- Add a sensible default for maximal size of cache

- Run under unpriviledged user by default

PR:		ports/108062
Submitted by:	Sten Spans <sten@blinkenlights.nl> (maintainer)

3 files changed, 59 insertions, 1 deletions

diff --git a/dns/powerdns-recursor/Makefile b/dns/powerdns-recursor/Makefile
index e52695c59ccc..fddc0b8c3901 100644
--- a/dns/powerdns-recursor/Makefile
+++ b/dns/powerdns-recursor/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	powerdns-recursor
 PORTVERSION=	3.1.4
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	dns ipv6
 MASTER_SITES=	http://downloads.powerdns.com/releases/ \
 		http://mirrors.evolva.ro/powerdns.com/releases/
@@ -64,6 +64,10 @@ post-patch:
 	@${REINPLACE_CMD} -e 's;"/etc/powerdns/";"${PREFIX}/etc/pdns/";' \
 		${WRKSRC}/config.h
 
+pre-install:
+		@${ECHO} "==>  Creating custom user to run pdns_recursor..."
+		@${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
+
 post-install:
 .if !exists(${PREFIX}/etc/pdns/recursor.conf)
 	${INSTALL_DATA} ${PREFIX}/etc/pdns/recursor.conf-dist \
diff --git a/dns/powerdns-recursor/files/patch-pdns_nameserver.cc b/dns/powerdns-recursor/files/patch-pdns_nameserver.cc
new file mode 100644
index 000000000000..77c15dc68a95
--- /dev/null
+++ b/dns/powerdns-recursor/files/patch-pdns_nameserver.cc
@@ -0,0 +1,22 @@
+--- pdns_recursor.cc.orig	Wed Jan 17 23:45:51 2007
++++ pdns_recursor.cc	Thu Jan 18 00:01:47 2007
+@@ -1669,8 +1669,8 @@
+     ::arg().set("daemon","Operate as a daemon")="yes";
+     ::arg().set("log-common-errors","If we should log rather common errors")="yes";
+     ::arg().set("chroot","switch to chroot jail")="";
+-    ::arg().set("setgid","If set, change group id to this gid for more security")="";
+-    ::arg().set("setuid","If set, change user id to this uid for more security")="";
++    ::arg().set("setgid","If set, change group id to this gid for more security")="pdns";
++    ::arg().set("setuid","If set, change user id to this uid for more security")="pdns_recursor";
+ #ifdef WIN32
+     ::arg().set("quiet","Suppress logging of questions and answers")="off";
+     ::arg().setSwitch( "register-service", "Register the service" )= "no";
+@@ -1691,7 +1691,7 @@
+     ::arg().set("client-tcp-timeout","Timeout in seconds when talking to TCP clients")="2";
+     ::arg().set("max-tcp-clients","Maximum number of simultaneous TCP clients")="128";
+     ::arg().set("hint-file", "If set, load root hints from this file")="";
+-    ::arg().set("max-cache-entries", "If set, maximum number of entries in the main cache")="0";
++    ::arg().set("max-cache-entries", "If set, maximum number of entries in the main cache")="500000";
+     ::arg().set("max-negative-ttl", "maximum number of seconds to keep a negative cached entry in memory")="3600";
+     ::arg().set("server-id", "Returned when queried for 'server.id' TXT, defaults to hostname")="";
+     ::arg().set("remotes-ringbuffer-entries", "maximum number of packets to store statistics for")="0";
diff --git a/dns/powerdns-recursor/pkg-install b/dns/powerdns-recursor/pkg-install
new file mode 100644
index 000000000000..8177e29e7cd1
--- /dev/null
+++ b/dns/powerdns-recursor/pkg-install
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+if [ "$2" != "PRE-INSTALL" ]; then
+    exit 0
+fi
+
+PDNSUSER=${PDNSUSER:-pdns_recursor}
+PDNSUID=${PDNSUID:-120}
+PDNSGROUP=${PDNSGROUP:-pdns}
+PDNSGID=${PDNSGID:-120}
+
+if ! pw groupshow "$PDNSGROUP" 2>/dev/null 1>&2; then
+	if pw groupadd $PDNSGROUP -g $PDNSGID; then
+		echo "=> Added group \"$PDNSGROUP\"."
+	else
+		echo "=> Adding group \"$PDNSGROUP\" failed..."
+		exit 1
+	fi
+fi
+
+if ! pw usershow "$PDNSUSER" 2>/dev/null 1>&2; then
+	if pw useradd $PDNSUSER -u $PDNSUID -g $PDNSGROUP -h - \
+		-s "/sbin/nologin" -d "/nonexistent" \
+		-c "pdns_recursor pseudo-user"; \
+	then
+		echo "=> Added user \"$PDNSUSER\"."
+	else
+		echo "=> Adding user \"$PDNSUSER\" failed..."
+		exit 1
+	fi
+fi
+exit 0