dnsproxy: add three new features

author Emily H. <battery_tag708@simplelogin.com>

Tue, 30 Apr 2024 11:03:38 +0000 (11:03 +0000)

committer Tianling Shen <cnsztl@gmail.com>

Tue, 30 Apr 2024 13:17:12 +0000 (21:17 +0800)
author Emily H. <battery_tag708@simplelogin.com>
Tue, 30 Apr 2024 11:03:38 +0000 (11:03 +0000)
committer Tianling Shen <cnsztl@gmail.com>
Tue, 30 Apr 2024 13:17:12 +0000 (21:17 +0800)
diff --git a/net/dnsproxy/Makefile b/net/dnsproxy/Makefile

index cf5b46fcde23868c2fd55953058a1f5289420010..9149b3bc4af79a274aeeff0e0ca7b50c59923b61 100644 (file)
--- a/net/dnsproxy/Makefile
+++ b/net/dnsproxy/Makefile
@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
  
  PKG_NAME:=dnsproxy
  PKG_VERSION:=0.70.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
  
  PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
  PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)?
@@ -45,6 +45,8 @@ endef
  define Package/dnsproxy/install
         $(call GoPackage/Package/Install/Bin,$(1))
  
+       $(INSTALL_DIR) $(1)/etc/capabilities/
+       $(INSTALL_DATA) $(CURDIR)/files/dnsproxy.json $(1)/etc/capabilities/dnsproxy.json
         $(INSTALL_DIR) $(1)/etc/config/
         $(INSTALL_CONF) $(CURDIR)/files/dnsproxy.config $(1)/etc/config/dnsproxy
         $(INSTALL_DIR) $(1)/etc/init.d/
diff --git a/net/dnsproxy/files/dnsproxy.config b/net/dnsproxy/files/dnsproxy.config

index 90feb94d468b5904bd8949523828cf666d1c9ed3..ac704a7bb43d581f8b01accabfc12c997b609dfc 100644 (file)
--- a/net/dnsproxy/files/dnsproxy.config
+++ b/net/dnsproxy/files/dnsproxy.config
@@ -37,8 +37,19 @@ config dnsproxy 'edns'
         option enabled '0'
         option edns_addr ''
  
+config dnsproxy 'private_rdns'
+       option enabled '0'
+       list upstream '127.0.0.1:53'
+
  config dnsproxy 'servers'
         list bootstrap 'tls://8.8.8.8'
         list fallback 'tls://9.9.9.9'
         list upstream 'tls://1.1.1.1'
  
+config dnsproxy 'tls'
+       option enabled '0'
+       option tls_crt ''
+       option tls_key ''
+       option https_port '8443'
+       option tls_port '853'
+       option quic_port '853'
diff --git a/net/dnsproxy/files/dnsproxy.init b/net/dnsproxy/files/dnsproxy.init

index fc04ac9a6828ca29e50944d6a14a6bfcdeb59b64..ab1382d3f1f07e7e702fa6f4e9aaf86d9159c8c1 100644 (file)
--- a/net/dnsproxy/files/dnsproxy.init
+++ b/net/dnsproxy/files/dnsproxy.init
@@ -66,6 +66,11 @@ load_config_list() {
  
         is_empty "bogus_nxdomain" "ip_addr" || config_list_foreach "bogus_nxdomain" "ip_addr" "append_param '--bogus-nxdomain'"
  
+       is_enabled "private_rdns" "enabled" && {
+               append_param "--use-private-rdns"
+               config_list_foreach "private_rdns" "upstream" "append_param '--private-rdns-upstream'"
+       }
+
         for i in "bootstrap" "fallback" "upstream"; do
                 is_empty "servers" "$i" || config_list_foreach "servers" "$i" "append_param '--$i'"
         done
@@ -95,6 +100,14 @@ load_config_param() {
                 append_param "--edns"
                 append_param_arg "edns" "edns_addr" "--edns-addr"
         }
+
+       is_enabled "tls" "enabled" && {
+               append_param_arg "tls" "tls_crt" "--tls-crt"
+               append_param_arg "tls" "tls_key" "--tls-key"
+               append_param_arg "tls" "https_port" "--https-port"
+               append_param_arg "tls" "tls_port" "--tls-port"
+               append_param_arg "tls" "quic_port" "--quic-port"
+       }
  }
  
  start_service() {
@@ -102,6 +115,11 @@ start_service() {
  
         is_enabled "global" "enabled" || return 1
  
+       local log_file tls_crt tls_key
+       config_get log_file global log_file
+       config_get tls_crt tls tls_crt
+       config_get tls_key tls tls_key
+
         procd_open_instance "$CONF"
         procd_set_param command "$PROG"
  
@@ -114,6 +132,13 @@ start_service() {
         procd_set_param stderr 1
         procd_set_param user dnsproxy
  
+       procd_add_jail dnsproxy ronly log
+       procd_set_param capabilities "/etc/capabilities/dnsproxy.json"
+       procd_add_jail_mount "/etc/ssl/certs/ca-certificates.crt"
+       [ -z "$log_file" ] || procd_add_jail_mount_rw "$log_file"
+       [ -z "$tls_crt" ] || procd_add_jail_mount "$tls_crt"
+       [ -z "$tls_key" ] || procd_add_jail_mount "$tls_key"
+
         procd_close_instance
  }
  
diff --git a/net/dnsproxy/files/dnsproxy.json b/net/dnsproxy/files/dnsproxy.json

new file mode 100644 (file)

index 0000000..82eb37a
--- /dev/null
+++ b/net/dnsproxy/files/dnsproxy.json
@@ -0,0 +1,17 @@
+{
+       "bounding": [
+               "CAP_NET_BIND_SERVICE"
+       ],
+       "effective": [
+               "CAP_NET_BIND_SERVICE"
+       ],
+       "ambient": [
+               "CAP_NET_BIND_SERVICE"
+       ],
+       "permitted": [
+               "CAP_NET_BIND_SERVICE"
+       ],
+       "inheritable": [
+               "CAP_NET_BIND_SERVICE"
+       ]
+}
author	Emily H. <battery_tag708@simplelogin.com>
	Tue, 30 Apr 2024 11:03:38 +0000 (11:03 +0000)
committer	Tianling Shen <cnsztl@gmail.com>
	Tue, 30 Apr 2024 13:17:12 +0000 (21:17 +0800)
net/dnsproxy/Makefile		patch \| blob \| history
net/dnsproxy/files/dnsproxy.config		patch \| blob \| history
net/dnsproxy/files/dnsproxy.init		patch \| blob \| history
net/dnsproxy/files/dnsproxy.json	[new file with mode: 0644]	patch \| blob