Page MenuHomeFreeBSD
Files F106129279

D3535.id.diff
No OneTemporary
Actions

D3535.id.diff
View Options

Index: head/UIDs
===================================================================
--- head/UIDs
+++ head/UIDs
@@ -226,6 +226,7 @@
bnetd:*:700:700::0:0:Bnetd user:/nonexistent:/usr/sbin/nologin
fastnetmon:*:701:701::0:0:FastNetMon user:/nonexistent:/usr/sbin/nologin
bopm:*:717:717::0:0:Blitzed Open Proxy Monitor:/nonexistent:/bin/sh
+_dnscrypt-wrapper:*:718:65534::0:0:dnscrypt-wrapper user:/var/empty:/usr/sbin/nologin
openxpki:*:777:777::0:0:OpenXPKI Owner:/nonexistent:/usr/sbin/nologin
zetacoin:*:780:780::0:0:ZetaCoin Daemon:/nonexistent:/usr/sbin/nologin
foreman_proxy:*:812:812::0:0:Foreman Smart Proxy:/usr/local/share/foreman-proxy:/usr/sbin/nologin
Index: head/dns/Makefile
===================================================================
--- head/dns/Makefile
+++ head/dns/Makefile
@@ -34,6 +34,7 @@
SUBDIR += dnscheck
SUBDIR += dnscheckengine
SUBDIR += dnscrypt-proxy
+ SUBDIR += dnscrypt-wrapper
SUBDIR += dnsdbck
SUBDIR += dnsdist
SUBDIR += dnsflood
Index: head/dns/dnscrypt-wrapper/Makefile
===================================================================
--- head/dns/dnscrypt-wrapper/Makefile
+++ head/dns/dnscrypt-wrapper/Makefile
@@ -0,0 +1,32 @@
+# $FreeBSD$
+
+PORTNAME= dnscrypt-wrapper
+PORTVERSION= 0.2
+CATEGORIES= dns
+
+MAINTAINER= freebsd@toyingwithfate.com
+COMMENT= Adds dnscrypt support to any name resolver
+
+LICENSE= GPLv2
+LICENSE_FILE= ${WRKSRC}/COPYING
+
+LIB_DEPENDS= libsodium.so:${PORTSDIR}/security/libsodium \
+ libevent.so:${PORTSDIR}/devel/libevent2
+
+USE_GITHUB= yes
+GH_ACCOUNT= Cofyc
+GH_TAGNAME= v${PORTVERSION}
+
+USERS= _dnscrypt-wrapper
+ETCDNSCRYPTWRAPPER= ${PREFIX}/etc/${PORTNAME}
+SUB_LIST+= ETCDNSCRYPTWRAPPER="${ETCDNSCRYPTWRAPPER}" USERS="${USERS}"
+USE_RC_SUBR= ${PORTNAME}
+
+USES= gmake
+MAKE_ARGS= LDFLAGS="-L${LOCALBASE}/lib" CFLAGS="-I${LOCALBASE}/include" PREFIX="${STAGEDIR}${PREFIX}"
+
+post-install:
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/*
+ ${MKDIR} ${STAGEDIR}${ETCDNSCRYPTWRAPPER}
+
+.include <bsd.port.mk>
Index: head/dns/dnscrypt-wrapper/distinfo
===================================================================
--- head/dns/dnscrypt-wrapper/distinfo
+++ head/dns/dnscrypt-wrapper/distinfo
@@ -0,0 +1,2 @@
+SHA256 (Cofyc-dnscrypt-wrapper-0.2-v0.2_GH0.tar.gz) = 36612c5eb440658a27619ae6e345582e6e3be7a40e9215ea82ac6f65c15de95f
+SIZE (Cofyc-dnscrypt-wrapper-0.2-v0.2_GH0.tar.gz) = 50925
Index: head/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in
===================================================================
--- head/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in
+++ head/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in
@@ -0,0 +1,109 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: dnscrypt_wrapper
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable dnscrypt-wrapper:
+#
+# dnscrypt_wrapper_enable (bool): Set to "NO" by default.
+# Set it to "YES" to enable dnscrypt_wrapper.
+# dnscrypt_wrapper_uid (str): Set to "%%USERS%%" by default.
+# User to switch to after starting.
+# dnscrypt_wrapper_pidfile (str): Set to "/var/run/dnscrypt-wrapper.pid" by default.
+# Path of the pid file.
+# dnscrypt_wrapper_logfile (str): Set to "/var/log/dnscrypt-wrapper.log" by default.
+# Path of the log file.
+# dnscrypt_wrapper_resolver (str): Set to "127.0.0.1:53" by default.
+# <address:port> to reach the upstream DNS resolver at.
+# dnscrypt_wrapper_listen (str): Set to "0.0.0.0:54" by default.
+# <address:port> to listen on.
+# dnscrypt_wrapper_crypt_secretkey_file (str): Set to "%%ETCDNSCRYPTWRAPPER%%/crypt_secret.key" by default.
+# Path of the secret crypt key.
+# dnscrypt_wrapper_provider_cert_file (str): Set to "%%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert" by default.
+# Path of the pre-signed certificate.
+# dnscrypt_wrapper_provider_name (str): Set to "2.dnscrypt-cert.`/bin/hostname`" by default.
+# Provider name.
+
+. /etc/rc.subr
+
+name=dnscrypt_wrapper
+rcvar=dnscrypt_wrapper_enable
+
+# read configuration and set defaults
+load_rc_config ${name}
+: ${dnscrypt_wrapper_enable:=NO}
+: ${dnscrypt_wrapper_uid=%%USERS%%}
+: ${dnscrypt_wrapper_pidfile=/var/run/dnscrypt-wrapper.pid}
+: ${dnscrypt_wrapper_logfile=/var/log/dnscrypt-wrapper.log}
+: ${dnscrypt_wrapper_resolver=127.0.0.1:53}
+: ${dnscrypt_wrapper_listen=0.0.0.0:54}
+: ${dnscrypt_wrapper_crypt_secretkey_file=%%ETCDNSCRYPTWRAPPER%%/crypt_secret.key}
+: ${dnscrypt_wrapper_provider_cert_file=%%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert}
+: ${dnscrypt_wrapper_provider_name=2.dnscrypt-cert.`/bin/hostname`}
+
+command=%%PREFIX%%/sbin/dnscrypt-wrapper
+extra_commands="checks check_name keygen"
+start_precmd="${name}_checks"
+command_args="-a ${dnscrypt_wrapper_listen} -r ${dnscrypt_wrapper_resolver} -u ${dnscrypt_wrapper_uid} -d -p ${dnscrypt_wrapper_pidfile} -l ${dnscrypt_wrapper_logfile} --crypt-secretkey-file=${dnscrypt_wrapper_crypt_secretkey_file} --provider-cert-file=${dnscrypt_wrapper_provider_cert_file} --provider-name=${dnscrypt_wrapper_provider_name} -V"
+procname=%%PREFIX%%/sbin/dnscrypt-wrapper
+pidfile=${dnscrypt_wrapper_pidfile}
+
+dnscrypt_wrapper_check_name()
+{
+ if [ -z "${dnscrypt_wrapper_provider_name}" ]; then
+ err 1 '${dnscrypt_wrapper_provider_name} must be set in /etc/rc.conf'
+ fi
+}
+
+dnscrypt_wrapper_keygen()
+{
+ if [ -f %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key -a \
+ -f %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert ]; then
+ return 0
+ fi
+
+ cd %%ETCDNSCRYPTWRAPPER%%/
+ umask 077
+
+ # Can't do anything if dnscrypt-wrapper is not installed
+ [ -x %%PREFIX%%/sbin/dnscrypt-wrapper ] ||
+ err 1 "%%PREFIX%%/sbin/dnscrypt-wrapper does not exist."
+
+ if [ -f %%ETCDNSCRYPTWRAPPER%%/public.key -a \
+ -f %%ETCDNSCRYPTWRAPPER%%/secret.key ]; then
+ echo "You already have a provider keypair in:"
+ echo " %%ETCDNSCRYPTWRAPPER%%/public.key and %%ETCDNSCRYPTWRAPPER%%/secret.key"
+ echo "Skipping provider keypair generation."
+ else
+ %%PREFIX%%/sbin/dnscrypt-wrapper --gen-provider-keypair
+ fi
+
+ if [ -f %%ETCDNSCRYPTWRAPPER%%/crypt_public.key -a \
+ -f %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key ]; then
+ echo "You already have a crypt keypair in:"
+ echo " %%ETCDNSCRYPTWRAPPER%%/crypt_public.key and %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key"
+ echo "Skipping crypt keypair generation."
+ else
+ %%PREFIX%%/sbin/dnscrypt-wrapper --gen-crypt-keypair
+ fi
+
+ if [ -f %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert ]; then
+ echo "You already have a pre-signed certificate in:"
+ echo " %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert"
+ echo "Skipping pre-signed certificate generation."
+ else
+ %%PREFIX%%/sbin/dnscrypt-wrapper --crypt-secretkey-file %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key --provider-publickey-file=%%ETCDNSCRYPTWRAPPER%%/public.key --provider-secretkey-file=%%ETCDNSCRYPTWRAPPER%%/secret.key --gen-cert-file
+ fi
+}
+
+dnscrypt_wrapper_checks()
+{
+ dnscrypt_wrapper_check_name
+ dnscrypt_wrapper_keygen
+}
+
+run_rc_command "$1"
Index: head/dns/dnscrypt-wrapper/pkg-descr
===================================================================
--- head/dns/dnscrypt-wrapper/pkg-descr
+++ head/dns/dnscrypt-wrapper/pkg-descr
@@ -0,0 +1,5 @@
+This is a port of dnscrypt-wrapper, which adds dnscrypt support to any name
+resolver. It is the server-side counterpart of dnscrypt-proxy, and is in fact
+derived from its source.
+
+WWW: https://github.com/Cofyc/dnscrypt-wrapper/
Index: head/dns/dnscrypt-wrapper/pkg-plist
===================================================================
--- head/dns/dnscrypt-wrapper/pkg-plist
+++ head/dns/dnscrypt-wrapper/pkg-plist
@@ -0,0 +1,2 @@
+sbin/dnscrypt-wrapper
+@dir etc/dnscrypt-wrapper

File Metadata

Mime Type
text/plain
Expires
Thu, Dec 26, 9:29 PM (2 h, 20 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15608014
Default Alt Text
D3535.id.diff (7 KB)

Event Timeline