From cf7b585184f773ebade2628be5b022fa44224402 Mon Sep 17 00:00:00 2001 From: Pav Lucistnik Date: Thu, 18 Jan 2007 18:57:26 +0000 Subject: - Add a sensible default for maximal size of cache - Run under unpriviledged user by default PR: ports/108062 Submitted by: Sten Spans (maintainer) --- dns/powerdns-recursor/Makefile | 6 +++- .../files/patch-pdns_nameserver.cc | 22 +++++++++++++++ dns/powerdns-recursor/pkg-install | 32 ++++++++++++++++++++++ 3 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 dns/powerdns-recursor/files/patch-pdns_nameserver.cc create mode 100644 dns/powerdns-recursor/pkg-install diff --git a/dns/powerdns-recursor/Makefile b/dns/powerdns-recursor/Makefile index e52695c59ccc..fddc0b8c3901 100644 --- a/dns/powerdns-recursor/Makefile +++ b/dns/powerdns-recursor/Makefile @@ -7,7 +7,7 @@ PORTNAME= powerdns-recursor PORTVERSION= 3.1.4 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= dns ipv6 MASTER_SITES= http://downloads.powerdns.com/releases/ \ http://mirrors.evolva.ro/powerdns.com/releases/ @@ -64,6 +64,10 @@ post-patch: @${REINPLACE_CMD} -e 's;"/etc/powerdns/";"${PREFIX}/etc/pdns/";' \ ${WRKSRC}/config.h +pre-install: + @${ECHO} "==> Creating custom user to run pdns_recursor..." + @${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL + post-install: .if !exists(${PREFIX}/etc/pdns/recursor.conf) ${INSTALL_DATA} ${PREFIX}/etc/pdns/recursor.conf-dist \ diff --git a/dns/powerdns-recursor/files/patch-pdns_nameserver.cc b/dns/powerdns-recursor/files/patch-pdns_nameserver.cc new file mode 100644 index 000000000000..77c15dc68a95 --- /dev/null +++ b/dns/powerdns-recursor/files/patch-pdns_nameserver.cc @@ -0,0 +1,22 @@ +--- pdns_recursor.cc.orig Wed Jan 17 23:45:51 2007 ++++ pdns_recursor.cc Thu Jan 18 00:01:47 2007 +@@ -1669,8 +1669,8 @@ + ::arg().set("daemon","Operate as a daemon")="yes"; + ::arg().set("log-common-errors","If we should log rather common errors")="yes"; + ::arg().set("chroot","switch to chroot jail")=""; +- ::arg().set("setgid","If set, change group id to this gid for more security")=""; +- ::arg().set("setuid","If set, change user id to this uid for more security")=""; ++ ::arg().set("setgid","If set, change group id to this gid for more security")="pdns"; ++ ::arg().set("setuid","If set, change user id to this uid for more security")="pdns_recursor"; + #ifdef WIN32 + ::arg().set("quiet","Suppress logging of questions and answers")="off"; + ::arg().setSwitch( "register-service", "Register the service" )= "no"; +@@ -1691,7 +1691,7 @@ + ::arg().set("client-tcp-timeout","Timeout in seconds when talking to TCP clients")="2"; + ::arg().set("max-tcp-clients","Maximum number of simultaneous TCP clients")="128"; + ::arg().set("hint-file", "If set, load root hints from this file")=""; +- ::arg().set("max-cache-entries", "If set, maximum number of entries in the main cache")="0"; ++ ::arg().set("max-cache-entries", "If set, maximum number of entries in the main cache")="500000"; + ::arg().set("max-negative-ttl", "maximum number of seconds to keep a negative cached entry in memory")="3600"; + ::arg().set("server-id", "Returned when queried for 'server.id' TXT, defaults to hostname")=""; + ::arg().set("remotes-ringbuffer-entries", "maximum number of packets to store statistics for")="0"; diff --git a/dns/powerdns-recursor/pkg-install b/dns/powerdns-recursor/pkg-install new file mode 100644 index 000000000000..8177e29e7cd1 --- /dev/null +++ b/dns/powerdns-recursor/pkg-install @@ -0,0 +1,32 @@ +#!/bin/sh + +if [ "$2" != "PRE-INSTALL" ]; then + exit 0 +fi + +PDNSUSER=${PDNSUSER:-pdns_recursor} +PDNSUID=${PDNSUID:-120} +PDNSGROUP=${PDNSGROUP:-pdns} +PDNSGID=${PDNSGID:-120} + +if ! pw groupshow "$PDNSGROUP" 2>/dev/null 1>&2; then + if pw groupadd $PDNSGROUP -g $PDNSGID; then + echo "=> Added group \"$PDNSGROUP\"." + else + echo "=> Adding group \"$PDNSGROUP\" failed..." + exit 1 + fi +fi + +if ! pw usershow "$PDNSUSER" 2>/dev/null 1>&2; then + if pw useradd $PDNSUSER -u $PDNSUID -g $PDNSGROUP -h - \ + -s "/sbin/nologin" -d "/nonexistent" \ + -c "pdns_recursor pseudo-user"; \ + then + echo "=> Added user \"$PDNSUSER\"." + else + echo "=> Adding user \"$PDNSUSER\" failed..." + exit 1 + fi +fi +exit 0 -- cgit v1.2.3