From 4158abe60d8beab86edd4db4f8b3b6887e61dc0a Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 15:48:18 +0200 Subject: [PATCH 01/15] Upated dnsdist to v1.9 --- cryptodns/Dockerfile | 4 ++-- cryptodns/conf/pdns.list | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cryptodns/Dockerfile b/cryptodns/Dockerfile index 415abe2..764fa45 100644 --- a/cryptodns/Dockerfile +++ b/cryptodns/Dockerfile @@ -1,7 +1,7 @@ FROM debian:12-slim -RUN apt-get update && apt-get install curl gnupg -y -RUN curl https://repo.powerdns.com/FD380FBB-pub.asc | apt-key add - +RUN apt-get update && apt-get install curl -y +RUN curl https://repo.powerdns.com/FD380FBB-pub.asc | tee /etc/apt/keyrings/dnsdist-19-pub.asc COPY conf/pdns.list /etc/apt/sources.list.d/pdns.list COPY conf/pdns.pin /etc/apt/preferences.d/pdns diff --git a/cryptodns/conf/pdns.list b/cryptodns/conf/pdns.list index de06b03..c049729 100644 --- a/cryptodns/conf/pdns.list +++ b/cryptodns/conf/pdns.list @@ -1 +1 @@ -deb [arch=amd64] http://repo.powerdns.com/debian bookworm-dnsdist-18 main +deb [signed-by=/etc/apt/keyrings/dnsdist-19-pub.asc] http://repo.powerdns.com/debian bookworm-dnsdist-19 main \ No newline at end of file From 5c45df62b0ac987d714e04371c9d6ca4d6b35b21 Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 15:50:40 +0200 Subject: [PATCH 02/15] Update action versions --- .github/workflows/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d71dc0e..05ea41c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -16,23 +16,23 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: usableprivacy password: ${{ secrets.GITHUB_TOKEN }} - name: Build cryptodns - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: context: ./cryptodns file: ./cryptodns/Dockerfile From 143e75dde08052cf8f39e41d2456ba87b81f152e Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 15:56:41 +0200 Subject: [PATCH 03/15] Update recorsor to v5.1 --- recursor/Dockerfile | 7 +++---- recursor/conf/pdns.list | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/recursor/Dockerfile b/recursor/Dockerfile index 8b410ba..22f4a27 100644 --- a/recursor/Dockerfile +++ b/recursor/Dockerfile @@ -1,8 +1,7 @@ -FROM debian:bullseye-slim +FROM debian:12-slim - -RUN apt-get update && apt-get install curl gnupg -y -RUN curl https://repo.powerdns.com/FD380FBB-pub.asc | apt-key add - +RUN apt-get update && apt-get install curl -y +RUN curl https://repo.powerdns.com/FD380FBB-pub.asc | tee tee /etc/apt/keyrings/rec-51-pub.asc COPY conf/pdns.list /etc/apt/sources.list.d/pdns.list COPY conf/pdns.pin /etc/apt/preferences.d/pdns diff --git a/recursor/conf/pdns.list b/recursor/conf/pdns.list index b26f1e0..be95337 100644 --- a/recursor/conf/pdns.list +++ b/recursor/conf/pdns.list @@ -1 +1 @@ -deb [arch=amd64] http://repo.powerdns.com/debian bullseye-rec-47 main \ No newline at end of file +deb [signed-by=/etc/apt/keyrings/rec-51-pub.asc] http://repo.powerdns.com/debian bookworm-rec-51 main \ No newline at end of file From 3d73eb262c91de6825d3474801752413eb8adb31 Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 16:04:52 +0200 Subject: [PATCH 04/15] Do not build for ARM --- .github/workflows/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 05ea41c..59817f8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -32,11 +32,11 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build cryptodns - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6 with: context: ./cryptodns file: ./cryptodns/Dockerfile - platforms: linux/amd64, linux/arm + platforms: linux/amd64 push: true tags: | ghcr.io/usableprivacy/dns/cryptodns:latest @@ -46,7 +46,7 @@ jobs: with: context: ./letsencrypt file: ./letsencrypt/Dockerfile - platforms: linux/amd64, linux/arm + platforms: linux/amd64 push: true tags: | ghcr.io/usableprivacy/dns/letsencrypt:latest @@ -56,7 +56,7 @@ jobs: with: context: ./recursor file: ./recursor/Dockerfile - platforms: linux/amd64, linux/arm + platforms: linux/amd64 push: true tags: | ghcr.io/usableprivacy/dns/recursor:latest From a96c2636230b08c27b3d362d489cec1008f6917b Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 16:05:23 +0200 Subject: [PATCH 05/15] Update github build push action to v6 --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 59817f8..1e0ea4d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,7 +42,7 @@ jobs: ghcr.io/usableprivacy/dns/cryptodns:latest - name: Build letsencrypt - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: ./letsencrypt file: ./letsencrypt/Dockerfile @@ -52,7 +52,7 @@ jobs: ghcr.io/usableprivacy/dns/letsencrypt:latest - name: Build recursor - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: ./recursor file: ./recursor/Dockerfile From 58bc30e310790274df2673728793f0fcdc13dfa9 Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 16:08:51 +0200 Subject: [PATCH 06/15] Revered used token for Docker login --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1e0ea4d..9f158d3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -29,7 +29,7 @@ jobs: with: registry: ghcr.io username: usableprivacy - password: ${{ secrets.GITHUB_TOKEN }} + password: ${{ secrets.REGISTRY_ACCESS_TOKEN }} - name: Build cryptodns uses: docker/build-push-action@v6 From 2eb00fe9cacaf5bdbc5f40c23c823852eceb6203 Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 16:12:53 +0200 Subject: [PATCH 07/15] Docker secret change --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9f158d3..1e0ea4d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -29,7 +29,7 @@ jobs: with: registry: ghcr.io username: usableprivacy - password: ${{ secrets.REGISTRY_ACCESS_TOKEN }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build cryptodns uses: docker/build-push-action@v6 From 2880b288de39677c36ad65c8e5bb0a2070fbff47 Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 16:15:38 +0200 Subject: [PATCH 08/15] Explicit token permissions --- .github/workflows/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1e0ea4d..cf3c8e2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -13,6 +13,9 @@ on: jobs: build-updns-images: runs-on: ubuntu-latest + permissions: + contents: read + issues: write steps: - name: Checkout From ba34e4f1312d28e4215c566b3195da3dfcc76a99 Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 16:18:57 +0200 Subject: [PATCH 09/15] Package write permissions --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cf3c8e2..e0091b1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: read - issues: write + packages: write steps: - name: Checkout From ecf34336650c9f307cacb2695cb660fd0a7e038e Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 16:31:19 +0200 Subject: [PATCH 10/15] Removed explicit permissions --- .github/workflows/main.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e0091b1..1e0ea4d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -13,9 +13,6 @@ on: jobs: build-updns-images: runs-on: ubuntu-latest - permissions: - contents: read - packages: write steps: - name: Checkout From a5c06cee87783b26a1679995455eedfcc025fbc5 Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 16:39:16 +0200 Subject: [PATCH 11/15] Trigger build --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 64b866b..c7d8f10 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Basic requirements: * [docker](https://github.com/docker/docker-ce) * [docker-compose](https://github.com/docker/compose) ## Setup -1) Fetch the latest **updns** source code from Github +1) Fetch the latest **updns** source code from GitHub ``` git clone https://github.com/usableprivacy/updns.git ``` From 9b63ef924a4a7fe9171dc9582b0d2f877638170f Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 16:52:04 +0200 Subject: [PATCH 12/15] Trigger build --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c7d8f10..dd2d85f 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Basic requirements: docker-compose up ``` -## Basic updns building blocks +## Basic `updns` building blocks * [docker-compose.yml](docker-compose.yml) deploys ad-blocking DoH + DoT servers. * Basic **updns** Services * [cryptodns](cryptodns) deploys `dnsdist` in Docker with DoH and DoT endpoints. From d7e1c1d88c54ff27b0c8e5918080f3790232cecf Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 16:59:54 +0200 Subject: [PATCH 13/15] Remove version from compose file --- docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 63af727..66e8b19 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3' - services: cryptodns: build: cryptodns From a1ddf3003159d8f7edbdf9d764ae6974769c9242 Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 17:08:56 +0200 Subject: [PATCH 14/15] Use recursor version 4 --- recursor/Dockerfile | 2 +- recursor/conf/pdns.list | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/recursor/Dockerfile b/recursor/Dockerfile index 22f4a27..b532187 100644 --- a/recursor/Dockerfile +++ b/recursor/Dockerfile @@ -1,7 +1,7 @@ FROM debian:12-slim RUN apt-get update && apt-get install curl -y -RUN curl https://repo.powerdns.com/FD380FBB-pub.asc | tee tee /etc/apt/keyrings/rec-51-pub.asc +RUN curl https://repo.powerdns.com/FD380FBB-pub.asc | tee tee /etc/apt/keyrings/rec-4-pub.asc COPY conf/pdns.list /etc/apt/sources.list.d/pdns.list COPY conf/pdns.pin /etc/apt/preferences.d/pdns diff --git a/recursor/conf/pdns.list b/recursor/conf/pdns.list index be95337..18b59b4 100644 --- a/recursor/conf/pdns.list +++ b/recursor/conf/pdns.list @@ -1 +1 @@ -deb [signed-by=/etc/apt/keyrings/rec-51-pub.asc] http://repo.powerdns.com/debian bookworm-rec-51 main \ No newline at end of file +deb [signed-by=/etc/apt/keyrings/rec-4-pub.asc] http://repo.powerdns.com/debian bookworm-rec-49 main \ No newline at end of file From 9a292c18292c68c488f21d571f5230c4e4c031c8 Mon Sep 17 00:00:00 2001 From: Markus Donko-Huber Date: Fri, 16 Aug 2024 17:13:29 +0200 Subject: [PATCH 15/15] Use dnsdist v18 --- cryptodns/Dockerfile | 2 +- cryptodns/conf/pdns.list | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cryptodns/Dockerfile b/cryptodns/Dockerfile index 764fa45..bace826 100644 --- a/cryptodns/Dockerfile +++ b/cryptodns/Dockerfile @@ -1,7 +1,7 @@ FROM debian:12-slim RUN apt-get update && apt-get install curl -y -RUN curl https://repo.powerdns.com/FD380FBB-pub.asc | tee /etc/apt/keyrings/dnsdist-19-pub.asc +RUN curl https://repo.powerdns.com/FD380FBB-pub.asc | tee /etc/apt/keyrings/dnsdist-18-pub.asc COPY conf/pdns.list /etc/apt/sources.list.d/pdns.list COPY conf/pdns.pin /etc/apt/preferences.d/pdns diff --git a/cryptodns/conf/pdns.list b/cryptodns/conf/pdns.list index c049729..aaa7b48 100644 --- a/cryptodns/conf/pdns.list +++ b/cryptodns/conf/pdns.list @@ -1 +1 @@ -deb [signed-by=/etc/apt/keyrings/dnsdist-19-pub.asc] http://repo.powerdns.com/debian bookworm-dnsdist-19 main \ No newline at end of file +deb [signed-by=/etc/apt/keyrings/dnsdist-18-pub.asc] http://repo.powerdns.com/debian bookworm-dnsdist-18 main \ No newline at end of file