2018-02-13 20:17 GMT+00:00 Vinícius Zavam <egyp...@googlemail.com>:
>
>
>
> On Feb 13, 2018 16:19, "Stuart Henderson" <s...@spacehopper.org> wrote:
>
> On 2018/02/13 13:51, Vinícius Zavam wrote:
> >
formatted version of previously sent email follows // inline.
> > Index: net/dnscrypt-proxy/pkg/PLIST-main
> > ===================================================================
> > RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/PLIST-main,v
> > retrieving revision 1.6
> > diff -u -p -u -p -r1.6 PLIST-main
> > --- net/dnscrypt-proxy/pkg/PLIST-main 2 Aug 2017 09:32:40 -0000
1.6
> > +++ net/dnscrypt-proxy/pkg/PLIST-main 13 Feb 2018 13:39:38 -0000
> > @@ -1,4 +1,5 @@
> > @comment $OpenBSD: PLIST-main,v 1.6 2017/08/02 09:32:40 giovanni Exp $
> > +@conflict dnscrypt-proxy->1.9.5p3
> > @newgroup _dnscrypt-proxy:688
> > @newuser _dnscrypt-proxy:688:_dnscrypt-proxy:daemon:dnscrypt-proxy
user:/var/empty:/sbin/nologin
> > @bin bin/hostip
>
> IMHO it's better to just update the original port rather than adding a
> new one, I don't think this is enough of a special case to maintain both
> in parallel
>
we can go for it.
> > Index: net/dnscrypt-proxy2/Makefile
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/Makefile
> > diff -N net/dnscrypt-proxy2/Makefile
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/Makefile 13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,44 @@
> > +# $OpenBSD$
> > +
> > +COMMENT= Flexible DNS proxy with support for encrypted
protocols
>
> lowercase Flexible -> flexible
>
> > +PORTNAME= dnscrypt-proxy
> > +PORTVERS= 2.0.0
> > +REVISION= 0
> > +DISTNAME= ${PORTNAME}-${PORTVERS}
> > +CATEGORIES= net security
> > +
> > +HOMEPAGE= https://dnscrypt.info/
> > +MAINTAINER= Vinicius Zavam <egyp...@googlemail.com>
> > +
> > +GH_ACCOUNT= jedisct1
> > +GH_PROJECT= ${PORTNAME}
> > +GH_TAGNAME= ${PORTVERS}
>
> please don't use indirection like this PORTNAME/PORTVERS stuff, the entire
> block above should be simply
>
> GH_ACCOUNT= jedisct1
> GH_PROJECT= dnscrypt-proxy
> GH_TAGNAME= 2.0.0
>
a lot of people are using V= or R= for similar purposes, so I really don't
see a thing here.
> CATEGORIES= net security
>
> HOMEPAGE= https://dnscrypt.info/
> MAINTAINER= Vinicius Zavam <egyp...@googlemail.com>
>
> > +
> > +# ISC
> > +PERMIT_PACKAGE_CDROM= YES
> > +
> > +DOCS= README.md
>
> set but never used
>
> > +
> > +MODULES= lang/go
> > +
> > +TARGET_BASE= github.com/${GH_ACCOUNT}/${GH_PROJECT}
> > +WRKSRC= ${MODGO_WORKSPACE}/src/${TARGET_BASE}
> > +ALL_TARGET= ${TARGET_BASE}/${GH_PROJECT}
>
> I can't really comment on go ports stuff, it totally confuses me
>
> > +post-configure:
> > + cd ${WRKSRC} && ln -sf vendor src && ln -sf
${WRKSRC}/${GH_PROJECT} src/${TARGET_BASE};
>
> GH_PROJECT indirection is hard to read, and you're already cd'd to
${WRKSRC}
> so the second ln doesn't need the ${WRKSRC}, so maybe "... && ln -sf
> dnscrypt-proxy src/${TARGET_BASE}" ?
>
Go is... "special" :-( [edit]
> zap trailing ;
>
it's present in many ports' Makefiles.
> > +do-install:
> > + mkdir -p ${PREFIX}/sbin && \
> > + ${INSTALL_PROGRAM} ${MODGO_WORKSPACE}/bin/*
${PREFIX}/sbin/;
>
> don't use mkdir, if you needed to create this directory
${INSTALL_PROGRAM_DIR}
> would be the one, but ${PREFIX}/sbin is already created for you.
>
I refused to believe the same, but needed to make it this way. trust me.
> zap trailing ;
dito.
> > +
> > +post-install:
> > + mkdir -p ${PREFIX}/etc ${PREFIX}/share/examples/${GH_PROJECT} && \
> > + ${INSTALL_DATA}
${MODGO_WORKSPACE}/src/${TARGET_BASE}/${GH_PROJECT}/example* \
> > + ${PREFIX}/share/examples/${GH_PROJECT}/ && \
> > + ${INSTALL_DATA}
${MODGO_WORKSPACE}/src/${TARGET_BASE}/${GH_PROJECT}/example-dnscrypt-proxy.toml
\
> > + ${PREFIX}/etc/dnscrypt-proxy.toml;
>
> nothing should be using ${PREFIX}/etc.
>
> mkdir -> ${INSTALL_DATA_DIR}
>
> GH_PROJECT indirection makes it hard to read, just write dnscrypt-proxy
>
repeat the same thing/string every time? GH_PROJECT *must* be set, so... I
made use of it. [edit]
> trailing ;
dito.
> > + sed -i -e 's,require_dnssec = false,require_dnssec = true,g'
${PREFIX}/etc/dnscrypt-proxy.toml;
> > +
>
> just use a normal patch on the input file rather than sed (though why
> change the default anyway?)
>
> ${PREFIX}/etc again
>
suggestions? it is /usr/local,
we could just make it practice to be used out of the box; or should one
copy the config and edit it manually in order to use the service?
> trailing ;
dito.
> > +.include <bsd.port.mk>
> > Index: net/dnscrypt-proxy2/distinfo
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/distinfo
> > diff -N net/dnscrypt-proxy2/distinfo
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/distinfo 13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,2 @@
> > +SHA256 (dnscrypt-proxy-2.0.0.tar.gz) =
r8KAYTJpsfXpxYHCPWSIhCGJdPfn4aJcihMJGX1n41g=
> > +SIZE (dnscrypt-proxy-2.0.0.tar.gz) = 725490
> > Index: net/dnscrypt-proxy2/pkg/DESCR
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/pkg/DESCR
> > diff -N net/dnscrypt-proxy2/pkg/DESCR
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/pkg/DESCR 13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,7 @@
> > +DNSCrypt Proxy v2 provides a local service which can be used directly
as your
> > +local resolver or as a DNS forwarder, encrypting requests using
protocols
> > +such as DNSCrypt v2 and DNS-over-HTTP/2.
> > +
> > +It includes all the major features from DNSCrypt Proxy v1 (1.9.5),
with improved
> > +reliability, flexibility, usability and performance. You can also
combine it with
> > +TCP tunnels such as the ones used by Tor.
> > Index: net/dnscrypt-proxy2/pkg/PLIST
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/pkg/PLIST
> > diff -N net/dnscrypt-proxy2/pkg/PLIST
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/pkg/PLIST 13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,12 @@
> > +@comment $OpenBSD$
> > +etc/
> > +etc/dnscrypt-proxy.toml
> > +share/doc/pkg-readmes/${FULLPKGNAME}
> > +share/examples/dnscrypt-proxy/
> > +share/examples/dnscrypt-proxy/example-blacklist.txt
> > +share/examples/dnscrypt-proxy/example-cloaking-rules.txt
> > +share/examples/dnscrypt-proxy/example-dnscrypt-proxy.toml
> > +share/examples/dnscrypt-proxy/example-forwarding-rules.txt
> > +@conflict dnscrypt-proxy-<2.0.0p0
> > +@bin sbin/dnscrypt-proxy
> > +@rcscript ${RCDIR}/dnscrypt_proxy
> > Index: net/dnscrypt-proxy2/pkg/README
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/pkg/README
> > diff -N net/dnscrypt-proxy2/pkg/README
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/pkg/README 13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,26 @@
> > +$OpenBSD$
> > +
> >
++-----------------------------------------------------------------------
> > +| Running ${FULLPKGNAME} on OpenBSD
> >
++-----------------------------------------------------------------------
> > +
> > +dnscrypt-proxy2 listens for DNS queries on a local address and forwards
> > +them to a DNSCrypt resolver over an encrypted channel.
> > +
> > +To use this package, two things are required.
> > +
> > +Firstly, enable/start the service.
> > +
> > + # rcctl enable dnscrypt_proxy
> > + # rcctl start dnscrypt_proxy
> > +
> > +Secondly, set /etc/resolv.conf to perform queries from dnscrypt-proxy2:
> > +
> > + nameserver 127.0.0.1
> > + lookup file bind
> > +
> > +NOTE: If fetching your IP address dynamically, dhclient(8) will
normally
> > +update resolv.conf with network-provided DNS servers. This can be
avoided
> > +by using "ignore domain-name, domain-name-servers;" in
/etc/dhclient.conf.
> > +
> > +For more information, see https://dnscrypt.info/
> > Index: net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> > diff -N net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc 13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,11 @@
> > +#!/bin/ksh
> > +#
> > +# $OpenBSD$
> > +
> > +daemon="${TRUEPREFIX}/sbin/dnscrypt-proxy -config
${TRUEPREFIX}/etc/dnscrypt-proxy.toml -logfile /var/log/dnscrypt-proxy.log"
> > +
> > +. /etc/rc.d/rc.subr
> > +
> > +rc_reload=NO
> > +
> > +rc_cmd $1
>
if the net/dnscrypt-proxy's maintainer wants to take my patch and use it to
override/update the current port, I'm fine with it too; no worries.
thanks for all the feedback! very appreciated.
>
>
the thing is running as root; I know.
so, here I would like to ask you: does OpenBSD handles Go daemons in a
peculiar way, like FreeBSD? [1]
there's also a port for FreeBSD, if you want to check it. [2]
in order to use low ports, using `daemon -u USER` did not do the trick, and
even the method using `su`
[1]
https://www.reddit.com/r/freebsd/comments/7nmrha/supervised_freebsd_rcd_script_for_a_go_daemon/
[2] https://bz-attachments.freebsd.org/attachment.cgi?id=190506
happy to help,
--
Vinícius Zavam
keybase.io/egypcio/key.asc
