~alpine/devel

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
1

[alpine-devel] [PATCH] Revised dnscrypt-proxy setup script

Details
Message ID
<1384597004-1576-1-git-send-email-developer@it-offshore.co.uk>
Sender timestamp
1384597004
DKIM signature
missing
Download raw message
Patch: +73 -23
I did a little more testing on the /sbin/setup-dnscrypt script (once I knew I could install
the APK's I made). This fixes previous bugs with setting up dns caching (a 2nd loopback is
created & the proxy now listens on 127.0.0.2:40 by default if caching is enabled). Errors
in setting up & starting the services are also fixed.
---
 testing/dnscrypt-proxy/dnscrypt-proxy.setup | 96 ++++++++++++++++++++++-------
 1 file changed, 73 insertions(+), 23 deletions(-)

diff --git a/testing/dnscrypt-proxy/dnscrypt-proxy.setup b/testing/dnscrypt-proxy/dnscrypt-proxy.setup
index 8fd6d56..8cb5861 100644
--- a/testing/dnscrypt-proxy/dnscrypt-proxy.setup
+++ b/testing/dnscrypt-proxy/dnscrypt-proxy.setup
@@ -36,18 +36,39 @@ die() {
    exit 1
}

restart_interface(){

INTERFACES=$(echo | ifconfig | grep "Link encap" | sed '/lo/d' | cut -d"L" -f1)
print_question "\nChoose external interface to restart from the following:"
print_question "\n\n$INTERFACES" "[ default - eth0 ]"
read RESTART
if [ ! $RESTART ] ;then
        RESTART=eth0; print_green "\nInterface: $RESTART Selected\n";
	if echo $INTERFACES | grep $RESTART 1> /dev/null; then
		ifdown $RESTART && ifup $RESTART
	fi
fi

}

choose_ip(){
IP=none
IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }')
until echo $IPADDR | grep -e $IP 1>/dev/null
do
    print_question "\nChoose dnscrypt ip from the following addresses:\n"
    print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]"
    read IP
    if [ ! $IP ] ;then
        IP=127.0.0.1; print_green "\nIP: 127.0.0.1 Selected";
    fi
done

if [ ! $IP ]; then
	IP=none
	IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }')
	until echo $IPADDR | grep -e $IP 1>/dev/null
	do
    		print_question "\nChoose dnscrypt ip from the following addresses:\n"
    		print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]"
    		read IP
    		if [ ! $IP ] ;then
        	IP=127.0.0.1; print_green "\nIP: $IP Selected";
   		fi
	done
else
	#ip already set to 2nd loopback for dns caching
	print_green "\nIP: $IP will be configured for dnscrypt-proxy";
fi
}

choose_port(){
@@ -72,24 +93,28 @@ done
update_unbound(){
if [ -f /etc/unbound/unbound.conf ]; then
	if grep 'Settings from /sbin/setup-dnscrypt' /etc/unbound/unbound.conf 1>/dev/null; then
		#replace previous setting
		#update forward zone
		START=$(sed -n '/Settings from \/sbin\/setup-dnscrypt/=' /etc/unbound/unbound.conf)
		LINE=$(expr $START + 5)
		LINE=$(expr $START + 4)
		sed "$LINE c \  forward-addr: $IP@$DNSPORT" /etc/unbound/unbound.conf -i
	else
		# allow querying of localhost
		START=$(sed -n '/do-not-query-localhost:/=' /etc/unbound/unbound.conf)
		sed "$START c \do-not-query-localhost: no #set by /sbin/setup-dnscrypt" /etc/unbound/unbound.conf -i
		# create catch all forward zone
		echo -e '##### Settings from /sbin/setup-dnscrypt #####' >> /etc/unbound/unbound.conf
		echo -e 'do-not-query-localhost: no' >> /etc/unbound/unbound.conf
		echo >> /etc/unbound/unbound.conf
		echo -e 'forward-zone:' >> /etc/unbound/unbound.conf
		echo -e '  name: "."' >> /etc/unbound/unbound.conf
		echo -e "  forward-addr: $IP@$DNSPORT" >> /etc/unbound/unbound.conf
	fi
print_strong "\n/etc/unbound/unbound.conf settings updated to:"
print_green "--------------------------------------------------------"
print_table "do-not-query-localhost: no"
print_table ""
print_table 'forward-zone:'
print_table '  name: "."'
print_table "  forward-addr: $IP@$DNSPORT"
print_green "--------------------------------------------------------\n"
print_green "--------------------------------------------------------"
fi
}

@@ -167,7 +192,7 @@ print_green "-------------------------------------------------------------------
print_table "RESOLVER\t\t:" "$RESOLVER"
print_table "PROVIDER\t\t:" "$PROVIDER"
print_table "PUBLIC KEY :" "$PUBKEY"
print_green "---------------------------------------------------------------------------------------------\n"
print_green "---------------------------------------------------------------------------------------------"

# install unbound
if ! which unbound 1> /dev/null; then
@@ -178,9 +203,31 @@ if ! which unbound 1> /dev/null; then
   fi
fi

# check for / setup secondary loopback for dns caching
if which unbound 1> /dev/null && ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then
	print_question "Configure DNS Caching (this will create a 2nd loopback interface @ 127.0.0.2) " "[ Y / N ]"
   	read install2ndloop
   	if [ "$install2ndloop" = "Y" ] || [ "$install2ndloop" = "y" ]; then
      		IP=127.0.0.2
      		echo "auto lo:1" >> /etc/network/interfaces
		echo "iface lo:1 inet static" >> /etc/network/interfaces
		echo "address 127.0.0.2" >> /etc/network/interfaces
		echo "netmask 255.0.0.0" >> /etc/network/interfaces
   		ifconfig lo:1 127.0.0.2 up
	fi
fi


# choose dnscrypt ip address port
print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]"
read updateip
if ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then
	print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]"
	read updateip
else
	#ip is already the 2nd loopback
	updateip=Y; IP=127.0.0.2
	print_green "\nDNS Caching configured"
fi

if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then
		choose_ip; choose_port

@@ -200,20 +247,23 @@ if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then

		# update resolv.conf & unbound
		LINE=$(sed -n '/nameserver/=' /etc/resolv.conf)
                sed "$LINE c nameserver $IP" /etc/resolv.conf -i
                sed "$LINE c nameserver 127.0.0.1" /etc/resolv.conf -i
		update_unbound

		restart_interface

		# add / restart services
		for srv in "unbound dnscrypt-proxy"; do
		for srv in "unbound" "dnscrypt-proxy"; do
		if which $srv 1> /dev/null; then
			if ! rc-status | grep $srv; then
			rc-status default | grep $srv 1> /dev/null
			if [ "$?" != "0" ]; then
				rc-update add $srv default
			fi
			rc-service $srv restart
		fi
		done

		print_strong "/etc/conf.d/dnscrypt-proxy Listening Address updated to:"
		print_strong "\n/etc/conf.d/dnscrypt-proxy Listening Address updated to:"
		print_green "--------------------------------------------------------"
		print_table "DNSCRYPT_LOCALIP=$IP:$DNSPORT"
		print_green "--------------------------------------------------------\n"
-- 
1.8.4.3



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20131119165246.38f8b7ee@ncopa-desktop.alpinelinux.org>
In-Reply-To
<1384597004-1576-1-git-send-email-developer@it-offshore.co.uk> (view parent)
Sender timestamp
1384876366
DKIM signature
missing
Download raw message
On Sat, 16 Nov 2013 10:16:44 +0000
IT Offshore <developer@it-offshore.co.uk> wrote:

> I did a little more testing on the /sbin/setup-dnscrypt script (once I knew I could install
> the APK's I made). This fixes previous bugs with setting up dns caching (a 2nd loopback is
> created & the proxy now listens on 127.0.0.2:40 by default if caching is enabled). Errors
> in setting up & starting the services are also fixed.
> ---
>  testing/dnscrypt-proxy/dnscrypt-proxy.setup | 96 ++++++++++++++++++++++-------
>  1 file changed, 73 insertions(+), 23 deletions(-)

I rewrapped the commit message to 72 char wide (standard for git),
fixed whitespace damage (space before tabs), bumped pkgrel and updated
checksum in apkbuild... and pushed..

thanks.

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)