From: IT Offshore <developer@it-offshore.co.uk>
To: alpine-devel@lists.alpinelinux.org
Cc: IT Offshore <developer@it-offshore.co.uk>
Subject: [alpine-devel] [PATCH 2/2] dnscrypt-proxy Version Bump to v.1.33 / updated APKBUILD for new sources
Date: Fri,  8 Nov 2013 00:25:10 +0000
Message-Id: <1383870310-25477-3-git-send-email-developer@it-offshore.co.uk>
In-Reply-To: <1383870310-25477-1-git-send-email-developer@it-offshore.co.uk>
References: <1383870310-25477-1-git-send-email-developer@it-offshore.co.uk>
Precedence: list

The sources URL was not working even with the version bump so I amended it to
work with GIT. Added make-depends to build with autoconf / make.

dnscrypt-proxy no longer has libsodium sources included. Separate patch added for
libsodium / libsodium-dev.

/usr/bin/dnscrypt-config added (run by the post-install script) to choose the
DNS Resolver dnscrypt queries (the default OpenDNS resolver keeps logs - the other
Resolvers do not)

dnscrypt ip:port can be changed & optionally unbound can be installed for dns caching.
---
 testing/dnscrypt-proxy/APKBUILD                    |  51 +++---
 testing/dnscrypt-proxy/dnscrypt-config             | 201 +++++++++++++++++++++
 testing/dnscrypt-proxy/dnscrypt-proxy.post-install |   6 +
 3 files changed, 236 insertions(+), 22 deletions(-)
 create mode 100644 testing/dnscrypt-proxy/dnscrypt-config
 create mode 100644 testing/dnscrypt-proxy/dnscrypt-proxy.post-install

diff --git a/testing/dnscrypt-proxy/APKBUILD b/testing/dnscrypt-proxy/APKBUILD
index 9b34b39..c64c049 100644
--- a/testing/dnscrypt-proxy/APKBUILD
+++ b/testing/dnscrypt-proxy/APKBUILD
@@ -1,33 +1,36 @@
 # Contributor: Francesco Colista <francesco.colista@gmail.com>
 # Maintainer: Francesco Colista <francesco.colista@gmail.com>
 pkgname=dnscrypt-proxy
-pkgver=1.3.0
-pkgrel=0
+pkgver=1.3.3
+pkgrel=1
 pkgdesc="A tool for securing communications between a client and a DNS resolver"
 url="http://dnscrypt.org/"
 arch="x86"
 license="custom"
-depends=""
-depends_dev=""
+depends="libsodium"
+depends_dev="libtool automake autoconf libsodium-dev"
 makedepends="$depends_dev"
-install=""
-pkguser=dnscrypt
-pkggroup=dnscrypt
-subpackages="$pkgname-dev $pkgname-doc"
-source="http://download.dnscrypt.org/$pkgname/$pkgname-$pkgver.tar.bz2
+install="$pkgname.post-install $pkgname.pre-install"
+pkgusers=dnscrypt
+pkggroups=dnscrypt
+subpackages="$pkgname-doc"
+source="saveas-https://github.com/jedisct1/$pkgname/archive/$pkgver.tar.gz/$pkgname-$pkgver.tar.gz
 	$pkgname.initd
 	$pkgname.confd
+	dnscrypt-config
 	"
+
 _builddir="$srcdir"/$pkgname-$pkgver
 
 build() {
-
-	cd "$_builddir"/src/libsodium
-	make -j1 check
-
-	cd "$_builddir"
-	CFLAGS="$CFLAGS -fPIC" ./configure --prefix=/usr
-	make -j1
+        cd "$_builddir"
+	./autogen.sh
+        CFLAGS="$CFLAGS -fPIC" ./configure \
+                --build=$CBUILD \
+                --host=$CHOST \
+                --prefix=/usr \
+                || return 1
+        make || return 1
 }
 
 package() {
@@ -38,18 +41,22 @@ package() {
 	mkdir -p $pkgdir/usr/share/licenses/$pkgname
         install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
 	install -m755 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+	install -m755 -D "$srcdir"/dnscrypt-config "$pkgdir"/usr/bin/dnscrypt-config
 	install -m 644 COPYING $pkgdir/usr/share/licenses/$pkgname
 	chown dnscrypt "$pkgdir"/var/log/$pkgname
 	chown dnscrypt "$pkgdir"/var/run/$pkgname
 	rm -rf $pkgdir/usr/lib/*.la
 }
 
-md5sums="33cc94dd06d23f96b4bac3efd1b20c95  dnscrypt-proxy-1.3.0.tar.bz2
+md5sums="6a10b1d6018bfeed9a6dbc3b49cc39d8  dnscrypt-proxy-1.3.3.tar.gz
 9d4858771258a029d00197422d3888b8  dnscrypt-proxy.initd
-a7a34c94174eca5c688e7867a87cafb3  dnscrypt-proxy.confd"
-sha256sums="211ee2d75acd631b09d012229c73654c2302234d73c9f12425e1c906520dc7c5  dnscrypt-proxy-1.3.0.tar.bz2
+a7a34c94174eca5c688e7867a87cafb3  dnscrypt-proxy.confd
+57d315cafd53eefc37cd791c48d27aa8  dnscrypt-config"
+sha256sums="b797b1cc2ce6b7a01bc8a8d119367971f0cff20beea506cd0aeaa613fd5eaa24  dnscrypt-proxy-1.3.3.tar.gz
 f8b9301a8deda8413c6057788644505e622c0e12c8637f1dc7bdddf44f9cbec7  dnscrypt-proxy.initd
-e4817f9c73137bf34607df3617f3fa3075ea8cb805cff948e06901ca7259e46b  dnscrypt-proxy.confd"
-sha512sums="b6d7e6796d24bfe8ef27a16c4e6970122965f4d9fd4f3df997fc4f46e2c762efcd6fd145df7e154c2b66b358771d1ce45f676df3810b14fb6aeec0b182e354b6  dnscrypt-proxy-1.3.0.tar.bz2
+e4817f9c73137bf34607df3617f3fa3075ea8cb805cff948e06901ca7259e46b  dnscrypt-proxy.confd
+928cf063b9ab3168fe3fcc5f790ea803e344ca2d82dbfeccfffd12c177bff2e0  dnscrypt-config"
+sha512sums="e0d668446eaf65dce358b6d90fc7cf9905e49e267f0ff6c4d399c54b4ccc13d1c9f9622ac68f5fd992ce0b0c275b4e07bd98bc35404c822f521f20a244287dce  dnscrypt-proxy-1.3.3.tar.gz
 34e375faab52b381198bf50d1ce5e47be56132e7e427255782747952cf828951fec4676b523558f3f0bb46c1afa1a58b46960a3d9c550f6196f8de182a03e220  dnscrypt-proxy.initd
-544133669bb1ef1ab17992035919afccb911f7f282b71f0369f055a105efe7f6b9d61c1f281f879d684f08a095559800f57e124982dd4ea33b90a12b61352009  dnscrypt-proxy.confd"
+544133669bb1ef1ab17992035919afccb911f7f282b71f0369f055a105efe7f6b9d61c1f281f879d684f08a095559800f57e124982dd4ea33b90a12b61352009  dnscrypt-proxy.confd
+fcfd2b9bf08daeb65997f4236c46674a59e344c34d6c8724e2aa54d974b636ffd8d1b0e3ddc3267483017b3ef95deefde63db0b1d439191f1aa0b0f111deaccd  dnscrypt-config"
diff --git a/testing/dnscrypt-proxy/dnscrypt-config b/testing/dnscrypt-proxy/dnscrypt-config
new file mode 100644
index 0000000..d45d517
--- /dev/null
+++ b/testing/dnscrypt-proxy/dnscrypt-config
@@ -0,0 +1,201 @@
+#!/bin/sh
+
+# dnscrypt-proxy script to choose DNS Resolver / install & configure DNS Caching
+############################################################################################
+
+print_info() {
+    echo -n -e '\e[1;36m'
+    echo -n -e $1
+    echo -e '\e[0m'
+}
+
+die() {
+    echo "ERROR: $1" > /dev/null 1>&2
+    exit 1
+}
+
+choose_ip(){
+IP=none
+IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }')
+until echo $IPADDR | grep -e $IP 1>/dev/null
+do
+    echo; print_info "Choose dnscrypt ip from the following addresses:"
+    print_info "$IPADDR\t[ default - 127.0.0.1 ]"
+    echo; read IP
+    if [ ! $IP ] ;then
+        IP=127.0.0.1; print_info "IP: 127.0.0.1 Selected"; echo
+    fi
+done
+}
+
+choose_port(){
+echo; print_info "Choose dnscrypt port: [ default = 40 ]"
+until [ "$DNSPORT" -gt 0 ] 2>/dev/null
+do
+        echo;read DNSPORT
+        if [ ! $DNSPORT ]; then
+             DNSPORT=40; print_info "Port: 40 Selected"
+        fi
+
+        case $DNSPORT in
+        ''|*[!0-9]*) echo; print_info "Choose NUMERIC dnscrypt port: [ default = 40 ]" ;;
+        *) if [ "$DNSPORT" -gt 65535 ]; then
+				echo; print_info "Please choose a valid port [1 - 65535]";
+				DNSPORT=0;
+           fi;;
+        esac
+done
+}
+
+update_unbound(){
+if [ -f /etc/unbound/unbound.conf ]; then
+	if grep 'Settings from /usr/bin/dnscrypt-config' /etc/unbound/unbound.conf 1>/dev/null; then
+	#replace previous setting
+	START=$(sed -n '/Settings from \/usr\/bin\/dnscrypt-config/=' /etc/unbound/unbound.conf)
+	END=$(expr $START + 5)
+	sed "$END c \  forward-addr: $IP@$DNSPORT" /etc/unbound/unbound.conf -i
+	else
+	echo -e '##### Settings from /usr/bin/dnscrypt-config #####' >> /etc/unbound/unbound.conf
+	echo -e 'do-not-query-localhost: no' >> /etc/unbound/unbound.conf
+	echo >> /etc/unbound/unbound.conf
+	echo -e 'forward-zone:' >> /etc/unbound/unbound.conf
+	echo -e '  name: "."' >> /etc/unbound/unbound.conf
+	echo -e "  forward-addr: $IP@$DNSPORT" >> /etc/unbound/unbound.conf
+	echo; print_info "/etc/unbound/unbound.conf updated"
+	fi
+fi
+}
+
+# Do some sanity checking.
+if [ $(/usr/bin/id -u) != "0" ]; then
+   die 'Must be run by root user'
+fi
+
+clear; echo -e "\n"
+print_info "Please choose a DNS Resolver for dnscrypt-proxy to query [1 - 8]:"
+print_info "-----------------------------------------------------------------"
+print_info "1: OpenDNS"
+print_info "2: Cloud NS\t\t: Canberra, Australia (No Logs, DNSSEC)"
+print_info "3: Cloud NS\t\t: Canberra (over TOR .onion:443)"
+print_info "4: Cloud NS\t\t: Sydney, Australia (No Logs, DNSSEC)"
+print_info "5: Cloud NS\t\t: Sydney (over TOR .onion:443)"
+print_info "6: OpenNIC\t\t: Japan (No Logs)"
+print_info "7: DNSCrypt.eu\t\t: Holland (No logs, DNSSEC)"
+print_info "8: Soltysiak.com\t: Poland (No logs, DNSSEC)"
+print_info "-----------------------------------------------------------------"
+#read DNS
+
+until [ "$DNS" -gt 0 ] 2>/dev/null
+do
+
+read DNS
+
+case $DNS in
+    1) RESOLVER=208.67.220.220:443;
+       PROVIDER=2.dnscrypt-cert.opendns.com
+       PUBKEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79;;
+    2) RESOLVER=113.20.6.2:443;
+       PROVIDER=2.dnscrypt-cert.cloudns.com.au;
+       PUBKEY=1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4;;
+    3) RESOLVER=gc2tzw6lbmeagrp3.onion:443;
+       PROVIDER=2.dnscrypt-cert.cloudns.com.au;
+       PUBKEY=1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4;;
+    4) RESOLVER=113.20.8.17:443;
+       PROVIDER=2.dnscrypt-cert-2.cloudns.com.au;
+       PUBKEY=67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330;;
+    5) RESOLVER=l65q62lf7wnfme7m.onion:443;
+       PROVIDER=2.dnscrypt-cert-2.cloudns.com.au;
+       PUBKEY=67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330;;
+    6) RESOLVER=106.186.17.181:2053;
+       PROVIDER=2.dnscrypt-cert.ns2.jp.dns.opennic.glue;
+       PUBKEY=8768:C3DB:F70A:FBC6:3B64:8630:8167:2FD4:EE6F:E175:ECFD:46C9:22FC:7674:A1AC:2E2A;;
+    7) RESOLVER=176.56.237.171:443;
+       PROVIDER=2.dnscrypt-cert.dnscrypt.eu;
+       PUBKEY=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66;;
+    8) RESOLVER=178.216.201.222:2053;
+       PROVIDER=2.dnscrypt-cert.soltysiak.com;
+       PUBKEY=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21;;
+       #check for numerical input
+    ''|*[!1-9]*) print_info "Please choose a NUMERICAL option [1 - 8]" ;;
+    *) if [ "$DNS" -gt 8 ]; then
+	  print_info "Please choose an option [1 - 8]";
+	  DNS=0;
+       fi;;
+esac
+done
+
+# update init script
+START='ebegin "Starting dnscrypt-proxy"'
+CMD='start-stop-daemon --start --quiet --pidfile=${PID} --exec /usr/sbin/dnscrypt-proxy -- -p ${PID} -l ${DNSCRYPT_LOGFILE} -d -u ${DNSCRYPT_GROUP} -a ${DNSCRYPT_LOCALIP} -r ${RESOLVER} -k ${PUBKEY} -N ${PROVIDER}'
+sed -e '/start-stop-daemon --start/d' -e "s|$START|&\n        $CMD|g" /etc/init.d/dnscrypt-proxy -i
+
+# remove existing Resolver config
+if grep "RESOLVER" /etc/conf.d/dnscrypt-proxy 1> /dev/null; then
+   sed -e '/RESOLVER/d' -e '/PROVIDER/d' -e '/PUBKEY/d' /etc/conf.d/dnscrypt-proxy -i
+fi
+
+# update Resolver config
+echo "RESOLVER=$RESOLVER" >> /etc/conf.d/dnscrypt-proxy
+echo "PROVIDER=$PROVIDER" >> /etc/conf.d/dnscrypt-proxy
+echo "PUBKEY=$PUBKEY" >> /etc/conf.d/dnscrypt-proxy
+
+echo; print_info "dnscrypt-proxy Resolver settings updated to:"
+print_info "---------------------------------------------------------------------------------------------"
+print_info "RESOLVER\t\t: $RESOLVER"
+print_info "PROVIDER\t\t: $PROVIDER"
+print_info "PUBLIC KEY : $PUBKEY"
+print_info "---------------------------------------------------------------------------------------------"
+
+# install unbound
+if ! which unbound 1> /dev/null; then
+   echo; print_info "Install Unbound (Caching DNS Server) [ Y / N ]"
+   read installsrv
+   if [ "$installsrv" = "Y" ] || [ "$installsrv" = "y" ]; then
+	apk add -q unbound
+   fi
+fi
+
+# choose dnscrypt ip address port
+echo; print_info "Modify dnscrypt-proxy ip / port ? [ Y / N ]"
+read updateip
+if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then
+		choose_ip; choose_port
+
+		# update dnscrypt listening ip & port
+		START=$(sed -n '/DNSCRYPT_LOCALIP=/=' /etc/conf.d/dnscrypt-proxy)
+		sed "$START c DNSCRYPT_LOCALIP=$IP:$DNSPORT" /etc/conf.d/dnscrypt-proxy -i
+
+		# update dhclient.conf
+		if [ -f /etc/dhcp/dhclient.conf ]; then
+			if grep 'supersede domain-name-servers' /etc/dhcp/dhclient.conf 1>/dev/null; then
+			START=$(sed -n '/supersede domain-name-servers/=' /etc/dhcp/dhclient.conf)
+			sed "$START c supersede domain-name-servers $IP" /etc/dhcp/dhclient.conf -i
+			else
+				echo "supersede domain-name-servers $IP" >> /etc/dhcp/dhclient.conf
+			fi
+		fi
+
+		# update resolv.conf & unbound
+		echo "nameserver $IP" > /etc/resolv.conf
+		update_unbound
+
+		# add / restart services
+		for srv in "unbound dnscrypt-proxy"; do
+		if ! rc-status | grep $srv; then
+			rc-update add $srv default
+		        rc-service $srv restart
+		fi
+		done
+
+		echo; print_info "dnscrypt-proxy Listening Address updated to:"
+		print_info "------------------------------------------------------"
+		print_info "IP: $IP Port: $DNSPORT"
+		print_info "------------------------------------------------------"
+fi
+
+
+
+
+
+
+
diff --git a/testing/dnscrypt-proxy/dnscrypt-proxy.post-install b/testing/dnscrypt-proxy/dnscrypt-proxy.post-install
new file mode 100644
index 0000000..8059c83
--- /dev/null
+++ b/testing/dnscrypt-proxy/dnscrypt-proxy.post-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# choose DNS Resolver / change ip:port / optionally install DNS caching / add & start services
+/usr/bin/dnscrypt-config
+exit 0
+
-- 
1.8.4.2



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---