Mail archive
alpine-devel

[alpine-devel] [PATCH 2/5] Version Bump for dnscrypt-proxy to 1.33

From: IT Offshore <developer_at_it-offshore.co.uk>
Date: Sun, 10 Nov 2013 09:58:57 +0000

Complete patch to bump dnscrypt-proxy to version 1.33

Minor changes to APKBUILD to build with the new sources & make-depends.

confd / initd changed to include the additional configurations to set the alternative
resolver ip / public keys.

Separate patch created to build dnscrypt's dependency libsodium / libsodium-dev
(as it no longer forms part of dnscrypt's sources).

Post-install script is just status / info using the $STRONG / $RED / $GREEN
system colours.

Added /sbin/setup-dnscrypt for changing the resolver dnscrypt queries &
optionally installing unbound for dns caching. This also uses the system terminal
colours. This no longer makes any changes to init.d, it only updates conf.d
---
 testing/dnscrypt-proxy/APKBUILD                    |  51 +++--
 testing/dnscrypt-proxy/dnscrypt-proxy.confd        |   4 +
 testing/dnscrypt-proxy/dnscrypt-proxy.initd        |   2 +-
 testing/dnscrypt-proxy/dnscrypt-proxy.post-install |  14 ++
 testing/dnscrypt-proxy/dnscrypt-proxy.setup        | 227 +++++++++++++++++++++
 5 files changed, 275 insertions(+), 23 deletions(-)
 create mode 100644 testing/dnscrypt-proxy/dnscrypt-proxy.post-install
 create mode 100644 testing/dnscrypt-proxy/dnscrypt-proxy.setup
diff --git a/testing/dnscrypt-proxy/APKBUILD b/testing/dnscrypt-proxy/APKBUILD
index 9b34b39..57e10d7 100644
--- a/testing/dnscrypt-proxy/APKBUILD
+++ b/testing/dnscrypt-proxy/APKBUILD
_at_@ -1,33 +1,36 @@
 # Contributor: Francesco Colista <francesco.colista_at_gmail.com>
 # Maintainer: Francesco Colista <francesco.colista_at_gmail.com>
 pkgname=dnscrypt-proxy
-pkgver=1.3.0
-pkgrel=0
+pkgver=1.3.3
+pkgrel=1
 pkgdesc="A tool for securing communications between a client and a DNS resolver"
 url="http://dnscrypt.org/"
 arch="x86"
 license="custom"
-depends=""
-depends_dev=""
+depends="libsodium"
+depends_dev="libtool automake autoconf libsodium-dev"
 makedepends="$depends_dev"
-install=""
-pkguser=dnscrypt
-pkggroup=dnscrypt
-subpackages="$pkgname-dev $pkgname-doc"
-source="http://download.dnscrypt.org/$pkgname/$pkgname-$pkgver.tar.bz2
+install="$pkgname.post-install $pkgname.pre-install"
+pkgusers=dnscrypt
+pkggroups=dnscrypt
+subpackages="$pkgname-doc"
+source="saveas-https://github.com/jedisct1/$pkgname/archive/$pkgver.tar.gz/$pkgname-$pkgver.tar.gz
 	$pkgname.initd
 	$pkgname.confd
+	$pkgname.setup
 	"
+
 _builddir="$srcdir"/$pkgname-$pkgver
 
 build() {
-
-	cd "$_builddir"/src/libsodium
-	make -j1 check
-
-	cd "$_builddir"
-	CFLAGS="$CFLAGS -fPIC" ./configure --prefix=/usr
-	make -j1
+        cd "$_builddir"
+	./autogen.sh
+        CFLAGS="$CFLAGS -fPIC" ./configure \
+                --build=$CBUILD \
+                --host=$CHOST \
+                --prefix=/usr \
+                || return 1
+        make || return 1
 }
 
 package() {
_at_@ -38,18 +41,22 @@ package() {
 	mkdir -p $pkgdir/usr/share/licenses/$pkgname
         install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
 	install -m755 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+	install -m755 -D "$srcdir"/$pkgname.setup "$pkgdir"/sbin/setup-dnscrypt
 	install -m 644 COPYING $pkgdir/usr/share/licenses/$pkgname
 	chown dnscrypt "$pkgdir"/var/log/$pkgname
 	chown dnscrypt "$pkgdir"/var/run/$pkgname
 	rm -rf $pkgdir/usr/lib/*.la
 }
 
-md5sums="33cc94dd06d23f96b4bac3efd1b20c95  dnscrypt-proxy-1.3.0.tar.bz2
+md5sums="6a10b1d6018bfeed9a6dbc3b49cc39d8  dnscrypt-proxy-1.3.3.tar.gz
 9d4858771258a029d00197422d3888b8  dnscrypt-proxy.initd
-a7a34c94174eca5c688e7867a87cafb3  dnscrypt-proxy.confd"
-sha256sums="211ee2d75acd631b09d012229c73654c2302234d73c9f12425e1c906520dc7c5  dnscrypt-proxy-1.3.0.tar.bz2
+a7a34c94174eca5c688e7867a87cafb3  dnscrypt-proxy.confd
+57d315cafd53eefc37cd791c48d27aa8  dnscrypt-config"
+sha256sums="b797b1cc2ce6b7a01bc8a8d119367971f0cff20beea506cd0aeaa613fd5eaa24  dnscrypt-proxy-1.3.3.tar.gz
 f8b9301a8deda8413c6057788644505e622c0e12c8637f1dc7bdddf44f9cbec7  dnscrypt-proxy.initd
-e4817f9c73137bf34607df3617f3fa3075ea8cb805cff948e06901ca7259e46b  dnscrypt-proxy.confd"
-sha512sums="b6d7e6796d24bfe8ef27a16c4e6970122965f4d9fd4f3df997fc4f46e2c762efcd6fd145df7e154c2b66b358771d1ce45f676df3810b14fb6aeec0b182e354b6  dnscrypt-proxy-1.3.0.tar.bz2
+e4817f9c73137bf34607df3617f3fa3075ea8cb805cff948e06901ca7259e46b  dnscrypt-proxy.confd
+928cf063b9ab3168fe3fcc5f790ea803e344ca2d82dbfeccfffd12c177bff2e0  dnscrypt-config"
+sha512sums="e0d668446eaf65dce358b6d90fc7cf9905e49e267f0ff6c4d399c54b4ccc13d1c9f9622ac68f5fd992ce0b0c275b4e07bd98bc35404c822f521f20a244287dce  dnscrypt-proxy-1.3.3.tar.gz
 34e375faab52b381198bf50d1ce5e47be56132e7e427255782747952cf828951fec4676b523558f3f0bb46c1afa1a58b46960a3d9c550f6196f8de182a03e220  dnscrypt-proxy.initd
-544133669bb1ef1ab17992035919afccb911f7f282b71f0369f055a105efe7f6b9d61c1f281f879d684f08a095559800f57e124982dd4ea33b90a12b61352009  dnscrypt-proxy.confd"
+544133669bb1ef1ab17992035919afccb911f7f282b71f0369f055a105efe7f6b9d61c1f281f879d684f08a095559800f57e124982dd4ea33b90a12b61352009  dnscrypt-proxy.confd
+fcfd2b9bf08daeb65997f4236c46674a59e344c34d6c8724e2aa54d974b636ffd8d1b0e3ddc3267483017b3ef95deefde63db0b1d439191f1aa0b0f111deaccd  dnscrypt-config"
diff --git a/testing/dnscrypt-proxy/dnscrypt-proxy.confd b/testing/dnscrypt-proxy/dnscrypt-proxy.confd
index 9b68286..076cfde 100644
--- a/testing/dnscrypt-proxy/dnscrypt-proxy.confd
+++ b/testing/dnscrypt-proxy/dnscrypt-proxy.confd
_at_@ -5,3 +5,7 @@ DNSCRYPT_USER=dnscrypt
 DNSCRYPT_GROUP=dnscrypt
 # Set here the IP where DNSCRYPT listen
 DNSCRYPT_LOCALIP=127.0.0.1:53
+# Set the Resolver
+RESOLVER=208.67.220.220:443;
+PROVIDER=2.dnscrypt-cert.opendns.com
+PUBKEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79;
diff --git a/testing/dnscrypt-proxy/dnscrypt-proxy.initd b/testing/dnscrypt-proxy/dnscrypt-proxy.initd
index ff63b6f..33d1a5f 100644
--- a/testing/dnscrypt-proxy/dnscrypt-proxy.initd
+++ b/testing/dnscrypt-proxy/dnscrypt-proxy.initd
_at_@ -8,7 +8,7 @@ depend() {
 
 start() {
 	ebegin "Starting dnscrypt-proxy"
-	start-stop-daemon --start --quiet --pidfile=${PID} --exec /usr/sbin/dnscrypt-proxy -- -p ${PID} -l ${DNSCRYPT_LOGFILE} -d -u ${DNSCRYPT_GROUP} -a ${DNSCRYPT_LOCALIP}
+	start-stop-daemon --start --quiet --pidfile=${PID} --exec /usr/sbin/dnscrypt-proxy -- -p ${PID} -l ${DNSCRYPT_LOGFILE} -d -u ${DNSCRYPT_GROUP} -a ${DNSCRYPT_LOCALIP} -r ${RESOLVER} -k ${PUBKEY} -N ${PROVIDER}
 	eend $?
 }
 
diff --git a/testing/dnscrypt-proxy/dnscrypt-proxy.post-install b/testing/dnscrypt-proxy/dnscrypt-proxy.post-install
new file mode 100644
index 0000000..7e30564
--- /dev/null
+++ b/testing/dnscrypt-proxy/dnscrypt-proxy.post-install
_at_@ -0,0 +1,14 @@
+#!/bin/sh
+
+NORMAL="\033[1;0m"
+STRONG="\033[1;1m"
+GREEN="\033[1;32m"
+
+print_strong() {
+        local prompt="${STRONG}$1 ${GREEN}$2${NORMAL}"
+        printf "${prompt} %s\n"
+}
+
+print_strong "\nTo configure alternative DNS Resolvers & DNS caching please run:" "\n\n/sbin/setup-dnscrypt\n"
+exit 0
+
diff --git a/testing/dnscrypt-proxy/dnscrypt-proxy.setup b/testing/dnscrypt-proxy/dnscrypt-proxy.setup
new file mode 100644
index 0000000..8fd6d56
--- /dev/null
+++ b/testing/dnscrypt-proxy/dnscrypt-proxy.setup
_at_@ -0,0 +1,227 @@
+#!/bin/sh
+# Contributor: IT Offshore <developer_at_it-offshore.co.uk>
+# dnscrypt-proxy setup script to choose DNS Resolver / install & configure DNS Caching
+############################################################################################
+
+NORMAL="\033[1;0m"
+STRONG="\033[1;1m"
+RED="\033[1;31m"
+GREEN="\033[1;32m"
+
+print_question() {
+        local prompt="${STRONG}$1 ${RED}$2${NORMAL}"
+        printf "${prompt} %s"
+}
+
+print_strong() {
+        local prompt="${STRONG}$1 ${RED}$2${NORMAL}"
+        printf "${prompt} %s\n"
+}
+
+
+print_green() {
+        local prompt="${GREEN}${STRONG}$1 ${NORMAL}"
+        printf "${prompt} %s\n"
+}
+
+print_table() {
+        local choice="${RED}${STRONG}$1${NORMAL}"
+	local resolver="${STRONG}$2"
+	local location="${GREEN}$3"
+	 printf "${choice} ${resolver} ${location} %s\n"
+}
+
+die() {
+    print_table "ERROR:" "$1" > /dev/null 1>&2
+    exit 1
+}
+
+choose_ip(){
+IP=none
+IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }')
+until echo $IPADDR | grep -e $IP 1>/dev/null
+do
+    print_question "\nChoose dnscrypt ip from the following addresses:\n"
+    print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]"
+    read IP
+    if [ ! $IP ] ;then
+        IP=127.0.0.1; print_green "\nIP: 127.0.0.1 Selected";
+    fi
+done
+}
+
+choose_port(){
+print_question "\nChoose dnscrypt port:" "[ default = 40 ]"
+until [ "$DNSPORT" -gt 0 ] 2>/dev/null
+do
+        read DNSPORT
+        if [ ! $DNSPORT ]; then
+             DNSPORT=40; print_green "\nPort: 40 Selected"
+        fi
+
+        case $DNSPORT in
+        ''|*[!0-9]*) print_question "\nChoose NUMERIC dnscrypt port:" "[ default = 40 ]" ;;
+        *) if [ "$DNSPORT" -gt 65535 ]; then
+                                print_question "\nPlease choose a valid port" "[1 - 65535]";
+                                DNSPORT=0;
+           fi;;
+        esac
+done
+}
+
+update_unbound(){
+if [ -f /etc/unbound/unbound.conf ]; then
+	if grep 'Settings from /sbin/setup-dnscrypt' /etc/unbound/unbound.conf 1>/dev/null; then
+		#replace previous setting
+		START=$(sed -n '/Settings from \/sbin\/setup-dnscrypt/=' /etc/unbound/unbound.conf)
+		LINE=$(expr $START + 5)
+		sed "$LINE c \  forward-addr: $IP_at_$DNSPORT" /etc/unbound/unbound.conf -i
+	else
+		echo -e '##### Settings from /sbin/setup-dnscrypt #####' >> /etc/unbound/unbound.conf
+		echo -e 'do-not-query-localhost: no' >> /etc/unbound/unbound.conf
+		echo >> /etc/unbound/unbound.conf
+		echo -e 'forward-zone:' >> /etc/unbound/unbound.conf
+		echo -e '  name: "."' >> /etc/unbound/unbound.conf
+		echo -e "  forward-addr: $IP_at_$DNSPORT" >> /etc/unbound/unbound.conf
+	fi
+print_strong "\n/etc/unbound/unbound.conf settings updated to:"
+print_green "--------------------------------------------------------"
+print_table 'forward-zone:'
+print_table '  name: "."'
+print_table "  forward-addr: $IP_at_$DNSPORT"
+print_green "--------------------------------------------------------\n"
+fi
+}
+
+# Do some sanity checking.
+if [ $(/usr/bin/id -u) != "0" ]; then
+   die 'Must be run by root user'
+fi
+
+clear;
+print_table "\n   DNSCRYPT-PROXY MANAGER"
+print_green "-----------------------------------------------------------------"
+print_table "1:" "OpenDNS"
+print_table "2:" "Cloud NS\t\t : Canberra, Australia" "(No Logs, DNSSEC)"
+print_table "3:" "Cloud NS\t\t : Canberra" "(over TOR .onion:443)"
+print_table "4:" "Cloud NS\t\t : Sydney, Australia" "(No Logs, DNSSEC)"
+print_table "5:" "Cloud NS\t\t : Sydney" "(over TOR .onion:443)"
+print_table "6:" "OpenNIC\t\t : Japan" "(No Logs)"
+print_table "7:" "DNSCrypt.eu\t\t : Holland" "(No logs, DNSSEC)"
+print_table "8:" "Soltysiak.com\t : Poland" "(No logs, DNSSEC)"
+print_green "-----------------------------------------------------------------"
+print_question "Please choose a DNS Resolver for dnscrypt-proxy to query" "[1 - 8]:"
+
+
+until [ "$DNS" -gt 0 ] 2>/dev/null
+do
+
+read DNS
+
+case $DNS in
+    1) RESOLVER=208.67.220.220:443;
+       PROVIDER=2.dnscrypt-cert.opendns.com
+       PUBKEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79;;
+    2) RESOLVER=113.20.6.2:443;
+       PROVIDER=2.dnscrypt-cert.cloudns.com.au;
+       PUBKEY=1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4;;
+    3) RESOLVER=gc2tzw6lbmeagrp3.onion:443;
+       PROVIDER=2.dnscrypt-cert.cloudns.com.au;
+       PUBKEY=1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4;;
+    4) RESOLVER=113.20.8.17:443;
+       PROVIDER=2.dnscrypt-cert-2.cloudns.com.au;
+       PUBKEY=67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330;;
+    5) RESOLVER=l65q62lf7wnfme7m.onion:443;
+       PROVIDER=2.dnscrypt-cert-2.cloudns.com.au;
+       PUBKEY=67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330;;
+    6) RESOLVER=106.186.17.181:2053;
+       PROVIDER=2.dnscrypt-cert.ns2.jp.dns.opennic.glue;
+       PUBKEY=8768:C3DB:F70A:FBC6:3B64:8630:8167:2FD4:EE6F:E175:ECFD:46C9:22FC:7674:A1AC:2E2A;;
+    7) RESOLVER=176.56.237.171:443;
+       PROVIDER=2.dnscrypt-cert.dnscrypt.eu;
+       PUBKEY=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66;;
+    8) RESOLVER=178.216.201.222:2053;
+       PROVIDER=2.dnscrypt-cert.soltysiak.com;
+       PUBKEY=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21;;
+       #check for numerical input
+    ''|0|*[!0-9]*) print_question "Please choose a NUMERIC option:" "[1 - 8]" ;;
+    *) if [ "$DNS" -gt 8 ]; then
+	  print_question "Please choose an option:" "[1 - 8]";
+	  DNS=0;
+       fi;;
+esac
+done
+
+# remove existing Resolver config
+if grep "RESOLVER" /etc/conf.d/dnscrypt-proxy 1> /dev/null; then
+   sed -e '/RESOLVER/d' -e '/PROVIDER/d' -e '/PUBKEY/d' /etc/conf.d/dnscrypt-proxy -i
+fi
+
+# update Resolver config
+echo "RESOLVER=$RESOLVER" >> /etc/conf.d/dnscrypt-proxy
+echo "PROVIDER=$PROVIDER" >> /etc/conf.d/dnscrypt-proxy
+echo "PUBKEY=$PUBKEY" >> /etc/conf.d/dnscrypt-proxy
+
+print_strong "\n/etc/conf.d/dnscrypt-proxy Resolver Settings updated to:"
+print_green "---------------------------------------------------------------------------------------------"
+print_table "RESOLVER\t\t:" "$RESOLVER"
+print_table "PROVIDER\t\t:" "$PROVIDER"
+print_table "PUBLIC KEY :" "$PUBKEY"
+print_green "---------------------------------------------------------------------------------------------\n"
+
+# install unbound
+if ! which unbound 1> /dev/null; then
+   print_question "Install Unbound (Caching DNS Server)" "[ Y / N ]"
+   read installsrv
+   if [ "$installsrv" = "Y" ] || [ "$installsrv" = "y" ]; then
+      apk add -q unbound
+   fi
+fi
+
+# choose dnscrypt ip address port
+print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]"
+read updateip
+if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then
+		choose_ip; choose_port
+
+		# update dnscrypt listening ip & port
+		LINE=$(sed -n '/DNSCRYPT_LOCALIP=/=' /etc/conf.d/dnscrypt-proxy)
+		sed "$LINE c DNSCRYPT_LOCALIP=$IP:$DNSPORT" /etc/conf.d/dnscrypt-proxy -i
+
+		# update dhclient.conf
+		if [ -f /etc/dhcp/dhclient.conf ]; then
+			if grep 'supersede domain-name-servers' /etc/dhcp/dhclient.conf 1>/dev/null; then
+			LINE=$(sed -n '/supersede domain-name-servers/=' /etc/dhcp/dhclient.conf)
+			sed "$LINE c supersede domain-name-servers $IP" /etc/dhcp/dhclient.conf -i
+			else
+				echo "supersede domain-name-servers $IP" >> /etc/dhcp/dhclient.conf
+			fi
+		fi
+
+		# update resolv.conf & unbound
+		LINE=$(sed -n '/nameserver/=' /etc/resolv.conf)
+                sed "$LINE c nameserver $IP" /etc/resolv.conf -i
+		update_unbound
+
+		# add / restart services
+		for srv in "unbound dnscrypt-proxy"; do
+		if which $srv 1> /dev/null; then
+			if ! rc-status | grep $srv; then
+				rc-update add $srv default
+			fi
+			rc-service $srv restart
+		fi
+		done
+
+		print_strong "/etc/conf.d/dnscrypt-proxy Listening Address updated to:"
+		print_green "--------------------------------------------------------"
+		print_table "DNSCRYPT_LOCALIP=$IP:$DNSPORT"
+		print_green "--------------------------------------------------------\n"
+fi
+
+
+
+
+
+
+
-- 
1.8.4.2
---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Sun Nov 10 2013 - 09:58:57 UTC