Re: update net/dnscrypt-proxy 2.0.44

[Nam Nguyen]

Nam Nguyen writes:

> Stuart Henderson writes:
>> I think it only needs one not both - how about this which is a bit more
>> targetted too?
>>
>> @exec-update [[ $(stat -f '%u:%g'
>> ${LOCALSTATEDIR}/dnscrypt-proxy/public-resolvers.md 2>/dev/null) ==
>> 0:0 ]] && chgrp -R _dnscrypt-proxy ${LOCALSTATEDIR}/dnscrypt-proxy
>> && chmod -R ug+rwX ${LOCALSTATEDIR}/dnscrypt-proxy || true

> Stuart Henderson writes:
>> 775 seems ok, I would have it owned by root:_dnscrypt-proxy though, even if
>> only to avoid blowing out the columns in ls -l /var quite so much..

Here is a fresh diff to try to not wrestle with upstream downloading as
0644 too much.

dnscrypt-proxy downloads cache files as _dnscrypt-proxy once the refresh
delay / TTL expires with 644. Since this can happen quite often, I
propose keeping it as _dnscrypt-proxy:_dnscrypt-proxy instead of trying
to try to force it to root:_dnscrypt-proxy with either a patch or
@exec-update.

Alternatively, maybe _dnscrypt-proxy:wheel if we don't want the columns
too long?

This proposed diff has:
- no @mode, keeping it as 755 by default
- specifies @owner and @group of directory as
  _dnscrypt-proxy:_dnscrypt-proxy
- @exec-update to only change to _dnscrypt-proxy:_dnscrypt-proxy, to
  support upgrading existing installs

3 use cases follow and the fresh diff is at the end.

new install:
dust2$ ls -al /var/dnscrypt-proxy/                                             
total 8
drwxr-xr-x   2 _dnscrypt-proxy  _dnscrypt-proxy  512 Jun 17 17:52 .
drwxr-xr-x  25 root             wheel            512 Jun 17 17:52 ..
dust2$ ls -al /var/dnscrypt-proxy/ 
total 144
drwxr-xr-x   2 _dnscrypt-proxy  _dnscrypt-proxy    512 Jun 17 17:52 .
drwxr-xr-x  25 root             wheel              512 Jun 17 17:52 ..
-rw-r--r--   1 _dnscrypt-proxy  _dnscrypt-proxy  55606 Jun 17 17:52 
public-resolvers.md
-rw-r--r--   1 _dnscrypt-proxy  _dnscrypt-proxy    307 Jun 17 17:52 
public-resolvers.md.minisig
-rw-r--r--   1 _dnscrypt-proxy  _dnscrypt-proxy   6154 Jun 17 17:52 relays.md
-rw-r--r--   1 _dnscrypt-proxy  _dnscrypt-proxy    297 Jun 17 17:52 
relays.md.minisig

upgrading:
dust2$ ls -al /var/dnscrypt-proxy/ 
total 144
drwxr-xr-x   2 root  wheel    512 Jun 17 17:55 .
drwxr-xr-x  25 root  wheel    512 Jun 17 17:54 ..
-rw-r--r--   1 root  wheel  55606 Jun 17 17:55 public-resolvers.md
-rw-r--r--   1 root  wheel    307 Jun 17 17:55 public-resolvers.md.minisig
-rw-r--r--   1 root  wheel   6154 Jun 17 17:55 relays.md
-rw-r--r--   1 root  wheel    297 Jun 17 17:55 relays.md.minisig
dust2$ ls -al /var/dnscrypt-proxy/ 
total 144
drwxr-xr-x   2 _dnscrypt-proxy  _dnscrypt-proxy    512 Jun 17 17:55 .
drwxr-xr-x  25 root             wheel              512 Jun 17 17:54 ..
-rw-r--r--   1 _dnscrypt-proxy  _dnscrypt-proxy  55606 Jun 17 17:55 
public-resolvers.md
-rw-r--r--   1 _dnscrypt-proxy  _dnscrypt-proxy    307 Jun 17 17:55 
public-resolvers.md.minisig
-rw-r--r--   1 _dnscrypt-proxy  _dnscrypt-proxy   6154 Jun 17 17:55 relays.md
-rw-r--r--   1 _dnscrypt-proxy  _dnscrypt-proxy    297 Jun 17 17:55 
relays.md.minisig

upgrading with parental-control.md instead of public-resolvers.md:
dust2$ ls -al /var/dnscrypt-proxy/
total 44
drwxr-xr-x   2 root  wheel   512 Jun 17 18:00 .
drwxr-xr-x  25 root  wheel   512 Jun 17 18:00 ..
-rw-r--r--   1 root  wheel  5011 Jun 17 18:00 parental-control.md
-rw-r--r--   1 root  wheel   307 Jun 17 18:00 parental-control.md.minisig
-rw-r--r--   1 root  wheel  6154 Jun 17 18:00 relays.md
-rw-r--r--   1 root  wheel   297 Jun 17 18:00 relays.md.minisig
dust2$ ls -al /var/dnscrypt-proxy/ 
total 44
drwxr-xr-x   2 _dnscrypt-proxy  _dnscrypt-proxy   512 Jun 17 18:00 .
drwxr-xr-x  25 root             wheel             512 Jun 17 18:00 ..
-rw-r--r--   1 _dnscrypt-proxy  _dnscrypt-proxy  5011 Jun 17 18:00 
parental-control.md
-rw-r--r--   1 _dnscrypt-proxy  _dnscrypt-proxy   307 Jun 17 18:00 
parental-control.md.minisig
-rw-r--r--   1 _dnscrypt-proxy  _dnscrypt-proxy  6154 Jun 17 18:00 relays.md
-rw-r--r--   1 _dnscrypt-proxy  _dnscrypt-proxy   297 Jun 17 18:00 
relays.md.minisig

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v
retrieving revision 1.53
diff -u -p -u -p -r1.53 Makefile
--- Makefile    6 Apr 2020 18:42:57 -0000       1.53
+++ Makefile    18 Jun 2020 01:10:04 -0000
@@ -4,7 +4,7 @@ COMMENT =       flexible DNS proxy with suppor
 
 GH_ACCOUNT =   jedisct1
 GH_PROJECT =   dnscrypt-proxy
-GH_TAGNAME =   2.0.42
+GH_TAGNAME =   2.0.44
 
 CATEGORIES =   net
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v
retrieving revision 1.29
diff -u -p -u -p -r1.29 distinfo
--- distinfo    6 Apr 2020 18:42:57 -0000       1.29
+++ distinfo    18 Jun 2020 01:10:04 -0000
@@ -1,2 +1,2 @@
-SHA256 (dnscrypt-proxy-2.0.42.tar.gz) = 
wADKThWcZgbLNHbqnjTtZLXEbHENcMxWUfFPESXI01I=
-SIZE (dnscrypt-proxy-2.0.42.tar.gz) = 2324442
+SHA256 (dnscrypt-proxy-2.0.44.tar.gz) = 
wsmWjwekFOlz7Fc09FmNdWo1wyvu2xgmhZDqE1V5Qjc=
+SIZE (dnscrypt-proxy-2.0.44.tar.gz) = 2279842
Index: patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml
===================================================================
RCS file: 
/cvs/ports/net/dnscrypt-proxy/patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml,v
retrieving revision 1.13
diff -u -p -u -p -r1.13 patch-dnscrypt-proxy_example-dnscrypt-proxy_toml
--- patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml    23 Mar 2020 
05:16:43 -0000      1.13
+++ patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml    18 Jun 2020 
01:10:04 -0000
@@ -12,7 +12,7 @@ Index: dnscrypt-proxy/example-dnscrypt-p
  
  
  ## Require servers (from static + remote sources) to satisfy specific 
properties
-@@ -585,7 +585,7 @@ cache_neg_max_ttl = 600
+@@ -594,7 +594,7 @@ cache_neg_max_ttl = 600
  
    [sources.'public-resolvers']
    urls = 
['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md',
 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
@@ -21,7 +21,7 @@ Index: dnscrypt-proxy/example-dnscrypt-p
    minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
    prefix = ''
  
-@@ -593,7 +593,7 @@ cache_neg_max_ttl = 600
+@@ -602,7 +602,7 @@ cache_neg_max_ttl = 600
  
    [sources.'relays']
    urls = 
['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md',
 'https://download.dnscrypt.info/resolvers-list/v2/relays.md']
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/PLIST,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 PLIST
--- pkg/PLIST   22 Dec 2019 14:12:47 -0000      1.2
+++ pkg/PLIST   18 Jun 2020 01:10:04 -0000
@@ -16,4 +16,8 @@ share/examples/dnscrypt-proxy/example-dn
 share/examples/dnscrypt-proxy/example-forwarding-rules.txt
 share/examples/dnscrypt-proxy/example-ip-blacklist.txt
 share/examples/dnscrypt-proxy/example-whitelist.txt
+@owner _dnscrypt-proxy
+@group _dnscrypt-proxy
 @sample ${LOCALSTATEDIR}/dnscrypt-proxy/
+@comment fix owner for upgrades since privsep downloaded cache files in 2.0.43
+@exec-update [[ $(stat -f '%u:%g' 
${LOCALSTATEDIR}/dnscrypt-proxy/public-resolvers.md 2>/dev/null) != 688:688 ]] 
&& chown -R _dnscrypt-proxy:_dnscrypt-proxy ${LOCALSTATEDIR}/dnscrypt-proxy || 
true