Date: Wed, 2 Sep 2015 22:17:45 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r395912 - in head: . dns dns/dnscrypt-wrapper dns/dnscrypt-wrapper/files Message-ID: <201509022217.t82MHjos058307@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Wed Sep 2 22:17:45 2015 New Revision: 395912 URL: https://svnweb.freebsd.org/changeset/ports/395912 Log: New Port: dns/dnscrypt-wrapper This is a port of dnscrypt-wrapper, which adds dnscrypt support to any name resolver. It is the server-side counterpart of dnscrypt-proxy, and is in fact derived from its source. PR: 200015 Submitted by: freebsd@toyingwithfate.com Approved by: feld (mentor) Differential Revision: https://reviews.freebsd.org/D3535 Added: head/dns/dnscrypt-wrapper/ head/dns/dnscrypt-wrapper/Makefile (contents, props changed) head/dns/dnscrypt-wrapper/distinfo (contents, props changed) head/dns/dnscrypt-wrapper/files/ head/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in (contents, props changed) head/dns/dnscrypt-wrapper/pkg-descr (contents, props changed) head/dns/dnscrypt-wrapper/pkg-plist (contents, props changed) Modified: head/UIDs head/dns/Makefile Modified: head/UIDs ============================================================================== --- head/UIDs Wed Sep 2 22:16:07 2015 (r395911) +++ head/UIDs Wed Sep 2 22:17:45 2015 (r395912) @@ -226,6 +226,7 @@ riak:*:667:667::0:0:Riak user:/usr/local bnetd:*:700:700::0:0:Bnetd user:/nonexistent:/usr/sbin/nologin fastnetmon:*:701:701::0:0:FastNetMon user:/nonexistent:/usr/sbin/nologin bopm:*:717:717::0:0:Blitzed Open Proxy Monitor:/nonexistent:/bin/sh +_dnscrypt-wrapper:*:718:65534::0:0:dnscrypt-wrapper user:/var/empty:/usr/sbin/nologin openxpki:*:777:777::0:0:OpenXPKI Owner:/nonexistent:/usr/sbin/nologin zetacoin:*:780:780::0:0:ZetaCoin Daemon:/nonexistent:/usr/sbin/nologin foreman_proxy:*:812:812::0:0:Foreman Smart Proxy:/usr/local/share/foreman-proxy:/usr/sbin/nologin Modified: head/dns/Makefile ============================================================================== --- head/dns/Makefile Wed Sep 2 22:16:07 2015 (r395911) +++ head/dns/Makefile Wed Sep 2 22:17:45 2015 (r395912) @@ -34,6 +34,7 @@ SUBDIR += dnscheck SUBDIR += dnscheckengine SUBDIR += dnscrypt-proxy + SUBDIR += dnscrypt-wrapper SUBDIR += dnsdbck SUBDIR += dnsdist SUBDIR += dnsflood Added: head/dns/dnscrypt-wrapper/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnscrypt-wrapper/Makefile Wed Sep 2 22:17:45 2015 (r395912) @@ -0,0 +1,32 @@ +# $FreeBSD$ + +PORTNAME= dnscrypt-wrapper +PORTVERSION= 0.2 +CATEGORIES= dns + +MAINTAINER= freebsd@toyingwithfate.com +COMMENT= Adds dnscrypt support to any name resolver + +LICENSE= GPLv2 +LICENSE_FILE= ${WRKSRC}/COPYING + +LIB_DEPENDS= libsodium.so:${PORTSDIR}/security/libsodium \ + libevent.so:${PORTSDIR}/devel/libevent2 + +USE_GITHUB= yes +GH_ACCOUNT= Cofyc +GH_TAGNAME= v${PORTVERSION} + +USERS= _dnscrypt-wrapper +ETCDNSCRYPTWRAPPER= ${PREFIX}/etc/${PORTNAME} +SUB_LIST+= ETCDNSCRYPTWRAPPER="${ETCDNSCRYPTWRAPPER}" USERS="${USERS}" +USE_RC_SUBR= ${PORTNAME} + +USES= gmake +MAKE_ARGS= LDFLAGS="-L${LOCALBASE}/lib" CFLAGS="-I${LOCALBASE}/include" PREFIX="${STAGEDIR}${PREFIX}" + +post-install: + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/* + ${MKDIR} ${STAGEDIR}${ETCDNSCRYPTWRAPPER} + +.include <bsd.port.mk> Added: head/dns/dnscrypt-wrapper/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnscrypt-wrapper/distinfo Wed Sep 2 22:17:45 2015 (r395912) @@ -0,0 +1,2 @@ +SHA256 (Cofyc-dnscrypt-wrapper-0.2-v0.2_GH0.tar.gz) = 36612c5eb440658a27619ae6e345582e6e3be7a40e9215ea82ac6f65c15de95f +SIZE (Cofyc-dnscrypt-wrapper-0.2-v0.2_GH0.tar.gz) = 50925 Added: head/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in Wed Sep 2 22:17:45 2015 (r395912) @@ -0,0 +1,109 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: dnscrypt_wrapper +# REQUIRE: LOGIN +# KEYWORD: shutdown + +# Add the following lines to /etc/rc.conf to enable dnscrypt-wrapper: +# +# dnscrypt_wrapper_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable dnscrypt_wrapper. +# dnscrypt_wrapper_uid (str): Set to "%%USERS%%" by default. +# User to switch to after starting. +# dnscrypt_wrapper_pidfile (str): Set to "/var/run/dnscrypt-wrapper.pid" by default. +# Path of the pid file. +# dnscrypt_wrapper_logfile (str): Set to "/var/log/dnscrypt-wrapper.log" by default. +# Path of the log file. +# dnscrypt_wrapper_resolver (str): Set to "127.0.0.1:53" by default. +# <address:port> to reach the upstream DNS resolver at. +# dnscrypt_wrapper_listen (str): Set to "0.0.0.0:54" by default. +# <address:port> to listen on. +# dnscrypt_wrapper_crypt_secretkey_file (str): Set to "%%ETCDNSCRYPTWRAPPER%%/crypt_secret.key" by default. +# Path of the secret crypt key. +# dnscrypt_wrapper_provider_cert_file (str): Set to "%%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert" by default. +# Path of the pre-signed certificate. +# dnscrypt_wrapper_provider_name (str): Set to "2.dnscrypt-cert.`/bin/hostname`" by default. +# Provider name. + +. /etc/rc.subr + +name=dnscrypt_wrapper +rcvar=dnscrypt_wrapper_enable + +# read configuration and set defaults +load_rc_config ${name} +: ${dnscrypt_wrapper_enable:=NO} +: ${dnscrypt_wrapper_uid=%%USERS%%} +: ${dnscrypt_wrapper_pidfile=/var/run/dnscrypt-wrapper.pid} +: ${dnscrypt_wrapper_logfile=/var/log/dnscrypt-wrapper.log} +: ${dnscrypt_wrapper_resolver=127.0.0.1:53} +: ${dnscrypt_wrapper_listen=0.0.0.0:54} +: ${dnscrypt_wrapper_crypt_secretkey_file=%%ETCDNSCRYPTWRAPPER%%/crypt_secret.key} +: ${dnscrypt_wrapper_provider_cert_file=%%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert} +: ${dnscrypt_wrapper_provider_name=2.dnscrypt-cert.`/bin/hostname`} + +command=%%PREFIX%%/sbin/dnscrypt-wrapper +extra_commands="checks check_name keygen" +start_precmd="${name}_checks" +command_args="-a ${dnscrypt_wrapper_listen} -r ${dnscrypt_wrapper_resolver} -u ${dnscrypt_wrapper_uid} -d -p ${dnscrypt_wrapper_pidfile} -l ${dnscrypt_wrapper_logfile} --crypt-secretkey-file=${dnscrypt_wrapper_crypt_secretkey_file} --provider-cert-file=${dnscrypt_wrapper_provider_cert_file} --provider-name=${dnscrypt_wrapper_provider_name} -V" +procname=%%PREFIX%%/sbin/dnscrypt-wrapper +pidfile=${dnscrypt_wrapper_pidfile} + +dnscrypt_wrapper_check_name() +{ + if [ -z "${dnscrypt_wrapper_provider_name}" ]; then + err 1 '${dnscrypt_wrapper_provider_name} must be set in /etc/rc.conf' + fi +} + +dnscrypt_wrapper_keygen() +{ + if [ -f %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key -a \ + -f %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert ]; then + return 0 + fi + + cd %%ETCDNSCRYPTWRAPPER%%/ + umask 077 + + # Can't do anything if dnscrypt-wrapper is not installed + [ -x %%PREFIX%%/sbin/dnscrypt-wrapper ] || + err 1 "%%PREFIX%%/sbin/dnscrypt-wrapper does not exist." + + if [ -f %%ETCDNSCRYPTWRAPPER%%/public.key -a \ + -f %%ETCDNSCRYPTWRAPPER%%/secret.key ]; then + echo "You already have a provider keypair in:" + echo " %%ETCDNSCRYPTWRAPPER%%/public.key and %%ETCDNSCRYPTWRAPPER%%/secret.key" + echo "Skipping provider keypair generation." + else + %%PREFIX%%/sbin/dnscrypt-wrapper --gen-provider-keypair + fi + + if [ -f %%ETCDNSCRYPTWRAPPER%%/crypt_public.key -a \ + -f %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key ]; then + echo "You already have a crypt keypair in:" + echo " %%ETCDNSCRYPTWRAPPER%%/crypt_public.key and %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key" + echo "Skipping crypt keypair generation." + else + %%PREFIX%%/sbin/dnscrypt-wrapper --gen-crypt-keypair + fi + + if [ -f %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert ]; then + echo "You already have a pre-signed certificate in:" + echo " %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert" + echo "Skipping pre-signed certificate generation." + else + %%PREFIX%%/sbin/dnscrypt-wrapper --crypt-secretkey-file %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key --provider-publickey-file=%%ETCDNSCRYPTWRAPPER%%/public.key --provider-secretkey-file=%%ETCDNSCRYPTWRAPPER%%/secret.key --gen-cert-file + fi +} + +dnscrypt_wrapper_checks() +{ + dnscrypt_wrapper_check_name + dnscrypt_wrapper_keygen +} + +run_rc_command "$1" Added: head/dns/dnscrypt-wrapper/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnscrypt-wrapper/pkg-descr Wed Sep 2 22:17:45 2015 (r395912) @@ -0,0 +1,5 @@ +This is a port of dnscrypt-wrapper, which adds dnscrypt support to any name +resolver. It is the server-side counterpart of dnscrypt-proxy, and is in fact +derived from its source. + +WWW: https://github.com/Cofyc/dnscrypt-wrapper/ Added: head/dns/dnscrypt-wrapper/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnscrypt-wrapper/pkg-plist Wed Sep 2 22:17:45 2015 (r395912) @@ -0,0 +1,2 @@ +sbin/dnscrypt-wrapper +@dir etc/dnscrypt-wrapper
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201509022217.t82MHjos058307>