From 40c5347df3e68ae194402e90ef9e73714ba3a0df Mon Sep 17 00:00:00 2001 From: Robert-André Mauchin Date: Mar 30 2021 18:31:55 +0000 Subject: - Since version 2.0.45, some of the configuration files have been renamed. Please merge your config to /etc/dnscrypt-proxy/dnscrypt-proxy.toml.rpmnew then replace dnscrypt-proxy.toml with that file. Read /usr/share/doc/dnscrypt-proxy/ChangeLog to know more about this change. - generate-domains-blocklist is now provided in /usr/share/doc/dnscrypt-proxy/ - Fix: rhbz#1943749 - Update to 2.0.45 - Close: rhbz#1912171 --- diff --git a/.gitignore b/.gitignore index d513b39..6d575f5 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ /dnscrypt-proxy-2.0.35.tar.gz /dnscrypt-proxy-2.0.36.tar.gz /dnscrypt-proxy-2.0.44.tar.gz +/dnscrypt-proxy-2.0.45.tar.gz diff --git a/dnscrypt-proxy-2.0.44-custom_config.patch b/dnscrypt-proxy-2.0.44-custom_config.patch deleted file mode 100644 index ae7493d..0000000 --- a/dnscrypt-proxy-2.0.44-custom_config.patch +++ /dev/null @@ -1,120 +0,0 @@ -diff -up dnscrypt-proxy-2.0.44/dnscrypt-proxy/example-dnscrypt-proxy.toml.orig dnscrypt-proxy-2.0.44/dnscrypt-proxy/example-dnscrypt-proxy.toml ---- dnscrypt-proxy-2.0.44/dnscrypt-proxy/example-dnscrypt-proxy.toml.orig 2020-06-11 17:10:33.000000000 +0200 -+++ dnscrypt-proxy-2.0.44/dnscrypt-proxy/example-dnscrypt-proxy.toml 2020-06-17 22:01:28.300972741 +0200 -@@ -146,7 +146,7 @@ keepalive = 30 - ## This file is different from other log files, and will not be - ## automatically rotated by the application. - --# log_file = 'dnscrypt-proxy.log' -+# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log' - - - ## When using a log file, only keep logs from the most recent launch. -@@ -156,7 +156,7 @@ keepalive = 30 - - ## Use the system logger (syslog on Unix, Event Log on Windows) - --# use_syslog = true -+use_syslog = true - - - ## Delay, in minutes, after which certificates are reloaded -@@ -310,7 +310,7 @@ reject_ttl = 600 - - ## See the `example-forwarding-rules.txt` file for an example - --# forwarding_rules = 'forwarding-rules.txt' -+# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt' - - - -@@ -324,7 +324,7 @@ reject_ttl = 600 - ## - ## See the `example-cloaking-rules.txt` file for an example - --# cloaking_rules = 'cloaking-rules.txt' -+# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt' - - ## TTL used when serving entries in cloaking-rules.txt - -@@ -408,7 +408,7 @@ cache_neg_max_ttl = 600 - ## Path to the query log file (absolute, or relative to the same directory as the config file) - ## On non-Windows systems, can be /dev/stdout to log to the standard output (also set log_files_max_size to 0) - -- # file = 'query.log' -+ # file = '/var/log/dnscrypt-proxy/query.log' - - - ## Query log format (currently supported: tsv and ltsv) -@@ -434,7 +434,7 @@ cache_neg_max_ttl = 600 - - ## Path to the query log file (absolute, or relative to the same directory as the config file) - -- # file = 'nx.log' -+ # file = '/var/log/dnscrypt-proxy/nx.log' - - - ## Query log format (currently supported: tsv and ltsv) -@@ -464,12 +464,12 @@ cache_neg_max_ttl = 600 - - ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) - -- # blacklist_file = 'blacklist.txt' -+ # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt' - - - ## Optional path to a file logging blocked queries - -- # log_file = 'blocked.log' -+ # log_file = '/var/log/dnscrypt-proxy/blocked.log' - - - ## Optional log format: tsv or ltsv (default: tsv) -@@ -492,12 +492,12 @@ cache_neg_max_ttl = 600 - - ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) - -- # blacklist_file = 'ip-blacklist.txt' -+ # blacklist_file = '/etc/dnscrypt-proxy/ip-blacklist.txt' - - - ## Optional path to a file logging blocked queries - -- # log_file = 'ip-blocked.log' -+ # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log' - - - ## Optional log format: tsv or ltsv (default: tsv) -@@ -520,12 +520,12 @@ cache_neg_max_ttl = 600 - - ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the config file) - -- # whitelist_file = 'whitelist.txt' -+ # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt' - - - ## Optional path to a file logging whitelisted queries - -- # log_file = 'whitelisted.log' -+ # log_file = '/var/log/dnscrypt-proxy/whitelisted.log' - - - ## Optional log format: tsv or ltsv (default: tsv) -@@ -594,7 +594,7 @@ cache_neg_max_ttl = 600 - - [sources.'public-resolvers'] - urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] -- cache_file = 'public-resolvers.md' -+ cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md' - minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - prefix = '' - -@@ -620,7 +620,7 @@ cache_neg_max_ttl = 600 - - # [sources.'parental-control'] - # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md'] -- # cache_file = 'parental-control.md' -+ # cache_file = '/var/cache/dnscrypt-proxy/parental-control.md' - # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - - diff --git a/dnscrypt-proxy-2.0.45-custom_config.patch b/dnscrypt-proxy-2.0.45-custom_config.patch new file mode 100644 index 0000000..46d7fdf --- /dev/null +++ b/dnscrypt-proxy-2.0.45-custom_config.patch @@ -0,0 +1,153 @@ +diff -up dnscrypt-proxy-2.0.45/dnscrypt-proxy/example-dnscrypt-proxy.toml.orig dnscrypt-proxy-2.0.45/dnscrypt-proxy/example-dnscrypt-proxy.toml +--- dnscrypt-proxy-2.0.45/dnscrypt-proxy/example-dnscrypt-proxy.toml.orig 2021-01-03 18:18:46.000000000 +0100 ++++ dnscrypt-proxy-2.0.45/dnscrypt-proxy/example-dnscrypt-proxy.toml 2021-03-30 18:18:19.145920799 +0200 +@@ -157,7 +157,7 @@ keepalive = 30 + ## This file is different from other log files, and will not be + ## automatically rotated by the application. + +-# log_file = 'dnscrypt-proxy.log' ++# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log' + + + ## When using a log file, only keep logs from the most recent launch. +@@ -167,7 +167,7 @@ keepalive = 30 + + ## Use the system logger (syslog on Unix, Event Log on Windows) + +-# use_syslog = true ++use_syslog = true + + + ## Delay, in minutes, after which certificates are reloaded +@@ -325,7 +325,7 @@ reject_ttl = 600 + + ## See the `example-forwarding-rules.txt` file for an example + +-# forwarding_rules = 'forwarding-rules.txt' ++# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt' + + + +@@ -339,7 +339,7 @@ reject_ttl = 600 + ## + ## See the `example-cloaking-rules.txt` file for an example + +-# cloaking_rules = 'cloaking-rules.txt' ++# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt' + + ## TTL used when serving entries in cloaking-rules.txt + +@@ -392,7 +392,7 @@ cache_neg_max_ttl = 600 + ## check for connectivity and captive portals, along with hard-coded + ## IP addresses to return. + +-# map_file = 'example-captive-portals.txt' ++# map_file = '/etc/dnscrypt-proxy/example-captive-portals.txt' + + + +@@ -438,7 +438,7 @@ cache_neg_max_ttl = 600 + ## Path to the query log file (absolute, or relative to the same directory as the config file) + ## Can be set to /dev/stdout in order to log to the standard output. + +- # file = 'query.log' ++ # file = '/var/log/dnscrypt-proxy/query.log' + + + ## Query log format (currently supported: tsv and ltsv) +@@ -464,7 +464,7 @@ cache_neg_max_ttl = 600 + + ## Path to the query log file (absolute, or relative to the same directory as the config file) + +- # file = 'nx.log' ++ # file = '/var/log/dnscrypt-proxy/nx.log' + + + ## Query log format (currently supported: tsv and ltsv) +@@ -494,12 +494,12 @@ cache_neg_max_ttl = 600 + + ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) + +- # blocked_names_file = 'blocked-names.txt' ++ # blocked_names_file = '/etc/dnscrypt-proxy/blocked-names.txt' + + + ## Optional path to a file logging blocked queries + +- # log_file = 'blocked-names.log' ++ # log_file = '/var/log/dnscrypt-proxy/blocked-names.log' + + + ## Optional log format: tsv or ltsv (default: tsv) +@@ -522,12 +522,12 @@ cache_neg_max_ttl = 600 + + ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) + +- # blocked_ips_file = 'blocked-ips.txt' ++ # blocked_ips_file = '/etc/dnscrypt-proxy/blocked-ips.txt' + + + ## Optional path to a file logging blocked queries + +- # log_file = 'blocked-ips.log' ++ # log_file = '/var/log/dnscrypt-proxy/blocked-ips.log' + + + ## Optional log format: tsv or ltsv (default: tsv) +@@ -550,12 +550,12 @@ cache_neg_max_ttl = 600 + + ## Path to the file of allow list rules (absolute, or relative to the same directory as the config file) + +- # allowed_names_file = 'allowed-names.txt' ++ # allowed_names_file = '/etc/dnscrypt-proxy/allowed-names.txt' + + + ## Optional path to a file logging allowed queries + +- # log_file = 'allowed-names.log' ++ # log_file = '/var/log/dnscrypt-proxy/allowed-names.log' + + + ## Optional log format: tsv or ltsv (default: tsv) +@@ -578,12 +578,12 @@ cache_neg_max_ttl = 600 + + ## Path to the file of allowed ip rules (absolute, or relative to the same directory as the config file) + +- # allowed_ips_file = 'allowed-ips.txt' ++ # allowed_ips_file = '/etc/dnscrypt-proxy/allowed-ips.txt' + + + ## Optional path to a file logging allowed queries + +- # log_file = 'allowed-ips.log' ++ # log_file = '/var/log/dnscrypt-proxy/allowed-ips.log' + + ## Optional log format: tsv or ltsv (default: tsv) + +@@ -654,7 +654,7 @@ cache_neg_max_ttl = 600 + + [sources.'public-resolvers'] + urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://download.dnscrypt.net/resolvers-list/v3/public-resolvers.md'] +- cache_file = 'public-resolvers.md' ++ cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md' + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + refresh_delay = 72 + prefix = '' +@@ -663,7 +663,7 @@ cache_neg_max_ttl = 600 + + [sources.'relays'] + urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://download.dnscrypt.net/resolvers-list/v3/relays.md'] +- cache_file = 'relays.md' ++ cache_file = '/var/cache/dnscrypt-proxy/relays.md' + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + refresh_delay = 72 + prefix = '' +@@ -681,7 +681,7 @@ cache_neg_max_ttl = 600 + + # [sources.'parental-control'] + # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://download.dnscrypt.net/resolvers-list/v3/parental-control.md'] +- # cache_file = 'parental-control.md' ++ # cache_file = '/var/cache/dnscrypt-proxy/parental-control.md' + # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + + diff --git a/dnscrypt-proxy.spec b/dnscrypt-proxy.spec index 357500e..1658055 100644 --- a/dnscrypt-proxy.spec +++ b/dnscrypt-proxy.spec @@ -3,8 +3,8 @@ # https://github.com/jedisct1/dnscrypt-proxy %global goipath github.com/jedisct1/dnscrypt-proxy -Version: 2.0.44 -%global tag 2.0.44 +Version: 2.0.45 +%global tag 2.0.45 %gometa @@ -35,7 +35,7 @@ Features: - Can force outgoing connections to use TCP; useful with tunnels such as Tor.} Name: dnscrypt-proxy -Release: 9%{?dist} +Release: 1%{?dist} Summary: Flexible DNS proxy, with support for encrypted DNS protocols License: ISC @@ -44,13 +44,12 @@ Source0: %{gosource} # Largely inspired by Arch packaging # https://git.archlinux.org/svntogit/community.git/tree/trunk/configuration.diff?h=packages/dnscrypt-proxy -Patch0: dnscrypt-proxy-2.0.44-custom_config.patch +Patch0: dnscrypt-proxy-2.0.45-custom_config.patch BuildRequires: golang(github.com/BurntSushi/toml) BuildRequires: golang(github.com/coreos/go-systemd/activation) BuildRequires: golang(github.com/coreos/go-systemd/daemon) BuildRequires: golang(github.com/dchest/safefile) -BuildRequires: golang(github.com/facebookgo/pidfile) BuildRequires: golang(github.com/hashicorp/go-immutable-radix) BuildRequires: golang(github.com/hashicorp/golang-lru) BuildRequires: golang(github.com/jedisct1/dlog) @@ -71,14 +70,6 @@ BuildRequires: golang(golang.org/x/net/proxy) BuildRequires: golang(golang.org/x/sys/unix) BuildRequires: golang(gopkg.in/natefinch/lumberjack.v2) - -# For SELinux workaround -BuildRequires: selinux-policy-devel -BuildRequires: make -Requires(post): policycoreutils -Requires(preun): policycoreutils -Requires(postun): policycoreutils - %description %{common_description} @@ -95,73 +86,56 @@ done install -m 0755 -vd %{buildroot}%{_bindir} install -m 0755 -vp %{gobuilddir}/bin/* %{buildroot}%{_bindir}/ install -Dpm 0644 dnscrypt-proxy/example-dnscrypt-proxy.toml %{buildroot}%{_sysconfdir}/%{name}/dnscrypt-proxy.toml -install -Dpm 0644 dnscrypt-proxy/example-blacklist.txt %{buildroot}%{_sysconfdir}/%{name}/blacklist.txt -install -Dpm 0644 dnscrypt-proxy/example-cloaking-rules.txt %{buildroot}%{_sysconfdir}/%{name}/cloaking-rules.txt -install -Dpm 0644 dnscrypt-proxy/example-forwarding-rules.txt %{buildroot}%{_sysconfdir}/%{name}/forwarding-rules.txt -install -Dpm 0644 dnscrypt-proxy/example-whitelist.txt %{buildroot}%{_sysconfdir}/%{name}/whitelist.txt - -# Temporary SELinux workaround -# https://github.com/fedora-selinux/selinux-policy/issues/231 -mkdir selinux -cd selinux - -cat << EOF > my-ptproxy.te -module my-ptproxy 1.0; - -require { -type var_t; -type init_t; -class dir { create setattr }; -class lnk_file { create getattr read }; -} - -#============= init_t ============== -allow init_t var_t:dir { create setattr }; -allow init_t var_t:lnk_file create; -EOF - -make -f %{_datadir}/selinux/devel/Makefile -install -p -m 644 -D my-ptproxy.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/my-ptproxy.pp +install -Dpm 0644 dnscrypt-proxy/example-allowed-ips.txt %{buildroot}%{_sysconfdir}/%{name}/allowed-ips.txt +install -Dpm 0644 dnscrypt-proxy/example-allowed-names.txt %{buildroot}%{_sysconfdir}/%{name}/allowed-names.txt +install -Dpm 0644 dnscrypt-proxy/example-blocked-ips.txt %{buildroot}%{_sysconfdir}/%{name}/blocked-ips.txt +install -Dpm 0644 dnscrypt-proxy/example-blocked-names.txt %{buildroot}%{_sysconfdir}/%{name}/blocked-names.txt +install -Dpm 0644 dnscrypt-proxy/example-captive-portals.txt %{buildroot}%{_sysconfdir}/%{name}/captive-portals.txt +install -Dpm 0644 dnscrypt-proxy/example-cloaking-rules.txt %{buildroot}%{_sysconfdir}/%{name}/cloaking-rules.txt +install -Dpm 0644 dnscrypt-proxy/example-forwarding-rules.txt %{buildroot}%{_sysconfdir}/%{name}/forwarding-rules.txt %post if [ "$1" -le "1" ] ; then # First install -dnscrypt-proxy -service install --config %{_sysconfdir}/dnscrypt-proxy/dnscrypt-proxy.toml -semodule -i %{_datadir}/selinux/packages/%{name}/my-ptproxy.pp 2>/dev/null || : + dnscrypt-proxy -service install --config %{_sysconfdir}/dnscrypt-proxy/dnscrypt-proxy.toml fi if [ "$1" -ge "2" ] ; then -# Remove in F36 -rm -rf %{_unitdir}/dnscrypt-proxy.service %{_unitdir}/dnscrypt-proxy.socket -dnscrypt-proxy -service uninstall -dnscrypt-proxy -service install --config %{_sysconfdir}/dnscrypt-proxy/dnscrypt-proxy.toml + # Remove in F36 + rm -rf %{_unitdir}/dnscrypt-proxy.service %{_unitdir}/dnscrypt-proxy.socket fi %preun if [ "$1" -lt "1" ] ; then # Final removal -dnscrypt-proxy -service uninstall -semodule -r my-ptproxy 2>/dev/null || : + dnscrypt-proxy -service uninstall fi %postun if [ "$1" -ge "1" ] ; then # Upgrade -dnscrypt-proxy -service uninstall -dnscrypt-proxy -service install --config %{_sysconfdir}/dnscrypt-proxy/dnscrypt-proxy.toml -semodule -i %{_datadir}/selinux/packages/%{name}/my-ptproxy.pp 2>/dev/null || : + dnscrypt-proxy -service install --config %{_sysconfdir}/dnscrypt-proxy/dnscrypt-proxy.toml fi %files %license LICENSE %doc README.md ChangeLog +%doc utils/generate-domains-blocklist/ %{_bindir}/%{name} -%dir %{_sysconfdir}/%{name} -%ghost %{_sysconfdir}/systemd/system/dnscrypt-proxy.service +%dir %{_sysconfdir}/%{name}/ %config(noreplace) %{_sysconfdir}/%{name}/%{name}.toml -%config(noreplace) %{_sysconfdir}/%{name}/blacklist.txt -%config(noreplace) %{_sysconfdir}/%{name}/cloaking-rules.txt -%config(noreplace) %{_sysconfdir}/%{name}/forwarding-rules.txt -%config(noreplace) %{_sysconfdir}/%{name}/whitelist.txt -%{_datadir}/selinux/packages/%{name}/my-ptproxy.pp +%config(noreplace) %{_sysconfdir}/%{name}/*.txt +%ghost %config(noreplace) %{_sysconfdir}/%{name}/blacklist.txt +%ghost %config(noreplace) %{_sysconfdir}/%{name}/whitelist.txt +%ghost %{_sysconfdir}/systemd/system/dnscrypt-proxy.service %changelog +* Tue Mar 30 18:29:49 CEST 2021 Robert-André Mauchin - 2.0.45-1 +- Since version 2.0.45, some of the configuration files have been renamed. +Please merge your config to /etc/dnscrypt-proxy/dnscrypt-proxy.toml.rpmnew then +replace dnscrypt-proxy.toml with that file. +Read /usr/share/doc/dnscrypt-proxy/ChangeLog to know more about this change. +- generate-domains-blocklist is now provided in /usr/share/doc/dnscrypt-proxy/ +- Fix: rhbz#1943749 +- Update to 2.0.45 +- Close: rhbz#1912171 + * Tue Jan 26 2021 Fedora Release Engineering - 2.0.44-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild diff --git a/sources b/sources index a9cfc0f..16cb986 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (dnscrypt-proxy-2.0.44.tar.gz) = 009e2b669c1d6f6cd6b41f5e04d08735587f420dacdea8d422a3c12a62614c1ce1963deebca3af1f956070abd9ff5df9182cb27e31fa0fac8a95478739445801 +SHA512 (dnscrypt-proxy-2.0.45.tar.gz) = becfe3c2d4567725e6b7e973647163e32dd2eaae361087bb05c90b6ddc3b0db0891c2725f6b5c255b8965990832bad53bd6ef137be54a342f46594f3633fe47a