diff options
| author | tron <tron@pkgsrc.org> | 2005-03-18 01:14:32 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2005-03-18 01:14:32 +0000 |
| commit | 476627d1bb5a51762d9d8c85c89e037f8ec6e7da (patch) | |
| tree | 24cd767f9f0f1c67002c31bb66d793ec21facb8c /net | |
| parent | 778a69fd6522d91b28081979ec6e04851c0fa5bd (diff) | |
| download | pkgsrc-476627d1bb5a51762d9d8c85c89e037f8ec6e7da.tar.gz | |
- Incooperate change root non-root support from NetBSD's "/etc/rc.d/named"
into "named9.sh".
- Create a user and a group "named" for running the name server.
- Add a message file which encourages to run the name server in a
change root non-root configuration.
This address PR pkg/14876 by Greg A. Woods.
Bump package revision because of the above changes.
Diffstat (limited to 'net')
| -rw-r--r-- | net/bind9/MESSAGE | 10 | ||||
| -rw-r--r-- | net/bind9/Makefile | 9 | ||||
| -rw-r--r-- | net/bind9/files/named9.sh | 34 |
3 files changed, 45 insertions, 8 deletions
diff --git a/net/bind9/MESSAGE b/net/bind9/MESSAGE new file mode 100644 index 00000000000..ef9bfc8eac8 --- /dev/null +++ b/net/bind9/MESSAGE @@ -0,0 +1,10 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.1 2005/03/18 01:14:32 tron Exp $ + +Please consider running BIND under the pseudo user account "${BIND_USER}" +in a change root environment for securiy reasons. + +To achieve this set the variable "named_chrootdir" in /etc/rc.conf to +the directory with the change root environement e.g "${BIND_DIR}". + +=========================================================================== diff --git a/net/bind9/Makefile b/net/bind9/Makefile index 0f164a36888..c92b4ee4868 100644 --- a/net/bind9/Makefile +++ b/net/bind9/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.67 2005/03/16 13:56:24 tron Exp $ +# $NetBSD: Makefile,v 1.68 2005/03/18 01:14:32 tron Exp $ DISTNAME= bind-${BIND_VERSION} PKGNAME= bind-${BIND_VERSION}pl1 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= net MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ @@ -35,8 +35,13 @@ CONFIGURE_ARGS+=--with-libtool=yes \ # include at the bottom to use OpenSSL shipped with BIND9. CONFIGURE_ARGS+=--with-openssl=${SSLBASE} +PKG_USERS= ${BIND_USER}:${BIND_GROUP}::Named\\ pseudo-user:${BIND_DIR}:${NOLOGIN} +PKG_GROUPS= ${BIND_GROUP} + PTHREAD_OPTS+= native +FILES_SUBST+= BIND_GROUP=${BIND_GROUP} BIND_USER=${BIND_USER} PAX=${PAX} +MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER} # include/isc/ipv6.h is installed on non-ipv6 platforms .if defined(USE_INET6) && (${USE_INET6} == "YES") PLIST_SUBST+= IPV6H="@comment " diff --git a/net/bind9/files/named9.sh b/net/bind9/files/named9.sh index ef53fdc9457..aa9930689a2 100644 --- a/net/bind9/files/named9.sh +++ b/net/bind9/files/named9.sh @@ -1,19 +1,22 @@ #!/bin/sh # -# $NetBSD: named9.sh,v 1.1 2005/03/16 13:56:25 tron Exp $ +# $NetBSD: named9.sh,v 1.2 2005/03/18 01:14:32 tron Exp $ # + # PROVIDE: named # REQUIRE: SERVERS +# BEFORE: DAEMON +# KEYWORD: chrootdir . /etc/rc.subr name="named" -rcvar=${name}9 +rcvar="${name}9" command="@PREFIX@/sbin/${name}" - +pidfile="/var/run/${name}.pid" +start_precmd="named_precmd" extra_commands="reload" - -load_rc_config ${name}9 # check /etc/rc.conf.d/named9 +required_dirs="$named_chrootdir" # if it is set, it must exist named_precmd() { @@ -23,7 +26,26 @@ named_precmd() "disable 'named' when setting 'named9'!" return 1 fi + + if [ -z "$named_chrootdir" ]; then + return 0; + fi + + if [ ! -c "${named_chrootdir}/dev/null" ]; then + @RM@ -f "${named_chrootdir}/dev/null" + ( cd /dev ; @PAX@ -rw -pe null "${named_chrootdir}/dev" ) + fi + if [ -f /etc/localtime ]; then + @CMP@ -s /etc/localtime "${named_chrootdir}/etc/localtime" || \ + @CP@ -p /etc/localtime "${named_chrootdir}/etc/localtime" + fi + @RM@ -f ${pidfile} + @LN@ -s "${named_chrootdir}${pidfile}" ${pidfile} + + # Change run_rc_commands()'s internal copy of $named_flags + # + rc_flags="-u @BIND_USER@ -t ${named_chrootdir} $rc_flags" } -start_precmd="named_precmd" +load_rc_config "$rcvar" run_rc_command "$1" |