aboutsummaryrefslogtreecommitdiffstats
path: root/dns
diff options
context:
space:
mode:
authorjunovitch <junovitch@FreeBSD.org>2015-09-03 06:17:45 +0800
committerjunovitch <junovitch@FreeBSD.org>2015-09-03 06:17:45 +0800
commitaea1ce93351e491f1db26791757b2146e760d0fa (patch)
tree4443d5593bbbadcd5c7aa7ace2bbb285fc19b970 /dns
parent6b9144ed8bbee41a5f95e9c6b857da8a3fb0fdd6 (diff)
downloadfreebsd-ports-gnome-aea1ce93351e491f1db26791757b2146e760d0fa.tar.gz
freebsd-ports-gnome-aea1ce93351e491f1db26791757b2146e760d0fa.tar.zst
freebsd-ports-gnome-aea1ce93351e491f1db26791757b2146e760d0fa.zip
New Port: dns/dnscrypt-wrapper
This is a port of dnscrypt-wrapper, which adds dnscrypt support to any name resolver. It is the server-side counterpart of dnscrypt-proxy, and is in fact derived from its source. PR: 200015 Submitted by: freebsd@toyingwithfate.com Approved by: feld (mentor) Differential Revision: https://reviews.freebsd.org/D3535
Diffstat (limited to 'dns')
-rw-r--r--dns/Makefile1
-rw-r--r--dns/dnscrypt-wrapper/Makefile32
-rw-r--r--dns/dnscrypt-wrapper/distinfo2
-rw-r--r--dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in109
-rw-r--r--dns/dnscrypt-wrapper/pkg-descr5
-rw-r--r--dns/dnscrypt-wrapper/pkg-plist2
6 files changed, 151 insertions, 0 deletions
diff --git a/dns/Makefile b/dns/Makefile
index 3e800337b303..39ba997b78bd 100644
--- a/dns/Makefile
+++ b/dns/Makefile
@@ -34,6 +34,7 @@
SUBDIR += dnscheck
SUBDIR += dnscheckengine
SUBDIR += dnscrypt-proxy
+ SUBDIR += dnscrypt-wrapper
SUBDIR += dnsdbck
SUBDIR += dnsdist
SUBDIR += dnsflood
diff --git a/dns/dnscrypt-wrapper/Makefile b/dns/dnscrypt-wrapper/Makefile
new file mode 100644
index 000000000000..efc6aaa2f9ae
--- /dev/null
+++ b/dns/dnscrypt-wrapper/Makefile
@@ -0,0 +1,32 @@
+# $FreeBSD$
+
+PORTNAME= dnscrypt-wrapper
+PORTVERSION= 0.2
+CATEGORIES= dns
+
+MAINTAINER= freebsd@toyingwithfate.com
+COMMENT= Adds dnscrypt support to any name resolver
+
+LICENSE= GPLv2
+LICENSE_FILE= ${WRKSRC}/COPYING
+
+LIB_DEPENDS= libsodium.so:${PORTSDIR}/security/libsodium \
+ libevent.so:${PORTSDIR}/devel/libevent2
+
+USE_GITHUB= yes
+GH_ACCOUNT= Cofyc
+GH_TAGNAME= v${PORTVERSION}
+
+USERS= _dnscrypt-wrapper
+ETCDNSCRYPTWRAPPER= ${PREFIX}/etc/${PORTNAME}
+SUB_LIST+= ETCDNSCRYPTWRAPPER="${ETCDNSCRYPTWRAPPER}" USERS="${USERS}"
+USE_RC_SUBR= ${PORTNAME}
+
+USES= gmake
+MAKE_ARGS= LDFLAGS="-L${LOCALBASE}/lib" CFLAGS="-I${LOCALBASE}/include" PREFIX="${STAGEDIR}${PREFIX}"
+
+post-install:
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/*
+ ${MKDIR} ${STAGEDIR}${ETCDNSCRYPTWRAPPER}
+
+.include <bsd.port.mk>
diff --git a/dns/dnscrypt-wrapper/distinfo b/dns/dnscrypt-wrapper/distinfo
new file mode 100644
index 000000000000..5aa0e3d56c3f
--- /dev/null
+++ b/dns/dnscrypt-wrapper/distinfo
@@ -0,0 +1,2 @@
+SHA256 (Cofyc-dnscrypt-wrapper-0.2-v0.2_GH0.tar.gz) = 36612c5eb440658a27619ae6e345582e6e3be7a40e9215ea82ac6f65c15de95f
+SIZE (Cofyc-dnscrypt-wrapper-0.2-v0.2_GH0.tar.gz) = 50925
diff --git a/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in b/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in
new file mode 100644
index 000000000000..5acb1ce6b974
--- /dev/null
+++ b/dns/dnscrypt-wrapper/files/dnscrypt-wrapper.in
@@ -0,0 +1,109 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: dnscrypt_wrapper
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable dnscrypt-wrapper:
+#
+# dnscrypt_wrapper_enable (bool): Set to "NO" by default.
+# Set it to "YES" to enable dnscrypt_wrapper.
+# dnscrypt_wrapper_uid (str): Set to "%%USERS%%" by default.
+# User to switch to after starting.
+# dnscrypt_wrapper_pidfile (str): Set to "/var/run/dnscrypt-wrapper.pid" by default.
+# Path of the pid file.
+# dnscrypt_wrapper_logfile (str): Set to "/var/log/dnscrypt-wrapper.log" by default.
+# Path of the log file.
+# dnscrypt_wrapper_resolver (str): Set to "127.0.0.1:53" by default.
+# <address:port> to reach the upstream DNS resolver at.
+# dnscrypt_wrapper_listen (str): Set to "0.0.0.0:54" by default.
+# <address:port> to listen on.
+# dnscrypt_wrapper_crypt_secretkey_file (str): Set to "%%ETCDNSCRYPTWRAPPER%%/crypt_secret.key" by default.
+# Path of the secret crypt key.
+# dnscrypt_wrapper_provider_cert_file (str): Set to "%%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert" by default.
+# Path of the pre-signed certificate.
+# dnscrypt_wrapper_provider_name (str): Set to "2.dnscrypt-cert.`/bin/hostname`" by default.
+# Provider name.
+
+. /etc/rc.subr
+
+name=dnscrypt_wrapper
+rcvar=dnscrypt_wrapper_enable
+
+# read configuration and set defaults
+load_rc_config ${name}
+: ${dnscrypt_wrapper_enable:=NO}
+: ${dnscrypt_wrapper_uid=%%USERS%%}
+: ${dnscrypt_wrapper_pidfile=/var/run/dnscrypt-wrapper.pid}
+: ${dnscrypt_wrapper_logfile=/var/log/dnscrypt-wrapper.log}
+: ${dnscrypt_wrapper_resolver=127.0.0.1:53}
+: ${dnscrypt_wrapper_listen=0.0.0.0:54}
+: ${dnscrypt_wrapper_crypt_secretkey_file=%%ETCDNSCRYPTWRAPPER%%/crypt_secret.key}
+: ${dnscrypt_wrapper_provider_cert_file=%%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert}
+: ${dnscrypt_wrapper_provider_name=2.dnscrypt-cert.`/bin/hostname`}
+
+command=%%PREFIX%%/sbin/dnscrypt-wrapper
+extra_commands="checks check_name keygen"
+start_precmd="${name}_checks"
+command_args="-a ${dnscrypt_wrapper_listen} -r ${dnscrypt_wrapper_resolver} -u ${dnscrypt_wrapper_uid} -d -p ${dnscrypt_wrapper_pidfile} -l ${dnscrypt_wrapper_logfile} --crypt-secretkey-file=${dnscrypt_wrapper_crypt_secretkey_file} --provider-cert-file=${dnscrypt_wrapper_provider_cert_file} --provider-name=${dnscrypt_wrapper_provider_name} -V"
+procname=%%PREFIX%%/sbin/dnscrypt-wrapper
+pidfile=${dnscrypt_wrapper_pidfile}
+
+dnscrypt_wrapper_check_name()
+{
+ if [ -z "${dnscrypt_wrapper_provider_name}" ]; then
+ err 1 '${dnscrypt_wrapper_provider_name} must be set in /etc/rc.conf'
+ fi
+}
+
+dnscrypt_wrapper_keygen()
+{
+ if [ -f %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key -a \
+ -f %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert ]; then
+ return 0
+ fi
+
+ cd %%ETCDNSCRYPTWRAPPER%%/
+ umask 077
+
+ # Can't do anything if dnscrypt-wrapper is not installed
+ [ -x %%PREFIX%%/sbin/dnscrypt-wrapper ] ||
+ err 1 "%%PREFIX%%/sbin/dnscrypt-wrapper does not exist."
+
+ if [ -f %%ETCDNSCRYPTWRAPPER%%/public.key -a \
+ -f %%ETCDNSCRYPTWRAPPER%%/secret.key ]; then
+ echo "You already have a provider keypair in:"
+ echo " %%ETCDNSCRYPTWRAPPER%%/public.key and %%ETCDNSCRYPTWRAPPER%%/secret.key"
+ echo "Skipping provider keypair generation."
+ else
+ %%PREFIX%%/sbin/dnscrypt-wrapper --gen-provider-keypair
+ fi
+
+ if [ -f %%ETCDNSCRYPTWRAPPER%%/crypt_public.key -a \
+ -f %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key ]; then
+ echo "You already have a crypt keypair in:"
+ echo " %%ETCDNSCRYPTWRAPPER%%/crypt_public.key and %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key"
+ echo "Skipping crypt keypair generation."
+ else
+ %%PREFIX%%/sbin/dnscrypt-wrapper --gen-crypt-keypair
+ fi
+
+ if [ -f %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert ]; then
+ echo "You already have a pre-signed certificate in:"
+ echo " %%ETCDNSCRYPTWRAPPER%%/dnscrypt.cert"
+ echo "Skipping pre-signed certificate generation."
+ else
+ %%PREFIX%%/sbin/dnscrypt-wrapper --crypt-secretkey-file %%ETCDNSCRYPTWRAPPER%%/crypt_secret.key --provider-publickey-file=%%ETCDNSCRYPTWRAPPER%%/public.key --provider-secretkey-file=%%ETCDNSCRYPTWRAPPER%%/secret.key --gen-cert-file
+ fi
+}
+
+dnscrypt_wrapper_checks()
+{
+ dnscrypt_wrapper_check_name
+ dnscrypt_wrapper_keygen
+}
+
+run_rc_command "$1"
diff --git a/dns/dnscrypt-wrapper/pkg-descr b/dns/dnscrypt-wrapper/pkg-descr
new file mode 100644
index 000000000000..393fd04168bf
--- /dev/null
+++ b/dns/dnscrypt-wrapper/pkg-descr
@@ -0,0 +1,5 @@
+This is a port of dnscrypt-wrapper, which adds dnscrypt support to any name
+resolver. It is the server-side counterpart of dnscrypt-proxy, and is in fact
+derived from its source.
+
+WWW: https://github.com/Cofyc/dnscrypt-wrapper/
diff --git a/dns/dnscrypt-wrapper/pkg-plist b/dns/dnscrypt-wrapper/pkg-plist
new file mode 100644
index 000000000000..dab4c82a59c4
--- /dev/null
+++ b/dns/dnscrypt-wrapper/pkg-plist
@@ -0,0 +1,2 @@
+sbin/dnscrypt-wrapper
+@dir etc/dnscrypt-wrapper