Attachment #212221 for bug #244657

View | Details | Raw Unified | Return to bug 244657
Collapse All | Expand All




# $FreeBSD$

PORTNAME=	recursor
DISTVERSION=	4.3.0
CATEGORIES=	dns
MASTER_SITES=	http://downloads.powerdns.com/releases/
PKGNAMEPREFIX=	powerdns-

		--with-protobuf \
		--without-net-snmp

USERS=		pdns_recursor
GROUPS=		pdns

SUB_FILES=	pkg-message

OPTIONS_DEFINE=	LUAJIT
OPTIONS_DEFAULT=	SETUID

LUAJIT_DESC=	Use LuaJIT instead of Lua
SETUID_DESC=	Run as pdns_recursor user

LUAJIT_LIB_DEPENDS=	libluajit-5.1.so.2:lang/luajit-openresty
LUAJIT_USES_OFF=	lua
LUAJIT_CONFIGURE_ON=	--with-lua=luajit

SETUID_EXTRA_PATCHES=	${PATCHDIR}/extrapatch-setuid
SETUID_VARS=		GROUPS=pdns \
			USERS=pdns_recursor

.include <bsd.port.pre.mk>

.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1200085 && ${SSL_DEFAULT} != openssl

LIB_DEPENDS+=		libdecaf.so:security/libdecaf \
			libsodium.so:security/libsodium
.endif

post-install:
	@${MKDIR} ${STAGEDIR}/var/run/pdns-recursor

.include <bsd.port.post.mk>

Lines 1-3 Link Here

(-)powerdns-recursor/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1575887223	1	TIMESTAMP = 1583454090
2	SHA256 (pdns-recursor-4.2.1.tar.bz2) = 8d8c3235cc5281f0fc51946129f22758778f4c50bfda095d5856feb4c756891f	2	SHA256 (pdns-recursor-4.3.0.tar.bz2) = 2bc130f287dfdb32e03d0b38a4ac24baf1117f96eca9b407611c847fa08a628f
3	SIZE (pdns-recursor-4.2.1.tar.bz2) = 1318022	3	SIZE (pdns-recursor-4.3.0.tar.bz2) = 1349359




--- pdns_recursor.cc.orig	2017-12-11 13:13:52.274237000 +0100
+++ pdns_recursor.cc	2017-12-11 13:18:42.339569000 +0100
@@ -3325,8 +3325,8 @@
     ::arg().set("log-timestamp","Print timestamps in log lines, useful to disable when running with a tool that timestamps stdout already")="yes";
     ::arg().set("log-common-errors","If we should log rather common errors")="no";
     ::arg().set("chroot","switch to chroot jail")="";
-    ::arg().set("setgid","If set, change group id to this gid for more security")="";
-    ::arg().set("setuid","If set, change user id to this uid for more security")="";
+    ::arg().set("setgid","If set, change group id to this gid for more security")="pdns";
+    ::arg().set("setuid","If set, change user id to this uid for more security")="pdns_recursor";
     ::arg().set("network-timeout", "Wait this number of milliseconds for network i/o")="1500";
     ::arg().set("threads", "Launch this number of threads")="2";
     ::arg().set("processes", "Launch this number of processes (EXPERIMENTAL, DO NOT CHANGE)")="1"; // if we un-experimental this, need to fix openssl rand seeding for multiple PIDs!

Lines 1-6 Link Here

(-)powerdns-recursor/files/patch-configure (-3 / +3 lines)
1	--- configure.orig 2019-05-17 10:25:29 UTC	1	--- configure.orig 2020-03-02 07:50:20.000000000 -0500
2	+++ configure	2	+++ configure 2020-03-02 07:50:20.000000000 -0500
3	@@ -19350,8 +19350,10 @@ fi	3	@@ -21139,8 +21139,10 @@
4	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/crypto.h in $ssldir" >&5	4	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/crypto.h in $ssldir" >&5
5	$as_echo_n "checking for openssl/crypto.h in $ssldir... " >&6; }	5	$as_echo_n "checking for openssl/crypto.h in $ssldir... " >&6; }
6	if test -f "$ssldir/include/openssl/crypto.h"; then	6	if test -f "$ssldir/include/openssl/crypto.h"; then




--- dns_random.cc.orig	2018-11-29 12:53:42 UTC
+++ dns_random.cc
@@ -40,7 +40,9 @@
 #include <openssl/rand.h>
 #endif
 #if defined(HAVE_GETRANDOM)
+extern "C" {
 #include <sys/random.h>
+}
 #endif
 
 static enum DNS_RNG {

Lines 1-6 Link Here

(-)powerdns-recursor/files/patch-dnsname.hh (-4 / +4 lines)
1	--- dnsname.hh.orig 2019-01-31 19:43:44 UTC	1	--- dnsname.hh.orig 2020-03-02 07:49:54.000000000 -0500
2	+++ dnsname.hh	2	+++ dnsname.hh 2020-03-02 07:49:54.000000000 -0500
3	@@ -30,7 +30,7 @@	3	@@ -33,7 +33,7 @@
4	#include <boost/version.hpp>	4	#include <boost/version.hpp>
5		5
6	// it crashes on OSX and doesn't compile on OpenBSD	6	// it crashes on OSX and doesn't compile on OpenBSD
Lines 9-15 Link Here
9	#include <boost/container/string.hpp>	9	#include <boost/container/string.hpp>
10	#endif	10	#endif
11		11
12	@@ -135,7 +135,7 @@ class DNSName (public)	12	@@ -138,7 +138,7 @@
13	inline bool canonCompare(const DNSName& rhs) const;	13	inline bool canonCompare(const DNSName& rhs) const;
14	bool slowCanonCompare(const DNSName& rhs) const;	14	bool slowCanonCompare(const DNSName& rhs) const;
15		15




--- dns_random.cc.orig	2018-11-29 12:53:42 UTC
+++ dns_random.cc
@@ -40,7 +40,9 @@
 #include <openssl/rand.h>
 #endif
 #if defined(HAVE_GETRANDOM)
+extern "C" {
 #include <sys/random.h>
+}
 #endif
 
 static enum DNS_RNG {




--- pdns_recursor.cc.orig	2020-03-02 07:49:54.000000000 -0500
+++ pdns_recursor.cc	2020-03-02 07:49:54.000000000 -0500
@@ -4639,12 +4639,12 @@
 #define SYSTEMD_SETID_MSG ". When running inside systemd, use the User and Group settings in the unit-file!"
         SYSTEMD_SETID_MSG
 #endif
-        )="";
+        )="pdns";
     ::arg().set("setuid","If set, change user id to this uid for more security"
 #ifdef HAVE_SYSTEMD
         SYSTEMD_SETID_MSG
 #endif
-        )="";
+        )="pdns_recursor";
     ::arg().set("network-timeout", "Wait this number of milliseconds for network i/o")="1500";
     ::arg().set("threads", "Launch this number of threads")="2";
     ::arg().set("distributor-threads", "Launch this number of distributor threads, distributing queries to other threads")="0";




#

# PROVIDE: pdns_recursor
# REQUIRE: NETWORKING
# BEFORE: SERVERS
# KEYWORD: shutdown

#

name=pdns_recursor
rcvar=pdns_recursor_enable

load_rc_config ${name}
command_args="--daemon=yes"

# set defaults

pdns_recursor_enable=${pdns_recursor_enable:-"NO"}
pdns_recursor_conf=${pdns_recursor_conf:-"%%PREFIX%%/etc/pdns/recursor.conf"}
required_files=${pdns_recursor_conf}

pidfile=/var/run/pdns-recursor/${name}.pid

command=%%PREFIX%%/sbin/${name}
command_args="--daemon"

run_rc_command "$1"

Lines 1-8 Link Here

(-)powerdns-recursor/files/pkg-message.in (-1 / +2 lines)
1	[	1	[
2	{ type: install	2	{ type: install
3	message: <<EOM	3	message: <<EOM
4	If you want to use the powerdns recursor,	4	If you want to use the PowerDNS Recursor,
5	you need the following line in /etc/rc.conf(.local)	5	you need the following line in /etc/rc.conf(.local)
		6	or in /etc/rc.conf.d/pdns_recursor
6		7
7	pdns_recursor_enable="YES"	8	pdns_recursor_enable="YES"
8		9




The PowerDNS Recursor is a high-end, high-performance resolving
name server which powers the DNS resolution of at least a hundred
million subscribers. Utilizing multiple processors and supporting
the same powerful scripting ability of the Authoritative Server,
the Recursor delivers top performance while retaining the flexibility
modern DNS deployments require:

 * IPv4, UDP/TCP
 * IPv6, UDP/TCP, 100% compliant
 * Remotely pollable statistics for real time graphing
 * Full support for all relevant standards
 * Advanced anti-spoofing measures
 * Reconfiguration without downtime
 * Plain BIND zone files for “resolved hosting”
 * Internal Lua-based scripted answer generation
 * Question interception, answer reconditioning, NXDOMAIN redirection
   - Including ‘block lists’ and security measures
 * API for direct control (rec_control)
   - Local and remote access
 * DNS Response Policy Zones (RPZ)
 * DNS64

WWW: https://www.PowerDNS.com/recursor.html

Lines 3-5 Link Here

(-)powerdns-recursor/pkg-plist (+1 lines)
3	sbin/pdns_recursor	3	sbin/pdns_recursor
4	man/man1/pdns_recursor.1.gz	4	man/man1/pdns_recursor.1.gz
5	man/man1/rec_control.1.gz	5	man/man1/rec_control.1.gz
		6	@dir(root,wheel,0755) /var/run/pdns-recursor

Return to bug 244657

Lines 2-8 Link Here

(-)powerdns-recursor/Makefile (-8 / +8 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= recursor	4	PORTNAME= recursor
5	DISTVERSION= 4.2.1	5	DISTVERSION= 4.3.0
6	CATEGORIES= dns	6	CATEGORIES= dns
7	MASTER_SITES= http://downloads.powerdns.com/releases/	7	MASTER_SITES= http://downloads.powerdns.com/releases/
8	PKGNAMEPREFIX= powerdns-	8	PKGNAMEPREFIX= powerdns-
Lines 32-53 Link Here
32	--with-protobuf \	32	--with-protobuf \
33	--without-net-snmp	33	--without-net-snmp
34		34
		35	USERS= pdns_recursor
		36	GROUPS= pdns
		37
35	SUB_FILES= pkg-message	38	SUB_FILES= pkg-message
36		39
37	OPTIONS_DEFINE= LUAJIT SETUID	40	OPTIONS_DEFINE= LUAJIT
38	OPTIONS_DEFAULT= SETUID
39		41
40	LUAJIT_DESC= Use LuaJIT instead of Lua	42	LUAJIT_DESC= Use LuaJIT instead of Lua
41	SETUID_DESC= Run as pdns_recursor user
42		43
43	LUAJIT_LIB_DEPENDS= libluajit-5.1.so.2:lang/luajit-openresty	44	LUAJIT_LIB_DEPENDS= libluajit-5.1.so.2:lang/luajit-openresty
44	LUAJIT_USES_OFF= lua	45	LUAJIT_USES_OFF= lua
45	LUAJIT_CONFIGURE_ON= --with-lua=luajit	46	LUAJIT_CONFIGURE_ON= --with-lua=luajit
46		47
47	SETUID_EXTRA_PATCHES= ${PATCHDIR}/extrapatch-setuid
48	SETUID_VARS= GROUPS=pdns \
49	USERS=pdns_recursor
50
51	.include <bsd.port.pre.mk>	48	.include <bsd.port.pre.mk>
52		49
53	.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1200085 && ${SSL_DEFAULT} != openssl	50	.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1200085 && ${SSL_DEFAULT} != openssl
Lines 56-60 Link Here
56	LIB_DEPENDS+= libdecaf.so:security/libdecaf \	53	LIB_DEPENDS+= libdecaf.so:security/libdecaf \
57	libsodium.so:security/libsodium	54	libsodium.so:security/libsodium
58	.endif	55	.endif
		56
		57	post-install:
		58	@${MKDIR} ${STAGEDIR}/var/run/pdns-recursor
59		59
60	.include <bsd.port.post.mk>	60	.include <bsd.port.post.mk>

Lines 1-13 Link Here

(-)powerdns-recursor/files/extrapatch-setuid (-13 lines)
1	--- pdns_recursor.cc.orig 2017-12-11 13:13:52.274237000 +0100
2	+++ pdns_recursor.cc 2017-12-11 13:18:42.339569000 +0100
3	@@ -3325,8 +3325,8 @@
4	::arg().set("log-timestamp","Print timestamps in log lines, useful to disable when running with a tool that timestamps stdout already")="yes";
5	::arg().set("log-common-errors","If we should log rather common errors")="no";
6	::arg().set("chroot","switch to chroot jail")="";
7	- ::arg().set("setgid","If set, change group id to this gid for more security")="";
8	- ::arg().set("setuid","If set, change user id to this uid for more security")="";
9	+ ::arg().set("setgid","If set, change group id to this gid for more security")="pdns";
10	+ ::arg().set("setuid","If set, change user id to this uid for more security")="pdns_recursor";
11	::arg().set("network-timeout", "Wait this number of milliseconds for network i/o")="1500";
12	::arg().set("threads", "Launch this number of threads")="2";
13	::arg().set("processes", "Launch this number of processes (EXPERIMENTAL, DO NOT CHANGE)")="1"; // if we un-experimental this, need to fix openssl rand seeding for multiple PIDs!

Line 0 Link Here

(-)powerdns-recursor/files/patch-dns_random.cc (+12 lines)
	1	--- dns_random.cc.orig 2018-11-29 12:53:42 UTC
	2	+++ dns_random.cc
	3	@@ -40,7 +40,9 @@
	4	#include <openssl/rand.h>
	5	#endif
	6	#if defined(HAVE_GETRANDOM)
	7	+extern "C" {
	8	#include <sys/random.h>
	9	+}
	10	#endif
	11
	12	static enum DNS_RNG {

Lines 1-12 Link Here

(-)powerdns-recursor/files/patch-pdns_dns__random.cc (-12 lines)
1	--- dns_random.cc.orig 2018-11-29 12:53:42 UTC
2	+++ dns_random.cc
3	@@ -40,7 +40,9 @@
4	#include <openssl/rand.h>
5	#endif
6	#if defined(HAVE_GETRANDOM)
7	+extern "C" {
8	#include <sys/random.h>
9	+}
10	#endif
11
12	static enum DNS_RNG {

Line 0 Link Here

(-)powerdns-recursor/files/patch-pdns_recursor.cc (+17 lines)
	1	--- pdns_recursor.cc.orig 2020-03-02 07:49:54.000000000 -0500
	2	+++ pdns_recursor.cc 2020-03-02 07:49:54.000000000 -0500
	3	@@ -4639,12 +4639,12 @@
	4	#define SYSTEMD_SETID_MSG ". When running inside systemd, use the User and Group settings in the unit-file!"
	5	SYSTEMD_SETID_MSG
	6	#endif
	7	- )="";
	8	+ )="pdns";
	9	::arg().set("setuid","If set, change user id to this uid for more security"
	10	#ifdef HAVE_SYSTEMD
	11	SYSTEMD_SETID_MSG
	12	#endif
	13	- )="";
	14	+ )="pdns_recursor";
	15	::arg().set("network-timeout", "Wait this number of milliseconds for network i/o")="1500";
	16	::arg().set("threads", "Launch this number of threads")="2";
	17	::arg().set("distributor-threads", "Launch this number of distributor threads, distributing queries to other threads")="0";

Lines 4-11 Link Here

(-)powerdns-recursor/files/pdns-recursor.in (-8 / +7 lines)
4	#	4	#
5		5
6	# PROVIDE: pdns_recursor	6	# PROVIDE: pdns_recursor
7	# REQUIRE: SERVERS cleanvar	7	# REQUIRE: NETWORKING
8	# BEFORE: DAEMON	8	# BEFORE: SERVERS
9	# KEYWORD: shutdown	9	# KEYWORD: shutdown
10		10
11	#	11	#
Lines 22-37 Link Here
22	name=pdns_recursor	22	name=pdns_recursor
23	rcvar=pdns_recursor_enable	23	rcvar=pdns_recursor_enable
24		24
25	command=%%PREFIX%%/sbin/pdns_recursor	25	load_rc_config ${name}
26	command_args="--daemon=yes"
27		26
28	# set defaults
29
30	pdns_recursor_enable=${pdns_recursor_enable:-"NO"}	27	pdns_recursor_enable=${pdns_recursor_enable:-"NO"}
31	pdns_recursor_conf=${pdns_recursor_conf:-"%%PREFIX%%/etc/pdns/recursor.conf"}	28	pdns_recursor_conf=${pdns_recursor_conf:-"%%PREFIX%%/etc/pdns/recursor.conf"}
		29	required_files=${pdns_recursor_conf}
32		30
33	load_rc_config ${name}	31	pidfile=/var/run/pdns-recursor/${name}.pid
34		32
35	required_files=${pdns_recursor_conf}	33	command=%%PREFIX%%/sbin/${name}
		34	command_args="--daemon"
36		35
37	run_rc_command "$1"	36	run_rc_command "$1"

Lines 1-4 Link Here

(-)powerdns-recursor/pkg-descr (-3 / +22 lines)
1	PowerDNS recursor is a high performance, simple and secure recursing	1	The PowerDNS Recursor is a high-end, high-performance resolving
2	nameserver. It currently powers over two million internet connections.	2	name server which powers the DNS resolution of at least a hundred
		3	million subscribers. Utilizing multiple processors and supporting
		4	the same powerful scripting ability of the Authoritative Server,
		5	the Recursor delivers top performance while retaining the flexibility
		6	modern DNS deployments require:
3		7
4	WWW: https://www.powerdns.com	8	* IPv4, UDP/TCP
		9	* IPv6, UDP/TCP, 100% compliant
		10	* Remotely pollable statistics for real time graphing
		11	* Full support for all relevant standards
		12	* Advanced anti-spoofing measures
		13	* Reconfiguration without downtime
		14	* Plain BIND zone files for “resolved hosting”
		15	* Internal Lua-based scripted answer generation
		16	* Question interception, answer reconditioning, NXDOMAIN redirection
		17	- Including ‘block lists’ and security measures
		18	* API for direct control (rec_control)
		19	- Local and remote access
		20	* DNS Response Policy Zones (RPZ)
		21	* DNS64
		22
		23	WWW: https://www.PowerDNS.com/recursor.html