From 2076a2fe29cd5676b12f593a094a01096f1db210 Mon Sep 17 00:00:00 2001 From: Robert-André Mauchin Date: Jul 17 2018 17:10:47 +0000 Subject: Update to 2.0.16 --- diff --git a/.gitignore b/.gitignore index 20347fb..1fb2e80 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ /1.6.1.tar.gz /1.9.0.tar.gz +/dnscrypt-proxy-2.0.14.tar.gz +/dnscrypt-proxy-2.0.16.tar.gz diff --git a/dnscrypt-proxy-1.9.0-libtool-obsolete-macro.patch b/dnscrypt-proxy-1.9.0-libtool-obsolete-macro.patch deleted file mode 100644 index 7e7f89a..0000000 --- a/dnscrypt-proxy-1.9.0-libtool-obsolete-macro.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- dnscrypt-proxy-1.9.0/src/libevent-modified/configure.ac.orig 2016-12-29 12:21:29.000000000 +0200 -+++ dnscrypt-proxy-1.9.0/src/libevent-modified/configure.ac 2017-01-01 12:10:20.958416694 +0200 -@@ -99,7 +99,7 @@ - [], [enable_function_sections=no]) - - --AC_PROG_LIBTOOL -+LT_INIT - - dnl Uncomment "AC_DISABLE_SHARED" to make shared librraries not get - dnl built by default. You can also turn shared libs on and off from diff --git a/dnscrypt-proxy-2.0.14-custom_config.patch b/dnscrypt-proxy-2.0.14-custom_config.patch new file mode 100644 index 0000000..0362ae5 --- /dev/null +++ b/dnscrypt-proxy-2.0.14-custom_config.patch @@ -0,0 +1,126 @@ +diff -up dnscrypt-proxy-2.0.14/dnscrypt-proxy/example-dnscrypt-proxy.toml.custom_config dnscrypt-proxy-2.0.14/dnscrypt-proxy/example-dnscrypt-proxy.toml +--- dnscrypt-proxy-2.0.14/dnscrypt-proxy/example-dnscrypt-proxy.toml.custom_config 2018-04-27 01:14:14.000000000 +0200 ++++ dnscrypt-proxy-2.0.14/dnscrypt-proxy/example-dnscrypt-proxy.toml 2018-05-06 02:19:56.176052976 +0200 +@@ -33,7 +33,7 @@ + ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. + ## Note: When using systemd socket activation, choose an empty set (i.e. [] ). + +-listen_addresses = ['127.0.0.1:53', '[::1]:53'] ++listen_addresses = [] + + + ## Maximum number of simultaneous client connections to accept +@@ -99,12 +99,12 @@ keepalive = 30 + + ## log file for the application + +-# log_file = 'dnscrypt-proxy.log' ++# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log' + + + ## Use the system logger (syslog on Unix, Event Log on Windows) + +-# use_syslog = true ++use_syslog = true + + + ## Delay, in minutes, after which certificates are reloaded +@@ -197,7 +197,7 @@ block_ipv6 = false + ## example.com 9.9.9.9 + ## example.net 9.9.9.9,8.8.8.8,1.1.1.1 + +-# forwarding_rules = 'forwarding-rules.txt' ++# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt' + + + +@@ -213,7 +213,7 @@ block_ipv6 = false + ## example.com 10.1.1.1 + ## www.google.com forcesafesearch.google.com + +-# cloaking_rules = 'cloaking-rules.txt' ++# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt' + + + +@@ -262,7 +262,7 @@ cache_neg_max_ttl = 600 + + ## Path to the query log file (absolute, or relative to the same directory as the executable file) + +- # file = 'query.log' ++ # file = '/var/log/dnscrypt-proxy/query.log' + + + ## Query log format (currently supported: tsv and ltsv) +@@ -288,7 +288,7 @@ cache_neg_max_ttl = 600 + + ## Path to the query log file (absolute, or relative to the same directory as the executable file) + +- # file = 'nx.log' ++ # file = '/var/log/dnscrypt-proxy/nx.log' + + + ## Query log format (currently supported: tsv and ltsv) +@@ -318,12 +318,12 @@ cache_neg_max_ttl = 600 + + ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) + +- # blacklist_file = 'blacklist.txt' ++ # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt' + + + ## Optional path to a file logging blocked queries + +- # log_file = 'blocked.log' ++ # log_file = '/var/log/dnscrypt-proxy/blocked.log' + + + ## Optional log format: tsv or ltsv (default: tsv) +@@ -346,12 +346,12 @@ cache_neg_max_ttl = 600 + + ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) + +- # blacklist_file = 'ip-blacklist.txt' ++ # blacklist_file = '/etc/dnscrypt-proxy/ip-blacklist.txt' + + + ## Optional path to a file logging blocked queries + +- # log_file = 'ip-blocked.log' ++ # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log' + + + ## Optional log format: tsv or ltsv (default: tsv) +@@ -374,12 +374,12 @@ cache_neg_max_ttl = 600 + + ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file) + +- # whitelist_file = 'whitelist.txt' ++ # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt' + + + ## Optional path to a file logging whitelisted queries + +- # log_file = 'whitelisted.log' ++ # log_file = '/var/log/dnscrypt-proxy/whitelisted.log' + + + ## Optional log format: tsv or ltsv (default: tsv) +@@ -449,7 +449,7 @@ cache_neg_max_ttl = 600 + + [sources.'public-resolvers'] + urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] +- cache_file = 'public-resolvers.md' ++ cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md' + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + refresh_delay = 72 + prefix = '' +@@ -459,7 +459,7 @@ cache_neg_max_ttl = 600 + + # [sources.'parental-control'] + # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md'] +- # cache_file = 'parental-control.md' ++ # cache_file = '/var/cache/dnscrypt-proxy/parental-control.md' + # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + + diff --git a/dnscrypt-proxy.service b/dnscrypt-proxy.service new file mode 100644 index 0000000..0f3f73b --- /dev/null +++ b/dnscrypt-proxy.service @@ -0,0 +1,28 @@ +[Unit] +Description=DNSCrypt-proxy client +Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki + +Requires=dnscrypt-proxy.socket + +After=network-online.target +Wants=network-online.target + +Before=nss-lookup.target +Wants=nss-lookup.target + +[Service] +NonBlocking=true +ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml + +ProtectHome=yes +ProtectControlGroups=yes +ProtectKernelModules=yes + +DynamicUser=yes +CacheDirectory=dnscrypt-proxy +LogsDirectory=dnscrypt-proxy +RuntimeDirectory=dnscrypt-proxy + +[Install] +Also=dnscrypt-proxy.socket +WantedBy=multi-user.target diff --git a/dnscrypt-proxy.socket b/dnscrypt-proxy.socket new file mode 100644 index 0000000..c7bcdad --- /dev/null +++ b/dnscrypt-proxy.socket @@ -0,0 +1,14 @@ +[Unit] +Description=DNSCrypt-proxy socket +Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki + +[Socket] +ListenStream=127.0.0.1:53 +ListenStream=[::1]:53 +ListenDatagram=127.0.0.1:53 +ListenDatagram=[::1]:53 +NoDelay=true +DeferAcceptSec=1 + +[Install] +WantedBy=sockets.target diff --git a/dnscrypt-proxy.spec b/dnscrypt-proxy.spec index 8b44a28..289b99a 100644 --- a/dnscrypt-proxy.spec +++ b/dnscrypt-proxy.spec @@ -1,60 +1,130 @@ -%global _hardened_build 1 +%global goipath github.com/jedisct1/dnscrypt-proxy +Version: 2.0.16 + +%global common_description %{expand: +A flexible DNS proxy, with support for modern encrypted DNS protocols such as +DNSCrypt v2 and DNS-over-HTTP/2. + +Features: + + - DNS traffic encryption and authentication. Supports DNS-over-HTTPS (DoH) + and DNSCrypt. + - DNSSEC compatible + - DNS query monitoring, with separate log files for regular and suspicious + queries + - Pattern-based local blocking of DNS names and IP addresses + - Time-based filtering, with a flexible weekly schedule + - Transparent redirection of specific domains to specific resolvers + - DNS caching, to reduce latency and improve privacy + - Local IPv6 blocking to reduce latency on IPv4-only networks + - Load balancing: pick a set of resolvers, dnscrypt-proxy will automatically + measure and keep track of their speed, and balance the traffic across the + fastest available ones. + - Cloaking: like a HOSTS file on steroids, that can return preconfigured + addresses for specific names, or resolve and return the IP address of other + names. This can be used for local development as well as to enforce safe + search results on Google, Yahoo and Bing. + - Automatic background updates of resolvers lists + - Can force outgoing connections to use TCP; useful with tunnels such as Tor. +} + +%gometa + +Name: dnscrypt-proxy +Release: 1%{?dist} +Summary: A flexible DNS proxy, with support for encrypted DNS protocols +License: ISC +URL: %{gourl} +Source0: %{gourl}/archive/%{version}/%{name}-%{version}.tar.gz +Source1: dnscrypt-proxy.service +Source2: dnscrypt-proxy.socket + +# Largely inspired by Arch packaging +# https://git.archlinux.org/svntogit/community.git/tree/trunk/configuration.diff?h=packages/dnscrypt-proxy +Patch0: dnscrypt-proxy-2.0.14-custom_config.patch + +BuildRequires: systemd +BuildRequires: golang(github.com/BurntSushi/toml) +BuildRequires: golang(github.com/coreos/go-systemd/activation) +BuildRequires: golang(github.com/coreos/go-systemd/daemon) +BuildRequires: golang(github.com/dchest/safefile) +BuildRequires: golang(github.com/facebookgo/pidfile) +BuildRequires: golang(github.com/hashicorp/go-immutable-radix) +BuildRequires: golang(github.com/hashicorp/golang-lru) +BuildRequires: golang(github.com/jedisct1/dlog) +BuildRequires: golang(github.com/jedisct1/go-clocksmith) +BuildRequires: golang(github.com/jedisct1/go-dnsstamps) +BuildRequires: golang(github.com/jedisct1/go-minisign) +BuildRequires: golang(github.com/jedisct1/xsecretbox) +BuildRequires: golang(github.com/kardianos/service) +BuildRequires: golang(github.com/k-sone/critbitgo) +BuildRequires: golang(github.com/miekg/dns) +BuildRequires: golang(github.com/pquerna/cachecontrol/cacheobject) +BuildRequires: golang(github.com/VividCortex/ewma) +BuildRequires: golang(golang.org/x/crypto/curve25519) +BuildRequires: golang(golang.org/x/crypto/ed25519) +BuildRequires: golang(golang.org/x/crypto/nacl/box) +BuildRequires: golang(golang.org/x/crypto/nacl/secretbox) +BuildRequires: golang(golang.org/x/net/http2) +BuildRequires: golang(gopkg.in/natefinch/lumberjack.v2) + +%{?systemd_requires} -Name: dnscrypt-proxy -Version: 1.9.0 -Release: 7%{?dist} -Summary: DNSCrypt client +%description +%{common_description} -Group: System Environment/Daemons -License: MIT -URL: https://dnscrypt.org/ -Source0: https://github.com/jedisct1/%{name}/archive/%{version}.tar.gz -Patch0: dnscrypt-proxy-1.9.0-libtool-obsolete-macro.patch -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: libtool -BuildRequires: libtool-ltdl-devel -BuildRequires: gettext-devel -BuildRequires: libevent-devel -BuildRequires: libsodium-devel -BuildRequires: systemd-devel +%prep +%forgeautosetup -p1 +rm -rf vendor -%description -DNSCrypt is a protocol that authenticates communications between a DNS -client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic -signatures to verify that responses originate from the chosen DNS resolver -and haven't been tampered with. +%build +%gobuildroot +%gobuild -o _bin/%{name} %{goipath}/%{name} -%prep -%setup -n %{name}-%{version} -q -%patch0 -p1 +%install +install -Dpm 0755 _bin/%{name} %{buildroot}%{_bindir}/%{name} +install -Dpm 0644 dnscrypt-proxy/example-dnscrypt-proxy.toml %{buildroot}%{_sysconfdir}/%{name}/dnscrypt-proxy.toml +install -Dpm 0644 dnscrypt-proxy/example-blacklist.txt %{buildroot}%{_sysconfdir}/%{name}/blacklist.txt +install -Dpm 0644 dnscrypt-proxy/example-cloaking-rules.txt %{buildroot}%{_sysconfdir}/%{name}/cloaking-rules.txt +install -Dpm 0644 dnscrypt-proxy/example-forwarding-rules.txt %{buildroot}%{_sysconfdir}/%{name}/forwarding-rules.txt +install -Dpm 0644 dnscrypt-proxy/example-whitelist.txt %{buildroot}%{_sysconfdir}/%{name}/whitelist.txt +install -Dpm 0644 %{S:1} %{buildroot}%{_unitdir}/%{name}.service +install -Dpm 0644 %{S:2} %{buildroot}%{_unitdir}/%{name}.socket -%build -./autogen.sh -%configure --prefix=/usr --disable-static --with-systemd -make CFLAGS="%{optflags}" %{?_smp_mflags} +%post +%systemd_post %{name}.service -%install -make install DESTDIR=%{buildroot} + +%preun +%systemd_preun %{name}.service + + +%postun +%systemd_postun %{name}.service %files -%{_bindir}/hostip -%{_sbindir}/%{name} -%{_sysconfdir}/%{name}* -%{_includedir}/dnscrypt/ -%{_libdir}/%{name}/ -%{_usr}/share/%{name} -%{_mandir}/man8/%{name}* -%{_mandir}/man8/hostip* +%license LICENSE +%doc README.md ChangeLog +%{_bindir}/%{name} +%dir %{_sysconfdir}/%{name} +%config(noreplace) %{_sysconfdir}/%{name}/%{name}.toml +%config(noreplace) %{_sysconfdir}/%{name}/blacklist.txt +%config(noreplace) %{_sysconfdir}/%{name}/cloaking-rules.txt +%config(noreplace) %{_sysconfdir}/%{name}/forwarding-rules.txt +%config(noreplace) %{_sysconfdir}/%{name}/whitelist.txt +%{_unitdir}/%{name}.* %changelog +* Tue Jul 17 2018 Robert-André Mauchin - 2.0.16-1 +- Update to 2.0.16 + * Thu Jul 12 2018 Fedora Release Engineering - 1.9.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild @@ -91,3 +161,4 @@ make install DESTDIR=%{buildroot} * Sat Oct 24 2015 Nikos Roussos 1.6.0-1 - Initial package + diff --git a/sources b/sources index 198f54f..d1fdc3d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (1.9.0.tar.gz) = 5aa6ac97de14f40db12e62ba942f5ef82c7f751aa601364019be40ee6d12325c2e6f73249a23e4164e98840a108ed0b1eaafeee3e27cdb71e3312a8a28eef022 +SHA512 (dnscrypt-proxy-2.0.16.tar.gz) = f138df20560dd440a2ed390c1468d630191ae7b0e50521b4dde3fa7ef4377c3ae6409e8c547858bace53216c84aeeea6794305546b9ff87832f704c160c6782f