SecBSD's official ports repository

2023-08-16 22:26:55 +00:00 · 2023-08-16 22:26:55 +00:00 · 2c0afcbbf3
commit 2c0afcbbf3
64331 changed files with 5339189 additions and 0 deletions
--- a/net/dnscrypt-proxy/Makefile
+++ b/net/dnscrypt-proxy/Makefile
@ -0,0 +1,40 @@
+BROKEN =	The version of quic-go you're using can't be built on Go 1.21 yet.
+COMMENT =	flexible DNS proxy with support for encrypted DNS protocols
+
+GH_ACCOUNT =	jedisct1
+GH_PROJECT =	dnscrypt-proxy
+GH_TAGNAME =	2.1.4
+
+CATEGORIES =	net
+
+HOMEPAGE =	https://dnscrypt.info/
+
+MAINTAINER =	Nam Nguyen <namn@berkeley.edu>
+# ISC
+PERMIT_PACKAGE =	Yes
+
+WANTLIB =	c pthread
+
+MODULES =	lang/go
+MODGO_TYPE =	bin
+
+INSTDIR =	${PREFIX}/share/examples/dnscrypt-proxy
+
+pre-configure:
+	sed -i "s;cache_file = '\(.*\)\.md';cache_file =\
+		'${LOCALSTATEDIR}/dnscrypt-proxy/\1.md';g" \
+		${MODGO_SUBDIR}/dnscrypt-proxy/example-dnscrypt-proxy.toml
+
+do-build:
+	cd ${WRKSRC}/dnscrypt-proxy && ${MODGO_CMD} build
+
+do-test:
+	cd ${WRKSRC}/dnscrypt-proxy && ${MODGO_CMD} test
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/dnscrypt-proxy/dnscrypt-proxy ${PREFIX}/bin/
+	${INSTALL_DATA_DIR} ${INSTDIR}
+	${INSTALL_DATA} ${WRKSRC}/dnscrypt-proxy/example-* ${INSTDIR}
+	rm -f ${INSTDIR}/example-dnscrypt-proxy.toml${PATCHORIG}
+
+.include <bsd.port.mk>
--- a/net/dnscrypt-proxy/distinfo
+++ b/net/dnscrypt-proxy/distinfo
@ -0,0 +1,2 @@
+SHA256 (dnscrypt-proxy-2.1.4.tar.gz) = BfCj6Mj0icr5WRnip1oexFmO3TQo0rndNXyrpq2yYH0=
+SIZE (dnscrypt-proxy-2.1.4.tar.gz) = 6897787
--- a/net/dnscrypt-proxy/patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml
+++ b/net/dnscrypt-proxy/patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml
@ -0,0 +1,12 @@
+Index: dnscrypt-proxy/example-dnscrypt-proxy.toml
+--- dnscrypt-proxy/example-dnscrypt-proxy.toml.orig
+++ dnscrypt-proxy/example-dnscrypt-proxy.toml
+@@ -52,7 +52,7 @@ max_clients = 250
+ ## Note (2): this feature is not compatible with systemd socket activation.
+ ## Note (3): when using -pidfile, the PID file directory must be writable by the new user
+ 
+-# user_name = 'nobody'
+user_name = '_dnscrypt-proxy'
+ 
+ 
+ ## Require servers (from remote sources) to satisfy specific properties
--- a/net/dnscrypt-proxy/pkg/DESCR
+++ b/net/dnscrypt-proxy/pkg/DESCR
@ -0,0 +1,23 @@
+dnscrypt-proxy is a flexible DNS proxy with support for modern encrypted DNS
+protocols, such as DNSCrypt v2 and DNS-over-HTTPS, and features:
+
+- DNS traffic encryption and authentication. Supports DNS-over-HTTPS (DoH) and
+  DNSCrypt.
+- DNS query monitoring with separate log files for regular and suspicious
+  queries.
+- Filtering: block ads, malware and other unwanted content. Compatible with all
+  DNS services.
+- Time-based filtering with a flexible weekly schedule.
+- Transparent redirection of specific domains to specific resolvers.
+- DNS caching to reduce latency and improve privacy.
+- Local IPv6 blocking to reduce latency on IPv4-only networks.
+- Load balancing: pick a set of resolvers, and dnscrypt-proxy will automatically
+  measure their speeds in order to balance traffic among the fastest available.
+- Cloaking: like a HOSTS file on steroids that can return preconfigured
+  addresses for specific names or resolve and return the IP addresses of
+  other names. This can be used for local development, as well as to
+  enforce safe search results on Google, Yahoo and Bing.
+- Automatic background updates of resolvers lists.
+- Can force outgoing connections to use TCP.
+- Supports SOCKS proxies.
+- Compatible with DNSSEC.
--- a/net/dnscrypt-proxy/pkg/PLIST
+++ b/net/dnscrypt-proxy/pkg/PLIST
@ -0,0 +1,24 @@
+@conflict dnscrypt-proxy-plugins-*
+@pkgpath net/dnscrypt-proxy,-main
+@pkgpath net/dnscrypt-proxy,-utils
+@newgroup _dnscrypt-proxy:688
+@newuser _dnscrypt-proxy:688:_dnscrypt-proxy::dnscrypt-proxy user:/var/empty:/sbin/nologin
+@rcscript ${RCDIR}/dnscrypt_proxy
+@extraunexec rm -rf /var/dnscrypt-proxy/*
+@bin bin/dnscrypt-proxy
+share/doc/pkg-readmes/${PKGSTEM}
+share/examples/dnscrypt-proxy/
+share/examples/dnscrypt-proxy/example-allowed-ips.txt
+share/examples/dnscrypt-proxy/example-allowed-names.txt
+share/examples/dnscrypt-proxy/example-blocked-ips.txt
+share/examples/dnscrypt-proxy/example-blocked-names.txt
+share/examples/dnscrypt-proxy/example-captive-portals.txt
+share/examples/dnscrypt-proxy/example-cloaking-rules.txt
+share/examples/dnscrypt-proxy/example-dnscrypt-proxy.toml
+@sample ${SYSCONFDIR}/dnscrypt-proxy.toml
+share/examples/dnscrypt-proxy/example-forwarding-rules.txt
+@owner _dnscrypt-proxy
+@group _dnscrypt-proxy
+@sample ${LOCALSTATEDIR}/dnscrypt-proxy/
+@comment fix owner for upgrades since privsep downloaded cache files in 2.0.43
+@exec-update [[ $(stat -f '%u:%g' ${LOCALSTATEDIR}/dnscrypt-proxy/public-resolvers.md 2>/dev/null) != 688:688 ]] && chown -R _dnscrypt-proxy:_dnscrypt-proxy ${LOCALSTATEDIR}/dnscrypt-proxy || true
--- a/net/dnscrypt-proxy/pkg/README
+++ b/net/dnscrypt-proxy/pkg/README
@ -0,0 +1,67 @@
+-----------------------------------------------------------------------
+| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------
+
+dnscrypt-proxy listens for DNS queries on a local address and forwards
+them to a DNSCrypt resolver over an encrypted channel.
+
+To use this package, several things are required.
+
+Customizing dnscrypt-proxy.toml
+===============================
+
+Ensure that ${SYSCONFDIR}/dnscrypt-proxy.toml fits your needs.
+
+Resolvers
+---------
+Uncomment 'server_names' to have a smaller set of public resolvers to be used
+for load balancing. If this line is commented, all registered servers matching
+the require_* filters will be used for load balancing. Refer to
+${LOCALSTATEDIR}/dnscrypt-proxy/public-resolvers.md for a list of all public
+resolvers.
+
+Load balancing strategy
+-----------------------
+Note the load balancing strategy, controlled by 'lb_strategy'. It can be
+set to one of the following values:
+  - 'first' (always pick the fastest server in the list)
+  - 'p2' (randomly choose between the top two fastest servers)
+  - 'ph' (randomly choose between the top fastest half of all servers)
+  - 'random' (just pick any random server from the list)
+
+'p2' is the default option. For more information, see
+https://github.com/jedisct1/dnscrypt-proxy/wiki/Load-Balancing-Options
+
+Logging
+-------
+Logging is disabled by default.
+
+To log to ${LOCALSTATEDIR}/log/messages:
+log_level = 2
+use_syslog = true
+
+To log to a custom file:
+log_level = 2
+log_file = '${LOCALSTATEDIR}/log/dnscrypt-proxy.log'
+
+Daemon
+======
+
+Start the daemon:
+
+# rcctl enable dnscrypt_proxy
+# rcctl start dnscrypt_proxy
+
+resolv.conf
+===========
+
+Set ${SYSCONFDIR}/resolv.conf to perform queries from dnscrypt-proxy:
+
+nameserver 127.0.0.1
+lookup file bind
+
+Note: If your IP address is dynamically fetched, dhclient(8) will normally
+update resolv.conf with network-provided DNS servers. This can be avoided by
+using "ignore domain-name, domain-name-servers;" in ${SYSCONFDIR}/dhclient.conf.
+
+For more information, see https://dnscrypt.info/
--- a/net/dnscrypt-proxy/pkg/dnscrypt_proxy.rc
+++ b/net/dnscrypt-proxy/pkg/dnscrypt_proxy.rc
@ -0,0 +1,13 @@
+#!/bin/ksh
+
+daemon="${TRUEPREFIX}/bin/dnscrypt-proxy"
+daemon_flags="-config ${SYSCONFDIR}/dnscrypt-proxy.toml"
+
+. /etc/rc.d/rc.subr
+
+pexp="${daemon}${daemon_flags:+ ${daemon_flags}}.*"
+
+rc_bg=YES
+rc_reload=NO
+
+rc_cmd $1