- Update to 3.0.0

6 files changed, 80 insertions, 67 deletions

diff --git a/dns/gdnsd3/Makefile b/dns/gdnsd3/Makefile
index ca0595feff71..b8c5f6c1ccc8 100644
--- a/dns/gdnsd3/Makefile
+++ b/dns/gdnsd3/Makefile
@@ -2,20 +2,21 @@
 # $FreeBSD$
 
 PORTNAME=	gdnsd
-PORTVERSION=	2.4.2
+PORTVERSION=	3.0.0
 CATEGORIES=	dns
 MASTER_SITES=	https://github.com/gdnsd/gdnsd/releases/download/v${PORTVERSION}/ \
 		ZI \
 		http://gdnsd.scaleengine.net/gdnsd/
-PKGNAMESUFFIX=	2
+PKGNAMESUFFIX=	3
 
 MAINTAINER=	zi@FreeBSD.org
 COMMENT=	Authoritative-only GeoIP-aware DNS server
 
 LICENSE=	GPLv3
 
-LIB_DEPENDS=	libev.so:devel/libev
-BUILD_DEPENDS=	ragel>0:devel/ragel
+LIB_DEPENDS=	libev.so:devel/libev \
+		libsodium.so:security/libsodium \
+		liburcu.so:sysutils/liburcu
 
 FETCH_ARGS=	-Fpr
 
@@ -26,32 +27,34 @@ USES=		pkgconfig libtool tar:xz perl5 gmake
 USE_PERL5=	build
 CPPFLAGS+=	-I${LOCALBASE}/include
 LDFLAGS+=	-L${LOCALBASE}/lib
-CONFLICTS_INSTALL=	gdnsd-1.[0-9]* gdnsd3-3.[0-9]*
+CONFLICTS_INSTALL=	gdnsd-1.[0-9]* gdnsd2-2.[0-9]*
 
 USE_RC_SUBR=	gdnsd
 
 USERS?=		gdnsd
 GROUPS?=	gdnsd
 
-OPTIONS_DEFINE=	DOCS MAXMINDDB URCU
+OPTIONS_DEFINE=	DOCS MAXMINDDB
 OPTIONS_DEFAULT=MAXMINDDB
 
 MAXMINDDB_DESC=		Enable GeoIP1 + GeoIP2 Support
 MAXMINDDB_LIB_DEPENDS=	libmaxminddb.so:net/libmaxminddb
 
-URCU_DESC=		Read-Copy-Update Support (Faster Zone Parsing)
-URCU_CONFIGURE_WITH=	urcu
-URCU_LIB_DEPENDS=	liburcu.so:sysutils/liburcu
+.include <bsd.port.pre.mk>
+
+.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1200000
+CONFIGURE_ARGS+=--without-hardening
+CFLAGS+=	-fstack-protector-strong -fexceptions -ftrapv
+LDFLAGS+=	-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack
+.endif
 
 post-patch:
 	@${REINPLACE_CMD} -e 's|$${localstatedir}/lib/$${PACKAGE_NAME}|/var/db/${PORTNAME}|g' \
 		${WRKSRC}/configure
 
 post-install:
-	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/${PORTNAME}/libgdnsd.so
-	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/${PORTNAME}/plugin_*.so
 	@${MKDIR} ${STAGEDIR}${PREFIX}/etc/gdnsd/geoip \
 		${STAGEDIR}${PREFIX}/etc/gdnsd/zones \
 		${STAGEDIR}/var/run/gdnsd
 
-.include <bsd.port.mk>
+.include <bsd.port.post.mk>
diff --git a/dns/gdnsd3/distinfo b/dns/gdnsd3/distinfo
index eb0002ae2e63..31a8c76237d8 100644
--- a/dns/gdnsd3/distinfo
+++ b/dns/gdnsd3/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1549900121
-SHA256 (gdnsd-2.4.2.tar.xz) = 76ca503cf96d5a26ba1fea82f6c31983542c497799c0ed659d53e51bec9643de
-SIZE (gdnsd-2.4.2.tar.xz) = 640948
+TIMESTAMP = 1550849201
+SHA256 (gdnsd-3.0.0.tar.xz) = e08bf1c0d76bd6cecffd9e0da351f7983e6d25c9ace74b7c28f45fe39e3f389e
+SIZE (gdnsd-3.0.0.tar.xz) = 451776
diff --git a/dns/gdnsd3/files/gdnsd.in b/dns/gdnsd3/files/gdnsd.in
index f32daf9e0c8a..4fe356933c27 100644
--- a/dns/gdnsd3/files/gdnsd.in
+++ b/dns/gdnsd3/files/gdnsd.in
@@ -23,19 +23,39 @@ rcvar=gdnsd_enable
 # set defaults
 load_rc_config $name
 : ${gdnsd_enable:="NO"}
+: ${gdnsd_user:="gdnsd"}
+: ${gdnsd_group:="gdnsd"}
 : ${gdnsd_flags:=""}
 
 command="%%PREFIX%%/sbin/gdnsd"
-command_args="start"
+command_args="daemonize"
 procname=${command}
+start_precmd="gdnsd_prestart"
 restart_precmd="gdnsd_checkconf"
+restart_cmd="gdnsd_restart"
 reload_cmd="gdnsd_reload"
 reload_precmd="gdnsd_checkconf"
+stats_cmd="gdnsd_stats"
 configtest_cmd="gdnsd_checkconf"
-extra_commands="reload configtest"
+extra_commands="stats reload configtest"
+
+gdnsd_prestart()
+{
+  if ! kldstat -q -m mac_portacl; then
+    warn "mac_portacl module not loaded, please review pkg-message"
+  fi
+
+  install -d -o ${gdnsd_user} -g ${gdnsd_group} -m 700 /var/run/gdnsd
+}
+
 gdnsd_reload()
 {
-  ${command} ${gdnsd_flags} reload-zones
+  gdnsdctl reload-zones
+}
+
+gdnsd_restart()
+{
+  gdnsdctl replace
 }
 
 gdnsd_checkconf()
@@ -43,5 +63,9 @@ gdnsd_checkconf()
   ${command} ${gdnsd_flags} checkconf
 }
 
-run_rc_command "$1"
+gdnsd_stats()
+{
+  gdnsdctl stats
+}
 
+run_rc_command "$1"
diff --git a/dns/gdnsd3/files/patch-Makefile.in b/dns/gdnsd3/files/patch-Makefile.in
deleted file mode 100644
index 2da6759184ff..000000000000
--- a/dns/gdnsd3/files/patch-Makefile.in
+++ /dev/null
@@ -1,15 +0,0 @@
---- Makefile.in.orig	2015-03-02 14:36:56 UTC
-+++ Makefile.in
-@@ -2552,12 +2552,6 @@ install-exec-hook-top:
- 	$(MKDIR_P) "$(DESTDIR)$(GDNSD_DEFPATH_CONFIG)/geoip";
- 	$(MKDIR_P) "$(DESTDIR)$(GDNSD_DEFPATH_RUN)";
- 	$(MKDIR_P) "$(DESTDIR)$(GDNSD_DEFPATH_STATE)";
--	@id gdnsd >/dev/null 2>&1; if test $$? -ne 0; then \
--		echo; \
--		echo === READ ME ===; \
--		echo The default user \"gdnsd\" \(for privdrop when executed as root\) does not seem to exist yet!; \
--		echo; \
--	fi
- src/zscan_rfc1035.c: src/zscan_rfc1035.rl
- 	$(AM_V_GEN)$(RAGEL) -G2 -o $@ $(srcdir)/src/zscan_rfc1035.rl
- libgdnsd/bopts.h: Makefile
diff --git a/dns/gdnsd3/pkg-message b/dns/gdnsd3/pkg-message
new file mode 100644
index 000000000000..c54265435d9f
--- /dev/null
+++ b/dns/gdnsd3/pkg-message
@@ -0,0 +1,28 @@
+************************************************************************
+As of version 3.0.0, gdnsd no longer has the ability to bind to
+privileged ports and then drop privileges.  As a result, you must use
+mac_portacl to allow the gdnsd user to bind to 53 udp/tcp.
+
+Please execute the following commands to prep this system to run gdnsd:
+
+echo "# required for gdnsd3">>/boot/loader.conf.local
+echo 'mac_portacl_load="YES"' >>/boot/loader.conf.local
+echo 'accf_dns_load="YES"' >>/boot/loader.conf.local
+echo 'accf_data_load="YES"' >>/boot/loader.conf.local
+
+echo "# required for gdnsd3">>/etc/sysctl.conf.local
+echo "security.mac.portacl.suser_exempt=1">>/etc/sysctl.conf.local
+echo "security.mac.portacl.port_high=1023">>/etc/sysctl.conf.local
+echo "net.inet.ip.portrange.reservedlow=0">>/etc/sysctl.conf.local
+echo "net.inet.ip.portrange.reservedhigh=0">>/etc/sysctl.conf.local
+echo "security.mac.portacl.rules=uid:179:udp:53,uid:179:tcp:53">>/etc/sysctl.conf.local
+
+Then, either reboot or run the following commands to implement the above
+changes:
+
+kldload mac_portacl
+kldload accf_dns
+kldload accf_data
+service sysctl reload
+
+************************************************************************
diff --git a/dns/gdnsd3/pkg-plist b/dns/gdnsd3/pkg-plist
index 45befff225aa..895089a1e370 100644
--- a/dns/gdnsd3/pkg-plist
+++ b/dns/gdnsd3/pkg-plist
@@ -1,38 +1,8 @@
 bin/gdnsd_geoip_test
-include/gdnsd/alloc.h
-include/gdnsd/bopts.h
-include/gdnsd/compiler.h
-include/gdnsd/dmn.h
-include/gdnsd/dname.h
-include/gdnsd/file.h
-include/gdnsd/log.h
-include/gdnsd/misc.h
-include/gdnsd/mon.h
-include/gdnsd/net.h
-include/gdnsd/paths.h
-include/gdnsd/plugapi.h
-include/gdnsd/plugin.h
-include/gdnsd/prcu.h
-include/gdnsd/stats.h
-include/gdnsd/vscf.h
-lib/gdnsd/libgdnsd.so
-lib/gdnsd/plugin_extfile.so
-lib/gdnsd/plugin_extmon.so
-lib/gdnsd/plugin_geoip.so
-lib/gdnsd/plugin_http_status.so
-lib/gdnsd/plugin_metafo.so
-lib/gdnsd/plugin_multifo.so
-lib/gdnsd/plugin_null.so
-lib/gdnsd/plugin_reflect.so
-lib/gdnsd/plugin_simplefo.so
-lib/gdnsd/plugin_static.so
-lib/gdnsd/plugin_tcp_connect.so
-lib/gdnsd/plugin_weighted.so
+bin/gdnsdctl
 libexec/gdnsd/gdnsd_extmon_helper
 man/man1/gdnsd_geoip_test.1.gz
-man/man3/gdnsd-plugin-api.3.gz
 man/man5/gdnsd.config.5.gz
-man/man5/gdnsd.djbdns.5.gz
 man/man5/gdnsd.zonefile.5.gz
 man/man8/gdnsd-plugin-extfile.8.gz
 man/man8/gdnsd-plugin-extmon.8.gz
@@ -47,14 +17,17 @@ man/man8/gdnsd-plugin-static.8.gz
 man/man8/gdnsd-plugin-tcp_connect.8.gz
 man/man8/gdnsd-plugin-weighted.8.gz
 man/man8/gdnsd.8.gz
+man/man8/gdnsdctl.8.gz
 sbin/gdnsd
 %%PORTDOCS%%%%DOCSDIR%%/AUTHORS
 %%PORTDOCS%%%%DOCSDIR%%/COPYING
 %%PORTDOCS%%%%DOCSDIR%%/INSTALL
+%%PORTDOCS%%%%DOCSDIR%%/Manual.md
 %%PORTDOCS%%%%DOCSDIR%%/NEWS
 %%PORTDOCS%%%%DOCSDIR%%/README.md
-%%PORTDOCS%%%%DOCSDIR%%/gdnsd_manual.txt
-@dir %%ETCDIR%%/djbdns
+%%PORTDOCS%%%%DOCSDIR%%/Security.md
+%%PORTDOCS%%%%DOCSDIR%%/VERSION3.md
+%%PORTDOCS%%%%DOCSDIR%%/stats_example.html
 @dir %%ETCDIR%%/geoip
 @dir %%ETCDIR%%/zones
 @dir /var/db/gdnsd