From a9a08224c4f8f3cfbdfb20eca2fed9e849487cb6 Mon Sep 17 00:00:00 2001 From: Dan Ponte Date: Wed, 1 Feb 2023 10:17:35 -0500 Subject: [PATCH] New blocky --- dns/blocky-devel/Makefile | 2 +- dns/blocky-devel/files/blocky.in | 36 ++++++++++++++++++++------- dns/blocky-devel/files/pkg-message.in | 15 +++++++++++ 3 files changed, 43 insertions(+), 10 deletions(-) diff --git a/dns/blocky-devel/Makefile b/dns/blocky-devel/Makefile index 80d5852..926f1d8 100644 --- a/dns/blocky-devel/Makefile +++ b/dns/blocky-devel/Makefile @@ -1,7 +1,7 @@ PORTNAME= blocky DISTVERSION= development PORTVERSION=0.20 -PORTREVISION= 10 +PORTREVISION= 11 CATEGORIES= dns MASTER_SITES= https://raw.githubusercontent.com/${GH_ACCOUNT}/${GH_PROJECT}/development/:gomod DISTFILES= go.mod:gomod diff --git a/dns/blocky-devel/files/blocky.in b/dns/blocky-devel/files/blocky.in index 24a9202..2b625f8 100644 --- a/dns/blocky-devel/files/blocky.in +++ b/dns/blocky-devel/files/blocky.in @@ -7,9 +7,15 @@ # Add the following to /etc/rc.conf[.local] to enable this service # # blocky_enable (bool): Set to NO by default. -# Set it to YES to enable blocky. -# blocky_config (str): Set to /usr/local/etc/blocky/config.yml by default. -# +# Set it to YES to enable blocky. +# blocky_config (str): Set to /usr/local/etc/blocky-config.yml by default. +# Set it to a path to use that config file. +# blocky_user (str): Services run as root by default. Set to a user name +# to run blocky as that user. Note: non-root users +# might need permission to bind to ports. +# blocky_group (str): Set to the user's primary group by default. +# Set it to a group name for daemon file ownership. +# blocky_flags (str): Enter extra flags to append to the blocky command. . /etc/rc.subr @@ -20,17 +26,29 @@ load_rc_config ${name} : ${blocky_enable:=NO} : ${blocky_config:="%%PREFIX%%/etc/blocky-config.yml"} +: ${blocky_group:=} : ${blocky_flags:=} -pidfile=/var/run/blocky.pid -command="%%PREFIX%%/sbin/blocky" +if [ -n "${blocky_user}" ] && [ -z "${blocky_group}" ]; then + # Detect the daemon user's primary group + blocky_group=$(id -gn "${blocky_user}") +fi -start_cmd="${name}_start" +pidfile="/var/run/${name}.pid" +blocky_path="%%PREFIX%%/sbin/blocky" -blocky_start() +command="/usr/sbin/daemon" +procname="/usr/local/sbin/blocky" +command_args="-c -f -p ${pidfile} ${blocky_path} \ + -c ${blocky_config} ${blocky_flags}" + +start_precmd="blocky_precmd" + +# Sets up a pidfile the daemon user can access +blocky_precmd() { - echo -n "Starting ${name}." - /usr/sbin/daemon -p ${pidfile} -f ${command} -c ${blocky_config} ${blocky_flags} + install -o "${blocky_user:-root}" -g "${blocky_group:-wheel}" \ + -m 0600 /dev/null "${pidfile}" } run_rc_command "$1" diff --git a/dns/blocky-devel/files/pkg-message.in b/dns/blocky-devel/files/pkg-message.in index 953a51c..70f077c 100644 --- a/dns/blocky-devel/files/pkg-message.in +++ b/dns/blocky-devel/files/pkg-message.in @@ -7,6 +7,21 @@ A sample configuration file is installed at the following location: Default location for configuration file when using rc.d script: %%PREFIX%%/etc/blocky-config.yml +With the default configuration, blocky listens on port 53 (TCP and UDP). +If running as a non-root user, use a different port in blocky configuration, +such as `port: 5053`, or use mac_portacl(4) to allow binding to port 53. + +Example setup for mac_portacl(4): + +In /boot/loader.conf: + + mac_portacl_load="YES" + +In /etc/sysctl.conf (where is the UID of your user): + + net.inet.ip.portrange.reservedhigh=0 + security.mac.portacl.rules=uid::tcp:53,uid::udp:53 + Please refer to the documentation located at https://0xerr0r.github.io/blocky/ for further information. EOM