Bug 200015 - [New port] dns/dnscrypt-wrapper
Summary: [New port] dns/dnscrypt-wrapper
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Jason Unovitch
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-06 21:17 UTC by Will
Modified: 2015-09-02 22:21 UTC (History)
2 users (show)

See Also:

Attachments
The port itself. (9.51 KB, application/x-shar)
2015-05-06 21:17 UTC, Will 		no flags Details
An updated shar file of the port. (8.62 KB, application/x-shar)
2015-06-22 22:35 UTC, Will 		no flags Details
Revised Shar (6.77 KB, text/plain)
2015-08-28 02:15 UTC, Jason Unovitch 		no flags Details
Poudriere testport log from 10.1-RELEASE jail (14.91 KB, text/x-log)
2015-08-31 01:57 UTC, Jason Unovitch 		no flags Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Will 2015-05-06 21:17:44 UTC 
Created attachment 156446 [details]
The port itself.

The file "UIDs.patch" defines a new user for this port and need not be committed itself.

This is my first port submission, so please be extra thorough reviewing it! Thanks.
Comment 1 Will 2015-06-22 22:35:56 UTC 
Created attachment 157996 [details]
An updated shar file of the port.
Comment 2 Will 2015-06-22 22:39:17 UTC 
Since I first submitted this port, a new version was released by the developer. So, I've updated my port with the new code and have attached a new shar file of it which supersedes the previously-attached one. Again: disregard my original attachment from 2015-05-06, please use the new one from 2015-06-22 instead. I've also changed the UID specified in the UIDs.patch file since the UID I was using previously was taken by something else during the wait.
Comment 3 Jason Unovitch freebsd_committer freebsd_triage 2015-08-28 02:15:27 UTC 
Created attachment 160429 [details]
Revised Shar

Hello,
I've attached a revision and I have some questions.

First off, let's not commit an old version to start off. 0.2 was released at the start of the month. Fortunately this solves the issue regarding the separate argparse so drop that Makefile code.

Formatting:
- standardize indentation in Makefile
- wrap pkg-descr at 80 lines
- add a '/' to the end of the WWW for a proper URL

Content:
- Don't set PORTREVISION= 1 for a brand new port
- Use %%USERS%% in the rc.d script
- Also use %%ETCDNSCRYPTWRAPPER%% variables rather than /var/log/dnscrypt-wrapper.log in multiple places in the rc.d script
- Remove the crypt public key lines, per 0.2 release notes:
"Crypt public key is not required, see README.md for detail instructions."

Questions:
1. Is the umask 007 for the keys correct?  What use does the wheel group have for needing read access to the keys?
2. How did you test it at runtime? It's just hanging when I do the drill shown on the authors github. Any feedback would be appreciated.
Comment 4 Jason Unovitch freebsd_committer freebsd_triage 2015-08-31 01:57:04 UTC 
Created attachment 160548 [details]
Poudriere testport log from 10.1-RELEASE jail

9.3-RELEASE-p23      amd64
9.3-RELEASE-p23      i386 
10.1-RELEASE-p18     amd64
10.1-RELEASE-p18     i386
10.2-RELEASE-p1      amd64 
10.2-RELEASE-p1      i386
11.0-CURRENT r286886 amd64
11.0-CURRENT r286888 i386
Comment 5 Jason Unovitch freebsd_committer freebsd_triage 2015-08-31 02:02:03 UTC 
Hello. I found the issue with runtime was what I believe to be a misunderstanding on my part. I've posted the update for mentor review at https://reviews.FreeBSD.org/D3535.

Changes:
- I wrapped a few of the echo statements in the start up script to reduce the potential clutter on a normal terminal if they get printed.
- I changed umask to 077. I'll wait for your final approval before I commit this but I've found it works with 077 and it doesn't make sense to provide more permissions than needed.
Comment 6 Jason Unovitch freebsd_committer freebsd_triage 2015-08-31 02:05:11 UTC 
(In reply to Jason Unovitch from comment #5)

For the archives, the misunderstanding on my part was needing the authenticated query source.  For me to do a 'drill -p 54 @127.0.0.1 www.google.com' to test it without any authentication, I needed to add a -U flag to command_args.  With that I was able to verify the port is functional.
Comment 7 Will 2015-09-01 04:40:22 UTC 
(In reply to Jason Unovitch from comment #5)

Thank you for the thorough review, I really appreciate it! I've reviewed your changes and everything appears sound. I am embarrassed that I cannot recall why I chose a umask of 007, but I agree that 077 seems more reasonable. I've built and tested the version you submitted for mentor review and it fulfilled all my test queries, so I've updated my production environment with the same and so far it's performed as well. Your changes seem ready to me, but let me know if you have any further questions.
Comment 8 commit-hook freebsd_committer freebsd_triage 2015-09-02 22:18:48 UTC 
A commit references this bug:

Author: junovitch
Date: Wed Sep  2 22:17:47 UTC 2015
New revision: 395912
URL: https://svnweb.freebsd.org/changeset/ports/395912

Log:
  New Port: dns/dnscrypt-wrapper

  This is a port of dnscrypt-wrapper, which adds dnscrypt support to any name
  resolver. It is the server-side counterpart of dnscrypt-proxy, and is in
  fact derived from its source.

  PR:		200015
  Submitted by:	freebsd@toyingwithfate.com
  Approved by:	feld (mentor)
  Differential Revision:	https://reviews.freebsd.org/D3535

Changes:
  head/UIDs
  head/dns/Makefile
  head/dns/dnscrypt-wrapper/
  head/dns/dnscrypt-wrapper/Makefile
  head/dns/dnscrypt-wrapper/distinfo
  head/dns/dnscrypt-wrapper/files/
  head/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in
  head/dns/dnscrypt-wrapper/pkg-descr
  head/dns/dnscrypt-wrapper/pkg-plist
Comment 9 Jason Unovitch freebsd_committer freebsd_triage 2015-09-02 22:21:24 UTC 
(In reply to Will from comment #7)
Thanks! New port committed with all the changes previously discussed.