Dear Eric Dorland,
please find attached a prelimiary version of an initscript with multiple
resolver support. While it is still not perfect (no check for "Daemonize
no" in default config file, no check for config file being included by
other config files) it is already running in production use and doesn't
seem to create problems. If you would be willing to include it into
dnscrypt-proxy I would do the support for it. If somebody wants to test
it:
change
Daemonize no
to
Daemonize yes
and add
User _dnscrypt-proxy
it the default config file
Kind regards
Harald Jenny
#!/bin/sh -e
### BEGIN INIT INFO
# Provides: dnscrypt-proxy
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Should-Start: $network $syslog
# Should-Stop: $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start and stop dnscrypt-proxy
# Description: dnscrypt-proxy is Domain Name resolver with extra security
# features and enhanced privacy.
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
. /lib/lsb/init-functions
DNSCRYPT_PROXY_BIN=/usr/sbin/dnscrypt-proxy
DNSCRYPT_PROXY_CONFDIR=/etc/dnscrypt-proxy
DNSCRYPT_PROXY_HOME=/run/dnscrypt-proxy
# Exit if the package is not installed
[ -x "${DNSCRYPT_PROXY_BIN}" ] || exit 0
get_config () {
if [ -e ${DNSCRYPT_PROXY_CONFDIR}/dnscrypt-proxy.conf ]; then
if [ $(find ${DNSCRYPT_PROXY_CONFDIR} -maxdepth 1 -type f \
-a -name "dnscrypt-proxy*.conf" \
-a ! -name "dnscrypt-proxy-common.conf" \
| wc -l) -gt 1 ]; then
log_warning_msg "${DNSCRYPT_PROXY_CONFDIR}/dnscrypt-proxy.conf found,
using this as config file."
log_warning_msg "If you want multiple instances of dnscrypt-proxy then
please rename"
log_warning_msg "dnscrypt-proxy.conf permanently by using the following
command:"
log_warning_msg "dpkg-divert --local --divert FILENAME_OF_YOUR_CHOICE
\\"
log_warning_msg "--rename ${DNSCRYPT_PROXY_CONFDIR}/dnscrypt-proxy.conf"
fi
DNSCRYPT_PROXY_CONFS=${DNSCRYPT_PROXY_CONFDIR}/dnscrypt-proxy.conf
else
if [ -z "$2" ]; then
DNSCRYPT_PROXY_CONFS=$(find ${DNSCRYPT_PROXY_CONFDIR} -maxdepth 1 -type f
\
-a -name "dnscrypt-proxy*.conf" \
-a ! -name "dnscrypt-proxy-common.conf" | sort)
else
while shift ; do
[ -z "$1" ] && break
DNSCRYPT_PROXY_CONFS="${DNSCRYPT_PROXY_CONFS}
${DNSCRYPT_PROXY_CONFDIR}/dnscrypt-proxy-$1.conf"
done
fi
fi
}
start_instance () {
if [ -e ${DNSCRYPT_PROXY_CONF} ]; then
DNSCRYPT_PROXY_INSTANCE=$(basename ${DNSCRYPT_PROXY_CONF} | sed
's/.conf$//')
DNSCRYPT_PROXY_PIDFILE=$(grep "^PidFile" ${DNSCRYPT_PROXY_CONF} | awk
'{print $2}')
log_daemon_msg "Starting dnscrypt proxy service..."
${DNSCRYPT_PROXY_INSTANCE}
if start_daemon -p "${DNSCRYPT_PROXY_PIDFILE}" ${DNSCRYPT_PROXY_BIN} \
${DNSCRYPT_PROXY_CONF} 2>/dev/null; then
if [ -x /sbin/resolvconf ]; then
grep "^LocalAddress" ${DNSCRYPT_PROXY_CONF} \
| awk '{print "nameserver "$2}' \
| cut -d ':' -f 1 \
| /sbin/resolvconf -a lo.${DNSCRYPT_PROXY_INSTANCE}
fi
log_success_msg
else
EXIT_STATUS=$?
log_failure_msg
fi
else
log_failure_msg "${DNSCRYPT_PROXY_CONF} not found" && EXIT_STATUS=3
fi
}
stop_instance () {
if [ -e ${DNSCRYPT_PROXY_CONF} ]; then
DNSCRYPT_PROXY_INSTANCE=$(basename ${DNSCRYPT_PROXY_CONF} | sed
's/.conf$//')
DNSCRYPT_PROXY_PIDFILE=$(grep "^PidFile" ${DNSCRYPT_PROXY_CONF} | awk
'{print $2}')
log_daemon_msg "Stopping dnscrypt proxy service..."
${DNSCRYPT_PROXY_INSTANCE}
if [ -x /sbin/resolvconf ]; then
/sbin/resolvconf -d lo.${DNSCRYPT_PROXY_INSTANCE}
fi
if killproc -p "${DNSCRYPT_PROXY_PIDFILE}" ${DNSCRYPT_PROXY_BIN}; then
log_success_msg
else
echo $?
EXIT_STATUS=$?
log_failure_msg
fi
else
log_failure_msg "${DNSCRYPT_PROXY_CONF} not found" && EXIT_STATUS=3
fi
}
check_instance () {
if [ -e ${DNSCRYPT_PROXY_CONF} ]; then
DNSCRYPT_PROXY_INSTANCE=$(basename ${DNSCRYPT_PROXY_CONF} | sed
's/.conf$//')
DNSCRYPT_PROXY_PIDFILE=$(grep "^PidFile" ${DNSCRYPT_PROXY_CONF} | awk
'{print $2}')
status_of_proc -p "${DNSCRYPT_PROXY_PIDFILE}" ${DNSCRYPT_PROXY_BIN} \
${DNSCRYPT_PROXY_INSTANCE} 2>/dev/null || EXIT_STATUS=$?
else
log_failure_msg "${DNSCRYPT_PROXY_CONF} not found" && EXIT_STATUS=3
fi
}
case "$1" in
start)
[ -d "${DNSCRYPT_PROXY_HOME}" ] || \
mkdir -m 0555 "${DNSCRYPT_PROXY_HOME}"
EXIT_STATUS=0
get_config "$@"
for DNSCRYPT_PROXY_CONF in ${DNSCRYPT_PROXY_CONFS}; do
start_instance
done
exit ${EXIT_STATUS}
;;
stop)
EXIT_STATUS=0
get_config "$@"
for DNSCRYPT_PROXY_CONF in ${DNSCRYPT_PROXY_CONFS}; do
stop_instance
done
exit ${EXIT_STATUS}
;;
restart|force-reload)
shift
$0 stop ${@}
$0 start ${@}
;;
status)
EXIT_STATUS=0
get_config "$@"
for DNSCRYPT_PROXY_CONF in ${DNSCRYPT_PROXY_CONFS}; do
check_instance
done
exit ${EXIT_STATUS}
;;
*)
log_action_msg "Usage: /etc/init.d/dnscrypt-proxy
{start|stop|restart|force-reload|status}"
exit 1
;;
esac
exit 0
# vim: set ai sts=2 sw=2 tw=0 :
