Merge pull request #270 from damianorenfer/master

Add libsodium + dnscrypt-proxy

libs/libsodium/Makefile

@@ -0,0 +1,64 @@
+#
+# Copyright (C) 2009-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libsodium
+PKG_VERSION:=0.7.0
+PKG_RELEASE:=1
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://download.libsodium.org/libsodium/releases
+PKG_MD5SUM:=b9029bf810c4b5a8acc3afec1286a36a
+PKG_CAT:=zcat
+
+PKG_FIXUP:=libtool autoreconf
+PKG_USE_MIPS16:=0
+PKG_INSTALL:=1
+
+PKG_MAINTAINER:=Damiano Renfer <damiano.renfer@gmail.com>
+PKG_LICENSE:=ISC
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libsodium
+  SECTION:=libs
+  CATEGORY:=Libraries
+  DEFAULT:=y
+  TITLE:=P(ortable|ackageable) NaCl-based crypto library
+  URL:=https://github.com/jedisct1/libsodium
+  MAINTAINER:=Damiano Renfer <damiano.renfer@gmail.com>
+endef
+
+define Package/libsodium/description
+  NaCl (pronounced "salt") is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc.
+  NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools.
+  Sodium is a portable, cross-compilable, installable, packageable fork of NaCl (based on the latest released upstream version nacl-20110221), with a compatible API.
+  The design choices, particularly in regard to the Curve25519 Diffie-Hellman function, emphasize security (whereas NIST curves emphasize "performance" at the cost of security), and "magic constants" in NaCl/Sodium have clear rationales.
+  The same cannot be said of NIST curves, where the specific origins of certain constants are not described by the standards.
+  And despite the emphasis on higher security, primitives are faster across-the-board than most implementations of the NIST standards.
+endef
+
+define Build/Configure
+  $(call Build/Configure/Default, --disable-ssp)
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include/sodium
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/sodium.h $(1)/usr/include
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/sodium/*.h $(1)/usr/include/sodium
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libsodium.{a,so*} $(1)/usr/lib
+endef
+
+define Package/libsodium/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libsodium.so.* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libsodium))

net/dnscrypt-proxy/Makefile

@@ -0,0 +1,121 @@
+#
+# Copyright (C) 2009-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dnscrypt-proxy
+PKG_VERSION:=1.4.0
+PKG_RELEASE:=1
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://download.dnscrypt.org/dnscrypt-proxy
+PKG_MD5SUM:=c31d14d8de2123e9f2ddf26216577841
+PKG_CAT:=zcat
+
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+PKG_MAINTAINER:=Damiano Renfer <damiano.renfer@gmail.com>
+PKG_LICENSE:=ISC
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/dnscrypt-proxy/Default
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  DEPENDS:=+libsodium
+  URL:=http://dnscrypt.org/
+  MAINTAINER:=Damiano Renfer <damiano.renfer@gmail.com>
+endef
+
+define Package/dnscrypt-proxy
+  $(call Package/dnscrypt-proxy/Default)
+  TITLE:=A tool for securing communications between a client and a DNS resolver
+endef
+
+define Package/dnscrypt-proxy/description
+  dnscrypt-proxy provides local service which can be used directly as your
+  local resolver or as a DNS forwarder, encrypting and authenticating requests
+  using the DNSCrypt protocol and passing them to an upstream server.
+  The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography
+  and is very similar to DNSCurve, but focuses on securing communications between
+  a client and its first-level resolver.
+endef
+
+define Package/hostip
+  $(call Package/dnscrypt-proxy/Default)
+  TITLE:=Resolver to IPv4 or IPv6 addresses
+endef
+
+define Package/hostip/description
+  The DNSCrypt proxy ships with a simple tool named hostip that resolves a name
+  to IPv4 or IPv6 addresses.
+endef
+
+define Build/Configure
+	$(call Build/Configure/Default, \
+	--prefix=/usr \
+	--disable-ssp \
+	)
+endef
+
+TARGET_CFLAGS += \
+	-fomit-frame-pointer \
+	-fdata-sections \
+	-ffunction-sections
+
+TARGET_LDFLAGS += \
+	-Wl,-gc-sections
+
+MAKE_FLAGS += \
+	CFLAGS="$(TARGET_CFLAGS)" \
+	LDFLAGS="$(TARGET_LDFLAGS)"
+
+define Package/dnscrypt-proxy/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/dnscrypt-proxy $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/usr/share/dnscrypt-proxy
+	$(CP) $(PKG_INSTALL_DIR)/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv $(1)/usr/share/dnscrypt-proxy/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/dnscrypt-proxy.init $(1)/etc/init.d/dnscrypt-proxy
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) ./files/dnscrypt-proxy.config $(1)/etc/config/dnscrypt-proxy
+endef
+
+define Package/dnscrypt-proxy/postinst
+#!/bin/sh
+# check if we are on real system
+if [ -z "$${IPKG_INSTROOT}" ]; then
+        echo "Enabling rc.d symlink for dnscrypt-proxy"
+        /etc/init.d/dnscrypt-proxy enable
+fi
+exit 0
+endef
+
+define Package/dnscrypt-proxy/prerm
+#!/bin/sh
+# check if we are on real system
+if [ -z "$${IPKG_INSTROOT}" ]; then
+        echo "Removing rc.d symlink for dnscrypt-proxy"
+        /etc/init.d/dnscrypt-proxy disable
+fi
+exit 0
+endef
+
+define Package/dnscrypt-proxy/conffiles
+  /etc/config/dnscrypt-proxy
+endef
+
+define Package/hostip/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/hostip $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,dnscrypt-proxy))
+$(eval $(call BuildPackage,hostip))

net/dnscrypt-proxy/files/dnscrypt-proxy.config

@@ -0,0 +1,5 @@
+config dnscrypt-proxy
+	option address '127.0.0.1'
+	option port '5353'
+	# option resolver 'opendns'
+	# option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'

net/dnscrypt-proxy/files/dnscrypt-proxy.init

@@ -0,0 +1,27 @@
+#!/bin/sh /etc/rc.common
+
+START=50
+
+start_instance () {
+	local section="$1"
+	config_get address         "$section" 'address'
+	config_get port            "$section" 'port'
+	config_get resolver        "$section" 'resolver'
+	config_get resolvers_list  "$section" 'resolvers_list'
+
+	service_start /usr/sbin/dnscrypt-proxy -d \
+		-a ${address}:${port} \
+		-u nobody \
+		-L ${resolvers_list:-'/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'} \
+		-R ${resolver:-'opendns'}
+}
+
+start() {
+	config_load 'dnscrypt-proxy'
+	config_foreach start_instance 'dnscrypt-proxy'
+}
+
+stop() {
+	service_stop /usr/sbin/dnscrypt-proxy
+}
+