svn commit: r471924 - in head: . dns dns/go-geodns dns/go-geodns/files
Danilo G. Baio
dbaio at FreeBSD.org
Thu Jun 7 14:18:57 UTC 2018
Author: dbaio
Date: Thu Jun 7 14:18:54 2018
New Revision: 471924
URL: https://svnweb.freebsd.org/changeset/ports/471924
Log:
Add dns/go-geodns: DNS server with per-client targeted responses
GeoDNS is a DNS server with per-client targeted responses. It powers the NTP
Pool system and other similar services.
WWW: https://github.com/abh/geodns
PR: 227492
Submitted by: Vinicius Zavam <egypcio at googlemail.com>
Differential Revision: https://reviews.freebsd.org/D15056
Added:
head/dns/go-geodns/
head/dns/go-geodns/Makefile (contents, props changed)
head/dns/go-geodns/distinfo (contents, props changed)
head/dns/go-geodns/files/
head/dns/go-geodns/files/geodns.in (contents, props changed)
head/dns/go-geodns/files/pkg-message.in (contents, props changed)
head/dns/go-geodns/pkg-descr (contents, props changed)
head/dns/go-geodns/pkg-plist (contents, props changed)
Modified:
head/GIDs
head/UIDs
head/dns/Makefile
Modified: head/GIDs
==============================================================================
--- head/GIDs Thu Jun 7 14:16:29 2018 (r471923)
+++ head/GIDs Thu Jun 7 14:18:54 2018 (r471924)
@@ -793,7 +793,7 @@ chronyd:*:849:
# free: 850
# free: 851
# free: 852
-# free: 853
+_geodns:*:853:
# free: 854
# free: 855
# free: 856
Modified: head/UIDs
==============================================================================
--- head/UIDs Thu Jun 7 14:16:29 2018 (r471923)
+++ head/UIDs Thu Jun 7 14:18:54 2018 (r471924)
@@ -799,7 +799,7 @@ chronyd:*:849:849::0:0:chronyd user:/nonexistent:/usr/
# free: 850
# free: 851
# free: 852
-# free: 853
+_geodns:*:853:853::0:0:GeoDNS User:/var/empty:/usr/sbin/nologin
# free: 854
# free: 855
# free: 856
Modified: head/dns/Makefile
==============================================================================
--- head/dns/Makefile Thu Jun 7 14:16:29 2018 (r471923)
+++ head/dns/Makefile Thu Jun 7 14:18:54 2018 (r471924)
@@ -78,6 +78,7 @@
SUBDIR += gen6dns
SUBDIR += getdns
SUBDIR += ghtool
+ SUBDIR += go-geodns
SUBDIR += hesiod
SUBDIR += hostdb
SUBDIR += hs-dns
Added: head/dns/go-geodns/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/dns/go-geodns/Makefile Thu Jun 7 14:18:54 2018 (r471924)
@@ -0,0 +1,44 @@
+# $FreeBSD$
+
+PORTNAME= geodns
+PORTVERSION= 2.7.0
+CATEGORIES= dns net ipv6
+PKGNAMEPREFIX= go-
+
+MAINTAINER= egypcio at googlemail.com
+COMMENT= DNS server with per-client targeted responses
+
+LICENSE= APACHE20
+LICENSE_FILE= ${WRKSRC}/LICENSE
+
+BUILD_DEPENDS= GeoIP>=1.6.12:net/GeoIP
+RUN_DEPENDS= GeoIP>=1.6.12:net/GeoIP
+
+USES= go pkgconfig
+USE_RC_SUBR= geodns
+USE_GITHUB= yes
+
+GH_ACCOUNT= abh
+GO_PKGNAME= github.com/${GH_ACCOUNT}/${PORTNAME}
+
+PORTEXAMPLES= *.json
+
+USERS= _geodns
+GROUPS= _geodns
+
+PLIST_SUB= USER="${USERS}" GROUP="${GROUPS}"
+SUB_LIST= USER="${USERS}" GROUP="${GROUPS}"
+SUB_FILES= pkg-message
+
+OPTIONS_DEFINE= EXAMPLES
+
+do-install:
+ ${MKDIR} ${STAGEDIR}/${ETCDIR}
+ ${INSTALL_PROGRAM} ${WRKDIR}/bin/geodns ${STAGEDIR}${PREFIX}/sbin
+ ${INSTALL_DATA} ${WRKSRC}/dns/geodns.conf.sample ${STAGEDIR}${PREFIX}/etc
+
+do-install-EXAMPLES-on:
+ ${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
+ ${INSTALL_DATA} ${WRKSRC}/dns/${PORTEXAMPLES} ${STAGEDIR}${EXAMPLESDIR}
+
+.include <bsd.port.mk>
Added: head/dns/go-geodns/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/dns/go-geodns/distinfo Thu Jun 7 14:18:54 2018 (r471924)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1523611997
+SHA256 (abh-geodns-2.7.0_GH0.tar.gz) = 73014bf559611994b007f65bed238e49cae3e580e592abc55c787e58c2706789
+SIZE (abh-geodns-2.7.0_GH0.tar.gz) = 367646
Added: head/dns/go-geodns/files/geodns.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/dns/go-geodns/files/geodns.in Thu Jun 7 14:18:54 2018 (r471924)
@@ -0,0 +1,123 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: geodns
+# REQUIRE: cleanvar SERVERS
+#
+# Options to configure geodns via /etc/rc.conf:
+#
+# geodns_enable (bool):
+# Enable service on boot.
+# Default: NO
+#
+# geodns_conf (str):
+# Config file to use.
+# Default: %%PREFIX%%/etc/geodns.conf
+#
+# geodns_addr (str):
+# Specify which IP address to listen to.
+# Default: [::], 0.0.0.0
+#
+# geodns_port (str):
+# Specify which port to listen on.
+# Default: 5353
+#
+# geodns_suexec (bool):
+# Run geodns as root.
+# Default: NO
+#
+# geodns_uid (str):
+# User to run geodns as.
+# Default: %%USER%%
+#
+# geodns_zones (str):
+# Zone files directory.
+# Default: %%ETCDIR%%
+#
+# geodns_mac_portacl_enable (bool):
+# Load mac_portacl module (network port access control policy).
+# Default: NO
+#
+
+. /etc/rc.subr
+
+name="geodns"
+rcvar="geodns_enable"
+pidfile="/var/run/geodns.pid"
+procname="%%PREFIX%%/sbin/geodns"
+
+load_rc_config $name
+
+: ${geodns_enable:="NO"}
+: ${geodns_conf:="%%PREFIX%%/etc/geodns.conf"}
+: ${geodns_addr:=""}
+: ${geodns_port:="5353"}
+: ${geodns_suexec:="NO"}
+: ${geodns_uid:="%%USER%%"}
+: ${geodns_zones:="%%ETCDIR%%"}
+: ${geodns_mac_portacl_enable:="NO"}
+
+checkyesno geodns_suexec && geodns_uid="root"
+
+command="/usr/sbin/daemon"
+
+command_args="-p ${pidfile} -t ${name} -u ${geodns_uid} -f ${procname} -configfile ${geodns_conf} -config ${geodns_zones} -port ${geodns_port}"
+
+if [ ! -z ${geodns_addr} ]; then
+ command_args="${command_args} -interface ${geodns_addr}"
+fi
+
+start_precmd="geodns_precmd"
+
+geodns_precmd() {
+ local reservedlow reservedhigh rules_current rules_geodns rport ruid
+
+ if checkyesno geodns_mac_portacl_enable ; then
+
+ # Check and load mac_portacl module
+ if ! kldstat -m mac_portacl >/dev/null 2>&1 ; then
+ if ! kldload mac_portacl ; then
+ warn "Could not load mac_portacl module."
+ return 1
+ fi
+ fi
+
+ # Check and add mac_portacl rules
+ ruid=$(id -u $geodns_uid)
+ rport=$geodns_port #smaller variable
+ rules_current=$(sysctl -n security.mac.portacl.rules)
+ rules_geodns="uid:${ruid}:tcp:${rport},uid:${ruid}:udp:${rport}"
+ if [ ! $rules_current = "" ]; then
+ if ! echo $rules_current | grep "$rules_geodns" >/dev/null 2>&1 ; then
+ rules_current="${rules_current},${rules_geodns}"
+ if ! sysctl security.mac.portacl.rules="$rules_current" >/dev/null 2>&1 ; then
+ warn "Could not insert mac_portacl rules."
+ return 1
+ fi
+ fi
+ elif ! sysctl security.mac.portacl.rules=$rules_geodns >/dev/null 2>&1 ; then
+ warn "Could not insert mac_portacl rules."
+ return 1
+ fi
+
+ # Check and disable net.inet.ip.portrange.* control
+ reservedlow=$(sysctl -n net.inet.ip.portrange.reservedlow)
+ reservedhigh=$(sysctl -n net.inet.ip.portrange.reservedhigh)
+ if [ ! $reservedlow -eq 0 ]; then
+ if ! sysctl net.inet.ip.portrange.reservedlow=0 >/dev/null 2>&1 ; then
+ warn "Could not change net.inet.ip.portrange.reservedlow."
+ return 1
+ fi
+ fi
+ if [ ! $reservedhigh -eq 0 ]; then
+ if ! sysctl net.inet.ip.portrange.reservedhigh=0 >/dev/null 2>&1 ; then
+ warn "Could not change net.inet.ip.portrange.reservedhigh."
+ return 1
+ fi
+ fi
+
+ fi # geodns_mac_portacl_enable
+}
+
+run_rc_command $1
Added: head/dns/go-geodns/files/pkg-message.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/dns/go-geodns/files/pkg-message.in Thu Jun 7 14:18:54 2018 (r471924)
@@ -0,0 +1,13 @@
+======================================================================
+GeoDNS is written in Go and therefore isn't capable of dropping privileges
+after binding to a low port on FreeBSD.
+
+By default, this port's daemon will listen on port 5353 (TCP/UDP) as the
+%%USER%% user.
+
+It's possible to bind it and listen on port 53 (TCP/UDP) with mac_portacl(4)
+kernel module (network port access control policy). For this add
+geodns_mac_portacl_enable=YES and geodns_port=53 in your rc.conf. The GeoDNS
+startup script will load mac_portacl and add a rule where %%USER%% user will
+be able to bind on port 53 (TCP/UDP).
+======================================================================
Added: head/dns/go-geodns/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/dns/go-geodns/pkg-descr Thu Jun 7 14:18:54 2018 (r471924)
@@ -0,0 +1,4 @@
+GeoDNS is a DNS server with per-client targeted responses. It powers the NTP
+Pool system and other similar services.
+
+WWW: https://github.com/abh/geodns
Added: head/dns/go-geodns/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/dns/go-geodns/pkg-plist Thu Jun 7 14:18:54 2018 (r471924)
@@ -0,0 +1,3 @@
+ at dir(%%USER%%,%%GROUP%%) %%ETCDIR%%
+ at sample etc/geodns.conf.sample
+sbin/geodns
More information about the svn-ports-head
mailing list