diff options
| -rw-r--r-- | community/knot-resolver/APKBUILD | 15 | ||||
| -rw-r--r-- | community/knot-resolver/knot-resolver.post-upgrade | 8 | ||||
| -rw-r--r-- | community/knot-resolver/kresd.initd | 4 |
3 files changed, 24 insertions, 3 deletions
diff --git a/community/knot-resolver/APKBUILD b/community/knot-resolver/APKBUILD index d48bf7e9b8..b3aaca4010 100644 --- a/community/knot-resolver/APKBUILD +++ b/community/knot-resolver/APKBUILD @@ -27,6 +27,7 @@ makedepends=" bash cmake gnutls-dev + libcap libcap-ng-dev lmdb-dev luacheck @@ -36,7 +37,12 @@ makedepends=" py3-flake8 " checkdepends="cmocka-dev" -install="$pkgname.pre-install $pkgname-openrc.pre-upgrade $pkgname-openrc.post-upgrade" +install=" + $pkgname.pre-install + $pkgname.post-upgrade + $pkgname-openrc.pre-upgrade + $pkgname-openrc.post-upgrade + " subpackages=" $pkgname-mod-http:http:noarch $pkgname-mod-dnstap:dnstap @@ -94,6 +100,11 @@ package() { cd "$pkgdir" + # net_bind_service - required to bind to well-known ports + # setpcap - when available, resd drops any extra privileges after the + # daemon successfully start + setcap 'cap_net_bind_service,cap_setpcap=+ep' ./usr/sbin/kresd + # These are useless on non-systemd distro. rm ./usr/lib/knot-resolver/distro-preconfig.lua rm ./usr/lib/knot-resolver/upgrade-4-to-5.lua @@ -137,6 +148,6 @@ gpgfingerprints=" sha512sums="9d5d77d3aff082d5f0132b39627fff5cd7af6e237ded219b7b8f2156de7acacb3bf94d5e278af4bb2c9e36ea80d9259d39ba33a18bb37a626a57c70fb9dc0931 knot-resolver-5.0.1.tar.xz 688aeacb0c1f21c7e532533b402e67068897217713fb668636df7533000b493981ddfa0497f8dba7da7c804ee4ab8d587a4f52155b4e2bf1f4025d2588d314bb knot-resolver.logrotate 9c23d035ec1acedb3d946d25a55a85f13a57fc96ed2164aae9613f27e175d81b82615e88e797dff4378115eacaa497a36723fc36a1d417006e3766520bcd674e kresd.confd -79e1a7c003e13fecad5b68935c23554c735fee65fde93a4460c0562486af0656bac01c624cabdcd12e6f41c7b6414c2724a59f7447ddb7aa583d46df5814081e kresd.initd +e781f0d5638fcaac6bd6ab724639e493fb3e9404df02294f7c1a2433cdf15eaa4efef8907bf8c6824fa7bf6e39960a0ca7110dcd9d10522555d272184aad88ec kresd.initd a1e4af78ad8df36feb41619ac63aa8505cb68b434a3e01c8929f69759f5a6abe9667a6d5738928ff67daaccab58e5fecd49ce4ff439674f1e073982042a907fd kres-cache-gc.initd ad017f54aaa214862a67c8242efe9fa56dc66a8ac0012cc0f4eb981d6fd631b250378602f8f5af9916fff071d9a60d1e588e07458f8d891d19787c3b5d48cdb5 kres-cache-gc.confd" diff --git a/community/knot-resolver/knot-resolver.post-upgrade b/community/knot-resolver/knot-resolver.post-upgrade new file mode 100644 index 0000000000..fcb1f09074 --- /dev/null +++ b/community/knot-resolver/knot-resolver.post-upgrade @@ -0,0 +1,8 @@ +#!/bin/sh + +ver_new="$1" +ver_old="$2" + +if [ "$(apk version -t "$ver_old" "5.0.1-r0")" = "<" ]; then + chown -R kresd:kresd /var/cache/knot-resolver +fi diff --git a/community/knot-resolver/kresd.initd b/community/knot-resolver/kresd.initd index 6f3db68264..7297cc40a3 100644 --- a/community/knot-resolver/kresd.initd +++ b/community/knot-resolver/kresd.initd @@ -1,5 +1,6 @@ #!/sbin/openrc-run +: ${command_user:="kresd:kresd"} : ${cfgfile:=${config:-"/etc/knot-resolver/kresd.conf"}} : ${cachedir:="/var/cache/knot-resolver"} : ${logfile:="/var/log/knot-resolver.log"} @@ -20,5 +21,6 @@ depend() { } start_pre() { - checkpath -d -m 750 -o kresd:kresd "$cachedir" + checkpath -d -m 750 -o "$command_user" "$cachedir" || return 1 + checkpath -f -m 640 -o "$command_user" /var/log/knot-resolver.log } |