svn commit: r395912 - in head: . dns dns/dnscrypt-wrapper dns/dnscrypt-wrapper/files

Jason Unovitch junovitch at FreeBSD.org
Wed Sep 2 22:17:48 UTC 2015 

Author: junovitch
Date: Wed Sep  2 22:17:45 2015
New Revision: 395912
URL: https://svnweb.freebsd.org/changeset/ports/395912

Log:
  New Port: dns/dnscrypt-wrapper
  
  This is a port of dnscrypt-wrapper, which adds dnscrypt support to any name
  resolver. It is the server-side counterpart of dnscrypt-proxy, and is in
  fact derived from its source.
  
  PR:		200015
  Submitted by:	freebsd at toyingwithfate.com
  Approved by:	feld (mentor)
  Differential Revision:	https://reviews.freebsd.org/D3535

Added:
  head/dns/dnscrypt-wrapper/
  head/dns/dnscrypt-wrapper/Makefile   (contents, props changed)
  head/dns/dnscrypt-wrapper/distinfo   (contents, props changed)
  head/dns/dnscrypt-wrapper/files/
  head/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in   (contents, props changed)
  head/dns/dnscrypt-wrapper/pkg-descr   (contents, props changed)
  head/dns/dnscrypt-wrapper/pkg-plist   (contents, props changed)
Modified:
  head/UIDs
  head/dns/Makefile

Modified: head/UIDs
==============================================================================
--- head/UIDs	Wed Sep  2 22:16:07 2015	(r395911)
+++ head/UIDs	Wed Sep  2 22:17:45 2015	(r395912)
@@ -226,6 +226,7 @@ riak:*:667:667::0:0:Riak user:/usr/local
 bnetd:*:700:700::0:0:Bnetd user:/nonexistent:/usr/sbin/nologin
 fastnetmon:*:701:701::0:0:FastNetMon user:/nonexistent:/usr/sbin/nologin
 bopm:*:717:717::0:0:Blitzed Open Proxy Monitor:/nonexistent:/bin/sh
+_dnscrypt-wrapper:*:718:65534::0:0:dnscrypt-wrapper user:/var/empty:/usr/sbin/nologin
 openxpki:*:777:777::0:0:OpenXPKI Owner:/nonexistent:/usr/sbin/nologin
 zetacoin:*:780:780::0:0:ZetaCoin Daemon:/nonexistent:/usr/sbin/nologin
 foreman_proxy:*:812:812::0:0:Foreman Smart Proxy:/usr/local/share/foreman-proxy:/usr/sbin/nologin

Modified: head/dns/Makefile
==============================================================================
--- head/dns/Makefile	Wed Sep  2 22:16:07 2015	(r395911)
+++ head/dns/Makefile	Wed Sep  2 22:17:45 2015	(r395912)
@@ -34,6 +34,7 @@
     SUBDIR += dnscheck
     SUBDIR += dnscheckengine
     SUBDIR += dnscrypt-proxy
+    SUBDIR += dnscrypt-wrapper
     SUBDIR += dnsdbck
     SUBDIR += dnsdist
     SUBDIR += dnsflood

Added: head/dns/dnscrypt-wrapper/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/dnscrypt-wrapper/Makefile	Wed Sep  2 22:17:45 2015	(r395912)
@@ -0,0 +1,32 @@
+# $FreeBSD$
+
+PORTNAME=	dnscrypt-wrapper
+PORTVERSION=	0.2
+CATEGORIES=	dns
+
+MAINTAINER=	freebsd at toyingwithfate.com
+COMMENT=	Adds dnscrypt support to any name resolver
+
+LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+LIB_DEPENDS=	libsodium.so:${PORTSDIR}/security/libsodium \
+		libevent.so:${PORTSDIR}/devel/libevent2
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	Cofyc
+GH_TAGNAME=	v${PORTVERSION}
+
+USERS=		_dnscrypt-wrapper
+ETCDNSCRYPTWRAPPER=	${PREFIX}/etc/${PORTNAME}
+SUB_LIST+=	ETCDNSCRYPTWRAPPER="${ETCDNSCRYPTWRAPPER}" USERS="${USERS}"
+USE_RC_SUBR=	${PORTNAME}
+
+USES=		gmake
+MAKE_ARGS=	LDFLAGS="-L${LOCALBASE}/lib" CFLAGS="-I${LOCALBASE}/include" PREFIX="${STAGEDIR}${PREFIX}"
+
+post-install:
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/*
+	${MKDIR} ${STAGEDIR}${ETCDNSCRYPTWRAPPER}
+
+.include <bsd.port.mk>

Added: head/dns/dnscrypt-wrapper/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/dnscrypt-wrapper/distinfo	Wed Sep  2 22:17:45 2015	(r395912)
@@ -0,0 +1,2 @@
+SHA256 (Cofyc-dnscrypt-wrapper-0.2-v0.2_GH0.tar.gz) = 36612c5eb440658a27619ae6e345582e6e3be7a40e9215ea82ac6f65c15de95f
+SIZE (Cofyc-dnscrypt-wrapper-0.2-v0.2_GH0.tar.gz) = 50925

Added: head/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in	Wed Sep  2 22:17:45 2015	(r395912)
@@ -0,0 +1,109 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: dnscrypt_wrapper
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable dnscrypt-wrapper:
+#
+# dnscrypt_wrapper_enable (bool):	Set to "NO" by default.
+#					Set it to "YES" to enable dnscrypt_wrapper.
+# dnscrypt_wrapper_uid (str):		Set to "%%USERS%%" by default.
+#					User to switch to after starting.
+# dnscrypt_wrapper_pidfile (str):	Set to "/var/run/dnscrypt-wrapper.pid" by default.
+#					Path of the pid file.
+# dnscrypt_wrapper_logfile (str):	Set to "/var/log/dnscrypt-wrapper.log" by default.
+#					Path of the log file.
+# dnscrypt_wrapper_resolver (str):	Set to "127.0.0.1:53" by default.
+#					<address:port> to reach the upstream DNS resolver at.
+# dnscrypt_wrapper_listen (str):	Set to "0.0.0.0:54" by default.
+#					<address:port> to listen on.
+# dnscrypt_wrapper_crypt_secretkey_file (str):	Set to "%%ETCDNSCRYPTWRAPPER%%/crypt_secret.key" by default.
+#					Path of the secret crypt key.
+# dnscrypt_wrapper_provider_cert_file (str):	Set to "%%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert" by default.
+#					Path of the pre-signed certificate.
+# dnscrypt_wrapper_provider_name (str):	Set to "2.dnscrypt-cert.`/bin/hostname`" by default.
+#					Provider name.
+
+. /etc/rc.subr
+
+name=dnscrypt_wrapper
+rcvar=dnscrypt_wrapper_enable
+
+# read configuration and set defaults
+load_rc_config ${name}
+: ${dnscrypt_wrapper_enable:=NO}
+: ${dnscrypt_wrapper_uid=%%USERS%%}
+: ${dnscrypt_wrapper_pidfile=/var/run/dnscrypt-wrapper.pid}
+: ${dnscrypt_wrapper_logfile=/var/log/dnscrypt-wrapper.log}
+: ${dnscrypt_wrapper_resolver=127.0.0.1:53}
+: ${dnscrypt_wrapper_listen=0.0.0.0:54}
+: ${dnscrypt_wrapper_crypt_secretkey_file=%%ETCDNSCRYPTWRAPPER%%/crypt_secret.key}
+: ${dnscrypt_wrapper_provider_cert_file=%%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert}
+: ${dnscrypt_wrapper_provider_name=2.dnscrypt-cert.`/bin/hostname`}
+
+command=%%PREFIX%%/sbin/dnscrypt-wrapper
+extra_commands="checks check_name keygen"
+start_precmd="${name}_checks"
+command_args="-a ${dnscrypt_wrapper_listen} -r ${dnscrypt_wrapper_resolver} -u ${dnscrypt_wrapper_uid} -d -p ${dnscrypt_wrapper_pidfile} -l ${dnscrypt_wrapper_logfile} --crypt-secretkey-file=${dnscrypt_wrapper_crypt_secretkey_file} --provider-cert-file=${dnscrypt_wrapper_provider_cert_file} --provider-name=${dnscrypt_wrapper_provider_name} -V"
+procname=%%PREFIX%%/sbin/dnscrypt-wrapper
+pidfile=${dnscrypt_wrapper_pidfile}
+
+dnscrypt_wrapper_check_name()
+{
+	if [ -z "${dnscrypt_wrapper_provider_name}" ]; then
+		err 1 '${dnscrypt_wrapper_provider_name} must be set in /etc/rc.conf'
+	fi
+}
+
+dnscrypt_wrapper_keygen()
+{
+	if [ -f %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key -a \
+	    -f %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert ]; then
+		return 0
+	fi
+
+	cd %%ETCDNSCRYPTWRAPPER%%/
+	umask 077
+
+	# Can't do anything if dnscrypt-wrapper is not installed
+	[ -x %%PREFIX%%/sbin/dnscrypt-wrapper ] ||
+		err 1 "%%PREFIX%%/sbin/dnscrypt-wrapper does not exist."
+
+	if [ -f %%ETCDNSCRYPTWRAPPER%%/public.key -a \
+	    -f %%ETCDNSCRYPTWRAPPER%%/secret.key ]; then
+		echo "You already have a provider keypair in:"
+		echo "  %%ETCDNSCRYPTWRAPPER%%/public.key and %%ETCDNSCRYPTWRAPPER%%/secret.key"
+		echo "Skipping provider keypair generation."
+	else
+		%%PREFIX%%/sbin/dnscrypt-wrapper --gen-provider-keypair
+	fi
+
+	if [ -f %%ETCDNSCRYPTWRAPPER%%/crypt_public.key -a \
+	    -f %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key ]; then
+		echo "You already have a crypt keypair in:"
+		echo "  %%ETCDNSCRYPTWRAPPER%%/crypt_public.key and %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key"
+		echo "Skipping crypt keypair generation."
+	else
+		%%PREFIX%%/sbin/dnscrypt-wrapper --gen-crypt-keypair
+	fi
+
+	if [ -f %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert ]; then
+		echo "You already have a pre-signed certificate in:"
+		echo "  %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert"
+		echo "Skipping pre-signed certificate generation."
+	else
+		%%PREFIX%%/sbin/dnscrypt-wrapper --crypt-secretkey-file %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key --provider-publickey-file=%%ETCDNSCRYPTWRAPPER%%/public.key --provider-secretkey-file=%%ETCDNSCRYPTWRAPPER%%/secret.key --gen-cert-file
+	fi
+}
+
+dnscrypt_wrapper_checks()
+{
+	dnscrypt_wrapper_check_name
+	dnscrypt_wrapper_keygen
+}
+
+run_rc_command "$1"

Added: head/dns/dnscrypt-wrapper/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/dnscrypt-wrapper/pkg-descr	Wed Sep  2 22:17:45 2015	(r395912)
@@ -0,0 +1,5 @@
+This is a port of dnscrypt-wrapper, which adds dnscrypt support to any name
+resolver. It is the server-side counterpart of dnscrypt-proxy, and is in fact
+derived from its source. 
+
+WWW: https://github.com/Cofyc/dnscrypt-wrapper/

Added: head/dns/dnscrypt-wrapper/pkg-plist
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/dnscrypt-wrapper/pkg-plist	Wed Sep  2 22:17:45 2015	(r395912)
@@ -0,0 +1,2 @@
+sbin/dnscrypt-wrapper
+ at dir etc/dnscrypt-wrapper

More information about the svn-ports-all mailing list