# Generated by go2rpm 1
%bcond_without check
# https://github.com/jedisct1/dnscrypt-proxy
%global goipath github.com/jedisct1/dnscrypt-proxy
Version: 2.0.27
%global tag 2.0.27
%gometa
%global common_description %{expand:
A flexible DNS proxy, with support for modern encrypted DNS protocols such as
DNSCrypt v2 and DNS-over-HTTP/2.
Features:
- DNS traffic encryption and authentication. Supports DNS-over-HTTPS (DoH)
and DNSCrypt.
- DNSSEC compatible
- DNS query monitoring, with separate log files for regular and suspicious
queries
- Pattern-based local blocking of DNS names and IP addresses
- Time-based filtering, with a flexible weekly schedule
- Transparent redirection of specific domains to specific resolvers
- DNS caching, to reduce latency and improve privacy
- Local IPv6 blocking to reduce latency on IPv4-only networks
- Load balancing: pick a set of resolvers, dnscrypt-proxy will automatically
measure and keep track of their speed, and balance the traffic across the
fastest available ones.
- Cloaking: like a HOSTS file on steroids, that can return preconfigured
addresses for specific names, or resolve and return the IP address of other
names. This can be used for local development as well as to enforce safe
search results on Google, Yahoo and Bing.
- Automatic background updates of resolvers lists
- Can force outgoing connections to use TCP; useful with tunnels such as Tor.}
Name: dnscrypt-proxy
Release: 1%{?dist}
Summary: Flexible DNS proxy, with support for encrypted DNS protocols
License: ISC
URL: %{gourl}
Source0: %{gosource}
Source1: dnscrypt-proxy.service
Source2: dnscrypt-proxy.socket
# Largely inspired by Arch packaging
# https://git.archlinux.org/svntogit/community.git/tree/trunk/configuration.diff?h=packages/dnscrypt-proxy
Patch0: dnscrypt-proxy-2.0.14-custom_config.patch
BuildRequires: systemd
BuildRequires: golang(github.com/BurntSushi/toml)
BuildRequires: golang(github.com/coreos/go-systemd/activation)
BuildRequires: golang(github.com/coreos/go-systemd/daemon)
BuildRequires: golang(github.com/dchest/safefile)
BuildRequires: golang(github.com/facebookgo/pidfile)
BuildRequires: golang(github.com/hashicorp/go-immutable-radix)
BuildRequires: golang(github.com/hashicorp/golang-lru)
BuildRequires: golang(github.com/jedisct1/dlog)
BuildRequires: golang(github.com/jedisct1/go-clocksmith)
BuildRequires: golang(github.com/jedisct1/go-dnsstamps)
BuildRequires: golang(github.com/jedisct1/go-minisign)
BuildRequires: golang(github.com/jedisct1/xsecretbox)
BuildRequires: golang(github.com/k-sone/critbitgo)
BuildRequires: golang(github.com/kardianos/service)
BuildRequires: golang(github.com/miekg/dns)
BuildRequires: golang(github.com/VividCortex/ewma)
BuildRequires: golang(golang.org/x/crypto/curve25519)
BuildRequires: golang(golang.org/x/crypto/ed25519)
BuildRequires: golang(golang.org/x/crypto/nacl/box)
BuildRequires: golang(golang.org/x/crypto/nacl/secretbox)
BuildRequires: golang(golang.org/x/net/http2)
BuildRequires: golang(golang.org/x/net/proxy)
BuildRequires: golang(golang.org/x/sys/unix)
BuildRequires: golang(gopkg.in/natefinch/lumberjack.v2)
# For SELinux workaround
BuildRequires: selinux-policy-devel
Requires(post): policycoreutils
Requires(preun): policycoreutils
Requires(postun): policycoreutils
%{?systemd_requires}
%description
%{common_description}
%prep
%goprep
%build
for cmd in dnscrypt-proxy; do
%gobuild -o %{gobuilddir}/bin/$(basename $cmd) %{goipath}/$cmd
done
%install
install -m 0755 -vd %{buildroot}%{_bindir}
install -m 0755 -vp %{gobuilddir}/bin/* %{buildroot}%{_bindir}/
install -Dpm 0644 dnscrypt-proxy/example-dnscrypt-proxy.toml %{buildroot}%{_sysconfdir}/%{name}/dnscrypt-proxy.toml
install -Dpm 0644 dnscrypt-proxy/example-blacklist.txt %{buildroot}%{_sysconfdir}/%{name}/blacklist.txt
install -Dpm 0644 dnscrypt-proxy/example-cloaking-rules.txt %{buildroot}%{_sysconfdir}/%{name}/cloaking-rules.txt
install -Dpm 0644 dnscrypt-proxy/example-forwarding-rules.txt %{buildroot}%{_sysconfdir}/%{name}/forwarding-rules.txt
install -Dpm 0644 dnscrypt-proxy/example-whitelist.txt %{buildroot}%{_sysconfdir}/%{name}/whitelist.txt
install -Dpm 0644 %{S:1} %{buildroot}%{_unitdir}/%{name}.service
install -Dpm 0644 %{S:2} %{buildroot}%{_unitdir}/%{name}.socket
# Temporary SELinux workaround
# https://github.com/fedora-selinux/selinux-policy/issues/231
mkdir selinux
cd selinux
cat << EOF > my-ptproxy.te
module my-ptproxy 1.0;
require {
type var_t;
type init_t;
class dir { create setattr };
class lnk_file { create getattr read };
}
#============= init_t ==============
allow init_t var_t:dir { create setattr };
allow init_t var_t:lnk_file create;
EOF
make -f %{_datadir}/selinux/devel/Makefile
install -p -m 644 -D my-ptproxy.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/my-ptproxy.pp
%post
%systemd_post %{name}.service
if [ "$1" -le "1" ] ; then # First install
semodule -i %{_datadir}/selinux/packages/%{name}/my-ptproxy.pp 2>/dev/null || :
fi
%preun
%systemd_preun %{name}.service
if [ "$1" -lt "1" ] ; then # Final removal
semodule -r my-ptproxy 2>/dev/null || :
fi
%postun
%systemd_postun %{name}.service
if [ "$1" -ge "1" ] ; then # Upgrade
semodule -i %{_datadir}/selinux/packages/%{name}/my-ptproxy.pp 2>/dev/null || :
fi
%files
%license LICENSE
%doc README.md ChangeLog
%{_bindir}/%{name}
%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.toml
%config(noreplace) %{_sysconfdir}/%{name}/blacklist.txt
%config(noreplace) %{_sysconfdir}/%{name}/cloaking-rules.txt
%config(noreplace) %{_sysconfdir}/%{name}/forwarding-rules.txt
%config(noreplace) %{_sysconfdir}/%{name}/whitelist.txt
%{_datadir}/selinux/packages/%{name}/my-ptproxy.pp
%{_unitdir}/%{name}.*
%changelog
* Thu Sep 12 00:14:59 CEST 2019 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.27-1
- Release 2.0.27 (#1716575)
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.23-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Apr 29 00:37:56 CET 2019 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.23-1
- Release 2.0.23
* Mon Apr 01 16:13:44 CET 2019 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.22-1
- Release 2.0.22
* Thu Mar 14 2019 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.20-1
- Release 2.0.20
* Wed Feb 20 2019 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.19-3
- Add a policy for SELinux /var/cache creation
- Removed ProtectHome from the SystemD service to use with GNU Stow
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.19-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Nov 22 2018 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.19-1
- Release 2.0.19
* Thu Nov 15 2018 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.18-1
- Release 2.0.18
* Wed Oct 03 2018 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.17-1
- Update to 2.0.17
* Mon Aug 13 2018 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.16-2
- Add a policy for SELinux DynamicUser failures
* Tue Jul 17 2018 Robert-André Mauchin <zebob.m@gmail.com> - 2.0.16-1
- Update to 2.0.16
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Oct 02 2017 Remi Collet <remi@fedoraproject.org> - 1.9.0-5
- rebuild for libsodium
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Sun Jan 01 2017 Nikos Roussos <comzeradd@fedoraproject.org> 1.9.0-1
- Update to 1.9.0
* Tue Jul 05 2016 Nikos Roussos <comzeradd@fedoraproject.org> 1.6.1-4
- Add systemd support
* Mon Jun 06 2016 Nikos Roussos <comzeradd@fedoraproject.org> 1.6.1-3
- Fix license
* Mon Jun 06 2016 Nikos Roussos <comzeradd@fedoraproject.org> 1.6.1-2
- Add hardened flag
- Fix obsolete m4 macro
* Fri Apr 22 2016 Nikos Roussos <comzeradd@fedoraproject.org> 1.6.1-1
- Update to 1.6.1
* Sat Oct 24 2015 Nikos Roussos <comzeradd@fedoraproject.org> 1.6.0-1
- Initial package