[MacPorts] #43006: bind9 portfile improvements
#43006: bind9 portfile improvements -------------------------+-------------------------------- Reporter: jul_bsd@… | Owner: macports-tickets@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Keywords: haspatch | Port: bind9 -------------------------+-------------------------------- * create and use dedicated user * include in notes a reminder to generate rdnc key for administration * url for documentation to secure bind * livecheck -- Ticket URL: <https://trac.macports.org/ticket/43006> MacPorts <http://www.macports.org/> Ports system for OS X
#43006: bind9 portfile improvements --------------------------+---------------------- Reporter: jul_bsd@… | Owner: dluke@… Type: enhancement | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: | Keywords: haspatch Port: bind9 | --------------------------+---------------------- Changes (by dluke@…): * owner: macports-tickets@… => dluke@… * status: new => assigned -- Ticket URL: <https://trac.macports.org/ticket/43006#comment:1> MacPorts <http://www.macports.org/> Ports system for OS X
#43006: bind9 portfile improvements --------------------------+---------------------- Reporter: jul_bsd@… | Owner: dluke@… Type: enhancement | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: | Keywords: haspatch Port: bind9 | --------------------------+---------------------- Comment (by jul_bsd@…): * port lint --nitpick * livecheck * /tab/spacex4/ -- Ticket URL: <https://trac.macports.org/ticket/43006#comment:2> MacPorts <http://www.macports.org/> Ports system for OS X
#43006: bind9 portfile improvements --------------------------+---------------------- Reporter: jul_bsd@… | Owner: dluke@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: | Keywords: haspatch Port: bind9 | --------------------------+---------------------- Changes (by dluke@…): * status: assigned => new Comment: I'm unlikely to integrate the WS changes, but adding a dedicated user for bind9 is a good idea. -- Ticket URL: <https://trac.macports.org/ticket/43006#comment:3> MacPorts <http://www.macports.org/> Ports system for OS X
#43006: bind9 portfile improvements --------------------------+---------------------- Reporter: jul_bsd@… | Owner: dluke@… Type: enhancement | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: | Keywords: haspatch Port: bind9 | --------------------------+---------------------- Changes (by dluke@…): * status: new => assigned -- Ticket URL: <https://trac.macports.org/ticket/43006#comment:4> MacPorts <http://www.macports.org/> Ports system for OS X
#43006: bind9 portfile improvements --------------------------+---------------------- Reporter: jul_bsd@… | Owner: dluke@… Type: enhancement | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: | Keywords: haspatch Port: bind9 | --------------------------+---------------------- Changes (by dluke@…): * cc: dluke@… (removed) -- Ticket URL: <https://trac.macports.org/ticket/43006#comment:5> MacPorts <http://www.macports.org/> Ports system for OS X
#43006: bind9 portfile improvements --------------------------+---------------------- Reporter: jul_bsd@… | Owner: dluke@… Type: enhancement | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: | Keywords: haspatch Port: bind9 | --------------------------+---------------------- Comment (by dluke@…): Are you running with this config? I would think some of the files/paths would need to be owned by the new user/group in order for this to actually work. -- Ticket URL: <https://trac.macports.org/ticket/43006#comment:6> MacPorts <http://www.macports.org/> Ports system for OS X
#43006: bind9 portfile improvements --------------------------+---------------------- Reporter: jul_bsd@… | Owner: dluke@… Type: enhancement | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: | Keywords: haspatch Port: bind9 | --------------------------+---------------------- Comment (by jul_bsd@…): * what do you mean by WS changes? * I have some bind9 warnings about permissions: /opt/local/var/run/named.pid /opt/local/var/run/named/session.key. it does not seem possible to specify a pid path at run to use a named-owned dir, need to review that, maybe at configure * it runs on a desktop client. it was mostly for my cif setup (#43011) but other things are blocking my test currently -- Ticket URL: <https://trac.macports.org/ticket/43006#comment:7> MacPorts <http://www.macports.org/> Ports system for OS X
#43006: bind9 portfile improvements --------------------------+---------------------- Reporter: jul_bsd@… | Owner: dluke@… Type: enhancement | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: | Keywords: haspatch Port: bind9 | --------------------------+---------------------- Comment (by dluke@…): * WS = whitespace * we probably need to put the pid into something like $prefix/var/run/named/named.pid where $prefix/var/run/named is owned by the new named user. I imagine $prefix/var/named needs to be installed owned by named as well (especially for anyone doing auto-dnssec). We could probably put the pid in $prefix/var/named otherwise too... * for a local caching resolver, I would honestly probably recommend that people run unbound instead of bind9 -- Ticket URL: <https://trac.macports.org/ticket/43006#comment:8> MacPorts <http://www.macports.org/> Ports system for OS X
#43006: bind9 portfile improvements --------------------------+---------------------- Reporter: jul_bsd@… | Owner: dluke@… Type: enhancement | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: | Keywords: haspatch Port: bind9 | --------------------------+---------------------- Comment (by jul_bsd@…): * tab to whitespace seems the "norm" defined by 'port lint --nitpick' after, I don't mind other. depends on macport policy * yeah, I agree about pid, just need to check where we defined the path. doesn't seem to be at run (nothing in man), so maybe in config file (pid- file, it seems) * unbound is lighter and probably more secure for a default local resolver after, it depends on the requirements of other software... as for cif, it seems mostly for cache+forwarder, so probably possible with unbound -- Ticket URL: <https://trac.macports.org/ticket/43006#comment:9> MacPorts <http://www.macports.org/> Ports system for OS X
#43006: bind9 portfile improvements --------------------------+---------------------- Reporter: jul_bsd@… | Owner: dluke@… Type: enhancement | Status: closed Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: fixed | Keywords: haspatch Port: bind9 | --------------------------+---------------------- Changes (by dluke@…): * status: assigned => closed * resolution: => fixed Comment: r119626 * use add_users to add new user/group * use new user as owner of some installed files * include the extra notes text you recommended r119628 * move pidfile to where I meant to move it * add live check * actually tell startupitem.executable to use the new named user -- Ticket URL: <https://trac.macports.org/ticket/43006#comment:10> MacPorts <http://www.macports.org/> Ports system for OS X
#43006: bind9 portfile improvements --------------------------+---------------------- Reporter: jul_bsd@… | Owner: dluke@… Type: enhancement | Status: closed Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: fixed | Keywords: haspatch Port: bind9 | --------------------------+---------------------- Comment (by jul_bsd@…): Thanks dlduke@ -- Ticket URL: <https://trac.macports.org/ticket/43006#comment:11> MacPorts <http://www.macports.org/> Ports system for OS X
participants (1)
-
MacPorts