Page MenuHomeFreeBSD
Differential D3878

www/varnish4: update to 4.1.0
ClosedPublic
Actions

Authored by feld on Oct 13 2015, 3:00 PM.
Tags
None
Referenced Files
F103134962: D3878.id.diff
Thu, Nov 21, 11:26 AM
F103068636: D3878.id.diff
Wed, Nov 20, 12:43 PM
Unknown Object (File)
Thu, Nov 14, 7:46 AM
Unknown Object (File)
Mon, Nov 11, 10:46 AM
Unknown Object (File)
Sun, Nov 10, 11:49 AM
Unknown Object (File)
Thu, Nov 7, 10:25 PM
Unknown Object (File)
Wed, Nov 6, 9:44 AM
Unknown Object (File)
Tue, Nov 5, 11:02 AM
View All Files
Subscribers
mat

Details

Reviewers
None
Commits
rP399688: www/varnish4: Update to 4.1.0
Summary

Varnish update to 4.1.0

Disruptive changes: new "jail" feature. Upstream wants Varnish to run as
its own user. We were previously running as www:www which is probably
not appropriate. I am creating a varnish user/group instead.

Users may have to blow away /usr/local/varnish/hostname before firing
varnishd back up.

TODO: write an UPDATING entry

https://github.com/varnish/Varnish-Cache/blob/varnish-4.1.0/doc/sphinx/whats-new/changes.rst

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

feld updated this revision to Diff 9352.Oct 13 2015, 3:00 PM
feld retitled this revision from to www/varnish4: update to 4.1.0.
feld updated this object.
feld edited the test plan for this revision. (Show Details)
feld mentioned this in D3881: New Port: www/varnish-libvmod-saintmode.Oct 13 2015, 7:26 PM
mat added a subscriber: mat.Oct 13 2015, 8:23 PM

Does it use the group at all ? I see no mention of it in the rc file.

feld added a comment.Oct 13 2015, 8:50 PM
In D3878#80519, @mat wrote:

Does it use the group at all ? I see no mention of it in the rc file.

I had a chat with phk and he said we should have two users: varnish and vcache, both should be in the varnish group.

feld updated this revision to Diff 9455.Oct 16 2015, 5:59 PM

Make varnishlog and varnishncsa run as non-root as well

feld updated this revision to Diff 9456.Oct 16 2015, 6:17 PM

Give varnishncsa and varnishlog their own UIDs. Their membership into
the varnish group allow them to read logs, but will not permit them to
attack the running varnish process if they were somehow compromised.

feld updated this revision to Diff 9498.Oct 19 2015, 2:57 PM

Reviewed Debian's approach and they share "varnishlog" user between the
varnishlog and varnishncsa processes

Closed by commit rP399688: www/varnish4: Update to 4.1.0 (authored by feld). · Explain WhyOct 19 2015, 3:04 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
1 line
2 lines
www/
varnish4/
7 lines
4 lines
files/
23 lines
9 lines
9 lines
11 lines

Diff 9500

View Options

head/GIDs

Loading...
View Options

head/UIDs

Loading...
View Options

head/www/varnish4/Makefile

Loading...
View Options

head/www/varnish4/distinfo

Loading...
View Options

head/www/varnish4/files/varnishd.in

Loading...
View Options

head/www/varnish4/files/varnishlog.in

Loading...
View Options

head/www/varnish4/files/varnishncsa.in

Loading...
View Options

head/www/varnish4/pkg-plist

Loading...