aboutsummaryrefslogtreecommitdiffstats
path: root/testing/dnscrypt-proxy/dnscrypt-proxy.setup
diff options
context:
space:
mode:
authorStuart Cardall <developer@it-offshore.co.uk>2014-05-16 10:30:38 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-05-19 14:29:46 +0000
commitb77a017af7c251623e09123e5d86e14a8ccbe060 (patch)
tree7d129ac8a73eab08bb1ce0972039db70843ea6fe /testing/dnscrypt-proxy/dnscrypt-proxy.setup
parent8b54d81b531409bc70d0db26c91586e64468ca59 (diff)
downloadaports-b77a017af7c251623e09123e5d86e14a8ccbe060.tar.bz2
aports-b77a017af7c251623e09123e5d86e14a8ccbe060.tar.xz
testing/dnscrypt-proxy: update to 1.4.0
* Version 1.4.0: - Security: versions 0.11 to 1.3.3 were vulnerable to a denial of service when running out of output buffer space. /sbin/setup-dnscrypt now also sets the correct loopback address if unbound is removed outside of the script.
Diffstat (limited to 'testing/dnscrypt-proxy/dnscrypt-proxy.setup')
-rw-r--r--testing/dnscrypt-proxy/dnscrypt-proxy.setup182
1 files changed, 97 insertions, 85 deletions
diff --git a/testing/dnscrypt-proxy/dnscrypt-proxy.setup b/testing/dnscrypt-proxy/dnscrypt-proxy.setup
index 3fb58ad77d..f82e7c39ee 100644
--- a/testing/dnscrypt-proxy/dnscrypt-proxy.setup
+++ b/testing/dnscrypt-proxy/dnscrypt-proxy.setup
@@ -42,10 +42,9 @@ die() {
}
restart_interface(){
-
INTERFACES=$(echo | ifconfig | grep "Link encap" | sed '/lo/d' | cut -d"L" -f1)
print_question "\nChoose external interface to restart from the following:"
-print_question "\n\n$INTERFACES" "[ default - eth0 ]"
+print_question "\n\n$INTERFACES" "[ default: eth0 ]"
while :
do
@@ -68,9 +67,8 @@ done
}
choose_ip(){
-
IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F" " '{ print $1 ": " $3 }'| sed 's/addr//')
-if echo "$IPADDR" | grep -e "127.0.0.2" 1>/dev/null; then
+if echo "$IPADDR" | grep -e "127.0.0.2" 1>/dev/null && which unbound 1> /dev/null; then
defaultip='127.0.0.2'
IPADDR_CHOICE=$(echo "$IPADDR" | sed '/lo::127.0.0.1:/d')
else
@@ -78,13 +76,8 @@ else
IPADDR_CHOICE=$(echo "$IPADDR" | sed '/lo:1::127.0.0.2:/d')
fi
-if [ "$removecache" = "Y" ] || [ "$removecache" = "y" ]; then
- defaultip='127.0.0.1'
- IPADDR_CHOICE=$(echo "$IPADDR" | sed '/lo:1::127.0.0.2:/d')
-fi
-
print_question "\nChoose Dnscrypt IP from the following addresses:\n"
-print_question "\n$IPADDR_CHOICE\t" "[ default - $defaultip ]"
+print_question "\n$IPADDR_CHOICE\t" "[ default: $defaultip ]"
while :
do
@@ -105,14 +98,13 @@ done
}
choose_port(){
-
if grep -e "127.0.0.2" /etc/network/interfaces 1>/dev/null; then
defaultport=40
else
defaultport=53
fi
-print_question "\nChoose Dnscrypt Port:" "[ default = $defaultport ]"
+print_question "\nChoose Dnscrypt Port:" "[ default: $defaultport ]"
while :
do
read DNSPORT
@@ -160,6 +152,60 @@ print_green "--------------------------------------------------------"
fi
}
+restart_services(){
+# add / restart services - dnscrypt must be restarted first
+echo ""
+for srv in "dnscrypt-proxy" "unbound"; do
+ if which $srv 1> /dev/null; then
+ rc-status default | grep $srv 1> /dev/null
+ if [ "$?" != "0" ]; then
+ print_green "Adding $srv to Default Run Level"
+ rc-update add $srv default
+ fi
+ rc-service $srv restart
+ fi
+done
+}
+
+modify_config(){
+choose_ip; choose_port
+
+# update dnscrypt listening ip & port
+LINE=$(sed -n '/DNSCRYPT_LOCALIP=/=' $config)
+sed "$LINE c DNSCRYPT_LOCALIP=$IP_CLEAN:$DNSPORT_CLEAN" $config -i
+
+# update dhclient.conf
+if [ -f $dhcpconfig ]; then
+ if grep 'supersede domain-name-servers' $dhcpconfig 1>/dev/null; then
+ LINE=$(sed -n '/supersede domain-name-servers/=' $dhcpconfig)
+ sed "$LINE c supersede domain-name-servers $IP" $dhcpconfig -i
+ else
+ echo "supersede domain-name-servers $IP" >> $dhcpconfig
+ fi
+fi
+
+# update resolv.conf & unbound
+LINE=$(sed -n '/nameserver/=' /etc/resolv.conf)
+sed "$LINE c nameserver 127.0.0.1" /etc/resolv.conf -i
+if [ "$removecache" != "Y" ] && [ "$removecache" != "y" ]; then
+ update_unbound
+fi
+
+restart_interface
+
+print_strong "\n/etc/conf.d/dnscrypt-proxy Listening Address updated to:"
+print_green "--------------------------------------------------------"
+print_table "DNSCRYPT_LOCALIP=$IP_CLEAN:$DNSPORT_CLEAN"
+print_green "--------------------------------------------------------\n"
+}
+
+rm_loopback(){
+START=$(sed -n "\%Settings from $SCRIPT%=" /etc/network/interfaces)
+LINE=$(expr $START + 4)
+sed -i ''$START','$LINE'd' /etc/network/interfaces
+print_green "2nd Loopback interface removed"
+}
+
# END Functions ###################################################################################
# Do some sanity checking.
@@ -216,17 +262,17 @@ clear
# colour table ##################################################################################
-colourheading=$(awk 'BEGIN { format = "%-3s%-40s%-18s%-10s%-10s%-10s%-25s%s\n"
+colourheading=$(awk 'BEGIN { format = "%-3s%-40s%-18s%-10s%-10s%-10s%-25s\n"
printf format, "#", "Name", "Location", "DNSSEC", "No Logs", "Namecoin", "Resolver Address" }')
-colourline=$(awk 'BEGIN { format = "%-3s%-40s%-18s%-10s%-10s%-10s%-25s%s\n"
+colourline=$(awk 'BEGIN { format = "%-3s%-40s%-18s%-10s%-10s%-10s%-25s\n"
printf format, "---", "----------------------------------------", "------------------", "----------",\
"----------", "----------", "------------------------------------------" }')
print_green "$colourheading"
print_green "$colourline"
-awk 'BEGIN { format = "%-3s%-40s%-18s%-10s%-10s%-10s%-25s%s\n" }
+awk 'BEGIN { format = "%-3s%-40s%-18s%-10s%-10s%-10s%-25s\n" }
{ printf format,$1,$3,$5,$9,$10,$11,$12 }' FS=\| $output
print_green "$colourline"
@@ -282,94 +328,60 @@ print_green "-------------------------------------------------------------------
# install unbound
if ! which unbound 1> /dev/null; then
- print_question "Install Unbound (Caching DNS Server)" "[ Y / N ]"
+ print_question "Install Unbound (Caching DNS Server)" "[ Y / N: Default ]"
read installsrv
- if [ "$installsrv" = "Y" ] || [ "$installsrv" = "y" ]; then
+ if [ "$(echo $installsrv | tr '[A-Z]' '[a-z]')" = "y" ]; then
apk add -q unbound
else
echo "nameserver 127.0.0.1" > /etc/resolv.conf
- exit 0
fi
fi
# check for / setup secondary loopback for dns caching
if which unbound 1> /dev/null && ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then
- print_question "Configure DNS Caching (create a 2nd loopback interface @ 127.0.0.2) " "[ Y / N ]"
- read install2ndloop
- if [ "$install2ndloop" = "Y" ] || [ "$install2ndloop" = "y" ]; then
+ IP=127.0.0.2
+ echo "##### Settings from $SCRIPT #####" >> /etc/network/interfaces
+ echo "auto lo:1" >> /etc/network/interfaces
+ echo "iface lo:1 inet static" >> /etc/network/interfaces
+ echo "address $IP" >> /etc/network/interfaces
+ echo "netmask 255.0.0.0" >> /etc/network/interfaces
+ ifconfig lo:1 $IP up
+fi
+
+# modify caching
+if grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null && [ ! $installsrv ]; then
+ print_question "\nRemove DNS Caching (Unbound) / Secondary loopback device ?" "[ Y / N: Default ]"; read removecache
+ if [ "$(echo $removecache | tr '[A-Z]' '[a-z]')" = "y" ]; then
+ # remove loopback settings
+ rm_loopback
+ echo -e ""; rc-service unbound stop; apk del unbound
+ else
+ print_green "\nSecondary Loopback for DNS Caching configured @ 127.0.0.2"
IP=127.0.0.2
- echo "##### Settings from $SCRIPT #####" >> /etc/network/interfaces
- echo "auto lo:1" >> /etc/network/interfaces
- echo "iface lo:1 inet static" >> /etc/network/interfaces
- echo "address $IP" >> /etc/network/interfaces
- echo "netmask 255.0.0.0" >> /etc/network/interfaces
- ifconfig lo:1 $IP up
fi
fi
-# modify caching / ports
-if grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null && [ ! $install2ndloop ]; then
- print_question "\nRemove DNS Caching (Unbound) / Secondary loopback device ?" "[ Y / N ]"; read removecache
- if [ "$removecache" = "Y" ] || [ "$removecache" = "y" ]; then
- # remove loopback settings
- START=$(sed -n "\%Settings from $SCRIPT%=" /etc/network/interfaces)
- LINE=$(expr $START + 4)
- sed -i ''$START','$LINE'd' /etc/network/interfaces
- echo -e ""; rc-service unbound stop; apk del unbound
- else
- print_green "\nSecondary Loopback for DNS Caching configured @ 127.0.0.2\n"
- IP=127.0.0.2
- fi
+# modify ip / ports
+if [ $installsrv ] || [ "$(echo $removecache | tr '[A-Z]' '[a-z]')" = "y" ]; then
+ modify_config
+elif grep -q 127.0.0.2 /etc/network/interfaces && ! which unbound 1> /dev/null; then
+ rm_loopback
+ kill $(cat /var/run/unbound/unbound.pid)
+ modify_config
+else
+ print_question "\nModify dnscrypt-proxy ip / port ?" "[ Y / N: default ]"; read updateip
+ if [ "$(echo $updateip | tr '[A-Z]' '[a-z]')" = "y" ]; then
+ modify_config
+ fi
fi
-print_question "\nModify dnscrypt-proxy ip / port ?" "[ Y / N ]"; read updateip
-
-# choose dnscrypt ip address port
-if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then
- choose_ip; choose_port
-
- # update dnscrypt listening ip & port
- LINE=$(sed -n '/DNSCRYPT_LOCALIP=/=' $config)
- sed "$LINE c DNSCRYPT_LOCALIP=$IP_CLEAN:$DNSPORT_CLEAN" $config -i
-
- # update dhclient.conf
- if [ -f $dhcpconfig ]; then
- if grep 'supersede domain-name-servers' $dhcpconfig 1>/dev/null; then
- LINE=$(sed -n '/supersede domain-name-servers/=' $dhcpconfig)
- sed "$LINE c supersede domain-name-servers $IP" $dhcpconfig -i
- else
- echo "supersede domain-name-servers $IP" >> $dhcpconfig
- fi
- fi
-
- # update resolv.conf & unbound
- LINE=$(sed -n '/nameserver/=' /etc/resolv.conf)
- sed "$LINE c nameserver 127.0.0.1" /etc/resolv.conf -i
- if [ "$removecache" != "Y" ] && [ "$removecache" != "y" ]; then
- update_unbound
- fi
- restart_interface
-
- print_strong "\n/etc/conf.d/dnscrypt-proxy Listening Address updated to:"
- print_green "--------------------------------------------------------"
- print_table "DNSCRYPT_LOCALIP=$IP_CLEAN:$DNSPORT_CLEAN"
- print_green "--------------------------------------------------------\n"
+if [ "$RESTART_CLEAN" != "" ]; then
+ ifdown $RESTART_CLEAN && ifup $RESTART_CLEAN
+ print_green "Interface $RESTART_CLEAN restarted"
fi
-# add / restart services - dnscrypt must be restarted first
-for srv in "dnscrypt-proxy" "unbound"; do
- if which $srv 1> /dev/null; then
- rc-status default | grep $srv 1> /dev/null
- if [ "$?" != "0" ]; then
- print_green "Adding $srv to Default Run Level"
- rc-update add $srv default
- fi
- rc-service $srv restart
- fi
-done
+restart_services
-ifdown $RESTART_CLEAN && ifup $RESTART_CLEAN
-print_green "\nInterface $RESTART_CLEAN restarted\n"
exit 0