From 0f99a4a6680147304e59e8bcb6bd0195d5140689 Mon Sep 17 00:00:00 2001 From: kenzok8 Date: Fri, 18 Apr 2025 20:40:57 +0800 Subject: [PATCH] update 2025-04-18 20:40:57 --- dockerd/Makefile | 4 ++-- .../luasrc/model/cbi/passwall/client/global.lua | 4 ++-- luci-app-passwall/root/usr/share/passwall/app.sh | 6 ++++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/dockerd/Makefile b/dockerd/Makefile index 1fc457b62..97b4be008 100644 --- a/dockerd/Makefile +++ b/dockerd/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dockerd -PKG_VERSION:=28.1.0 +PKG_VERSION:=28.1.1 PKG_RELEASE:=1 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE @@ -10,7 +10,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_GIT_URL:=github.com/moby/moby PKG_GIT_REF:=v$(PKG_VERSION) PKG_SOURCE_URL:=https://codeload.$(PKG_GIT_URL)/tar.gz/$(PKG_GIT_REF)? -PKG_HASH:=da7dc30bf04d006fd25e0b8f8dedd773a456760f5d57afeef6e1520290bc9592 +PKG_HASH:=5c9402ef5886be7683260a424c02de199b45b7e15633d90e03faaf672f7041fc PKG_GIT_SHORT_COMMIT:=c710b88 # SHA1 used within the docker executables PKG_MAINTAINER:=Gerard Ryan diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index 7aae40f3b..9672c449e 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -606,8 +606,8 @@ end o = s:taboption("DNS", Flag, "chinadns_ng_cert_verify", translate("DoT Cert verify"), translate("Verify DoT SSL cert. (May fail on some platforms!)")) o.default = "0" -o:depends({dns_shunt = "chinadns-ng", direct_dns_mode = "dot"}) -o:depends({dns_shunt = "chinadns-ng", dns_mode = "dot"}) +o:depends({direct_dns_mode = "dot"}) +o:depends({dns_mode = "dot"}) o = s:taboption("DNS", Flag, "dns_redirect", translate("DNS Redirect"), translate("Force special DNS server to need proxy devices.")) o.default = "1" diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index e5e0f9831..50a8dec29 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -1421,12 +1421,13 @@ start_dns() { dot) if [ "$chinadns_tls" != "nil" ]; then local DIRECT_DNS=$(config_t_get global direct_dns_dot "tls://dot.pub@1.12.12.12") + local cert_verify=$([ "$(config_t_get global chinadns_ng_cert_verify 0)" = "1" ] && echo "--cert-verify") china_ng_local_dns=${DIRECT_DNS} #当全局(包括访问控制节点)开启chinadns-ng时,不启动新进程。 [ "$DNS_SHUNT" != "chinadns-ng" ] || [ "$ACL_RULE_DNSMASQ" = "1" ] && { LOCAL_DNS="127.0.0.1#${NEXT_DNS_LISTEN_PORT}" - ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${NEXT_DNS_LISTEN_PORT} -c ${DIRECT_DNS} -d chn + ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${NEXT_DNS_LISTEN_PORT} -c ${DIRECT_DNS} -d chn ${cert_verify} echolog " - ChinaDNS-NG(${LOCAL_DNS}) -> ${DIRECT_DNS}" echolog " * 请确保上游直连 DNS 支持 DoT 查询。" NEXT_DNS_LISTEN_PORT=$(expr $NEXT_DNS_LISTEN_PORT + 1) @@ -1543,12 +1544,13 @@ start_dns() { if [ "$chinadns_tls" != "nil" ]; then local china_ng_listen_port=${NEXT_DNS_LISTEN_PORT} local china_ng_trust_dns=$(config_t_get global remote_dns_dot "tls://one.one.one.one@1.1.1.1") + local cert_verify=$([ "$(config_t_get global chinadns_ng_cert_verify 0)" = "1" ] && echo "--cert-verify") local tmp_dot_ip=$(echo "$china_ng_trust_dns" | sed -n 's/.*:\/\/\([^@#]*@\)*\([^@#]*\).*/\2/p') local tmp_dot_port=$(echo "$china_ng_trust_dns" | sed -n 's/.*#\([0-9]\+\).*/\1/p') REMOTE_DNS="$tmp_dot_ip#${tmp_dot_port:-853}" [ "$DNS_SHUNT" != "chinadns-ng" ] && { [ "$FILTER_PROXY_IPV6" = "1" ] && DNSMASQ_FILTER_PROXY_IPV6=0 && local no_ipv6_trust="-N" - ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw ${no_ipv6_trust} + ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw ${no_ipv6_trust} ${cert_verify} echolog " - ChinaDNS-NG(${TUN_DNS}) -> ${china_ng_trust_dns}" } else