Date: Thu, 18 Jan 2007 00:47:52 +0100 (CET) From: Sten Spans <sten@blinkenlights.nl> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/108062: Update port: dns/powerdns-recursor add sane defaults Message-ID: <20070117234752.681DC73050@mx0.blinkenlights.nl> Resent-Message-ID: <200701180020.l0I0KIVh054342@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 108062 >Category: ports >Synopsis: Update port: dns/powerdns-recursor add sane defaults >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Jan 18 00:20:18 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Sten Spans >Release: FreeBSD 6.1-RELEASE-p7 i386 >Organization: >Environment: System: FreeBSD earth.blinkenlights.nl 6.1-RELEASE-p7 FreeBSD 6.1-RELEASE-p7 #0: Sun Sep 24 14:42:21 CEST 2006 root@earth.blinkenlights.nl:/usr/obj/usr/src/sys/1650 i386 >Description: Add reasonable default for max-cache-entries, which stops the recursor from using all system memory. Also add pseudo-user creation via pkg-install, and use it by default. These new options are hardcoded in the binary, which is the easiest way due to how the configuration file is generated. >How-To-Repeat: >Fix: --- Makefile.orig Thu Jan 18 00:18:49 2007 +++ Makefile Thu Jan 18 00:17:24 2007 @@ -7,7 +7,7 @@ PORTNAME= powerdns-recursor PORTVERSION= 3.1.4 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= dns ipv6 MASTER_SITES= http://downloads.powerdns.com/releases/ \ http://mirrors.evolva.ro/powerdns.com/releases/ @@ -63,6 +63,10 @@ ${WRKSRC}/Makefile @${REINPLACE_CMD} -e 's;"/etc/powerdns/";"${PREFIX}/etc/pdns/";' \ ${WRKSRC}/config.h + +pre-install: + @${ECHO} "==> Creating custom user to run pdns_recursor..." + @${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL post-install: .if !exists(${PREFIX}/etc/pdns/recursor.conf) --- files/patch-pdns_nameserver.cc Thu Jan 1 01:00:00 1970 +++ files/patch-pdns_nameserver.cc Thu Jan 18 00:02:28 2007 @@ -0,0 +1,22 @@ +--- pdns_recursor.cc.orig Wed Jan 17 23:45:51 2007 ++++ pdns_recursor.cc Thu Jan 18 00:01:47 2007 +@@ -1669,8 +1669,8 @@ + ::arg().set("daemon","Operate as a daemon")="yes"; + ::arg().set("log-common-errors","If we should log rather common errors")="yes"; + ::arg().set("chroot","switch to chroot jail")=""; +- ::arg().set("setgid","If set, change group id to this gid for more security")=""; +- ::arg().set("setuid","If set, change user id to this uid for more security")=""; ++ ::arg().set("setgid","If set, change group id to this gid for more security")="pdns"; ++ ::arg().set("setuid","If set, change user id to this uid for more security")="pdns_recursor"; + #ifdef WIN32 + ::arg().set("quiet","Suppress logging of questions and answers")="off"; + ::arg().setSwitch( "register-service", "Register the service" )= "no"; +@@ -1691,7 +1691,7 @@ + ::arg().set("client-tcp-timeout","Timeout in seconds when talking to TCP clients")="2"; + ::arg().set("max-tcp-clients","Maximum number of simultaneous TCP clients")="128"; + ::arg().set("hint-file", "If set, load root hints from this file")=""; +- ::arg().set("max-cache-entries", "If set, maximum number of entries in the main cache")="0"; ++ ::arg().set("max-cache-entries", "If set, maximum number of entries in the main cache")="500000"; + ::arg().set("max-negative-ttl", "maximum number of seconds to keep a negative cached entry in memory")="3600"; + ::arg().set("server-id", "Returned when queried for 'server.id' TXT, defaults to hostname")=""; + ::arg().set("remotes-ringbuffer-entries", "maximum number of packets to store statistics for")="0"; --- pkg-install Thu Jan 1 01:00:00 1970 +++ pkg-install Thu Jan 18 00:00:46 2007 @@ -0,0 +1,30 @@ +#!/bin/sh + +if [ "$2" != "PRE-INSTALL" ]; then + exit 0 +fi + +PDNSUSER=${PDNSUSER:-pdns_recursor} +PDNSGROUP=${PDNSGROUP:-pdns} + +if ! pw groupshow "$PDNSGROUP" 2>/dev/null 1>&2; then + if pw groupadd $PDNSGROUP; then + echo "=> Added group \"$PDNSGROUP\"." + else + echo "=> Adding group \"$PDNSGROUP\" failed..." + exit 1 + fi +fi + +if ! pw usershow "$PDNSUSER" 2>/dev/null 1>&2; then + if pw useradd $PDNSUSER -g $PDNSGROUP -h - \ + -s "/usr/sbin/nologin" -d "/nonexistent" \ + -c "pdns_recursor pseudo-user"; \ + then + echo "=> Added user \"$PDNSUSER\"." + else + echo "=> Adding user \"$PDNSUSER\" failed..." + exit 1 + fi +fi +exit 0 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070117234752.681DC73050>