Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 588462 - =net-dns/dnscrypt-proxy-1.9.5 version bump and fix openrc's start script
Summary: =net-dns/dnscrypt-proxy-1.9.5 version bump and fix openrc's start script
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal enhancement with 1 vote (vote)
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords:
Depends on: 608328
Blocks:
  Show dependency tree
 
Reported: 2016-07-09 18:13 UTC by Sergey S. Starikoff
Modified: 2017-11-10 07:59 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
dnscrypt-proxy.initd-1.6.1 (dnscrypt-proxy.initd-1.6.1,3.52 KB, text/plain)
2016-07-09 18:13 UTC, Sergey S. Starikoff
Details
dnscrypt-proxy.confd-1.6.1 (dnscrypt-proxy.confd-1.6.1,697 bytes, text/plain)
2016-07-09 18:17 UTC, Sergey S. Starikoff
Details
dnscrypt-proxy.initd-9999 (dnscrypt-proxy.initd-9999,3.27 KB, text/plain)
2016-07-09 18:21 UTC, Sergey S. Starikoff
Details
dnscrypt-proxy.confd-9999 (dnscrypt-proxy.confd-9999,2.15 KB, text/plain)
2016-07-09 18:22 UTC, Sergey S. Starikoff
Details
dnscrypt-proxy-1.7.0.ebuild.patch (dnscrypt-proxy-1.7.0.ebuild.patch,1.19 KB, patch)
2016-10-02 17:40 UTC, Sergey S. Starikoff
Details | Diff
dnscrypt-proxy.initd-1.7.0 (dnscrypt-proxy.initd-1.7.0,4.48 KB, text/plain)
2016-12-07 18:12 UTC, Sergey S. Starikoff
Details
dnscrypt-proxy.confd-1.7.0 (dnscrypt-proxy.confd-1.7.0,905 bytes, text/plain)
2016-12-07 18:13 UTC, Sergey S. Starikoff
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sergey S. Starikoff 2016-07-09 18:13:43 UTC
Created attachment 440208 [details]
dnscrypt-proxy.initd-1.6.1

Installed with =net-dns/dnscrypt-proxy-1.6.1::gentoo openrc's init script supports only single instance, at the time, when at least two DNS providers are recommended. Also, by default it expects logging into file, but starts dnscrypt-proxy in the mode, where it supports only syslog logging. With creation /syslog (!!!) empty file.

The script was completely reviewed.
Works fine with =sys-apps/openrc-0.19.1.
Comment 1 Sergey S. Starikoff 2016-07-09 18:17:58 UTC
Created attachment 440212 [details]
dnscrypt-proxy.confd-1.6.1

The suggested =net-dns/dnscrypt-proxy-1.6.1::gentoo openrc init script still expects default logging into file. The only difference is that it works.
But there is an upstream issue: log file doesn't contain timestamps.
https://github.com/jedisct1/dnscrypt-proxy/issues/423
Comment 2 Sergey S. Starikoff 2016-07-09 18:21:27 UTC
Created attachment 440214 [details]
dnscrypt-proxy.initd-9999

Latest released version doesn't provide options to differ messages in syslog.
That is why previous version of init script expects issued logging into file.

Recent development version has such option.
Attached init script by default logs into syslog, including instance marker into log message.
Comment 3 Sergey S. Starikoff 2016-07-09 18:22:09 UTC
Created attachment 440216 [details]
dnscrypt-proxy.confd-9999

Config for last version of init script.
Comment 4 Sergey S. Starikoff 2016-10-02 17:40:16 UTC
Created attachment 448876 [details, diff]
dnscrypt-proxy-1.7.0.ebuild.patch

Latest release (=net-dns/dnscrypt-proxy-1.7.0) is compatible with suggested OpenRC'c init scripts for -9999/
Comment 5 Yixun Lan archtester gentoo-dev 2016-10-30 23:19:30 UTC
 hello, Sergey S. Starikoff, I see you put a lot effort into this package and try to keep it up-to-date, so I wonder if you want to step forward and take over the maintainership [1] of this package, we(@proxy-maint) could at least help review and commit them.

you may also want to check bug 597914, as the OpenRC init script require POSIX sh compatible..

btw, due to real life, the original maintainer (Wang Jiajun) won't have time for maintaining this package.. 

[1] more info , https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers
Comment 6 Sergey S. Starikoff 2016-11-02 08:30:51 UTC
(In reply to Yixun Lan from comment #5)
>  hello, Sergey S. Starikoff, I see you put a lot effort into this package
> and try to keep it up-to-date, so I wonder if you want to step forward and
> take over the maintainership [1] of this package, we(@proxy-maint) could at
> least help review and commit them.
We (OpenRC scripts are primarily developed by  Beelzebubbie beelzebubbie.logs@gmail.com) could take this package on proxy-maintainership.

> you may also want to check bug 597914, as the OpenRC init script require
> POSIX sh compatible..
If commiting init scripts from this bug, that bug looks to be duplicate.

BTW I have some more common question: does Gentoo devmanual provide reference to the _complete_ description of POSIX-shell?
As for me, this document should be not only referenced, but mirrored locally.
Comment 7 Hadrien Lacour 2016-11-02 10:59:22 UTC
(In reply to Sergey S. Starikoff from comment #6)

> BTW I have some more common question: does Gentoo devmanual provide
> reference to the _complete_ description of POSIX-shell?
Hello, the POSIX sh is linked in https://wiki.gentoo.org/wiki/Bash#See_also. If you want to know POSIX sh better, I suggest that you first check the spec itself
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/sh.html
and those useful links
http://mywiki.wooledge.org/Bashism
https://wiki.ubuntu.com/DashAsBinSh
http://www.etalabs.net/sh_tricks.html
Comment 8 Beelzebubbie 2016-11-02 13:25:09 UTC
(In reply to Hadrien Lacour from comment #7)

Sorry, but it clears nothing. If we should sustain compatibility (using any standards) it means that we must be able (using these standards) to determine if every language construct is *valid*. We are talking about shell – so I expect to see *complete* lang description together with «allowed» external commands.

In fact, I failed even to understand (from opengroup.org docs) what test operators are defined in posix. Where is -a -o -e -d -x -whatever description? Can I use sed/awk/gawk/python/whatever? And so on… How can one write *compatible* script if there is nothing clearly and completely defined in one place?
Comment 9 Hadrien Lacour 2016-11-02 15:15:36 UTC
I don't understand your problem.
What's allowed: the spec
What's not: the useful links I provided, to differentiate from bash

test is officially an external program, so you look here http://pubs.opengroup.org/onlinepubs/9699919799/

What I want to know (and I think you want to too) is what is our coreutils/findutils/sed/etc... standard.
Comment 10 Beelzebubbie 2016-11-02 18:41:16 UTC
(In reply to Hadrien Lacour from comment #9)
> I don't understand your problem.
> What's allowed: the spec
> What's not: the useful links I provided, to differentiate from bash
> 
> test is officially an external program, so you look here
> http://pubs.opengroup.org/onlinepubs/9699919799/
> 
> What I want to know (and I think you want to too) is what is our
> coreutils/findutils/sed/etc... standard.

I've got no problem, though. There is a problem in *describing* the vague concept of «compatibility» of initscripts. All I tried to say is about a lack of good and strict openrc-level documentation about writing openrc-compatible initscripts. I personally do not have a problem to write posix code, at least I can do enough-good guesses about it. 

Thanks for the links.
Comment 11 Hadrien Lacour 2016-11-02 18:48:08 UTC
Whoops, the test link is http://pubs.opengroup.org/onlinepubs/9699919799/utilities/test.html (forgot that this site is using frames)
Comment 12 Yixun Lan archtester gentoo-dev 2016-12-03 05:12:32 UTC
ok, I've dropped the original maintainer, add re-assign it to maintainer-needed ..

so, for the init script, anyone working on this? what's the progress?
or, less acceptable choice, let's push this bashism version first, then waiting for someone to improve it?
Comment 13 Beelzebubbie 2016-12-03 16:55:12 UTC
I'll downgrade these scripts in a couple of days, no need to push bash version.
Comment 14 Sergey S. Starikoff 2016-12-07 18:12:36 UTC
Created attachment 455436 [details]
dnscrypt-proxy.initd-1.7.0

POSIX-shell init script for >=net-dns/dnscrypt-proxy-1.7.0
Comment 15 Sergey S. Starikoff 2016-12-07 18:13:42 UTC
Created attachment 455438 [details]
dnscrypt-proxy.confd-1.7.0

Corresponding conf_d file.
Comment 16 Sergey S. Starikoff 2016-12-07 18:24:33 UTC
(In reply to Yixun Lan from comment #12)
> ok, I've dropped the original maintainer, add re-assign it to
> maintainer-needed ..
You could assign it to proxy-maintainers listing us as developers.

> so, for the init script, anyone working on this? what's the progress?
> or, less acceptable choice, let's push this bashism version first, then
> waiting for someone to improve it?

Init script is complete and attached to bug.
After it's commit into tree you can close bug #597914 as duplicate of this.

Updated config makes obsolete suggested ebuild patch (suggested default of local IP is 127.1.1.1 instead of 127.0.0.1 in patch).
Also notable thing is that default config is inoperable. Prior to use dnscrypt-proxy, user *must* read the list, select and set at least one server to use.

Please, don't close this bug, but mark it IN_PROGRESS.
In about a week I want to add syslog support, because direct logging into file is unusable when using more than one instances, see upstream bug https://github.com/jedisct1/dnscrypt-proxy/issues/423 for details.
Comment 17 Beelzebubbie 2016-12-23 02:42:01 UTC
Michael, suggested initscript already uses checkpath
Comment 18 Sergey S. Starikoff 2017-02-05 13:55:33 UTC
$ cd /tmp
$ wget http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.9.4.tar.bz2.minisig
…
$ minisign -VP RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3 -x /tmp/dnscrypt-proxy-1.9.4.tar.bz2.minisig -m /usr/portage/distfiles/dnscrypt-proxy-1.9.4.tar.bz2 
Signature and comment signature verified
Trusted comment: timestamp:1484995547	file:dnscrypt-proxy-1.9.4.tar.bz2

…
# grep DIST Manifest  | grep 1.9.4
DIST dnscrypt-proxy-1.9.4.tar.bz2 1286263 SHA256 fdf4a708e7922e13b14555f315ca8d5361aec89b0595b06fdbbcaacfa4e6f11e SHA512 6fca8983b57810d3db297eb12c24ef9cbdafc56cd580d4c80ce3ece8a6520f27e3ba5be8390c58e0c30ba8d0b06e332daa33de3df228706d229b8cb211ca92fd WHIRLPOOL 3c301b80960b3fa9aaa96c8960a4f823427ef01a36faf53de2909d774d51113a3973cf70dd388385dbc7acc3d030e77d0433fb79ec703d959a02dd07dd3ce40a

Upstream bug fixed in about 1.9.0, so I remove reference.
Comment 19 Søren Dalby Larsen 2017-04-10 06:51:14 UTC
I guess this can be confirmed now. At least 1.9.4 made the two boxes where I use dnscrypt-proxy break, finde this bug and apply the updated init script (which works flawlessly, thanks!)
Comment 20 Sergey S. Starikoff 2017-06-07 18:45:32 UTC
06-May-2017 was released dnscrypt-proxy-1.9.5.

Ebuild is the same.

Sources digest:
DIST dnscrypt-proxy-1.9.5.tar.bz2 1290573 SHA256 e89f5b9039979ab392302faf369ef7593155d5ea21580402a75bbc46329d1bb6 SHA512 84c0f7587521b3a198292cf20dd71cb592ccf8a9e003abbc62c5ca112f6c5ed27c49b1642cf91f403d52b4147e25f24af540b65cecfcf93814338329097df836 WHIRLPOOL dec0090456a36fcc2b6883c1510c09d7a17459f022b0957eccf5f48272a305f546a760f9fb5c598b3fe86747ff16fac9b6767e3422f999dfca5fb717cd926ea1
Comment 21 Pacho Ramos gentoo-dev 2017-06-08 08:40:09 UTC
Per https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers you should open a bug report assigned to proxy-maint team asking to take this packages (and the needed ones) Thanks
Comment 22 Georgy Yakovlev archtester gentoo-dev 2017-08-03 07:29:59 UTC
Hey guys,

I just wanted to let you know that using conf.d is sub-optimal now.
dnscrypt now supports caching and it can only be activating using a config
file. It also supports domain whitelist so one can drop a dnsmasq/unbound/etc
for complex configurations with local domains and caching.

And maybe you should stop writing those ugly over-engineered initscripts and huge conf.d files? Why didn't you put a bash framework or oh-my-zsh inside the init script? It would be fun.

Let user specify parameters in the conf.d file and be done.
If you want to have 2 responders, you can do a symlink to the init file and
point it to second config file with alternative provider.
If user wants to use commandline arguments instead of config file, one can just configure conf.d
accordingly.

Default upstream configurations uses random as resolver name and it's good
enough.



Also I'd like to make use of dnscrypt-update-resolvers.sh. It's not installed
now on gentoo.

Dont try to handle everything,
provide a simple working configuration.
Mention advanced topics, like running dual resolvers in the postinst with a link to wiki.
and let the user decide.


Here is an example sane init script.

command="/usr/sbin/dnscrypt-proxy"
command_args="${DNSCRYPT_OPTS}"
pidfile="/var/run/${SVCNAME}.pid"

depend() {
        use net dns logger
	}

here is conf.d file contents
DNSCRYPT_OPTS="/etc/dnscrypt-proxy.conf"



The rest is just configuring the daemon.
you can have for example
/etc/dnscrypt_proxy.1.conf with unique pidfile, syslog prefix and LocalAddress
/etc/dnscrypt_proxy.2.conf
/etc/dnscrypt_proxy.conf  (this file includes common options, the files above can include it)


then you just 
cd /etc/init.d
ln -s ddnscrypt-proxy dnscrypt-proxy.1
cd /etc/conf.d/
cp dnscrypt-proxy dnscrypt-proxy.1
and change path to config file.
in the config file specify unique optios so daemons don't overlap.
that's it.

Now you have 2 daemons, each listening on it's own address (127.0.0.1 and
127.0.0.2 for example). Both have own syslog prefix. Both can be configured
with caching. Each can have it's own resolver or random resolver.

That's how it's done gentoo-way.
Comment 23 Georgy Yakovlev archtester gentoo-dev 2017-08-08 00:23:14 UTC
I created a pull request for this with proper systemd socket activation and simplified initscript.
https://github.com/gentoo/gentoo/pull/5346
Comment 24 Vishnu V K 2017-10-30 18:07:57 UTC
(In reply to Georgy Yakovlev from comment #22)

> 
> I just wanted to let you know that using conf.d is sub-optimal now.
> dnscrypt now supports caching and it can only be activating using a config
> file.


That is not true. Caching is a plugin, and you can activate it using the '--plugin' option, and pointing it to the relevant lib. For example:

    --plugin="/usr/lib/dnscrypt-proxy/libdcplugin_example_cache.so"
Comment 25 Georgy Yakovlev archtester gentoo-dev 2017-11-07 02:49:17 UTC
(In reply to Vishnu V K from comment #24)
> 
> That is not true. Caching is a plugin, and you can activate it using the
> '--plugin' option, and pointing it to the relevant lib. For example:
> 
>     --plugin="/usr/lib/dnscrypt-proxy/libdcplugin_example_cache.so"

True[1]. Thanks for correcting me.
Yet, config file is a better way of configuring plugins and plugin parameters.
Command line plugin configuration gets clunky really fast and is not documented on purpose [2].
 
[1] - https://github.com/jedisct1/dnscrypt-proxy/issues/747#issuecomment-331500963
[2] - https://github.com/jedisct1/dnscrypt-proxy/issues/566#issuecomment-272859317
Comment 26 Larry the Git Cow gentoo-dev 2017-11-07 08:48:13 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ee515fb8a5ff324983ec37c38ec1e2dc8d7aaa6

commit 0ee515fb8a5ff324983ec37c38ec1e2dc8d7aaa6
Author:     Georgy Yakovlev <ya@sysdump.net>
AuthorDate: 2017-08-07 20:52:14 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2017-11-07 08:48:03 +0000

    net-dns/dnscrypt-proxy: bump to 1.9.5, Sanitize initscripts.
    
    Greatly simplify initscript to allow symlinking of unit files
    for openrc. This approach follows upstream recommendation to
    use config file instead of command line args.
    Also proper systemd unit with socket activation from upstream.
    Fixes 588462
    
    Bug: https://bugs.gentoo.org/show_bug.cgi?id=588462
    Closes: https://github.com/gentoo/gentoo/pull/5346

 net-dns/dnscrypt-proxy/Manifest                    |   1 +
 net-dns/dnscrypt-proxy/dnscrypt-proxy-1.9.5.ebuild |  72 ++++++
 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf   | 242 +++++++++++++++++++++
 .../dnscrypt-proxy/files/dnscrypt-proxy.confd-r1   |   1 +
 .../dnscrypt-proxy/files/dnscrypt-proxy.initd-r1   |  11 +
 .../dnscrypt-proxy/files/dnscrypt-proxy.service-r1 |  18 ++
 .../dnscrypt-proxy/files/dnscrypt-proxy.socket-r1  |   9 +
 7 files changed, 354 insertions(+)}
Comment 27 Vishnu V K 2017-11-10 06:15:47 UTC
Are the start() and stop() parts of the init.d not necessary anymore? Why are they gone?
Comment 28 Georgy Yakovlev archtester gentoo-dev 2017-11-10 07:59:01 UTC
(In reply to Vishnu V K from comment #27)
> Are the start() and stop() parts of the init.d not necessary anymore? Why
> are they gone?

not gone. default is used if it’s not defined explicitly in the init script.

https://github.com/OpenRC/openrc/blob/master/sh/openrc-run.sh.in

https://github.com/OpenRC/openrc/blob/master/sh/start-stop-daemon.sh