freebsd-ports/UIDs

Index: UPDATING
===================================================================
--- UPDATING	(revision 356685)
+++ UPDATING	(working copy)
@@ -5,6 +5,19 @@
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20140604
+  AFFECTS: users of dns/dnscrypt-proxy
+  AUTHOR: feld@FreeBSD.org
+
+  The 1.4.0 update to dns/dnscrypt-proxy introduced a privilege
+  separation capability utilizing the new _dnscrypt-proxy user.
+  The home directory for this user was misconfigured as /nonexistent.
+  The dnscrypt-proxy server will try to chroot to _dnscrypt-proxy's home
+  directory and fail to start. If you are affected you will need to
+  change _dnscrypt-proxy's home directory to /var/empty:
+
+  # pw usermod _dnscrypt-proxy -d /var/empty
+
 20140603
   AFFECTS: users of net-p2p/zetacoin
   AUTHOR: daniel@morante.net
Index: dns/dnscrypt-proxy/Makefile
===================================================================
--- dns/dnscrypt-proxy/Makefile	(revision 356684)
+++ dns/dnscrypt-proxy/Makefile	(working copy)
@@ -3,6 +3,7 @@
 
 PORTNAME=	dnscrypt-proxy
 PORTVERSION=	1.4.0
+PORTREVISION=	1
 CATEGORIES=	dns
 MASTER_SITES=	http://download.dnscrypt.org/dnscrypt-proxy/ \
 		http://www.dns-lab.com/downloads/dnscrypt-proxy/
Index: dns/dnscrypt-proxy/files/dnscrypt-proxy.in
===================================================================
--- dns/dnscrypt-proxy/files/dnscrypt-proxy.in	(revision 356684)
+++ dns/dnscrypt-proxy/files/dnscrypt-proxy.in	(working copy)
@@ -2,7 +2,7 @@
 #
 # $FreeBSD$
 #
-# PROVIDE: dnscrypt-proxy
+# PROVIDE: dnscrypt_proxy
 # REQUIRE: SERVERS cleanvar
 # BEFORE: named
 # KEYWORD: shutdown
@@ -9,8 +9,16 @@
 #
 # Add the following lines to /etc/rc.conf to enable dnscrypt-proxy:
 #
-# dnscrypt_proxy_enable="YES":	Set to NO by default.
-#				Set it to YES to enable dnscrypt-proxy.
+# dnscrypt_proxy_enable (bool):	Set to NO by default.
+#				Set to YES to enable dnscrypt-proxy.
+# dnscrypt_proxy_uid (str):	Set to "_dnscrypt-proxy" by default.
+#                              	User to switch to after starting.
+# dnscrypt_proxy_resolver (str):Set to "opendns" by default.
+#                              	Choose a different upstream resolver.
+# dnscrypt_proxy_pidfile (str):	default: "/var/run/dnscrypt-proxy.pid"
+#                              	Location of pid file.
+# dnscrypt_proxy_logfile (str):	default: "/var/log/dnscrypt-proxy.log"
+#                              	Location of log file.
 #
 # To redirect a local resolver through dnscrypt-proxy, point it at 127.0.0.2
 # and add the following to rc.conf:
@@ -22,26 +30,17 @@
 name=dnscrypt_proxy
 rcvar=dnscrypt_proxy_enable
 
-stop_cmd=dnscrypt_proxy_stop
-
 load_rc_config ${name}
 
 : ${dnscrypt_proxy_enable:=NO}
 : ${dnscrypt_proxy_uid=_dnscrypt-proxy} # User to run daemon as
+: ${dnscrypt_proxy_resolver=opendns} # resolver to use
 : ${dnscrypt_proxy_pidfile=/var/run/dnscrypt-proxy.pid} # Path to pid file
 : ${dnscrypt_proxy_logfile=/var/log/dnscrypt-proxy.log} # Path to log file
 
-if [ -n "$dnscrypt_proxy_uid" ]; then
-	dnscrypt_proxy_flags="${dnscrypt_proxy_flags} -u ${dnscrypt_proxy_uid}"
-fi
-
 command=%%PREFIX%%/sbin/dnscrypt-proxy
+command_args="-d -p ${dnscrypt_proxy_pidfile} -l ${dnscrypt_proxy_logfile} -u ${dnscrypt_proxy_uid} -R ${dnscrypt_proxy_resolver}"
 procname=%%PREFIX%%/sbin/dnscrypt-proxy
+pidfile=${dnscrypt_proxy_pidfile}
 
-command_args="-d -p ${dnscrypt_proxy_pidfile} -l ${dnscrypt_proxy_logfile}"
-
-dnscrypt_proxy_stop() {
-        kill -KILL `cat ${pidfile}` 2> /dev/null && echo "Killed ${name}."
-        }
-
 run_rc_command "$1"
-Add more options for rc script -Utilize opendns if no provider configured to preserve documented behavior -rc script passes rclint -Fix the _dnscrypt-proxy user's home directory and add UPDATING entry PR: 190406 Submitted by: AllanJude 2014-06-05 15:30:58 -04:00			`Index: UPDATING`
			`===================================================================`
			`--- UPDATING (revision 356685)`
			`+++ UPDATING (working copy)`
			`@@ -5,6 +5,19 @@`
			`You should get into the habit of checking this file for changes each time`
			`you update your ports collection, before attempting any port upgrades.`

			`+20140604`
			`+ AFFECTS: users of dns/dnscrypt-proxy`
			`+ AUTHOR: feld@FreeBSD.org`
			`+`
			`+ The 1.4.0 update to dns/dnscrypt-proxy introduced a privilege`
			`+ separation capability utilizing the new _dnscrypt-proxy user.`
			`+ The home directory for this user was misconfigured as /nonexistent.`
			`+ The dnscrypt-proxy server will try to chroot to _dnscrypt-proxy's home`
			`+ directory and fail to start. If you are affected you will need to`
			`+ change _dnscrypt-proxy's home directory to /var/empty:`
			`+`
			`+ # pw usermod _dnscrypt-proxy -d /var/empty`
			`+`
			`20140603`
			`AFFECTS: users of net-p2p/zetacoin`
			`AUTHOR: daniel@morante.net`
			`Index: dns/dnscrypt-proxy/Makefile`
			`===================================================================`
			`--- dns/dnscrypt-proxy/Makefile (revision 356684)`
			`+++ dns/dnscrypt-proxy/Makefile (working copy)`
			`@@ -3,6 +3,7 @@`

			`PORTNAME= dnscrypt-proxy`
			`PORTVERSION= 1.4.0`
			`+PORTREVISION= 1`
			`CATEGORIES= dns`
			`MASTER_SITES= http://download.dnscrypt.org/dnscrypt-proxy/ \`
			`http://www.dns-lab.com/downloads/dnscrypt-proxy/`
			`Index: dns/dnscrypt-proxy/files/dnscrypt-proxy.in`
			`===================================================================`
			`--- dns/dnscrypt-proxy/files/dnscrypt-proxy.in (revision 356684)`
			`+++ dns/dnscrypt-proxy/files/dnscrypt-proxy.in (working copy)`
			`@@ -2,7 +2,7 @@`
			`#`
			`# $FreeBSD$`
			`#`
			`-# PROVIDE: dnscrypt-proxy`
			`+# PROVIDE: dnscrypt_proxy`
			`# REQUIRE: SERVERS cleanvar`
			`# BEFORE: named`
			`# KEYWORD: shutdown`
			`@@ -9,8 +9,16 @@`
			`#`
			`# Add the following lines to /etc/rc.conf to enable dnscrypt-proxy:`
			`#`
			`-# dnscrypt_proxy_enable="YES": Set to NO by default.`
			`-# Set it to YES to enable dnscrypt-proxy.`
			`+# dnscrypt_proxy_enable (bool): Set to NO by default.`
			`+# Set to YES to enable dnscrypt-proxy.`
			`+# dnscrypt_proxy_uid (str): Set to "_dnscrypt-proxy" by default.`
			`+# User to switch to after starting.`
			`+# dnscrypt_proxy_resolver (str):Set to "opendns" by default.`
			`+# Choose a different upstream resolver.`
			`+# dnscrypt_proxy_pidfile (str): default: "/var/run/dnscrypt-proxy.pid"`
			`+# Location of pid file.`
			`+# dnscrypt_proxy_logfile (str): default: "/var/log/dnscrypt-proxy.log"`
			`+# Location of log file.`
			`#`
			`# To redirect a local resolver through dnscrypt-proxy, point it at 127.0.0.2`
			`# and add the following to rc.conf:`
			`@@ -22,26 +30,17 @@`
			`name=dnscrypt_proxy`
			`rcvar=dnscrypt_proxy_enable`

			`-stop_cmd=dnscrypt_proxy_stop`
			`-`
			`load_rc_config ${name}`

			`: ${dnscrypt_proxy_enable:=NO}`
			`: ${dnscrypt_proxy_uid=_dnscrypt-proxy} # User to run daemon as`
			`+: ${dnscrypt_proxy_resolver=opendns} # resolver to use`
			`: ${dnscrypt_proxy_pidfile=/var/run/dnscrypt-proxy.pid} # Path to pid file`
			`: ${dnscrypt_proxy_logfile=/var/log/dnscrypt-proxy.log} # Path to log file`

			`-if [ -n "$dnscrypt_proxy_uid" ]; then`
			`- dnscrypt_proxy_flags="${dnscrypt_proxy_flags} -u ${dnscrypt_proxy_uid}"`
			`-fi`
			`-`
			`command=%%PREFIX%%/sbin/dnscrypt-proxy`
			`+command_args="-d -p ${dnscrypt_proxy_pidfile} -l ${dnscrypt_proxy_logfile} -u ${dnscrypt_proxy_uid} -R ${dnscrypt_proxy_resolver}"`
			`procname=%%PREFIX%%/sbin/dnscrypt-proxy`
			`+pidfile=${dnscrypt_proxy_pidfile}`

			`-command_args="-d -p ${dnscrypt_proxy_pidfile} -l ${dnscrypt_proxy_logfile}"`
			`-`
			`-dnscrypt_proxy_stop() {`
			- kill -KILL `cat ${pidfile}` 2> /dev/null && echo "Killed ${name}."
			`- }`
			`-`
			`run_rc_command "$1"`