class DnscryptProxy < Formula desc "Secure communications between a client and a DNS resolver" homepage "https://dnscrypt.org" url "https://github.com/jedisct1/dnscrypt-proxy/archive/1.9.4.tar.gz" sha256 "a79d5da0133344d38f8b3d3355c16269f11c15fbeedd0521e1a657b00ac503bb" revision 2 head "https://github.com/jedisct1/dnscrypt-proxy.git" bottle do sha256 "4a9f3e632853614258a8a598114e54ef6acfe2eb828e221ffba4bb76175db0f3" => :sierra sha256 "979e46b37d32bd0a5474b375ffe37a1f6d7b41ca2eb64e7f4998fa6203a20adc" => :el_capitan sha256 "1f0a121039a9f251daf659f2b90e9bc67b22cfa049f2f6dbd70626c6ddf36639" => :yosemite end option "without-plugins", "Disable support for plugins" depends_on "autoconf" => :build depends_on "automake" => :build depends_on "pkg-config" => :build depends_on "libtool" => :run depends_on "libsodium" depends_on "minisign" => :recommended if MacOS.version >= :el_capitan depends_on "ldns" => :recommended def install # Modify hard-coded path to resolver list & run as unprivileged user. inreplace "dnscrypt-proxy.conf" do |s| s.gsub! "# ResolversList /usr/local/share/dnscrypt-proxy/dnscrypt-resolvers.csv", "ResolversList #{opt_pkgshare}/dnscrypt-resolvers.csv" s.gsub! "# User _dnscrypt-proxy", "User nobody" end system "./autogen.sh" args = %W[--disable-dependency-tracking --prefix=#{prefix} --sysconfdir=#{etc}] if build.with? "plugins" args << "--enable-plugins" args << "--enable-relaxed-plugins-permissions" args << "--enable-plugins-root" end system "./configure", *args system "make", "install" pkgshare.install Dir["contrib/*"] - Dir["contrib/Makefile*"] if build.with? "minisign" (bin/"dnscrypt-update-resolvers").write <<-EOS.undent #!/bin/sh RESOLVERS_UPDATES_BASE_URL=https://download.dnscrypt.org/dnscrypt-proxy RESOLVERS_LIST_BASE_DIR=#{pkgshare} RESOLVERS_LIST_PUBLIC_KEY="RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3" curl -L --max-redirs 5 -4 -m 30 --connect-timeout 30 -s \ "${RESOLVERS_UPDATES_BASE_URL}/dnscrypt-resolvers.csv" > \ "${RESOLVERS_LIST_BASE_DIR}/dnscrypt-resolvers.csv.tmp" && \ curl -L --max-redirs 5 -4 -m 30 --connect-timeout 30 -s \ "${RESOLVERS_UPDATES_BASE_URL}/dnscrypt-resolvers.csv.minisig" > \ "${RESOLVERS_LIST_BASE_DIR}/dnscrypt-resolvers.csv.minisig" && \ minisign -Vm ${RESOLVERS_LIST_BASE_DIR}/dnscrypt-resolvers.csv.tmp \ -x "${RESOLVERS_LIST_BASE_DIR}/dnscrypt-resolvers.csv.minisig" \ -P "$RESOLVERS_LIST_PUBLIC_KEY" -q && \ mv -f ${RESOLVERS_LIST_BASE_DIR}/dnscrypt-resolvers.csv.tmp \ ${RESOLVERS_LIST_BASE_DIR}/dnscrypt-resolvers.csv EOS chmod 0775, bin/"dnscrypt-update-resolvers" end end def post_install return if build.without? "minisign" system bin/"dnscrypt-update-resolvers" end def caveats s = <<-EOS.undent After starting dnscrypt-proxy, you will need to point your local DNS server to 127.0.0.1. You can do this by going to System Preferences > "Network" and clicking the "Advanced..." button for your interface. You will see a "DNS" tab where you can click "+" and enter 127.0.0.1 in the "DNS Servers" section. By default, dnscrypt-proxy runs on localhost (127.0.0.1), port 53, and under the "nobody" user using a random resolver. If you would like to change these settings, you will have to edit the configuration file: #{etc}/dnscrypt-proxy.conf (e.g., ResolverName, etc.) To check that dnscrypt-proxy is working correctly, open Terminal and enter the following command. Replace en1 with whatever network interface you're using: sudo tcpdump -i en1 -vvv 'port 443' You should see a line in the result that looks like this: resolver2.dnscrypt.eu.https EOS if build.with? "minisign" s += <<-EOS.undent If at some point the resolver file gets outdated, it can be updated to the latest version by running: #{opt_bin}/dnscrypt-update-resolvers EOS end s end plist_options :startup => true def plist; <<-EOS.undent Label #{plist_name} KeepAlive RunAtLoad ProgramArguments #{opt_sbin}/dnscrypt-proxy #{etc}/dnscrypt-proxy.conf UserName root StandardErrorPath /dev/null StandardOutPath /dev/null EOS end test do system "#{sbin}/dnscrypt-proxy", "--version" end end