diff options
author | Nicolas PARLANT <nicolas.parlant@parhuet.fr> | 2023-09-17 08:35:57 +0100 |
---|---|---|
committer | Matthew Smith <matthew@gentoo.org> | 2023-09-17 08:35:57 +0100 |
commit | a1c699c2a6c5e30dfd7fa8e645756bb90cf87409 (patch) | |
tree | 7da88a557350a18b37661bb24e06060c1b502063 /net-dns | |
parent | dev-vcs/tortoisehg: 6.5.1, add PYTHON_COMPAT=python3_12 (diff) | |
download | gentoo-a1c699c2a6c5e30dfd7fa8e645756bb90cf87409.tar.gz gentoo-a1c699c2a6c5e30dfd7fa8e645756bb90cf87409.tar.bz2 gentoo-a1c699c2a6c5e30dfd7fa8e645756bb90cf87409.zip |
net-dns/knot-resolver: drop privileges in kresd.initd
Closes: https://github.com/gentoo/gentoo/pull/32871
Signed-off-by: Nicolas PARLANT <nicolas.parlant@parhuet.fr>
Signed-off-by: Matthew Smith <matthew@gentoo.org>
Diffstat (limited to 'net-dns')
-rw-r--r-- | net-dns/knot-resolver/files/kresd.confd-r1 | 9 | ||||
-rw-r--r-- | net-dns/knot-resolver/files/kresd.initd-r1 | 31 | ||||
-rw-r--r-- | net-dns/knot-resolver/knot-resolver-5.6.0-r2.ebuild | 96 |
3 files changed, 136 insertions, 0 deletions
diff --git a/net-dns/knot-resolver/files/kresd.confd-r1 b/net-dns/knot-resolver/files/kresd.confd-r1 new file mode 100644 index 000000000000..2b67587c646a --- /dev/null +++ b/net-dns/knot-resolver/files/kresd.confd-r1 @@ -0,0 +1,9 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +#KRESD_USER=knot-resolver +#KRESD_GROUP=knot-resolver +#KRESD_CONFIG="/etc/knot-resolver/kresd.conf" +#KRESD_RUNDIR="/var/run/kresd" +#KRESD_PIDFILE="/var/run/kresd.pid" +KRESD_OPTS=""
\ No newline at end of file diff --git a/net-dns/knot-resolver/files/kresd.initd-r1 b/net-dns/knot-resolver/files/kresd.initd-r1 new file mode 100644 index 000000000000..9732b48cc2cb --- /dev/null +++ b/net-dns/knot-resolver/files/kresd.initd-r1 @@ -0,0 +1,31 @@ +#!/sbin/openrc-run +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +: ${KRESD_GROUP:=knot-resolver} +: ${KRESD_USER:=knot-resolver} +: ${KRESD_CONFIG:=/etc/knot-resolver/kresd.conf} +: ${KRESD_RUNDIR:=/var/run/kresd} +: ${KRESD_PIDFILE:=/var/run/kresd.pid} + +command="/usr/sbin/kresd" +command_args="${KRESD_OPTS} -n -c ${KRESD_CONFIG} ${KRESD_RUNDIR}" +command_user="${KRESD_USER}:${KRESD_GROUP}" +pidfile="${KRESD_PIDFILE}" +command_background=true +retry="TERM/60/KILL/5" + +capabilities="^cap_net_bind_service,^cap_setpcap" + +name="knot-resolver" +description="scaleable caching DNS resolver" + +depend() { + need net + use logger + provide dns +} + +start_pre() { + checkpath -d -m 0750 -o "${KRESD_USER}:${KRESD_GROUP}" ${KRESD_RUNDIR} +} diff --git a/net-dns/knot-resolver/knot-resolver-5.6.0-r2.ebuild b/net-dns/knot-resolver/knot-resolver-5.6.0-r2.ebuild new file mode 100644 index 000000000000..1c2b1ab746e9 --- /dev/null +++ b/net-dns/knot-resolver/knot-resolver-5.6.0-r2.ebuild @@ -0,0 +1,96 @@ +# Copyright 2022-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( luajit ) + +inherit lua-single meson tmpfiles verify-sig + +DESCRIPTION="A scaleable caching DNS resolver" +HOMEPAGE="https://www.knot-resolver.cz https://gitlab.nic.cz/knot/knot-resolver" +SRC_URI=" + https://secure.nic.cz/files/${PN}/${P}.tar.xz + verify-sig? ( https://secure.nic.cz/files/${PN}/${P}.tar.xz.asc ) +" + +LICENSE="Apache-2.0 BSD CC0-1.0 GPL-3+ LGPL-2.1+ MIT" +SLOT="0" +KEYWORDS="~amd64" +IUSE="caps dnstap kresc nghttp2 systemd test" +RESTRICT="!test? ( test )" +REQUIRED_USE="${LUA_REQUIRED_USE}" + +RDEPEND=" + ${LUA_DEPS} + acct-group/knot-resolver + acct-user/knot-resolver + dev-db/lmdb:= + dev-libs/libuv:= + net-dns/knot:= + net-libs/gnutls:= + caps? ( sys-libs/libcap-ng ) + dnstap? ( + dev-libs/fstrm + dev-libs/protobuf-c:= + ) + kresc? ( dev-libs/libedit ) + nghttp2? ( net-libs/nghttp2:= ) + systemd? ( sys-apps/systemd:= ) +" +DEPEND=" + ${RDEPEND} + test? ( + dev-util/cmocka + ) +" +BDEPEND=" + virtual/pkgconfig + verify-sig? ( sec-keys/openpgp-keys-knot-resolver ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-5.5.3-docdir.patch + "${FILESDIR}"/${PN}-5.5.3-nghttp-openssl.patch +) + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/${PN}.gpg + +src_unpack() { + if use verify-sig; then + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.xz{,.asc} + fi + + unpack ${P}.tar.xz +} + +src_configure() { + local emesonargs=( + --localstatedir "${EPREFIX}"/var # double lib + # https://bugs.gentoo.org/870019 + -Dauto_features=disabled + -Ddoc=disabled + -Ddocdir="${EPREFIX}"/usr/share/doc/${PF} + -Dopenssl=disabled + $(meson_feature caps capng) + $(meson_feature dnstap) + $(meson_feature kresc client) + $(meson_feature nghttp2) + $(meson_feature test unit_tests) + $(meson_feature systemd systemd_files) + ) + + meson_src_configure +} + +src_install() { + meson_src_install + fowners -R ${PN}: /etc/${PN} + + newinitd "${FILESDIR}"/kresd.initd-r1 kresd + newconfd "${FILESDIR}"/kresd.confd-r1 kresd +} + +pkg_postinst() { + use systemd && tmpfiles_process knot-resolver.conf +} |