From 67899860c9f45c4d8e1e9f9a851167eb37dee67a Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 22 Jan 2018 20:23:54 +0100
Subject: [PATCH] Unbreak things

---
 Dockerfile                 |  8 ++++----
 README.md                  |  4 ++--
 entrypoint.sh              | 20 ++++++++++----------
 kube/dnscrypt-init-job.yml |  2 +-
 4 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7f68d81..dabf818 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ FROM jedisct1/alpine-runit:latest
 MAINTAINER Frank Denis
 ENV SERIAL 1
 
-ENV BUILD_DEPS   make gcc musl-dev git libevent-dev expat-dev shadow autoconf file
+ENV BUILD_DEPS   make gcc musl-dev git libevent-dev expat-dev shadow autoconf file libressl-dev
 ENV RUNTIME_DEPS bash util-linux coreutils findutils grep libressl ldns ldns-tools libevent expat libexecinfo coreutils drill
 
 RUN set -x && \
@@ -47,7 +47,7 @@ RUN set -x && \
     rm -fr /tmp/* /var/tmp/*
 
 ENV DNSCRYPT_WRAPPER_GIT_URL https://github.com/jedisct1/dnscrypt-wrapper.git
-ENV DNSCRYPT_WRAPPER_GIT_BRANCH xchacha20-stamps
+ENV DNSCRYPT_WRAPPER_GIT_BRANCH xchacha-stamps
 
 COPY queue.h /tmp
 
@@ -69,8 +69,8 @@ RUN set -x && \
     rm -fr /tmp/* /var/tmp/*
 
 RUN set -x && \
-    apk del --purge $BUILD_DEPS && \
-    rm -rf /tmp/* /var/tmp/* /usr/local/include
+    echo apk del --purge $BUILD_DEPS && \
+    echo rm -rf /tmp/* /var/tmp/* /usr/local/include
 
 RUN mkdir -p \
     /etc/service/unbound \
diff --git a/README.md b/README.md
index 0c2ba36..acd8cdc 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ Let's pick `example.com` here.
 Download, create and initialize the container, once and for all:
 
     $ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \
-        jedisct1/unbound-dnscrypt-server init -N example.com -L 192.168.1.1:443
+        jedisct1/unbound-dnscrypt-server init -N example.com -E 192.168.1.1:443
 
 This will only accept connections via DNSCrypt on the standard port (443). Replace
 `192.168.1.1` with the actual external IP address (not the internal Docker one)
@@ -68,7 +68,7 @@ this:
     $ docker run --name=dnscrypt-server \
         -v /myconfig/zones:/opt/unbound/etc/unbound/zones \
         -p 443:443/udp -p 443:443/tcp --net=host \
-        jedisct1/unbound-dnscrypt-server init -N example.com
+        jedisct1/unbound-dnscrypt-server init -N example.com -E 192.168.1.1:443
 
 Create a new `.conf` file:
 
diff --git a/entrypoint.sh b/entrypoint.sh
index a868aad..270a11f 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -6,18 +6,18 @@ action="$1"
 
 KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
 
-# -N provider-name -L external-ip-address:port
+# -N provider-name -E external-ip-address:port
 
 init() {
     if [ $(is_initialized) = yes ]; then
         start
         exit $?
     fi
-    while getopts "h?N:L:" opt; do
+    while getopts "h?N:E:" opt; do
         case "$opt" in
             h|\?) usage ;;
             N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
-            L) listen_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
+            E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
         esac
     done
     [ -z "$provider_name" ] && usage
@@ -26,18 +26,18 @@ init() {
         2.dnscrypt-cert.*) ;;
         *) provider_name="2.dnscrypt-cert.${provider_name}"
     esac
-    echo "Provider name: [$provider_name]"
 
-    [ -z "$listen_address" ] && usage
-    case "$listen_address" in
+    [ -z "$ext_address" ] && usage
+    case "$ext_address" in
         .*) usage ;;
         0.*) echo "Do not use 0.0.0.0, use an actual external IP address" >&2 ; exit 1 ;;
     esac
+
     echo "Provider name: [$provider_name]"
     cd "$KEYS_DIR"
     /opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper \
         --gen-provider-keypair --nolog --dnssec \
-        --provider-name="$provider_name" --listen-address="$listen_address" | \
+        --provider-name="$provider_name" --ext-address="$ext_address" | \
         tee "${KEYS_DIR}/provider-info.txt"
     chmod 640 "${KEYS_DIR}/secret.key"
     chmod 644 "${KEYS_DIR}/public.key"
@@ -74,7 +74,7 @@ is_initialized() {
 
 ensure_initialized() {
     if [ $(is_initialized) = no ]; then
-        echo "Please provide an initial configuration (init -N <provider_name>)" >&2
+        echo "Please provide an initial configuration (init -N <provider_name> -E <external IP>)" >&2
         exit 1
     fi
 }
@@ -91,14 +91,14 @@ usage() {
 Commands
 ========
 
-* init -N <provider_name> -L <external ip>:<port>
+* init -N <provider_name> -E <external ip>:<port>
 initialize the container for a server accessible at ip <external ip> on port
 <port>, for a provider named <provider_name>. This is required only once.
 
 * start (default command): start the resolver and the dnscrypt server proxy.
 Ports 443/udp and 443/tcp have to be publicly exposed.
 
-* provider-info: prints the provide name and provider public key.
+* provider-info: prints the provide namer and provider public key.
 
 This container has a single volume that you might want to securely keep a
 backup of: /opt/dnscrypt-wrapper/etc/keys
diff --git a/kube/dnscrypt-init-job.yml b/kube/dnscrypt-init-job.yml
index c7840ed..d46cb77 100644
--- a/kube/dnscrypt-init-job.yml
+++ b/kube/dnscrypt-init-job.yml
@@ -10,7 +10,7 @@ spec:
       containers:
       - name: dnscrypt-init
         image: jedisct1/unbound-dnscrypt-server
-        command: ["/entrypoint.sh", "init",  "-N", "example.com", "-L", "192.168.1.1:443"]
+        command: ["/entrypoint.sh", "init",  "-N", "example.com", "-E", "192.168.1.1:443"]
         volumeMounts:
           - name: dnscrypt-keys
             mountPath: /opt/dnscrypt-wrapper/etc/keys