testing/dnscrypt-proxy: upgrade to to 1.33

Complete patch to bump dnscrypt-proxy to version 1.33

Minor changes to APKBUILD to build with the new sources & make-depends.

confd / initd changed to include the additional configurations to set the alternative
resolver ip / public keys.

Separate patch created to build dnscrypt's dependency libsodium / libsodium-dev
(as it no longer forms part of dnscrypt's sources).

Post-install script is just status / info using the $STRONG / $RED / $GREEN
system colours.

Added /sbin/setup-dnscrypt for changing the resolver dnscrypt queries &
optionally installing unbound for dns caching. This also uses the system terminal
colours. This no longer makes any changes to init.d, it only updates conf.d

1 files changed, 227 insertions, 0 deletions

diff --git a/testing/dnscrypt-proxy/dnscrypt-proxy.setup b/testing/dnscrypt-proxy/dnscrypt-proxy.setup
new file mode 100644
index 0000000000..8fd6d56f27
--- /dev/null
+++ b/testing/dnscrypt-proxy/dnscrypt-proxy.setup
@@ -0,0 +1,227 @@
+#!/bin/sh
+# Contributor: IT Offshore <developer@it-offshore.co.uk>
+# dnscrypt-proxy setup script to choose DNS Resolver / install & configure DNS Caching
+############################################################################################
+
+NORMAL="\033[1;0m"
+STRONG="\033[1;1m"
+RED="\033[1;31m"
+GREEN="\033[1;32m"
+
+print_question() {
+        local prompt="${STRONG}$1 ${RED}$2${NORMAL}"
+        printf "${prompt} %s"
+}
+
+print_strong() {
+        local prompt="${STRONG}$1 ${RED}$2${NORMAL}"
+        printf "${prompt} %s\n"
+}
+
+
+print_green() {
+        local prompt="${GREEN}${STRONG}$1 ${NORMAL}"
+        printf "${prompt} %s\n"
+}
+
+print_table() {
+        local choice="${RED}${STRONG}$1${NORMAL}"
+	local resolver="${STRONG}$2"
+	local location="${GREEN}$3"
+	 printf "${choice} ${resolver} ${location} %s\n"
+}
+
+die() {
+    print_table "ERROR:" "$1" > /dev/null 1>&2
+    exit 1
+}
+
+choose_ip(){
+IP=none
+IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }')
+until echo $IPADDR | grep -e $IP 1>/dev/null
+do
+    print_question "\nChoose dnscrypt ip from the following addresses:\n"
+    print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]"
+    read IP
+    if [ ! $IP ] ;then
+        IP=127.0.0.1; print_green "\nIP: 127.0.0.1 Selected";
+    fi
+done
+}
+
+choose_port(){
+print_question "\nChoose dnscrypt port:" "[ default = 40 ]"
+until [ "$DNSPORT" -gt 0 ] 2>/dev/null
+do
+        read DNSPORT
+        if [ ! $DNSPORT ]; then
+             DNSPORT=40; print_green "\nPort: 40 Selected"
+        fi
+
+        case $DNSPORT in
+        ''|*[!0-9]*) print_question "\nChoose NUMERIC dnscrypt port:" "[ default = 40 ]" ;;
+        *) if [ "$DNSPORT" -gt 65535 ]; then
+                                print_question "\nPlease choose a valid port" "[1 - 65535]";
+                                DNSPORT=0;
+           fi;;
+        esac
+done
+}
+
+update_unbound(){
+if [ -f /etc/unbound/unbound.conf ]; then
+	if grep 'Settings from /sbin/setup-dnscrypt' /etc/unbound/unbound.conf 1>/dev/null; then
+		#replace previous setting
+		START=$(sed -n '/Settings from \/sbin\/setup-dnscrypt/=' /etc/unbound/unbound.conf)
+		LINE=$(expr $START + 5)
+		sed "$LINE c \  forward-addr: $IP@$DNSPORT" /etc/unbound/unbound.conf -i
+	else
+		echo -e '##### Settings from /sbin/setup-dnscrypt #####' >> /etc/unbound/unbound.conf
+		echo -e 'do-not-query-localhost: no' >> /etc/unbound/unbound.conf
+		echo >> /etc/unbound/unbound.conf
+		echo -e 'forward-zone:' >> /etc/unbound/unbound.conf
+		echo -e '  name: "."' >> /etc/unbound/unbound.conf
+		echo -e "  forward-addr: $IP@$DNSPORT" >> /etc/unbound/unbound.conf
+	fi
+print_strong "\n/etc/unbound/unbound.conf settings updated to:"
+print_green "--------------------------------------------------------"
+print_table 'forward-zone:'
+print_table '  name: "."'
+print_table "  forward-addr: $IP@$DNSPORT"
+print_green "--------------------------------------------------------\n"
+fi
+}
+
+# Do some sanity checking.
+if [ $(/usr/bin/id -u) != "0" ]; then
+   die 'Must be run by root user'
+fi
+
+clear;
+print_table "\n   DNSCRYPT-PROXY MANAGER"
+print_green "-----------------------------------------------------------------"
+print_table "1:" "OpenDNS"
+print_table "2:" "Cloud NS\t\t : Canberra, Australia" "(No Logs, DNSSEC)"
+print_table "3:" "Cloud NS\t\t : Canberra" "(over TOR .onion:443)"
+print_table "4:" "Cloud NS\t\t : Sydney, Australia" "(No Logs, DNSSEC)"
+print_table "5:" "Cloud NS\t\t : Sydney" "(over TOR .onion:443)"
+print_table "6:" "OpenNIC\t\t : Japan" "(No Logs)"
+print_table "7:" "DNSCrypt.eu\t\t : Holland" "(No logs, DNSSEC)"
+print_table "8:" "Soltysiak.com\t : Poland" "(No logs, DNSSEC)"
+print_green "-----------------------------------------------------------------"
+print_question "Please choose a DNS Resolver for dnscrypt-proxy to query" "[1 - 8]:"
+
+
+until [ "$DNS" -gt 0 ] 2>/dev/null
+do
+
+read DNS
+
+case $DNS in
+    1) RESOLVER=208.67.220.220:443;
+       PROVIDER=2.dnscrypt-cert.opendns.com
+       PUBKEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79;;
+    2) RESOLVER=113.20.6.2:443;
+       PROVIDER=2.dnscrypt-cert.cloudns.com.au;
+       PUBKEY=1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4;;
+    3) RESOLVER=gc2tzw6lbmeagrp3.onion:443;
+       PROVIDER=2.dnscrypt-cert.cloudns.com.au;
+       PUBKEY=1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4;;
+    4) RESOLVER=113.20.8.17:443;
+       PROVIDER=2.dnscrypt-cert-2.cloudns.com.au;
+       PUBKEY=67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330;;
+    5) RESOLVER=l65q62lf7wnfme7m.onion:443;
+       PROVIDER=2.dnscrypt-cert-2.cloudns.com.au;
+       PUBKEY=67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330;;
+    6) RESOLVER=106.186.17.181:2053;
+       PROVIDER=2.dnscrypt-cert.ns2.jp.dns.opennic.glue;
+       PUBKEY=8768:C3DB:F70A:FBC6:3B64:8630:8167:2FD4:EE6F:E175:ECFD:46C9:22FC:7674:A1AC:2E2A;;
+    7) RESOLVER=176.56.237.171:443;
+       PROVIDER=2.dnscrypt-cert.dnscrypt.eu;
+       PUBKEY=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66;;
+    8) RESOLVER=178.216.201.222:2053;
+       PROVIDER=2.dnscrypt-cert.soltysiak.com;
+       PUBKEY=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21;;
+       #check for numerical input
+    ''|0|*[!0-9]*) print_question "Please choose a NUMERIC option:" "[1 - 8]" ;;
+    *) if [ "$DNS" -gt 8 ]; then
+	  print_question "Please choose an option:" "[1 - 8]";
+	  DNS=0;
+       fi;;
+esac
+done
+
+# remove existing Resolver config
+if grep "RESOLVER" /etc/conf.d/dnscrypt-proxy 1> /dev/null; then
+   sed -e '/RESOLVER/d' -e '/PROVIDER/d' -e '/PUBKEY/d' /etc/conf.d/dnscrypt-proxy -i
+fi
+
+# update Resolver config
+echo "RESOLVER=$RESOLVER" >> /etc/conf.d/dnscrypt-proxy
+echo "PROVIDER=$PROVIDER" >> /etc/conf.d/dnscrypt-proxy
+echo "PUBKEY=$PUBKEY" >> /etc/conf.d/dnscrypt-proxy
+
+print_strong "\n/etc/conf.d/dnscrypt-proxy Resolver Settings updated to:"
+print_green "---------------------------------------------------------------------------------------------"
+print_table "RESOLVER\t\t:" "$RESOLVER"
+print_table "PROVIDER\t\t:" "$PROVIDER"
+print_table "PUBLIC KEY :" "$PUBKEY"
+print_green "---------------------------------------------------------------------------------------------\n"
+
+# install unbound
+if ! which unbound 1> /dev/null; then
+   print_question "Install Unbound (Caching DNS Server)" "[ Y / N ]"
+   read installsrv
+   if [ "$installsrv" = "Y" ] || [ "$installsrv" = "y" ]; then
+      apk add -q unbound
+   fi
+fi
+
+# choose dnscrypt ip address port
+print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]"
+read updateip
+if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then
+		choose_ip; choose_port
+
+		# update dnscrypt listening ip & port
+		LINE=$(sed -n '/DNSCRYPT_LOCALIP=/=' /etc/conf.d/dnscrypt-proxy)
+		sed "$LINE c DNSCRYPT_LOCALIP=$IP:$DNSPORT" /etc/conf.d/dnscrypt-proxy -i
+
+		# update dhclient.conf
+		if [ -f /etc/dhcp/dhclient.conf ]; then
+			if grep 'supersede domain-name-servers' /etc/dhcp/dhclient.conf 1>/dev/null; then
+			LINE=$(sed -n '/supersede domain-name-servers/=' /etc/dhcp/dhclient.conf)
+			sed "$LINE c supersede domain-name-servers $IP" /etc/dhcp/dhclient.conf -i
+			else
+				echo "supersede domain-name-servers $IP" >> /etc/dhcp/dhclient.conf
+			fi
+		fi
+
+		# update resolv.conf & unbound
+		LINE=$(sed -n '/nameserver/=' /etc/resolv.conf)
+                sed "$LINE c nameserver $IP" /etc/resolv.conf -i
+		update_unbound
+
+		# add / restart services
+		for srv in "unbound dnscrypt-proxy"; do
+		if which $srv 1> /dev/null; then
+			if ! rc-status | grep $srv; then
+				rc-update add $srv default
+			fi
+			rc-service $srv restart
+		fi
+		done
+
+		print_strong "/etc/conf.d/dnscrypt-proxy Listening Address updated to:"
+		print_green "--------------------------------------------------------"
+		print_table "DNSCRYPT_LOCALIP=$IP:$DNSPORT"
+		print_green "--------------------------------------------------------\n"
+fi
+
+
+
+
+
+
+