Created attachment 156446 [details] The port itself. The file "UIDs.patch" defines a new user for this port and need not be committed itself. This is my first port submission, so please be extra thorough reviewing it! Thanks.
Created attachment 157996 [details] An updated shar file of the port.
Since I first submitted this port, a new version was released by the developer. So, I've updated my port with the new code and have attached a new shar file of it which supersedes the previously-attached one. Again: disregard my original attachment from 2015-05-06, please use the new one from 2015-06-22 instead. I've also changed the UID specified in the UIDs.patch file since the UID I was using previously was taken by something else during the wait.
Created attachment 160429 [details] Revised Shar Hello, I've attached a revision and I have some questions. First off, let's not commit an old version to start off. 0.2 was released at the start of the month. Fortunately this solves the issue regarding the separate argparse so drop that Makefile code. Formatting: - standardize indentation in Makefile - wrap pkg-descr at 80 lines - add a '/' to the end of the WWW for a proper URL Content: - Don't set PORTREVISION= 1 for a brand new port - Use %%USERS%% in the rc.d script - Also use %%ETCDNSCRYPTWRAPPER%% variables rather than /var/log/dnscrypt-wrapper.log in multiple places in the rc.d script - Remove the crypt public key lines, per 0.2 release notes: "Crypt public key is not required, see README.md for detail instructions." Questions: 1. Is the umask 007 for the keys correct? What use does the wheel group have for needing read access to the keys? 2. How did you test it at runtime? It's just hanging when I do the drill shown on the authors github. Any feedback would be appreciated.
Created attachment 160548 [details] Poudriere testport log from 10.1-RELEASE jail 9.3-RELEASE-p23 amd64 9.3-RELEASE-p23 i386 10.1-RELEASE-p18 amd64 10.1-RELEASE-p18 i386 10.2-RELEASE-p1 amd64 10.2-RELEASE-p1 i386 11.0-CURRENT r286886 amd64 11.0-CURRENT r286888 i386
Hello. I found the issue with runtime was what I believe to be a misunderstanding on my part. I've posted the update for mentor review at https://reviews.FreeBSD.org/D3535. Changes: - I wrapped a few of the echo statements in the start up script to reduce the potential clutter on a normal terminal if they get printed. - I changed umask to 077. I'll wait for your final approval before I commit this but I've found it works with 077 and it doesn't make sense to provide more permissions than needed.
(In reply to Jason Unovitch from comment #5) For the archives, the misunderstanding on my part was needing the authenticated query source. For me to do a 'drill -p 54 @127.0.0.1 www.google.com' to test it without any authentication, I needed to add a -U flag to command_args. With that I was able to verify the port is functional.
(In reply to Jason Unovitch from comment #5) Thank you for the thorough review, I really appreciate it! I've reviewed your changes and everything appears sound. I am embarrassed that I cannot recall why I chose a umask of 007, but I agree that 077 seems more reasonable. I've built and tested the version you submitted for mentor review and it fulfilled all my test queries, so I've updated my production environment with the same and so far it's performed as well. Your changes seem ready to me, but let me know if you have any further questions.
A commit references this bug: Author: junovitch Date: Wed Sep 2 22:17:47 UTC 2015 New revision: 395912 URL: https://svnweb.freebsd.org/changeset/ports/395912 Log: New Port: dns/dnscrypt-wrapper This is a port of dnscrypt-wrapper, which adds dnscrypt support to any name resolver. It is the server-side counterpart of dnscrypt-proxy, and is in fact derived from its source. PR: 200015 Submitted by: freebsd@toyingwithfate.com Approved by: feld (mentor) Differential Revision: https://reviews.freebsd.org/D3535 Changes: head/UIDs head/dns/Makefile head/dns/dnscrypt-wrapper/ head/dns/dnscrypt-wrapper/Makefile head/dns/dnscrypt-wrapper/distinfo head/dns/dnscrypt-wrapper/files/ head/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in head/dns/dnscrypt-wrapper/pkg-descr head/dns/dnscrypt-wrapper/pkg-plist
(In reply to Will from comment #7) Thanks! New port committed with all the changes previously discussed.