Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory checked in at 2021-01-19 16:02:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old) and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dnscrypt-proxy" Tue Jan 19 16:02:28 2021 rev:9 rq:864131 version:2.0.45 Changes: -------- --- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes 2021-01-06 19:56:33.229082235 +0100 +++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.28504/dnscrypt-proxy.changes 2021-01-19 16:02:56.415447596 +0100 @@ -1,0 +2,5 @@ +Thu Jan 7 20:00:00 UTC 2021 - [email protected] + +- Added optional resolvconf support via systemd unit. + +------------------------------------------------------------------- New: ---- dnscrypt-proxy-resolvconf.service ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dnscrypt-proxy.spec ++++++ --- /var/tmp/diff_new_pack.gcsaEO/_old 2021-01-19 16:02:57.551449304 +0100 +++ /var/tmp/diff_new_pack.gcsaEO/_new 2021-01-19 16:02:57.551449304 +0100 @@ -21,7 +21,7 @@ %define config_dir %{_sysconfdir}/%{name} %define home_dir %{_localstatedir}/lib/%{name} %define log_dir %{_localstatedir}/log/%{name} -%define services %{name}.socket %{name}.service +%define services %{name}.socket %{name}.service %{name}-resolvconf.service %define vlic_dir vendored Name: dnscrypt-proxy @@ -34,16 +34,17 @@ Source0: https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz Source1: %{name}.service Source2: %{name}.socket +Source3: %{name}-resolvconf.service # File to use with sed to modify default configuration. -Source3: example-dnscrypt-proxy.toml.sed +Source4: example-dnscrypt-proxy.toml.sed # Find licenses of vendored packages. -Source4: find_licenses.sh +Source5: find_licenses.sh # Install licenses of vendored packages. -Source5: install_licenses.sh +Source6: install_licenses.sh # Some words -Source6: README.openSUSE +Source7: README.openSUSE # Example how to override socket unit -Source7: %{name}.socket.conf +Source8: %{name}.socket.conf BuildRequires: golang-packaging BuildRequires: pkgconfig BuildRequires: shadow @@ -56,6 +57,8 @@ Requires(pre): shadow %{?systemd_requires} Recommends: ca-certificates +# needed for resolvconf support +Suggests: openresolv Provides: dnscrypt = %{version}-%{release} Obsoletes: dnscrypt < %{version}-%{release} BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -68,13 +71,13 @@ %setup -q -n %{name}-%{version} # Find licenses of vendored packages and prepare for installation -bash %{SOURCE4} %{vlic_dir} +bash %{SOURCE5} %{vlic_dir} # duplicate original config file cp ./%{name}/example-%{name}.toml ./%{name}.toml.default # Edit default port and file locations -sed -i -f %{SOURCE3} ./%{name}.toml.default +sed -i -f %{SOURCE4} ./%{name}.toml.default # duplicate edited config file cp ./%{name}.toml.default ./%{name}.toml @@ -118,19 +121,21 @@ # Systemd install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket +install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}-resolvconf.service # service link ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-resolvconf # Vendor Licenses install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir} -bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir} +bash %{SOURCE6} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir} # Some hints. Improvements and feedback welcome! -cp %{SOURCE6} README.openSUSE +cp %{SOURCE7} README.openSUSE # Example drop-in. -cp %{SOURCE7} %{name}.socket.conf +cp %{SOURCE8} %{name}.socket.conf %pre # group and user @@ -163,8 +168,10 @@ %config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt %{_sbindir}/%{name} %{_sbindir}/rc%{name} +%{_sbindir}/rc%{name}-resolvconf %{_unitdir}/%{name}.service %{_unitdir}/%{name}.socket +%{_unitdir}/%{name}-resolvconf.service %{_datadir}/%{name}/ %dir %attr(0750,root,%{user_group}) %{config_dir} %dir %attr(0750,%{user_group},%{user_group}) %{home_dir} ++++++ README.openSUSE ++++++ --- /var/tmp/diff_new_pack.gcsaEO/_old 2021-01-19 16:02:57.599449376 +0100 +++ /var/tmp/diff_new_pack.gcsaEO/_new 2021-01-19 16:02:57.603449382 +0100 @@ -1,6 +1,6 @@ *************************************************************************** * * -* README.openSUSE last edited by cunix for version 2.0.44 * +* README.openSUSE last edited by cunix for version 2.0.45 * * * *************************************************************************** @@ -43,7 +43,7 @@ C. Alternatively the unit dnscrypt-proxy.service can be used the same way as the -socket unit described in A for starting and enabling. +socket unit described in A. for starting and enabling. This will require you to set "listen_addresses" in file @@ -56,18 +56,78 @@ If dnscrypt-proxy should listen on these lower ports a) the socket unit should be used or b) the program has to be started directly by root or -c) the user settings in the service unit have to be overridden - as described in B with files ending with ".conf" +c) the user and group settings in the service unit have to be overridden + as described in B. with files ending with ".conf" in a to be created directory at /etc/systemd/system/dnscrypt-proxy.service.d D. -The socket OR the service unit should be started/enabled - not both. -If the socket unit is used, it will start the service unit when queries are sent -to one of its configured addresses. +To make applications aware of the local domain name resolver and +to make the setups described above operational, you might have +to add a line like for example +nameserver 127.0.0.1 + +to the file + +/etc/resolv.conf + + +E. +If dnscrypt-proxy should be started by socket activation as described +in A. or B. and step D. should be automated, "resolvconf" can be utilized: + +- Package "openresolv" has to be installed. + +- Instead of the unit dnscrypt-proxy.socket or dnscrypt-proxy.service , + the systemd unit dnscrypt-proxy-resolvconf.service has to be used. + +- The file /etc/resolv.conf will be edited temporarily. + Do not use this approach if this unintended. + +- You should be aware of and ready to deal with possible fallout taking this + not really tested route. + For example manual edits to /etc/resolv.conf will be lost if resolvconf is + in control of this file, the clean-up on shutdown might fail, custom + or invalid resolvconf configuration might prevent startup of dnscrypt-proxy + and possibly more, ... + +Make sure the other units are deactivated (as root): + + $ systemctl stop dnscrypt-proxy.socket + + $ systemctl disable dnscrypt-proxy.socket + + $ systemctl stop dnscrypt-proxy.service + + $ systemctl disable dnscrypt-proxy.service + +Now start, and if you don't want to restart manually after reboot, +enable (as root): + + $ systemctl start dnscrypt-proxy-resolvconf.service + + $ systemctl enable dnscrypt-proxy-resolvconf.service + +This will not work as intended for a setup as described in C., where +the "listen_addresses" is not configured through the socket unit. + + +F. +The socket OR one of the service unit should be started/enabled - not all +and not two of them. + +If the socket unit is used, it will start the dnscrypt-proxy.service unit +when queries are sent to one of its configured addresses. + +On the other hand dnscrypt-proxy-resolvconf.service can be made responsible for +activating dnscrypt-proxy.socket. + + +G. If using systemd, the PID should be available in file + /run/dnscrypt-proxy/dnscrypt-proxy.pid ++++++ dnscrypt-proxy-resolvconf.service ++++++ [Unit] Description=DNSCrypt proxy resolvconf support Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd # with openSUSE changes Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE Before=nss-lookup.target Wants=nss-lookup.target After=dnscrypt-proxy.socket BindsTo=dnscrypt-proxy.socket # available in package openresolv ConditionFileIsExecutable=/usr/sbin/resolvconf [Service] Type=oneshot RemainAfterExit=true ExecStart=/bin/sh -c 'systemctl show dnscrypt-proxy.socket \ | grep "Listen.*Datagram" \ | cut -d "=" -f 2 \ | cut -d ":" -f 1 \ | awk \'{ print "nameserver " $1 }\' \ | /usr/sbin/resolvconf -a lo.dnscrypt-proxy' ExecStop=/usr/sbin/resolvconf -d lo.dnscrypt-proxy [Install] WantedBy=multi-user.target ++++++ dnscrypt-proxy.service ++++++ --- /var/tmp/diff_new_pack.gcsaEO/_old 2021-01-19 16:02:57.655449461 +0100 +++ /var/tmp/diff_new_pack.gcsaEO/_new 2021-01-19 16:02:57.655449461 +0100 @@ -31,5 +31,4 @@ ProtectKernelModules=yes [Install] -# Also=dnscrypt-proxy.socket WantedBy=multi-user.target ++++++ dnscrypt-proxy.socket ++++++ --- /var/tmp/diff_new_pack.gcsaEO/_old 2021-01-19 16:02:57.679449496 +0100 +++ /var/tmp/diff_new_pack.gcsaEO/_new 2021-01-19 16:02:57.683449503 +0100 @@ -3,6 +3,7 @@ Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd # with openSUSE changes Documentation=file:/usr/share/doc/packages/dnscrypt-proxy/README.openSUSE +PartOf=dnscrypt-proxy-resolvconf.service Before=nss-lookup.target Wants=nss-lookup.target
