Page MenuHomeFreeBSD
Differential D3878

www/varnish4: update to 4.1.0
ClosedPublic
Actions

Authored by feld on Oct 13 2015, 3:00 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Jan 26, 9:55 AM
Unknown Object (File)
Wed, Jan 22, 8:25 AM
Unknown Object (File)
Fri, Jan 17, 5:25 AM
Unknown Object (File)
Thu, Jan 16, 2:40 PM
Unknown Object (File)
Fri, Jan 10, 2:35 PM
Unknown Object (File)
Thu, Jan 2, 7:12 AM
Unknown Object (File)
Dec 23 2024, 8:08 AM
Unknown Object (File)
Dec 21 2024, 12:10 AM
View All Files
Subscribers
mat

Details

Reviewers
None
Commits
rP399688: www/varnish4: Update to 4.1.0
Summary

Varnish update to 4.1.0

Disruptive changes: new "jail" feature. Upstream wants Varnish to run as
its own user. We were previously running as www:www which is probably
not appropriate. I am creating a varnish user/group instead.

Users may have to blow away /usr/local/varnish/hostname before firing
varnishd back up.

TODO: write an UPDATING entry

https://github.com/varnish/Varnish-Cache/blob/varnish-4.1.0/doc/sphinx/whats-new/changes.rst

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 759
Build 759: arc lint + arc unit

Event Timeline

feld updated this revision to Diff 9352.Oct 13 2015, 3:00 PM
feld retitled this revision from to www/varnish4: update to 4.1.0.
feld updated this object.
feld edited the test plan for this revision. (Show Details)
feld mentioned this in D3881: New Port: www/varnish-libvmod-saintmode.Oct 13 2015, 7:26 PM
mat added a subscriber: mat.Oct 13 2015, 8:23 PM

Does it use the group at all ? I see no mention of it in the rc file.

feld added a comment.Oct 13 2015, 8:50 PM
In D3878#80519, @mat wrote:

Does it use the group at all ? I see no mention of it in the rc file.

I had a chat with phk and he said we should have two users: varnish and vcache, both should be in the varnish group.

feld updated this revision to Diff 9455.Oct 16 2015, 5:59 PM

Make varnishlog and varnishncsa run as non-root as well

feld updated this revision to Diff 9456.Oct 16 2015, 6:17 PM

Give varnishncsa and varnishlog their own UIDs. Their membership into
the varnish group allow them to read logs, but will not permit them to
attack the running varnish process if they were somehow compromised.

feld updated this revision to Diff 9498.Oct 19 2015, 2:57 PM

Reviewed Debian's approach and they share "varnishlog" user between the
varnishlog and varnishncsa processes

Closed by commit rP399688: www/varnish4: Update to 4.1.0 (authored by feld). · Explain WhyOct 19 2015, 3:04 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
1 line
1 line
www/
varnish4/
7 lines
4 lines
files/
23 lines
11 lines

Diff 9352

View Options

GIDs

Loading...
View Options

UIDs

Loading...
View Options

www/varnish4/Makefile

Loading...
View Options

www/varnish4/distinfo

Loading...
View Options

www/varnish4/files/varnishd.in

Loading...
View Options

www/varnish4/pkg-plist

Loading...