Sunday, April 19, 2015

Dirty Hacking Dnscrypt so It Works On Debian 7

This is for the Debian lovers amongst you that can't use the Ubuntu repositories for dnscrypt-proxy, and also a follow up to this post. There is no version anywhere that I know of that is completely stable and will compile on a Debian Wheezy box without error. This assumes you installed libsodium, autoconf, build-essential, libevent, and whatever else it depends on. That's all a cakewalk, but the actual installer for dnscrypt is broken (on Debian systems, anway...). In my case, I could never get past this point while running the configure script:

$ ./configure
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking how to create a ustar tar archive... gnutar
checking whether to enable maintainer-specific portions of Makefiles... no
./configure: line 3264: syntax error near unexpected token `SYSTEMD,'
./configure: line 3264: `  PKG_CHECK_MODULES(SYSTEMD, libsystemd, have_systemd=yes,'


First of all, just apt-get install systemd. Than you need to butcher that script and remove the check for the systemd daemon. I just commented it all out like this:

# Check whether --with-systemd was given.
#if test "${with_systemd+set}" = set; then :
#  withval=$with_systemd;
#fi#
#
#
#have_systemd=no
#if test "x$with_systemd" = "xyes"; then :

#  PKG_CHECK_MODULES([SYSTEMD], [libsystemd], have_systemd=yes, have_systemd=no))
#    PKG_CHECK_MODULES([SYSTEMD_DAEMON], [libsystemd-daemon], [have_systemd=yes], [have_systemd=no]))
#  )
#  case $with_systemd:$have_systemd in #(
#  yes:no) :
#    as_fn_error $? "systemd expected but libsystemd not found" "$LINENO" 5 ;; #(
#  *:yes) :

#$as_echo "#define HAVE_LIBSYSTEMD 1" >>confdefs.h
#
#   ;; #(
#  *) :
#     ;;
#esac

#fi
# if test "x$have_systemd" = "xyes"; then
#  HAVE_SYSTEMD_TRUE=
#  HAVE_SYSTEMD_FALSE='#'
#else
 # HAVE_SYSTEMD_TRUE='#'
#  HAVE_SYSTEMD_FALSE=
#fi


And of course don't forget to tell the system that yes, you do have systemd... So add this line:

HAVE_SYSTEMD_TRUE='#'

Save the configure script and try again.

./configure && make && sudo make install

What do you know, success! Now you're not in the clear yet... the installer (for version 1.43 anyway) fails to add the user dnscrypt:

adduser --system --home /etc/dnscrypt/run --shell /bin/false --group --disabled-password --disabled-login dnscrypt

Now edit the init script if you have one. If you tried the dnscrypt-autoinstaller, and every other damn script in the world like I did, you will have one at /etc/init.d/dnscrypt-proxy


Comment out all that nonsense so that there is only ONE daemon launching, and it's simplified: (See my older post about configuring dnscrypt, unbound, and openvpn for more details.)

$DAEMON --daemonize --user=dnscrypt --local-address=127.0.0.1 -R opendns

And now run service dnscrypt-proxy start ... should be good!

This is what success looks like:

whatever@superfunbox:/etc/init.d$ dig debug.opendns.com txt

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> debug.opendns.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9877
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;debug.opendns.com.        IN    TXT

;; ANSWER SECTION:
debug.opendns.com.    0    IN    TXT    "server 1.otp"
debug.opendns.com.    0    IN    TXT    "flags 20 0 70 5950800000000000000"
debug.opendns.com.    0    IN    TXT    "originid 0"
debug.opendns.com.    0    IN    TXT    "actype 0"
debug.opendns.com.    0    IN    TXT    "source xx.xx.xx.xx"
debug.opendns.com.    0    IN    TXT    "dnscrypt enabled (7144576459C33377)"

;; Query time: 12 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Apr 19 18:38:02 2015
;; MSG SIZE  rcvd: 248

2 comments:

  1. No need to edit anything if you download a release tarball from https://download.dnscrypt.org/dnscrypt-proxy/

    The error you get is because you forgot to install pkg-config:

    apt-get install pkg-config

    Which is not needed if you use a release tarball, only if for some reason you downloaded development code from github, or if you ran autogen.sh (which is not required with a release tarball).

    ReplyDelete
  2. Ah, good to know. Is that why systemd was not being detected? I was actually planning on updating this post because the installation process is much smoother now (it would seem that some bugs were fixed) and also I believe that some of the problems I was having were due to the Ubuntu switch from upstart to systemd, which I did not really know how to use correctly when I wrote this.

    ReplyDelete