Attachment 187861 Details for Bug 223222 – [PATCH] dns/dnscrypt-proxy: replace 'cisco' resolver by 'random' (r452768)

[patch] [PATCH] dns/dnscrypt-proxy: replace 'cisco' resolver by 'random' (r452768)

PR_dns_dnscrypt_proxy.diff (text/plain), 14.29 KB, created by Vinícius Zavam on 2017-11-08 14:46:49 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Vinícius Zavam

Created: 2017-11-08 14:46:49 UTC

Size: 14.29 KB

patch

obsolete

>Index: dns/dnscrypt-proxy/Makefile
>===================================================================
>--- dns/dnscrypt-proxy/Makefile	(revision 453744)
>+++ dns/dnscrypt-proxy/Makefile	(working copy)
>@@ -1,62 +1,65 @@
> # Created by: Leo Vandewoestijne <freebsd@dns-lab.com>
> # $FreeBSD$
> 
> PORTNAME=	dnscrypt-proxy
> PORTVERSION=	1.9.5
>-PORTREVISION=	2
>+PORTREVISION=	3
> CATEGORIES=	dns
> MASTER_SITES=	https://download.dnscrypt.org/dnscrypt-proxy/ \
> 		http://download.dnscrypt.org/dnscrypt-proxy/ \
> 		http://dns-lab.com/downloads/dnscrypt-proxy/
> 
> MAINTAINER=	freebsd@dns-lab.com
> COMMENT=	Boost privacy and security of DNS
> 
> LICENSE=	MIT
> LICENSE_FILE=	${WRKSRC}/COPYING
> 
>-LIB_DEPENDS=	libsodium.so:security/libsodium
>-
> BROKEN_powerpc64=	fails to compile: fpst.c: error: redefinition of typedef 'FPST'
> 
>+LIB_DEPENDS=	libsodium.so:security/libsodium
>+
> USERS=		_dnscrypt-proxy
> GROUPS=		_dnscrypt-proxy
> 
> GNU_CONFIGURE=	yes
> USES=		gmake
> 
> INSTALL_TARGET=	install-strip
> 
> PORTDOCS=	AUTHORS ChangeLog INSTALL NEWS README* THANKS
> 
>-OPTIONS_DEFINE=	DOCS PLUGINS PLUGINS_RELAXED PLUGINS_ROOT
>-OPTIONS_SINGLE=	RCWHICH
>+OPTIONS_DEFINE=		DOCS PLUGINS PLUGINS_RELAXED PLUGINS_ROOT
>+OPTIONS_SINGLE=		RCWHICH
> OPTIONS_SINGLE_RCWHICH=	RCSINGLE RCMULTI
> OPTIONS_DEFAULT=	PLUGINS RCSINGLE
>-OPTIONS_SUB=	yes
>+OPTIONS_SUB=		yes
> 
>-PLUGINS_CONFIGURE_ENABLE=	plugins
>-PLUGINS_LIB_DEPENDS=	libltdl.so:devel/libltdl \
>-		libldns.so:dns/ldns
>-PLUGINS_USE=	LDCONFIG=${PREFIX}/lib/dnscrypt-proxy
>-PLUGINS_USES=	libtool
> PLUGINS_RELAXED_DESC=	Allow loading plugins owned by other users
>-PLUGINS_RELAXED_CONFIGURE_ENABLE=	relaxed-plugins-permissions
> PLUGINS_ROOT_DESC=	Only load plugins sitting in the default plugins directory
>-PLUGINS_ROOT_CONFIGURE_ENABLE=	plugins-root
>-RCWHICH_DESC=	Rc script to use:
>-RCSINGLE_DESC=	Use default rc script for single daemon
>-RCSINGLE_VARS=	USE_RC_SUBR=${PORTNAME}
>+RCWHICH_DESC=		Rc script to use:
>+RCSINGLE_DESC=		Use default rc script for single daemon
>+RCMULTI_DESC=		Use experimental rc script for multiple instances
>+
>+PLUGINS_CONFIGURE_ENABLE=	plugins
>+PLUGINS_LIB_DEPENDS=		libltdl.so:devel/libltdl \
>+				libldns.so:dns/ldns
>+
>+PLUGINS_USE=				LDCONFIG=${PREFIX}/lib/dnscrypt-proxy
>+PLUGINS_USES=				libtool
>+PLUGINS_RELAXED_CONFIGURE_ENABLE=	relaxed-plugins-permissions
>+PLUGINS_ROOT_CONFIGURE_ENABLE=		plugins-root
>+
>+RCSINGLE_VARS=		USE_RC_SUBR=${PORTNAME}
> RCSINGLE_SUB_FILES=	pkg-message
>-RCMULTI_DESC=	Use experimental rc script for multiple instances
>-RCMULTI_VARS=	USE_RC_SUBR=${PORTNAME}_multi
>+RCMULTI_VARS=		USE_RC_SUBR=${PORTNAME}_multi
> RCMULTI_SUB_FILES=	pkg-message_multi
> 
> post-install:
> 	@${MKDIR} ${STAGEDIR}${DOCSDIR}
> 	${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}
> 	${INSTALL_MAN} ${WRKSRC}/man/dnscrypt-proxy.8 ${STAGEDIR}${MAN8PREFIX}/man/man8
> 	${INSTALL_MAN} ${WRKSRC}/man/hostip.8 ${STAGEDIR}${MAN8PREFIX}/man/man8
> 	${MV} ${STAGEDIR}${PREFIX}/etc/dnscrypt-proxy.conf ${STAGEDIR}${PREFIX}/etc/dnscrypt-proxy.conf.sample
> 
> .include <bsd.port.mk>
>Index: dns/dnscrypt-proxy/files/dnscrypt-proxy.in
>===================================================================
>--- dns/dnscrypt-proxy/files/dnscrypt-proxy.in	(revision 453744)
>+++ dns/dnscrypt-proxy/files/dnscrypt-proxy.in	(working copy)
>@@ -1,52 +1,52 @@
> #!/bin/sh
> #
> # $FreeBSD$
> #
> # PROVIDE: dnscrypt_proxy
> # REQUIRE: SERVERS cleanvar ldconfig
> # BEFORE: named local_unbound unbound
> # KEYWORD: shutdown
> #
> # Add the following lines to /etc/rc.conf to enable dnscrypt-proxy:
> #
>-# dnscrypt_proxy_enable (bool):	Set to NO by default.
>-#				Set to YES to enable dnscrypt-proxy.
>-# dnscrypt_proxy_conf (str):    Unset by default. Will override all other
>-#                               settings and only use the config file.
>-# dnscrypt_proxy_uid (str):	Set to "_dnscrypt-proxy" by default.
>-#                              	User to switch to after starting.
>-# dnscrypt_proxy_resolver (str):Set to "cisco" by default.
>-#                              	Choose a different upstream resolver.
>-# dnscrypt_proxy_pidfile (str):	default: "/var/run/dnscrypt-proxy.pid"
>-#                              	Location of pid file.
>-# dnscrypt_proxy_logfile (str):	default: "/var/log/dnscrypt-proxy.log"
>-#                              	Location of log file.
>+# dnscrypt_proxy_enable (bool):	  Set to NO by default.
>+#				  Set to YES to enable dnscrypt-proxy.
>+# dnscrypt_proxy_conf (str):	  Unset by default. Will override all other
>+#				  settings and only use the config file.
>+# dnscrypt_proxy_uid (str):	  Set to "_dnscrypt-proxy" by default.
>+#				  User to switch to after starting.
>+# dnscrypt_proxy_resolver (str):  Set to "random" by default.
>+#				  Better select one of your own choise.
>+# dnscrypt_proxy_pidfile (str):	  default: "/var/run/dnscrypt-proxy.pid"
>+#				  Location of pid file.
>+# dnscrypt_proxy_logfile (str):	  default: "/var/log/dnscrypt-proxy.log"
>+#				  Location of log file.
> #
> # To redirect a local resolver through dnscrypt-proxy, point it at 127.0.0.2
> # and add the following to rc.conf:
> # ifconfig_lo0_alias0="inet 127.0.0.2 netmask 0xffffffff"
> # dnscrypt_proxy_flags='-a 127.0.0.2'
> 
> . /etc/rc.subr
> 
> name=dnscrypt_proxy
> rcvar=dnscrypt_proxy_enable
> 
> load_rc_config ${name}
> 
> : ${dnscrypt_proxy_enable:=NO}
>-: ${dnscrypt_proxy_uid=_dnscrypt-proxy} # User to run daemon as
>-: ${dnscrypt_proxy_resolver=cisco} # resolver to use
>-: ${dnscrypt_proxy_pidfile=/var/run/dnscrypt-proxy.pid} # Path to pid file
>-: ${dnscrypt_proxy_logfile=/var/log/dnscrypt-proxy.log} # Path to log file
>+: ${dnscrypt_proxy_uid=_dnscrypt-proxy}			# User to run daemon as
>+: ${dnscrypt_proxy_resolver=random}			# Resolver to use
>+: ${dnscrypt_proxy_pidfile=/var/run/dnscrypt-proxy.pid}	# Path to pid file
>+: ${dnscrypt_proxy_logfile=/var/log/dnscrypt-proxy.log}	# Path to log file
> 
> command=%%PREFIX%%/sbin/dnscrypt-proxy
> if [ ${dnscrypt_proxy_conf} ]; then
> command_args="${dnscrypt_proxy_conf}"
> else
> command_args="-d -p ${dnscrypt_proxy_pidfile} -l ${dnscrypt_proxy_logfile} -u ${dnscrypt_proxy_uid} -R ${dnscrypt_proxy_resolver}"
> fi
> procname=%%PREFIX%%/sbin/dnscrypt-proxy
> pidfile=${dnscrypt_proxy_pidfile}
> 
> run_rc_command "$1"
>Index: dns/dnscrypt-proxy/files/dnscrypt-proxy_multi.in
>===================================================================
>--- dns/dnscrypt-proxy/files/dnscrypt-proxy_multi.in	(revision 453744)
>+++ dns/dnscrypt-proxy/files/dnscrypt-proxy_multi.in	(working copy)
>@@ -1,71 +1,71 @@
> #!/bin/sh
> #
> # $FreeBSD$
> #
> # PROVIDE: dnscrypt_proxy
> # REQUIRE: SERVERS cleanvar ldconfig
> # BEFORE: named local_unbound unbound
> # KEYWORD: shutdown
> #
> # Add the following lines to /etc/rc.conf to enable dnscrypt-proxy:
> #
> # dnscrypt_proxy_instances (str): Set to "dnscrypt_proxy" by default.
>-#                                 List of dnscrypt_proxy instance id's,
>-#                                 e.g. "dnscrypt_proxy_1 dnscrypt_proxy_2", etc.
>-# {instance_id}_enable (bool):    Set to NO by default.
>-#                                 Set to YES to enable dnscrypt-proxy.
>-# {instance_id}_uid (str):        Set to "_dnscrypt-proxy" by default.
>-#                              	  User to switch to after starting.
>-# {instance_id}_resolver (str):   Set to "opendns" by default.
>-#                              	  Choose a different upstream resolver.
>-# {instance_id}_pidfile (str):    default: "/var/run/dnscrypt-proxy.pid"
>-#                              	  Location of pid file.
>+#				  List of dnscrypt_proxy instance id's,
>+#				  e.g. "dnscrypt_proxy_1 dnscrypt_proxy_2", etc.
>+# {instance_id}_enable (bool):	  Set to NO by default.
>+#				  Set to YES to enable dnscrypt-proxy.
>+# {instance_id}_uid (str):	  Set to "_dnscrypt-proxy" by default.
>+#				  User to switch to after starting.
>+# {instance_id}_resolver (str):	  Set to "random" by default.
>+#				  Better select your own choises.
>+# {instance_id}_pidfile (str):	  default: "/var/run/dnscrypt-proxy.pid"
>+#				  Location of pid file.
> # {instance_id}_logfile (str):	  default: "/var/log/dnscrypt-proxy.log"
>-#                                 Location of log file.
>+#				  Location of log file.
> #
> # To redirect a local resolver through dnscrypt-proxy, point it at 127.0.0.2
> # and add the following to rc.conf:
> # ifconfig_lo0_alias0="inet 127.0.0.2 netmask 0xffffffff"
> # dnscrypt_proxy_flags='-a 127.0.0.2'
> 
> . /etc/rc.subr
> 
> name=dnscrypt_proxy
> rcvar=dnscrypt_proxy_enable
> 
> load_rc_config ${name}
> 
> : ${dnscrypt_proxy_instances="${name}"}
> : ${dnscrypt_proxy_enable:=NO}
> 
> dnscrypt_proxy_enable_tmp=${dnscrypt_proxy_enable}
> 
> command=%%PREFIX%%/sbin/dnscrypt-proxy
> procname=%%PREFIX%%/sbin/dnscrypt-proxy
> 
> for i in $dnscrypt_proxy_instances; do
>     name=${i}
> 
>     eval ${name}_enable=${dnscrypt_proxy_enable_tmp}
>     rcvar=${name}_enable
> 
>     load_rc_config ${i}
> 
>     eval dnscrypt_proxy_uid_tmp=\${${i}_uid}
>     eval dnscrypt_proxy_resolver_tmp=\${${i}_resolver}
>     eval dnscrypt_proxy_pidfile_tmp=\${${i}_pidfile}
>     eval dnscrypt_proxy_logfile_tmp=\${${i}_logfile}
> 
>-:   ${dnscrypt_proxy_uid_tmp:=_dnscrypt-proxy}       # User to run daemon as
>-:   ${dnscrypt_proxy_resolver_tmp:=cisco}            # resolver to use
>-:   ${dnscrypt_proxy_pidfile_tmp:=/var/run/${i}.pid} # Path to pid file
>-:   ${dnscrypt_proxy_logfile_tmp:=/var/log/${i}.log} # Path to log file
>+:   ${dnscrypt_proxy_uid_tmp:=_dnscrypt-proxy}		# User to run daemon as
>+:   ${dnscrypt_proxy_resolver_tmp:=random}		# Resolver to use
>+:   ${dnscrypt_proxy_pidfile_tmp:=/var/run/${i}.pid}	# Path to pid file
>+:   ${dnscrypt_proxy_logfile_tmp:=/var/log/${i}.log}	# Path to log file
> 
>     command_args="-d -p ${dnscrypt_proxy_pidfile_tmp} -l ${dnscrypt_proxy_logfile_tmp} -u ${dnscrypt_proxy_uid_tmp} -R ${dnscrypt_proxy_resolver_tmp}"
> 
>     pidfile=${dnscrypt_proxy_pidfile_tmp}
> 
>-    _rc_restart_done=false # workaround for: service dnscrypt-proxy restart
>+    _rc_restart_done=false				# workaround for: service dnscrypt-proxy restart
> 
>     run_rc_command "$1"
> done
>Index: dns/dnscrypt-proxy/files/pkg-message.in
>===================================================================
>--- dns/dnscrypt-proxy/files/pkg-message.in	(revision 453744)
>+++ dns/dnscrypt-proxy/files/pkg-message.in	(working copy)
>@@ -1,22 +1,26 @@
> 
> This port/software comes all 'working out of the box'.
> 
>-By default this port is using OpenDNS' resolvers, other services are possible.
>+By default this port is using random resolvers. Better select your own choise.
> 
> To enable dnscrypt-proxy at boot:
>-sysrc dnscrypt_proxy_enable=YES
>-sysrc dnscrypt_proxy_flags='-a 127.0.0.2'
>+  sysrc dnscrypt_proxy_enable=YES
>+  sysrc dnscrypt_proxy_flags='-a 127.0.0.2'
>+or:
>+  sysrc dnscrypt_proxy_enable=YES
>+  sysrc dnscrypt_proxy_conf="/usr/local/etc/dnscrypt-proxy.conf"
> 
>-or
>+Be sure to setup the IP address/alias, so dnscrypt-proxy can bind correctly.
> 
>-sysrc dnscrypt_proxy_enable=YES
>-sysrc dnscrypt_proxy_conf="/usr/local/etc/dnscrypt-proxy.conf"
>-
>-
>-** You cannot mix the config file with the other rc.conf flags / settings. **
>-
>-
> To view available options, run:
>-%%PREFIX%%/sbin/dnscrypt-proxy --help
>-or read the manual: `man dnscrypt-proxy`
>+  %%PREFIX%%/sbin/dnscrypt-proxy --help
>+or read the manual:
>+  man dnscrypt-proxy
>+
>+**************************************************
>+*                                                *
>+*    You can't mix the config file option with   *
>+* other options or flags/settings on the rc.conf *
>+*                                                *
>+**************************************************
> 
>Index: dns/dnscrypt-proxy/files/pkg-message_multi.in
>===================================================================
>--- dns/dnscrypt-proxy/files/pkg-message_multi.in	(revision 453744)
>+++ dns/dnscrypt-proxy/files/pkg-message_multi.in	(working copy)
>@@ -1,19 +1,27 @@
> 
> This port/software comes all 'working out of the box'.
> 
>-By default this port is using OpenDNS' resolvers, other services are possible.
>+By default this port is using random resolvers. Better select your own choises.
> 
> To enable dnscrypt-proxy at boot:
>-echo dnscrypt_proxy_enable=\"YES\"            >> /etc/rc.conf
>-echo dnscrypt_proxy_instances=\"dnscrypt_proxy_1 dnscrypt_proxy_2 dnscrypt_proxy_3\" >> /etc/rc.conf
>-echo dnscrypt_proxy_1_resolver=\"soltysiak\"  >> /etc/rc.conf
>-echo dnscrypt_proxy_1_flags=\"-a 127.0.0.2\"  >> /etc/rc.conf
>-echo dnscrypt_proxy_2_resolver=\"okturtles\"  >> /etc/rc.conf
>-echo dnscrypt_proxy_2_flags=\"-a 127.0.0.3\"  >> /etc/rc.conf
>-echo dnscrypt_proxy_3_resolver=\"cypherpunk\" >> /etc/rc.conf
>-echo dnscrypt_proxy_3_flags=\"-a 127.0.0.4\"  >> /etc/rc.conf
>+  sysrc dnscrypt_proxy_enable=YES
>+  sysrc dnscrypt_proxy_instances="dnscrypt_proxy_1 dnscrypt_proxy_2" # etc.
>+  sysrc dnscrypt_proxy_1_resolver=soltysiak
>+  sysrc dnscrypt_proxy_1_flags="-a 127.0.0.2"
>+  sysrc dnscrypt_proxy_2_resolver=okturtles
>+  sysrc dnscrypt_proxy_2_flags="-a 127.0.0.3"
> 
>+Be sure to setup above IP addresses, so dnscrypt-proxy can bind correctly.
>+
> To view available options, run:
>-%%PREFIX%%/sbin/dnscrypt-proxy --help
>-or read the manual: `man dnscrypt-proxy`
>+  %%PREFIX%%/sbin/dnscrypt-proxy --help
>+or read the manual:
>+  man dnscrypt-proxy
>+
>+**************************************************
>+*                                                *
>+*    You can't mix the config file option with   *
>+* other options or flags/settings on the rc.conf *
>+*                                                *
>+**************************************************
> 
>Index: dns/dnscrypt-proxy/pkg-descr
>===================================================================
>--- dns/dnscrypt-proxy/pkg-descr	(revision 453744)
>+++ dns/dnscrypt-proxy/pkg-descr	(working copy)
>@@ -1,17 +1,17 @@
> The dnscrypt-proxy provides local service, which can be used directly as your
> local resolver or as a DNS forwarder, encrypting and authenticating requests
> using the DNSCrypt [1] protocol and passing them to an upstream server.
> 
> The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography
> and is very similar to DNSCurve [2], but focuses on securing communications
> between a client and its first-level resolver.
> 
> While not providing end-to-end security, it protects the local network, which
> is often the weakest point of the chain, against man-in-the-middle attacks.
> It also provides some confidentiality to DNS queries.
> 
> Reference links:
>-1. https://www.opendns.com/technology/dnscrypt/
>-2. http://dnscurve.org
>+1. https://www.opendns.com/about/innovations/dnscrypt/
>+2. https://dnscurve.org/
> 
>-WWW: http://dnscrypt.org
>+WWW: https://dnscrypt.org/

Flags:

egypcio: maintainer-approval+

Actions: View | Diff

Attachments on bug 223222: 187435 | 187438 | 187583 | 187796 | 187799 | 187861 | 187959