www/varnish4: Update to 4.1.0

- Add varnish and varnishlog UIDs
- Add varnish GID
- varnishd, varnishncsa, and varnishlog no longer run as root

Users upgrading may see permissions errors on start due to change in
uid running the processes. Please see the UPDATING entry for more
details.

Changelog:	https://github.com/varnish/Varnish-Cache/blob/varnish-4.1.0/doc/sphinx/whats-new/changes.rst

Differential Revision:	https://reviews.freebsd.org/D3878

GIDs

@@ -175,6 +175,7 @@ ldap:*:389:
 tiarra:*:398:
 uhub:*:411:
 drweb:*:426:
+varnish:*:429:
 quasselcore:*:442:
 callweaver:*:444:
 ecartis:*:450:

UIDs

@@ -181,6 +181,8 @@ ldap:*:389:389::0:0:OpenLDAP Server:/nonexistent:/usr/sbin/nologin
 tiarra:*:398:398::0:0:Tiarra IRC Proxy:/nonexistent:/usr/sbin/nologin
 uhub:*:411:411::0:0:uHub ADC Daemon:/nonexistent:/usr/sbin/nologin
 drweb:*:426:426::0:0:Dr.Web Mail Scanner:/nonexistent:/usr/sbin/nologin
+varnish:*:429:429::0:0:Varnish Cache User:/nonexistent:/usr/sbin/nologin
+varnishlog:*:430:429::0:0:Varnish Log User:/nonexistent:/usr/sbin/nologin
 quasselcore:*:442:442::0:0:Quassel IRC User:/nonexistent:/usr/sbin/nologin
 callweaver:*:444:444::0:0:Callweaver account:/var/lib/callweaver:/usr/sbin/nologin
 ecartis:*:450:450::0:0:Ecartis Listserver:/usr/local/ecartis:/usr/sbin/nologin

www/varnish4/Makefile

@@ -1,8 +1,8 @@
 # $FreeBSD$
 
 PORTNAME=	varnish
-PORTVERSION=	4.0.3
-PORTREVISION=	7
+PORTVERSION=	4.1.0
+PORTREVISION=	0
 CATEGORIES=	www
 MASTER_SITES=	http://repo.varnish-cache.org/source/
 PKGNAMESUFFIX=	4
@@ -27,6 +27,9 @@ CONFIGURE_ENV=	RST2MAN=true
 USE_LDCONFIG=	yes
 INSTALL_TARGET=	install-strip
 
+USERS=		varnish varnishlog
+GROUPS=		varnish
+
 USE_RC_SUBR=	varnishd varnishlog varnishncsa
 SUB_FILES=	pkg-message
 .if defined(NO_INET6) || defined(WITHOUT_INET6)

www/varnish4/distinfo

@@ -1,2 +1,2 @@
-SHA256 (varnish-4.0.3.tar.gz) = 94b9a174097f47db2286acd2c35f235e49a2b7a9ddfdbd6eb7aa4da9ae8f8206
-SIZE (varnish-4.0.3.tar.gz) = 1866760
+SHA256 (varnish-4.1.0.tar.gz) = 4a6ea08e30b62fbf25f884a65f0d8af42e9cc9d25bf70f45ae4417c4f1c99017
+SIZE (varnish-4.1.0.tar.gz) = 1990932

www/varnish4/files/varnishd.in

@@ -37,15 +37,12 @@
 # varnishd_storage - storage method and parameters.
 #	default: "file,/tmp,100M"
 #
-# varnishd_user - unprivileged user for the child process.
-#	default: "www"
-#
-# varnishd_group - unprivileged group for the child process.
-#	default: "www"
+# varnishd_jailuser - unprivileged user for the child process.
+#	default: "varnish"
 #
 # varnishd_flags - complete command line arguments.
-#	default if varnishd_config is unset: "-P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -b ${varnishd_backend} -s ${varnishd_storage} -h ${varnishd_hash} -u ${varnishd_user} -g ${varnishd_group}"
-#	default if varnishd_config is set: "-P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -f ${varnishd_config} -s ${varnishd_storage} -h ${varnishd_hash} -u ${varnishd_user} -g ${varnishd_group}"
+#	default if varnishd_config is unset: "-j unix,user=${varnishd_jailuser} -P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -b ${varnishd_backend} -s ${varnishd_storage} -h ${varnishd_hash} ${varnishd_extra_flags}"
+#	default if varnishd_config is set: "-j unix,user=${varnishd_jailuser} -P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -f ${varnishd_config} -s ${varnishd_storage} -h ${varnishd_hash} ${varnishd_extra_flags}"
 #
 # See varnishd(1) for a detailed overview of command-line options.
 #
@@ -64,21 +61,15 @@ load_rc_config ${name}
 : ${varnishd_backend=localhost:8080}
 : ${varnishd_storage=file,/tmp,100M}
 : ${varnishd_hash=classic,16383}
-: ${varnishd_user=www}
-: ${varnishd_group=www}
+: ${varnishd_jailuser=varnish}
 
 command="%%PREFIX%%/sbin/${name}"
 pidfile="${varnishd_pidfile}"
 
 if [ -n "${varnishd_config}" ] ; then
-	: ${varnishd_flags:="-P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -f ${varnishd_config} -s ${varnishd_storage} -h ${varnishd_hash} -u ${varnishd_user} -g ${varnishd_group} ${varnishd_extra_flags}"}
+	: ${varnishd_flags:="-j unix,user=${varnishd_jailuser} -P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -f ${varnishd_config} -s ${varnishd_storage} -h ${varnishd_hash} ${varnishd_extra_flags}"}
 else
-	: ${varnishd_flags:="-P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -b ${varnishd_backend} -s ${varnishd_storage} -h ${varnishd_hash} -u ${varnishd_user} -g ${varnishd_group} ${varnishd_extra_flags}"}
+	: ${varnishd_flags:="-j unix,user=${varnishd_jailuser} -P ${varnishd_pidfile} -a ${varnishd_listen} -T ${varnishd_admin} -b ${varnishd_backend} -s ${varnishd_storage} -h ${varnishd_hash} ${varnishd_extra_flags}"}
 fi
 
-# If we leave these set, rc.subr will su to them before starting
-# varnishd, which is not what we want.
-unset varnishd_user
-unset varnishd_group
-
 run_rc_command "$1"

www/varnish4/files/varnishlog.in

@@ -41,6 +41,7 @@ load_rc_config ${name}
 : ${varnishlog_pidfile=/var/run/${name}.pid}
 : ${varnishlog_file=/var/log/varnish.log}
 : ${varnishlog_flags="-P ${varnishlog_pidfile} -D -a -w ${varnishlog_file}"}
+: ${varnishlog_user=varnishlog}
 
 command="%%PREFIX%%/bin/${name}"
 pidfile=${varnishlog_pidfile}
@@ -48,6 +49,14 @@ start_precmd=precmd
 
 precmd()
 {
+	if [ ! -e ${pidfile} ]; then
+		install -o ${varnishlog_user} -g varnish /dev/null ${pidfile};
+	fi
+
+	if [ ! -e ${varnishlog_file} ]; then
+		install -o ${varnishlog_user} -g varnish /dev/null ${varnishlog_file};
+	fi
+
 	waitcount=0
 	vsm=%%PREFIX%%/varnish/$(hostname)/_.vsm
 	

www/varnish4/files/varnishncsa.in

@@ -46,6 +46,7 @@ load_rc_config ${name}
 : ${varnishncsa_pidfile=/var/run/${name}.pid}
 : ${varnishncsa_file=/var/log/${name}.log}
 : ${varnishncsa_flags="-P ${varnishncsa_pidfile} -D -a -w ${varnishncsa_file}${varnishncsa_logformat:+ -F \"$varnishncsa_logformat\"}"}
+: ${varnishncsa_user=varnishlog}
 
 command="%%PREFIX%%/bin/${name}"
 pidfile=${varnishncsa_pidfile}
@@ -53,6 +54,14 @@ start_precmd=precmd
 
 precmd()
 {
+	if [ ! -e ${pidfile} ]; then
+		install -o ${varnishncsa_user} -g varnish /dev/null ${pidfile};
+	fi
+
+	if [ ! -e ${varnishncsa_file} ]; then
+		install -o ${varnishncsa_user} -g varnish /dev/null ${varnishncsa_file};
+	fi
+
 	waitcount=0
 	vsm=%%PREFIX%%/varnish/$(hostname)/_.vsm
 	

www/varnish4/pkg-plist

@@ -7,6 +7,8 @@ bin/varnishtest
 bin/varnishtop
 include/varnish/cache/cache.h
 include/varnish/cache/cache_backend.h
+include/varnish/cache/cache_director.h
+include/varnish/cache/cache_filter.h
 include/varnish/common/common.h
 include/varnish/common/params.h
 include/varnish/miniobj.h
@@ -21,7 +23,11 @@ include/varnish/tbl/feature_bits.h
 include/varnish/tbl/http_headers.h
 include/varnish/tbl/http_response.h
 include/varnish/tbl/locks.h
+include/varnish/tbl/obj_attr.h
+include/varnish/tbl/params.h
 include/varnish/tbl/req_body.h
+include/varnish/tbl/req_flags.h
+include/varnish/tbl/sess_attr.h
 include/varnish/tbl/sess_close.h
 include/varnish/tbl/steps.h
 include/varnish/tbl/symbol_kind.h
@@ -43,6 +49,7 @@ include/varnish/vapi/vsl.h
 include/varnish/vapi/vsl_int.h
 include/varnish/vapi/vsm.h
 include/varnish/vapi/vsm_int.h
+include/varnish/waiter/waiter.h
 include/varnish/vas.h
 include/varnish/vav.h
 include/varnish/vbm.h
@@ -51,6 +58,8 @@ include/varnish/vcli.h
 include/varnish/vcs.h
 include/varnish/vdef.h
 include/varnish/vmod_abi.h
+include/varnish/vtcp.h
+include/varnish/vtim.h
 include/varnish/vqueue.h
 include/varnish/vre.h
 include/varnish/vrt.h
@@ -60,7 +69,7 @@ include/varnish/vsb.h
 include/varnish/vsha256.h
 lib/libvarnishapi.so
 lib/libvarnishapi.so.1
-lib/libvarnishapi.so.1.0.0
+lib/libvarnishapi.so.1.0.4
 lib/varnish/libvarnish.so
 lib/varnish/libvarnishcompat.so
 lib/varnish/libvcc.so