commit dnscrypt-proxy for openSUSE:Factory

root Mon, 13 Jul 2020 22:59:35 -0700

Hello community,

here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory 
checked in at 2020-07-14 07:57:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old)
 and      /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.3060 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "dnscrypt-proxy"

Tue Jul 14 07:57:54 2020 rev:6 rq:820018 version:2.0.44

Changes:
--------
--- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes    
2020-07-10 14:12:51.491524879 +0200
+++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.3060/dnscrypt-proxy.changes  
2020-07-14 07:59:18.293792606 +0200
@@ -1,0 +2,11 @@
+Tue Jun 30 12:00:00 UTC 2020 - cu...@mail.de
+
+- Made PID available in /run/dnscrypt-proxy/dnscrypt-proxy.pid
+  through systemd service unit.
+
+- README.openSUSE updated.
+
+- dnscrypt-proxy.socket.conf added as example for a systemd
+  drop-in file to override the socket unit.
+
+-------------------------------------------------------------------

New:
----
  dnscrypt-proxy.socket.conf

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ dnscrypt-proxy.spec ++++++
--- /var/tmp/diff_new_pack.ERWrDu/_old  2020-07-14 07:59:21.357802527 +0200
+++ /var/tmp/diff_new_pack.ERWrDu/_new  2020-07-14 07:59:21.361802540 +0200
@@ -41,12 +41,16 @@
 Source5:        install_licenses.sh
 # Some words
 Source6:        README.openSUSE
+# Example how to override socket unit
+Source7:        %{name}.socket.conf
 BuildRequires:  golang(API) >= 1.14
 BuildRequires:  golang-packaging
 BuildRequires:  pkgconfig
 BuildRequires:  shadow
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  pkgconfig(libsystemd)
+# For systemd pidfile solution.
+Requires:       bash
 # for daemon group/user
 Requires(pre):  shadow
 %{?systemd_requires}
@@ -81,7 +85,7 @@
 sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" 
utils/generate-domains-blacklists/generate-domains-blacklist.py
 
 %build
-cd dnscrypt-proxy
+cd %{name}
 go build -mod=vendor -buildmode=pie
 
 %install
@@ -91,8 +95,7 @@
   %{buildroot}%{home_dir}           \
   %{buildroot}%{config_dir}
 
-install -D -d -m 0755               \
-  %{buildroot}%{_datadir}/%{name}/
+install -D -d -m 0755 %{buildroot}%{_datadir}/%{name}/
 
 # Binary
 install -D -m 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name}
@@ -132,6 +135,9 @@
 # Some hints. Improvements and feedback welcome!
 cp %{SOURCE6} README.openSUSE
 
+# Example drop-in.
+cp %{SOURCE7} %{name}.socket.conf
+
 %pre
 # group and user
 getent group %{user_group} >/dev/null || %{_sbindir}/groupadd -r %{user_group}
@@ -166,7 +172,7 @@
 %dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
 %dir %attr(0750,%{user_group},%{user_group}) %{log_dir}
 %{_docdir}/%{name}/
-%doc ChangeLog README.md README.openSUSE
+%doc ChangeLog README.md README.openSUSE %{name}.socket.conf
 %license LICENSE
 %{_licensedir}/%{name}/%{vlic_dir}/
 

++++++ README.openSUSE ++++++
--- /var/tmp/diff_new_pack.ERWrDu/_old  2020-07-14 07:59:21.389802631 +0200
+++ /var/tmp/diff_new_pack.ERWrDu/_new  2020-07-14 07:59:21.393802644 +0200
@@ -1,27 +1,73 @@
-Some tips:
+***************************************************************************
+*                                                                         *
+*            README.openSUSE last edited for version 2.0.44               *
+*                                                                         *
+***************************************************************************
 
-1. Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first!
 
-2. Override "ListenStream" and "ListenDatagram" for dnscrypt-proxy.socket
-   according to your setup, especially if dnscrypt-proxy should not be used as
-   your primary name resolver.
-   In this case you might want to forward queries from a tool
-   like "dnsmasq" to dnscrypt-proxy.
-   Then the later should probably not listen on the default adress/port.
+Some hints:
+-----------
 
-3. If running via systemd, start as root once with
+Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first!
+
+A.
+If dnscrypt-proxy should act as your primary resolver and only listen at
+127.0.0.1:53, start as root once with
 
       $ systemctl start dnscrypt-proxy.socket
 
-   For always activating, do
+  and if you don't want to repeat this after next boots, do
 
       $ systemctl enable dnscrypt-proxy.socket
 
-4. Alternatively dnscrypt-proxy.service can be used the same way.
-   This will require you to set or uncomment "listen_addresses" in
-   /etc/dnscrypt-proxy/dnscrypt-proxy.toml
-   In this case the socket configuration described in (2.)
-   has to be done in this file directly.
 
+B.
+If you have some other resolver listening on 127.0.0.1:53 that should forward
+queries to dnscrypt-proxy it is recommended to create as root the directory
+
+/etc/systemd/system/dnscrypt-proxy.socket.d
+
+and copy the file
+
+dnscrypt-proxy.socket.conf
+
+into the created directory.
+An example  file should be available in this doc directory:
+/usr/share/doc/packages/dnscrypt-proxy
+
+Afterwards you have to start/enable the socket unit as described above in A.
+Additionally your primary resolver has to be configured to forward requests to
+the address specified in file dnscrypt-proxy.socket.conf - 127.0.0.1:5353 for
+example.
+
+
+C.
+Alternatively the unit dnscrypt-proxy.service can be used the same way as the
+socket unit described in A for starting and enabling.
+
+This will require you to set "listen_addresses" in file
+
+/etc/dnscrypt-proxy/dnscrypt-proxy.toml
+
+In this case dnscrypt-proxy has to setup the sockets itself and because it is
+by default executed as user "dnscrypt" it is not allowed to listen on
+ports < 1024.
+
+If dnscrypt-proxy should listen on these lower ports
+a) the socket unit should be used or
+b) the program has to be started directly by root or
+c) the user settings in the service unit have to be overridden
+   as described in B with files ending with ".conf"
+   in a to be created directory at
+
+   /etc/systemd/system/dnscrypt-proxy.service.d
+
+
+D.
+The socket OR the service unit should be started/enabled - not both.
+If the socket unit is used, it will start the service unit when queries are 
sent
+to one of its configured addresses.
 
+If using systemd, the PID should be available in file
+/run/dnscrypt-proxy/dnscrypt-proxy.pid
 

++++++ dnscrypt-proxy.service ++++++
--- /var/tmp/diff_new_pack.ERWrDu/_old  2020-07-14 07:59:21.413802708 +0200
+++ /var/tmp/diff_new_pack.ERWrDu/_new  2020-07-14 07:59:21.413802708 +0200
@@ -2,7 +2,8 @@
 Description=DNSCrypt-proxy client
 Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
 # with openSUSE changes
-Requires=dnscrypt-proxy.socket
+Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
+PartOf=dnscrypt-proxy.socket
 After=network.target
 Before=nss-lookup.target
 Wants=nss-lookup.target
@@ -12,6 +13,10 @@
 
 ExecStart=/usr/sbin/dnscrypt-proxy --config 
/etc/dnscrypt-proxy/dnscrypt-proxy.toml
 
+# May substitute command line option "pidfile".
+PIDFile=/run/dnscrypt-proxy/dnscrypt-proxy.pid
+ExecStartPost=-/bin/bash -c '/bin/echo -n $MAINPID > 
/run/dnscrypt-proxy/dnscrypt-proxy.pid'
+
 Group=dnscrypt
 User=dnscrypt
 WorkingDirectory=~
@@ -26,5 +31,5 @@
 ProtectKernelModules=yes
 
 [Install]
-Also=dnscrypt-proxy.socket
+# Also=dnscrypt-proxy.socket
 WantedBy=multi-user.target

++++++ dnscrypt-proxy.socket ++++++
--- /var/tmp/diff_new_pack.ERWrDu/_old  2020-07-14 07:59:21.433802773 +0200
+++ /var/tmp/diff_new_pack.ERWrDu/_new  2020-07-14 07:59:21.433802773 +0200
@@ -2,6 +2,7 @@
 Description=DNSCrypt-proxy socket
 Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd
 # with openSUSE changes
+Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE
 Before=nss-lookup.target
 Wants=nss-lookup.target
 

++++++ dnscrypt-proxy.socket.conf ++++++
[Unit]
Description=DNSCrypt-proxy forward config
Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE

[Socket]
ListenStream=
ListenDatagram=
ListenDatagram=127.0.0.1:5353
#ListenDatagram=[::1]:5353
++++++ example-dnscrypt-proxy.toml.sed ++++++
--- /var/tmp/diff_new_pack.ERWrDu/_old  2020-07-14 07:59:21.465802877 +0200
+++ /var/tmp/diff_new_pack.ERWrDu/_new  2020-07-14 07:59:21.469802890 +0200
@@ -1,6 +1,10 @@
 # the socket unit should listen
 s/listen_addresses = \['127.0.0.1:53']/#listen_addresses = 
['127.0.0.1:53']\nlisten_addresses = []/
 
+# point to shipped distro specific documentation
+12c\\n##********************************************************************##\n##
                                                                    ##
+13c\##                    README.openSUSE in directory                    
##\n##              \/usr\/share\/doc\/packages\/dnscrypt-proxy                
##\n##                       might be useful to read.                     
##\n##                                                                    
##\n##********************************************************************##
+
 # absolute paths by default
 s/# log_file = 'dnscrypt-proxy.log'/# log_file = 
'\/var\/log\/dnscrypt-proxy\/dnscrypt-proxy.log'/
 s/# forwarding_rules = 'forwarding-rules.txt'/# forwarding_rules = 
'\/etc\/dnscrypt-proxy\/forwarding-rules.txt'/

commit dnscrypt-proxy for openSUSE:Factory

Reply via email to