community/dnscrypt-proxy upgrade to 2.0.19 Support for all latest features

2026-05-04 12:01:41 +02:00 · 2018-12-09 20:08:14 +00:00 · 2018-12-09 20:08:14 +00:00 · d8a94c5c11
commit d8a94c5c11
parent bbf750a678
2 changed files with 60 additions and 23 deletions
--- a/community/dnscrypt-proxy/APKBUILD
+++ b/community/dnscrypt-proxy/APKBUILD
@ -1,7 +1,7 @@
 # Contributor: Ian Bashford <ianbashford@gmail.com>
 # Maintainer: Ian Bashford <ianbashford@gmail.com>
 pkgname=dnscrypt-proxy
-pkgver=2.0.15
+pkgver=2.0.19
 pkgrel=0
 pkgdesc="A tool for securing communications between a client and a DNS resolver"
 url="https://dnscrypt.info"
@ -12,7 +12,7 @@ makedepends="libcap go"
 install="$pkgname.pre-install"
 pkgusers=dnscrypt
 pkggroups=dnscrypt
-subpackages="$pkgname-setup::noarch $pkgname-openrc"
+subpackages="$pkgname-setup::noarch $pkgname-openrc::noarch"
 source="$pkgname-$pkgver.tar.gz::https://github.com/jedisct1/$pkgname/archive/$pkgver.tar.gz
 	$pkgname.initd
 	$pkgname.confd
@ -36,9 +36,10 @@ build() {

 package() {
 	cd "$builddir"/"$pkgname"
-	mkdir -p "$pkgdir"/etc/"$pkgname"
-	mkdir -p "$pkgdir"/var/log/"$pkgname"
-	mkdir -p "$pkgdir"/usr/share/"$pkgname"
+	install -d -o $pkgusers -g $pkggroups -m 755 "$pkgdir"/etc/$pkgname
+	install -d -o $pkgusers -g $pkggroups -m 755 "$pkgdir"/usr/share/$pkgname
+	install -d -o $pkgusers -g $pkggroups -m 755 "$pkgdir"/var/cache/$pkgname
+	install -d -o $pkgusers -g $pkggroups -m 755 "$pkgdir"/var/log/$pkgname
 	install -m755 -D dnscrypt-proxy "$pkgdir"/usr/bin/dnscrypt-proxy
 	setcap cap_net_bind_service=+ep "$pkgdir"/usr/bin/dnscrypt-proxy
 	install -vDm 644 "dnscrypt-proxy.toml" "${pkgdir}/etc/${pkgname}/dnscrypt-proxy.toml"
@ -54,8 +55,8 @@ setup() {
 	install -m755 -D "$srcdir"/$pkgname.setup "$subpkgdir"/usr/sbin/setup-dnscrypt
 }

-sha512sums="4517ab7b7eb1474f8c9e133a289caf6c02f472b51b910f1fbe1e5ffd6d389943626c8878e68f7f27a47b00301a427dfe9c563bc82b67cafab32f4ab3bc4c84b9  dnscrypt-proxy-2.0.15.tar.gz
+sha512sums="4501a64717c0f2a9313e9328340e466c9ec325d09ef548f6af9a7855ff3497fb741269a17b397a36e2a120519820378e9f98a6a768a3678ea8144ee4690364f6  dnscrypt-proxy-2.0.19.tar.gz
 e0a72d39d47dc24b889d08beedbd9fdf21615f42fbab79980debdfd2c3feaa83dc3f776351f7dd13533cc85905ce4e01812e4ff8a80a9ccc0b21e9db7d6cb232  dnscrypt-proxy.initd
 c001ae39da1b2db71764cab568f9ed18e4de0cea3d1a4e7bd6dd01a5668b81a888ea9eef99de6beac08857ad7f8eb1a32d730e946ac3563e4dcfa27147e35052  dnscrypt-proxy.confd
 66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0  dnscrypt-proxy.setup
-0de69a4a32e50bc0c23c67fb314f30c5404d823e060d1fb88933d3e6aa8eabe8b93c452cd2994faa7482d9b135535326814eaf40a515f9b5d713fb4a86a0096c  config-full-paths.patch"
+31e02083f9b246ab7a41c5d2951dd00e2ba280c4154fe345022da8401ff937de53d4ace48835140a059995f0dec0c41c51ab6bed05d696cbeb333b63d1a50e5d  config-full-paths.patch"
--- a/community/dnscrypt-proxy/config-full-paths.patch
+++ b/community/dnscrypt-proxy/config-full-paths.patch
@ -1,9 +1,9 @@
 diff --git a/./dnscrypt-proxy.toml b/dnscrypt-proxy/dnscrypt-proxy.toml
 new file mode 100644
-index 0000000..347ada5
+index 0000000..ceb9308
 --- /dev/null
 +++ b/dnscrypt-proxy/dnscrypt-proxy.toml
-@@ -0,0 +1,465 @@
+@@ -0,0 +1,506 @@
 +
 +##############################################
 +#                                            #
@ -47,6 +47,14 @@ index 0000000..347ada5
 +max_clients = 250
 +
 +
+## Switch to a different system user after listening sockets have been created.
+## Note (1): this feature is currently unsupported on Windows.
+## Note (2): this feature is not compatible with systemd socket activation.
+## Note (3): when using -pidfile, the PID file directory must be writable by the new user
+
+# user_name = 'dnscrypt'
+
+
 +## Require servers (from static + remote sources) to satisfy specific properties
 +
 +# Use servers reachable over IPv4
@ -74,17 +82,23 @@ index 0000000..347ada5
 +require_nofilter = true
 +
 +
-+
-+## Always use TCP to connect to upstream servers
+## Always use TCP to connect to upstream servers.
+## This can be can be useful if you need to route everything through Tor.
+## Otherwise, leave this to `false`, as it doesn't improve security
+## (dnscrypt-proxy will always encrypt everything even using UDP), and can
+## only increase latency.
 +
 +force_tcp = false
 +
+
 +## HTTP / SOCKS proxy
 +## Uncomment the following line to route all TCP connections to a local Tor node
 +## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
 +
 +# proxy = "socks5://127.0.0.1:9050"
 +
+
+
 +## How long a DNS query will wait for a response, in milliseconds
 +
 +timeout = 2500
@ -107,7 +121,7 @@ index 0000000..347ada5
 +
 +## log file for the application
 +
-+# log_file = '/var/log/dnscrypt-proxy.log'
+# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
 +
 +
 +## Use the system logger (syslog on Unix, Event Log on Windows)
@ -165,12 +179,28 @@ index 0000000..347ada5
 +fallback_resolver = '9.9.9.9:53'
 +
 +
-+## Never try to use the system DNS settings; unconditionally use the
-+## fallback resolver.
+## Never let dnscrypt-proxy try to use the system DNS settings;
+## unconditionally use the fallback resolver.
 +
 +ignore_system_dns = false
 +
 +
+## Maximum time (in seconds) to wait for network connectivity before
+## initializing the proxy.
+## Useful if the proxy is automatically started at boot, and network
+## connectivity is not guaranteed to be immediately available.
+## Use 0 to disable.
+
+netprobe_timeout = 30
+
+
+## Offline mode - Do not use any remote encrypted servers.
+## The proxy will remain fully functional to respond to queries that
+## plugins can handle directly (forwarding, cloaking, ...)
+
+# offline_mode = false
+
+
 +## Automatic log files rotation
 +
 +# Maximum log files size in MB
@ -190,8 +220,9 @@ index 0000000..347ada5
 +
 +## Immediately respond to IPv6-related queries with an empty response
 +## This makes things faster when there is no IPv6 connectivity, but can
-+## also cause reliability issues with some stub resolvers. In
-+## particular, enabling this on macOS is not recommended.
+## also cause reliability issues with some stub resolvers.
+## Do not enable if you added a validating resolver such as dnsmasq in front
+## of the proxy.
 +
 +block_ipv6 = false
 +
@ -249,9 +280,14 @@ index 0000000..347ada5
 +cache_max_ttl = 86400
 +
 +
-+## TTL for negatively cached entries
+## Minimum TTL for negatively cached entries
 +
-+cache_neg_ttl = 60
+cache_neg_min_ttl = 60
+
+
+## Maximum TTL for negatively cached entries
+
+cache_neg_max_ttl = 600
 +
 +
 +
@ -265,7 +301,7 @@ index 0000000..347ada5
 +
 +  ## Path to the query log file (absolute, or relative to the same directory as the executable file)
 +
-+  # file = '/var/log/query.log'
+  # file = '/var/log/dnscrypt-proxy/query.log'
 +
 +
 +  ## Query log format (currently supported: tsv and ltsv)
@ -291,7 +327,7 @@ index 0000000..347ada5
 +
 +  ## Path to the query log file (absolute, or relative to the same directory as the executable file)
 +
-+  # file = '/var/log/nx.log'
+  # file = '/var/log/dnscrypt-proxy/nx.log'
 +
 +
 +  ## Query log format (currently supported: tsv and ltsv)
@ -326,7 +362,7 @@ index 0000000..347ada5
 +
 +  ## Optional path to a file logging blocked queries
 +
-+  # log_file = '/var/log/blocked.log'
+  # log_file = '/var/log/dnscrypt-proxy/blocked.log'
 +
 +
 +  ## Optional log format: tsv or ltsv (default: tsv)
@ -354,7 +390,7 @@ index 0000000..347ada5
 +
 +  ## Optional path to a file logging blocked queries
 +
-+  # log_file = '/var/log/ip-blocked.log'
+  # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
 +
 +
 +  ## Optional log format: tsv or ltsv (default: tsv)
@ -382,7 +418,7 @@ index 0000000..347ada5
 +
 +  ## Optional path to a file logging whitelisted queries
 +
-+  # log_file = '/var/log/whitelisted.log'
+  # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
 +
 +
 +  ## Optional log format: tsv or ltsv (default: tsv)