Initial commit

4 files changed, 201 insertions, 0 deletions

diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 0000000..8759274
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,81 @@
+# Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net>
+# Maintainer (Arch): David Runge <dave@sleepmap.de>
+# Contributor (Arch): Felix Yan <felixonmars@archlinux.org>
+# Contributor (Arch): Techlive Zheng <techlivezheng at gmail dot com>
+# Contributor (Arch): peace4all <markspost at rocketmail dot com>
+
+# # I maintain this because:
+# I don't like the sysuser name
+# Arch version has 1.x migration notice
+
+pkgname=dnscrypt-proxy
+pkgver=2.0.21
+pkgrel=1
+pkgdesc="DNS proxy, supporting encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP"
+arch=('x86_64')
+url="https://dnscrypt.info"
+license=('custom:ISC')
+depends=('glibc')
+makedepends=('git' 'go-pie')
+backup=("etc/${pkgname}/${pkgname}.toml"
+        "etc/${pkgname}/blacklist.txt"
+        "etc/${pkgname}/cloaking-rules.txt"
+        "etc/${pkgname}/forwarding-rules.txt"
+        "etc/${pkgname}/ip-blacklist.txt"
+        "etc/${pkgname}/whitelist.txt"
+)
+source=("${pkgname}-${pkgver}.tar.gz::https://github.com/jedisct1/${pkgname}/archive/${pkgver}.tar.gz"
+        'sysusers.d'
+        'tmpfiles.d'
+        'configuration.diff')
+sha512sums=('e01869b963ef7454f9136d8ececc4e541dae489524e03cc2906fc3b661281bd6ebf5ef8b6dc29a6bcc1dabb638b9e74200b3ed48ebcd69cd3306e8bab5dd248a'
+            'e302ea9b5556ba6e0342ebecbf6b55b68a8ad4e472f1790751074232fd5a478e643d2d94f7e12675b551b0849c83ad21b29cc3ea746d89fcdce1e9d5c59da1b2'
+            '1b89196341ae21f39efc46d2adc3d3458292d00f12cc4dc8d7e55b5e70856e6f8ed5f13ace76ae9b958b6eee5700f1df9cc07d828744349fa4ae0f41b382ef97'
+            '6144f3d33f3d85c9a4e5573f88e92f1b9d7118fd654072eeac6c3f76085086d4b2464e1d3579d8501153f453bc5125859d148fc3b3486d26368d1f51911aeb33')
+
+prepare() {
+  cd "$pkgname-$pkgver"
+  patch -Np1 -i ../configuration.diff
+  # create empty ip-blacklist.txt
+  touch "${pkgname}/ip-blacklist.txt"
+  # symlink upstream's vendor to src
+  ln -sfv vendor src
+  rm -v go.mod
+}
+
+build() {
+  cd "$pkgname-$pkgver"
+  # set GOPATH
+  export GOPATH=$(pwd)
+  cd "${pkgname}"
+  go build -ldflags="-linkmode external -extldflags ${LDFLAGS} -s -w"
+}
+
+package() {
+  cd $pkgname-$pkgver
+  # executable
+  install -vDm 755 "${pkgname}/${pkgname}" "${pkgdir}/usr/bin/${pkgname}"
+  # configuration
+  install -vDm 644 "${pkgname}/example-${pkgname}.toml" \
+    "${pkgdir}/etc/${pkgname}/${pkgname}.toml"
+  install -vDm 644 "${pkgname}/example-blacklist.txt" \
+    "${pkgdir}/etc/${pkgname}/blacklist.txt"
+  install -vDm 644 "${pkgname}/example-cloaking-rules.txt" \
+    "${pkgdir}/etc/${pkgname}/cloaking-rules.txt"
+  install -vDm 644 "${pkgname}/example-forwarding-rules.txt" \
+    "${pkgdir}/etc/${pkgname}/forwarding-rules.txt"
+  install -vDm 644 "${pkgname}/ip-blacklist.txt" \
+    "${pkgdir}/etc/${pkgname}/ip-blacklist.txt"
+  install -vDm 644 "${pkgname}/example-whitelist.txt" \
+    "${pkgdir}/etc/${pkgname}/whitelist.txt"
+  # license
+  install -vDm 644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+  # docs
+  install -vDm 644 {ChangeLog,README.md} \
+    -t "${pkgdir}/usr/share/doc/${pkgname}"
+
+  # sysusers.d
+  install -vDm 644 "$srcdir/sysusers.d" "$pkgdir/usr/lib/sysusers.d/${pkgname}.conf"
+  # tmpfiles.d
+  install -vDm 644 "$srcdir/tmpfiles.d" "$pkgdir/usr/lib/tmpfiles.d/${pkgname}.conf"
+}
diff --git a/configuration.diff b/configuration.diff
new file mode 100644
index 0000000..a1b991f
--- /dev/null
+++ b/configuration.diff
@@ -0,0 +1,117 @@
+diff -ruN dnscrypt-proxy-2.0.9-a/dnscrypt-proxy/example-dnscrypt-proxy.toml dnscrypt-proxy-2.0.9-b/dnscrypt-proxy/example-dnscrypt-proxy.toml
+--- dnscrypt-proxy-2.0.9-a/dnscrypt-proxy/example-dnscrypt-proxy.toml	2018-04-11 14:05:16.000000000 +0200
++++ dnscrypt-proxy-2.0.9-b/dnscrypt-proxy/example-dnscrypt-proxy.toml	2018-04-11 23:09:53.874362036 +0200
+@@ -96,12 +96,12 @@
+ 
+ ## log file for the application
+ 
+-# log_file = 'dnscrypt-proxy.log'
++# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
+ 
+ 
+ ## Use the system logger (syslog on Unix, Event Log on Windows)
+ 
+-# use_syslog = true
++use_syslog = true
+ 
+ 
+ ## Delay, in minutes, after which certificates are reloaded
+@@ -194,7 +194,7 @@
+ ## example.com 9.9.9.9
+ ## example.net 9.9.9.9,8.8.8.8,1.1.1.1
+ 
+-# forwarding_rules = 'forwarding-rules.txt'
++# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt'
+ 
+ 
+ 
+@@ -210,7 +210,7 @@
+ ## example.com     10.1.1.1
+ ## www.google.com  forcesafesearch.google.com
+ 
+-# cloaking_rules = 'cloaking-rules.txt'
++# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt'
+ 
+ 
+ 
+@@ -254,7 +254,7 @@
+ 
+   ## Path to the query log file (absolute, or relative to the same directory as the executable file)
+ 
+-  # file = 'query.log'
++  # file = '/var/log/dnscrypt-proxy/query.log'
+ 
+ 
+   ## Query log format (currently supported: tsv and ltsv)
+@@ -280,7 +280,7 @@
+ 
+   ## Path to the query log file (absolute, or relative to the same directory as the executable file)
+ 
+-  # file = 'nx.log'
++  # file = '/var/log/dnscrypt-proxy/nx.log'
+ 
+ 
+   ## Query log format (currently supported: tsv and ltsv)
+@@ -310,12 +310,12 @@
+ 
+   ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
+ 
+-  # blacklist_file = 'blacklist.txt'
++  # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
+ 
+ 
+   ## Optional path to a file logging blocked queries
+ 
+-  # log_file = 'blocked.log'
++  # log_file = '/var/log/dnscrypt-proxy/blocked.log'
+ 
+ 
+   ## Optional log format: tsv or ltsv (default: tsv)
+@@ -338,12 +338,12 @@
+ 
+   ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
+ 
+-  # blacklist_file = 'ip-blacklist.txt'
++  # blacklist_file = '/etc/dnscrypt-proxy/ip-blacklist.txt'
+ 
+ 
+   ## Optional path to a file logging blocked queries
+ 
+-  # log_file = 'ip-blocked.log'
++  # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
+ 
+ 
+   ## Optional log format: tsv or ltsv (default: tsv)
+@@ -366,12 +366,12 @@
+ 
+   ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file)
+ 
+-  # whitelist_file = 'whitelist.txt'
++  # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt'
+ 
+ 
+   ## Optional path to a file logging whitelisted queries
+ 
+-  # log_file = 'whitelisted.log'
++  # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
+ 
+ 
+   ## Optional log format: tsv or ltsv (default: tsv)
+@@ -441,7 +441,7 @@
+ 
+   [sources.'public-resolvers']
+   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
+-  cache_file = 'public-resolvers.md'
++  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
+   minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+   refresh_delay = 72
+   prefix = ''
+@@ -451,7 +451,7 @@
+ 
+   #  [sources.'parental-control']
+   #  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md']
+-  #  cache_file = 'parental-control.md'
++  #  cache_file = '/var/cache/dnscrypt-proxy/parental-control.md'
+   #  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+ 
+ 
diff --git a/sysusers.d b/sysusers.d
new file mode 100644
index 0000000..a2f1453
--- /dev/null
+++ b/sysusers.d
@@ -0,0 +1,2 @@
+u dnscrypt-proxy - "DNSCrypt-proxy user" /var/lib/dnscrypt-proxy /bin/false
+g dnscrypt-proxy - - -
diff --git a/tmpfiles.d b/tmpfiles.d
new file mode 100644
index 0000000..40187aa
--- /dev/null
+++ b/tmpfiles.d
@@ -0,0 +1 @@
+f /run/dnscrypt-proxy.pid - dnscrypt-proxy dnscrypt-proxy