New blocky

dns/blocky-devel/Makefile

@@ -1,7 +1,7 @@
 PORTNAME=	blocky
 DISTVERSION=	development
 PORTVERSION=0.20
-PORTREVISION=	10
+PORTREVISION=	11
 CATEGORIES=	dns
 MASTER_SITES=	https://raw.githubusercontent.com/${GH_ACCOUNT}/${GH_PROJECT}/development/:gomod
 DISTFILES=	go.mod:gomod

dns/blocky-devel/files/blocky.in

@@ -7,9 +7,15 @@
 # Add the following to /etc/rc.conf[.local] to enable this service
 #
 # blocky_enable (bool):	Set to NO by default.
-#				Set it to YES to enable blocky.
+#			Set it to YES to enable blocky.
-# blocky_config (str): Set to /usr/local/etc/blocky/config.yml by default.
+# blocky_config (str):	Set to /usr/local/etc/blocky-config.yml by default.
-#
+#			Set it to a path to use that config file.
+# blocky_user (str):	Services run as root by default. Set to a user name
+#			to run blocky as that user. Note: non-root users
+#			might need permission to bind to ports.
+# blocky_group (str):	Set to the user's primary group by default.
+#			Set it to a group name for daemon file ownership.
+# blocky_flags (str):	Enter extra flags to append to the blocky command.
 
 . /etc/rc.subr
 
@@ -20,17 +26,29 @@ load_rc_config ${name}
 
 : ${blocky_enable:=NO}
 : ${blocky_config:="%%PREFIX%%/etc/blocky-config.yml"}
+: ${blocky_group:=}
 : ${blocky_flags:=}
 
-pidfile=/var/run/blocky.pid
+if [ -n "${blocky_user}" ] && [ -z "${blocky_group}" ]; then
-command="%%PREFIX%%/sbin/blocky"
+	# Detect the daemon user's primary group
+	blocky_group=$(id -gn "${blocky_user}")
+fi
 
-start_cmd="${name}_start"
+pidfile="/var/run/${name}.pid"
+blocky_path="%%PREFIX%%/sbin/blocky"
 
-blocky_start()
+command="/usr/sbin/daemon"
+procname="/usr/local/sbin/blocky"
+command_args="-c -f -p ${pidfile} ${blocky_path} \
+	-c ${blocky_config} ${blocky_flags}"
+
+start_precmd="blocky_precmd"
+
+# Sets up a pidfile the daemon user can access
+blocky_precmd()
 {
-	echo -n "Starting ${name}."
+	install -o "${blocky_user:-root}" -g "${blocky_group:-wheel}" \
-	/usr/sbin/daemon -p ${pidfile} -f ${command} -c ${blocky_config} ${blocky_flags}
+		-m 0600 /dev/null "${pidfile}"
 }
 
 run_rc_command "$1"

dns/blocky-devel/files/pkg-message.in

@@ -7,6 +7,21 @@ A sample configuration file is installed at the following location:
 Default location for configuration file when using rc.d script:
 %%PREFIX%%/etc/blocky-config.yml
 
+With the default configuration, blocky listens on port 53 (TCP and UDP).
+If running as a non-root user, use a different port in blocky configuration,
+such as `port: 5053`, or use mac_portacl(4) to allow binding to port 53.
+
+Example setup for mac_portacl(4):
+
+In /boot/loader.conf:
+
+	mac_portacl_load="YES"
+
+In /etc/sysctl.conf (where <ID> is the UID of your user):
+
+	net.inet.ip.portrange.reservedhigh=0
+	security.mac.portacl.rules=uid:<ID>:tcp:53,uid:<ID>:udp:53
+
 Please refer to the documentation located at
 https://0xerr0r.github.io/blocky/ for further information.
 EOM