From 6c91732b073f71bb6175b7a829509f42e3fe7ddd Mon Sep 17 00:00:00 2001 From: Damiano Renfer Date: Tue, 2 Sep 2014 22:13:38 +0200 Subject: [PATCH 1/2] libsodium: add package, version 0.7.0 Signed-off-by: Damiano Renfer --- libs/libsodium/Makefile | 64 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 libs/libsodium/Makefile diff --git a/libs/libsodium/Makefile b/libs/libsodium/Makefile new file mode 100644 index 000000000..5154094d2 --- /dev/null +++ b/libs/libsodium/Makefile @@ -0,0 +1,64 @@ +# +# Copyright (C) 2009-2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=libsodium +PKG_VERSION:=0.7.0 +PKG_RELEASE:=1 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://download.libsodium.org/libsodium/releases +PKG_MD5SUM:=b9029bf810c4b5a8acc3afec1286a36a +PKG_CAT:=zcat + +PKG_FIXUP:=libtool autoreconf +PKG_USE_MIPS16:=0 +PKG_INSTALL:=1 + +PKG_MAINTAINER:=Damiano Renfer +PKG_LICENSE:=ISC + +include $(INCLUDE_DIR)/package.mk + +define Package/libsodium + SECTION:=libs + CATEGORY:=Libraries + DEFAULT:=y + TITLE:=P(ortable|ackageable) NaCl-based crypto library + URL:=https://github.com/jedisct1/libsodium + MAINTAINER:=Damiano Renfer +endef + +define Package/libsodium/description + NaCl (pronounced "salt") is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. + NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools. + Sodium is a portable, cross-compilable, installable, packageable fork of NaCl (based on the latest released upstream version nacl-20110221), with a compatible API. + The design choices, particularly in regard to the Curve25519 Diffie-Hellman function, emphasize security (whereas NIST curves emphasize "performance" at the cost of security), and "magic constants" in NaCl/Sodium have clear rationales. + The same cannot be said of NIST curves, where the specific origins of certain constants are not described by the standards. + And despite the emphasis on higher security, primitives are faster across-the-board than most implementations of the NIST standards. +endef + +define Build/Configure + $(call Build/Configure/Default, --disable-ssp) +endef + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include/sodium + $(CP) $(PKG_INSTALL_DIR)/usr/include/sodium.h $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/include/sodium/*.h $(1)/usr/include/sodium + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libsodium.{a,so*} $(1)/usr/lib +endef + +define Package/libsodium/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libsodium.so.* $(1)/usr/lib/ +endef + +$(eval $(call BuildPackage,libsodium)) From 3fc82c470ae233f6f45b46d2c28b9ac1046fc70e Mon Sep 17 00:00:00 2001 From: Damiano Renfer Date: Tue, 2 Sep 2014 22:16:17 +0200 Subject: [PATCH 2/2] dnscrypt-proxy: add package with config files, version 1.4.0 Signed-off-by: Damiano Renfer --- net/dnscrypt-proxy/Makefile | 121 ++++++++++++++++++ .../files/dnscrypt-proxy.config | 5 + net/dnscrypt-proxy/files/dnscrypt-proxy.init | 27 ++++ 3 files changed, 153 insertions(+) create mode 100644 net/dnscrypt-proxy/Makefile create mode 100644 net/dnscrypt-proxy/files/dnscrypt-proxy.config create mode 100644 net/dnscrypt-proxy/files/dnscrypt-proxy.init diff --git a/net/dnscrypt-proxy/Makefile b/net/dnscrypt-proxy/Makefile new file mode 100644 index 000000000..281b4e3f9 --- /dev/null +++ b/net/dnscrypt-proxy/Makefile @@ -0,0 +1,121 @@ +# +# Copyright (C) 2009-2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=dnscrypt-proxy +PKG_VERSION:=1.4.0 +PKG_RELEASE:=1 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://download.dnscrypt.org/dnscrypt-proxy +PKG_MD5SUM:=c31d14d8de2123e9f2ddf26216577841 +PKG_CAT:=zcat + +PKG_FIXUP:=autoreconf +PKG_INSTALL:=1 + +PKG_MAINTAINER:=Damiano Renfer +PKG_LICENSE:=ISC + +include $(INCLUDE_DIR)/package.mk + +define Package/dnscrypt-proxy/Default + SECTION:=net + CATEGORY:=Network + SUBMENU:=IP Addresses and Names + DEPENDS:=+libsodium + URL:=http://dnscrypt.org/ + MAINTAINER:=Damiano Renfer +endef + +define Package/dnscrypt-proxy + $(call Package/dnscrypt-proxy/Default) + TITLE:=A tool for securing communications between a client and a DNS resolver +endef + +define Package/dnscrypt-proxy/description + dnscrypt-proxy provides local service which can be used directly as your + local resolver or as a DNS forwarder, encrypting and authenticating requests + using the DNSCrypt protocol and passing them to an upstream server. + The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography + and is very similar to DNSCurve, but focuses on securing communications between + a client and its first-level resolver. +endef + +define Package/hostip + $(call Package/dnscrypt-proxy/Default) + TITLE:=Resolver to IPv4 or IPv6 addresses +endef + +define Package/hostip/description + The DNSCrypt proxy ships with a simple tool named hostip that resolves a name + to IPv4 or IPv6 addresses. +endef + +define Build/Configure + $(call Build/Configure/Default, \ + --prefix=/usr \ + --disable-ssp \ + ) +endef + +TARGET_CFLAGS += \ + -fomit-frame-pointer \ + -fdata-sections \ + -ffunction-sections + +TARGET_LDFLAGS += \ + -Wl,-gc-sections + +MAKE_FLAGS += \ + CFLAGS="$(TARGET_CFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" + +define Package/dnscrypt-proxy/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/dnscrypt-proxy $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/share/dnscrypt-proxy + $(CP) $(PKG_INSTALL_DIR)/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv $(1)/usr/share/dnscrypt-proxy/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/dnscrypt-proxy.init $(1)/etc/init.d/dnscrypt-proxy + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/dnscrypt-proxy.config $(1)/etc/config/dnscrypt-proxy +endef + +define Package/dnscrypt-proxy/postinst +#!/bin/sh +# check if we are on real system +if [ -z "$${IPKG_INSTROOT}" ]; then + echo "Enabling rc.d symlink for dnscrypt-proxy" + /etc/init.d/dnscrypt-proxy enable +fi +exit 0 +endef + +define Package/dnscrypt-proxy/prerm +#!/bin/sh +# check if we are on real system +if [ -z "$${IPKG_INSTROOT}" ]; then + echo "Removing rc.d symlink for dnscrypt-proxy" + /etc/init.d/dnscrypt-proxy disable +fi +exit 0 +endef + +define Package/dnscrypt-proxy/conffiles + /etc/config/dnscrypt-proxy +endef + +define Package/hostip/install + $(INSTALL_DIR) $(1)/usr/bin + $(CP) $(PKG_INSTALL_DIR)/usr/bin/hostip $(1)/usr/bin/ +endef + +$(eval $(call BuildPackage,dnscrypt-proxy)) +$(eval $(call BuildPackage,hostip)) diff --git a/net/dnscrypt-proxy/files/dnscrypt-proxy.config b/net/dnscrypt-proxy/files/dnscrypt-proxy.config new file mode 100644 index 000000000..d0dbc2d00 --- /dev/null +++ b/net/dnscrypt-proxy/files/dnscrypt-proxy.config @@ -0,0 +1,5 @@ +config dnscrypt-proxy + option address '127.0.0.1' + option port '5353' + # option resolver 'opendns' + # option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv' diff --git a/net/dnscrypt-proxy/files/dnscrypt-proxy.init b/net/dnscrypt-proxy/files/dnscrypt-proxy.init new file mode 100644 index 000000000..24f29ae2c --- /dev/null +++ b/net/dnscrypt-proxy/files/dnscrypt-proxy.init @@ -0,0 +1,27 @@ +#!/bin/sh /etc/rc.common + +START=50 + +start_instance () { + local section="$1" + config_get address "$section" 'address' + config_get port "$section" 'port' + config_get resolver "$section" 'resolver' + config_get resolvers_list "$section" 'resolvers_list' + + service_start /usr/sbin/dnscrypt-proxy -d \ + -a ${address}:${port} \ + -u nobody \ + -L ${resolvers_list:-'/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'} \ + -R ${resolver:-'opendns'} +} + +start() { + config_load 'dnscrypt-proxy' + config_foreach start_instance 'dnscrypt-proxy' +} + +stop() { + service_stop /usr/sbin/dnscrypt-proxy +} +