summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorredfish2020-07-03 22:57:52 -0400
committerredfish2020-07-03 22:57:52 -0400
commit4a335437692b1119f818a2b576b60a7b0b27f487 (patch)
treeda2c937e550591d7526754cbd33714b7a666541b
parent74a2e8f4f9ef67946076e0bd2680eeb78229cf6e (diff)
downloadaur-4a335437692b1119f818a2b576b60a7b0b27f487.tar.gz
add helpful config to run as non-root user
-rw-r--r--.SRCINFO4
-rw-r--r--PKGBUILD6
-rw-r--r--ncdns.install13
-rw-r--r--ncdns.service3
4 files changed, 24 insertions, 2 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 34a621236b0c..92ebf0a5e283 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -3,16 +3,18 @@ pkgbase = ncdns
pkgver = 0.0.10.3
pkgrel = 1
url = https://github.com/namecoin/ncdns
+ install = ncdns.install
arch = x86_64
arch = armv7h
license = GPL-3
makedepends = go
depends = libcap
optdepends = namecoin: the Namecoin node
+ backup = etc/ncdns.conf
source = ncdns-0.0.10.3.tar.gz::https://github.com/namecoin/ncdns/archive/v0.0.10.3.tar.gz
source = ncdns.service
sha512sums = 6e6d25989edbcdf963c0e4275fe164a0726c142a0acbf7fe3e74c2a18da7dcf2fbe8f0a3a5877ac7b551614ff227dd085490c9cfab6c8dce8e891badd87087a0
- sha512sums = 428987be4c51c58aa3e144f22f5dcf788bd9aa807caccaa0981cc836aa0b8343062aaeef813bedfb8d94817a017922d7880341b7fdc5bb77dd52eb81f122b21d
+ sha512sums = 4fca961ae7fc17fbb159dc6cfe3bf6be52b7e1423f0c04591100780a72f250cb87263e3eb736b363d2e67dbd8485018cbaa720ccaa4450bb93d220f802b4be40
pkgname = ncdns
diff --git a/PKGBUILD b/PKGBUILD
index fe4907a26385..919fc528114d 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -12,6 +12,8 @@ license=(GPL-3)
depends=(libcap)
optdepends=('namecoin: the Namecoin node')
makedepends=(go)
+install="ncdns.install"
+backup=("etc/ncdns.conf")
source=($pkgname-$pkgver.tar.gz::https://github.com/namecoin/ncdns/archive/v${pkgver}.tar.gz
ncdns.service)
@@ -41,7 +43,9 @@ package() {
install -Dm 755 $GOPATH/bin/ncdns "$pkgdir/usr/bin/ncdns"
install -Dm 644 "$srcdir"/ncdns.service "$pkgdir/usr/lib/systemd/system/ncdns.service"
install -Dm 644 -t "$pkgdir/usr/share/doc/$pkgname" README.md _doc/ncdns.conf.example
+ # we copy from template, but user must edit the conf file before starting service
+ install -Dm 644 _doc/ncdns.conf.example "$pkgdir/etc/ncdns.conf"
}
sha512sums=('6e6d25989edbcdf963c0e4275fe164a0726c142a0acbf7fe3e74c2a18da7dcf2fbe8f0a3a5877ac7b551614ff227dd085490c9cfab6c8dce8e891badd87087a0'
- '428987be4c51c58aa3e144f22f5dcf788bd9aa807caccaa0981cc836aa0b8343062aaeef813bedfb8d94817a017922d7880341b7fdc5bb77dd52eb81f122b21d')
+ '4fca961ae7fc17fbb159dc6cfe3bf6be52b7e1423f0c04591100780a72f250cb87263e3eb736b363d2e67dbd8485018cbaa720ccaa4450bb93d220f802b4be40')
diff --git a/ncdns.install b/ncdns.install
new file mode 100644
index 000000000000..898edcaae2df
--- /dev/null
+++ b/ncdns.install
@@ -0,0 +1,13 @@
+post_install() {
+ # We do create a dedicated user, but by default the default service will
+ # run the daemon as root, because that's the only way to bind to :53 (which
+ # is a desirable default). Eventually, hopefully, upstream will provide a
+ # priviledge drop feature.
+ getent passwd ncdns &>/dev/null || {
+ echo -n ">>> Creating ncdns user... "
+ useradd --system --user-group -m --home /var/lib/ncdns ncdns
+ echo "done"
+ } # NOTE: we do not autoremove user due to security concerns (Arch policy)
+
+ echo ">>> Edit the configuration file before starting service: /etc/ncdns.conf"
+}
diff --git a/ncdns.service b/ncdns.service
index 4d6a5a51cb87..36fda803859a 100644
--- a/ncdns.service
+++ b/ncdns.service
@@ -2,6 +2,9 @@
Description=Namecoin to DNS bridge daemon
[Service]
+# If you don't want to bind to port 53, then uncomment to run as non-root:
+# Username=ncdns
+# Group=ncdns
ExecStart=/usr/bin/ncdns
Restart=on-failure