#!/sbin/openrc-run # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Id$ depend() { need net before dns use logger # provide cryptodns } DAEMON=/usr/sbin/dnscrypt-proxy NAME="${SVCNAME#dnscrypt-proxy}" NAME="${NAME#.}" DNSCRYPT_MODE=${DNSCRYPT_MODE,,} DNSCRYPT_LOGGER=${DNSCRYPT_LOGGER:-/var/log/${SVCNAME}.log} DNSCRYPT_USER=${DNSCRYPT_USER:-dnscrypt} DNSCRYPT_GROUP=${DNSCRYPT_GROUP:-dnscrypt} DNSCRYPT_RESOLVER_NAME=${DNSCRYPT_RESOLVER_NAME:-${NAME}} DNSCRYPT_RESOLVERS_FILE=${DNSCRYPT_RESOLVERS_FILE:-/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv} rundir=/var/run/${SVCNAME} pidfile="$rundir/dnscrypt-proxy.pid" check() { local l declare -a LINES ebegin "Checking $SVCNAME" if [[ $DNSCRYPT_MODE == 'name' ]]; then [[ -n $DNSCRYPT_RESOLVER_NAME ]] || LINES+=("DNSCRYPT_RESOLVER_NAME not set") [[ -s "$DNSCRYPT_RESOLVERS_FILE" ]] || LINES+=("DNSCRYPT_RESOLVERS_FILE not set or not a non-empty file: '$DNSCRYPT_RESOLVERS_FILE'") elif [[ $DNSCRYPT_MODE == 'ip' ]]; then [[ -n $DNSCRYPT_PROVIDER_ADDRESS ]] || LINES+=("DNSCRYPT_PROVIDER_ADDRESS not set") [[ -n $DNSCRYPT_PROVIDER_NAME ]] || LINES+=("DNSCRYPT_PROVIDER_NAME not set") [[ -n $DNSCRYPT_PROVIDER_KEY ]] || LINES+=("DNSCRYPT_PROVIDER_KEY not set") else LINES+=("invalid DNSCRYPT_MODE: '$DNSCRYPT_MODE', expected 'name' or 'ip'") fi [[ -n $DNSCRYPT_LOCAL_ADDRESS ]] || LINES+=("DNSCRYPT_LOCAL_ADDRESS not set, expected ip[:port]") if [[ -z ${LINES[@]} ]]; then eend 0 else eindent for l in "${LINES[@]}"; do eerror "$l"; done eoutdent eend 1 fi } start() { local log_opt log_opt_prefix rsl_list res check || return 1 ebegin "Starting $SVCNAME on $DNSCRYPT_LOCAL_ADDRESS" eindent res=1 if [[ "$DNSCRYPT_LOGGER" == 'syslog' ]] || checkpath -f -m 660 --owner "$DNSCRYPT_USER:$DNSCRYPT_GROUP" "$DNSCRYPT_LOGGER"; then if checkpath -d -m 660 --owner "$DNSCRYPT_USER:$DNSCRYPT_GROUP" "$rundir"; then if [[ "$DNSCRYPT_LOGGER" == 'syslog' ]]; then log_opt='--syslog' DNSCRYPT_SYSLOG_PREFIX="${DNSCRYPT_SYSLOG_PREFIX//${NAME}}" [[ -n "$DNSCRYPT_SYSLOG_PREFIX" ]] && log_opt_prefix="--syslog-prefix=$DNSCRYPT_SYSLOG_PREFIX" else log_opt="--logfile=$DNSCRYPT_LOGGER" fi if [[ $DNSCRYPT_MODE == 'name' ]]; then DNSCRYPT_OPTS="$DNSCRYPT_OPTS --resolver-name=$DNSCRYPT_RESOLVER_NAME" rsl_list="--resolvers-list=$DNSCRYPT_RESOLVERS_FILE" else DNSCRYPT_OPTS="$DNSCRYPT_OPTS --resolver-address=$DNSCRYPT_PROVIDER_ADDRESS --provider-name=$DNSCRYPT_PROVIDER_NAME --provider-key=$DNSCRYPT_PROVIDER_KEY" fi if [[ $DNSCRYPT_MODE == 'name' ]]; then einfo "using $DNSCRYPT_RESOLVER_NAME from '$DNSCRYPT_RESOLVERS_FILE'" else einfo "using $DNSCRYPT_PROVIDER_NAME on $DNSCRYPT_PROVIDER_ADDRESS" fi start-stop-daemon --start \ --background \ --wait 300 \ --make-pidfile --pidfile ${pidfile} \ --exec $DAEMON \ -- \ --user=$DNSCRYPT_USER \ --pidfile=${pidfile} \ --local-address=${DNSCRYPT_LOCAL_ADDRESS} \ $DNSCRYPT_OPTS "$log_opt" "$log_opt_prefix" "$rsl_list" res=$? fi fi eoutdent eend $res } stop() { ebegin "Stopping $SVCNAME on $DNSCRYPT_LOCAL_ADDRESS" start-stop-daemon --stop --pidfile=${pidfile} --exec $DAEMON eend $? }