[new] net/dnscrypt-proxy2: flexible dns proxy with support for encrypted protocols

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

[new] net/dnscrypt-proxy2: flexible dns proxy with support for encrypted protocols

Vinícius Zavam


ports_NEW_PORT_net_dnscrypt-proxy2.v2.0.0p0.patch (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] net/dnscrypt-proxy2: flexible dns proxy with support for encrypted protocols

Björn Ketelaars
I'm not sure if it makes sense to create a new port for dnscrypt-proxy
2.0.0. Why not collaborate with the maintainer and update the existing
port?

Reply | Threaded
Open this post in threaded view
|

Re: [new] net/dnscrypt-proxy2: flexible dns proxy with support for encrypted protocols

Stuart Henderson
In reply to this post by Vinícius Zavam
On 2018/02/13 13:51, Vinícius Zavam wrote:
>

> Index: net/dnscrypt-proxy/pkg/PLIST-main
> ===================================================================
> RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/PLIST-main,v
> retrieving revision 1.6
> diff -u -p -u -p -r1.6 PLIST-main
> --- net/dnscrypt-proxy/pkg/PLIST-main 2 Aug 2017 09:32:40 -0000 1.6
> +++ net/dnscrypt-proxy/pkg/PLIST-main 13 Feb 2018 13:39:38 -0000
> @@ -1,4 +1,5 @@
>  @comment $OpenBSD: PLIST-main,v 1.6 2017/08/02 09:32:40 giovanni Exp $
> +@conflict dnscrypt-proxy->1.9.5p3
>  @newgroup _dnscrypt-proxy:688
>  @newuser _dnscrypt-proxy:688:_dnscrypt-proxy:daemon:dnscrypt-proxy user:/var/empty:/sbin/nologin
>  @bin bin/hostip

IMHO it's better to just update the original port rather than adding a
new one, I don't think this is enough of a special case to maintain both
in parallel

> Index: net/dnscrypt-proxy2/Makefile
> ===================================================================
> RCS file: net/dnscrypt-proxy2/Makefile
> diff -N net/dnscrypt-proxy2/Makefile
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/dnscrypt-proxy2/Makefile 13 Feb 2018 13:39:38 -0000
> @@ -0,0 +1,44 @@
> +# $OpenBSD$
> +
> +COMMENT= Flexible DNS proxy with support for encrypted protocols

lowercase Flexible -> flexible

> +PORTNAME= dnscrypt-proxy
> +PORTVERS= 2.0.0
> +REVISION= 0
> +DISTNAME= ${PORTNAME}-${PORTVERS}
> +CATEGORIES= net security
> +
> +HOMEPAGE= https://dnscrypt.info/
> +MAINTAINER= Vinicius Zavam <[hidden email]>
> +
> +GH_ACCOUNT= jedisct1
> +GH_PROJECT= ${PORTNAME}
> +GH_TAGNAME= ${PORTVERS}

please don't use indirection like this PORTNAME/PORTVERS stuff, the entire
block above should be simply

GH_ACCOUNT= jedisct1
GH_PROJECT= dnscrypt-proxy
GH_TAGNAME= 2.0.0

CATEGORIES= net security

HOMEPAGE= https://dnscrypt.info/
MAINTAINER= Vinicius Zavam <[hidden email]>

> +
> +# ISC
> +PERMIT_PACKAGE_CDROM= YES
> +
> +DOCS= README.md

set but never used

> +
> +MODULES= lang/go
> +
> +TARGET_BASE= github.com/${GH_ACCOUNT}/${GH_PROJECT}
> +WRKSRC= ${MODGO_WORKSPACE}/src/${TARGET_BASE}
> +ALL_TARGET= ${TARGET_BASE}/${GH_PROJECT}

I can't really comment on go ports stuff, it totally confuses me

> +post-configure:
> + cd ${WRKSRC} && ln -sf vendor src && ln -sf ${WRKSRC}/${GH_PROJECT} src/${TARGET_BASE};

GH_PROJECT indirection is hard to read, and you're already cd'd to ${WRKSRC}
so the second ln doesn't need the ${WRKSRC}, so maybe "... && ln -sf
dnscrypt-proxy src/${TARGET_BASE}" ?

zap trailing ;

> +do-install:
> + mkdir -p ${PREFIX}/sbin && \
> + ${INSTALL_PROGRAM} ${MODGO_WORKSPACE}/bin/* ${PREFIX}/sbin/;

don't use mkdir, if you needed to create this directory ${INSTALL_PROGRAM_DIR}
would be the one, but ${PREFIX}/sbin is already created for you.

zap trailing ;

> +
> +post-install:
> + mkdir -p ${PREFIX}/etc ${PREFIX}/share/examples/${GH_PROJECT} && \
> + ${INSTALL_DATA} ${MODGO_WORKSPACE}/src/${TARGET_BASE}/${GH_PROJECT}/example* \
> + ${PREFIX}/share/examples/${GH_PROJECT}/ && \
> + ${INSTALL_DATA} ${MODGO_WORKSPACE}/src/${TARGET_BASE}/${GH_PROJECT}/example-dnscrypt-proxy.toml \
> + ${PREFIX}/etc/dnscrypt-proxy.toml;

nothing should be using ${PREFIX}/etc.

mkdir -> ${INSTALL_DATA_DIR}

GH_PROJECT indirection makes it hard to read, just write dnscrypt-proxy

trailing ;

> + sed -i -e 's,require_dnssec = false,require_dnssec = true,g' ${PREFIX}/etc/dnscrypt-proxy.toml;
> +

just use a normal patch on the input file rather than sed (though why
change the default anyway?)

${PREFIX}/etc again

trailing ;


> +.include <bsd.port.mk>
> Index: net/dnscrypt-proxy2/distinfo
> ===================================================================
> RCS file: net/dnscrypt-proxy2/distinfo
> diff -N net/dnscrypt-proxy2/distinfo
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/dnscrypt-proxy2/distinfo 13 Feb 2018 13:39:38 -0000
> @@ -0,0 +1,2 @@
> +SHA256 (dnscrypt-proxy-2.0.0.tar.gz) = r8KAYTJpsfXpxYHCPWSIhCGJdPfn4aJcihMJGX1n41g=
> +SIZE (dnscrypt-proxy-2.0.0.tar.gz) = 725490
> Index: net/dnscrypt-proxy2/pkg/DESCR
> ===================================================================
> RCS file: net/dnscrypt-proxy2/pkg/DESCR
> diff -N net/dnscrypt-proxy2/pkg/DESCR
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/dnscrypt-proxy2/pkg/DESCR 13 Feb 2018 13:39:38 -0000
> @@ -0,0 +1,7 @@
> +DNSCrypt Proxy v2 provides a local service which can be used directly as your
> +local resolver or as a DNS forwarder, encrypting requests using protocols
> +such as DNSCrypt v2 and DNS-over-HTTP/2.
> +
> +It includes all the major features from DNSCrypt Proxy v1 (1.9.5), with improved
> +reliability, flexibility, usability and performance. You can also combine it with
> +TCP tunnels such as the ones used by Tor.
> Index: net/dnscrypt-proxy2/pkg/PLIST
> ===================================================================
> RCS file: net/dnscrypt-proxy2/pkg/PLIST
> diff -N net/dnscrypt-proxy2/pkg/PLIST
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/dnscrypt-proxy2/pkg/PLIST 13 Feb 2018 13:39:38 -0000
> @@ -0,0 +1,12 @@
> +@comment $OpenBSD$
> +etc/
> +etc/dnscrypt-proxy.toml
> +share/doc/pkg-readmes/${FULLPKGNAME}
> +share/examples/dnscrypt-proxy/
> +share/examples/dnscrypt-proxy/example-blacklist.txt
> +share/examples/dnscrypt-proxy/example-cloaking-rules.txt
> +share/examples/dnscrypt-proxy/example-dnscrypt-proxy.toml
> +share/examples/dnscrypt-proxy/example-forwarding-rules.txt
> +@conflict dnscrypt-proxy-<2.0.0p0
> +@bin sbin/dnscrypt-proxy
> +@rcscript ${RCDIR}/dnscrypt_proxy
> Index: net/dnscrypt-proxy2/pkg/README
> ===================================================================
> RCS file: net/dnscrypt-proxy2/pkg/README
> diff -N net/dnscrypt-proxy2/pkg/README
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/dnscrypt-proxy2/pkg/README 13 Feb 2018 13:39:38 -0000
> @@ -0,0 +1,26 @@
> +$OpenBSD$
> +
> ++-----------------------------------------------------------------------
> +| Running ${FULLPKGNAME} on OpenBSD
> ++-----------------------------------------------------------------------
> +
> +dnscrypt-proxy2 listens for DNS queries on a local address and forwards
> +them to a DNSCrypt resolver over an encrypted channel.
> +
> +To use this package, two things are required.
> +
> +Firstly, enable/start the service.
> +
> +  # rcctl enable dnscrypt_proxy
> +  # rcctl start dnscrypt_proxy
> +
> +Secondly, set /etc/resolv.conf to perform queries from dnscrypt-proxy2:
> +
> +  nameserver 127.0.0.1
> +  lookup file bind
> +
> +NOTE: If fetching your IP address dynamically, dhclient(8) will normally
> +update resolv.conf with network-provided DNS servers. This can be avoided
> +by using "ignore domain-name, domain-name-servers;" in /etc/dhclient.conf.
> +
> +For more information, see https://dnscrypt.info/
> Index: net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> ===================================================================
> RCS file: net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> diff -N net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc 13 Feb 2018 13:39:38 -0000
> @@ -0,0 +1,11 @@
> +#!/bin/ksh
> +#
> +# $OpenBSD$
> +
> +daemon="${TRUEPREFIX}/sbin/dnscrypt-proxy -config ${TRUEPREFIX}/etc/dnscrypt-proxy.toml -logfile /var/log/dnscrypt-proxy.log"
> +
> +. /etc/rc.d/rc.subr
> +
> +rc_reload=NO
> +
> +rc_cmd $1

Reply | Threaded
Open this post in threaded view
|

Re: [new] net/dnscrypt-proxy2: flexible dns proxy with support for encrypted protocols

Vinícius Zavam
On Feb 13, 2018 16:19, "Stuart Henderson" <[hidden email]> wrote:

On 2018/02/13 13:51, Vinícius Zavam wrote:
>

> Index: net/dnscrypt-proxy/pkg/PLIST-main
> ===================================================================
> RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/PLIST-main,v
> retrieving revision 1.6
> diff -u -p -u -p -r1.6 PLIST-main
> --- net/dnscrypt-proxy/pkg/PLIST-main 2 Aug 2017 09:32:40 -0000       1.6
> +++ net/dnscrypt-proxy/pkg/PLIST-main 13 Feb 2018 13:39:38 -0000
> @@ -1,4 +1,5 @@
>  @comment $OpenBSD: PLIST-main,v 1.6 2017/08/02 09:32:40 giovanni Exp $
> +@conflict dnscrypt-proxy->1.9.5p3
>  @newgroup _dnscrypt-proxy:688
>  @newuser _dnscrypt-proxy:688:_dnscrypt-proxy:daemon:dnscrypt-proxy
user:/var/empty:/sbin/nologin
>  @bin bin/hostip

IMHO it's better to just update the original port rather than adding a
new one, I don't think this is enough of a special case to maintain both
in parallel


we can go for it.

> Index: net/dnscrypt-proxy2/Makefile
> ===================================================================
> RCS file: net/dnscrypt-proxy2/Makefile
> diff -N net/dnscrypt-proxy2/Makefile
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/dnscrypt-proxy2/Makefile      13 Feb 2018 13:39:38 -0000
> @@ -0,0 +1,44 @@
> +# $OpenBSD$
> +
> +COMMENT=             Flexible DNS proxy with support for encrypted
protocols

lowercase Flexible -> flexible

> +PORTNAME=            dnscrypt-proxy
> +PORTVERS=            2.0.0
> +REVISION=            0
> +DISTNAME=            ${PORTNAME}-${PORTVERS}
> +CATEGORIES=          net security
> +
> +HOMEPAGE=            https://dnscrypt.info/
> +MAINTAINER=          Vinicius Zavam <[hidden email]>
> +
> +GH_ACCOUNT=          jedisct1
> +GH_PROJECT=          ${PORTNAME}
> +GH_TAGNAME=          ${PORTVERS}

please don't use indirection like this PORTNAME/PORTVERS stuff, the entire
block above should be simply

GH_ACCOUNT=             jedisct1
GH_PROJECT=             dnscrypt-proxy
GH_TAGNAME=             2.0.0


a lot of people are using V= or R= for similar purposes, so I really don't
see a thing here.

CATEGORIES=             net security

HOMEPAGE=               https://dnscrypt.info/
MAINTAINER=             Vinicius Zavam <[hidden email]>

> +
> +# ISC
> +PERMIT_PACKAGE_CDROM=        YES
> +
> +DOCS=                        README.md

set but never used

> +
> +MODULES=             lang/go
> +
> +TARGET_BASE=         github.com/${GH_ACCOUNT}/${GH_PROJECT}
<http://github.com/$%7BGH_ACCOUNT%7D/$%7BGH_PROJECT%7D>
> +WRKSRC=                      ${MODGO_WORKSPACE}/src/${TARGET_BASE}
> +ALL_TARGET=          ${TARGET_BASE}/${GH_PROJECT}

I can't really comment on go ports stuff, it totally confuses me

> +post-configure:
> +     cd ${WRKSRC} && ln -sf vendor src && ln -sf ${WRKSRC}/${GH_PROJECT}
src/${TARGET_BASE};

GH_PROJECT indirection is hard to read, and you're already cd'd to ${WRKSRC}
so the second ln doesn't need the ${WRKSRC}, so maybe "... && ln -sf
dnscrypt-proxy src/${TARGET_BASE}" ?


Go is... "special" :-)

zap trailing ;


it's present in many ports' Makefiles.

> +do-install:
> +     mkdir -p ${PREFIX}/sbin && \
> +             ${INSTALL_PROGRAM} ${MODGO_WORKSPACE}/bin/* ${PREFIX}/sbin/;

don't use mkdir, if you needed to create this directory
${INSTALL_PROGRAM_DIR}
would be the one, but ${PREFIX}/sbin is already created for you.


I refused to believe the same, but needed to make it this way. trust me.

zap trailing ;

> +
> +post-install:
> +     mkdir -p ${PREFIX}/etc ${PREFIX}/share/examples/${GH_PROJECT} && \
> +     ${INSTALL_DATA} ${MODGO_WORKSPACE}/src/${TARGET_BASE}/${GH_PROJECT}/example*
\
> +             ${PREFIX}/share/examples/${GH_PROJECT}/ && \
> +     ${INSTALL_DATA} ${MODGO_WORKSPACE}/src/${TARGE
T_BASE}/${GH_PROJECT}/example-dnscrypt-proxy.toml \
> +             ${PREFIX}/etc/dnscrypt-proxy.toml;

nothing should be using ${PREFIX}/etc.

mkdir -> ${INSTALL_DATA_DIR}

GH_PROJECT indirection makes it hard to read, just write dnscrypt-proxy


repeat the same thing? GH_PROJECT *must* be set, so... I made use of it.

trailing ;


dito.

> +     sed -i -e 's,require_dnssec = false,require_dnssec = true,g'
${PREFIX}/etc/dnscrypt-proxy.toml;
> +

just use a normal patch on the input file rather than sed (though why
change the default anyway?)

${PREFIX}/etc again


suggestions? it is /usr/local,

we could just make it practice to be used out of the box; or should one
copy the config and edit it manually in order to use the service?

trailing ;


dito.

> +.include <bsd.port.mk>
> Index: net/dnscrypt-proxy2/distinfo
> ===================================================================
> RCS file: net/dnscrypt-proxy2/distinfo
> diff -N net/dnscrypt-proxy2/distinfo
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/dnscrypt-proxy2/distinfo      13 Feb 2018 13:39:38 -0000
> @@ -0,0 +1,2 @@
> +SHA256 (dnscrypt-proxy-2.0.0.tar.gz) = r8KAYTJpsfXpxYHCPWSIhCGJdPfn4a
JcihMJGX1n41g=
> +SIZE (dnscrypt-proxy-2.0.0.tar.gz) = 725490
> Index: net/dnscrypt-proxy2/pkg/DESCR
> ===================================================================
> RCS file: net/dnscrypt-proxy2/pkg/DESCR
> diff -N net/dnscrypt-proxy2/pkg/DESCR
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/dnscrypt-proxy2/pkg/DESCR     13 Feb 2018 13:39:38 -0000
> @@ -0,0 +1,7 @@
> +DNSCrypt Proxy v2 provides a local service which can be used directly as
your
> +local resolver or as a DNS forwarder, encrypting requests using protocols
> +such as DNSCrypt v2 and DNS-over-HTTP/2.
> +
> +It includes all the major features from DNSCrypt Proxy v1 (1.9.5), with
improved
> +reliability, flexibility, usability and performance. You can also
combine it with

> +TCP tunnels such as the ones used by Tor.
> Index: net/dnscrypt-proxy2/pkg/PLIST
> ===================================================================
> RCS file: net/dnscrypt-proxy2/pkg/PLIST
> diff -N net/dnscrypt-proxy2/pkg/PLIST
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/dnscrypt-proxy2/pkg/PLIST     13 Feb 2018 13:39:38 -0000
> @@ -0,0 +1,12 @@
> +@comment $OpenBSD$
> +etc/
> +etc/dnscrypt-proxy.toml
> +share/doc/pkg-readmes/${FULLPKGNAME}
> +share/examples/dnscrypt-proxy/
> +share/examples/dnscrypt-proxy/example-blacklist.txt
> +share/examples/dnscrypt-proxy/example-cloaking-rules.txt
> +share/examples/dnscrypt-proxy/example-dnscrypt-proxy.toml
> +share/examples/dnscrypt-proxy/example-forwarding-rules.txt
> +@conflict dnscrypt-proxy-<2.0.0p0
> +@bin sbin/dnscrypt-proxy
> +@rcscript ${RCDIR}/dnscrypt_proxy
> Index: net/dnscrypt-proxy2/pkg/README
> ===================================================================
> RCS file: net/dnscrypt-proxy2/pkg/README
> diff -N net/dnscrypt-proxy2/pkg/README
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/dnscrypt-proxy2/pkg/README    13 Feb 2018 13:39:38 -0000
> @@ -0,0 +1,26 @@
> +$OpenBSD$
> +
> ++-----------------------------------------------------------------------
> +| Running ${FULLPKGNAME} on OpenBSD
> ++-----------------------------------------------------------------------
> +
> +dnscrypt-proxy2 listens for DNS queries on a local address and forwards
> +them to a DNSCrypt resolver over an encrypted channel.
> +
> +To use this package, two things are required.
> +
> +Firstly, enable/start the service.
> +
> +  # rcctl enable dnscrypt_proxy
> +  # rcctl start dnscrypt_proxy
> +
> +Secondly, set /etc/resolv.conf to perform queries from dnscrypt-proxy2:
> +
> +  nameserver 127.0.0.1
> +  lookup file bind
> +
> +NOTE: If fetching your IP address dynamically, dhclient(8) will normally
> +update resolv.conf with network-provided DNS servers. This can be avoided
> +by using "ignore domain-name, domain-name-servers;" in
/etc/dhclient.conf.

> +
> +For more information, see https://dnscrypt.info/
> Index: net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> ===================================================================
> RCS file: net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> diff -N net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc 13 Feb 2018 13:39:38 -0000
> @@ -0,0 +1,11 @@
> +#!/bin/ksh
> +#
> +# $OpenBSD$
> +
> +daemon="${TRUEPREFIX}/sbin/dnscrypt-proxy -config
${TRUEPREFIX}/etc/dnscrypt-proxy.toml -logfile /var/log/dnscrypt-proxy.log"
> +
> +. /etc/rc.d/rc.subr
> +
> +rc_reload=NO
> +
> +rc_cmd $1


if the net/dnscrypt-proxy's maintainer wants to take my patch and use it to
override/update the current port, I'm fine with it too; no worries.

thanks for all the feedback! very appreciated.

happy to help,
Reply | Threaded
Open this post in threaded view
|

Re: [new] net/dnscrypt-proxy2: flexible dns proxy with support for encrypted protocols

Stuart Henderson
Please re-send using normal internet quoting in your mail, it's too much
work to figure out which is your text and which is quoted.


On 2018/02/13 20:17, Vinícius Zavam wrote:

> On Feb 13, 2018 16:19, "Stuart Henderson" <[hidden email]> wrote:
>
> On 2018/02/13 13:51, Vinícius Zavam wrote:
> >
>
> > Index: net/dnscrypt-proxy/pkg/PLIST-main
> > ===================================================================
> > RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/PLIST-main,v
> > retrieving revision 1.6
> > diff -u -p -u -p -r1.6 PLIST-main
> > --- net/dnscrypt-proxy/pkg/PLIST-main 2 Aug 2017 09:32:40 -0000       1.6
> > +++ net/dnscrypt-proxy/pkg/PLIST-main 13 Feb 2018 13:39:38 -0000
> > @@ -1,4 +1,5 @@
> >  @comment $OpenBSD: PLIST-main,v 1.6 2017/08/02 09:32:40 giovanni Exp $
> > +@conflict dnscrypt-proxy->1.9.5p3
> >  @newgroup _dnscrypt-proxy:688
> >  @newuser _dnscrypt-proxy:688:_dnscrypt-proxy:daemon:dnscrypt-proxy
> user:/var/empty:/sbin/nologin
> >  @bin bin/hostip
>
> IMHO it's better to just update the original port rather than adding a
> new one, I don't think this is enough of a special case to maintain both
> in parallel
>
>
> we can go for it.
>
> > Index: net/dnscrypt-proxy2/Makefile
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/Makefile
> > diff -N net/dnscrypt-proxy2/Makefile
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/Makefile      13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,44 @@
> > +# $OpenBSD$
> > +
> > +COMMENT=             Flexible DNS proxy with support for encrypted
> protocols
>
> lowercase Flexible -> flexible
>
> > +PORTNAME=            dnscrypt-proxy
> > +PORTVERS=            2.0.0
> > +REVISION=            0
> > +DISTNAME=            ${PORTNAME}-${PORTVERS}
> > +CATEGORIES=          net security
> > +
> > +HOMEPAGE=            https://dnscrypt.info/
> > +MAINTAINER=          Vinicius Zavam <[hidden email]>
> > +
> > +GH_ACCOUNT=          jedisct1
> > +GH_PROJECT=          ${PORTNAME}
> > +GH_TAGNAME=          ${PORTVERS}
>
> please don't use indirection like this PORTNAME/PORTVERS stuff, the entire
> block above should be simply
>
> GH_ACCOUNT=             jedisct1
> GH_PROJECT=             dnscrypt-proxy
> GH_TAGNAME=             2.0.0
>
>
> a lot of people are using V= or R= for similar purposes, so I really don't
> see a thing here.
>
> CATEGORIES=             net security
>
> HOMEPAGE=               https://dnscrypt.info/
> MAINTAINER=             Vinicius Zavam <[hidden email]>
>
> > +
> > +# ISC
> > +PERMIT_PACKAGE_CDROM=        YES
> > +
> > +DOCS=                        README.md
>
> set but never used
>
> > +
> > +MODULES=             lang/go
> > +
> > +TARGET_BASE=         github.com/${GH_ACCOUNT}/${GH_PROJECT}
> <http://github.com/$%7BGH_ACCOUNT%7D/$%7BGH_PROJECT%7D>
> > +WRKSRC=                      ${MODGO_WORKSPACE}/src/${TARGET_BASE}
> > +ALL_TARGET=          ${TARGET_BASE}/${GH_PROJECT}
>
> I can't really comment on go ports stuff, it totally confuses me
>
> > +post-configure:
> > +     cd ${WRKSRC} && ln -sf vendor src && ln -sf ${WRKSRC}/${GH_PROJECT}
> src/${TARGET_BASE};
>
> GH_PROJECT indirection is hard to read, and you're already cd'd to ${WRKSRC}
> so the second ln doesn't need the ${WRKSRC}, so maybe "... && ln -sf
> dnscrypt-proxy src/${TARGET_BASE}" ?
>
>
> Go is... "special" :-)
>
> zap trailing ;
>
>
> it's present in many ports' Makefiles.
>
> > +do-install:
> > +     mkdir -p ${PREFIX}/sbin && \
> > +             ${INSTALL_PROGRAM} ${MODGO_WORKSPACE}/bin/* ${PREFIX}/sbin/;
>
> don't use mkdir, if you needed to create this directory
> ${INSTALL_PROGRAM_DIR}
> would be the one, but ${PREFIX}/sbin is already created for you.
>
>
> I refused to believe the same, but needed to make it this way. trust me.
>
> zap trailing ;
>
> > +
> > +post-install:
> > +     mkdir -p ${PREFIX}/etc ${PREFIX}/share/examples/${GH_PROJECT} && \
> > +     ${INSTALL_DATA} ${MODGO_WORKSPACE}/src/${TARGET_BASE}/${GH_PROJECT}/example*
> \
> > +             ${PREFIX}/share/examples/${GH_PROJECT}/ && \
> > +     ${INSTALL_DATA} ${MODGO_WORKSPACE}/src/${TARGE
> T_BASE}/${GH_PROJECT}/example-dnscrypt-proxy.toml \
> > +             ${PREFIX}/etc/dnscrypt-proxy.toml;
>
> nothing should be using ${PREFIX}/etc.
>
> mkdir -> ${INSTALL_DATA_DIR}
>
> GH_PROJECT indirection makes it hard to read, just write dnscrypt-proxy
>
>
> repeat the same thing? GH_PROJECT *must* be set, so... I made use of it.
>
> trailing ;
>
>
> dito.
>
> > +     sed -i -e 's,require_dnssec = false,require_dnssec = true,g'
> ${PREFIX}/etc/dnscrypt-proxy.toml;
> > +
>
> just use a normal patch on the input file rather than sed (though why
> change the default anyway?)
>
> ${PREFIX}/etc again
>
>
> suggestions? it is /usr/local,
>
> we could just make it practice to be used out of the box; or should one
> copy the config and edit it manually in order to use the service?
>
> trailing ;
>
>
> dito.
>
> > +.include <bsd.port.mk>
> > Index: net/dnscrypt-proxy2/distinfo
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/distinfo
> > diff -N net/dnscrypt-proxy2/distinfo
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/distinfo      13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,2 @@
> > +SHA256 (dnscrypt-proxy-2.0.0.tar.gz) = r8KAYTJpsfXpxYHCPWSIhCGJdPfn4a
> JcihMJGX1n41g=
> > +SIZE (dnscrypt-proxy-2.0.0.tar.gz) = 725490
> > Index: net/dnscrypt-proxy2/pkg/DESCR
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/pkg/DESCR
> > diff -N net/dnscrypt-proxy2/pkg/DESCR
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/pkg/DESCR     13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,7 @@
> > +DNSCrypt Proxy v2 provides a local service which can be used directly as
> your
> > +local resolver or as a DNS forwarder, encrypting requests using protocols
> > +such as DNSCrypt v2 and DNS-over-HTTP/2.
> > +
> > +It includes all the major features from DNSCrypt Proxy v1 (1.9.5), with
> improved
> > +reliability, flexibility, usability and performance. You can also
> combine it with
> > +TCP tunnels such as the ones used by Tor.
> > Index: net/dnscrypt-proxy2/pkg/PLIST
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/pkg/PLIST
> > diff -N net/dnscrypt-proxy2/pkg/PLIST
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/pkg/PLIST     13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,12 @@
> > +@comment $OpenBSD$
> > +etc/
> > +etc/dnscrypt-proxy.toml
> > +share/doc/pkg-readmes/${FULLPKGNAME}
> > +share/examples/dnscrypt-proxy/
> > +share/examples/dnscrypt-proxy/example-blacklist.txt
> > +share/examples/dnscrypt-proxy/example-cloaking-rules.txt
> > +share/examples/dnscrypt-proxy/example-dnscrypt-proxy.toml
> > +share/examples/dnscrypt-proxy/example-forwarding-rules.txt
> > +@conflict dnscrypt-proxy-<2.0.0p0
> > +@bin sbin/dnscrypt-proxy
> > +@rcscript ${RCDIR}/dnscrypt_proxy
> > Index: net/dnscrypt-proxy2/pkg/README
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/pkg/README
> > diff -N net/dnscrypt-proxy2/pkg/README
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/pkg/README    13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,26 @@
> > +$OpenBSD$
> > +
> > ++-----------------------------------------------------------------------
> > +| Running ${FULLPKGNAME} on OpenBSD
> > ++-----------------------------------------------------------------------
> > +
> > +dnscrypt-proxy2 listens for DNS queries on a local address and forwards
> > +them to a DNSCrypt resolver over an encrypted channel.
> > +
> > +To use this package, two things are required.
> > +
> > +Firstly, enable/start the service.
> > +
> > +  # rcctl enable dnscrypt_proxy
> > +  # rcctl start dnscrypt_proxy
> > +
> > +Secondly, set /etc/resolv.conf to perform queries from dnscrypt-proxy2:
> > +
> > +  nameserver 127.0.0.1
> > +  lookup file bind
> > +
> > +NOTE: If fetching your IP address dynamically, dhclient(8) will normally
> > +update resolv.conf with network-provided DNS servers. This can be avoided
> > +by using "ignore domain-name, domain-name-servers;" in
> /etc/dhclient.conf.
> > +
> > +For more information, see https://dnscrypt.info/
> > Index: net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> > diff -N net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc 13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,11 @@
> > +#!/bin/ksh
> > +#
> > +# $OpenBSD$
> > +
> > +daemon="${TRUEPREFIX}/sbin/dnscrypt-proxy -config
> ${TRUEPREFIX}/etc/dnscrypt-proxy.toml -logfile /var/log/dnscrypt-proxy.log"
> > +
> > +. /etc/rc.d/rc.subr
> > +
> > +rc_reload=NO
> > +
> > +rc_cmd $1
>
>
> if the net/dnscrypt-proxy's maintainer wants to take my patch and use it to
> override/update the current port, I'm fine with it too; no worries.
>
> thanks for all the feedback! very appreciated.
>
> happy to help,

Reply | Threaded
Open this post in threaded view
|

Re: [new] net/dnscrypt-proxy2: flexible dns proxy with support for encrypted protocols

Stuart Henderson
Here's a version that looks more like a normal port. But running as
root, really?


dnscrypt-proxy.tgz (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] net/dnscrypt-proxy2: flexible dns proxy with support for encrypted protocols

Vinícius Zavam
In reply to this post by Vinícius Zavam
2018-02-13 20:17 GMT+00:00 Vinícius Zavam <[hidden email]>:
>
>
>
> On Feb 13, 2018 16:19, "Stuart Henderson" <[hidden email]> wrote:
>
> On 2018/02/13 13:51, Vinícius Zavam wrote:
> >

formatted version of previously sent email follows // inline.

> > Index: net/dnscrypt-proxy/pkg/PLIST-main
> > ===================================================================
> > RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/PLIST-main,v
> > retrieving revision 1.6
> > diff -u -p -u -p -r1.6 PLIST-main
> > --- net/dnscrypt-proxy/pkg/PLIST-main 2 Aug 2017 09:32:40 -0000
1.6
> > +++ net/dnscrypt-proxy/pkg/PLIST-main 13 Feb 2018 13:39:38 -0000
> > @@ -1,4 +1,5 @@
> >  @comment $OpenBSD: PLIST-main,v 1.6 2017/08/02 09:32:40 giovanni Exp $
> > +@conflict dnscrypt-proxy->1.9.5p3
> >  @newgroup _dnscrypt-proxy:688
> >  @newuser _dnscrypt-proxy:688:_dnscrypt-proxy:daemon:dnscrypt-proxy
user:/var/empty:/sbin/nologin
> >  @bin bin/hostip
>
> IMHO it's better to just update the original port rather than adding a
> new one, I don't think this is enough of a special case to maintain both
> in parallel
>

we can go for it.

> > Index: net/dnscrypt-proxy2/Makefile
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/Makefile
> > diff -N net/dnscrypt-proxy2/Makefile
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/Makefile      13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,44 @@
> > +# $OpenBSD$
> > +
> > +COMMENT=             Flexible DNS proxy with support for encrypted
protocols

>
> lowercase Flexible -> flexible
>
> > +PORTNAME=            dnscrypt-proxy
> > +PORTVERS=            2.0.0
> > +REVISION=            0
> > +DISTNAME=            ${PORTNAME}-${PORTVERS}
> > +CATEGORIES=          net security
> > +
> > +HOMEPAGE=            https://dnscrypt.info/
> > +MAINTAINER=          Vinicius Zavam <[hidden email]>
> > +
> > +GH_ACCOUNT=          jedisct1
> > +GH_PROJECT=          ${PORTNAME}
> > +GH_TAGNAME=          ${PORTVERS}
>
> please don't use indirection like this PORTNAME/PORTVERS stuff, the entire
> block above should be simply
>
> GH_ACCOUNT=             jedisct1
> GH_PROJECT=             dnscrypt-proxy
> GH_TAGNAME=             2.0.0
>

a lot of people are using V= or R= for similar purposes, so I really don't
see a thing here.

> CATEGORIES=             net security
>
> HOMEPAGE=               https://dnscrypt.info/
> MAINTAINER=             Vinicius Zavam <[hidden email]>
>
> > +
> > +# ISC
> > +PERMIT_PACKAGE_CDROM=        YES
> > +
> > +DOCS=                        README.md
>
> set but never used
>
> > +
> > +MODULES=             lang/go
> > +
> > +TARGET_BASE=         github.com/${GH_ACCOUNT}/${GH_PROJECT}
> > +WRKSRC=                      ${MODGO_WORKSPACE}/src/${TARGET_BASE}
> > +ALL_TARGET=          ${TARGET_BASE}/${GH_PROJECT}
>
> I can't really comment on go ports stuff, it totally confuses me
>
> > +post-configure:
> > +     cd ${WRKSRC} && ln -sf vendor src && ln -sf
${WRKSRC}/${GH_PROJECT} src/${TARGET_BASE};
>
> GH_PROJECT indirection is hard to read, and you're already cd'd to
${WRKSRC}
> so the second ln doesn't need the ${WRKSRC}, so maybe "... && ln -sf
> dnscrypt-proxy src/${TARGET_BASE}" ?
>

Go is... "special" :-( [edit]

> zap trailing ;
>

it's present in many ports' Makefiles.

> > +do-install:
> > +     mkdir -p ${PREFIX}/sbin && \
> > +             ${INSTALL_PROGRAM} ${MODGO_WORKSPACE}/bin/*
${PREFIX}/sbin/;
>
> don't use mkdir, if you needed to create this directory
${INSTALL_PROGRAM_DIR}
> would be the one, but ${PREFIX}/sbin is already created for you.
>

I refused to believe the same, but needed to make it this way. trust me.

> zap trailing ;

dito.

> > +
> > +post-install:
> > +     mkdir -p ${PREFIX}/etc ${PREFIX}/share/examples/${GH_PROJECT} && \
> > +     ${INSTALL_DATA}
${MODGO_WORKSPACE}/src/${TARGET_BASE}/${GH_PROJECT}/example* \
> > +             ${PREFIX}/share/examples/${GH_PROJECT}/ && \
> > +     ${INSTALL_DATA}
${MODGO_WORKSPACE}/src/${TARGET_BASE}/${GH_PROJECT}/example-dnscrypt-proxy.toml
\
> > +             ${PREFIX}/etc/dnscrypt-proxy.toml;
>
> nothing should be using ${PREFIX}/etc.
>
> mkdir -> ${INSTALL_DATA_DIR}
>
> GH_PROJECT indirection makes it hard to read, just write dnscrypt-proxy
>

repeat the same thing/string every time? GH_PROJECT *must* be set, so... I
made use of it. [edit]

> trailing ;

dito.

> > +     sed -i -e 's,require_dnssec = false,require_dnssec = true,g'
${PREFIX}/etc/dnscrypt-proxy.toml;
> > +
>
> just use a normal patch on the input file rather than sed (though why
> change the default anyway?)
>
> ${PREFIX}/etc again
>

suggestions? it is /usr/local,
we could just make it practice to be used out of the box; or should one
copy the config and edit it manually in order to use the service?

> trailing ;

dito.

> > +.include <bsd.port.mk>
> > Index: net/dnscrypt-proxy2/distinfo
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/distinfo
> > diff -N net/dnscrypt-proxy2/distinfo
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/distinfo      13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,2 @@
> > +SHA256 (dnscrypt-proxy-2.0.0.tar.gz) =
r8KAYTJpsfXpxYHCPWSIhCGJdPfn4aJcihMJGX1n41g=
> > +SIZE (dnscrypt-proxy-2.0.0.tar.gz) = 725490
> > Index: net/dnscrypt-proxy2/pkg/DESCR
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/pkg/DESCR
> > diff -N net/dnscrypt-proxy2/pkg/DESCR
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/pkg/DESCR     13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,7 @@
> > +DNSCrypt Proxy v2 provides a local service which can be used directly
as your
> > +local resolver or as a DNS forwarder, encrypting requests using
protocols
> > +such as DNSCrypt v2 and DNS-over-HTTP/2.
> > +
> > +It includes all the major features from DNSCrypt Proxy v1 (1.9.5),
with improved
> > +reliability, flexibility, usability and performance. You can also
combine it with

> > +TCP tunnels such as the ones used by Tor.
> > Index: net/dnscrypt-proxy2/pkg/PLIST
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/pkg/PLIST
> > diff -N net/dnscrypt-proxy2/pkg/PLIST
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/pkg/PLIST     13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,12 @@
> > +@comment $OpenBSD$
> > +etc/
> > +etc/dnscrypt-proxy.toml
> > +share/doc/pkg-readmes/${FULLPKGNAME}
> > +share/examples/dnscrypt-proxy/
> > +share/examples/dnscrypt-proxy/example-blacklist.txt
> > +share/examples/dnscrypt-proxy/example-cloaking-rules.txt
> > +share/examples/dnscrypt-proxy/example-dnscrypt-proxy.toml
> > +share/examples/dnscrypt-proxy/example-forwarding-rules.txt
> > +@conflict dnscrypt-proxy-<2.0.0p0
> > +@bin sbin/dnscrypt-proxy
> > +@rcscript ${RCDIR}/dnscrypt_proxy
> > Index: net/dnscrypt-proxy2/pkg/README
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/pkg/README
> > diff -N net/dnscrypt-proxy2/pkg/README
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/pkg/README    13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,26 @@
> > +$OpenBSD$
> > +
> >
++-----------------------------------------------------------------------
> > +| Running ${FULLPKGNAME} on OpenBSD
> >
++-----------------------------------------------------------------------

> > +
> > +dnscrypt-proxy2 listens for DNS queries on a local address and forwards
> > +them to a DNSCrypt resolver over an encrypted channel.
> > +
> > +To use this package, two things are required.
> > +
> > +Firstly, enable/start the service.
> > +
> > +  # rcctl enable dnscrypt_proxy
> > +  # rcctl start dnscrypt_proxy
> > +
> > +Secondly, set /etc/resolv.conf to perform queries from dnscrypt-proxy2:
> > +
> > +  nameserver 127.0.0.1
> > +  lookup file bind
> > +
> > +NOTE: If fetching your IP address dynamically, dhclient(8) will
normally
> > +update resolv.conf with network-provided DNS servers. This can be
avoided
> > +by using "ignore domain-name, domain-name-servers;" in
/etc/dhclient.conf.

> > +
> > +For more information, see https://dnscrypt.info/
> > Index: net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> > ===================================================================
> > RCS file: net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> > diff -N net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ net/dnscrypt-proxy2/pkg/dnscrypt_proxy.rc 13 Feb 2018 13:39:38 -0000
> > @@ -0,0 +1,11 @@
> > +#!/bin/ksh
> > +#
> > +# $OpenBSD$
> > +
> > +daemon="${TRUEPREFIX}/sbin/dnscrypt-proxy -config
${TRUEPREFIX}/etc/dnscrypt-proxy.toml -logfile /var/log/dnscrypt-proxy.log"
> > +
> > +. /etc/rc.d/rc.subr
> > +
> > +rc_reload=NO
> > +
> > +rc_cmd $1
>

if the net/dnscrypt-proxy's maintainer wants to take my patch and use it to
override/update the current port, I'm fine with it too; no worries.
thanks for all the feedback! very appreciated.

>
>

the thing is running as root; I know.

so, here I would like to ask you: does OpenBSD handles Go daemons in a
peculiar way, like FreeBSD? [1]
there's also a port for FreeBSD, if you want to check it. [2]

in order to use low ports, using `daemon -u USER` did not do the trick, and
even the method using `su`

[1]
https://www.reddit.com/r/freebsd/comments/7nmrha/supervised_freebsd_rcd_script_for_a_go_daemon/
[2] https://bz-attachments.freebsd.org/attachment.cgi?id=190506



happy to help,
--
Vinícius Zavam
keybase.io/egypcio/key.asc
Reply | Threaded
Open this post in threaded view
|

Re: [new] net/dnscrypt-proxy2: flexible dns proxy with support for encrypted protocols

Vinícius Zavam
In reply to this post by Stuart Henderson
2018-02-13 22:35 GMT+00:00 Stuart Henderson <[hidden email]>:
>
> Here's a version that looks more like a normal port. But running as
> root, really?
>

thanks for the hints and for working on it. very appreciated!
so, I did know that the rc script's daemon runs as root; yours too. right?
I will have a better look *later*... but if you are okay with it, take it.

again, thank you for the feedback!

kr,
--
Vinícius Zavam
keybase.io/egypcio/key.asc
Reply | Threaded
Open this post in threaded view
|

Re: [new] net/dnscrypt-proxy2: flexible dns proxy with support for encrypted protocols

Stuart Henderson
In reply to this post by Vinícius Zavam
On 2018/02/14 09:02, Vinícius Zavam wrote:

>
>
> 2018-02-13 20:17 GMT+00:00 Vinícius Zavam <[hidden email]>:
> >
> >
> >
> > On Feb 13, 2018 16:19, "Stuart Henderson" <[hidden email]>
> wrote:
> >
> > On 2018/02/13 13:51, Vinícius Zavam wrote:
> > >
>
> formatted version of previously sent email follows // inline.

thanks.

> > > Index: net/dnscrypt-proxy/pkg/PLIST-main
> > > ===================================================================
> > > RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/PLIST-main,v
> > > retrieving revision 1.6
> > > diff -u -p -u -p -r1.6 PLIST-main
> > > --- net/dnscrypt-proxy/pkg/PLIST-main 2 Aug 2017 09:32:40 -0000    
>   1.6
> > > +++ net/dnscrypt-proxy/pkg/PLIST-main 13 Feb 2018 13:39:38 -0000
> > > @@ -1,4 +1,5 @@
> > >  @comment $OpenBSD: PLIST-main,v 1.6 2017/08/02 09:32:40 giovanni
> Exp $
> > > +@conflict dnscrypt-proxy->1.9.5p3
> > >  @newgroup _dnscrypt-proxy:688
> > >  @newuser _dnscrypt-proxy:688:_dnscrypt-proxy:daemon:dnscrypt-proxy
> user:/var/empty:/sbin/nologin
> > >  @bin bin/hostip
> >
> > IMHO it's better to just update the original port rather than adding
> a
> > new one, I don't think this is enough of a special case to maintain
> both
> > in parallel
> >
>
> we can go for it.
>
> > > Index: net/dnscrypt-proxy2/Makefile
> > > ===================================================================
> > > RCS file: net/dnscrypt-proxy2/Makefile
> > > diff -N net/dnscrypt-proxy2/Makefile
> > > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > > +++ net/dnscrypt-proxy2/Makefile      13 Feb 2018 13:39:38 -0000
> > > @@ -0,0 +1,44 @@
> > > +# $OpenBSD$
> > > +
> > > +COMMENT=             Flexible DNS proxy with support for encrypted
> protocols
> >
> > lowercase Flexible -> flexible
> >
> > > +PORTNAME=            dnscrypt-proxy
> > > +PORTVERS=            2.0.0
> > > +REVISION=            0
> > > +DISTNAME=            ${PORTNAME}-${PORTVERS}
> > > +CATEGORIES=          net security
> > > +
> > > +HOMEPAGE=            https://dnscrypt.info/
> > > +MAINTAINER=          Vinicius Zavam <[hidden email]>
> > > +
> > > +GH_ACCOUNT=          jedisct1
> > > +GH_PROJECT=          ${PORTNAME}
> > > +GH_TAGNAME=          ${PORTVERS}
> >
> > please don't use indirection like this PORTNAME/PORTVERS stuff, the
> entire
> > block above should be simply
> >
> > GH_ACCOUNT=             jedisct1
> > GH_PROJECT=             dnscrypt-proxy
> > GH_TAGNAME=             2.0.0
> >
>
> a lot of people are using V= or R= for similar purposes, so I really
> don't see a thing here.

when the same thing is repeated several times *and* it changes between
versions, then it can be useful to use another variable.

there's no need for it here.

> > CATEGORIES=             net security
> >
> > HOMEPAGE=               https://dnscrypt.info/
> > MAINTAINER=             Vinicius Zavam <[hidden email]>
> >
> > > +
> > > +# ISC
> > > +PERMIT_PACKAGE_CDROM=        YES
> > > +
> > > +DOCS=                        README.md
> >
> > set but never used
> >
> > > +
> > > +MODULES=             lang/go
> > > +
> > > +TARGET_BASE=         github.com/${GH_ACCOUNT}/${GH_PROJECT}
> > > +WRKSRC=                      ${MODGO_WORKSPACE}/src/${TARGET_BASE}
> > > +ALL_TARGET=          ${TARGET_BASE}/${GH_PROJECT}
> >
> > I can't really comment on go ports stuff, it totally confuses me
> >
> > > +post-configure:
> > > +     cd ${WRKSRC} && ln -sf vendor src && ln -sf ${WRKSRC}/$
> {GH_PROJECT} src/${TARGET_BASE};
> >
> > GH_PROJECT indirection is hard to read, and you're already cd'd to $
> {WRKSRC}
> > so the second ln doesn't need the ${WRKSRC}, so maybe "... && ln -sf
> > dnscrypt-proxy src/${TARGET_BASE}" ?
> >
>
> Go is... "special" :-( [edit]
>
> > zap trailing ;
> >
>
> it's present in many ports' Makefiles.

it isn't, i saw it used in simh and one other port, both by mistake i think.

it *is* used in some .mk files, but only in variables which are used for
including as part of a make target.

> > > +do-install:
> > > +     mkdir -p ${PREFIX}/sbin && \
> > > +             ${INSTALL_PROGRAM} ${MODGO_WORKSPACE}/bin/* ${PREFIX}
> /sbin/;
> >
> > don't use mkdir, if you needed to create this directory $
> {INSTALL_PROGRAM_DIR}
> > would be the one, but ${PREFIX}/sbin is already created for you.
> >
>
> I refused to believe the same, but needed to make it this way. trust
> me.

it is not needed.

> > zap trailing ;
>
> dito.
>
> > > +
> > > +post-install:
> > > +     mkdir -p ${PREFIX}/etc ${PREFIX}/share/examples/${GH_PROJECT}
> && \
> > > +     ${INSTALL_DATA} ${MODGO_WORKSPACE}/src/${TARGET_BASE}/$
> {GH_PROJECT}/example* \
> > > +             ${PREFIX}/share/examples/${GH_PROJECT}/ && \
> > > +     ${INSTALL_DATA} ${MODGO_WORKSPACE}/src/${TARGET_BASE}/$
> {GH_PROJECT}/example-dnscrypt-proxy.toml \
> > > +             ${PREFIX}/etc/dnscrypt-proxy.toml;
> >
> > nothing should be using ${PREFIX}/etc.
> >
> > mkdir -> ${INSTALL_DATA_DIR}
> >
> > GH_PROJECT indirection makes it hard to read, just write
> dnscrypt-proxy
> >
>
> repeat the same thing/string every time? GH_PROJECT *must* be set,
> so... I made use of it. [edit]

you're repeating ${GH_PROJECT} every time, and that's harder to type
and read than dnscrypt-proxy. keep it simple :)

> > trailing ;
>
> dito.
>
> > > +     sed -i -e 's,require_dnssec = false,require_dnssec = true,g'
> ${PREFIX}/etc/dnscrypt-proxy.toml;
> > > +
> >
> > just use a normal patch on the input file rather than sed (though why
> > change the default anyway?)
> >
> > ${PREFIX}/etc again
> >
>
> suggestions? it is /usr/local,

OpenBSD doesn't use /usr/local/etc.

> we could just make it practice to be used out of the box; or should one
> copy the config and edit it manually in order to use the service?

@sample is the standard mechanism for this that doesn't break upgrades.

> the thing is running as root; I know.
>
> so, here I would like to ask you: does OpenBSD handles Go daemons in a
> peculiar way, like FreeBSD? [1]
> there's also a port for FreeBSD, if you want to check it. [2]

can't answer this, i haven't had a reason to use FreeBSD for years so
don't know about how their startup system currently works.

> in order to use low ports, using `daemon -u USER` did not do the trick,
> and even the method using `su`

daemons binding to a low port need to start as root, then they normally
setuid to a low privileged user after binding. that's down to the program,
not the startup script.

anyway my updated version is a more solid base, but don't think we
should do anything with it until it supports privdrop.