mirror of
https://github.com/openwrt/packages.git
synced 2026-06-01 07:21:56 +08:00
Stan Grishin
da763f593d
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
update to 2026.03.18, improve nftables rules
- Update PKG_VERSION to 2026.03.18.
- Set PKG_RELEASE to 1.
- Update PKG_SOURCE_VERSION to 801881210ba8215dc9cd577222d8c10372423360.
- Update PKG_MIRROR_HASH to 4c356c19b62fc7bdef3a67fd678e48f3659d709da10517c2eadef76e3409f5ce.
files/etc/init.d/https-dns-proxy:
- Wrap the notrack chain in its own `inet https_dns_proxy_notrack`
table. A top-level `chain` outside any table is invalid nftables
syntax and is rejected on kernel 6.18+, breaking firewall load.
Fixes mossdef-org/https-dns-proxy#7.
- Syntax-check the generated snippet with `nft -c -f` after write
and report OK/FAIL on the start path.
- On remove, explicitly `nft delete table` in addition to removing
the snippet file, so the live ruleset is cleaned up immediately
rather than waiting for the next fw4 reload.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 0d5f7a16c1)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
64 lines
2.0 KiB
Makefile
64 lines
2.0 KiB
Makefile
# SPDX-License-Identifier: MIT
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=https-dns-proxy
|
|
PKG_VERSION:=2026.03.18
|
|
PKG_RELEASE:=1
|
|
|
|
PKG_SOURCE_PROTO:=git
|
|
PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy/
|
|
PKG_MIRROR_HASH:=4c356c19b62fc7bdef3a67fd678e48f3659d709da10517c2eadef76e3409f5ce
|
|
PKG_SOURCE_VERSION:=801881210ba8215dc9cd577222d8c10372423360
|
|
|
|
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
|
|
PKG_LICENSE:=MIT
|
|
PKG_LICENSE_FILES:=LICENSE
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
include $(INCLUDE_DIR)/cmake.mk
|
|
|
|
TARGET_CFLAGS += $(FPIC)
|
|
TARGET_LDFLAGS += -Wl,--gc-sections
|
|
CMAKE_OPTIONS += -DCLANG_TIDY_EXE= -DSW_VERSION=$(PKG_VERSION)-r$(PKG_RELEASE)
|
|
|
|
define Package/https-dns-proxy
|
|
SECTION:=net
|
|
CATEGORY:=Network
|
|
TITLE:=DNS Over HTTPS Proxy
|
|
URL:=https://github.com/mossdef-org/https-dns-proxy/
|
|
DEPENDS:= \
|
|
+libcares \
|
|
+libcurl \
|
|
+libev \
|
|
+ca-bundle \
|
|
+jsonfilter \
|
|
+resolveip \
|
|
+!BUSYBOX_DEFAULT_GREP:grep \
|
|
+!BUSYBOX_DEFAULT_SED:sed
|
|
CONFLICTS:=https_dns_proxy
|
|
endef
|
|
|
|
define Package/https-dns-proxy/description
|
|
Light-weight DNS-over-HTTPS, non-caching translation proxy for the RFC 8484 DoH standard.
|
|
It receives regular, unencrypted (UDP) DNS requests and resolves them via DoH resolver.
|
|
Please see https://docs.openwrt.melmac.ca/https-dns-proxy/ for more information.
|
|
endef
|
|
|
|
define Package/https-dns-proxy/conffiles
|
|
/etc/config/https-dns-proxy
|
|
endef
|
|
|
|
define Package/https-dns-proxy/install
|
|
$(INSTALL_DIR) $(1)/usr/sbin
|
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/https_dns_proxy $(1)/usr/sbin/https-dns-proxy
|
|
$(INSTALL_DIR) $(1)/etc/init.d
|
|
$(INSTALL_BIN) ./files/etc/init.d/https-dns-proxy $(1)/etc/init.d/https-dns-proxy
|
|
$(SED) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-r$(PKG_RELEASE)'|" $(1)/etc/init.d/https-dns-proxy
|
|
$(INSTALL_DIR) $(1)/etc/config
|
|
$(INSTALL_CONF) ./files/etc/config/https-dns-proxy $(1)/etc/config/https-dns-proxy
|
|
$(INSTALL_DIR) $(1)/etc/uci-defaults/
|
|
$(INSTALL_BIN) ./files/etc/uci-defaults/50-https-dns-proxy-migrate-options.sh $(1)/etc/uci-defaults/50-https-dns-proxy-migrate-options.sh
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,https-dns-proxy))
|