[arch-commits] Commit in dnscrypt-proxy/trunk (3 files)
David Runge
dvzrv at archlinux.org
Sat Mar 21 14:32:02 UTC 2020
Date: Saturday, March 21, 2020 @ 14:32:01
Author: dvzrv
Revision: 602772
upgpkg: dnscrypt-proxy 2.0.40-1: Upgrading to 2.0.40.
Pulling sources by tag and verifying against upstream's PGP key: 54A2B8892CC3D6A597B92B6C210627AABA709FE1.
Applying patch for configuration from separate github upstream.
Setting url to current source code upstream.
Adding PrivateUsers=yes and a StateDirectory (for potential DoH certificates) to the service file.
Modified:
dnscrypt-proxy/trunk/PKGBUILD
dnscrypt-proxy/trunk/dnscrypt-proxy.service
Deleted:
dnscrypt-proxy/trunk/configuration.diff
------------------------+
PKGBUILD | 22 ++++---
configuration.diff | 135 -----------------------------------------------
dnscrypt-proxy.service | 2
3 files changed, 14 insertions(+), 145 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-03-21 14:19:55 UTC (rev 602771)
+++ PKGBUILD 2020-03-21 14:32:01 UTC (rev 602772)
@@ -4,11 +4,11 @@
# Contributor: peace4all <markspost at rocketmail dot com>
pkgname=dnscrypt-proxy
-pkgver=2.0.39
-pkgrel=3
+pkgver=2.0.40
+pkgrel=1
pkgdesc="DNS proxy, supporting encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTPS"
arch=('x86_64')
-url="https://dnscrypt.info"
+url="https://github.com/DNSCrypt/dnscrypt-proxy"
license=('custom:ISC')
depends=('glibc')
makedepends=('git' 'go-pie')
@@ -21,18 +21,20 @@
"etc/${pkgname}/ip-blacklist.txt"
"etc/${pkgname}/whitelist.txt"
)
-source=("${pkgname}-${pkgver}.tar.gz::https://github.com/jedisct1/${pkgname}/archive/${pkgver}.tar.gz"
+source=("git+https://github.com/jedisct1/${pkgname}#tag=${pkgver}?signed"
"${pkgname}.service"
"${pkgname}.socket"
- 'configuration.diff')
-sha512sums=('d4eacd8d1989b99d9932d66ef609948558af26f9db1fc37acd6b5609e2a410d20828e32f2b79f2f9fbdf822998af641aec20128e4c58233663929106e29d8e24'
- 'a5ec1df803436b2330861f2121fc39337cafd80cff39d29f10499ec63df7232343c249ba7ef9abbd395239d6cd482d65fd7654d196f8363feca85dd8c75f2e15'
+ "${pkgname}-configuration.patch::https://github.com/dvzrv/dnscrypt-proxy/commit/8d0fb58eaf5b2e315c9a243e34596104d4f2bff4.patch")
+sha512sums=('SKIP'
+ '9a93a2383f575cfc9c7ddbf42d075dd62877dbe50572cd853067834e0a8b66ff0173472d4b8465d357ab4cd33beedf4c39db03b8908a67180ffdb404a00a0c65'
'56a56e87032da9316b392b0613124b0743673041596c717005541ae9b3994c7fc16c02497ea773d321f45d8e0f9ea8fda00783062cef4d5c8277b5b6f7cb10d5'
- '456a81906c9713f7b9bdc6e152d3688899da6f760758fce91a9c625da3d7286bf0fd1d54419a57aa5ec1d9d50e1d2db32b6d5f36c2f265e227dc7e8eef65cfdd')
+ '3144229a4b60a237f5f576650e6f7a34df90026307bb18b68b72bddc1cbdc14f4740c29ac570e1c337ff24439172b6f6e2f0d67ec5ccd38bea1572c7ad765ebb')
+validpgpkeys=('54A2B8892CC3D6A597B92B6C210627AABA709FE1') # Frank Denis (Jedi/Sector One) <pgp at pureftpd.org
prepare() {
+ mv -v "${pkgname}" "${pkgname}-${pkgver}"
cd "$pkgname-$pkgver"
- patch -Np1 -i ../configuration.diff
+ patch -Np1 -i "../${pkgname}-configuration.patch"
# create empty ip-blacklist.txt
touch "${pkgname}/ip-blacklist.txt"
}
@@ -43,7 +45,7 @@
}
package() {
- cd $pkgname-$pkgver
+ cd "$pkgname-$pkgver"
# executable
install -vDm 755 "${pkgname}/${pkgname}" -t "${pkgdir}/usr/bin/"
# configuration
Deleted: configuration.diff
===================================================================
--- configuration.diff 2020-03-21 14:19:55 UTC (rev 602771)
+++ configuration.diff 2020-03-21 14:32:01 UTC (rev 602772)
@@ -1,135 +0,0 @@
-diff -ruN a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml
---- a/dnscrypt-proxy/example-dnscrypt-proxy.toml 2019-11-18 13:00:34.000000000 +0100
-+++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml 2019-11-19 22:11:15.890730311 +0100
-@@ -138,12 +138,12 @@
-
- ## log file for the application
-
--# log_file = 'dnscrypt-proxy.log'
-+# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
-
-
- ## Use the system logger (syslog on Unix, Event Log on Windows)
-
--# use_syslog = true
-+use_syslog = true
-
-
- ## Delay, in minutes, after which certificates are reloaded
-@@ -280,7 +280,7 @@
- ## example.com 9.9.9.9
- ## example.net 9.9.9.9,8.8.8.8,1.1.1.1
-
--# forwarding_rules = 'forwarding-rules.txt'
-+# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt'
-
-
-
-@@ -296,7 +296,7 @@
- ## example.com 10.1.1.1
- ## www.google.com forcesafesearch.google.com
-
--# cloaking_rules = 'cloaking-rules.txt'
-+# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt'
-
- ## TTL used when serving entries in cloaking-rules.txt
-
-@@ -349,7 +349,7 @@
- ## Path to the query log file (absolute, or relative to the same directory as the executable file)
- ## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0)
-
-- # file = 'query.log'
-+ # file = '/var/log/dnscrypt-proxy/query.log'
-
-
- ## Query log format (currently supported: tsv and ltsv)
-@@ -375,7 +375,7 @@
-
- ## Path to the query log file (absolute, or relative to the same directory as the executable file)
-
-- # file = 'nx.log'
-+ # file = '/var/log/dnscrypt-proxy/nx.log'
-
-
- ## Query log format (currently supported: tsv and ltsv)
-@@ -405,12 +405,12 @@
-
- ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
-
-- # blacklist_file = 'blacklist.txt'
-+ # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
-
-
- ## Optional path to a file logging blocked queries
-
-- # log_file = 'blocked.log'
-+ # log_file = '/var/log/dnscrypt-proxy/blocked.log'
-
-
- ## Optional log format: tsv or ltsv (default: tsv)
-@@ -433,12 +433,12 @@
-
- ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
-
-- # blacklist_file = 'ip-blacklist.txt'
-+ # blacklist_file = '/etc/dnscrypt-proxy/ip-blacklist.txt'
-
-
- ## Optional path to a file logging blocked queries
-
-- # log_file = 'ip-blocked.log'
-+ # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
-
-
- ## Optional log format: tsv or ltsv (default: tsv)
-@@ -461,12 +461,12 @@
-
- ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file)
-
-- # whitelist_file = 'whitelist.txt'
-+ # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt'
-
-
- ## Optional path to a file logging whitelisted queries
-
-- # log_file = 'whitelisted.log'
-+ # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
-
-
- ## Optional log format: tsv or ltsv (default: tsv)
-@@ -536,7 +536,7 @@
-
- [sources.'public-resolvers']
- urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
-- cache_file = 'public-resolvers.md'
-+ cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
- minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
- prefix = ''
-
-@@ -544,7 +544,7 @@
-
- [sources.'relays']
- urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md']
-- cache_file = 'relays.md'
-+ cache_file = '/var/cache/dnscrypt-proxy/relays.md'
- minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
- refresh_delay = 72
- prefix = ''
-@@ -554,7 +554,7 @@
- # [sources.quad9-resolvers]
- # urls = ['https://www.quad9.net/quad9-resolvers.md']
- # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN'
-- # cache_file = 'quad9-resolvers.md'
-+ # cache_file = '/var/cache/dnscrypt-proxy/quad9-resolvers.md'
- # prefix = 'quad9-'
-
- ## Another example source, with resolvers censoring some websites not appropriate for children
-@@ -562,7 +562,7 @@
-
- # [sources.'parental-control']
- # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md']
-- # cache_file = 'parental-control.md'
-+ # cache_file = '/var/cache/dnscrypt-proxy/parental-control.md'
- # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-
-
Modified: dnscrypt-proxy.service
===================================================================
--- dnscrypt-proxy.service 2020-03-21 14:19:55 UTC (rev 602771)
+++ dnscrypt-proxy.service 2020-03-21 14:32:01 UTC (rev 602772)
@@ -16,6 +16,7 @@
NonBlocking=true
NoNewPrivileges=true
PrivateDevices=true
+PrivateUsers=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
@@ -27,6 +28,7 @@
RestrictNamespaces=true
RestrictRealtime=true
RuntimeDirectory=dnscrypt-proxy
+StateDirectory=dnscrypt-proxy
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@resources @privileged
More information about the arch-commits
mailing list