pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/bind9 - Incooperate change root non-root support f...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b13fd8e38ce5
branches: trunk
changeset: 490696:b13fd8e38ce5
user: tron <tron%pkgsrc.org@localhost>
date: Fri Mar 18 01:14:32 2005 +0000
description:
- Incooperate change root non-root support from NetBSD's "/etc/rc.d/named"
into "named9.sh".
- Create a user and a group "named" for running the name server.
- Add a message file which encourages to run the name server in a
change root non-root configuration.
This address PR pkg/14876 by Greg A. Woods.
Bump package revision because of the above changes.
diffstat:
net/bind9/MESSAGE | 10 ++++++++++
net/bind9/Makefile | 9 +++++++--
net/bind9/files/named9.sh | 34 ++++++++++++++++++++++++++++------
3 files changed, 45 insertions(+), 8 deletions(-)
diffs (101 lines):
diff -r 53a99bd64fc5 -r b13fd8e38ce5 net/bind9/MESSAGE
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/bind9/MESSAGE Fri Mar 18 01:14:32 2005 +0000
@@ -0,0 +1,10 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2005/03/18 01:14:32 tron Exp $
+
+Please consider running BIND under the pseudo user account "${BIND_USER}"
+in a change root environment for securiy reasons.
+
+To achieve this set the variable "named_chrootdir" in /etc/rc.conf to
+the directory with the change root environement e.g "${BIND_DIR}".
+
+===========================================================================
diff -r 53a99bd64fc5 -r b13fd8e38ce5 net/bind9/Makefile
--- a/net/bind9/Makefile Fri Mar 18 01:13:02 2005 +0000
+++ b/net/bind9/Makefile Fri Mar 18 01:14:32 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.67 2005/03/16 13:56:24 tron Exp $
+# $NetBSD: Makefile,v 1.68 2005/03/18 01:14:32 tron Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= bind-${BIND_VERSION}pl1
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= net
MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
@@ -35,8 +35,13 @@
# include at the bottom to use OpenSSL shipped with BIND9.
CONFIGURE_ARGS+=--with-openssl=${SSLBASE}
+PKG_USERS= ${BIND_USER}:${BIND_GROUP}::Named\\ pseudo-user:${BIND_DIR}:${NOLOGIN}
+PKG_GROUPS= ${BIND_GROUP}
+
PTHREAD_OPTS+= native
+FILES_SUBST+= BIND_GROUP=${BIND_GROUP} BIND_USER=${BIND_USER} PAX=${PAX}
+MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER}
# include/isc/ipv6.h is installed on non-ipv6 platforms
.if defined(USE_INET6) && (${USE_INET6} == "YES")
PLIST_SUBST+= IPV6H="@comment "
diff -r 53a99bd64fc5 -r b13fd8e38ce5 net/bind9/files/named9.sh
--- a/net/bind9/files/named9.sh Fri Mar 18 01:13:02 2005 +0000
+++ b/net/bind9/files/named9.sh Fri Mar 18 01:14:32 2005 +0000
@@ -1,19 +1,22 @@
#!/bin/sh
#
-# $NetBSD: named9.sh,v 1.1 2005/03/16 13:56:25 tron Exp $
+# $NetBSD: named9.sh,v 1.2 2005/03/18 01:14:32 tron Exp $
#
+
# PROVIDE: named
# REQUIRE: SERVERS
+# BEFORE: DAEMON
+# KEYWORD: chrootdir
. /etc/rc.subr
name="named"
-rcvar=${name}9
+rcvar="${name}9"
command="@PREFIX@/sbin/${name}"
-
+pidfile="/var/run/${name}.pid"
+start_precmd="named_precmd"
extra_commands="reload"
-
-load_rc_config ${name}9 # check /etc/rc.conf.d/named9
+required_dirs="$named_chrootdir" # if it is set, it must exist
named_precmd()
{
@@ -23,7 +26,26 @@
"disable 'named' when setting 'named9'!"
return 1
fi
+
+ if [ -z "$named_chrootdir" ]; then
+ return 0;
+ fi
+
+ if [ ! -c "${named_chrootdir}/dev/null" ]; then
+ @RM@ -f "${named_chrootdir}/dev/null"
+ ( cd /dev ; @PAX@ -rw -pe null "${named_chrootdir}/dev" )
+ fi
+ if [ -f /etc/localtime ]; then
+ @CMP@ -s /etc/localtime "${named_chrootdir}/etc/localtime" || \
+ @CP@ -p /etc/localtime "${named_chrootdir}/etc/localtime"
+ fi
+ @RM@ -f ${pidfile}
+ @LN@ -s "${named_chrootdir}${pidfile}" ${pidfile}
+
+ # Change run_rc_commands()'s internal copy of $named_flags
+ #
+ rc_flags="-u @BIND_USER@ -t ${named_chrootdir} $rc_flags"
}
-start_precmd="named_precmd"
+load_rc_config "$rcvar"
run_rc_command "$1"
Home |
Main Index |
Thread Index |
Old Index