From nobody@FreeBSD.org  Wed Jan  8 03:52:26 2014
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id D75C7C77
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  8 Jan 2014 03:52:26 +0000 (UTC)
Received: from oldred.freebsd.org (oldred.freebsd.org [IPv6:2001:1900:2254:206a::50:4])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id A9A52165A
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  8 Jan 2014 03:52:26 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id s083qQPX053656
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 8 Jan 2014 03:52:26 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id s083qQtI053655;
	Wed, 8 Jan 2014 03:52:26 GMT
	(envelope-from nobody)
Message-Id: <201401080352.s083qQtI053655@oldred.freebsd.org>
Date: Wed, 8 Jan 2014 03:52:26 GMT
From: Tom Prince <tom.prince@hybridcluster.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [www/varnish] rc.d/varnish doesn't provide a way to specify a secret file.
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         185571
>Category:       ports
>Synopsis:       www/varnish: rc.d/varnish doesn't provide a way to specify a secret file.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    anders
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 08 04:00:00 UTC 2014
>Closed-Date:    
>Last-Modified:  Wed Mar 26 23:50:02 UTC 2014
>Originator:     Tom Prince
>Release:        
>Organization:
HybridLogic
>Environment:
>Description:
There is no way to specify a secret file to use, for restricting access to the varnishadm port in the included init script. (-S)
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->anders 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Wed Jan 8 04:02:26 UTC 2014 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=185571 

From: Joseph Benden <joe@thrallingpenguin.com>
To: bug-followup@FreeBSD.org, tom.prince@hybridcluster.com
Cc:  
Subject: Re: ports/185571: www/varnish: rc.d/varnish doesn&#39;t provide a
 way to specify a secret file.
Date: Wed, 26 Mar 2014 16:31:35 -0700

 This is a multi-part message in MIME format.
 --------------090809070105040709000108
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 
 Please find an attached patch which adds the functionality to the rc.d
 script.
 
 Best Regards,
 -Joseph Benden
 
 --------------090809070105040709000108
 Content-Type: text/plain;
  name="varnish-secretfile-patch.txt"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename="varnish-secretfile-patch.txt"
 
 Index: www/varnish/files/varnishd.in
 ===================================================================
 --- www/varnish/files/varnishd.in	(revision 348738)
 +++ www/varnish/files/varnishd.in	(working copy)
 @@ -43,6 +43,9 @@
  # varnishd_group - unprivileged group for the child process.
  #	default: "www"
  #
 +# varnishd_secret - secret file used by varnish and related tools.
 +#       default: ""
 +#
  # varnishd_flags - complete command line arguments.
  #	default if varnishd_config is unset: "-P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -b ${varnishd_backend} -s ${varnishd_storage} -h ${varnishd_hash} -u ${varnishd_user} -g ${varnishd_group}"
  #	default if varnishd_config is set: "-P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -f ${varnishd_config} -s ${varnishd_storage} -h ${varnishd_hash} -u ${varnishd_user} -g ${varnishd_group}"
 @@ -68,11 +71,15 @@
  : ${varnishd_hash:="classic,16383"}
  : ${varnishd_user:="www"}
  : ${varnishd_group:="www"}
 +: ${varnishd_secret:=""}
  if [ -n "${varnishd_config}" ] ; then
  	: ${varnishd_flags:="-P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -f ${varnishd_config} -s ${varnishd_storage} -h ${varnishd_hash} -u ${varnishd_user} -g ${varnishd_group}"}
  else
  	: ${varnishd_flags:="-P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -b ${varnishd_backend} -s ${varnishd_storage} -h ${varnishd_hash} -u ${varnishd_user} -g ${varnishd_group}"}
  fi
 +if [ -n "${varnishd_secret}" ] ; then
 +        : varnishd_flags="${varnishd_flags} -S ${varnishd_secret}"
 +fi
  
  # If we leave these set, rc.subr will su to them before starting
  # varnishd, which is not what we want.
 
 --------------090809070105040709000108--

From: Joseph Benden <joe@thrallingpenguin.com>
To: bug-followup@FreeBSD.org, tom.prince@hybridcluster.com
Cc:  
Subject: Re: ports/185571: www/varnish: rc.d/varnish doesn&#39;t provide a
 way to specify a secret file.
Date: Wed, 26 Mar 2014 16:45:45 -0700

 This is a multi-part message in MIME format.
 --------------000309060604020509050706
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 
 The previous patch was faulty. This one is tested.
 
 -Joe
 
 
 --------------000309060604020509050706
 Content-Type: text/plain;
  name="varnish-secretfile-patch-2.txt"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename="varnish-secretfile-patch-2.txt"
 
 Index: www/varnish/files/varnishd.in
 ===================================================================
 --- www/varnish/files/varnishd.in	(revision 348738)
 +++ www/varnish/files/varnishd.in	(working copy)
 @@ -43,6 +43,9 @@
  # varnishd_group - unprivileged group for the child process.
  #	default: "www"
  #
 +# varnishd_secret - secret file used by varnish and related tools.
 +#       default: ""
 +#
  # varnishd_flags - complete command line arguments.
  #	default if varnishd_config is unset: "-P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -b ${varnishd_backend} -s ${varnishd_storage} -h ${varnishd_hash} -u ${varnishd_user} -g ${varnishd_group}"
  #	default if varnishd_config is set: "-P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -f ${varnishd_config} -s ${varnishd_storage} -h ${varnishd_hash} -u ${varnishd_user} -g ${varnishd_group}"
 @@ -68,11 +71,15 @@
  : ${varnishd_hash:="classic,16383"}
  : ${varnishd_user:="www"}
  : ${varnishd_group:="www"}
 +: ${varnishd_secret:=""}
  if [ -n "${varnishd_config}" ] ; then
  	: ${varnishd_flags:="-P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -f ${varnishd_config} -s ${varnishd_storage} -h ${varnishd_hash} -u ${varnishd_user} -g ${varnishd_group}"}
  else
  	: ${varnishd_flags:="-P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -b ${varnishd_backend} -s ${varnishd_storage} -h ${varnishd_hash} -u ${varnishd_user} -g ${varnishd_group}"}
  fi
 +if [ -n "${varnishd_secret}" ] ; then
 +        varnishd_flags="${varnishd_flags} -S ${varnishd_secret}"
 +fi
  
  # If we leave these set, rc.subr will su to them before starting
  # varnishd, which is not what we want.
 
 --------------000309060604020509050706--
>Unformatted:
