From nobody Fri Mar 11 07:28:36 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 8C5DF1A13A0A; Fri, 11 Mar 2022 07:28:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KFHbm3GBhz3lNv; Fri, 11 Mar 2022 07:28:36 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646983716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KezMY35s2kqIwadsWcbMMS7G+TOAqjQOQxj4Pc8+6EA=; b=GMBLg68MmhxH6pzZni2kNHVE6HO4599ubt1rQUFMUkr3XbT5grpXudn/qMScH9KYcQl1+N FNaVixRqnr30CA2O0gXJj7QnWFnn+GzVSty5ljcVV2eqroGujBe3IkViU0s/DDtUHAcH4i aDEDm7TylA4pOvbSVS/Sl79JX6Y95J7ojtTAmZaH8cEZByF5Mqyjth8PJaFgPVJdWtgtpy cY1M8AVHMQ7pP34KPHylTPOKlo2Luboho2TOxO+mw3+7QjOwZoL2KFFQgzy8lqg6cDxxHX 6Z+pP2QygO5aMdPVtOF7HYHRbuN11rqOyvh6QzZzojAuMW1FYJmy0AKZZ5HvcA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4BCA115382; Fri, 11 Mar 2022 07:28:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 22B7Sabe045063; Fri, 11 Mar 2022 07:28:36 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 22B7SaJX045062; Fri, 11 Mar 2022 07:28:36 GMT (envelope-from git) Date: Fri, 11 Mar 2022 07:28:36 GMT Message-Id: <202203110728.22B7SaJX045062@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Jimmy Olgeni Subject: git: 0b0963234709 - main - net/nats-server: improve rc.d List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olgeni X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0b0963234709b713a02afd660465649cb88a6da1 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646983716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KezMY35s2kqIwadsWcbMMS7G+TOAqjQOQxj4Pc8+6EA=; b=f6tytBm3TbiZ/CNMF04P2pU2T7t6VYA7w7p1cfw82b3vPIuF6jbCUGVj6ha+hYot7h3Sf/ qLBqqtW8xBoWQqRrrhKdPyhK7elF6oD7kduG13PhCH+R98onCmSQiH9DNZqIxXP78t6ODL HzEkpgUCO3lLQj3a1WzA2GBsu5NntEwnYpxpqeaaAcIGhNxxau0rUAzP11f3EhQw0Oqxmh KCUQdEYOH9SulimDD8kaJnC+XsM+ZOJv26FvKy38Kgi54Nu2oIhjtsxh7hdCHoW4yZFUP5 OZsLi35Yw2sK3vqjYVwIB9P86GfVGfbDF3X8Cd8AavHeNaIy8i4WfFvADqiGag== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1646983716; a=rsa-sha256; cv=none; b=x5Nh9XIoDPwB1Bu2iuIw0hAG/RyF5QuNSoMAKdK+vc59qQavGU6R62lLQ6uKJThhmw3LFw rnYNpD3aspgagOo+M0UGU2lJV/UPExtqpgy2j4lkHQFkq4K+QXofh53vt8kD9YLTjeUoI7 3jhPbljYLfSECw9khtiwKtaXou4DRzUPYOCTZJDOfC/3PuI1bCwLjxrfldAGGWmYeqnEGx 6yrgRIGYrK6j6SM8UwdUlUdqvwwitty184mWazTzaRiIH8+zBwOoC1ZdurkXzjoQnthn1F HxSkkJjQ5CbOVc1bXYovqYACGE7I3B5fcN3PBTeUALlXSlrWRiVQDb8FJi1zeQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by olgeni: URL: https://cgit.FreeBSD.org/ports/commit/?id=0b0963234709b713a02afd660465649cb88a6da1 commit 0b0963234709b713a02afd660465649cb88a6da1 Author: Jimmy Olgeni AuthorDate: 2022-03-11 07:22:02 +0000 Commit: Jimmy Olgeni CommitDate: 2022-03-11 07:22:43 +0000 net/nats-server: improve rc.d - Add nats to UIDs and GIDs - Add extra commands for logrotate and 'lame duck mode'. From the docs: In production we recommend that a server is shut down with "lame duck mode" as a graceful way to slowly evict clients. With large deployments this mitigates the "thundering herd" situation that will place CPU pressure on servers as TLS enabled clients reconnect. After entering lame duck mode, the server will stop accepting new connections, wait for a 10 second grace period, then begin to evict clients over a period of time configurable by the configuration option. This period defaults to 2 minutes. --- GIDs | 2 +- UIDs | 2 +- UPDATING | 8 ++++++++ net/nats-server/Makefile | 3 +++ net/nats-server/files/nats.sh.in | 23 +++++++++++++++++++---- 5 files changed, 32 insertions(+), 6 deletions(-) diff --git a/GIDs b/GIDs index eebd84687876..18c8f8438f09 100644 --- a/GIDs +++ b/GIDs @@ -244,7 +244,7 @@ openvpn:*:301: netdata:*:302: onlyoffice:*:303:www glewlwyd:*:304: -# free: 305 +nats:*:305: # free: 306 # free: 307 # free: 308 diff --git a/UIDs b/UIDs index afe7e28a40de..acdac4f39461 100644 --- a/UIDs +++ b/UIDs @@ -249,7 +249,7 @@ openvpn:*:301:301::0:0:OpenVPN pseudo-user:/nonexistent:/usr/sbin/nologin netdata:*:302:302::0:0:NetData Daemon:/var/cache/netdata:/usr/sbin/nologin onlyoffice:*:303:303::0:0:Onlyoffice pseudo-user:/usr/local/www/onlyoffice/documentserver:/usr/sbin/nologin glewlwyd:*:304:304::0:0:Glewlwyd SSO server:/nonexistent:/usr/sbin/nologin -# free: 305 +nats:*:305:305::0:0:NATS Daemon:/nonexistent:/usr/sbin/nologin # free: 306 # free: 307 # free: 308 diff --git a/UPDATING b/UPDATING index 8144db70b5ef..c8e7bc2e9d04 100644 --- a/UPDATING +++ b/UPDATING @@ -5,6 +5,14 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20220311: + AFFECTS: users of net/nats-server + AUTHOR: olgeni@FreeBSD.org + + A dedicated 'nats' user was added, replacing 'nobody' in the startup script. + You should check your configuration and assign updated ownership to your data + files. + 20220227: AFFECTS: users of graphics/bmeps AUTHOR: takefu@airport.fm diff --git a/net/nats-server/Makefile b/net/nats-server/Makefile index 34a7d0b7e46a..22fe5f41e783 100644 --- a/net/nats-server/Makefile +++ b/net/nats-server/Makefile @@ -1,6 +1,7 @@ PORTNAME= nats-server PORTVERSION= 2.7.3 DISTVERSIONPREFIX= v +PORTREVISION= 1 CATEGORIES= net MAINTAINER= olgeni@FreeBSD.org @@ -26,6 +27,8 @@ GH_TUPLE= golang:crypto:5e0467b6c7ce:golang_crypto/vendor/golang.org/x/crypto \ protocolbuffers:protobuf-go:v1.23.0:protocolbuffers_protobuf_go/vendor/google.golang.org/protobuf USE_RC_SUBR= nats.sh +USERS= nats +GROUPS= nats OPTIONS_DEFINE= DOCS diff --git a/net/nats-server/files/nats.sh.in b/net/nats-server/files/nats.sh.in index d78177158c26..f1c4fdc9664d 100644 --- a/net/nats-server/files/nats.sh.in +++ b/net/nats-server/files/nats.sh.in @@ -8,7 +8,8 @@ # # nats_enable (bool): Set it to "YES" to enable nats server. # Default is "NO". -# nats_user: User name to run as. default "nobody" +# nats_user: User name to run as. default "nats" +# nats_group: Group name to run as. default "nats" # nats_options: Options to pass nats server # @@ -18,12 +19,26 @@ name=nats rcvar=`set_rcvar` load_rc_config ${name} + : ${nats_enable:=NO} -: ${nats_user:=nobody} +: ${nats_user:=nats} +: ${nats_group:=nats} : ${nats_options="-c %%PREFIX%%/etc/nats.conf"} -command=/usr/sbin/daemon +start_precmd=nats_start_precmd + +pidfile="/var/run/${name}.pid" procname=%%PREFIX%%/bin/nats-server -command_args="${procname} ${nats_options}" +command=/usr/sbin/daemon +command_args="-p ${pidfile} ${procname} ${nats_options}" + +extra_commands="logrotate ldm" +logrotate_cmd="${procname} --signal reopen=${pidfile}" +ldm_cmd="${procname} --signal ldm=${pidfile}" + +nats_start_precmd() +{ + install -o ${nats_user} -g ${nats_group} /dev/null ${pidfile} +} run_rc_command "$1"