svn commit: r471924 - in head: . dns dns/go-geodns dns/go-geodns/files

Danilo G. Baio dbaio at FreeBSD.org
Thu Jun 7 14:18:57 UTC 2018 

Author: dbaio
Date: Thu Jun  7 14:18:54 2018
New Revision: 471924
URL: https://svnweb.freebsd.org/changeset/ports/471924

Log:
  Add dns/go-geodns: DNS server with per-client targeted responses
  
  GeoDNS is a DNS server with per-client targeted responses. It powers the NTP
  Pool system and other similar services.
  
  WWW: https://github.com/abh/geodns
  
  PR:		227492
  Submitted by:	Vinicius Zavam <egypcio at googlemail.com>
  Differential Revision:	https://reviews.freebsd.org/D15056

Added:
  head/dns/go-geodns/
  head/dns/go-geodns/Makefile   (contents, props changed)
  head/dns/go-geodns/distinfo   (contents, props changed)
  head/dns/go-geodns/files/
  head/dns/go-geodns/files/geodns.in   (contents, props changed)
  head/dns/go-geodns/files/pkg-message.in   (contents, props changed)
  head/dns/go-geodns/pkg-descr   (contents, props changed)
  head/dns/go-geodns/pkg-plist   (contents, props changed)
Modified:
  head/GIDs
  head/UIDs
  head/dns/Makefile

Modified: head/GIDs
==============================================================================
--- head/GIDs	Thu Jun  7 14:16:29 2018	(r471923)
+++ head/GIDs	Thu Jun  7 14:18:54 2018	(r471924)
@@ -793,7 +793,7 @@ chronyd:*:849:
 # free: 850
 # free: 851
 # free: 852
-# free: 853
+_geodns:*:853:
 # free: 854
 # free: 855
 # free: 856

Modified: head/UIDs
==============================================================================
--- head/UIDs	Thu Jun  7 14:16:29 2018	(r471923)
+++ head/UIDs	Thu Jun  7 14:18:54 2018	(r471924)
@@ -799,7 +799,7 @@ chronyd:*:849:849::0:0:chronyd user:/nonexistent:/usr/
 # free: 850
 # free: 851
 # free: 852
-# free: 853
+_geodns:*:853:853::0:0:GeoDNS User:/var/empty:/usr/sbin/nologin
 # free: 854
 # free: 855
 # free: 856

Modified: head/dns/Makefile
==============================================================================
--- head/dns/Makefile	Thu Jun  7 14:16:29 2018	(r471923)
+++ head/dns/Makefile	Thu Jun  7 14:18:54 2018	(r471924)
@@ -78,6 +78,7 @@
     SUBDIR += gen6dns
     SUBDIR += getdns
     SUBDIR += ghtool
+    SUBDIR += go-geodns
     SUBDIR += hesiod
     SUBDIR += hostdb
     SUBDIR += hs-dns

Added: head/dns/go-geodns/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/go-geodns/Makefile	Thu Jun  7 14:18:54 2018	(r471924)
@@ -0,0 +1,44 @@
+# $FreeBSD$
+
+PORTNAME=	geodns
+PORTVERSION=	2.7.0
+CATEGORIES=	dns net ipv6
+PKGNAMEPREFIX=	go-
+
+MAINTAINER=	egypcio at googlemail.com
+COMMENT=	DNS server with per-client targeted responses
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+BUILD_DEPENDS=	GeoIP>=1.6.12:net/GeoIP
+RUN_DEPENDS=	GeoIP>=1.6.12:net/GeoIP
+
+USES=		go pkgconfig
+USE_RC_SUBR=	geodns
+USE_GITHUB=	yes
+
+GH_ACCOUNT=	abh
+GO_PKGNAME=	github.com/${GH_ACCOUNT}/${PORTNAME}
+
+PORTEXAMPLES=	*.json
+
+USERS=		_geodns
+GROUPS=		_geodns
+
+PLIST_SUB=	USER="${USERS}" GROUP="${GROUPS}"
+SUB_LIST=	USER="${USERS}" GROUP="${GROUPS}"
+SUB_FILES=	pkg-message
+
+OPTIONS_DEFINE=	EXAMPLES
+
+do-install:
+	${MKDIR} ${STAGEDIR}/${ETCDIR}
+	${INSTALL_PROGRAM} ${WRKDIR}/bin/geodns ${STAGEDIR}${PREFIX}/sbin
+	${INSTALL_DATA} ${WRKSRC}/dns/geodns.conf.sample ${STAGEDIR}${PREFIX}/etc
+
+do-install-EXAMPLES-on:
+	${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
+	${INSTALL_DATA} ${WRKSRC}/dns/${PORTEXAMPLES} ${STAGEDIR}${EXAMPLESDIR}
+
+.include <bsd.port.mk>

Added: head/dns/go-geodns/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/go-geodns/distinfo	Thu Jun  7 14:18:54 2018	(r471924)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1523611997
+SHA256 (abh-geodns-2.7.0_GH0.tar.gz) = 73014bf559611994b007f65bed238e49cae3e580e592abc55c787e58c2706789
+SIZE (abh-geodns-2.7.0_GH0.tar.gz) = 367646

Added: head/dns/go-geodns/files/geodns.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/go-geodns/files/geodns.in	Thu Jun  7 14:18:54 2018	(r471924)
@@ -0,0 +1,123 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: geodns
+# REQUIRE: cleanvar SERVERS
+#
+# Options to configure geodns via /etc/rc.conf:
+#
+# geodns_enable (bool):
+#   Enable service on boot.
+#   Default: NO
+#
+# geodns_conf (str):
+#   Config file to use.
+#   Default: %%PREFIX%%/etc/geodns.conf
+#
+# geodns_addr (str):
+#   Specify which IP address to listen to.
+#   Default: [::], 0.0.0.0
+#
+# geodns_port (str):
+#   Specify which port to listen on.
+#   Default: 5353
+#
+# geodns_suexec (bool):
+#   Run geodns as root.
+#   Default: NO
+#
+# geodns_uid (str):
+#   User to run geodns as.
+#   Default: %%USER%%
+#
+# geodns_zones (str):
+#   Zone files directory.
+#   Default: %%ETCDIR%%
+#
+# geodns_mac_portacl_enable (bool):
+#   Load mac_portacl module (network port access control policy).
+#   Default: NO
+#
+
+. /etc/rc.subr
+
+name="geodns"
+rcvar="geodns_enable"
+pidfile="/var/run/geodns.pid"
+procname="%%PREFIX%%/sbin/geodns"
+
+load_rc_config $name
+
+: ${geodns_enable:="NO"}
+: ${geodns_conf:="%%PREFIX%%/etc/geodns.conf"}
+: ${geodns_addr:=""}
+: ${geodns_port:="5353"}
+: ${geodns_suexec:="NO"}
+: ${geodns_uid:="%%USER%%"}
+: ${geodns_zones:="%%ETCDIR%%"}
+: ${geodns_mac_portacl_enable:="NO"}
+
+checkyesno geodns_suexec && geodns_uid="root"
+
+command="/usr/sbin/daemon"
+
+command_args="-p ${pidfile} -t ${name} -u ${geodns_uid} -f ${procname} -configfile ${geodns_conf} -config ${geodns_zones} -port ${geodns_port}"
+
+if [ ! -z ${geodns_addr} ]; then
+	command_args="${command_args} -interface ${geodns_addr}"
+fi
+
+start_precmd="geodns_precmd"
+
+geodns_precmd() {
+	local reservedlow reservedhigh rules_current rules_geodns rport ruid
+
+	if checkyesno geodns_mac_portacl_enable ; then
+
+		# Check and load mac_portacl module
+		if ! kldstat -m mac_portacl >/dev/null 2>&1 ; then
+			if ! kldload mac_portacl ; then
+				warn "Could not load mac_portacl module."
+				return 1
+			fi
+		fi
+
+		# Check and add mac_portacl rules
+		ruid=$(id -u $geodns_uid)
+		rport=$geodns_port #smaller variable
+		rules_current=$(sysctl -n security.mac.portacl.rules)
+		rules_geodns="uid:${ruid}:tcp:${rport},uid:${ruid}:udp:${rport}"
+		if [ ! $rules_current = "" ]; then
+			if ! echo $rules_current | grep "$rules_geodns" >/dev/null 2>&1 ; then
+				rules_current="${rules_current},${rules_geodns}"
+				if ! sysctl security.mac.portacl.rules="$rules_current" >/dev/null 2>&1 ; then
+					warn "Could not insert mac_portacl rules."
+					return 1
+				fi
+			fi
+		elif ! sysctl security.mac.portacl.rules=$rules_geodns >/dev/null 2>&1 ; then
+			warn "Could not insert mac_portacl rules."
+			return 1
+		fi
+
+		# Check and disable net.inet.ip.portrange.* control
+		reservedlow=$(sysctl -n net.inet.ip.portrange.reservedlow)
+		reservedhigh=$(sysctl -n net.inet.ip.portrange.reservedhigh)
+		if [ ! $reservedlow -eq 0 ]; then
+			if ! sysctl net.inet.ip.portrange.reservedlow=0 >/dev/null 2>&1 ; then
+				warn "Could not change net.inet.ip.portrange.reservedlow."
+				return 1
+			fi
+		fi
+		if [ ! $reservedhigh -eq 0 ]; then
+			if ! sysctl net.inet.ip.portrange.reservedhigh=0 >/dev/null 2>&1 ; then
+				warn "Could not change net.inet.ip.portrange.reservedhigh."
+				return 1
+			fi
+		fi
+
+	fi # geodns_mac_portacl_enable
+}
+
+run_rc_command $1

Added: head/dns/go-geodns/files/pkg-message.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/go-geodns/files/pkg-message.in	Thu Jun  7 14:18:54 2018	(r471924)
@@ -0,0 +1,13 @@
+======================================================================
+GeoDNS is written in Go and therefore isn't capable of dropping privileges
+after binding to a low port on FreeBSD.
+
+By default, this port's daemon will listen on port 5353 (TCP/UDP) as the
+%%USER%% user.
+
+It's possible to bind it and listen on port 53 (TCP/UDP) with mac_portacl(4)
+kernel module (network port access control policy). For this add
+geodns_mac_portacl_enable=YES and geodns_port=53 in your rc.conf. The GeoDNS
+startup script will load mac_portacl and add a rule where %%USER%% user will
+be able to bind on port 53 (TCP/UDP). 
+======================================================================

Added: head/dns/go-geodns/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/go-geodns/pkg-descr	Thu Jun  7 14:18:54 2018	(r471924)
@@ -0,0 +1,4 @@
+GeoDNS is a DNS server with per-client targeted responses. It powers the NTP
+Pool system and other similar services.
+
+WWW: https://github.com/abh/geodns

Added: head/dns/go-geodns/pkg-plist
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/go-geodns/pkg-plist	Thu Jun  7 14:18:54 2018	(r471924)
@@ -0,0 +1,3 @@
+ at dir(%%USER%%,%%GROUP%%) %%ETCDIR%%
+ at sample etc/geodns.conf.sample
+sbin/geodns

More information about the svn-ports-all mailing list