From ffa082851576f518625b7174b437bc05af9ada52 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 2 Mar 2023 19:05:11 +0100 Subject: [PATCH 01/29] Update tokio --- src/libdoh/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libdoh/Cargo.toml b/src/libdoh/Cargo.toml index 63ce489..f60a1c4 100644 --- a/src/libdoh/Cargo.toml +++ b/src/libdoh/Cargo.toml @@ -24,7 +24,7 @@ futures = "0.3.26" hyper = { version = "0.14.24", default-features = false, features = ["server", "http1", "http2", "stream"] } odoh-rs = "1.0.1" rand = "0.8.5" -tokio = { version = "1.25.0", features = ["net", "rt-multi-thread", "time", "sync"] } +tokio = { version = "1.26.0", features = ["net", "rt-multi-thread", "time", "sync"] } tokio-rustls = { version = "0.23.4", features = ["early-data"], optional = true } rustls-pemfile = "1.0.2" From 678bd04bed08dcf097f7eeef3b0172fd27018d26 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 13 Apr 2023 17:12:29 +0200 Subject: [PATCH 02/29] Update deps --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 3c13e6f..0f880cc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,7 +19,7 @@ tls = ["libdoh/tls"] libdoh = { path = "src/libdoh", version = "0.9.8", default-features = false } clap = { version = "4", features = ["std", "cargo", "wrap_help", "string"] } dnsstamps = "0.1.9" -mimalloc = { version = "0.1.34", default-features = false } +mimalloc = { version = "0.1.36", default-features = false } [package.metadata.deb] extended-description = """\ From 6f9f63e754dd700ed8215c2cb45d43ffad96f097 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 13 Apr 2023 17:13:03 +0200 Subject: [PATCH 03/29] Update deps, especially hyper --- src/libdoh/Cargo.toml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libdoh/Cargo.toml b/src/libdoh/Cargo.toml index f60a1c4..0ee20e8 100644 --- a/src/libdoh/Cargo.toml +++ b/src/libdoh/Cargo.toml @@ -15,16 +15,16 @@ default = ["tls"] tls = ["tokio-rustls"] [dependencies] -anyhow = "1.0.69" +anyhow = "1.0.70" arc-swap = "1.6.0" base64 = "0.21.0" byteorder = "1.4.3" bytes = "1.4.0" -futures = "0.3.26" -hyper = { version = "0.14.24", default-features = false, features = ["server", "http1", "http2", "stream"] } +futures = "0.3.28" +hyper = { version = "0.14.25", default-features = false, features = ["server", "http1", "http2", "stream"] } odoh-rs = "1.0.1" rand = "0.8.5" -tokio = { version = "1.26.0", features = ["net", "rt-multi-thread", "time", "sync"] } +tokio = { version = "1.27.0", features = ["net", "rt-multi-thread", "time", "sync"] } tokio-rustls = { version = "0.23.4", features = ["early-data"], optional = true } rustls-pemfile = "1.0.2" From 19040f1e884e4b9c381f79bcd189ad71c03675c7 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 14 Apr 2023 09:45:20 +0200 Subject: [PATCH 04/29] Nits --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 52b45df..91e0783 100644 --- a/README.md +++ b/README.md @@ -136,7 +136,7 @@ This can be achieved with the `--allow-odoh-post` command-line switch. * When using DoH, DNS stamps should include a resolver IP address in order to remove a dependency on non-encrypted, non-authenticated, easy-to-block resolvers. * Unlike DNSCrypt where users must explicitly trust a DNS server's public key, the security of DoH relies on traditional public Certificate Authorities. Additional root certificates (required by governments, security software, enterprise gateways) installed on a client immediately make DoH vulnerable to MITM. In order to prevent this, DNS stamps should include the hash of the parent certificate. * TLS certificates are tied to host names. But domains expire, get reassigned and switch hands all the time. If a domain originally used for a DoH service gets a new, possibly malicious owner, clients still configured to use the service will blindly keep trusting it if the CA is the same. As a mitigation, the CA should sign an intermediate certificate (the only one present in the stamp), itself used to sign the name used by the DoH server. While commercial CAs offer this, Let's Encrypt currently doesn't. -* Make sure that the front-end supports HTTP/2 and TLS 1.3. +* Make sure that the front-end supports at least HTTP/2 and TLS 1.3. * Internal DoH servers still require TLS certificates. So, if you are planning to deploy an internal server, you need to set up an internal CA, or add self-signed certificates to every single client. ## Example usage with `encrypted-dns-server` From e8df0458ac79b2b1d72c974b66641931c891b1d2 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 14 Apr 2023 12:38:08 +0200 Subject: [PATCH 05/29] Bump hyper. Again. --- src/libdoh/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libdoh/Cargo.toml b/src/libdoh/Cargo.toml index 0ee20e8..603218b 100644 --- a/src/libdoh/Cargo.toml +++ b/src/libdoh/Cargo.toml @@ -21,7 +21,7 @@ base64 = "0.21.0" byteorder = "1.4.3" bytes = "1.4.0" futures = "0.3.28" -hyper = { version = "0.14.25", default-features = false, features = ["server", "http1", "http2", "stream"] } +hyper = { version = "0.14.26", default-features = false, features = ["server", "http1", "http2", "stream"] } odoh-rs = "1.0.1" rand = "0.8.5" tokio = { version = "1.27.0", features = ["net", "rt-multi-thread", "time", "sync"] } From e5f6f2a5d65f29af0e97597041ce6f8604e01d87 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 14 Apr 2023 12:44:12 +0200 Subject: [PATCH 06/29] Bump --- Cargo.toml | 4 ++-- src/libdoh/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 0f880cc..e37d98a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "doh-proxy" -version = "0.9.8" +version = "0.9.9" authors = ["Frank Denis "] description = "A DNS-over-HTTPS (DoH) and ODoH (Oblivious DoH) proxy" keywords = ["dns", "https", "doh", "odoh", "proxy"] @@ -16,7 +16,7 @@ default = ["tls"] tls = ["libdoh/tls"] [dependencies] -libdoh = { path = "src/libdoh", version = "0.9.8", default-features = false } +libdoh = { path = "src/libdoh", version = "0.9.9", default-features = false } clap = { version = "4", features = ["std", "cargo", "wrap_help", "string"] } dnsstamps = "0.1.9" mimalloc = { version = "0.1.36", default-features = false } diff --git a/src/libdoh/Cargo.toml b/src/libdoh/Cargo.toml index 603218b..ef65f30 100644 --- a/src/libdoh/Cargo.toml +++ b/src/libdoh/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libdoh" -version = "0.9.8" +version = "0.9.9" authors = ["Frank Denis "] description = "DoH and Oblivious DoH library for the rust-doh app" keywords = ["dns","https","doh","odoh","proxy"] From 9e2853da86990d782a50e2fe882eda79626a8891 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 3 May 2023 17:35:23 +0200 Subject: [PATCH 07/29] Update deps --- Cargo.toml | 2 +- src/libdoh/Cargo.toml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index e37d98a..2772885 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,7 +19,7 @@ tls = ["libdoh/tls"] libdoh = { path = "src/libdoh", version = "0.9.9", default-features = false } clap = { version = "4", features = ["std", "cargo", "wrap_help", "string"] } dnsstamps = "0.1.9" -mimalloc = { version = "0.1.36", default-features = false } +mimalloc = { version = "0.1.37", default-features = false } [package.metadata.deb] extended-description = """\ diff --git a/src/libdoh/Cargo.toml b/src/libdoh/Cargo.toml index ef65f30..5c85b08 100644 --- a/src/libdoh/Cargo.toml +++ b/src/libdoh/Cargo.toml @@ -15,7 +15,7 @@ default = ["tls"] tls = ["tokio-rustls"] [dependencies] -anyhow = "1.0.70" +anyhow = "1.0.71" arc-swap = "1.6.0" base64 = "0.21.0" byteorder = "1.4.3" @@ -24,8 +24,8 @@ futures = "0.3.28" hyper = { version = "0.14.26", default-features = false, features = ["server", "http1", "http2", "stream"] } odoh-rs = "1.0.1" rand = "0.8.5" -tokio = { version = "1.27.0", features = ["net", "rt-multi-thread", "time", "sync"] } -tokio-rustls = { version = "0.23.4", features = ["early-data"], optional = true } +tokio = { version = "1.28.0", features = ["net", "rt-multi-thread", "time", "sync"] } +tokio-rustls = { version = "0.24.0", features = ["early-data"], optional = true } rustls-pemfile = "1.0.2" [profile.release] From 78c47830ff15e31d99810ea3478da9ce82fe60d2 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 15 Jul 2023 21:18:46 +0200 Subject: [PATCH 08/29] Update deps --- Cargo.toml | 2 +- src/libdoh/Cargo.toml | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 2772885..1ac4cb5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "doh-proxy" -version = "0.9.9" +version = "0.9.10" authors = ["Frank Denis "] description = "A DNS-over-HTTPS (DoH) and ODoH (Oblivious DoH) proxy" keywords = ["dns", "https", "doh", "odoh", "proxy"] diff --git a/src/libdoh/Cargo.toml b/src/libdoh/Cargo.toml index 5c85b08..66fc1c3 100644 --- a/src/libdoh/Cargo.toml +++ b/src/libdoh/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libdoh" -version = "0.9.9" +version = "0.9.10" authors = ["Frank Denis "] description = "DoH and Oblivious DoH library for the rust-doh app" keywords = ["dns","https","doh","odoh","proxy"] @@ -17,16 +17,16 @@ tls = ["tokio-rustls"] [dependencies] anyhow = "1.0.71" arc-swap = "1.6.0" -base64 = "0.21.0" +base64 = "0.21.2" byteorder = "1.4.3" bytes = "1.4.0" futures = "0.3.28" -hyper = { version = "0.14.26", default-features = false, features = ["server", "http1", "http2", "stream"] } -odoh-rs = "1.0.1" +hyper = { version = "0.14.27", default-features = false, features = ["server", "http1", "http2", "stream"] } +odoh-rs = "1.0.2" rand = "0.8.5" -tokio = { version = "1.28.0", features = ["net", "rt-multi-thread", "time", "sync"] } -tokio-rustls = { version = "0.24.0", features = ["early-data"], optional = true } -rustls-pemfile = "1.0.2" +tokio = { version = "1.29.1", features = ["net", "rt-multi-thread", "time", "sync"] } +tokio-rustls = { version = "0.24.1", features = ["early-data"], optional = true } +rustls-pemfile = "1.0.3" [profile.release] codegen-units = 1 From c92308ccbb48ebea146da4fd83800d0d4d6d5315 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 2 Sep 2023 00:20:06 +0200 Subject: [PATCH 09/29] Update deps --- Cargo.toml | 2 +- src/libdoh/Cargo.toml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 1ac4cb5..c7c46ff 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,7 +19,7 @@ tls = ["libdoh/tls"] libdoh = { path = "src/libdoh", version = "0.9.9", default-features = false } clap = { version = "4", features = ["std", "cargo", "wrap_help", "string"] } dnsstamps = "0.1.9" -mimalloc = { version = "0.1.37", default-features = false } +mimalloc = { version = "0.1.38", default-features = false } [package.metadata.deb] extended-description = """\ diff --git a/src/libdoh/Cargo.toml b/src/libdoh/Cargo.toml index 66fc1c3..55a26b6 100644 --- a/src/libdoh/Cargo.toml +++ b/src/libdoh/Cargo.toml @@ -15,16 +15,16 @@ default = ["tls"] tls = ["tokio-rustls"] [dependencies] -anyhow = "1.0.71" +anyhow = "1.0.75" arc-swap = "1.6.0" -base64 = "0.21.2" +base64 = "0.21.3" byteorder = "1.4.3" bytes = "1.4.0" futures = "0.3.28" hyper = { version = "0.14.27", default-features = false, features = ["server", "http1", "http2", "stream"] } odoh-rs = "1.0.2" rand = "0.8.5" -tokio = { version = "1.29.1", features = ["net", "rt-multi-thread", "time", "sync"] } +tokio = { version = "1.32.0", features = ["net", "rt-multi-thread", "time", "sync"] } tokio-rustls = { version = "0.24.1", features = ["early-data"], optional = true } rustls-pemfile = "1.0.3" From 1165fab90c0f0beee93e82e8bd019e090d97908b Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 6 Mar 2024 18:25:38 +0100 Subject: [PATCH 10/29] Update a few deps --- Cargo.toml | 2 +- src/libdoh/Cargo.toml | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index c7c46ff..d38b674 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,7 +19,7 @@ tls = ["libdoh/tls"] libdoh = { path = "src/libdoh", version = "0.9.9", default-features = false } clap = { version = "4", features = ["std", "cargo", "wrap_help", "string"] } dnsstamps = "0.1.9" -mimalloc = { version = "0.1.38", default-features = false } +mimalloc = { version = "0.1.39", default-features = false } [package.metadata.deb] extended-description = """\ diff --git a/src/libdoh/Cargo.toml b/src/libdoh/Cargo.toml index 55a26b6..f7c2b46 100644 --- a/src/libdoh/Cargo.toml +++ b/src/libdoh/Cargo.toml @@ -15,18 +15,18 @@ default = ["tls"] tls = ["tokio-rustls"] [dependencies] -anyhow = "1.0.75" -arc-swap = "1.6.0" -base64 = "0.21.3" -byteorder = "1.4.3" -bytes = "1.4.0" -futures = "0.3.28" -hyper = { version = "0.14.27", default-features = false, features = ["server", "http1", "http2", "stream"] } +anyhow = "1.0.80" +arc-swap = "1.7.0" +base64 = "0.22.0" +byteorder = "1.5.0" +bytes = "1.5.0" +futures = "0.3.30" +hyper = { version = "^0.14.27", default-features = false, features = ["server", "http1", "http2", "stream"] } odoh-rs = "1.0.2" rand = "0.8.5" -tokio = { version = "1.32.0", features = ["net", "rt-multi-thread", "time", "sync"] } -tokio-rustls = { version = "0.24.1", features = ["early-data"], optional = true } -rustls-pemfile = "1.0.3" +tokio = { version = "1.36.0", features = ["net", "rt-multi-thread", "time", "sync"] } +tokio-rustls = { version = "^0.24.1", features = ["early-data"], optional = true } +rustls-pemfile = "^1.0.4" [profile.release] codegen-units = 1 From 66c66c7a28c4f1f7596cd697619c2482822458cb Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 5 May 2024 18:01:19 +0200 Subject: [PATCH 11/29] Update mimalloc --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index d38b674..9d4cfde 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,7 +19,7 @@ tls = ["libdoh/tls"] libdoh = { path = "src/libdoh", version = "0.9.9", default-features = false } clap = { version = "4", features = ["std", "cargo", "wrap_help", "string"] } dnsstamps = "0.1.9" -mimalloc = { version = "0.1.39", default-features = false } +mimalloc = { version = "0.1.41", default-features = false } [package.metadata.deb] extended-description = """\ From 02b3a67a0087131dc95c71a4cc33426b914b4a2d Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 6 May 2024 12:22:21 +0200 Subject: [PATCH 12/29] Update hyper to 0.14.28 --- src/libdoh/Cargo.toml | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/src/libdoh/Cargo.toml b/src/libdoh/Cargo.toml index f7c2b46..b84c89c 100644 --- a/src/libdoh/Cargo.toml +++ b/src/libdoh/Cargo.toml @@ -3,11 +3,11 @@ name = "libdoh" version = "0.9.10" authors = ["Frank Denis "] description = "DoH and Oblivious DoH library for the rust-doh app" -keywords = ["dns","https","doh","odoh","proxy"] +keywords = ["dns", "https", "doh", "odoh", "proxy"] license = "MIT" homepage = "https://github.com/jedisct1/rust-doh" repository = "https://github.com/jedisct1/rust-doh" -categories = ["asynchronous", "network-programming","command-line-utilities"] +categories = ["asynchronous", "network-programming", "command-line-utilities"] edition = "2018" [features] @@ -21,11 +21,24 @@ base64 = "0.22.0" byteorder = "1.5.0" bytes = "1.5.0" futures = "0.3.30" -hyper = { version = "^0.14.27", default-features = false, features = ["server", "http1", "http2", "stream"] } +hyper = { version = "^0.14.28", default-features = false, features = [ + "server", + "http1", + "http2", + "stream", + "runtime", +] } odoh-rs = "1.0.2" rand = "0.8.5" -tokio = { version = "1.36.0", features = ["net", "rt-multi-thread", "time", "sync"] } -tokio-rustls = { version = "^0.24.1", features = ["early-data"], optional = true } +tokio = { version = "1.36.0", features = [ + "net", + "rt-multi-thread", + "time", + "sync", +] } +tokio-rustls = { version = "^0.24.1", features = [ + "early-data", +], optional = true } rustls-pemfile = "^1.0.4" [profile.release] From bd85572368859bfbeec3517c488f6feb24cafe76 Mon Sep 17 00:00:00 2001 From: demarcush <146051763+demarcush@users.noreply.github.com> Date: Tue, 14 May 2024 03:44:17 +0000 Subject: [PATCH 13/29] Update common hashes --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 91e0783..21fe75a 100644 --- a/README.md +++ b/README.md @@ -199,6 +199,8 @@ This [Go code snippet](https://gist.github.com/d6cb41742a1ceb54d48cc286f3d5c5fa) * `444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce` * Let's Encrypt E1: * `cc1060d39c8329b62b6fbc7d0d6df9309869b981e7e6392d5cd8fa408f4d80e6` +* ZeroSSL: + * `9a3a34f727deb9bca51003d9ce9c39f8f27dd9c5242901c2bab1a44e635a0219` ## Clients From 3511672d499551e4de8a76c91fbf1bd2b316eba1 Mon Sep 17 00:00:00 2001 From: demarcush <146051763+demarcush@users.noreply.github.com> Date: Tue, 2 Jul 2024 20:47:53 +0000 Subject: [PATCH 14/29] Add Let's Encrypt R10 --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 21fe75a..6b0c9f6 100644 --- a/README.md +++ b/README.md @@ -195,10 +195,12 @@ This [Go code snippet](https://gist.github.com/d6cb41742a1ceb54d48cc286f3d5c5fa) ### Common certificate hashes -* Let's Encrypt R3: - * `444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce` * Let's Encrypt E1: * `cc1060d39c8329b62b6fbc7d0d6df9309869b981e7e6392d5cd8fa408f4d80e6` +* Let's Encrypt R3: + * `444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce` +* Let's Encrypt R10: + * `e644ba6963e335fe765cb9976b12b10eb54294b42477764ccb3a3acca3acb2fc` * ZeroSSL: * `9a3a34f727deb9bca51003d9ce9c39f8f27dd9c5242901c2bab1a44e635a0219` From 7bb8293c2873488fcc2add905c4cb9cb2e9b7522 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 3 Jul 2024 12:33:29 +0200 Subject: [PATCH 15/29] package.metadata.generate-rpm --- Cargo.toml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Cargo.toml b/Cargo.toml index 9d4cfde..5ba2356 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,6 +21,12 @@ clap = { version = "4", features = ["std", "cargo", "wrap_help", "string"] } dnsstamps = "0.1.9" mimalloc = { version = "0.1.41", default-features = false } +[package.metadata.generate-rpm] +assets = [ + { source = "target/release/doh-proxy", dest = "/usr/bin/doh-proxy", mode = "755" }, + { source = "README.md", dest = "/usr/share/doc/doh-proxy/README.md", mode = "644", doc = true }, +] + [package.metadata.deb] extended-description = """\ A fast and secure DoH (DNS-over-HTTPS) and ODoH server written in Rust.""" From bafbdc0926e2f8246b90226faff0dcac62c004d9 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 3 Jul 2024 13:27:29 +0200 Subject: [PATCH 16/29] Try creating RPM packages Fixes #98 --- .github/workflows/release.yml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a3c8be0..811b41d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,6 +33,9 @@ jobs: - name: Install cargo-deb run: cargo install cargo-deb + - name: Install cargo-generate-rpm + run: cargo install cargo-generate-rpm + - name: Install cargo-zigbuild run: cargo install cargo-zigbuild @@ -73,6 +76,16 @@ jobs: rustup target add aarch64-unknown-linux-musl env RUSTFLAGS="-C strip=symbols" cargo deb --no-strip --cargo-build=zigbuild --target=aarch64-unknown-linux-musl + - name: RPM packages + run: | + rustup target add x86_64-unknown-linux-gnu + env RUSTFLAGS="-C strip=symbols" cargo-zigbuild build --target=x86_64-unknown-linux-gnu.2.17 --release + mv target/x86_64-unknown-linux-musl/release/doh-proxy target/release/ + cargo generate-rpm --target x86_64-unknown-linux-gnu + rustup target add aarch64-unknown-linux-gnu + env RUSTFLAGS="-C strip=symbols" cargo-zigbuild build --target=aarch64-unknown-linux-gnu.2.17 --release + cargo generate-rpm --target aarch64-unknown-linux-gnu + - name: Create release id: create_release uses: actions/create-release@v1 @@ -95,6 +108,28 @@ jobs: asset_path: "target/x86_64-unknown-linux-musl/debian/doh-proxy_${{ steps.get_version.outputs.VERSION }}_amd64.deb" asset_content_type: application/x-debian-package + - name: Upload RPM package for x86_64 + id: upload-release-asset-rpm-x86_64 + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_name: "doh-proxy-${{ steps.get_version.outputs.VERSION }}-1.x86_64.rpm" + asset_path: "target/x86_64-unknown-linux-gnu/generate-rpm/doh-proxy-${{ steps.get_version.outputs.VERSION }}-1.x86_64.rpm" + asset_content_type: application/x-redhat-package-manager + + - name: Upload RPM package for aarch64 + id: upload-release-asset-rpm-aarch64 + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_name: "doh-proxy-${{ steps.get_version.outputs.VERSION }}-1.aarch64.rpm" + asset_path: "target/aarch64-unknown-linux-gnu/generate-rpm/doh-proxy-${{ steps.get_version.outputs.VERSION }}-1.aarch64.rpm" + asset_content_type: application/x-redhat-package-manager + - name: Upload tarball for linux-x86_64 id: upload-release-asset-tarball-linux-x86_64 uses: actions/upload-release-asset@v1 From e73964fa1df37c616ad349b39ea5037d4e8adfd2 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 3 Jul 2024 13:52:56 +0200 Subject: [PATCH 17/29] Update deps --- Cargo.toml | 4 ++-- src/libdoh/Cargo.toml | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 5ba2356..d7e7ca0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "doh-proxy" -version = "0.9.10" +version = "0.9.11" authors = ["Frank Denis "] description = "A DNS-over-HTTPS (DoH) and ODoH (Oblivious DoH) proxy" keywords = ["dns", "https", "doh", "odoh", "proxy"] @@ -19,7 +19,7 @@ tls = ["libdoh/tls"] libdoh = { path = "src/libdoh", version = "0.9.9", default-features = false } clap = { version = "4", features = ["std", "cargo", "wrap_help", "string"] } dnsstamps = "0.1.9" -mimalloc = { version = "0.1.41", default-features = false } +mimalloc = { version = "0.1.43", default-features = false } [package.metadata.generate-rpm] assets = [ diff --git a/src/libdoh/Cargo.toml b/src/libdoh/Cargo.toml index b84c89c..7b72764 100644 --- a/src/libdoh/Cargo.toml +++ b/src/libdoh/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libdoh" -version = "0.9.10" +version = "0.9.11" authors = ["Frank Denis "] description = "DoH and Oblivious DoH library for the rust-doh app" keywords = ["dns", "https", "doh", "odoh", "proxy"] @@ -15,22 +15,22 @@ default = ["tls"] tls = ["tokio-rustls"] [dependencies] -anyhow = "1.0.80" -arc-swap = "1.7.0" -base64 = "0.22.0" +anyhow = "1.0.86" +arc-swap = "1.7.1" +base64 = "0.22.1" byteorder = "1.5.0" -bytes = "1.5.0" +bytes = "1.6.0" futures = "0.3.30" -hyper = { version = "^0.14.28", default-features = false, features = [ +hyper = { version = "^0.14.29", default-features = false, features = [ "server", "http1", "http2", "stream", "runtime", ] } -odoh-rs = "1.0.2" +odoh-rs = "1.0.3" rand = "0.8.5" -tokio = { version = "1.36.0", features = [ +tokio = { version = "1.38.0", features = [ "net", "rt-multi-thread", "time", From c79501aea30bbfe4780c91599a1361bb67f81614 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 3 Jul 2024 14:03:51 +0200 Subject: [PATCH 18/29] Use Zig 0.13 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 811b41d..3e6c4ce 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: - uses: goto-bus-stop/setup-zig@v2 with: - version: 0.10.1 + version: 0.13 - uses: hecrj/setup-rust-action@master with: From d6635eebb717798529f73bb94b566b6cfd7e5282 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 3 Jul 2024 14:16:01 +0200 Subject: [PATCH 19/29] up --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3e6c4ce..5716724 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -104,8 +104,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_name: "doh-proxy_${{ steps.get_version.outputs.VERSION }}_amd64.deb" - asset_path: "target/x86_64-unknown-linux-musl/debian/doh-proxy_${{ steps.get_version.outputs.VERSION }}_amd64.deb" + asset_name: "doh-proxy_${{ steps.get_version.outputs.VERSION }}-1_amd64.deb" + asset_path: "target/x86_64-unknown-linux-musl/debian/doh-proxy_${{ steps.get_version.outputs.VERSION }}-1_amd64.deb" asset_content_type: application/x-debian-package - name: Upload RPM package for x86_64 From 34f614e938587a8576fa7392e6f96d40eeacd06c Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 3 Jul 2024 14:17:17 +0200 Subject: [PATCH 20/29] 0.13 -> 0.13.0 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5716724..e71dd32 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: - uses: goto-bus-stop/setup-zig@v2 with: - version: 0.13 + version: 0.13.0 - uses: hecrj/setup-rust-action@master with: From 890a74276f33e380c513d56aa3b90d4b6157a2d7 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 3 Jul 2024 14:26:44 +0200 Subject: [PATCH 21/29] Downgrade to Zig 0.12.0 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e71dd32..c226877 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: - uses: goto-bus-stop/setup-zig@v2 with: - version: 0.13.0 + version: 0.12.0 - uses: hecrj/setup-rust-action@master with: From 1a0a0566c4e9e93b73ecdc8d400949d8f7a94635 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 3 Jul 2024 14:38:16 +0200 Subject: [PATCH 22/29] Back to Zig 0.10.1 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c226877..df1c604 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: - uses: goto-bus-stop/setup-zig@v2 with: - version: 0.12.0 + version: 0.10.1 - uses: hecrj/setup-rust-action@master with: From bf443c33b965619866c52300f4383d00d75d6248 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 4 Nov 2024 00:11:49 +0100 Subject: [PATCH 23/29] Switch to mlugg/setup-zig@v1 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index df1c604..48f03a0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@v3 - - uses: goto-bus-stop/setup-zig@v2 + - uses: mlugg/setup-zig@v1 with: version: 0.10.1 From 40b0b029729ca23b54a80870f49b04c908f69026 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 31 Dec 2024 14:54:55 +0100 Subject: [PATCH 24/29] Add issues.yml --- .github/workflows/issues.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/workflows/issues.yml diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml new file mode 100644 index 0000000..c5bf530 --- /dev/null +++ b/.github/workflows/issues.yml @@ -0,0 +1,17 @@ +name: Close inactive issues +on: + schedule: + - cron: "30 1 * * *" + +jobs: + close-issues: + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + steps: + - uses: actions/stale@v9 + with: + stale-issue-message: "This issue is stale because it has been open for 30 days with no activity." + close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale." + repo-token: ${{ secrets.GITHUB_TOKEN }} From 9e4a931bceff7d794f1fb341599ae48ea2cae2a6 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 20 Feb 2025 20:32:42 +0100 Subject: [PATCH 25/29] Nits --- src/config.rs | 61 ++++++++++++++++++++++-------------------- src/libdoh/src/lib.rs | 5 +--- src/libdoh/src/odoh.rs | 2 +- src/libdoh/src/tls.rs | 9 +++---- 4 files changed, 37 insertions(+), 40 deletions(-) diff --git a/src/config.rs b/src/config.rs index 287cf8a..6d69671 100644 --- a/src/config.rs +++ b/src/config.rs @@ -240,39 +240,42 @@ pub fn parse_opts(globals: &mut Globals) { .or_else(|| globals.tls_cert_path.clone()); } - if let Some(hostname) = matches.get_one::("hostname") { - let mut builder = - dnsstamps::DoHBuilder::new(hostname.to_string(), globals.path.to_string()); - if let Some(public_address) = matches.get_one::("public_address") { - builder = builder.with_address(public_address.to_string()); - } - if let Some(public_port) = matches.get_one::("public_port") { - let public_port = public_port.parse().expect("Invalid public port"); - builder = builder.with_port(public_port); - } - println!( - "Test DNS stamp to reach [{}] over DoH: [{}]\n", - hostname, - builder.serialize().unwrap() - ); + match matches.get_one::("hostname") { + Some(hostname) => { + let mut builder = + dnsstamps::DoHBuilder::new(hostname.to_string(), globals.path.to_string()); + if let Some(public_address) = matches.get_one::("public_address") { + builder = builder.with_address(public_address.to_string()); + } + if let Some(public_port) = matches.get_one::("public_port") { + let public_port = public_port.parse().expect("Invalid public port"); + builder = builder.with_port(public_port); + } + println!( + "Test DNS stamp to reach [{}] over DoH: [{}]\n", + hostname, + builder.serialize().unwrap() + ); - let mut builder = - dnsstamps::ODoHTargetBuilder::new(hostname.to_string(), globals.path.to_string()); - if let Some(public_port) = matches.get_one::("public_port") { - let public_port = public_port.parse().expect("Invalid public port"); - builder = builder.with_port(public_port); - } - println!( - "Test DNS stamp to reach [{}] over Oblivious DoH: [{}]\n", - hostname, - builder.serialize().unwrap() - ); + let mut builder = + dnsstamps::ODoHTargetBuilder::new(hostname.to_string(), globals.path.to_string()); + if let Some(public_port) = matches.get_one::("public_port") { + let public_port = public_port.parse().expect("Invalid public port"); + builder = builder.with_port(public_port); + } + println!( + "Test DNS stamp to reach [{}] over Oblivious DoH: [{}]\n", + hostname, + builder.serialize().unwrap() + ); - println!("Check out https://dnscrypt.info/stamps/ to compute the actual stamps.\n") - } else { - println!( + println!("Check out https://dnscrypt.info/stamps/ to compute the actual stamps.\n") + } + _ => { + println!( "Please provide a fully qualified hostname (-H command-line option) to get \ test DNS stamps for your server.\n" ); + } } } diff --git a/src/libdoh/src/lib.rs b/src/libdoh/src/lib.rs index 4b6eea8..e6dd729 100644 --- a/src/libdoh/src/lib.rs +++ b/src/libdoh/src/lib.rs @@ -257,10 +257,7 @@ impl DoH { content_types: &[&'static str], ) -> Option<&'static str> { let accept = headers.get(hyper::header::ACCEPT); - let accept = match accept { - None => return None, - Some(accept) => accept, - }; + let accept = accept?; for part in accept.to_str().unwrap_or("").split(',').map(|s| s.trim()) { if let Some(found) = part .split(';') diff --git a/src/libdoh/src/odoh.rs b/src/libdoh/src/odoh.rs index 00bb95f..3f2c29e 100644 --- a/src/libdoh/src/odoh.rs +++ b/src/libdoh/src/odoh.rs @@ -77,7 +77,7 @@ impl ODoHPublicKey { impl ODoHQueryContext { pub fn encrypt_response(self, response_body: Vec) -> Result, DoHError> { - let response_nonce = rand::thread_rng().gen::(); + let response_nonce = rand::thread_rng().r#gen::(); let response_body_ = ObliviousDoHMessagePlaintext::new(response_body, 0); let encrypted_response = odoh_rs::encrypt_response( &self.query, diff --git a/src/libdoh/src/tls.rs b/src/libdoh/src/tls.rs index 7047f99..7c5509f 100644 --- a/src/libdoh/src/tls.rs +++ b/src/libdoh/src/tls.rs @@ -87,12 +87,9 @@ where let server_config_builder = ServerConfig::builder() .with_safe_defaults() .with_no_client_auth(); - if let Ok(found_config) = - server_config_builder.with_single_cert(certs.clone(), certs_key) - { - Some(found_config) - } else { - None + match server_config_builder.with_single_cert(certs.clone(), certs_key) { + Ok(found_config) => Some(found_config), + _ => None, } }) .ok_or_else(|| { From 672d1a11f18b078e83be9c317777427aeb6158cc Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 20 Feb 2025 20:33:01 +0100 Subject: [PATCH 26/29] 2025 --- LICENSE | 2 +- src/libdoh/LICENSE | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/LICENSE b/LICENSE index 06c6cdb..fe0d515 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2018-2023 Frank Denis +Copyright (c) 2018-2025 Frank Denis Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/src/libdoh/LICENSE b/src/libdoh/LICENSE index 06c6cdb..fe0d515 100644 --- a/src/libdoh/LICENSE +++ b/src/libdoh/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2018-2023 Frank Denis +Copyright (c) 2018-2025 Frank Denis Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 2254632d3373ace147527dc333ecdbb5aba3e660 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 20 Feb 2025 20:37:23 +0100 Subject: [PATCH 27/29] Update deps --- Cargo.toml | 2 +- src/libdoh/Cargo.toml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index d7e7ca0..d82bfbf 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -18,7 +18,7 @@ tls = ["libdoh/tls"] [dependencies] libdoh = { path = "src/libdoh", version = "0.9.9", default-features = false } clap = { version = "4", features = ["std", "cargo", "wrap_help", "string"] } -dnsstamps = "0.1.9" +dnsstamps = "0.1.10" mimalloc = { version = "0.1.43", default-features = false } [package.metadata.generate-rpm] diff --git a/src/libdoh/Cargo.toml b/src/libdoh/Cargo.toml index 7b72764..503a52d 100644 --- a/src/libdoh/Cargo.toml +++ b/src/libdoh/Cargo.toml @@ -15,12 +15,12 @@ default = ["tls"] tls = ["tokio-rustls"] [dependencies] -anyhow = "1.0.86" +anyhow = "1.0.96" arc-swap = "1.7.1" base64 = "0.22.1" byteorder = "1.5.0" -bytes = "1.6.0" -futures = "0.3.30" +bytes = "1.10.0" +futures = "0.3.31" hyper = { version = "^0.14.29", default-features = false, features = [ "server", "http1", @@ -29,8 +29,8 @@ hyper = { version = "^0.14.29", default-features = false, features = [ "runtime", ] } odoh-rs = "1.0.3" -rand = "0.8.5" -tokio = { version = "1.38.0", features = [ +rand = "^0.8.5" +tokio = { version = "1.43.0", features = [ "net", "rt-multi-thread", "time", From 25fa6946e69ec8d36e98b598be11be3b1a777d3e Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 20 Mar 2025 00:37:34 +0100 Subject: [PATCH 28/29] tar cJpf -> tar cjpf in order to build bz2 archives Fixes #103 --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 48f03a0..0a91737 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -46,7 +46,7 @@ jobs: mkdir doh-proxy mv target/x86_64-unknown-linux-musl/release/doh-proxy doh-proxy/ cp README.md localhost.pem doh-proxy/ - tar cJpf doh-proxy_${{ steps.get_version.outputs.VERSION }}_linux-x86_64.tar.bz2 doh-proxy + tar cjpf doh-proxy_${{ steps.get_version.outputs.VERSION }}_linux-x86_64.tar.bz2 doh-proxy rm -fr doh-proxy - name: Release build Linux-aarch64 @@ -56,7 +56,7 @@ jobs: mkdir doh-proxy mv target/aarch64-unknown-linux-musl/release/doh-proxy doh-proxy/ cp README.md localhost.pem doh-proxy/ - tar cJpf doh-proxy_${{ steps.get_version.outputs.VERSION }}_linux-aarch64.tar.bz2 doh-proxy + tar cjpf doh-proxy_${{ steps.get_version.outputs.VERSION }}_linux-aarch64.tar.bz2 doh-proxy rm -fr doh-proxy - name: Release build Windows-x86_64 From f0242354d39445891160244a58f740ed99a98a8d Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 20 Mar 2025 00:41:43 +0100 Subject: [PATCH 29/29] Update deps --- Cargo.toml | 2 +- src/libdoh/Cargo.toml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index d82bfbf..2be4b3d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,7 +19,7 @@ tls = ["libdoh/tls"] libdoh = { path = "src/libdoh", version = "0.9.9", default-features = false } clap = { version = "4", features = ["std", "cargo", "wrap_help", "string"] } dnsstamps = "0.1.10" -mimalloc = { version = "0.1.43", default-features = false } +mimalloc = { version = "0.1.44", default-features = false } [package.metadata.generate-rpm] assets = [ diff --git a/src/libdoh/Cargo.toml b/src/libdoh/Cargo.toml index 503a52d..69fe04d 100644 --- a/src/libdoh/Cargo.toml +++ b/src/libdoh/Cargo.toml @@ -15,13 +15,13 @@ default = ["tls"] tls = ["tokio-rustls"] [dependencies] -anyhow = "1.0.96" +anyhow = "1.0.97" arc-swap = "1.7.1" base64 = "0.22.1" byteorder = "1.5.0" -bytes = "1.10.0" +bytes = "1.10.1" futures = "0.3.31" -hyper = { version = "^0.14.29", default-features = false, features = [ +hyper = { version = "^0.14.32", default-features = false, features = [ "server", "http1", "http2", @@ -30,7 +30,7 @@ hyper = { version = "^0.14.29", default-features = false, features = [ ] } odoh-rs = "1.0.3" rand = "^0.8.5" -tokio = { version = "1.43.0", features = [ +tokio = { version = "1.44.1", features = [ "net", "rt-multi-thread", "time",