This is my attempt at describing what needs to be done to install the djbdns package on Mac OS X.
You should follow the instructions on djb's pages. Only differences to make it all work on Mac OS X are described here.
The differences described here are:
Update conf-cc and conf-ld by replacing gcc with cc.
On Mac OS X 10.2 Jaguar you don't have to change gcc to cc.
Also, in conf-ld, replace the argument -s with -Xlinker -x to tell the linker to strip the executables.
djb's instructions tells you to run package/install. This script runs three other scripts: package/compile, package/upgrade and package/run. The last script will not accomplish what it is supposed to as the file /etc/rc.local isn't used in Mac OS X.
Manually run the first two scripts. Then, instead of running the third script create a Mac OS X startup item containing the following:
#!/bin/sh
. /etc/rc.common
ConsoleMessage "Starting DJB Service Control"
csh -cf '/command/svscanboot &'
I've made available a preliminary version of a StartupItem for Mac OS X 10.2 Jaguar: DJBServiceControl.tar.gz.
There seem to be a problem with the setrlimit system call on Mac OS X. The problem renders the softlimit tool useless, at least when it comes to limiting the data segment size of a program. The security benefits of using softlimit are therefor probably voided until the bug is fixed—if it is a bug, I'm not the man to tell. You can download the test program I sent to Apple in my bug report here.
On versions of Mac OS X that support Bootstrap Daemons there's an alternative to the StartupItem method for starting daemontools. Simply copy daemontools.plist to /etc/mach_init.d/ and reboot (I don't know how to tell the bootstrap daemon to scan for new or updated service specifications).
Regarding the previous comment, there is an easy way to start daemontools that does not require rebooting. Simply run (as root) launchctl load /etc/mach_init.d/daemontools.plist and you should be up and running. Also, a better place for the plist is probably /Library/LaunchDaemons/.
Note however, that you'd better install daemontools on your root filesystem (or a filesystem mounted at the same time?). Otherwise launchd will try to start the daemontools service once, fail to do so and simply give up on it indefinately.
Update conf-cc and conf-ld by replacing gcc with cc.
On Mac OS X 10.2 Jaguar you don't have to change gcc to cc.
Also, in conf-ld, replace the argument -s with -Xlinker -x to tell the linker to strip the executables.
Update conf-cc and conf-ld by replacing gcc with cc.
On Mac OS X 10.2 Jaguar you don't have to change gcc to cc.
Also, in conf-ld, replace the argument -s with -Xlinker -x to tell the linker to strip the executables.
In djb's documentation you are instructed to add special user accounts responsible for running different programs. There are good reasons why you should do this, as opposed to run everything as root or daemon or what have you.
However, I noticed one problem on Mac OS X when I simply added these user accounts to NetInfo. As I wanted NetInfo to use my local DNS cache, the cache had to be started before NetInfo, but NetInfo holds the user information and so must be started before other processes can be run under those users.
To fix this problem I first added the users to NetInfo the normal way (I use niutil, don't you?). Then I exported these users from the NetInfo database to the password file used before NetInfo itself starts up.
There might be simpler ways to do this but here we go: run ``nidump passwd /". nidump will print a few lines, each describing a user in the system's NetInfo root domain and in a format suitable for use with the vipw command. Locate the users you added for use with djbdns.
Run vipw as root and paste (or type or whatever) the passwd user lines obtained earlier. Quit vipw and you're done.
You can use the script newsystemuser.sh found on my software page to add a system user to the local NetInfo domain. If successful the script will print instructions on how to add the new user and its group to the password and group files.