-
Notifications
You must be signed in to change notification settings - Fork 1k
Updates
The script below will check to see if dnscrypt-proxy needs updating by comparing the installed version with the latest git version.
If the installed version is older, then the script will update to the newest version.
Tested on: Ubuntu 18.04
This script requires dnscrypt-proxy to be installed as a service using,./dnscrypt-proxy -service install and for dnscrypt-proxy to be installed in /opt/dnscrypt-proxy.
(optional) Install Minisign to verify downloaded update.
Initially make sure all the above requirements are met.
Then to get this script to automatically run add this as a cron job under root using sudo crontab -e but, change the file path to the file path the script is saved.
Run sudo crontab -e in terminal. If running for the first time, it would ask you to choose an editor. nano is the recommended one.
Enter this command in a new line:
0 */12 * * * /path/dnscrypt-proxy-update.sh
replace path with where you saved the dnscrypt-proxy-update.sh file.
This script needs to be run as root.
It assumes that you are running Linux on an x86_64 CPU. Change linux and x86_64 in the PLATFORM and CPU_ARCH variables respectivly to the actual platform you are running if it is different (for example, on a Raspberry Pi, it should probably be linux_arm instead of linux_x86_64).
#! /bin/sh
INSTALL_DIR="/opt/dnscrypt-proxy"
LATEST_URL="https://api.github.com/repos/DNSCrypt/dnscrypt-proxy/releases/latest"
DNSCRYPT_PUBLIC_KEY="RWTk1xXqcTODeYttYMCMLo0YJHaFEHn7a3akqHlb/7QvIQXHVPxKbjB5"
PLATFORM="linux"
CPU_ARCH="x86_64"
Update() {
workdir="$(mktemp -d)"
download_url="$(curl -sL "$LATEST_URL" | grep dnscrypt-proxy-${PLATFORM}_${CPU_ARCH}- | grep browser_download_url | head -1 | cut -d \" -f 4)"
echo "[INFO] Downloading update from '$download_url'..."
download_file="dnscrypt-proxy-update.tar.gz"
curl --request GET -sL --url "$download_url" --output "$workdir/$download_file"
response=$?
if [ $response -ne 0 ]; then
echo "[ERROR] Could not download file from '$download_url'" >&2
rm -Rf "$workdir"
return 1
fi
if [ -x "$(command -v minisign)" ]; then
curl --request GET -sL --url "${download_url}.minisig" --output "$workdir/${download_file}.minisig"
minisign -Vm "$workdir/$download_file" -P "$DNSCRYPT_PUBLIC_KEY"
valid_file=$?
if [ $valid_file -ne 0 ]; then
echo "[ERROR] Downloaded file has failed signature verification. Update aborted." >&2
rm -Rf "$workdir"
return 1
fi
else
echo '[WARN] minisign is not installed, downloaded file signature could not be verified.'
fi
echo '[INFO] Initiating update of DNSCrypt-proxy'
tar xz -C "$workdir" -f "$workdir/$download_file" ${PLATFORM}-${CPU_ARCH}/dnscrypt-proxy &&
mv -f "${INSTALL_DIR}/dnscrypt-proxy" "${INSTALL_DIR}/dnscrypt-proxy.old" &&
mv -f "${workdir}/${PLATFORM}-${CPU_ARCH}/dnscrypt-proxy" "${INSTALL_DIR}/" &&
chmod u+x "${INSTALL_DIR}/dnscrypt-proxy" &&
cd "$INSTALL_DIR" &&
./dnscrypt-proxy -check && ./dnscrypt-proxy -service install 2>/dev/null || : &&
./dnscrypt-proxy -service restart || ./dnscrypt-proxy -service start
updated_successfully=$?
rm -Rf "$workdir"
if [ $updated_successfully -eq 0 ]; then
echo '[INFO] DNSCrypt-proxy has been successfully updated!'
return 0
else
echo '[ERROR] Unable to complete DNSCrypt-proxy update. Update has been aborted.' >&2
return 1
fi
}
if [ ! -f "${INSTALL_DIR}/dnscrypt-proxy" ]; then
echo "[ERROR] DNSCrypt-proxy is not installed in '${INSTALL_DIR}/dnscrypt-proxy'. Update aborted..." >&2
exit 1
fi
local_version=$("${INSTALL_DIR}/dnscrypt-proxy" -version)
remote_version=$(curl -sL "$LATEST_URL" | grep "tag_name" | head -1 | cut -d \" -f 4)
if [ -z "$local_version" ] || [ -z "$remote_version" ]; then
echo "[ERROR] Could not retrieve DNSCrypt-proxy version. Update aborted... " >&2
exit 1
else
echo "[INFO] local_version=$local_version, remote_version=$remote_version"
fi
if [ "$local_version" != "$remote_version" ]; then
echo "[INFO] local_version not synced with remote_version, initiating update..."
Update
exit $?
else
echo "[INFO] No updated needed."
exit 0
fiIn somecases if you want to run dnscrypt-proxy as a non-root user you'll get the error "[FATAL] listen udp 0.0.0.0:53: bind: permission denied"
to solve this problem you can run the following command and allow dnscrypt to have access to a low level port :
sudo setcap cap_net_bind_service=+ep $(which dnscrypt-proxy)
- Home
- Installation
- Configuration
- Checking that your DNS traffic is encrypted
- Automatic Updates
- Server sources
- Combining blocklists
- Public Blocklist and other configuration files
- Building from source
- Run your own DNSCrypt server in under 10 minutes
- DNS stamps specifications
- Windows Tips
- dnscrypt-proxy in the media
- Planned Features