From 076734f2d096578292b8d7437d0281c7803215a5 Mon Sep 17 00:00:00 2001 From: Robert-André Mauchin Date: Dec 16 2020 10:59:10 +0000 Subject: Fallback to recommended installation Signed-off-by: Robert-André Mauchin --- diff --git a/dnscrypt-proxy-2.0.44-custom_config.patch b/dnscrypt-proxy-2.0.44-custom_config.patch index c3a951c..ae7493d 100644 --- a/dnscrypt-proxy-2.0.44-custom_config.patch +++ b/dnscrypt-proxy-2.0.44-custom_config.patch @@ -1,129 +1,120 @@ diff -up dnscrypt-proxy-2.0.44/dnscrypt-proxy/example-dnscrypt-proxy.toml.orig dnscrypt-proxy-2.0.44/dnscrypt-proxy/example-dnscrypt-proxy.toml --- dnscrypt-proxy-2.0.44/dnscrypt-proxy/example-dnscrypt-proxy.toml.orig 2020-06-11 17:10:33.000000000 +0200 +++ dnscrypt-proxy-2.0.44/dnscrypt-proxy/example-dnscrypt-proxy.toml 2020-06-17 22:01:28.300972741 +0200 -@@ -36,7 +36,7 @@ - ## Example with both IPv4 and IPv6: - ## listen_addresses = ['127.0.0.1:53', '[::1]:53'] - --listen_addresses = ['127.0.0.1:53'] -+listen_addresses = [] - - - ## Maximum number of simultaneous client connections to accept @@ -146,7 +146,7 @@ keepalive = 30 ## This file is different from other log files, and will not be ## automatically rotated by the application. - + -# log_file = 'dnscrypt-proxy.log' +# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log' - - + + ## When using a log file, only keep logs from the most recent launch. @@ -156,7 +156,7 @@ keepalive = 30 - + ## Use the system logger (syslog on Unix, Event Log on Windows) - + -# use_syslog = true +use_syslog = true - - + + ## Delay, in minutes, after which certificates are reloaded @@ -310,7 +310,7 @@ reject_ttl = 600 - + ## See the `example-forwarding-rules.txt` file for an example - + -# forwarding_rules = 'forwarding-rules.txt' +# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt' - - - + + + @@ -324,7 +324,7 @@ reject_ttl = 600 ## ## See the `example-cloaking-rules.txt` file for an example - + -# cloaking_rules = 'cloaking-rules.txt' +# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt' - + ## TTL used when serving entries in cloaking-rules.txt - + @@ -408,7 +408,7 @@ cache_neg_max_ttl = 600 ## Path to the query log file (absolute, or relative to the same directory as the config file) ## On non-Windows systems, can be /dev/stdout to log to the standard output (also set log_files_max_size to 0) - + - # file = 'query.log' + # file = '/var/log/dnscrypt-proxy/query.log' - - + + ## Query log format (currently supported: tsv and ltsv) @@ -434,7 +434,7 @@ cache_neg_max_ttl = 600 - + ## Path to the query log file (absolute, or relative to the same directory as the config file) - + - # file = 'nx.log' + # file = '/var/log/dnscrypt-proxy/nx.log' - - + + ## Query log format (currently supported: tsv and ltsv) @@ -464,12 +464,12 @@ cache_neg_max_ttl = 600 - + ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) - + - # blacklist_file = 'blacklist.txt' + # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt' - - + + ## Optional path to a file logging blocked queries - + - # log_file = 'blocked.log' + # log_file = '/var/log/dnscrypt-proxy/blocked.log' - - + + ## Optional log format: tsv or ltsv (default: tsv) @@ -492,12 +492,12 @@ cache_neg_max_ttl = 600 - + ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) - + - # blacklist_file = 'ip-blacklist.txt' + # blacklist_file = '/etc/dnscrypt-proxy/ip-blacklist.txt' - - + + ## Optional path to a file logging blocked queries - + - # log_file = 'ip-blocked.log' + # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log' - - + + ## Optional log format: tsv or ltsv (default: tsv) @@ -520,12 +520,12 @@ cache_neg_max_ttl = 600 - + ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the config file) - + - # whitelist_file = 'whitelist.txt' + # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt' - - + + ## Optional path to a file logging whitelisted queries - + - # log_file = 'whitelisted.log' + # log_file = '/var/log/dnscrypt-proxy/whitelisted.log' - - + + ## Optional log format: tsv or ltsv (default: tsv) @@ -594,7 +594,7 @@ cache_neg_max_ttl = 600 - + [sources.'public-resolvers'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] - cache_file = 'public-resolvers.md' + cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md' minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' prefix = '' - + @@ -620,7 +620,7 @@ cache_neg_max_ttl = 600 - + # [sources.'parental-control'] # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md'] - # cache_file = 'parental-control.md' + # cache_file = '/var/cache/dnscrypt-proxy/parental-control.md' # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - - + + diff --git a/dnscrypt-proxy.service b/dnscrypt-proxy.service deleted file mode 100644 index fdbe238..0000000 --- a/dnscrypt-proxy.service +++ /dev/null @@ -1,27 +0,0 @@ -[Unit] -Description=DNSCrypt-proxy client -Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki - -Requires=dnscrypt-proxy.socket - -After=network-online.target -Wants=network-online.target - -Before=nss-lookup.target -Wants=nss-lookup.target - -[Service] -NonBlocking=true -ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml - -ProtectControlGroups=yes -ProtectKernelModules=yes - -DynamicUser=yes -CacheDirectory=dnscrypt-proxy -LogsDirectory=dnscrypt-proxy -RuntimeDirectory=dnscrypt-proxy - -[Install] -Also=dnscrypt-proxy.socket -WantedBy=multi-user.target diff --git a/dnscrypt-proxy.socket b/dnscrypt-proxy.socket deleted file mode 100644 index c7bcdad..0000000 --- a/dnscrypt-proxy.socket +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=DNSCrypt-proxy socket -Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki - -[Socket] -ListenStream=127.0.0.1:53 -ListenStream=[::1]:53 -ListenDatagram=127.0.0.1:53 -ListenDatagram=[::1]:53 -NoDelay=true -DeferAcceptSec=1 - -[Install] -WantedBy=sockets.target diff --git a/dnscrypt-proxy.spec b/dnscrypt-proxy.spec index 1398f35..62b4c59 100644 --- a/dnscrypt-proxy.spec +++ b/dnscrypt-proxy.spec @@ -35,15 +35,12 @@ Features: - Can force outgoing connections to use TCP; useful with tunnels such as Tor.} Name: dnscrypt-proxy -Release: 4%{?dist} +Release: 5%{?dist} Summary: Flexible DNS proxy, with support for encrypted DNS protocols License: ISC URL: %{gourl} Source0: %{gosource} -Source1: dnscrypt-proxy.service -Source2: dnscrypt-proxy.socket -Source3: override.conf # Largely inspired by Arch packaging # https://git.archlinux.org/svntogit/community.git/tree/trunk/configuration.diff?h=packages/dnscrypt-proxy @@ -104,9 +101,6 @@ install -Dpm 0644 dnscrypt-proxy/example-blacklist.txt %{buildroot}%{_sysconfdir install -Dpm 0644 dnscrypt-proxy/example-cloaking-rules.txt %{buildroot}%{_sysconfdir}/%{name}/cloaking-rules.txt install -Dpm 0644 dnscrypt-proxy/example-forwarding-rules.txt %{buildroot}%{_sysconfdir}/%{name}/forwarding-rules.txt install -Dpm 0644 dnscrypt-proxy/example-whitelist.txt %{buildroot}%{_sysconfdir}/%{name}/whitelist.txt -install -Dpm 0644 %{S:1} %{buildroot}%{_unitdir}/%{name}.service -install -Dpm 0644 %{S:2} %{buildroot}%{_unitdir}/%{name}.socket -install -Dpm 0644 %{S:3} %{buildroot}%{_unitdir}/dnscrypt-proxy.socket.d/override.conf # Temporary SELinux workaround # https://github.com/fedora-selinux/selinux-policy/issues/231 @@ -132,20 +126,21 @@ make -f %{_datadir}/selinux/devel/Makefile install -p -m 644 -D my-ptproxy.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/my-ptproxy.pp %post -%systemd_post %{name}.service if [ "$1" -le "1" ] ; then # First install +dnscrypt-proxy -service install --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml semodule -i %{_datadir}/selinux/packages/%{name}/my-ptproxy.pp 2>/dev/null || : fi %preun -%systemd_preun %{name}.service if [ "$1" -lt "1" ] ; then # Final removal +dnscrypt-proxy -service uninstall semodule -r my-ptproxy 2>/dev/null || : fi %postun -%systemd_postun %{name}.service if [ "$1" -ge "1" ] ; then # Upgrade +dnscrypt-proxy -service uninstall +dnscrypt-proxy -service install semodule -i %{_datadir}/selinux/packages/%{name}/my-ptproxy.pp 2>/dev/null || : fi @@ -160,12 +155,11 @@ fi %config(noreplace) %{_sysconfdir}/%{name}/forwarding-rules.txt %config(noreplace) %{_sysconfdir}/%{name}/whitelist.txt %{_datadir}/selinux/packages/%{name}/my-ptproxy.pp -%config(noreplace) %{_unitdir}/%{name}.socket -%{_unitdir}/%{name}.service -%dir %{_unitdir}/dnscrypt-proxy.socket.d/ -%config(noreplace) %{_unitdir}/dnscrypt-proxy.socket.d/override.conf %changelog +* Wed Dec 16 11:26:23 CET 2020 Robert-André Mauchin - 2.0.44-5 +- Fallback to recommended installation + * Mon Dec 14 07:03:11 CET 2020 Robert-André Mauchin - 2.0.44-4 - Keep config(noreplace) for %{_unitdir}/%{name}.socket diff --git a/override.conf b/override.conf deleted file mode 100644 index ce2a8fb..0000000 --- a/override.conf +++ /dev/null @@ -1,5 +0,0 @@ -[Socket] -ListenStream=127.0.0.1:53 -# ListenStream=[::1]:53 -ListenDatagram=127.0.0.1:53 -#ListenDatagram=[::1]:53