From sten@mx0.blinkenlights.nl  Thu Jan 18 00:17:00 2007
Return-Path: <sten@mx0.blinkenlights.nl>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3C9D416A4DA
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 18 Jan 2007 00:17:00 +0000 (UTC)
	(envelope-from sten@mx0.blinkenlights.nl)
Received: from mx0.blinkenlights.nl (mx0.blinkenlights.nl [89.188.0.20])
	by mx1.freebsd.org (Postfix) with ESMTP id CA58F13C465
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 18 Jan 2007 00:16:59 +0000 (UTC)
	(envelope-from sten@mx0.blinkenlights.nl)
Received: by mx0.blinkenlights.nl (Postfix, from userid 101)
	id 681DC73050; Thu, 18 Jan 2007 00:47:52 +0100 (CET)
Message-Id: <20070117234752.681DC73050@mx0.blinkenlights.nl>
Date: Thu, 18 Jan 2007 00:47:52 +0100 (CET)
From: Sten Spans <sten@blinkenlights.nl>
Reply-To: Sten Spans <sten@blinkenlights.nl>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Update port: dns/powerdns-recursor add sane defaults
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         108062
>Category:       ports
>Synopsis:       Update port: dns/powerdns-recursor add sane defaults
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 18 00:20:18 GMT 2007
>Closed-Date:    Thu Jan 18 18:58:30 GMT 2007
>Last-Modified:  Thu Jan 18 19:00:42 GMT 2007
>Originator:     Sten Spans
>Release:        FreeBSD 6.1-RELEASE-p7 i386
>Organization:
>Environment:
System: FreeBSD earth.blinkenlights.nl 6.1-RELEASE-p7 FreeBSD 6.1-RELEASE-p7 #0: Sun Sep 24 14:42:21 CEST 2006 root@earth.blinkenlights.nl:/usr/obj/usr/src/sys/1650 i386


	
>Description:
	
Add reasonable default for max-cache-entries, which stops the recursor from
using all system memory.

Also add pseudo-user creation via pkg-install, and use it by default.

These new options are hardcoded in the binary, which is the easiest way
due to how the configuration file is generated.
>How-To-Repeat:
	
>Fix:


--- Makefile.orig	Thu Jan 18 00:18:49 2007
+++ Makefile	Thu Jan 18 00:17:24 2007
@@ -7,7 +7,7 @@
 
 PORTNAME=	powerdns-recursor
 PORTVERSION=	3.1.4
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	dns ipv6
 MASTER_SITES=	http://downloads.powerdns.com/releases/ \
 		http://mirrors.evolva.ro/powerdns.com/releases/
@@ -63,6 +63,10 @@
 		${WRKSRC}/Makefile
 	@${REINPLACE_CMD} -e 's;"/etc/powerdns/";"${PREFIX}/etc/pdns/";' \
 		${WRKSRC}/config.h
+
+pre-install:
+		@${ECHO} "==>  Creating custom user to run pdns_recursor..."
+		@${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
 
 post-install:
 .if !exists(${PREFIX}/etc/pdns/recursor.conf)
--- files/patch-pdns_nameserver.cc	Thu Jan  1 01:00:00 1970
+++ files/patch-pdns_nameserver.cc	Thu Jan 18 00:02:28 2007
@@ -0,0 +1,22 @@
+--- pdns_recursor.cc.orig	Wed Jan 17 23:45:51 2007
++++ pdns_recursor.cc	Thu Jan 18 00:01:47 2007
+@@ -1669,8 +1669,8 @@
+     ::arg().set("daemon","Operate as a daemon")="yes";
+     ::arg().set("log-common-errors","If we should log rather common errors")="yes";
+     ::arg().set("chroot","switch to chroot jail")="";
+-    ::arg().set("setgid","If set, change group id to this gid for more security")="";
+-    ::arg().set("setuid","If set, change user id to this uid for more security")="";
++    ::arg().set("setgid","If set, change group id to this gid for more security")="pdns";
++    ::arg().set("setuid","If set, change user id to this uid for more security")="pdns_recursor";
+ #ifdef WIN32
+     ::arg().set("quiet","Suppress logging of questions and answers")="off";
+     ::arg().setSwitch( "register-service", "Register the service" )= "no";
+@@ -1691,7 +1691,7 @@
+     ::arg().set("client-tcp-timeout","Timeout in seconds when talking to TCP clients")="2";
+     ::arg().set("max-tcp-clients","Maximum number of simultaneous TCP clients")="128";
+     ::arg().set("hint-file", "If set, load root hints from this file")="";
+-    ::arg().set("max-cache-entries", "If set, maximum number of entries in the main cache")="0";
++    ::arg().set("max-cache-entries", "If set, maximum number of entries in the main cache")="500000";
+     ::arg().set("max-negative-ttl", "maximum number of seconds to keep a negative cached entry in memory")="3600";
+     ::arg().set("server-id", "Returned when queried for 'server.id' TXT, defaults to hostname")="";
+     ::arg().set("remotes-ringbuffer-entries", "maximum number of packets to store statistics for")="0";
--- pkg-install	Thu Jan  1 01:00:00 1970
+++ pkg-install	Thu Jan 18 00:00:46 2007
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+if [ "$2" != "PRE-INSTALL" ]; then
+    exit 0
+fi
+
+PDNSUSER=${PDNSUSER:-pdns_recursor}
+PDNSGROUP=${PDNSGROUP:-pdns}
+
+if ! pw groupshow "$PDNSGROUP" 2>/dev/null 1>&2; then
+	if pw groupadd $PDNSGROUP; then
+		echo "=> Added group \"$PDNSGROUP\"."
+	else
+                echo "=> Adding group \"$PDNSGROUP\" failed..."
+                exit 1
+        fi
+fi
+
+if ! pw usershow "$PDNSUSER" 2>/dev/null 1>&2; then
+        if pw useradd $PDNSUSER -g $PDNSGROUP -h - \
+                -s "/usr/sbin/nologin" -d "/nonexistent" \
+                -c "pdns_recursor pseudo-user"; \
+        then
+                echo "=> Added user \"$PDNSUSER\"."
+        else
+                echo "=> Adding user \"$PDNSUSER\" failed..."
+                exit 1
+        fi
+fi
+exit 0

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: pav 
State-Changed-When: Thu Jan 18 18:44:43 UTC 2007 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=108062 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/108062: commit references a PR
Date: Thu, 18 Jan 2007 18:57:32 +0000 (UTC)

 pav         2007-01-18 18:57:26 UTC
 
   FreeBSD ports repository
 
   Modified files:
     dns/powerdns-recursor Makefile 
   Added files:
     dns/powerdns-recursor pkg-install 
     dns/powerdns-recursor/files patch-pdns_nameserver.cc 
   Log:
   - Add a sensible default for maximal size of cache
   - Run under unpriviledged user by default
   
   PR:             ports/108062
   Submitted by:   Sten Spans <sten@blinkenlights.nl> (maintainer)
   
   Revision  Changes    Path
   1.5       +5 -1      ports/dns/powerdns-recursor/Makefile
   1.1       +22 -0     ports/dns/powerdns-recursor/files/patch-pdns_nameserver.cc (new)
   1.1       +32 -0     ports/dns/powerdns-recursor/pkg-install (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
