From owner-svn-ports-head@freebsd.org  Thu Jun  7 14:18:57 2018
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 60686FF06BA;
 Thu,  7 Jun 2018 14:18:57 +0000 (UTC)
 (envelope-from dbaio@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1377B6B935;
 Thu,  7 Jun 2018 14:18:57 +0000 (UTC)
 (envelope-from dbaio@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E8E4121365;
 Thu,  7 Jun 2018 14:18:56 +0000 (UTC)
 (envelope-from dbaio@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w57EIuwi056557;
 Thu, 7 Jun 2018 14:18:56 GMT (envelope-from dbaio@FreeBSD.org)
Received: (from dbaio@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w57EItTG056548;
 Thu, 7 Jun 2018 14:18:55 GMT (envelope-from dbaio@FreeBSD.org)
Message-Id: <201806071418.w57EItTG056548@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: dbaio set sender to
 dbaio@FreeBSD.org using -f
From: "Danilo G. Baio" <dbaio@FreeBSD.org>
Date: Thu, 7 Jun 2018 14:18:55 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r471924 - in head: . dns dns/go-geodns dns/go-geodns/files
X-SVN-Group: ports-head
X-SVN-Commit-Author: dbaio
X-SVN-Commit-Paths: in head: . dns dns/go-geodns dns/go-geodns/files
X-SVN-Commit-Revision: 471924
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jun 2018 14:18:57 -0000

Author: dbaio
Date: Thu Jun  7 14:18:54 2018
New Revision: 471924
URL: https://svnweb.freebsd.org/changeset/ports/471924

Log:
  Add dns/go-geodns: DNS server with per-client targeted responses
  
  GeoDNS is a DNS server with per-client targeted responses. It powers the NTP
  Pool system and other similar services.
  
  WWW: https://github.com/abh/geodns
  
  PR:		227492
  Submitted by:	Vinicius Zavam <egypcio@googlemail.com>
  Differential Revision:	https://reviews.freebsd.org/D15056

Added:
  head/dns/go-geodns/
  head/dns/go-geodns/Makefile   (contents, props changed)
  head/dns/go-geodns/distinfo   (contents, props changed)
  head/dns/go-geodns/files/
  head/dns/go-geodns/files/geodns.in   (contents, props changed)
  head/dns/go-geodns/files/pkg-message.in   (contents, props changed)
  head/dns/go-geodns/pkg-descr   (contents, props changed)
  head/dns/go-geodns/pkg-plist   (contents, props changed)
Modified:
  head/GIDs
  head/UIDs
  head/dns/Makefile

Modified: head/GIDs
==============================================================================
--- head/GIDs	Thu Jun  7 14:16:29 2018	(r471923)
+++ head/GIDs	Thu Jun  7 14:18:54 2018	(r471924)
@@ -793,7 +793,7 @@ chronyd:*:849:
 # free: 850
 # free: 851
 # free: 852
-# free: 853
+_geodns:*:853:
 # free: 854
 # free: 855
 # free: 856

Modified: head/UIDs
==============================================================================
--- head/UIDs	Thu Jun  7 14:16:29 2018	(r471923)
+++ head/UIDs	Thu Jun  7 14:18:54 2018	(r471924)
@@ -799,7 +799,7 @@ chronyd:*:849:849::0:0:chronyd user:/nonexistent:/usr/
 # free: 850
 # free: 851
 # free: 852
-# free: 853
+_geodns:*:853:853::0:0:GeoDNS User:/var/empty:/usr/sbin/nologin
 # free: 854
 # free: 855
 # free: 856

Modified: head/dns/Makefile
==============================================================================
--- head/dns/Makefile	Thu Jun  7 14:16:29 2018	(r471923)
+++ head/dns/Makefile	Thu Jun  7 14:18:54 2018	(r471924)
@@ -78,6 +78,7 @@
     SUBDIR += gen6dns
     SUBDIR += getdns
     SUBDIR += ghtool
+    SUBDIR += go-geodns
     SUBDIR += hesiod
     SUBDIR += hostdb
     SUBDIR += hs-dns

Added: head/dns/go-geodns/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/go-geodns/Makefile	Thu Jun  7 14:18:54 2018	(r471924)
@@ -0,0 +1,44 @@
+# $FreeBSD$
+
+PORTNAME=	geodns
+PORTVERSION=	2.7.0
+CATEGORIES=	dns net ipv6
+PKGNAMEPREFIX=	go-
+
+MAINTAINER=	egypcio@googlemail.com
+COMMENT=	DNS server with per-client targeted responses
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+BUILD_DEPENDS=	GeoIP>=1.6.12:net/GeoIP
+RUN_DEPENDS=	GeoIP>=1.6.12:net/GeoIP
+
+USES=		go pkgconfig
+USE_RC_SUBR=	geodns
+USE_GITHUB=	yes
+
+GH_ACCOUNT=	abh
+GO_PKGNAME=	github.com/${GH_ACCOUNT}/${PORTNAME}
+
+PORTEXAMPLES=	*.json
+
+USERS=		_geodns
+GROUPS=		_geodns
+
+PLIST_SUB=	USER="${USERS}" GROUP="${GROUPS}"
+SUB_LIST=	USER="${USERS}" GROUP="${GROUPS}"
+SUB_FILES=	pkg-message
+
+OPTIONS_DEFINE=	EXAMPLES
+
+do-install:
+	${MKDIR} ${STAGEDIR}/${ETCDIR}
+	${INSTALL_PROGRAM} ${WRKDIR}/bin/geodns ${STAGEDIR}${PREFIX}/sbin
+	${INSTALL_DATA} ${WRKSRC}/dns/geodns.conf.sample ${STAGEDIR}${PREFIX}/etc
+
+do-install-EXAMPLES-on:
+	${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
+	${INSTALL_DATA} ${WRKSRC}/dns/${PORTEXAMPLES} ${STAGEDIR}${EXAMPLESDIR}
+
+.include <bsd.port.mk>

Added: head/dns/go-geodns/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/go-geodns/distinfo	Thu Jun  7 14:18:54 2018	(r471924)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1523611997
+SHA256 (abh-geodns-2.7.0_GH0.tar.gz) = 73014bf559611994b007f65bed238e49cae3e580e592abc55c787e58c2706789
+SIZE (abh-geodns-2.7.0_GH0.tar.gz) = 367646

Added: head/dns/go-geodns/files/geodns.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/go-geodns/files/geodns.in	Thu Jun  7 14:18:54 2018	(r471924)
@@ -0,0 +1,123 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: geodns
+# REQUIRE: cleanvar SERVERS
+#
+# Options to configure geodns via /etc/rc.conf:
+#
+# geodns_enable (bool):
+#   Enable service on boot.
+#   Default: NO
+#
+# geodns_conf (str):
+#   Config file to use.
+#   Default: %%PREFIX%%/etc/geodns.conf
+#
+# geodns_addr (str):
+#   Specify which IP address to listen to.
+#   Default: [::], 0.0.0.0
+#
+# geodns_port (str):
+#   Specify which port to listen on.
+#   Default: 5353
+#
+# geodns_suexec (bool):
+#   Run geodns as root.
+#   Default: NO
+#
+# geodns_uid (str):
+#   User to run geodns as.
+#   Default: %%USER%%
+#
+# geodns_zones (str):
+#   Zone files directory.
+#   Default: %%ETCDIR%%
+#
+# geodns_mac_portacl_enable (bool):
+#   Load mac_portacl module (network port access control policy).
+#   Default: NO
+#
+
+. /etc/rc.subr
+
+name="geodns"
+rcvar="geodns_enable"
+pidfile="/var/run/geodns.pid"
+procname="%%PREFIX%%/sbin/geodns"
+
+load_rc_config $name
+
+: ${geodns_enable:="NO"}
+: ${geodns_conf:="%%PREFIX%%/etc/geodns.conf"}
+: ${geodns_addr:=""}
+: ${geodns_port:="5353"}
+: ${geodns_suexec:="NO"}
+: ${geodns_uid:="%%USER%%"}
+: ${geodns_zones:="%%ETCDIR%%"}
+: ${geodns_mac_portacl_enable:="NO"}
+
+checkyesno geodns_suexec && geodns_uid="root"
+
+command="/usr/sbin/daemon"
+
+command_args="-p ${pidfile} -t ${name} -u ${geodns_uid} -f ${procname} -configfile ${geodns_conf} -config ${geodns_zones} -port ${geodns_port}"
+
+if [ ! -z ${geodns_addr} ]; then
+	command_args="${command_args} -interface ${geodns_addr}"
+fi
+
+start_precmd="geodns_precmd"
+
+geodns_precmd() {
+	local reservedlow reservedhigh rules_current rules_geodns rport ruid
+
+	if checkyesno geodns_mac_portacl_enable ; then
+
+		# Check and load mac_portacl module
+		if ! kldstat -m mac_portacl >/dev/null 2>&1 ; then
+			if ! kldload mac_portacl ; then
+				warn "Could not load mac_portacl module."
+				return 1
+			fi
+		fi
+
+		# Check and add mac_portacl rules
+		ruid=$(id -u $geodns_uid)
+		rport=$geodns_port #smaller variable
+		rules_current=$(sysctl -n security.mac.portacl.rules)
+		rules_geodns="uid:${ruid}:tcp:${rport},uid:${ruid}:udp:${rport}"
+		if [ ! $rules_current = "" ]; then
+			if ! echo $rules_current | grep "$rules_geodns" >/dev/null 2>&1 ; then
+				rules_current="${rules_current},${rules_geodns}"
+				if ! sysctl security.mac.portacl.rules="$rules_current" >/dev/null 2>&1 ; then
+					warn "Could not insert mac_portacl rules."
+					return 1
+				fi
+			fi
+		elif ! sysctl security.mac.portacl.rules=$rules_geodns >/dev/null 2>&1 ; then
+			warn "Could not insert mac_portacl rules."
+			return 1
+		fi
+
+		# Check and disable net.inet.ip.portrange.* control
+		reservedlow=$(sysctl -n net.inet.ip.portrange.reservedlow)
+		reservedhigh=$(sysctl -n net.inet.ip.portrange.reservedhigh)
+		if [ ! $reservedlow -eq 0 ]; then
+			if ! sysctl net.inet.ip.portrange.reservedlow=0 >/dev/null 2>&1 ; then
+				warn "Could not change net.inet.ip.portrange.reservedlow."
+				return 1
+			fi
+		fi
+		if [ ! $reservedhigh -eq 0 ]; then
+			if ! sysctl net.inet.ip.portrange.reservedhigh=0 >/dev/null 2>&1 ; then
+				warn "Could not change net.inet.ip.portrange.reservedhigh."
+				return 1
+			fi
+		fi
+
+	fi # geodns_mac_portacl_enable
+}
+
+run_rc_command $1

Added: head/dns/go-geodns/files/pkg-message.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/go-geodns/files/pkg-message.in	Thu Jun  7 14:18:54 2018	(r471924)
@@ -0,0 +1,13 @@
+======================================================================
+GeoDNS is written in Go and therefore isn't capable of dropping privileges
+after binding to a low port on FreeBSD.
+
+By default, this port's daemon will listen on port 5353 (TCP/UDP) as the
+%%USER%% user.
+
+It's possible to bind it and listen on port 53 (TCP/UDP) with mac_portacl(4)
+kernel module (network port access control policy). For this add
+geodns_mac_portacl_enable=YES and geodns_port=53 in your rc.conf. The GeoDNS
+startup script will load mac_portacl and add a rule where %%USER%% user will
+be able to bind on port 53 (TCP/UDP). 
+======================================================================

Added: head/dns/go-geodns/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/go-geodns/pkg-descr	Thu Jun  7 14:18:54 2018	(r471924)
@@ -0,0 +1,4 @@
+GeoDNS is a DNS server with per-client targeted responses. It powers the NTP
+Pool system and other similar services.
+
+WWW: https://github.com/abh/geodns

Added: head/dns/go-geodns/pkg-plist
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/go-geodns/pkg-plist	Thu Jun  7 14:18:54 2018	(r471924)
@@ -0,0 +1,3 @@
+@dir(%%USER%%,%%GROUP%%) %%ETCDIR%%
+@sample etc/geodns.conf.sample
+sbin/geodns