Date: Sat, 23 Feb 2019 01:52:45 +0000 (UTC) From: Ryan Steinmetz <zi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r493632 - in head/dns/gdnsd3: . files Message-ID: <201902230152.x1N1qjkc073809@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zi Date: Sat Feb 23 01:52:45 2019 New Revision: 493632 URL: https://svnweb.freebsd.org/changeset/ports/493632 Log: - Update to 3.0.0 Added: head/dns/gdnsd3/pkg-message (contents, props changed) Deleted: head/dns/gdnsd3/files/patch-Makefile.in Modified: head/dns/gdnsd3/Makefile head/dns/gdnsd3/distinfo head/dns/gdnsd3/files/gdnsd.in head/dns/gdnsd3/pkg-plist Modified: head/dns/gdnsd3/Makefile ============================================================================== --- head/dns/gdnsd3/Makefile Sat Feb 23 01:51:58 2019 (r493631) +++ head/dns/gdnsd3/Makefile Sat Feb 23 01:52:45 2019 (r493632) @@ -2,20 +2,21 @@ # $FreeBSD$ PORTNAME= gdnsd -PORTVERSION= 2.4.2 +PORTVERSION= 3.0.0 CATEGORIES= dns MASTER_SITES= https://github.com/gdnsd/gdnsd/releases/download/v${PORTVERSION}/ \ ZI \ http://gdnsd.scaleengine.net/gdnsd/ -PKGNAMESUFFIX= 2 +PKGNAMESUFFIX= 3 MAINTAINER= zi@FreeBSD.org COMMENT= Authoritative-only GeoIP-aware DNS server LICENSE= GPLv3 -LIB_DEPENDS= libev.so:devel/libev -BUILD_DEPENDS= ragel>0:devel/ragel +LIB_DEPENDS= libev.so:devel/libev \ + libsodium.so:security/libsodium \ + liburcu.so:sysutils/liburcu FETCH_ARGS= -Fpr @@ -26,32 +27,34 @@ USES= pkgconfig libtool tar:xz perl5 gmake USE_PERL5= build CPPFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib -CONFLICTS_INSTALL= gdnsd-1.[0-9]* gdnsd3-3.[0-9]* +CONFLICTS_INSTALL= gdnsd-1.[0-9]* gdnsd2-2.[0-9]* USE_RC_SUBR= gdnsd USERS?= gdnsd GROUPS?= gdnsd -OPTIONS_DEFINE= DOCS MAXMINDDB URCU +OPTIONS_DEFINE= DOCS MAXMINDDB OPTIONS_DEFAULT=MAXMINDDB MAXMINDDB_DESC= Enable GeoIP1 + GeoIP2 Support MAXMINDDB_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb -URCU_DESC= Read-Copy-Update Support (Faster Zone Parsing) -URCU_CONFIGURE_WITH= urcu -URCU_LIB_DEPENDS= liburcu.so:sysutils/liburcu +.include <bsd.port.pre.mk> +.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1200000 +CONFIGURE_ARGS+=--without-hardening +CFLAGS+= -fstack-protector-strong -fexceptions -ftrapv +LDFLAGS+= -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack +.endif + post-patch: @${REINPLACE_CMD} -e 's|$${localstatedir}/lib/$${PACKAGE_NAME}|/var/db/${PORTNAME}|g' \ ${WRKSRC}/configure post-install: - @${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/${PORTNAME}/libgdnsd.so - @${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/${PORTNAME}/plugin_*.so @${MKDIR} ${STAGEDIR}${PREFIX}/etc/gdnsd/geoip \ ${STAGEDIR}${PREFIX}/etc/gdnsd/zones \ ${STAGEDIR}/var/run/gdnsd -.include <bsd.port.mk> +.include <bsd.port.post.mk> Modified: head/dns/gdnsd3/distinfo ============================================================================== --- head/dns/gdnsd3/distinfo Sat Feb 23 01:51:58 2019 (r493631) +++ head/dns/gdnsd3/distinfo Sat Feb 23 01:52:45 2019 (r493632) @@ -1,3 +1,3 @@ -TIMESTAMP = 1549900121 -SHA256 (gdnsd-2.4.2.tar.xz) = 76ca503cf96d5a26ba1fea82f6c31983542c497799c0ed659d53e51bec9643de -SIZE (gdnsd-2.4.2.tar.xz) = 640948 +TIMESTAMP = 1550849201 +SHA256 (gdnsd-3.0.0.tar.xz) = e08bf1c0d76bd6cecffd9e0da351f7983e6d25c9ace74b7c28f45fe39e3f389e +SIZE (gdnsd-3.0.0.tar.xz) = 451776 Modified: head/dns/gdnsd3/files/gdnsd.in ============================================================================== --- head/dns/gdnsd3/files/gdnsd.in Sat Feb 23 01:51:58 2019 (r493631) +++ head/dns/gdnsd3/files/gdnsd.in Sat Feb 23 01:52:45 2019 (r493632) @@ -23,25 +23,49 @@ rcvar=gdnsd_enable # set defaults load_rc_config $name : ${gdnsd_enable:="NO"} +: ${gdnsd_user:="gdnsd"} +: ${gdnsd_group:="gdnsd"} : ${gdnsd_flags:=""} command="%%PREFIX%%/sbin/gdnsd" -command_args="start" +command_args="daemonize" procname=${command} +start_precmd="gdnsd_prestart" restart_precmd="gdnsd_checkconf" +restart_cmd="gdnsd_restart" reload_cmd="gdnsd_reload" reload_precmd="gdnsd_checkconf" +stats_cmd="gdnsd_stats" configtest_cmd="gdnsd_checkconf" -extra_commands="reload configtest" +extra_commands="stats reload configtest" + +gdnsd_prestart() +{ + if ! kldstat -q -m mac_portacl; then + warn "mac_portacl module not loaded, please review pkg-message" + fi + + install -d -o ${gdnsd_user} -g ${gdnsd_group} -m 700 /var/run/gdnsd +} + gdnsd_reload() { - ${command} ${gdnsd_flags} reload-zones + gdnsdctl reload-zones } +gdnsd_restart() +{ + gdnsdctl replace +} + gdnsd_checkconf() { ${command} ${gdnsd_flags} checkconf } -run_rc_command "$1" +gdnsd_stats() +{ + gdnsdctl stats +} +run_rc_command "$1" Added: head/dns/gdnsd3/pkg-message ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/gdnsd3/pkg-message Sat Feb 23 01:52:45 2019 (r493632) @@ -0,0 +1,28 @@ +************************************************************************ +As of version 3.0.0, gdnsd no longer has the ability to bind to +privileged ports and then drop privileges. As a result, you must use +mac_portacl to allow the gdnsd user to bind to 53 udp/tcp. + +Please execute the following commands to prep this system to run gdnsd: + +echo "# required for gdnsd3">>/boot/loader.conf.local +echo 'mac_portacl_load="YES"' >>/boot/loader.conf.local +echo 'accf_dns_load="YES"' >>/boot/loader.conf.local +echo 'accf_data_load="YES"' >>/boot/loader.conf.local + +echo "# required for gdnsd3">>/etc/sysctl.conf.local +echo "security.mac.portacl.suser_exempt=1">>/etc/sysctl.conf.local +echo "security.mac.portacl.port_high=1023">>/etc/sysctl.conf.local +echo "net.inet.ip.portrange.reservedlow=0">>/etc/sysctl.conf.local +echo "net.inet.ip.portrange.reservedhigh=0">>/etc/sysctl.conf.local +echo "security.mac.portacl.rules=uid:179:udp:53,uid:179:tcp:53">>/etc/sysctl.conf.local + +Then, either reboot or run the following commands to implement the above +changes: + +kldload mac_portacl +kldload accf_dns +kldload accf_data +service sysctl reload + +************************************************************************ Modified: head/dns/gdnsd3/pkg-plist ============================================================================== --- head/dns/gdnsd3/pkg-plist Sat Feb 23 01:51:58 2019 (r493631) +++ head/dns/gdnsd3/pkg-plist Sat Feb 23 01:52:45 2019 (r493632) @@ -1,38 +1,8 @@ bin/gdnsd_geoip_test -include/gdnsd/alloc.h -include/gdnsd/bopts.h -include/gdnsd/compiler.h -include/gdnsd/dmn.h -include/gdnsd/dname.h -include/gdnsd/file.h -include/gdnsd/log.h -include/gdnsd/misc.h -include/gdnsd/mon.h -include/gdnsd/net.h -include/gdnsd/paths.h -include/gdnsd/plugapi.h -include/gdnsd/plugin.h -include/gdnsd/prcu.h -include/gdnsd/stats.h -include/gdnsd/vscf.h -lib/gdnsd/libgdnsd.so -lib/gdnsd/plugin_extfile.so -lib/gdnsd/plugin_extmon.so -lib/gdnsd/plugin_geoip.so -lib/gdnsd/plugin_http_status.so -lib/gdnsd/plugin_metafo.so -lib/gdnsd/plugin_multifo.so -lib/gdnsd/plugin_null.so -lib/gdnsd/plugin_reflect.so -lib/gdnsd/plugin_simplefo.so -lib/gdnsd/plugin_static.so -lib/gdnsd/plugin_tcp_connect.so -lib/gdnsd/plugin_weighted.so +bin/gdnsdctl libexec/gdnsd/gdnsd_extmon_helper man/man1/gdnsd_geoip_test.1.gz -man/man3/gdnsd-plugin-api.3.gz man/man5/gdnsd.config.5.gz -man/man5/gdnsd.djbdns.5.gz man/man5/gdnsd.zonefile.5.gz man/man8/gdnsd-plugin-extfile.8.gz man/man8/gdnsd-plugin-extmon.8.gz @@ -47,14 +17,17 @@ man/man8/gdnsd-plugin-static.8.gz man/man8/gdnsd-plugin-tcp_connect.8.gz man/man8/gdnsd-plugin-weighted.8.gz man/man8/gdnsd.8.gz +man/man8/gdnsdctl.8.gz sbin/gdnsd %%PORTDOCS%%%%DOCSDIR%%/AUTHORS %%PORTDOCS%%%%DOCSDIR%%/COPYING %%PORTDOCS%%%%DOCSDIR%%/INSTALL +%%PORTDOCS%%%%DOCSDIR%%/Manual.md %%PORTDOCS%%%%DOCSDIR%%/NEWS %%PORTDOCS%%%%DOCSDIR%%/README.md -%%PORTDOCS%%%%DOCSDIR%%/gdnsd_manual.txt -@dir %%ETCDIR%%/djbdns +%%PORTDOCS%%%%DOCSDIR%%/Security.md +%%PORTDOCS%%%%DOCSDIR%%/VERSION3.md +%%PORTDOCS%%%%DOCSDIR%%/stats_example.html @dir %%ETCDIR%%/geoip @dir %%ETCDIR%%/zones @dir /var/db/gdnsd
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201902230152.x1N1qjkc073809>