From bf6253d458e88b553cc383cb6b1ea7147fa514ac Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Mon, 28 Sep 2020 20:10:58 +0000 Subject: [PATCH] https-dns-proxy: update binary to 2020-08-21 Signed-off-by: Stan Grishin --- net/https-dns-proxy/Makefile | 16 ++-- net/https-dns-proxy/files/README.md | 95 +------------------ .../files/https-dns-proxy.init | 19 ++-- net/https-dns-proxy/test.sh | 3 + 4 files changed, 27 insertions(+), 106 deletions(-) create mode 100644 net/https-dns-proxy/test.sh diff --git a/net/https-dns-proxy/Makefile b/net/https-dns-proxy/Makefile index bb820b7898..d7e34ec06d 100644 --- a/net/https-dns-proxy/Makefile +++ b/net/https-dns-proxy/Makefile @@ -1,14 +1,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=https-dns-proxy -PKG_VERSION:=2020-04-09 -PKG_RELEASE=3 +PKG_VERSION:=2020-08-21 +PKG_RELEASE=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy -PKG_SOURCE_DATE:=2020-04-09 -PKG_SOURCE_VERSION:=40647ce94c62a47e9d53efae8018fb3142e277b9 -PKG_MIRROR_HASH:=4a8052b8bd482a17b769bcd4ee2620368f8c91955c5e976088be8d2ab002dde6 +PKG_SOURCE_DATE:=2020-08-21 +PKG_SOURCE_VERSION:=dd22b71250d33d0c8c39bb01a595e016db819c56 +PKG_MIRROR_HASH:=1c93a9f0833e120880d3b311e43db568d219e047e100a03ed6c7a3c00544d36c PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE @@ -27,8 +27,9 @@ define Package/https-dns-proxy endef define Package/https-dns-proxy/description -https_dns_proxy is a light-weight DNS<-->HTTPS, non-caching translation proxy for the RFC 8484 DNS-over-HTTPS standard. It receives regular (UDP) DNS requests and issues them via DoH. -Please see https://github.com/openwrt/packages/blob/master/net/https-dns-proxy/files/README.md for further information. +https-dns-proxy is a light-weight DNS<-->HTTPS, non-caching translation proxy for the RFC 8484 DoH standard. +It receives regular (UDP) DNS requests and issues them via DoH. +Please see https://docs.openwrt.melmac.net/https-dns-proxy/ for further information. endef define Package/https-dns-proxy/conffiles @@ -39,6 +40,7 @@ define Package/https-dns-proxy/install $(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d ${1}/etc/config $(INSTALL_BIN) $(PKG_BUILD_DIR)/https_dns_proxy $(1)/usr/sbin/https-dns-proxy $(INSTALL_BIN) ./files/https-dns-proxy.init $(1)/etc/init.d/https-dns-proxy + sed -i "s|^\(PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/https-dns-proxy $(INSTALL_CONF) ./files/https-dns-proxy.config $(1)/etc/config/https-dns-proxy endef diff --git a/net/https-dns-proxy/files/README.md b/net/https-dns-proxy/files/README.md index f2435490d4..7ebf479e6f 100644 --- a/net/https-dns-proxy/files/README.md +++ b/net/https-dns-proxy/files/README.md @@ -1,94 +1,3 @@ -# DNS Over HTTPS Proxy (https-dns-proxy) +# README -A lean RFC8484-compatible (no JSON API support) DNS-over-HTTPS (DoH) proxy service which supports DoH servers ran by AdGuard, CleanBrowsing, Cloudflare, Google, ODVR (nic.cz) and Quad9. Based on [@aarond10](https://github.com/aarond10)'s [https-dns-proxy](https://github.com/aarond10/https_dns_proxy). - -## Features - -- [RFC8484](https://tools.ietf.org/html/rfc8484)-compatible DoH Proxy. -- Compact size. -- Web UI (```luci-app-https-dns-proxy```) available. -- (By default) automatically updates DNSMASQ settings to use DoH proxy when it's started and reverts to old DNSMASQ resolvers when DoH proxy is stopped. - -## Screenshots (luci-app-https-dns-proxy) - -![screenshot](https://cdn.jsdelivr.net/gh/stangri/openwrt_packages@master/screenshots/https-dns-proxy/screenshot01.png "https-dns-proxy screenshot") - -## Requirements - -This proxy requires the following packages to be installed on your router: ```libc```, ```libcares```, ```libcurl```, ```libev```, ```ca-bundle```. They will be automatically installed when you're installing ```https-dns-proxy```. - -## Unmet Dependencies - -If you are running a development (trunk/snapshot) build of OpenWrt/LEDE Project on your router and your build is outdated (meaning that packages of the same revision/commit hash are no longer available and when you try to satisfy the [requirements](#requirements) you get errors), please flash either current LEDE release image or current development/snapshot image. - -## How To Install - -Install ```https-dns-proxy``` and ```luci-app-https-dns-proxy``` packages from Web UI or run the following in the command line: - -```sh -opkg update; opkg install https-dns-proxy luci-app-https-dns-proxy; -``` - -## Default Settings - -Default configuration has service enabled and starts the service with Google and Cloudflare DoH servers. In most configurations, you will keep the default ```DNSMASQ``` service installed to handle requests from devices in your local network and point ```DNSMASQ``` to use ```https-dns-proxy``` for name resolution. - -By default, the service will intelligently override existing ```DNSMASQ``` servers settings on start to use the DoH servers and restores original ```DNSMASQ``` servers on stop. See the [Configuration Settings](#configuration-settings) section below for more information and how to disable this behavior. - -## Configuration Settings - -Configuration contains the (named) "main" config section where you can configure which ```DNSMASQ``` settings the service will automatically affect and the typed (unnamed) https-dns-proxy instance settings. The original config file is included below: - -```text -config main 'config' - option update_dnsmasq_config '*' - -config https-dns-proxy - option bootstrap_dns '8.8.8.8,8.8.4.4' - option resolver_url 'https://dns.google/dns-query' - option listen_addr '127.0.0.1' - option listen_port '5053' - option user 'nobody' - option group 'nogroup' - -config https-dns-proxy - option bootstrap_dns '1.1.1.1,1.0.0.1' - option resolver_url 'https://cloudflare-dns.com/dns-query' - option listen_addr '127.0.0.1' - option listen_port '5054' - option user 'nobody' - option group 'nogroup' -``` - -The ```update_dnsmasq_config``` option can be set to dash (set to ```'-'``` to not change ```DNSMASQ``` server settings on start/stop), can be set to ```'*'``` to affect all ```DNSMASQ``` instance server settings or have a space-separated list of ```DNSMASQ``` instances to affect (like ```'0 4 5'```). If this option is omitted, the default setting is ```'*'```. - -Starting with ```https-dns-proxy``` version ```2019-12-03-3``` and higher, when the service is set to update the DNSMASQ servers setting on start/stop, it does not override entries which contain either ```#``` or ```/```, so the entries like listed below will be kept in use: - -```test - list server '/onion/127.0.0.1#65453' - list server '/openwrt.org/8.8.8.8' - list server '/pool.ntp.org/8.8.8.8' - list server '127.0.0.1#15353' - list server '127.0.0.1#55353' - list server '127.0.0.1#65353' -``` - -The https-dns-proxy instance settings are: - -|Parameter|Type|Default|Description| -| --- | --- | --- | --- | -|bootstrap_dns|IP Address||The non-encrypted DNS servers to be used to resolve the DoH server name on start.| -|listen_addr|IP Address|127.0.0.1|The local IP address to listen to requests.| -|listen_port|port|5053 and up|If this setting is omitted, the service will start the first https-dns-proxy instance on port 5053, second on 5054 and so on.| -|logfile|Full filepath||Full filepath to the file to log the instance events to.| -|resolver_url|URL||The https URL to the RFC8484-compatible resolver.| -|proxy_server|URL||Local proxy server to use when accessing resolvers.| -|user|String|nobody|Local user to run instance under.| -|group|String|nogroup|Local group to run instance under.| -|use_http1|Boolean|0|If set to 1, use HTTP/1 on installations with broken/outdated ```curl``` package. Included for posterity reasons, you will most likely not ever need it on OpenWrt.| -|verbosity|Integer|0|logging verbosity level. fatal = 0, error = 1, warning = 2, info = 3, debug = 4| -|use_ipv6_resolvers_only|Boolean|0|If set to 1, Forces IPv6 DNS resolvers instead of IPv4| - -## Thanks - -This OpenWrt package wouldn't have been possible without [@aarond10](https://github.com/aarond10)'s [https-dns-proxy](https://github.com/aarond10/https_dns_proxy) and his active participation in the OpenWrt package itself. Special thanks to [@jow-](https://github.com/jow-) for general package/luci guidance. +README has been moved to [https://docs.openwrt.melmac.net/https-dns-proxy/](https://docs.openwrt.melmac.net/https-dns-proxy/). diff --git a/net/https-dns-proxy/files/https-dns-proxy.init b/net/https-dns-proxy/files/https-dns-proxy.init index 1614d9096e..cb561372e7 100755 --- a/net/https-dns-proxy/files/https-dns-proxy.init +++ b/net/https-dns-proxy/files/https-dns-proxy.init @@ -1,9 +1,16 @@ #!/bin/sh /etc/rc.common -# Copyright 2019 Stan Grishin (stangri@melmac.net) +# Copyright 2019-2020 Stan Grishin (stangri@melmac.net) # shellcheck disable=SC2039 +PKG_VERSION='dev-test' -export START=80 -export USE_PROCD=1 +# shellcheck disable=SC2034 +START=80 +# shellcheck disable=SC2034 +USE_PROCD=1 + +# shellcheck disable=SC2034 +EXTRA_COMMANDS='version' +version() { echo "$PKG_VERSION"; } dnsmasqConfig='' @@ -46,15 +53,15 @@ start_instance() { append_parm "$cfg" 'logfile' '-l' append_bool "$cfg" 'use_http1' '-x' config_get_bool ipv6_resolvers_only "$cfg" 'use_ipv6_resolvers_only' '0' - config_get verbosity "$cfg" 'verbosity' "0" + config_get verbosity "$cfg" 'verbosity' '0' # shellcheck disable=SC2086,SC2154 for i in $(seq 1 $verbosity); do - xappend "-v" + xappend '-v' done # shellcheck disable=SC2154 if [ "$ipv6_resolvers_only" = 0 ]; then - xappend "-4" + xappend '-4' fi procd_open_instance diff --git a/net/https-dns-proxy/test.sh b/net/https-dns-proxy/test.sh new file mode 100644 index 0000000000..45469ed96e --- /dev/null +++ b/net/https-dns-proxy/test.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +/etc/init.d/"$1" version 2>&1 | grep "$2"