Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 711890f1313a
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 93b68c7cc5a4
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on May 27, 2020

  1. nixos/dnscrypt-wrapper: use dnscrypt-proxy1 

    (cherry picked from commit fd3727a)

This commit fixes the currently broken dnscrypt-wrapper module.
    @rnhmjoj
    rnhmjoj committed May 27, 2020
    Copy the full SHA
    93b68c7 View commit details
Showing with 42 additions and 1 deletion.
  1. +42 −1 nixos/modules/services/networking/dnscrypt-wrapper.nix
43 changes: 42 additions & 1 deletion nixos/modules/services/networking/dnscrypt-wrapper.nix
View file
Original file line number Diff line number Diff line change
@@ -64,6 +64,47 @@ let
fi
'';


# This is the fork of the original dnscrypt-proxy maintained by Dyne.org.
# dnscrypt-proxy2 doesn't provide the `--test` feature that is needed to
# correctly implement key rotation of dnscrypt-wrapper ephemeral keys.
dnscrypt-proxy1 = pkgs.callPackage
({ stdenv, fetchFromGitHub, autoreconfHook
, pkgconfig, libsodium, ldns, openssl, systemd }:

stdenv.mkDerivation rec {
pname = "dnscrypt-proxy";
version = "2019-08-20";

src = fetchFromGitHub {
owner = "dyne";
repo = "dnscrypt-proxy";
rev = "07ac3825b5069adc28e2547c16b1d983a8ed8d80";
sha256 = "0c4mq741q4rpmdn09agwmxap32kf0vgfz7pkhcdc5h54chc3g3xy";
};

configureFlags = optional stdenv.isLinux "--with-systemd";

nativeBuildInputs = [ autoreconfHook pkgconfig ];

# <ldns/ldns.h> depends on <openssl/ssl.h>
buildInputs = [ libsodium openssl.dev ldns ] ++ optional stdenv.isLinux systemd;

postInstall = ''
# Previous versions required libtool files to load plugins; they are
# now strictly optional.
rm $out/lib/dnscrypt-proxy/*.la
'';

meta = {
description = "A tool for securing communications between a client and a DNS resolver";
homepage = "https://github.com/dyne/dnscrypt-proxy";
license = licenses.isc;
maintainers = with maintainers; [ rnhmjoj ];
platforms = platforms.linux;
};
}) { };

in {


@@ -179,7 +220,7 @@ in {
requires = [ "dnscrypt-wrapper.service" ];
description = "Rotates DNSCrypt wrapper keys if soon to expire";

path = with pkgs; [ dnscrypt-wrapper dnscrypt-proxy gawk ];
path = with pkgs; [ dnscrypt-wrapper dnscrypt-proxy1 gawk ];
script = rotateKeys;
serviceConfig.User = "dnscrypt-wrapper";
};