PKG_NAME:=dnsproxy
PKG_VERSION:=0.70.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)?
define Package/dnsproxy/install
$(call GoPackage/Package/Install/Bin,$(1))
+ $(INSTALL_DIR) $(1)/etc/capabilities/
+ $(INSTALL_DATA) $(CURDIR)/files/dnsproxy.json $(1)/etc/capabilities/dnsproxy.json
$(INSTALL_DIR) $(1)/etc/config/
$(INSTALL_CONF) $(CURDIR)/files/dnsproxy.config $(1)/etc/config/dnsproxy
$(INSTALL_DIR) $(1)/etc/init.d/
option enabled '0'
option edns_addr ''
+config dnsproxy 'private_rdns'
+ option enabled '0'
+ list upstream '127.0.0.1:53'
+
config dnsproxy 'servers'
list bootstrap 'tls://8.8.8.8'
list fallback 'tls://9.9.9.9'
list upstream 'tls://1.1.1.1'
+config dnsproxy 'tls'
+ option enabled '0'
+ option tls_crt ''
+ option tls_key ''
+ option https_port '8443'
+ option tls_port '853'
+ option quic_port '853'
is_empty "bogus_nxdomain" "ip_addr" || config_list_foreach "bogus_nxdomain" "ip_addr" "append_param '--bogus-nxdomain'"
+ is_enabled "private_rdns" "enabled" && {
+ append_param "--use-private-rdns"
+ config_list_foreach "private_rdns" "upstream" "append_param '--private-rdns-upstream'"
+ }
+
for i in "bootstrap" "fallback" "upstream"; do
is_empty "servers" "$i" || config_list_foreach "servers" "$i" "append_param '--$i'"
done
append_param "--edns"
append_param_arg "edns" "edns_addr" "--edns-addr"
}
+
+ is_enabled "tls" "enabled" && {
+ append_param_arg "tls" "tls_crt" "--tls-crt"
+ append_param_arg "tls" "tls_key" "--tls-key"
+ append_param_arg "tls" "https_port" "--https-port"
+ append_param_arg "tls" "tls_port" "--tls-port"
+ append_param_arg "tls" "quic_port" "--quic-port"
+ }
}
start_service() {
is_enabled "global" "enabled" || return 1
+ local log_file tls_crt tls_key
+ config_get log_file global log_file
+ config_get tls_crt tls tls_crt
+ config_get tls_key tls tls_key
+
procd_open_instance "$CONF"
procd_set_param command "$PROG"
procd_set_param stderr 1
procd_set_param user dnsproxy
+ procd_add_jail dnsproxy ronly log
+ procd_set_param capabilities "/etc/capabilities/dnsproxy.json"
+ procd_add_jail_mount "/etc/ssl/certs/ca-certificates.crt"
+ [ -z "$log_file" ] || procd_add_jail_mount_rw "$log_file"
+ [ -z "$tls_crt" ] || procd_add_jail_mount "$tls_crt"
+ [ -z "$tls_key" ] || procd_add_jail_mount "$tls_key"
+
procd_close_instance
}