|
|
d3d07a6 |
# Generated by go2rpm 1
|
|
|
d3d07a6 |
%bcond_without check
|
|
|
d3d07a6 |
|
|
|
d3d07a6 |
# https://github.com/jedisct1/dnscrypt-proxy
|
|
|
2076a2f |
%global goipath github.com/jedisct1/dnscrypt-proxy
|
|
|
d3d07a6 |
Version: 2.0.27
|
|
|
d3d07a6 |
%global tag 2.0.27
|
|
|
d3d07a6 |
|
|
|
d3d07a6 |
%gometa
|
|
|
2076a2f |
|
|
|
2076a2f |
%global common_description %{expand:
|
|
|
5c2e402 |
A flexible DNS proxy, with support for modern encrypted DNS protocols such as
|
|
|
2076a2f |
DNSCrypt v2 and DNS-over-HTTP/2.
|
|
|
2076a2f |
|
|
|
2076a2f |
Features:
|
|
|
2076a2f |
|
|
|
5c2e402 |
- DNS traffic encryption and authentication. Supports DNS-over-HTTPS (DoH)
|
|
|
2076a2f |
and DNSCrypt.
|
|
|
2076a2f |
- DNSSEC compatible
|
|
|
5c2e402 |
- DNS query monitoring, with separate log files for regular and suspicious
|
|
|
2076a2f |
queries
|
|
|
2076a2f |
- Pattern-based local blocking of DNS names and IP addresses
|
|
|
2076a2f |
- Time-based filtering, with a flexible weekly schedule
|
|
|
2076a2f |
- Transparent redirection of specific domains to specific resolvers
|
|
|
2076a2f |
- DNS caching, to reduce latency and improve privacy
|
|
|
2076a2f |
- Local IPv6 blocking to reduce latency on IPv4-only networks
|
|
|
2076a2f |
- Load balancing: pick a set of resolvers, dnscrypt-proxy will automatically
|
|
|
5c2e402 |
measure and keep track of their speed, and balance the traffic across the
|
|
|
2076a2f |
fastest available ones.
|
|
|
5c2e402 |
- Cloaking: like a HOSTS file on steroids, that can return preconfigured
|
|
|
5c2e402 |
addresses for specific names, or resolve and return the IP address of other
|
|
|
5c2e402 |
names. This can be used for local development as well as to enforce safe
|
|
|
2076a2f |
search results on Google, Yahoo and Bing.
|
|
|
2076a2f |
- Automatic background updates of resolvers lists
|
|
|
5c2e402 |
- Can force outgoing connections to use TCP; useful with tunnels such as Tor.}
|
|
|
2076a2f |
|
|
|
2076a2f |
Name: dnscrypt-proxy
|
|
|
d3d07a6 |
Release: 1%{?dist}
|
|
|
d3d07a6 |
Summary: Flexible DNS proxy, with support for encrypted DNS protocols
|
|
|
d3d07a6 |
|
|
|
2076a2f |
License: ISC
|
|
|
2076a2f |
URL: %{gourl}
|
|
|
d3d07a6 |
Source0: %{gosource}
|
|
|
2076a2f |
Source1: dnscrypt-proxy.service
|
|
|
2076a2f |
Source2: dnscrypt-proxy.socket
|
|
|
2076a2f |
|
|
|
2076a2f |
# Largely inspired by Arch packaging
|
|
|
2076a2f |
# https://git.archlinux.org/svntogit/community.git/tree/trunk/configuration.diff?h=packages/dnscrypt-proxy
|
|
|
2076a2f |
Patch0: dnscrypt-proxy-2.0.14-custom_config.patch
|
|
|
2076a2f |
|
|
|
2076a2f |
BuildRequires: systemd
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/BurntSushi/toml)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/coreos/go-systemd/activation)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/coreos/go-systemd/daemon)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/dchest/safefile)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/facebookgo/pidfile)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/hashicorp/go-immutable-radix)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/hashicorp/golang-lru)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/jedisct1/dlog)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/jedisct1/go-clocksmith)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/jedisct1/go-dnsstamps)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/jedisct1/go-minisign)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/jedisct1/xsecretbox)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/k-sone/critbitgo)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/kardianos/service)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/miekg/dns)
|
|
|
d3d07a6 |
BuildRequires: golang(github.com/VividCortex/ewma)
|
|
|
d3d07a6 |
BuildRequires: golang(golang.org/x/crypto/curve25519)
|
|
|
d3d07a6 |
BuildRequires: golang(golang.org/x/crypto/ed25519)
|
|
|
d3d07a6 |
BuildRequires: golang(golang.org/x/crypto/nacl/box)
|
|
|
d3d07a6 |
BuildRequires: golang(golang.org/x/crypto/nacl/secretbox)
|
|
|
d3d07a6 |
BuildRequires: golang(golang.org/x/net/http2)
|
|
|
d3d07a6 |
BuildRequires: golang(golang.org/x/net/proxy)
|
|
|
d3d07a6 |
BuildRequires: golang(golang.org/x/sys/unix)
|
|
|
d3d07a6 |
BuildRequires: golang(gopkg.in/natefinch/lumberjack.v2)
|
|
|
2076a2f |
|
|
|
5c2e402 |
# For SELinux workaround
|
|
|
cc46d3e |
BuildRequires: selinux-policy-devel
|
|
|
cc46d3e |
Requires(post): policycoreutils
|
|
|
cc46d3e |
Requires(preun): policycoreutils
|
|
|
cc46d3e |
Requires(postun): policycoreutils
|
|
|
cc46d3e |
|
|
|
2076a2f |
%{?systemd_requires}
|
|
|
56a2b23 |
|
|
|
2076a2f |
%description
|
|
|
2076a2f |
%{common_description}
|
|
|
56a2b23 |
|
|
|
2076a2f |
%prep
|
|
|
d3d07a6 |
%goprep
|
|
|
56a2b23 |
|
|
|
5c2e402 |
%build
|
|
|
d3d07a6 |
for cmd in dnscrypt-proxy; do
|
|
|
d3d07a6 |
%gobuild -o %{gobuilddir}/bin/$(basename $cmd) %{goipath}/$cmd
|
|
|
d3d07a6 |
done
|
|
|
56a2b23 |
|
|
|
2076a2f |
%install
|
|
|
d3d07a6 |
install -m 0755 -vd %{buildroot}%{_bindir}
|
|
|
d3d07a6 |
install -m 0755 -vp %{gobuilddir}/bin/* %{buildroot}%{_bindir}/
|
|
|
2076a2f |
install -Dpm 0644 dnscrypt-proxy/example-dnscrypt-proxy.toml %{buildroot}%{_sysconfdir}/%{name}/dnscrypt-proxy.toml
|
|
|
2076a2f |
install -Dpm 0644 dnscrypt-proxy/example-blacklist.txt %{buildroot}%{_sysconfdir}/%{name}/blacklist.txt
|
|
|
2076a2f |
install -Dpm 0644 dnscrypt-proxy/example-cloaking-rules.txt %{buildroot}%{_sysconfdir}/%{name}/cloaking-rules.txt
|
|
|
2076a2f |
install -Dpm 0644 dnscrypt-proxy/example-forwarding-rules.txt %{buildroot}%{_sysconfdir}/%{name}/forwarding-rules.txt
|
|
|
2076a2f |
install -Dpm 0644 dnscrypt-proxy/example-whitelist.txt %{buildroot}%{_sysconfdir}/%{name}/whitelist.txt
|
|
|
2076a2f |
install -Dpm 0644 %{S:1} %{buildroot}%{_unitdir}/%{name}.service
|
|
|
2076a2f |
install -Dpm 0644 %{S:2} %{buildroot}%{_unitdir}/%{name}.socket
|
|
|
56a2b23 |
|
|
|
472a281 |
# Temporary SELinux workaround
|
|
|
472a281 |
# https://github.com/fedora-selinux/selinux-policy/issues/231
|
|
|
472a281 |
mkdir selinux
|
|
|
472a281 |
cd selinux
|
|
|
472a281 |
|
|
|
472a281 |
cat << EOF > my-ptproxy.te
|
|
|
472a281 |
module my-ptproxy 1.0;
|
|
|
472a281 |
|
|
|
472a281 |
require {
|
|
|
472a281 |
type var_t;
|
|
|
472a281 |
type init_t;
|
|
|
472a281 |
class dir { create setattr };
|
|
|
472a281 |
class lnk_file { create getattr read };
|
|
|
472a281 |
}
|
|
|
472a281 |
|
|
|
472a281 |
#============= init_t ==============
|
|
|
472a281 |
allow init_t var_t:dir { create setattr };
|
|
|
472a281 |
allow init_t var_t:lnk_file create;
|
|
|
472a281 |
EOF
|
|
|
472a281 |
|
|
|
472a281 |
make -f %{_datadir}/selinux/devel/Makefile
|
|
|
472a281 |
install -p -m 644 -D my-ptproxy.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/my-ptproxy.pp
|
|
|
472a281 |
|
|
|
472a281 |
%post
|
|
|
472a281 |
%systemd_post %{name}.service
|
|
|
472a281 |
if [ "$1" -le "1" ] ; then # First install
|
|
|
472a281 |
semodule -i %{_datadir}/selinux/packages/%{name}/my-ptproxy.pp 2>/dev/null || :
|
|
|
472a281 |
fi
|
|
|
472a281 |
|
|
|
472a281 |
%preun
|
|
|
472a281 |
%systemd_preun %{name}.service
|
|
|
472a281 |
if [ "$1" -lt "1" ] ; then # Final removal
|
|
|
472a281 |
semodule -r my-ptproxy 2>/dev/null || :
|
|
|
472a281 |
fi
|
|
|
472a281 |
|
|
|
472a281 |
%postun
|
|
|
472a281 |
%systemd_postun %{name}.service
|
|
|
472a281 |
if [ "$1" -ge "1" ] ; then # Upgrade
|
|
|
472a281 |
semodule -i %{_datadir}/selinux/packages/%{name}/my-ptproxy.pp 2>/dev/null || :
|
|
|
472a281 |
fi
|
|
|
472a281 |
|
|
|
56a2b23 |
%files
|
|
|
2076a2f |
%license LICENSE
|
|
|
2076a2f |
%doc README.md ChangeLog
|
|
|
2076a2f |
%{_bindir}/%{name}
|
|
|
2076a2f |
%dir %{_sysconfdir}/%{name}
|
|
|
2076a2f |
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.toml
|
|
|
2076a2f |
%config(noreplace) %{_sysconfdir}/%{name}/blacklist.txt
|
|
|
2076a2f |
%config(noreplace) %{_sysconfdir}/%{name}/cloaking-rules.txt
|
|
|
2076a2f |
%config(noreplace) %{_sysconfdir}/%{name}/forwarding-rules.txt
|
|
|
2076a2f |
%config(noreplace) %{_sysconfdir}/%{name}/whitelist.txt
|
|
|
472a281 |
%{_datadir}/selinux/packages/%{name}/my-ptproxy.pp
|
|
|
2076a2f |
%{_unitdir}/%{name}.*
|
|
|
56a2b23 |
|
|
|
56a2b23 |
%changelog
|
|
|
d3d07a6 |
* Thu Sep 12 00:14:59 CEST 2019 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.27-1
|
|
|
d3d07a6 |
- Release 2.0.27 (#1716575)
|
|
|
d3d07a6 |
|
|
|
b935ad3 |
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.23-2
|
|
|
b935ad3 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
b935ad3 |
|
|
|
9b98010 |
* Mon Apr 29 00:37:56 CET 2019 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.23-1
|
|
|
9b98010 |
- Release 2.0.23
|
|
|
9b98010 |
|
|
|
5c2e402 |
* Mon Apr 01 16:13:44 CET 2019 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.22-1
|
|
|
5c2e402 |
- Release 2.0.22
|
|
|
5c2e402 |
|
|
|
f719197 |
* Thu Mar 14 2019 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.20-1
|
|
|
f719197 |
- Release 2.0.20
|
|
|
f719197 |
|
|
|
1300a6c |
* Wed Feb 20 2019 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.19-3
|
|
|
472a281 |
- Add a policy for SELinux /var/cache creation
|
|
|
472a281 |
- Removed ProtectHome from the SystemD service to use with GNU Stow
|
|
|
472a281 |
|
|
|
d802dac |
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.19-2
|
|
|
d802dac |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
d802dac |
|
|
|
42017d8 |
* Thu Nov 22 2018 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.19-1
|
|
|
42017d8 |
- Release 2.0.19
|
|
|
42017d8 |
|
|
|
56cef85 |
* Thu Nov 15 2018 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.18-1
|
|
|
56cef85 |
- Release 2.0.18
|
|
|
56cef85 |
|
|
|
06b22f3 |
* Wed Oct 03 2018 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.17-1
|
|
|
06b22f3 |
- Update to 2.0.17
|
|
|
06b22f3 |
|
|
|
cc46d3e |
* Mon Aug 13 2018 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.16-2
|
|
|
5c2e402 |
- Add a policy for SELinux DynamicUser failures
|
|
|
cc46d3e |
|
|
|
2076a2f |
* Tue Jul 17 2018 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.16-1
|
|
|
2076a2f |
- Update to 2.0.16
|
|
|
2076a2f |
|
|
|
83c5e97 |
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-7
|
|
|
83c5e97 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
83c5e97 |
|
|
|
8f3f9fd |
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-6
|
|
|
8f3f9fd |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
8f3f9fd |
|
|
|
7ae83cd |
* Mon Oct 02 2017 Remi Collet <remi@fedoraproject.org> - 1.9.0-5
|
|
|
7ae83cd |
- rebuild for libsodium
|
|
|
7ae83cd |
|
|
|
5bf035a |
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-4
|
|
|
5bf035a |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
5bf035a |
|
|
|
1c0c020 |
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-3
|
|
|
1c0c020 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
1c0c020 |
|
|
|
7258501 |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-2
|
|
|
7258501 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
7258501 |
|
|
|
4905be5 |
* Sun Jan 01 2017 Nikos Roussos <comzeradd@fedoraproject.org> 1.9.0-1
|
|
|
4905be5 |
- Update to 1.9.0
|
|
|
4905be5 |
|
|
|
4905be5 |
* Tue Jul 05 2016 Nikos Roussos <comzeradd@fedoraproject.org> 1.6.1-4
|
|
|
4905be5 |
- Add systemd support
|
|
|
4905be5 |
|
|
|
56a2b23 |
* Mon Jun 06 2016 Nikos Roussos <comzeradd@fedoraproject.org> 1.6.1-3
|
|
|
56a2b23 |
- Fix license
|
|
|
56a2b23 |
|
|
|
56a2b23 |
* Mon Jun 06 2016 Nikos Roussos <comzeradd@fedoraproject.org> 1.6.1-2
|
|
|
56a2b23 |
- Add hardened flag
|
|
|
56a2b23 |
- Fix obsolete m4 macro
|
|
|
56a2b23 |
|
|
|
56a2b23 |
* Fri Apr 22 2016 Nikos Roussos <comzeradd@fedoraproject.org> 1.6.1-1
|
|
|
56a2b23 |
- Update to 1.6.1
|
|
|
56a2b23 |
|
|
|
56a2b23 |
* Sat Oct 24 2015 Nikos Roussos <comzeradd@fedoraproject.org> 1.6.0-1
|
|
|
56a2b23 |
- Initial package
|
|
|
2076a2f |
|