgver
>     +options="!check"
>
>      prepare() {
>     -       default_prepare
>             cd "$builddir"
>     -       export GOPATH=$(pwd)
>     -       ln -sfv vendor src
>     +       ln -sf vendor src
>     +       default_prepare
>      }
>
>      build() {
>     -       cd "$builddir"/$pkgname
>     -       go build -ldflags="-s -w" -v
>     +       cd "$builddir"/"$pkgname"
>     +       GOPATH="$builddir" go build -ldflags="-s -w" -v
>      }
>
>      package() {
>             cd "$builddir"/$pkgname
>     +       mkdir -p "$pkgdir"/etc/$pkgname
>             mkdir -p "$pkgdir"/var/log/$pkgname
>     -       mkdir -p "$pkgdir"/var/run/$pkgname
>     -       mkdir -p "$pkgdir"/var/empty
>     -       mkdir -p $pkgdir/usr/share/licenses/$pkgname
>     -    install -m755 -D "$srcdir"/$pkgname.initd
>     "$pkgdir"/etc/init.d/$pkgname
>     +       mkdir -p "$pkgdir"/usr/share/$pkgname
>     +        install -m755 -D dnscrypt-proxy
>     "$pkgdir"/usr/bin/dnscrypt-proxy
>     +        install -m644 -D example-dnscrypt-proxy.toml
>     "$pkgdir"/etc/$pkgname/dnscrypt-proxy.toml
>     +        install -m755 -D "$srcdir"/$pkgname.initd
>     "$pkgdir"/etc/init.d/$pkgname
>             install -m644 -D "$srcdir"/$pkgname.confd
>     "$pkgdir"/etc/conf.d/$pkgname
>     -       install -m755 -D $pkgname "$pkgdir"/usr/bin/$pkgname
>     -       install -vDm 644 "example-${pkgname}.toml" \
>     -               "${pkgdir}/etc/${pkgname}/${pkgname}.toml"
>     -       install -vDm 644 "example-blacklist.txt" \
>     -               "${pkgdir}/etc/${pkgname}/example-blacklist.txt"
>     -       install -vDm 644 "example-cloaking-rules.txt" \
>     -               "${pkgdir}/etc/${pkgname}/example-cloaking-rules.txt"
>     -       install -vDm 644 "example-forwarding-rules.txt" \
>     -             
>      "${pkgdir}/etc/${pkgname}/example-forwarding-rules.txt"
>     -       install -vDm 644 "example-whitelist.txt" \
>     -               "${pkgdir}/etc/${pkgname}/example-whitelist.txt"
>             chown dnscrypt "$pkgdir"/var/log/$pkgname
>     -       chown dnscrypt "$pkgdir"/var/run/$pkgname
>     -       chown dnscrypt "$pkgdir"/var/empty
>     -       chown dnscrypt "$pkgdir"/etc/$pkgname
>     -       install -m 644 ../LICENSE $pkgdir/usr/share/licenses/$pkgname
>     +       for i in example-*; do install -m644 -D "$i"
>     "$pkgdir"/usr/share/$pkgname/"$i"; done
>      }
>
>      setup() {
>     -       pkgdesc="Script for setting up DNSCrypt Proxy"
>     +       pkgdesc="Script for setting up dnscrypt-proxy"
>             depends="sed wget $pkgname"
>     -
>     -       mkdir -p "$subpkgdir"/sbin
>     -       install -m755 -D "$srcdir"/$pkgname.setup
>     "$subpkgdir"/sbin/setup-dnscrypt
>     +       install -m755 -D "$srcdir"/$pkgname.setup
>     "$subpkgdir"/usr/sbin/setup-dnscrypt
>      }
>
>      sha512sums="d64cc8e0b61e1e548b63531dc4c733af1605ccda89a9f905227e97cb966a3488104ac9af229521909ca88bde283dce224e712326b4d1717af70be2d04821c6c2
>     dnscrypt-proxy-2.0.9b2.tar.gz
>     -c38095ee38054fb0d3b51c002b5038cb073b8b9ec0ababf975e70d27e4c1bd90c0c3f846863e052f30ff2ac6d4ce84c5d4192ebae0eebfa013eb08edf840f8bf
>     dnscrypt-proxy.initd
>     -44a2d792aa80a048ea6bdb4a79c1e436bcad3610a28a963ebed5c0e77a8b2a733c45311a66268fc4026d1c4c9b1f222813aeeea9c619832bbcb7c227542b65a8
>     dnscrypt-proxy.confd
>     -66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0
>     dnscrypt-proxy.setup"
>     +b4913fada4172a12521d1beb731cc63e12fd45380a3973bedcefff394b244401c15ec74108b5e18c0aa34f0803b4e5abe90d33c1342b32bb9137aa598a7daf4a
>     dnscrypt-proxy.initd
>     +c001ae39da1b2db71764cab568f9ed18e4de0cea3d1a4e7bd6dd01a5668b81a888ea9eef99de6beac08857ad7f8eb1a32d730e946ac3563e4dcfa27147e35052
>     dnscrypt-proxy.confd
>     +66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0
>     dnscrypt-proxy.setup
>     +898d71dfba3d2af78ee5b26455073cc6d6ecd4ae2bb08b6f04537e9f30989da5053f364dc504a5c2f78e3da3b27b6f92ef301ed860abd4aa23b062043d317b64
>     config-full-paths.patch"
>     diff --git a/community/dnscrypt-proxy/config-full-paths.patch
>     b/community/dnscrypt-proxy/config-full-paths.patch
>     new file mode 100644
>     index 00000000..5e22153f
>     --- /dev/null
>     +++ b/community/dnscrypt-proxy/config-full-paths.patch
>     @@ -0,0 +1,86 @@
>     +--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
>     ++++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
>     +@@ -96,7 +96,7 @@
>     +
>     + ## log file for the application
>     +
>     +-# log_file = 'dnscrypt-proxy.log'
>     ++ log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
>     +
>     +
>     + ## Use the system logger (syslog on Unix, Event Log on Windows)
>     +@@ -255,7 +255,7 @@
>     +
>     +   ## Path to the query log file (absolute, or relative to the
>     same directory as the executable file)
>     +
>     +-  # file = 'query.log'
>     ++  # file = '/var/log/dnscrypt-proxy/query.log'
>     +
>     +
>     +   ## Query log format (currently supported: tsv and ltsv)
>     +@@ -281,7 +281,7 @@
>     +
>     +   ## Path to the query log file (absolute, or relative to the
>     same directory as the executable file)
>     +
>     +-  # file = 'nx.log'
>     ++  # file = '/var/log/dnscrypt-proxy/nx.log'
>     +
>     +
>     +   ## Query log format (currently supported: tsv and ltsv)
>     +@@ -311,12 +311,12 @@
>     +
>     +   ## Path to the file of blocking rules (absolute, or relative
>     to the same directory as the executable file)
>     +
>     +-  # blacklist_file = 'blacklist.txt'
>     ++  # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
>     +
>     +
>     +   ## Optional path to a file logging blocked queries
>     +
>     +-  # log_file = 'blocked.log'
>     ++  # log_file = '/var/log/dnscrypt-proxy/blocked.log'
>     +
>     +
>     +   ## Optional log format: tsv or ltsv (default: tsv)
>     +@@ -344,7 +344,7 @@
>     +
>     +   ## Optional path to a file logging blocked queries
>     +
>     +-  # log_file = 'ip-blocked.log'
>     ++  # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
>     +
>     +
>     +   ## Optional log format: tsv or ltsv (default: tsv)
>     +@@ -367,12 +367,12 @@
>     +
>     +   ## Path to the file of whitelisting rules (absolute, or
>     relative to the same directory as the executable file)
>     +
>     +-  # whitelist_file = 'whitelist.txt'
>     ++  # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt'
>     +
>     +
>     +   ## Optional path to a file logging whitelisted queries
>     +
>     +-  # log_file = 'whitelisted.log'
>     ++  # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
>     +
>     +
>     +   ## Optional log format: tsv or ltsv (default: tsv)
>     +@@ -442,7 +442,7 @@
>     +
>     +   [sources.'public-resolvers']
>     +   urls =
>     ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md
>     <https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md>',
>     'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md
>     <https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md>']
>     +-  cache_file = 'public-resolvers.md'
>     ++  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
>     +   minisign_key =
>     'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
>     +   refresh_delay = 72
>     +   prefix = ''
>     +@@ -452,7 +452,7 @@
>     +
>     +   #  [sources.'parental-control']
>     +   #  urls =
>     ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md
>     <https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md>',
>     'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md
>     <https://download.dnscrypt.info/resolvers-list/v2/parental-control.md>']
>     +-  #  cache_file = 'parental-control.md'
>     ++  #  cache_file = '/var/cache/dnscrypt-proxy/parental-control.md'
>     +   #  minisign_key =
>     'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
>     +
>     +
>     diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.confd
>     b/community/dnscrypt-proxy/dnscrypt-proxy.confd
>     index 070ba95d..a1dc6a69 100644
>     --- a/community/dnscrypt-proxy/dnscrypt-proxy.confd
>     +++ b/community/dnscrypt-proxy/dnscrypt-proxy.confd
>     @@ -1,4 +1,4 @@
>     -#DNSCRYPT_OPTS="--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
>     +#DNSCRYPT_OPTS="-config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
>      #DNSCRYPT_USER="dnscrypt"
>      #DNSCRYPT_GROUP="dnscrypt"
>
>     diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.initd
>     b/community/dnscrypt-proxy/dnscrypt-proxy.initd
>     index e24085f1..c52ba746 100644
>     --- a/community/dnscrypt-proxy/dnscrypt-proxy.initd
>     +++ b/community/dnscrypt-proxy/dnscrypt-proxy.initd
>     @@ -3,9 +3,9 @@
>      # Distributed under the terms of the GNU General Public License v2
>
>      command="/usr/bin/dnscrypt-proxy"
>     -command_args="${DNSCRYPT_OPTS:---config
>     /etc/dnscrypt-proxy/dnscrypt-proxy.toml}"
>     +command_args="${DNSCRYPT_OPTS:--config
>     /etc/dnscrypt-proxy/dnscrypt-proxy.toml}"
>      command_user="${DNSCRYPT_USER:-dnscrypt}:${DNSCRYPT_GROUP:-dnscrypt}"
>     -pidfile="/run/dnscrypt-proxy/${SVCNAME}.pid"
>     +pidfile="/run/${SVCNAME}.pid"
>      start_stop_daemon_args="--background --make-pidfile"
>
>      depend() {
>     diff --git a/community/dnscrypt-proxy/dnscrypt-proxy.post-install
>     b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
>     new file mode 100644
>     index 00000000..7a7f4af3
>     --- /dev/null
>     +++ b/community/dnscrypt-proxy/dnscrypt-proxy.post-install
>     @@ -0,0 +1,2 @@
>     +#!/bin/sh
>     +/usr/sbin/setcap cap_net_bind_service=+pe /usr/bin/dnscrypt-proxy
>     -- 
>     2.17.0
>
>
>
>     ---
>     Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
>     <alpine-aports%2Bunsubscribe@lists.alpinelinux.org>
>     Help: alpine-aports+help@lists.alpinelinux.org
>     <alpine-aports%2Bhelp@lists.alpinelinux.org>
>     ---
>
>
Reply to thread Export thread (mbox)