2018-02-13 20:17 GMT+00:00 Vinícius Zavam <egyp...@googlemail.com>: > > > > On Feb 13, 2018 16:19, "Stuart Henderson" <s...@spacehopper.org> wrote: > > On 2018/02/13 13:51, Vinícius Zavam wrote: > >
formatted version of previously sent email follows // inline. > > Index: net/dnscrypt-proxy/pkg/PLIST-main > > =================================================================== > > RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/PLIST-main,v > > retrieving revision 1.6 > > diff -u -p -u -p -r1.6 PLIST-main > > --- net/dnscrypt-proxy/pkg/PLIST-main 2 Aug 2017 09:32:40 -0000 1.6 > > +++ net/dnscrypt-proxy/pkg/PLIST-main 13 Feb 2018 13:39:38 -0000 > > @@ -1,4 +1,5 @@ > > @comment $OpenBSD: PLIST-main,v 1.6 2017/08/02 09:32:40 giovanni Exp $ > > +@conflict dnscrypt-proxy->1.9.5p3 > > @newgroup _dnscrypt-proxy:688 > > @newuser _dnscrypt-proxy:688:_dnscrypt-proxy:daemon:dnscrypt-proxy user:/var/empty:/sbin/nologin > > @bin bin/hostip > > IMHO it's better to just update the original port rather than adding a > new one, I don't think this is enough of a special case to maintain both > in parallel > we can go for it. > > Index: net/dnscrypt-proxy2/Makefile > > =================================================================== > > RCS file: net/dnscrypt-proxy2/Makefile > > diff -N net/dnscrypt-proxy2/Makefile > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > +++ net/dnscrypt-proxy2/Makefile 13 Feb 2018 13:39:38 -0000 > > @@ -0,0 +1,44 @@ > > +# $OpenBSD$ > > + > > +COMMENT= Flexible DNS proxy with support for encrypted protocols > > lowercase Flexible -> flexible > > > +PORTNAME= dnscrypt-proxy > > +PORTVERS= 2.0.0 > > +REVISION= 0 > > +DISTNAME= ${PORTNAME}-${PORTVERS} > > +CATEGORIES= net security > > + > > +HOMEPAGE= https://dnscrypt.info/ > > +MAINTAINER= Vinicius Zavam <egyp...@googlemail.com> > > + > > +GH_ACCOUNT= jedisct1 > > +GH_PROJECT= ${PORTNAME} > > +GH_TAGNAME= ${PORTVERS} > > please don't use indirection like this PORTNAME/PORTVERS stuff, the entire > block above should be simply > > GH_ACCOUNT= jedisct1 > GH_PROJECT= dnscrypt-proxy > GH_TAGNAME= 2.0.0 > a lot of people are using V= or R= for similar purposes, so I really don't see a thing here. > CATEGORIES= net security > > HOMEPAGE= https://dnscrypt.info/ > MAINTAINER= Vinicius Zavam <egyp...@googlemail.com> > > > + > > +# ISC > > +PERMIT_PACKAGE_CDROM= YES > > + > > +DOCS= README.md > > set but never used > > > + > > +MODULES= lang/go > > + > > +TARGET_BASE= github.com/${GH_ACCOUNT}/${GH_PROJECT} > > +WRKSRC= ${MODGO_WORKSPACE}/src/${TARGET_BASE} > > +ALL_TARGET= ${TARGET_BASE}/${GH_PROJECT} > > I can't really comment on go ports stuff, it totally confuses me > > > +post-configure: > > + cd ${WRKSRC} && ln -sf vendor src && ln -sf ${WRKSRC}/${GH_PROJECT} src/${TARGET_BASE}; > > GH_PROJECT indirection is hard to read, and you're already cd'd to ${WRKSRC} > so the second ln doesn't need the ${WRKSRC}, so maybe "... && ln -sf > dnscrypt-proxy src/${TARGET_BASE}" ? > Go is... "special" :-( [edit] > zap trailing ; > it's present in many ports' Makefiles. > > +do-install: > > + mkdir -p ${PREFIX}/sbin && \ > > + ${INSTALL_PROGRAM} ${MODGO_WORKSPACE}/bin/* ${PREFIX}/sbin/; > > don't use mkdir, if you needed to create this directory ${INSTALL_PROGRAM_DIR} > would be the one, but ${PREFIX}/sbin is already created for you. > I refused to believe the same, but needed to make it this way. trust me. > zap trailing ; dito. > > + > > +post-install: > > + mkdir -p ${PREFIX}/etc ${PREFIX}/share/examples/${GH_PROJECT} && \ > > + ${INSTALL_DATA} ${MODGO_WORKSPACE}/src/${TARGET_BASE}/${GH_PROJECT}/example* \ > > + ${PREFIX}/share/examples/${GH_PROJECT}/ && \ > > + ${INSTALL_DATA} ${MODGO_WORKSPACE}/src/${TARGET_BASE}/${GH_PROJECT}/example-dnscrypt-proxy.toml \ > > + ${PREFIX}/etc/dnscrypt-proxy.toml; > > nothing should be using ${PREFIX}/etc. > > mkdir -> ${INSTALL_DATA_DIR} > > GH_PROJECT indirection makes it hard to read, just write dnscrypt-proxy > repeat the same thing/string every time? GH_PROJECT *must* be set, so... I made use of it. [edit] > trailing ; dito. > > + sed -i -e 's,require_dnssec = false,require_dnssec = true,g' ${PREFIX}/etc/dnscrypt-proxy.toml; > > + > > just use a normal patch on the input file rather than sed (though why > change the default anyway?) > > ${PREFIX}/etc again > suggestions? it is /usr/local, we could just make it practice to be used out of the box; or should one copy the config and edit it manually in order to use the service? > trailing ; dito. > > +.include <bsd.port.mk> > > Index: net/dnscrypt-proxy2/distinfo > > =================================================================== > > RCS file: net/dnscrypt-proxy2/distinfo > > diff -N net/dnscrypt-proxy2/distinfo > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > +++ net/dnscrypt-proxy2/distinfo 13 Feb 2018 13:39:38 -0000 > > @@ -0,0 +1,2 @@ > > +SHA256 (dnscrypt-proxy-2.0.0.tar.gz) = r8KAYTJpsfXpxYHCPWSIhCGJdPfn4aJcihMJGX1n41g= > > +SIZE (dnscrypt-proxy-2.0.0.tar.gz) = 725490 > > Index: net/dnscrypt-proxy2/pkg/DESCR > > =================================================================== > > RCS file: net/dnscrypt-proxy2/pkg/DESCR > > diff -N net/dnscrypt-proxy2/pkg/DESCR > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > +++ net/dnscrypt-proxy2/pkg/DESCR 13 Feb 2018 13:39:38 -0000 > > @@ -0,0 +1,7 @@ > > +DNSCrypt Proxy v2 provides a local service which can be used directly as your > > +local resolver or as a DNS forwarder, encrypting requests using protocols > > +such as DNSCrypt v2 and DNS-over-HTTP/2. > > + > > +It includes all the major features from DNSCrypt Proxy v1 (1.9.5), with improved > > +reliability, flexibility, usability and performance. You can also combine it with > > +TCP tunnels such as the ones used by Tor. > > Index: net/dnscrypt-proxy2/pkg/PLIST > > =================================================================== > > RCS file: net/dnscrypt-proxy2/pkg/PLIST > > diff -N net/dnscrypt-proxy2/pkg/PLIST > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > +++ net/dnscrypt-proxy2/pkg/PLIST 13 Feb 2018 13:39:38 -0000 > > @@ -0,0 +1,12 @@ > > +@comment $OpenBSD$ > > +etc/ > > +etc/dnscrypt-proxy.toml > > +share/doc/pkg-readmes/${FULLPKGNAME} > > +share/examples/dnscrypt-proxy/ > > +share/examples/dnscrypt-proxy/example-blacklist.txt > > +share/examples/dnscrypt-proxy/example-cloaking-rules.txt > > +share/examples/dnscrypt-proxy/example-dnscrypt-proxy.toml > > +share/examples/dnscrypt-proxy/example-forwarding-rules.txt > > +@conflict dnscrypt-proxy-<2.0.0p0 > > +@bin sbin/dnscrypt-proxy > > +@rcscript ${RCDIR}/dnscrypt_proxy > > Index: net/dnscrypt-proxy2/pkg/README > > =================================================================== > > RCS file: net/dnscrypt-proxy2/pkg/README > > diff -N net/dnscrypt-proxy2/pkg/README > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > +++ net/dnscrypt-proxy2/pkg/README 13 Feb 2018 13:39:38 -0000 > > @@ -0,0 +1,26 @@ > > +$OpenBSD$ > > + > > ++----------------------------------------------------------------------- > > +| Running ${FULLPKGNAME} on OpenBSD > > ++----------------------------------------------------------------------- > > + > > +dnscrypt-proxy2 listens for DNS queries on a local address and forwards > > +them to a DNSCrypt resolver over an encrypted channel. > > + > > +To use this package, two things are required. > > + > > +Firstly, enable/start the service. > > + > > + # rcctl enable dnscrypt_proxy > > + # rcctl start dnscrypt_proxy > > + > > +Secondly, set /etc/resolv.conf to perform queries from dnscrypt-proxy2: > > + > > + nameserver 127.0.0.1 > > + lookup file bind > > + > > +NOTE: If fetching your IP address dynamically, dhclient(8) will normally > > +update resolv.conf with network-provided DNS servers. This can be avoided > > +by using "ignore domain-name, domain-name-servers;" in /etc/dhclient.conf. > > + > > +For more information, see https://dnscrypt.info/ > > Index: net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc > > =================================================================== > > RCS file: net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc > > diff -N net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > +++ net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc 13 Feb 2018 13:39:38 -0000 > > @@ -0,0 +1,11 @@ > > +#!/bin/ksh > > +# > > +# $OpenBSD$ > > + > > +daemon="${TRUEPREFIX}/sbin/dnscrypt-proxy -config ${TRUEPREFIX}/etc/dnscrypt-proxy.toml -logfile /var/log/dnscrypt-proxy.log" > > + > > +. /etc/rc.d/rc.subr > > + > > +rc_reload=NO > > + > > +rc_cmd $1 > if the net/dnscrypt-proxy's maintainer wants to take my patch and use it to override/update the current port, I'm fine with it too; no worries. thanks for all the feedback! very appreciated. > > the thing is running as root; I know. so, here I would like to ask you: does OpenBSD handles Go daemons in a peculiar way, like FreeBSD? [1] there's also a port for FreeBSD, if you want to check it. [2] in order to use low ports, using `daemon -u USER` did not do the trick, and even the method using `su` [1] https://www.reddit.com/r/freebsd/comments/7nmrha/supervised_freebsd_rcd_script_for_a_go_daemon/ [2] https://bz-attachments.freebsd.org/attachment.cgi?id=190506 happy to help, -- Vinícius Zavam keybase.io/egypcio/key.asc