[arch-commits] Commit in dnscrypt-proxy/trunk (3 files)

David Runge dvzrv at archlinux.org
Sat Mar 21 14:32:02 UTC 2020


    Date: Saturday, March 21, 2020 @ 14:32:01
  Author: dvzrv
Revision: 602772

upgpkg: dnscrypt-proxy 2.0.40-1: Upgrading to 2.0.40.

Pulling sources by tag and verifying against upstream's PGP key: 54A2B8892CC3D6A597B92B6C210627AABA709FE1.
Applying patch for configuration from separate github upstream.
Setting url to current source code upstream.
Adding PrivateUsers=yes and a StateDirectory (for potential DoH certificates) to the service file.

Modified:
  dnscrypt-proxy/trunk/PKGBUILD
  dnscrypt-proxy/trunk/dnscrypt-proxy.service
Deleted:
  dnscrypt-proxy/trunk/configuration.diff

------------------------+
 PKGBUILD               |   22 ++++---
 configuration.diff     |  135 -----------------------------------------------
 dnscrypt-proxy.service |    2 
 3 files changed, 14 insertions(+), 145 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-03-21 14:19:55 UTC (rev 602771)
+++ PKGBUILD	2020-03-21 14:32:01 UTC (rev 602772)
@@ -4,11 +4,11 @@
 # Contributor: peace4all <markspost at rocketmail dot com>
 
 pkgname=dnscrypt-proxy
-pkgver=2.0.39
-pkgrel=3
+pkgver=2.0.40
+pkgrel=1
 pkgdesc="DNS proxy, supporting encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTPS"
 arch=('x86_64')
-url="https://dnscrypt.info"
+url="https://github.com/DNSCrypt/dnscrypt-proxy"
 license=('custom:ISC')
 depends=('glibc')
 makedepends=('git' 'go-pie')
@@ -21,18 +21,20 @@
         "etc/${pkgname}/ip-blacklist.txt"
         "etc/${pkgname}/whitelist.txt"
 )
-source=("${pkgname}-${pkgver}.tar.gz::https://github.com/jedisct1/${pkgname}/archive/${pkgver}.tar.gz"
+source=("git+https://github.com/jedisct1/${pkgname}#tag=${pkgver}?signed"
         "${pkgname}.service"
         "${pkgname}.socket"
-        'configuration.diff')
-sha512sums=('d4eacd8d1989b99d9932d66ef609948558af26f9db1fc37acd6b5609e2a410d20828e32f2b79f2f9fbdf822998af641aec20128e4c58233663929106e29d8e24'
-            'a5ec1df803436b2330861f2121fc39337cafd80cff39d29f10499ec63df7232343c249ba7ef9abbd395239d6cd482d65fd7654d196f8363feca85dd8c75f2e15'
+        "${pkgname}-configuration.patch::https://github.com/dvzrv/dnscrypt-proxy/commit/8d0fb58eaf5b2e315c9a243e34596104d4f2bff4.patch")
+sha512sums=('SKIP'
+            '9a93a2383f575cfc9c7ddbf42d075dd62877dbe50572cd853067834e0a8b66ff0173472d4b8465d357ab4cd33beedf4c39db03b8908a67180ffdb404a00a0c65'
             '56a56e87032da9316b392b0613124b0743673041596c717005541ae9b3994c7fc16c02497ea773d321f45d8e0f9ea8fda00783062cef4d5c8277b5b6f7cb10d5'
-            '456a81906c9713f7b9bdc6e152d3688899da6f760758fce91a9c625da3d7286bf0fd1d54419a57aa5ec1d9d50e1d2db32b6d5f36c2f265e227dc7e8eef65cfdd')
+            '3144229a4b60a237f5f576650e6f7a34df90026307bb18b68b72bddc1cbdc14f4740c29ac570e1c337ff24439172b6f6e2f0d67ec5ccd38bea1572c7ad765ebb')
+validpgpkeys=('54A2B8892CC3D6A597B92B6C210627AABA709FE1') # Frank Denis (Jedi/Sector One) <pgp at pureftpd.org
 
 prepare() {
+  mv -v "${pkgname}" "${pkgname}-${pkgver}"
   cd "$pkgname-$pkgver"
-  patch -Np1 -i ../configuration.diff
+  patch -Np1 -i "../${pkgname}-configuration.patch"
   # create empty ip-blacklist.txt
   touch "${pkgname}/ip-blacklist.txt"
 }
@@ -43,7 +45,7 @@
 }
 
 package() {
-  cd $pkgname-$pkgver
+  cd "$pkgname-$pkgver"
   # executable
   install -vDm 755 "${pkgname}/${pkgname}" -t "${pkgdir}/usr/bin/"
   # configuration

Deleted: configuration.diff
===================================================================
--- configuration.diff	2020-03-21 14:19:55 UTC (rev 602771)
+++ configuration.diff	2020-03-21 14:32:01 UTC (rev 602772)
@@ -1,135 +0,0 @@
-diff -ruN a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml
---- a/dnscrypt-proxy/example-dnscrypt-proxy.toml	2019-11-18 13:00:34.000000000 +0100
-+++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml	2019-11-19 22:11:15.890730311 +0100
-@@ -138,12 +138,12 @@
- 
- ## log file for the application
- 
--# log_file = 'dnscrypt-proxy.log'
-+# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
- 
- 
- ## Use the system logger (syslog on Unix, Event Log on Windows)
- 
--# use_syslog = true
-+use_syslog = true
- 
- 
- ## Delay, in minutes, after which certificates are reloaded
-@@ -280,7 +280,7 @@
- ## example.com 9.9.9.9
- ## example.net 9.9.9.9,8.8.8.8,1.1.1.1
- 
--# forwarding_rules = 'forwarding-rules.txt'
-+# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt'
- 
- 
- 
-@@ -296,7 +296,7 @@
- ## example.com     10.1.1.1
- ## www.google.com  forcesafesearch.google.com
- 
--# cloaking_rules = 'cloaking-rules.txt'
-+# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt'
- 
- ## TTL used when serving entries in cloaking-rules.txt
- 
-@@ -349,7 +349,7 @@
-   ## Path to the query log file (absolute, or relative to the same directory as the executable file)
-   ## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0)
- 
--  # file = 'query.log'
-+  # file = '/var/log/dnscrypt-proxy/query.log'
- 
- 
-   ## Query log format (currently supported: tsv and ltsv)
-@@ -375,7 +375,7 @@
- 
-   ## Path to the query log file (absolute, or relative to the same directory as the executable file)
- 
--  # file = 'nx.log'
-+  # file = '/var/log/dnscrypt-proxy/nx.log'
- 
- 
-   ## Query log format (currently supported: tsv and ltsv)
-@@ -405,12 +405,12 @@
- 
-   ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
- 
--  # blacklist_file = 'blacklist.txt'
-+  # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
- 
- 
-   ## Optional path to a file logging blocked queries
- 
--  # log_file = 'blocked.log'
-+  # log_file = '/var/log/dnscrypt-proxy/blocked.log'
- 
- 
-   ## Optional log format: tsv or ltsv (default: tsv)
-@@ -433,12 +433,12 @@
- 
-   ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
- 
--  # blacklist_file = 'ip-blacklist.txt'
-+  # blacklist_file = '/etc/dnscrypt-proxy/ip-blacklist.txt'
- 
- 
-   ## Optional path to a file logging blocked queries
- 
--  # log_file = 'ip-blocked.log'
-+  # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
- 
- 
-   ## Optional log format: tsv or ltsv (default: tsv)
-@@ -461,12 +461,12 @@
- 
-   ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file)
- 
--  # whitelist_file = 'whitelist.txt'
-+  # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt'
- 
- 
-   ## Optional path to a file logging whitelisted queries
- 
--  # log_file = 'whitelisted.log'
-+  # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
- 
- 
-   ## Optional log format: tsv or ltsv (default: tsv)
-@@ -536,7 +536,7 @@
- 
-   [sources.'public-resolvers']
-   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
--  cache_file = 'public-resolvers.md'
-+  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
-   minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-   prefix = ''
- 
-@@ -544,7 +544,7 @@
- 
-   [sources.'relays']
-   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md']
--  cache_file = 'relays.md'
-+  cache_file = '/var/cache/dnscrypt-proxy/relays.md'
-   minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-   refresh_delay = 72
-   prefix = ''
-@@ -554,7 +554,7 @@
-   # [sources.quad9-resolvers]
-   # urls = ['https://www.quad9.net/quad9-resolvers.md']
-   # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN'
--  # cache_file = 'quad9-resolvers.md'
-+  # cache_file = '/var/cache/dnscrypt-proxy/quad9-resolvers.md'
-   # prefix = 'quad9-'
- 
-   ## Another example source, with resolvers censoring some websites not appropriate for children
-@@ -562,7 +562,7 @@
- 
-   #  [sources.'parental-control']
-   #  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md']
--  #  cache_file = 'parental-control.md'
-+  #  cache_file = '/var/cache/dnscrypt-proxy/parental-control.md'
-   #  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
- 
- 

Modified: dnscrypt-proxy.service
===================================================================
--- dnscrypt-proxy.service	2020-03-21 14:19:55 UTC (rev 602771)
+++ dnscrypt-proxy.service	2020-03-21 14:32:01 UTC (rev 602772)
@@ -16,6 +16,7 @@
 NonBlocking=true
 NoNewPrivileges=true
 PrivateDevices=true
+PrivateUsers=yes
 ProtectControlGroups=yes
 ProtectHome=yes
 ProtectHostname=yes
@@ -27,6 +28,7 @@
 RestrictNamespaces=true
 RestrictRealtime=true
 RuntimeDirectory=dnscrypt-proxy
+StateDirectory=dnscrypt-proxy
 SystemCallArchitectures=native
 SystemCallFilter=@system-service
 SystemCallFilter=~@resources @privileged



More information about the arch-commits mailing list