[Astlinux-commits] SF.net SVN: astlinux:[7153] branches/1.0

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 7153
          http://sourceforge.net/p/astlinux/code/7153
Author:   abelbeck
Date:     2015-07-16 00:28:02 +0000 (Thu, 16 Jul 2015)
Log Message:
-----------
dnscrypt-proxy, add support for ephemeral-keys and an optional secondary proxy server.  New rc.conf variables are: DNSCRYPT_EPHEMERAL_KEYS, DNSCRYPT_2SERVER_ADDRESS, DNSCRYPT_2PROVIDER_NAME, DNSCRYPT_2PROVIDER_KEY

Modified Paths:
--------------
    branches/1.0/package/dnscrypt-proxy/dnscrypt-proxy.init
    branches/1.0/package/dnsmasq/dnsmasq.init
    branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf

Modified: branches/1.0/package/dnscrypt-proxy/dnscrypt-proxy.init
===================================================================

--- branches/1.0/package/dnscrypt-proxy/dnscrypt-proxy.init	2015-07-13 17:45:41 UTC (rev 7152)
+++ branches/1.0/package/dnscrypt-proxy/dnscrypt-proxy.init	2015-07-16 00:28:02 UTC (rev 7153)
@@ -4,6 +4,8 @@
 
 PIDFILE="/var/run/dnscrypt-proxy.pid"
 
+PID2FILE="/var/run/dnscrypt-proxy2.pid"
+
 init () {
   :
 }
@@ -18,8 +20,20 @@
     name="${DNSCRYPT_PROVIDER_NAME:-2.dnscrypt-cert.opendns.com}"
     key="${DNSCRYPT_PROVIDER_KEY:-B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79}"
 
-    dnscrypt-proxy -d --local-address 127.0.0.1:2053 -n 520 -m ${DNSCRYPT_VERBOSITY:-5} -p $PIDFILE \
+    if [ "$DNSCRYPT_EPHEMERAL_KEYS" = "yes" ]; then
+      ephemeral_keys="--ephemeral-keys"
+    else
+      ephemeral_keys=""
+    fi
+
+    dnscrypt-proxy -d --local-address 127.0.0.1:2053 -n 520 -m ${DNSCRYPT_VERBOSITY:-5} -p $PIDFILE $ephemeral_keys \
                    --resolver-address "$address" --provider-name "$name" --provider-key "$key"
+
+    if [ -n "$DNSCRYPT_2SERVER_ADDRESS" -a -n "$DNSCRYPT_2PROVIDER_NAME" -a -n "$DNSCRYPT_2PROVIDER_KEY" ]; then
+
+      dnscrypt-proxy -d --local-address 127.0.0.1:2054 -n 520 -m ${DNSCRYPT_VERBOSITY:-5} -p $PID2FILE $ephemeral_keys \
+             --resolver-address "$DNSCRYPT_2SERVER_ADDRESS" --provider-name "$DNSCRYPT_2PROVIDER_NAME" --provider-key "$DNSCRYPT_2PROVIDER_KEY"
+    fi
   fi
 }
 
@@ -30,6 +44,10 @@
 
     kill $(cat $PIDFILE) >/dev/null 2>&1
   fi
+
+  if [ -f $PID2FILE ]; then
+    kill $(cat $PID2FILE) >/dev/null 2>&1
+  fi
 }
 
 case $1 in

Modified: branches/1.0/package/dnsmasq/dnsmasq.init
===================================================================
--- branches/1.0/package/dnsmasq/dnsmasq.init	2015-07-13 17:45:41 UTC (rev 7152)
+++ branches/1.0/package/dnsmasq/dnsmasq.init	2015-07-16 00:28:02 UTC (rev 7153)
@@ -39,15 +39,20 @@
   return 1
 }
 
-dnscrypt_proxy_check()
+dnscrypt_proxy_servers()
 {
+  local servers=""
+
   if [ -f /etc/init.d/dnscrypt ]; then
     if [ "$DNSCRYPT_PROXY" = "yes" ]; then
-      return 0
+      servers="127.0.0.1#2053"
+      if [ -n "$DNSCRYPT_2SERVER_ADDRESS" -a -n "$DNSCRYPT_2PROVIDER_NAME" -a -n "$DNSCRYPT_2PROVIDER_KEY" ]; then
+        servers="$servers 127.0.0.1#2054"
+      fi
     fi
   fi
 
-  return 1
+  echo "$servers"
 }
 
 tftpd_check()
@@ -184,7 +189,7 @@
 
 createDNSMASQbasic()
 {
-  local local_domain
+  local local_domain dnscrypt_servers server IFS
 
   # DHCP options
   if [ "$1" = "dhcp" ]; then
@@ -223,10 +228,14 @@
     echo "dns-forward-max=512"
   fi
 
-  if dnscrypt_proxy_check; then
+  dnscrypt_servers="$(dnscrypt_proxy_servers)"
+  if [ -n "$dnscrypt_servers" ]; then
     echo "no-resolv
-server=127.0.0.1#2053
 proxy-dnssec"
+    unset IFS
+    for server in $dnscrypt_servers; do
+      echo "server=$server"
+    done
   else
     echo "resolv-file=/etc/resolv-extern.conf"
   fi

Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2015-07-13 17:45:41 UTC (rev 7152)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2015-07-16 00:28:02 UTC (rev 7153)
@@ -368,12 +368,17 @@
 
 ## DNSCrypt Proxy Server
 ## Note: dnsmasq must be restarted when DNSCRYPT_PROXY changes.
-#DNSCRYPT_PROXY="yes"      # Enable with "yes", defaults to "no"
-#DNSCRYPT_VERBOSITY="5"    # Syslog logging: "3" Error, "5" Notice, "6" Info, defaults to "5"
-## Leave the variables below empty to use the OpenDNS defaults. See http://dnscrypt.org/ for others.
+#DNSCRYPT_PROXY="yes"            # Enable with "yes", defaults to "no"
+#DNSCRYPT_VERBOSITY="5"          # Syslog logging: "3" Error, "5" Notice, "6" Info, defaults to "5"
+#DNSCRYPT_EPHEMERAL_KEYS="yes"   # Generates short-lived public key for each query with "yes", defaults to "no"
+## Leave the three variables below empty to use the OpenDNS defaults. See http://dnscrypt.org/ for others.
 #DNSCRYPT_SERVER_ADDRESS=""
 #DNSCRYPT_PROVIDER_NAME=""
 #DNSCRYPT_PROVIDER_KEY=""
+## Optional - Secondary Proxy Server, all three variables below must be defined to be enabled.
+#DNSCRYPT_2SERVER_ADDRESS=""
+#DNSCRYPT_2PROVIDER_NAME=""
+#DNSCRYPT_2PROVIDER_KEY=""
 
 ## Static hosts for local resolver + DNSMasq
 ##

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



