Date: Saturday, March 21, 2020 @ 14:32:01 Author: dvzrv Revision: 602772
upgpkg: dnscrypt-proxy 2.0.40-1: Upgrading to 2.0.40. Pulling sources by tag and verifying against upstream's PGP key: 54A2B8892CC3D6A597B92B6C210627AABA709FE1. Applying patch for configuration from separate github upstream. Setting url to current source code upstream. Adding PrivateUsers=yes and a StateDirectory (for potential DoH certificates) to the service file. Modified: dnscrypt-proxy/trunk/PKGBUILD dnscrypt-proxy/trunk/dnscrypt-proxy.service Deleted: dnscrypt-proxy/trunk/configuration.diff ------------------------+ PKGBUILD | 22 ++++--- configuration.diff | 135 ----------------------------------------------- dnscrypt-proxy.service | 2 3 files changed, 14 insertions(+), 145 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2020-03-21 14:19:55 UTC (rev 602771) +++ PKGBUILD 2020-03-21 14:32:01 UTC (rev 602772) @@ -4,11 +4,11 @@ # Contributor: peace4all <markspost at rocketmail dot com> pkgname=dnscrypt-proxy -pkgver=2.0.39 -pkgrel=3 +pkgver=2.0.40 +pkgrel=1 pkgdesc="DNS proxy, supporting encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTPS" arch=('x86_64') -url="https://dnscrypt.info" +url="https://github.com/DNSCrypt/dnscrypt-proxy" license=('custom:ISC') depends=('glibc') makedepends=('git' 'go-pie') @@ -21,18 +21,20 @@ "etc/${pkgname}/ip-blacklist.txt" "etc/${pkgname}/whitelist.txt" ) -source=("${pkgname}-${pkgver}.tar.gz::https://github.com/jedisct1/${pkgname}/archive/${pkgver}.tar.gz" +source=("git+https://github.com/jedisct1/${pkgname}#tag=${pkgver}?signed" "${pkgname}.service" "${pkgname}.socket" - 'configuration.diff') -sha512sums=('d4eacd8d1989b99d9932d66ef609948558af26f9db1fc37acd6b5609e2a410d20828e32f2b79f2f9fbdf822998af641aec20128e4c58233663929106e29d8e24' - 'a5ec1df803436b2330861f2121fc39337cafd80cff39d29f10499ec63df7232343c249ba7ef9abbd395239d6cd482d65fd7654d196f8363feca85dd8c75f2e15' + "${pkgname}-configuration.patch::https://github.com/dvzrv/dnscrypt-proxy/commit/8d0fb58eaf5b2e315c9a243e34596104d4f2bff4.patch") +sha512sums=('SKIP' + '9a93a2383f575cfc9c7ddbf42d075dd62877dbe50572cd853067834e0a8b66ff0173472d4b8465d357ab4cd33beedf4c39db03b8908a67180ffdb404a00a0c65' '56a56e87032da9316b392b0613124b0743673041596c717005541ae9b3994c7fc16c02497ea773d321f45d8e0f9ea8fda00783062cef4d5c8277b5b6f7cb10d5' - '456a81906c9713f7b9bdc6e152d3688899da6f760758fce91a9c625da3d7286bf0fd1d54419a57aa5ec1d9d50e1d2db32b6d5f36c2f265e227dc7e8eef65cfdd') + '3144229a4b60a237f5f576650e6f7a34df90026307bb18b68b72bddc1cbdc14f4740c29ac570e1c337ff24439172b6f6e2f0d67ec5ccd38bea1572c7ad765ebb') +validpgpkeys=('54A2B8892CC3D6A597B92B6C210627AABA709FE1') # Frank Denis (Jedi/Sector One) <p...@pureftpd.org prepare() { + mv -v "${pkgname}" "${pkgname}-${pkgver}" cd "$pkgname-$pkgver" - patch -Np1 -i ../configuration.diff + patch -Np1 -i "../${pkgname}-configuration.patch" # create empty ip-blacklist.txt touch "${pkgname}/ip-blacklist.txt" } @@ -43,7 +45,7 @@ } package() { - cd $pkgname-$pkgver + cd "$pkgname-$pkgver" # executable install -vDm 755 "${pkgname}/${pkgname}" -t "${pkgdir}/usr/bin/" # configuration Deleted: configuration.diff =================================================================== --- configuration.diff 2020-03-21 14:19:55 UTC (rev 602771) +++ configuration.diff 2020-03-21 14:32:01 UTC (rev 602772) @@ -1,135 +0,0 @@ -diff -ruN a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml ---- a/dnscrypt-proxy/example-dnscrypt-proxy.toml 2019-11-18 13:00:34.000000000 +0100 -+++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml 2019-11-19 22:11:15.890730311 +0100 -@@ -138,12 +138,12 @@ - - ## log file for the application - --# log_file = 'dnscrypt-proxy.log' -+# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log' - - - ## Use the system logger (syslog on Unix, Event Log on Windows) - --# use_syslog = true -+use_syslog = true - - - ## Delay, in minutes, after which certificates are reloaded -@@ -280,7 +280,7 @@ - ## example.com 9.9.9.9 - ## example.net 9.9.9.9,8.8.8.8,1.1.1.1 - --# forwarding_rules = 'forwarding-rules.txt' -+# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt' - - - -@@ -296,7 +296,7 @@ - ## example.com 10.1.1.1 - ## www.google.com forcesafesearch.google.com - --# cloaking_rules = 'cloaking-rules.txt' -+# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt' - - ## TTL used when serving entries in cloaking-rules.txt - -@@ -349,7 +349,7 @@ - ## Path to the query log file (absolute, or relative to the same directory as the executable file) - ## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0) - -- # file = 'query.log' -+ # file = '/var/log/dnscrypt-proxy/query.log' - - - ## Query log format (currently supported: tsv and ltsv) -@@ -375,7 +375,7 @@ - - ## Path to the query log file (absolute, or relative to the same directory as the executable file) - -- # file = 'nx.log' -+ # file = '/var/log/dnscrypt-proxy/nx.log' - - - ## Query log format (currently supported: tsv and ltsv) -@@ -405,12 +405,12 @@ - - ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) - -- # blacklist_file = 'blacklist.txt' -+ # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt' - - - ## Optional path to a file logging blocked queries - -- # log_file = 'blocked.log' -+ # log_file = '/var/log/dnscrypt-proxy/blocked.log' - - - ## Optional log format: tsv or ltsv (default: tsv) -@@ -433,12 +433,12 @@ - - ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) - -- # blacklist_file = 'ip-blacklist.txt' -+ # blacklist_file = '/etc/dnscrypt-proxy/ip-blacklist.txt' - - - ## Optional path to a file logging blocked queries - -- # log_file = 'ip-blocked.log' -+ # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log' - - - ## Optional log format: tsv or ltsv (default: tsv) -@@ -461,12 +461,12 @@ - - ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file) - -- # whitelist_file = 'whitelist.txt' -+ # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt' - - - ## Optional path to a file logging whitelisted queries - -- # log_file = 'whitelisted.log' -+ # log_file = '/var/log/dnscrypt-proxy/whitelisted.log' - - - ## Optional log format: tsv or ltsv (default: tsv) -@@ -536,7 +536,7 @@ - - [sources.'public-resolvers'] - urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] -- cache_file = 'public-resolvers.md' -+ cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md' - minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - prefix = '' - -@@ -544,7 +544,7 @@ - - [sources.'relays'] - urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md'] -- cache_file = 'relays.md' -+ cache_file = '/var/cache/dnscrypt-proxy/relays.md' - minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - refresh_delay = 72 - prefix = '' -@@ -554,7 +554,7 @@ - # [sources.quad9-resolvers] - # urls = ['https://www.quad9.net/quad9-resolvers.md'] - # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN' -- # cache_file = 'quad9-resolvers.md' -+ # cache_file = '/var/cache/dnscrypt-proxy/quad9-resolvers.md' - # prefix = 'quad9-' - - ## Another example source, with resolvers censoring some websites not appropriate for children -@@ -562,7 +562,7 @@ - - # [sources.'parental-control'] - # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md'] -- # cache_file = 'parental-control.md' -+ # cache_file = '/var/cache/dnscrypt-proxy/parental-control.md' - # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - - Modified: dnscrypt-proxy.service =================================================================== --- dnscrypt-proxy.service 2020-03-21 14:19:55 UTC (rev 602771) +++ dnscrypt-proxy.service 2020-03-21 14:32:01 UTC (rev 602772) @@ -16,6 +16,7 @@ NonBlocking=true NoNewPrivileges=true PrivateDevices=true +PrivateUsers=yes ProtectControlGroups=yes ProtectHome=yes ProtectHostname=yes @@ -27,6 +28,7 @@ RestrictNamespaces=true RestrictRealtime=true RuntimeDirectory=dnscrypt-proxy +StateDirectory=dnscrypt-proxy SystemCallArchitectures=native SystemCallFilter=@system-service SystemCallFilter=~@resources @privileged