diff options
author | redfish | 2020-07-03 22:57:52 -0400 |
---|---|---|
committer | redfish | 2020-07-03 22:57:52 -0400 |
commit | 4a335437692b1119f818a2b576b60a7b0b27f487 (patch) | |
tree | da2c937e550591d7526754cbd33714b7a666541b | |
parent | 74a2e8f4f9ef67946076e0bd2680eeb78229cf6e (diff) | |
download | aur-4a335437692b1119f818a2b576b60a7b0b27f487.tar.gz |
add helpful config to run as non-root user
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | PKGBUILD | 6 | ||||
-rw-r--r-- | ncdns.install | 13 | ||||
-rw-r--r-- | ncdns.service | 3 |
4 files changed, 24 insertions, 2 deletions
@@ -3,16 +3,18 @@ pkgbase = ncdns pkgver = 0.0.10.3 pkgrel = 1 url = https://github.com/namecoin/ncdns + install = ncdns.install arch = x86_64 arch = armv7h license = GPL-3 makedepends = go depends = libcap optdepends = namecoin: the Namecoin node + backup = etc/ncdns.conf source = ncdns-0.0.10.3.tar.gz::https://github.com/namecoin/ncdns/archive/v0.0.10.3.tar.gz source = ncdns.service sha512sums = 6e6d25989edbcdf963c0e4275fe164a0726c142a0acbf7fe3e74c2a18da7dcf2fbe8f0a3a5877ac7b551614ff227dd085490c9cfab6c8dce8e891badd87087a0 - sha512sums = 428987be4c51c58aa3e144f22f5dcf788bd9aa807caccaa0981cc836aa0b8343062aaeef813bedfb8d94817a017922d7880341b7fdc5bb77dd52eb81f122b21d + sha512sums = 4fca961ae7fc17fbb159dc6cfe3bf6be52b7e1423f0c04591100780a72f250cb87263e3eb736b363d2e67dbd8485018cbaa720ccaa4450bb93d220f802b4be40 pkgname = ncdns @@ -12,6 +12,8 @@ license=(GPL-3) depends=(libcap) optdepends=('namecoin: the Namecoin node') makedepends=(go) +install="ncdns.install" +backup=("etc/ncdns.conf") source=($pkgname-$pkgver.tar.gz::https://github.com/namecoin/ncdns/archive/v${pkgver}.tar.gz ncdns.service) @@ -41,7 +43,9 @@ package() { install -Dm 755 $GOPATH/bin/ncdns "$pkgdir/usr/bin/ncdns" install -Dm 644 "$srcdir"/ncdns.service "$pkgdir/usr/lib/systemd/system/ncdns.service" install -Dm 644 -t "$pkgdir/usr/share/doc/$pkgname" README.md _doc/ncdns.conf.example + # we copy from template, but user must edit the conf file before starting service + install -Dm 644 _doc/ncdns.conf.example "$pkgdir/etc/ncdns.conf" } sha512sums=('6e6d25989edbcdf963c0e4275fe164a0726c142a0acbf7fe3e74c2a18da7dcf2fbe8f0a3a5877ac7b551614ff227dd085490c9cfab6c8dce8e891badd87087a0' - '428987be4c51c58aa3e144f22f5dcf788bd9aa807caccaa0981cc836aa0b8343062aaeef813bedfb8d94817a017922d7880341b7fdc5bb77dd52eb81f122b21d') + '4fca961ae7fc17fbb159dc6cfe3bf6be52b7e1423f0c04591100780a72f250cb87263e3eb736b363d2e67dbd8485018cbaa720ccaa4450bb93d220f802b4be40') diff --git a/ncdns.install b/ncdns.install new file mode 100644 index 000000000000..898edcaae2df --- /dev/null +++ b/ncdns.install @@ -0,0 +1,13 @@ +post_install() { + # We do create a dedicated user, but by default the default service will + # run the daemon as root, because that's the only way to bind to :53 (which + # is a desirable default). Eventually, hopefully, upstream will provide a + # priviledge drop feature. + getent passwd ncdns &>/dev/null || { + echo -n ">>> Creating ncdns user... " + useradd --system --user-group -m --home /var/lib/ncdns ncdns + echo "done" + } # NOTE: we do not autoremove user due to security concerns (Arch policy) + + echo ">>> Edit the configuration file before starting service: /etc/ncdns.conf" +} diff --git a/ncdns.service b/ncdns.service index 4d6a5a51cb87..36fda803859a 100644 --- a/ncdns.service +++ b/ncdns.service @@ -2,6 +2,9 @@ Description=Namecoin to DNS bridge daemon [Service] +# If you don't want to bind to port 53, then uncomment to run as non-root: +# Username=ncdns +# Group=ncdns ExecStart=/usr/bin/ncdns Restart=on-failure |