Browse Source

Merge pull request #270 from damianorenfer/master

Add libsodium + dnscrypt-proxy
lilik-openwrt-22.03
sbyx 10 years ago
parent
commit
a6f7d7078b
4 changed files with 217 additions and 0 deletions
  1. +64
    -0
      libs/libsodium/Makefile
  2. +121
    -0
      net/dnscrypt-proxy/Makefile
  3. +5
    -0
      net/dnscrypt-proxy/files/dnscrypt-proxy.config
  4. +27
    -0
      net/dnscrypt-proxy/files/dnscrypt-proxy.init

+ 64
- 0
libs/libsodium/Makefile View File

@ -0,0 +1,64 @@
#
# Copyright (C) 2009-2014 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=libsodium
PKG_VERSION:=0.7.0
PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://download.libsodium.org/libsodium/releases
PKG_MD5SUM:=b9029bf810c4b5a8acc3afec1286a36a
PKG_CAT:=zcat
PKG_FIXUP:=libtool autoreconf
PKG_USE_MIPS16:=0
PKG_INSTALL:=1
PKG_MAINTAINER:=Damiano Renfer <damiano.renfer@gmail.com>
PKG_LICENSE:=ISC
include $(INCLUDE_DIR)/package.mk
define Package/libsodium
SECTION:=libs
CATEGORY:=Libraries
DEFAULT:=y
TITLE:=P(ortable|ackageable) NaCl-based crypto library
URL:=https://github.com/jedisct1/libsodium
MAINTAINER:=Damiano Renfer <damiano.renfer@gmail.com>
endef
define Package/libsodium/description
NaCl (pronounced "salt") is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc.
NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools.
Sodium is a portable, cross-compilable, installable, packageable fork of NaCl (based on the latest released upstream version nacl-20110221), with a compatible API.
The design choices, particularly in regard to the Curve25519 Diffie-Hellman function, emphasize security (whereas NIST curves emphasize "performance" at the cost of security), and "magic constants" in NaCl/Sodium have clear rationales.
The same cannot be said of NIST curves, where the specific origins of certain constants are not described by the standards.
And despite the emphasis on higher security, primitives are faster across-the-board than most implementations of the NIST standards.
endef
define Build/Configure
$(call Build/Configure/Default, --disable-ssp)
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include/sodium
$(CP) $(PKG_INSTALL_DIR)/usr/include/sodium.h $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/sodium/*.h $(1)/usr/include/sodium
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libsodium.{a,so*} $(1)/usr/lib
endef
define Package/libsodium/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libsodium.so.* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libsodium))

+ 121
- 0
net/dnscrypt-proxy/Makefile View File

@ -0,0 +1,121 @@
#
# Copyright (C) 2009-2014 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=dnscrypt-proxy
PKG_VERSION:=1.4.0
PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://download.dnscrypt.org/dnscrypt-proxy
PKG_MD5SUM:=c31d14d8de2123e9f2ddf26216577841
PKG_CAT:=zcat
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
PKG_MAINTAINER:=Damiano Renfer <damiano.renfer@gmail.com>
PKG_LICENSE:=ISC
include $(INCLUDE_DIR)/package.mk
define Package/dnscrypt-proxy/Default
SECTION:=net
CATEGORY:=Network
SUBMENU:=IP Addresses and Names
DEPENDS:=+libsodium
URL:=http://dnscrypt.org/
MAINTAINER:=Damiano Renfer <damiano.renfer@gmail.com>
endef
define Package/dnscrypt-proxy
$(call Package/dnscrypt-proxy/Default)
TITLE:=A tool for securing communications between a client and a DNS resolver
endef
define Package/dnscrypt-proxy/description
dnscrypt-proxy provides local service which can be used directly as your
local resolver or as a DNS forwarder, encrypting and authenticating requests
using the DNSCrypt protocol and passing them to an upstream server.
The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography
and is very similar to DNSCurve, but focuses on securing communications between
a client and its first-level resolver.
endef
define Package/hostip
$(call Package/dnscrypt-proxy/Default)
TITLE:=Resolver to IPv4 or IPv6 addresses
endef
define Package/hostip/description
The DNSCrypt proxy ships with a simple tool named hostip that resolves a name
to IPv4 or IPv6 addresses.
endef
define Build/Configure
$(call Build/Configure/Default, \
--prefix=/usr \
--disable-ssp \
)
endef
TARGET_CFLAGS += \
-fomit-frame-pointer \
-fdata-sections \
-ffunction-sections
TARGET_LDFLAGS += \
-Wl,-gc-sections
MAKE_FLAGS += \
CFLAGS="$(TARGET_CFLAGS)" \
LDFLAGS="$(TARGET_LDFLAGS)"
define Package/dnscrypt-proxy/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/dnscrypt-proxy $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/share/dnscrypt-proxy
$(CP) $(PKG_INSTALL_DIR)/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv $(1)/usr/share/dnscrypt-proxy/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/dnscrypt-proxy.init $(1)/etc/init.d/dnscrypt-proxy
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/dnscrypt-proxy.config $(1)/etc/config/dnscrypt-proxy
endef
define Package/dnscrypt-proxy/postinst
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
echo "Enabling rc.d symlink for dnscrypt-proxy"
/etc/init.d/dnscrypt-proxy enable
fi
exit 0
endef
define Package/dnscrypt-proxy/prerm
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
echo "Removing rc.d symlink for dnscrypt-proxy"
/etc/init.d/dnscrypt-proxy disable
fi
exit 0
endef
define Package/dnscrypt-proxy/conffiles
/etc/config/dnscrypt-proxy
endef
define Package/hostip/install
$(INSTALL_DIR) $(1)/usr/bin
$(CP) $(PKG_INSTALL_DIR)/usr/bin/hostip $(1)/usr/bin/
endef
$(eval $(call BuildPackage,dnscrypt-proxy))
$(eval $(call BuildPackage,hostip))

+ 5
- 0
net/dnscrypt-proxy/files/dnscrypt-proxy.config View File

@ -0,0 +1,5 @@
config dnscrypt-proxy
option address '127.0.0.1'
option port '5353'
# option resolver 'opendns'
# option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'

+ 27
- 0
net/dnscrypt-proxy/files/dnscrypt-proxy.init View File

@ -0,0 +1,27 @@
#!/bin/sh /etc/rc.common
START=50
start_instance () {
local section="$1"
config_get address "$section" 'address'
config_get port "$section" 'port'
config_get resolver "$section" 'resolver'
config_get resolvers_list "$section" 'resolvers_list'
service_start /usr/sbin/dnscrypt-proxy -d \
-a ${address}:${port} \
-u nobody \
-L ${resolvers_list:-'/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'} \
-R ${resolver:-'opendns'}
}
start() {
config_load 'dnscrypt-proxy'
config_foreach start_instance 'dnscrypt-proxy'
}
stop() {
service_stop /usr/sbin/dnscrypt-proxy
}

Loading…
Cancel
Save