commit: 855a26cb2380f20a90fe1873e3a35cb685320af4 Author: Aaron W. Swenson <titanofold <AT> gentoo <DOT> org> AuthorDate: Thu Dec 21 11:51:28 2017 +0000 Commit: Aaron Swenson <titanofold <AT> gentoo <DOT> org> CommitDate: Thu Dec 21 11:51:28 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=855a26cb
dev-db/pgbouncer: Bump and improve Added optional dep on OpenSSL. Fixed logrotate script to always succeed. Address potential DoS by letting s-s-d handle the pidfile creation and backgrounding of pgbouncer. Dropped restart in initscript as online restart can’t be used with s-s-d and the pidfile isn’t writeable by the pgbouncer user. Bug: https://bugs.gentoo.org/500546 Bug: https://bugs.gentoo.org/577784 Bug: https://bugs.gentoo.org/629334 Closes: https://bugs.gentoo.org/565218 Package-Manager: Portage-2.3.13, Repoman-2.3.3 dev-db/pgbouncer/Manifest | 1 + dev-db/pgbouncer/files/pgbouncer-1.8-dirs.patch | 32 +++++++++ dev-db/pgbouncer/files/pgbouncer.initd-r1 | 83 ++++++++++++++++++++++++ dev-db/pgbouncer/metadata.xml | 26 ++++---- dev-db/pgbouncer/pgbouncer-1.8.1.ebuild | 86 +++++++++++++++++++++++++ 5 files changed, 216 insertions(+), 12 deletions(-) diff --git a/dev-db/pgbouncer/Manifest b/dev-db/pgbouncer/Manifest index 47087ab67c8..22400911164 100644 --- a/dev-db/pgbouncer/Manifest +++ b/dev-db/pgbouncer/Manifest @@ -1 +1,2 @@ DIST pgbouncer-1.7.2.tar.gz 462374 BLAKE2B 0fea85063e30dad3b7e5d145ecd8660d260c6c09202af3661e8acfdcb5ab25f5c23a2f4e02fcfdfcee872ddeb92b78e157457aafa158ee759a1d73a3d33eb009 SHA512 11c89606599f424b34f39a4b072ec6293fea0b14ee52ae4fbc44775e6d83771a22d194f4e8eabe410e0d6a70657508cf1a3b1012543d91873c36f644afb5675d +DIST pgbouncer-1.8.1.tar.gz 465930 BLAKE2B 692c551cb7bfb56bfe1b354791b06bdf61866197150a78a7fa9688891a2e4cd3c015abc5fbe33bf66dc85ab0ae83745f2db852eae91ae99596c97be0154e8bd5 SHA512 595a94db98866cec211f2b8c1ad13d209dba00e5fd41f2e9025aabdcb660194f0f772810270a1d9f067c3039c9fee630e8ff2d56f231935add17207aecc10bee diff --git a/dev-db/pgbouncer/files/pgbouncer-1.8-dirs.patch b/dev-db/pgbouncer/files/pgbouncer-1.8-dirs.patch new file mode 100644 index 00000000000..cc4d0634b6b --- /dev/null +++ b/dev-db/pgbouncer/files/pgbouncer-1.8-dirs.patch @@ -0,0 +1,32 @@ +diff -Naruw pgbouncer-1.8.orig/etc/pgbouncer.ini pgbouncer-1.8/etc/pgbouncer.ini +--- pgbouncer-1.8.orig/etc/pgbouncer.ini 2017-12-18 11:03:18.000000000 -0500 ++++ pgbouncer-1.8/etc/pgbouncer.ini 2017-12-20 06:48:25.935839539 -0500 +@@ -34,7 +34,9 @@ + ;;; + + logfile = /var/log/pgbouncer/pgbouncer.log +-pidfile = /var/run/pgbouncer/pgbouncer.pid ++ ++; Leave unset. This is handled in the initscript. ++;pidfile = + + ;;; + ;;; Where to wait for clients +@@ -44,11 +46,12 @@ + listen_addr = 127.0.0.1 + listen_port = 6432 + +-; Unix socket is also used for -R. +-; On Debian it should be /var/run/postgresql +-;unix_socket_dir = /tmp +-;unix_socket_mode = 0777 +-;unix_socket_group = ++; Unix socket is also used for -R (online restart), but the ++; initscripts can't do that. Generally, you'll want to leave these ++; alone. System-wide default is: /run/postgresql ++unix_socket_dir = /run/postgresql ++unix_socket_mode = 0777 ++unix_socket_group = postgres + + ;;; + ;;; TLS settings for accepting clients diff --git a/dev-db/pgbouncer/files/pgbouncer.initd-r1 b/dev-db/pgbouncer/files/pgbouncer.initd-r1 new file mode 100755 index 00000000000..7392918593b --- /dev/null +++ b/dev-db/pgbouncer/files/pgbouncer.initd-r1 @@ -0,0 +1,83 @@ +#!/sbin/openrc-run + +extra_started_commands="reload" + +PIDFILE="/run/pgbouncer.pid" + +depend() { + use net + after postgresql +} + +get_config() { + [ -f "${INIFILE}" ] || eend 1 "'${INIFILE}' not found" + + eval echo $(sed -e 's:;.*::' "${INIFILE}" | \ + awk '$1 == "'$1'" { print ($2 == "=" ? $3 : $2) }') +} + +start_pre() { + local s="$(get_config unix_socket_dir)" + + if [ -n "${s}" ] ; then + checkpath -o root:postgres -m 1775 -d "${s}" || return 1 + + local listen_port="$(get_config listen_port)" + + if [ -e "${s%/}/.s.PGSQL.${listen_port}" ] ; then + eerror "Socket conflict." + eerror "A server is already listening on:" + eerror " ${s%/}/.s.PGSQL.${listen_port}" + eerror "HINT: Change listen_port in pgbouncer.ini to listen on a" + eerror "different socket." + return 1 + fi + fi + + checkpath -o pgbouncer:postgres -m 0755 \ + -d "$(dirname $(get_config logfile))" || return 1 + checkpath -o pgbouncer:postgres -m 0640 \ + -f "$(get_config logfile)" || return 1 + + return 0 +} + +start() { + ebegin "Starting PgBouncer" + [ -f ${PIDFILE} ] && rm ${PIDFILE} + + start-stop-daemon --start \ + --pidfile ${PIDFILE} \ + --background \ + --make-pidfile \ + --user pgbouncer \ + --exec /usr/bin/pgbouncer \ + -- -q "${INIFILE}" + eend $? +} + +stop() { + local seconds=$(( ${NICE_TIMEOUT} + ${FORCE_QUIT_TIMEOUT} )) + ebegin "Stopping PgBouncer (this can take up to ${seconds} seconds)" + + local retries=SIGINT/${NICE_TIMEOUT} + + if [ "${FORCE_QUIT}" = "YES" ] ; then + einfo "FORCE_QUIT enabled." + retries="${retries}/SIGTERM/${FORCE_QUIT_TIMEOUT}" + fi + + # Loops through nice and force quit in one go. + start-stop-daemon --stop \ + --user pgbouncer \ + --pidfile ${PIDFILE} \ + --retry ${retries} + + eend $? +} + +reload() { + ebegin "Reloading PgBouncer configuration from '${INIFILE}'" + start-stop-daemon --signal HUP --pidfile ${PIDFILE} + eend $? +} diff --git a/dev-db/pgbouncer/metadata.xml b/dev-db/pgbouncer/metadata.xml index 0d24afdb221..29bfef0ab64 100644 --- a/dev-db/pgbouncer/metadata.xml +++ b/dev-db/pgbouncer/metadata.xml @@ -1,16 +1,18 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> <pkgmetadata> - <maintainer type="person"> - <email>titanof...@gentoo.org</email> - <name>Aaron W. Swenson</name> - </maintainer> - <maintainer type="project"> - <email>pgsql-b...@gentoo.org</email> - <name>PostgreSQL and Related Package Development</name> - </maintainer> - <use> - <flag name="libevent">Use libevent 2.0+ and evdns as the DNS backend</flag> - <flag name="udns">Use udns as the DNS backend. Supports IPv4 only.</flag> - </use> + <maintainer type="project"> + <email>pgsql-b...@gentoo.org</email> + <name>PostgreSQL</name> + </maintainer> + <use> + <flag name="c-ares"> + Use c-ares as the DNS backend instead of evdns (libevent). + </flag> + <flag name="libevent">Use libevent 2.0+ and evdns as the DNS backend</flag> + <flag name="udns"> + Use udns as the DNS backend instead of evdns (libevent). Supports + IPv4 only. + </flag> + </use> </pkgmetadata> diff --git a/dev-db/pgbouncer/pgbouncer-1.8.1.ebuild b/dev-db/pgbouncer/pgbouncer-1.8.1.ebuild new file mode 100644 index 00000000000..69a361cbeae --- /dev/null +++ b/dev-db/pgbouncer/pgbouncer-1.8.1.ebuild @@ -0,0 +1,86 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit user + +DESCRIPTION="Lightweight connection pooler for PostgreSQL" +HOMEPAGE="https://pgbouncer.github.io"; +SRC_URI="https://pgbouncer.github.io/downloads/files/${PV}/${P}.tar.gz"; +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+c-ares debug doc pam ssl -udns" + +# At-most-one-of, one can be enabled but not both +REQUIRED_USE="?? ( c-ares udns )" + +RDEPEND=" + >=dev-libs/libevent-2.0 + >=sys-libs/glibc-2.10 + c-ares? ( >=net-dns/c-ares-1.10 ) + ssl? ( >=dev-libs/openssl-1.0.1:=[-bindist] ) + udns? ( >=net-libs/udns-0.1 ) +" + +DEPEND="${RDEPEND}" + +pkg_setup() { + enewgroup postgres 70 + enewuser postgres 70 /bin/bash /var/lib/postgresql postgres + + enewuser pgbouncer -1 -1 -1 postgres +} + +src_prepare() { + eapply "${FILESDIR}/pgbouncer-1.8-dirs.patch" + + default +} + +src_configure() { + # --enable-debug is only used to disable stripping + econf \ + --docdir=/usr/share/doc/${PF} \ + --enable-debug \ + $(use_with c-ares cares) \ + $(use_enable debug cassert) \ + $(use_with pam) \ + $(use_with ssl openssl) \ + $(use_with udns) +} + +src_test() { + cd "${S}/test" + emake +} + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHORS + use doc && dodoc doc/*.rst + + newconfd "${FILESDIR}/${PN}.confd" "${PN}" + newinitd "${FILESDIR}/${PN}.initd-r1" "${PN}" + + insinto /etc + doins etc/pgbouncer.ini + + insinto /etc/logrotate.d + newins "${FILESDIR}/logrotate" pgbouncer +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]] ; then + einfo "Please read the config.txt for Configuration Directives" + einfo + einfo "For Administration Commands, see:" + einfo " man pgbouncer" + einfo + einfo "By default, PgBouncer does not have access to any database." + einfo "GRANT the permissions needed for your application and make sure that it" + einfo "exists in PgBouncer's auth_file." + fi +}
