diff options
-rw-r--r-- | PKGBUILD | 58 | ||||
-rw-r--r-- | configuration.diff | 135 | ||||
-rw-r--r-- | uncensor.patch | 173 |
3 files changed, 213 insertions, 153 deletions
@@ -8,11 +8,13 @@ # Artix version has a sysuser name I do not like # Artix version has less than preferred default lists # Artix version has 1.x migration notice +# Artix version uses censored list names +# Artix version requires network to build pkgname=dnscrypt-proxy -pkgver=2.0.44 -pkgrel=1 -pkgdesc="DNS proxy, supporting encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTPS" +pkgver=2.0.45 +pkgrel=2 +pkgdesc="A flexible DNS proxy, with support for encrypted DNS protocols" arch=('x86_64') url="https://github.com/DNSCrypt/dnscrypt-proxy" license=('ISC') @@ -21,15 +23,18 @@ makedepends=('git' 'go') optdepends=('python-urllib3: for generate-domains-blacklist') backup=("etc/${pkgname}/${pkgname}.toml" "etc/${pkgname}/blacklist.txt" + "etc/${pkgname}/captive-portals.txt" "etc/${pkgname}/cloaking-rules.txt" "etc/${pkgname}/forwarding-rules.txt" "etc/${pkgname}/ip-blacklist.txt" + "etc/${pkgname}/ip-whitelist.txt" "etc/${pkgname}/whitelist.txt" ) -source=("git+https://github.com/jedisct1/${pkgname}#tag=${pkgver}?signed" +source=("git+https://github.com/dnscrypt/${pkgname}#tag=${pkgver}?signed" "${pkgname}.sysusers" "${pkgname}.tmpfiles" - "${pkgname}-${pkgver}-configuration.patch::https://github.com/dvzrv/dnscrypt-proxy/commit/23baf327e249e2577e7e2f8c25b36fc579caa8c9.patch" + "${pkgname}-${pkgver}-configuration.patch::https://github.com/dvzrv/dnscrypt-proxy/commit/6dc7bcbcaf17bc56bb566f8b3b4fde12abc1d824.patch" + 'uncensor.patch' 'blacklist.txt' 'cloaking-rules.txt' 'ip-blacklist.txt' @@ -37,7 +42,8 @@ source=("git+https://github.com/jedisct1/${pkgname}#tag=${pkgver}?signed" b2sums=('SKIP' '96acec13d773b80835ed936d8fe585d1843c67a2e70082b9f05e27fd989ace68083d74eec6088a99ca95c19b0f1c52d625197b6ece25c3e8ddac37d7e3d55b5e' '58920d0366de701e03e32bca188b2842e94e0d641eee264e21124338a648b5da7901ff8fde69e85a5945ccf931380796108b1234128c1ea8956c757e706d9147' - '0a31069ccdf58f0cef18caabe761c4c27ececd66fb4b694222d44b0b0d04845311085843c999b6fd77a04886467e3e992a8fe8e511626702cc848ce60d48c546' + 'c1ec6c68b17531a45516c9fc20ee8c8342f26132e9e02b624f959976e6608b9e297c40317ad2c6c3722af3a9476ed2f6ff6680f8db5b1e0dbeba1e99f0e06900' + 'a8cbdddf4771f76d8c9508f08cd07a7882c76863d4f0872866bb7abd3f786d4b4b070e7c378ed3067d7a49063bfc82397072f74c98708f5b4167536a80ccfaf9' 'b691146f2746844bdb79f0c67c565bbce23b978dcb613b9d1ca1d8f62efbbf7d02b3cc442ec0de298cc5f6292823442187dd7efc26b73ff1002edbe9c5f2b8a1' 'c3b2381b1ee3ca77818eec49a564c6f907c178a3ec76f6bbb5bcfa6707b6f6a9f2a7e44be4c8be9db5984de1558bb006efa6e263d48d4d0303abd721e22d63a1' 'c79c1962c253439052ce8cbdaeeebde4c0f5ff01d93dafef8774a1526ad23c59ab603b14ec1ef56d52f88fd0007c60ad7a54b813b3d0a92b325c00a3d28dcd1f' @@ -45,49 +51,65 @@ b2sums=('SKIP' validpgpkeys=('54A2B8892CC3D6A597B92B6C210627AABA709FE1') # Frank Denis (Jedi/Sector One) <pgp@pureftpd.org prepare() { - cd "$pkgname" + cd "${pkgname}" patch -Np1 -i "../${pkgname}-${pkgver}-configuration.patch" + patch -Np1 -i "../uncensor.patch" + # create empty ip-blacklist.txt touch "${pkgname}/ip-blacklist.txt" + # symlink upstream's vendor to src ln -sfv vendor src + ln -sfv vendor ${pkgname}/src + ln -sfv vendor ${pkgname}/vendor rm -v go.mod } build() { cd "$pkgname" + # set GOPATH + export GO111MODULE=off export GOPATH=$(pwd) + #go mod init + cd "$pkgname" + export CGO_CPPFLAGS="${CPPFLAGS}" export CGO_CFLAGS="${CFLAGS}" export CGO_CXXFLAGS="${CXXFLAGS}" export CGO_LDFLAGS="${LDFLAGS}" export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw" - go build + #export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" + + go build -mod=vendor } package() { - cd "$pkgname" + cd "${pkgname}" # executable install -vDm 755 "${pkgname}/${pkgname}" -t "${pkgdir}/usr/bin/" - # configuration + # configuration files install -vDm 644 "${pkgname}/example-${pkgname}.toml" \ "${pkgdir}/etc/${pkgname}/${pkgname}.toml" - install -vDm 644 "${srcdir}/blacklist.txt" \ + install -vDm 644 "${pkgname}/example-blocked-names.txt" \ "${pkgdir}/etc/${pkgname}/blacklist.txt" - install -vDm 644 "${srcdir}/cloaking-rules.txt" \ + install -vDm 644 "${pkgname}/example-blocked-ips.txt" \ + "${pkgdir}/etc/${pkgname}/ip-blacklist.txt" + install -vDm 644 "${pkgname}/example-captive-portals.txt" \ + "${pkgdir}/etc/${pkgname}/captive-portals.txt" + install -vDm 644 "${pkgname}/example-cloaking-rules.txt" \ "${pkgdir}/etc/${pkgname}/cloaking-rules.txt" install -vDm 644 "${pkgname}/example-forwarding-rules.txt" \ "${pkgdir}/etc/${pkgname}/forwarding-rules.txt" - install -vDm 644 "${srcdir}/ip-blacklist.txt" \ - "${pkgdir}/etc/${pkgname}/ip-blacklist.txt" - install -vDm 644 "${srcdir}/whitelist.txt" \ + install -vDm 644 "${pkgname}/example-allowed-ips.txt" \ + "${pkgdir}/etc/${pkgname}/ip-whitelist.txt" + install -vDm 644 "${pkgname}/example-allowed-names.txt" \ "${pkgdir}/etc/${pkgname}/whitelist.txt" # utils - install -vDm 644 utils/generate-domains-blacklists/*.{conf,txt} \ - -t "${pkgdir}/usr/share/${pkgname}/utils/generate-domains-blacklists" - install -vDm 755 utils/generate-domains-blacklists/generate-domains-blacklist.py \ + install -vDm 644 utils/generate-domains-blocklist/*.{conf,txt} \ + -t "${pkgdir}/usr/share/${pkgname}/utils/generate-domains-blacklist" + install -vDm 755 utils/generate-domains-blocklist/generate-domains-blocklist.py \ "${pkgdir}/usr/bin/generate-domains-blacklist" # sysusers.d install -vDm 644 "${srcdir}/${pkgname}.sysusers" \ diff --git a/configuration.diff b/configuration.diff deleted file mode 100644 index c43de74..0000000 --- a/configuration.diff +++ /dev/null @@ -1,135 +0,0 @@ -diff -ruN a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml ---- a/dnscrypt-proxy/example-dnscrypt-proxy.toml 2019-11-18 13:00:34.000000000 +0100 -+++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml 2019-11-19 22:11:15.890730311 +0100 -@@ -138,12 +138,12 @@ - - ## log file for the application - --# log_file = 'dnscrypt-proxy.log' -+# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log' - - - ## Use the system logger (syslog on Unix, Event Log on Windows) - --# use_syslog = true -+use_syslog = true - - - ## Delay, in minutes, after which certificates are reloaded -@@ -280,7 +280,7 @@ - ## example.com 9.9.9.9 - ## example.net 9.9.9.9,8.8.8.8,1.1.1.1 - --# forwarding_rules = 'forwarding-rules.txt' -+# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt' - - - -@@ -296,7 +296,7 @@ - ## example.com 10.1.1.1 - ## www.google.com forcesafesearch.google.com - --# cloaking_rules = 'cloaking-rules.txt' -+# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt' - - ## TTL used when serving entries in cloaking-rules.txt - -@@ -349,7 +349,7 @@ - ## Path to the query log file (absolute, or relative to the same directory as the executable file) - ## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0) - -- # file = 'query.log' -+ # file = '/var/log/dnscrypt-proxy/query.log' - - - ## Query log format (currently supported: tsv and ltsv) -@@ -375,7 +375,7 @@ - - ## Path to the query log file (absolute, or relative to the same directory as the executable file) - -- # file = 'nx.log' -+ # file = '/var/log/dnscrypt-proxy/nx.log' - - - ## Query log format (currently supported: tsv and ltsv) -@@ -405,12 +405,12 @@ - - ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) - -- # blacklist_file = 'blacklist.txt' -+ # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt' - - - ## Optional path to a file logging blocked queries - -- # log_file = 'blocked.log' -+ # log_file = '/var/log/dnscrypt-proxy/blocked.log' - - - ## Optional log format: tsv or ltsv (default: tsv) -@@ -433,12 +433,12 @@ - - ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) - -- # blacklist_file = 'ip-blacklist.txt' -+ # blacklist_file = '/etc/dnscrypt-proxy/ip-blacklist.txt' - - - ## Optional path to a file logging blocked queries - -- # log_file = 'ip-blocked.log' -+ # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log' - - - ## Optional log format: tsv or ltsv (default: tsv) -@@ -461,12 +461,12 @@ - - ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file) - -- # whitelist_file = 'whitelist.txt' -+ # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt' - - - ## Optional path to a file logging whitelisted queries - -- # log_file = 'whitelisted.log' -+ # log_file = '/var/log/dnscrypt-proxy/whitelisted.log' - - - ## Optional log format: tsv or ltsv (default: tsv) -@@ -536,7 +536,7 @@ - - [sources.'public-resolvers'] - urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] -- cache_file = 'public-resolvers.md' -+ cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md' - minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - prefix = '' - -@@ -544,7 +544,7 @@ - - [sources.'relays'] - urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md'] -- cache_file = 'relays.md' -+ cache_file = '/var/cache/dnscrypt-proxy/relays.md' - minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - refresh_delay = 72 - prefix = '' -@@ -554,7 +554,7 @@ - # [sources.quad9-resolvers] - # urls = ['https://www.quad9.net/quad9-resolvers.md'] - # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN' -- # cache_file = 'quad9-resolvers.md' -+ # cache_file = '/var/cache/dnscrypt-proxy/quad9-resolvers.md' - # prefix = 'quad9-' - - ## Another example source, with resolvers censoring some websites not appropriate for children -@@ -562,7 +562,7 @@ - - # [sources.'parental-control'] - # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md'] -- # cache_file = 'parental-control.md' -+ # cache_file = '/var/cache/dnscrypt-proxy/parental-control.md' - # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - - diff --git a/uncensor.patch b/uncensor.patch new file mode 100644 index 0000000..bb4824e --- /dev/null +++ b/uncensor.patch @@ -0,0 +1,173 @@ +--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml ++++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml +@@ -75,7 +75,7 @@ + # Server must not log user queries (declarative) + require_nolog = true + +-# Server must not enforce its own blocklist (for parental control, ads blocking...) ++# Server must not enforce its own blacklist (for parental control, ads blocking...) + require_nofilter = true + + # Server names to avoid even if they match all criteria +@@ -290,7 +290,7 @@ + + ## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you + ## configure dnscrypt-proxy to do any kind of filtering (including the filters +-## below and blocklists). ++## below and blacklists). + ## You can still choose resolvers that do DNSSEC validation. + + +@@ -313,7 +313,7 @@ + + + ## TTL for synthetic responses sent when a request has been blocked (due to +-## IPv6 or blocklists). ++## IPv6 or blacklists). + + reject_ttl = 600 + +@@ -474,7 +474,7 @@ + + + ###################################################### +-# Pattern-based blocking (blocklists) # ++# Pattern-based blacklists # + ###################################################### + + ## Blocklists are made of one pattern per line. Example of valid patterns: +@@ -486,20 +486,20 @@ + ## ads*.example.* + ## ads*.example[0-9]*.com + ## +-## Example blocklist files can be found at https://download.dnscrypt.info/blocklists/ +-## A script to build blocklists from public feeds can be found in the +-## `utils/generate-domains-blocklists` directory of the dnscrypt-proxy source code. ++## Example blacklist files can be found at https://download.dnscrypt.info/blocklists/ ++## A script to build blacklists from public feeds can be found in the ++## `utils/generate-domains-blacklists` directory of the dnscrypt-proxy source code. + + [blocked_names] + +- ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) ++ ## Path to the file of blacklisting rules (absolute, or relative to the same directory as the config file) + +- # blocked_names_file = '/etc/dnscrypt-proxy/blocked-names.txt' ++ # blocked_names_file = '/etc/dnscrypt-proxy/blacklist.txt' + + +- ## Optional path to a file logging blocked queries ++ ## Optional path to a file logging blacklisted queries + +- # log_file = '/var/log/dnscrypt-proxy/blocked-names.log' ++ # log_file = '/var/log/dnscrypt-proxy/blacklisted.log' + + + ## Optional log format: tsv or ltsv (default: tsv) +@@ -509,10 +509,10 @@ + + + ########################################################### +-# Pattern-based IP blocking (IP blocklists) # ++# Pattern-based IP blacklists # + ########################################################### + +-## IP blocklists are made of one pattern per line. Example of valid patterns: ++## IP blacklists are made of one pattern per line. Example of valid patterns: + ## + ## 127.* + ## fe80:abcd:* +@@ -520,14 +520,14 @@ + + [blocked_ips] + +- ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) ++ ## Path to the file of blacklisting rules (absolute, or relative to the same directory as the config file) + +- # blocked_ips_file = '/etc/dnscrypt-proxy/blocked-ips.txt' ++ # blocked_ips_file = '/etc/dnscrypt-proxy/ip-blacklist.txt' + + +- ## Optional path to a file logging blocked queries ++ ## Optional path to a file logging blacklisted queries + +- # log_file = '/var/log/dnscrypt-proxy/blocked-ips.log' ++ # log_file = '/var/log/dnscrypt-proxy/ip-blacklisted.log' + + + ## Optional log format: tsv or ltsv (default: tsv) +@@ -537,25 +537,25 @@ + + + ###################################################### +-# Pattern-based allow lists (blocklists bypass) # ++# Pattern-based whitelists # + ###################################################### + +-## Allowlists support the same patterns as blocklists +-## If a name matches an allowlist entry, the corresponding session ++## Whitelists support the same patterns as blacklists ++## If a name matches a whitelist entry, the corresponding session + ## will bypass names and IP filters. + ## + ## Time-based rules are also supported to make some websites only accessible at specific times of the day. + + [allowed_names] + +- ## Path to the file of allow list rules (absolute, or relative to the same directory as the config file) ++ ## Path to the file of whitelist rules (absolute, or relative to the same directory as the config file) + +- # allowed_names_file = '/etc/dnscrypt-proxy/allowed-names.txt' ++ # allowed_names_file = '/etc/dnscrypt-proxy/whitelist.txt' + + +- ## Optional path to a file logging allowed queries ++ ## Optional path to a file logging whitelisted queries + +- # log_file = '/var/log/dnscrypt-proxy/allowed-names.log' ++ # log_file = '/var/log/dnscrypt-proxy/whitelisted.log' + + + ## Optional log format: tsv or ltsv (default: tsv) +@@ -565,25 +565,25 @@ + + + ######################################################### +-# Pattern-based allowed IPs lists (blocklists bypass) # ++# Pattern-based IPs whitelists # + ######################################################### + +-## Allowed IP lists support the same patterns as IP blocklists +-## If an IP response matches an allow ip entry, the corresponding session ++## Whitelisted IP lists support the same patterns as IP blacklists ++## If an IP response matches a whitelisted ip entry, the corresponding session + ## will bypass IP filters. + ## + ## Time-based rules are also supported to make some websites only accessible at specific times of the day. + + [allowed_ips] + +- ## Path to the file of allowed ip rules (absolute, or relative to the same directory as the config file) ++ ## Path to the file of whitelisted ip rules (absolute, or relative to the same directory as the config file) + +- # allowed_ips_file = '/etc/dnscrypt-proxy/allowed-ips.txt' ++ # allowed_ips_file = '/etc/dnscrypt-proxy/ip-whitelist.txt' + + +- ## Optional path to a file logging allowed queries ++ ## Optional path to a file logging whitelisted queries + +- # log_file = '/var/log/dnscrypt-proxy/allowed-ips.log' ++ # log_file = '/var/log/dnscrypt-proxy/ip-whitelisted.log' + + ## Optional log format: tsv or ltsv (default: tsv) + +@@ -599,7 +599,7 @@ + ## Patterns in the name-based blocked_names file can optionally be followed with @schedule_name + ## to apply the pattern 'schedule_name' only when it matches a time range of that schedule. + ## +-## For example, the following rule in a blocklist file: ++## For example, the following rule in a blacklist file: + ## *.youtube.* @time-to-sleep + ## would block access to YouTube during the times defined by the 'time-to-sleep' schedule. + ## |