Djam/dhcp
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/dhcp.git synced 2025-02-23 13:32:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1 from djam/dhcp:rosa2016.1

Browse source 
Backports latest r10 to r8
This commit is contained in:
djam 2018-10-18 13:43:45 +03:00
commit 6b667f1e00
15 changed files with 186 additions and 407 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
.abf.yml
View file

@ -1,11 +1,4 @@
removed_sources:
dhcp-4.2.5-P1.tar.gz: 120b6e476b2ac0d35e1dc8dee53752c42449b925
dhcp-4.2.5-P1.tar.gz.sha512.asc: d43248ba82d8a2f393f2f6c283ea06fb2df38d18
dhcp-4.2.5.tar.gz: d029505509aee83ea28972d5d1c95dc4b5db99f1
dhcp-4.2.5.tar.gz.sha512.asc: ac49b30ef17acb36cc5603faa5d780e423aa0e06
dhcp-4.3.0.tar.gz: deed72a4636461042b74de68c2825dc52623e1d1
dhcp-4.3.0.tar.gz.sha512.asc: e05375f86430f0d92a371fe8f619aa73e65de19a
sources: sources:
dhcp-4.3.2.tar.gz: c7fcc4fa2bd135700b410f47eca238dd67419654 dhcp-4.4.1.tar.gz: 7be2c4911107f613c2d4b0a943261603c6b8507a
dhcp-4.3.2.tar.gz.sha512.asc: dd76a14f1424e216dfaf186b75566a867de311d4 dhcp-4.4.1.tar.gz.sha512.asc: 1e5af5476f181d2045e4b30171e3f423aa260fbe
dhcp-dynamic-dns-examples.tar.bz2: d33980aad3e0380fc89f8346ab37786d39157696 dhcp-dynamic-dns-examples.tar.bz2: d33980aad3e0380fc89f8346ab37786d39157696

15
Arch-0002-iproute2.patch Normal file
View file

@ -0,0 +1,15 @@
https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/dhcp
diff --git a/client/scripts/linux b/client/scripts/linux
index 5fb16121..c4cef632 100755
--- a/client/scripts/linux
+++ b/client/scripts/linux
@@ -362,7 +362,7 @@ case "$reason" in
interface_up_wait_time=5
for i in $(seq 0 ${interface_up_wait_time})
do
- ifconfig ${interface} | grep RUNNING >/dev/null 2>&1
+ /sbin/ip link show dev ${interface} | grep -q LOWER_UP 2>&1
if [ $? -eq 0 ]; then
break;
fi

30
ROSA-NEWS Normal file
View file

@ -0,0 +1,30 @@
dhcp v4.4.1
08.10.2018
by mikhailnov
* Dropped old patches
* Now upstream uses built-in bind libraries, we also use them for now (they are linked statically)
* Now it's built with KerberOS support
* Removed 'After=syslog.target' from systemd service dhcpd.service
https://www.freedesktop.org/wiki/Software/systemd/syslog/ says:
"we do no longer recommend people to order their units after syslog.target"
* Merged old ROSA's dhcpd(6).service and Arch's dhcpd{4|6}.service
* dhclient@.service from Arch Linux, modified a bit to improve secutrity (e.g. usage: systemctl enable dhclient@enp1s0)
* Improved security of dhcpd.service and dhcpd6.service by setting and dropping some capabilities(7)
* dhcpd user was added on package installation (dhcp-server), but dhcpd was actually ran from root, not dhcpd
* use sysusers.d(5) (config isc-dhcpd.conf) instaed of manually created dhcpd user
* migration: delete dhcpd user on package uninstallation
* /etc/sysconfig/dhcp6 called in dhcpd6.service did not exist (dhcpd6.service was broken);
let's use /etc/sysconfig/dhcpd for both IPv4 and IPv6
* /var/lib/dhcpd and /var/lib/dhclient are now defined as variables in the RPM spec
Note: they are hardcoded in systemd units
* .leases files are not packaged any more, because modern dhcpd and dhclient can create them automatically,
but the directoiry, e.g. /var/lib/dhclient, has to exist and be writable.
* Don't remove *.leases on package uninstallation
* TODO(?): Fedora's patch dhcp-paths.patch

23
dhclient@.service Normal file
View file

@ -0,0 +1,23 @@
[Unit]
Description=dhclient on %I
Wants=network.target
Before=network.target
[Service]
ExecStart=/sbin/dhclient -lf /var/lib/dhclient/dhclient.leases -pf /run/dhclient@%i/dhclient.pid -d %I
RuntimeDirectory=dhclient@%i
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=
# /var is not read-only
ProtectSystem=true
ProtectHome=true
RestartSec=2s
Restart=on-failure
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ReadWritePaths=
CapabilityBoundingSet=~CAP_SYS_ADMIN
[Install]
WantedBy=multi-user.target
# This unit file in based on
# https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/dhcp

39
dhcp-4.1.1-prevent_wireless_deassociation.patch
View file

@ -1,39 +0,0 @@
diff -p -up dhcp-4.1.1/client/scripts/linux.prevent_wireless dhcp-4.1.1/client/scripts/linux
--- dhcp-4.1.1/client/scripts/linux.prevent_wireless 2010-02-25 11:37:31.000000000 -0300
+++ dhcp-4.1.1/client/scripts/linux 2010-02-25 11:37:37.000000000 -0300
@@ -13,6 +13,8 @@
# 1. ifconfig down apparently deletes all relevant routes and flushes
# the arp cache, so this doesn't need to be done explicitly.
+# 1.1. ifconfig $interface inet 0 is enough, and prevents unneeded
+# deassociation on wireless interfaces
# 2. The alias address handling here has not been tested AT ALL.
# I'm just going by the doc of modern Linux ip aliasing, which uses
@@ -170,7 +172,7 @@ if [ x$reason = xBOUND ] || [ x$reason =
if [ x$old_ip_address != x ] && [ x$old_ip_address != x$new_ip_address ]; then
# IP address changed. Bringing down the interface will delete all routes,
# and clear the ARP cache.
- ifconfig $interface inet 0 down
+ ifconfig $interface inet 0
fi
if [ x$old_ip_address = x ] || [ x$old_ip_address != x$new_ip_address ] || \
@@ -224,7 +226,7 @@ if [ x$reason = xEXPIRE ] || [ x$reason
fi
if [ x$old_ip_address != x ]; then
# Shut down interface, which will delete routes and clear arp cache.
- ifconfig $interface inet 0 down
+ ifconfig $interface inet 0
fi
if [ x$alias_ip_address != x ]; then
ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
@@ -259,7 +261,7 @@ if [ x$reason = xTIMEOUT ]; then
fi
exit_with_hooks 0
fi
- ifconfig $interface inet 0 down
+ ifconfig $interface inet 0
exit_with_hooks 1
fi

44
dhcp-4.2.0-default-requested-options.patch
View file

@ -1,44 +0,0 @@
diff -up dhcp-4.2.0/client/clparse.c.requested dhcp-4.2.0/client/clparse.c
--- dhcp-4.2.0/client/clparse.c.requested 2010-07-21 13:29:05.000000000 +0200
+++ dhcp-4.2.0/client/clparse.c 2010-07-21 13:50:29.000000000 +0200
@@ -37,7 +37,7 @@
struct client_config top_level_config;
-#define NUM_DEFAULT_REQUESTED_OPTS 9
+#define NUM_DEFAULT_REQUESTED_OPTS 14
struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1];
static void parse_client_default_duid(struct parse *cfile);
@@ -111,6 +111,31 @@ isc_result_t read_client_conf ()
option_code_hash_lookup(&default_requested_options[8],
dhcpv6_universe.code_hash, &code, 0, MDL);
+ /* 10 */
+ code = DHO_NIS_DOMAIN;
+ option_code_hash_lookup(&default_requested_options[9],
+ dhcp_universe.code_hash, &code, 0, MDL);
+
+ /* 11 */
+ code = DHO_NIS_SERVERS;
+ option_code_hash_lookup(&default_requested_options[10],
+ dhcp_universe.code_hash, &code, 0, MDL);
+
+ /* 12 */
+ code = DHO_NTP_SERVERS;
+ option_code_hash_lookup(&default_requested_options[11],
+ dhcp_universe.code_hash, &code, 0, MDL);
+
+ /* 13 */
+ code = DHO_INTERFACE_MTU;
+ option_code_hash_lookup(&default_requested_options[12],
+ dhcp_universe.code_hash, &code, 0, MDL);
+
+ /* 14 */
+ code = DHO_DOMAIN_SEARCH;
+ option_code_hash_lookup(&default_requested_options[13],
+ dhcp_universe.code_hash, &code, 0, MDL);
+
for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) {
if (default_requested_options[code] == NULL)
log_fatal("Unable to find option definition for "

185
dhcp-4.2.2-ifup.patch
View file

@ -1,185 +0,0 @@
diff -Naur -x '*~' -x '*.orig' -x '*.rej' dhcp-4.2.2/client/scripts/linux dhcp-4.2.2-ifup/client/scripts/linux
--- dhcp-4.2.2/client/scripts/linux 2011-05-18 22:01:54.000000000 +0200
+++ dhcp-4.2.2-ifup/client/scripts/linux 2011-08-29 19:07:58.722894019 +0200
@@ -1,8 +1,11 @@
#!/bin/bash
-# dhclient-script for Linux. Dan Halbert, March, 1997.
-# Updated for Linux 2.[12] by Brian J. Murrell, January 1999.
-# No guarantees about this. I'm a novice at the details of Linux
-# networking.
+# Network Interface Configuration System
+#
+# Based on:
+# dhclient-script for Linux. Dan Halbert, March, 1997.
+# Updated for Linux 2.[12] by Brian J. Murrell, January 1999.
+# Modified for Mandriva Linux 1999-2009
+
# Notes:
@@ -26,28 +29,35 @@
ip=/sbin/ip
make_resolv_conf() {
+ local d
+ local ns
+
+ if [ -n "$DOMAIN" ]; then
+ d="search $DOMAIN"
+ fi
+
if [ x"$new_domain_name_servers" != x ]; then
- cat /dev/null > /etc/resolv.conf.dhclient
- chmod 644 /etc/resolv.conf.dhclient
- if [ x"$new_domain_search" != x ]; then
- echo search $new_domain_search >> /etc/resolv.conf.dhclient
+ if [ -n "$DOMAIN" ]; then
+ # already done above
+ d="search $DOMAIN"
+ elif [ x"$new_domain_search" != x ]; then
+ d="search $new_domain_search"
elif [ x"$new_domain_name" != x ]; then
# Note that the DHCP 'Domain Name Option' is really just a domain
# name, and that this practice of using the domain name option as
# a search path is both nonstandard and deprecated.
- echo search $new_domain_name >> /etc/resolv.conf.dhclient
+ d="search $new_domain_name"
fi
for nameserver in $new_domain_name_servers; do
- echo nameserver $nameserver >>/etc/resolv.conf.dhclient
+ ns="$ns"$'\n'"nameserver ${nameserver}"
done
- mv /etc/resolv.conf.dhclient /etc/resolv.conf
elif [ "x${new_dhcp6_name_servers}" != x ] ; then
- cat /dev/null > /etc/resolv.conf.dhclient6
- chmod 644 /etc/resolv.conf.dhclient6
-
- if [ "x${new_dhcp6_domain_search}" != x ] ; then
- echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6
+ if [ -n "$DOMAIN" ]; then
+ # already done above
+ d="search $DOMAIN"
+ elif [ "x${new_dhcp6_domain_search}" != x ] ; then
+ d="search ${new_dhcp6_domain_search}"
fi
shopt -s nocasematch
for nameserver in ${new_dhcp6_name_servers} ; do
@@ -59,11 +69,13 @@
else
zone_id=
fi
- echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6
+ ns="$ns"$'\n'"nameserver ${nameserver}$zone_id"
done
shopt -u nocasematch
+ fi
- mv /etc/resolv.conf.dhclient6 /etc/resolv.conf
+ if [ -n "$d" -o -n "$ns" ]; then
+ change_resolv_conf "$d" "$ns"
fi
}
@@ -88,6 +100,25 @@
fi
fi
+# Import Mandriva Linux configuration
+cd /etc/sysconfig/network-scripts;
+. /etc/sysconfig/network-scripts/network-functions
+. /etc/rc.d/init.d/functions
+
+[ -f ../network ] && . ../network
+[ -f ../networking/network ] && . ../networking/network
+
+CONFIG=$interface
+
+need_config ${CONFIG}
+
+if [ -f "${CONFIG}" ]; then
+ source_config
+else
+ echo $"$0: configuration for $interface not found." >&2
+ DEVICE=$interface
+fi
+
###
### DHCPv4 Handlers
###
@@ -138,15 +169,6 @@
if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \
[ x$reason = xREBIND ] || [ x$reason = xREBOOT ]; then
- current_hostname=`hostname`
- if [ x$current_hostname = x ] || \
- [ x$current_hostname = "x(none)" ] || \
- [ x$current_hostname = xlocalhost ] || \
- [ x$current_hostname = x$old_host_name ]; then
- if [ x$new_host_name != x$old_host_name ]; then
- hostname "$new_host_name"
- fi
- fi
if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \
[ x$alias_ip_address != x$old_ip_address ]; then
@@ -165,12 +187,14 @@
ifconfig $interface inet $new_ip_address $new_subnet_arg \
$new_broadcast_arg $mtu_arg
# Add a network route to the computed network address.
+ if [ "${PEERGATEWAY}" != "no" ]; then
for router in $new_routers; do
if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
route add -host $router dev $interface
fi
route add default gw $router $metric_arg dev $interface
done
+ fi
else
# we haven't changed the address, have we changed other options
# that we wish to update?
@@ -193,7 +217,25 @@
ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
route add -host $alias_ip_address $interface:0
fi
- make_resolv_conf
+ if [ -n "$METRIC" ]; then
+ ifmetric $interface $METRIC
+ fi
+ if [ "${PEERDNS}" != "no" ]; then
+ make_resolv_conf
+ fi
+ if [ "${NEEDHOSTNAME}" = "yes" ]; then
+ if [ -z "$new_host_name" ]; then
+ eval `/bin/ipcalc --silent --hostname $new_ip_address`
+ new_host_name=$HOSTNAME
+ fi
+ if [ -n "$new_host_name" ]; then
+ current_hostname=`hostname`
+
+ if [ "$new_host_name" != "$current_hostname" ]; then
+ set_hostname $new_host_name
+ fi
+ fi
+ fi
exit_with_hooks 0
fi
@@ -227,13 +269,17 @@
ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
route add -host $alias_ip_address dev $interface:0
fi
+ if [ "${PEERGATEWAY}" != "no" ]; then
for router in $new_routers; do
if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
route add -host $router dev $interface
fi
route add default gw $router $metric_arg dev $interface
done
+ fi
+ if [ "${PEERDNS}" != "no" ]; then
make_resolv_conf
+ fi
exit_with_hooks 0
fi
ifconfig $interface inet 0 down

40
dhcp-4.2.2-missing-ipv6-not-fatal.patch
View file

@ -1,40 +0,0 @@
diff -Naur -x '*~' -x '*.rej' -x '*.orig' dhcp-4.2.2/common/discover.c dhcp-4.2.2-missing-ipv6-not-fatal/common/discover.c
--- dhcp-4.2.2/common/discover.c 2011-07-20 00:22:48.000000000 +0200
+++ dhcp-4.2.2-missing-ipv6-not-fatal/common/discover.c 2011-09-12 13:33:04.300509236 +0200
@@ -455,7 +455,7 @@
}
#ifdef DHCPv6
- if (local_family == AF_INET6) {
+ if ((local_family == AF_INET6) && !access("/proc/net/if_inet6", R_OK)) {
ifaces->fp6 = fopen("/proc/net/if_inet6", "r");
if (ifaces->fp6 == NULL) {
log_error("Error opening '/proc/net/if_inet6' to "
@@ -466,6 +466,8 @@
ifaces->fp = NULL;
return 0;
}
+ } else {
+ ifaces->fp6 = NULL;
}
#endif
@@ -733,7 +735,7 @@
return 1;
}
#ifdef DHCPv6
- if (!(*err)) {
+ if (!(*err) && ifaces->fp6) {
if (local_family == AF_INET6)
return next_iface6(info, err, ifaces);
}
@@ -752,7 +754,8 @@
ifaces->sock = -1;
#ifdef DHCPv6
if (local_family == AF_INET6) {
- fclose(ifaces->fp6);
+ if (ifaces->fp6)
+ fclose(ifaces->fp6);
ifaces->fp6 = NULL;
}
#endif

22
dhcp-4.2.5-P1-man.patch
View file

@ -1,22 +0,0 @@
diff -Naur dhcp-4.2.5-P1/client/dhclient.conf.5 dhcp-4.2.5-P1.oden/client/dhclient.conf.5
--- dhcp-4.2.5-P1/client/dhclient.conf.5 2013-03-05 19:26:51.000000000 +0100
+++ dhcp-4.2.5-P1.oden/client/dhclient.conf.5 2013-03-28 11:55:37.131387053 +0100
@@ -202,7 +202,8 @@
options. Only the option names should be specified in the request
statement - not option parameters. By default, the DHCPv4 client
requests the subnet-mask, broadcast-address, time-offset, routers,
-domain-name, domain-name-servers and host-name options while the DHCPv6
+domain-search, domain-name, domain-name-servers, host-name, nis-domain,
+nis-servers, ntp-servers and interface-mtu options while the DHCPv6
client requests the dhcp6 name-servers and domain-search options. Note
that if you enter a \'request\' statement, you over-ride these defaults
and these options will not be requested.
@@ -713,7 +714,7 @@
supersede domain-search "fugue.com", "rc.vix.com", "home.vix.com";
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
- domain-name, domain-name-servers, host-name;
+ domain-search, domain-name, domain-name-servers, host-name;
require subnet-mask, domain-name-servers;
script "CLIENTBINDIR/dhclient-script";
media "media 10baseT/UTP", "media 10base2/BNC";

118
dhcp.spec
View file

@ -1,16 +1,18 @@
%define major_version 4.3.2 %define major_version 4.4.1
%define patch_version %{nil} %define patch_version %{nil}
%define var_dhcpd %{_var}/lib/dhcpd
%define var_dhclient %{_var}/lib/dhclient
Name: dhcp Name: dhcp
Epoch: 3 Epoch: 3
Version: %{major_version}%{patch_version} Version: %{major_version}%{patch_version}
Release: 7 Release: 4
Summary: The ISC DHCP (Dynamic Host Configuration Protocol) server/relay agent/client Summary: The ISC DHCP (Dynamic Host Configuration Protocol) server/relay agent/client
License: Distributable License: Distributable
Group: System/Servers Group: System/Servers
URL: http://www.isc.org/software/dhcp URL: http://www.isc.org/software/dhcp
Source0: ftp://ftp.isc.org/isc/%{name}/%{major_version}%{patch_version}/%{name}-%{major_version}%{patch_version}.tar.gz Source0: ftp://ftp.isc.org/isc/%{name}/%{major_version}%{patch_version}/%{name}-%{major_version}%{patch_version}.tar.gz
Source1: ftp://ftp.isc.org/isc/%{name}/%{major_version}%{patch_version}/%{name}-%{major_version}%{patch_version}.tar.gz.sha512.asc #Source1: ftp://ftp.isc.org/isc/%{name}/%{major_version}%{patch_version}/%{name}-%{major_version}%{patch_version}.tar.gz.sha512.asc
Source2: dhcpd.conf Source2: dhcpd.conf
Source4: dhcp-dynamic-dns-examples.tar.bz2 Source4: dhcp-dynamic-dns-examples.tar.bz2
Source7: dhcpreport.pl Source7: dhcpreport.pl
@ -24,25 +26,29 @@ Source16: dhcrelay.service
Source17: dhcpd.tmpfiles Source17: dhcpd.tmpfiles
Source18: dhclient.tmpfiles Source18: dhclient.tmpfiles
Source19: dhcrelay.tmpfiles Source19: dhcrelay.tmpfiles
# mageia patches # sysusers.d(5) (systemd-sysusers)
Patch100: dhcp-4.2.2-ifup.patch Source20: isc-dhcpd.conf
#Patch101: dhcp-4.2.2-fix-format-errors.patch # I see it applied in the source already #Source21: isc-dhcp-client.conf
# prevents needless deassociation, working around mdv bug #43441 # Per-interface dhclient service from Arch Linux (modified)
Patch102: dhcp-4.1.1-prevent_wireless_deassociation.patch Source22: dhclient@.service
Patch103: dhcp-4.2.5-P1-man.patch Source100: ROSA-NEWS
# fedora patches
Patch7: dhcp-4.2.0-default-requested-options.patch
#Patch8: dhcp-4.2.2-xen-checksum.patch # fixed in upstream since 4.3.2
Patch15: dhcp-4.2.2-missing-ipv6-not-fatal.patch
Patch17: dhcp-4.2.0-add_timeout_when_NULL.patch Patch17: dhcp-4.2.0-add_timeout_when_NULL.patch
Patch18: dhcp-4.3.0-64_bit_lease_parse.patch Patch18: dhcp-4.3.0-64_bit_lease_parse.patch
BuildRequires: bind-devel Patch19: Arch-0002-iproute2.patch
# Starting from dhcp 4.x built in Bind libs are used
#BuildRequires: bind-devel
BuildRequires: groff-base BuildRequires: groff-base
BuildRequires: groff-for-man BuildRequires: groff-for-man
BuildRequires: libtool BuildRequires: libtool
BuildRequires: openldap-devel BuildRequires: openldap-devel
BuildRequires: systemd-units BuildRequires: systemd-units
# --with-ldap-gssapi
BuildRequires: krb5-devel
BuildRequires: pkgconfig(libcap-ng)
Requires(post,preun): rpm-helper Requires(post,preun): rpm-helper
Requires: bash
%description %description
DHCP (Dynamic Host Configuration Protocol) is a protocol which allows DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
@ -151,50 +157,44 @@ Requires(pre): openldap-config
%prep %prep
%setup -q -n %{name}-%{major_version}%{patch_version} %setup -q -n %{name}-%{major_version}%{patch_version}
%patch100 -p1 -b .ifup #%setup
#patch101 -p1 -b .format_not_a_string_literal_and_no_format_arguments pushd bind ; tar -xvf bind.tar.gz >/dev/null ; popd
%patch102 -p1 -b .prevent_wireless_deassociation
%patch103 -p1 -b .man
# Add NIS domain, NIS servers, NTP servers, interface-mtu and domain-search
# to the list of default requested DHCP options
%patch7 -p1 -b .requested
# Handle Xen partial UDP checksums
#patch8 -p1 -b .xen
# If the ipv6 kernel module is missing, do not segfault
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19367])
%patch15 -p1 -b .noipv6
# Handle cases in add_timeout() where the function is called with a NULL # Handle cases in add_timeout() where the function is called with a NULL
# value for the 'when' parameter # value for the 'when' parameter
%patch17 -p1 -b .dracut %patch17 -p1 -b .dracut
# Ensure 64-bit platforms parse lease file dates & times correctly # Ensure 64-bit platforms parse lease file dates & times correctly
%patch18 -p1 -b .64-bit_lease_parse %patch18 -p1 -b .64-bit_lease_parse
# change ipconfig to modern ip (from Arch)
install -m0644 %{SOURCE10} doc %patch19 -p1
# change hardcoded paths from /sbin/dhc* to /usr/sbin/dhc*, if there are any
sed -i 'includes/dhcpd.h' -e 's,\"/sbin/dhc,\"/usr/sbin/dhc,g' || true
%build %build
%serverbuild_hardened %serverbuild_hardened
%configure2_5x \ %configure2_5x \
--enable-paranoia \ --with-srv-lease-file=%{var_dhcpd}/dhcpd.leases \
--enable-early-chroot \ --with-srv6-lease-file=%{var_dhcpd}/dhcpd6.leases \
--with-ldapcrypto \ --with-cli-lease-file=%{var_dhclient}/dhclient.leases \
--with-srv-lease-file=%{_var}/lib/dhcpd/dhcpd.leases \ --with-cli6-lease-file=%{var_dhclient}/dhclient6.leases \
--with-srv6-lease-file=%{_var}/lib/dhcpd/dhcpd6.leases \
--with-cli-lease-file=%{_var}/lib/dhclient/dhclient.leases \
--with-cli6-lease-file=%{_var}/lib/dhclient/dhclient6.leases \
--with-srv-pid-file=/run/dhcpd/dhcpd.pid \ --with-srv-pid-file=/run/dhcpd/dhcpd.pid \
--with-srv6-pid-file=/run/dhcpd/dhcpd6.pid \ --with-srv6-pid-file=/run/dhcpd/dhcpd6.pid \
--with-cli-pid-file=/run/dhclient/dhclient.pid \ --with-cli-pid-file=/run/dhclient/dhclient.pid \
--with-cli6-pid-file=/run/dhclient/dhclient6.pid \ --with-cli6-pid-file=/run/dhclient/dhclient6.pid \
--with-relay-pid-file=/run/dhcrelay/dhcrelay.pid \ --with-relay-pid-file=/run/dhcrelay/dhcrelay.pid \
--disable-static --enable-paranoia \
%make --enable-early-chroot \
--with-ldap \
--with-ldapcrypto \
--with-ldap-gssapi
make
%install %install
%makeinstall_std %makeinstall_std
# Install correct dhclient-script install -m0644 %{SOURCE10} doc
install -m0644 %{SOURCE100} ROSA-NEWS
install -d %{buildroot}/sbin install -d %{buildroot}/sbin
mv %{buildroot}%{_sbindir}/dhclient %{buildroot}/sbin/dhclient mv %{buildroot}%{_sbindir}/dhclient %{buildroot}/sbin/dhclient
install -m 755 client/scripts/linux %{buildroot}/sbin/dhclient-script install -m 755 client/scripts/linux %{buildroot}/sbin/dhclient-script
@ -203,11 +203,16 @@ install -d %{buildroot}%{_unitdir}
install -m 644 %{SOURCE12} %{buildroot}%{_unitdir}/dhcpd.service install -m 644 %{SOURCE12} %{buildroot}%{_unitdir}/dhcpd.service
install -m 644 %{SOURCE14} %{buildroot}%{_unitdir}/dhcpd6.service install -m 644 %{SOURCE14} %{buildroot}%{_unitdir}/dhcpd6.service
install -m 644 %{SOURCE16} %{buildroot}%{_unitdir}/dhcrelay.service install -m 644 %{SOURCE16} %{buildroot}%{_unitdir}/dhcrelay.service
install -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/
install -D -p -m 644 %{SOURCE17} %{buildroot}%{_tmpfilesdir}/dhcpd.conf install -D -p -m 644 %{SOURCE17} %{buildroot}%{_tmpfilesdir}/dhcpd.conf
install -D -p -m 644 %{SOURCE18} %{buildroot}%{_tmpfilesdir}/dhclient.conf install -D -p -m 644 %{SOURCE18} %{buildroot}%{_tmpfilesdir}/dhclient.conf
install -D -p -m 644 %{SOURCE19} %{buildroot}%{_tmpfilesdir}/dhcrelay.conf install -D -p -m 644 %{SOURCE19} %{buildroot}%{_tmpfilesdir}/dhcrelay.conf
install -d %{buildroot}%{_sysusersdir}
install -m 644 %{SOURCE20} %{buildroot}%{_sysusersdir}/
#install -m 644 %{SOURCE21} %{buildroot}%{_sysusersdir}/
install -m 755 %{SOURCE7} %{SOURCE8} %{buildroot}%{_sbindir} install -m 755 %{SOURCE7} %{SOURCE8} %{buildroot}%{_sbindir}
install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir} install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}
install -m 755 contrib/ldap/dhcpd-conf-to-ldap %{buildroot}%{_sbindir} install -m 755 contrib/ldap/dhcpd-conf-to-ldap %{buildroot}%{_sbindir}
@ -223,7 +228,7 @@ cat > %{buildroot}%{_sysconfdir}/sysconfig/dhcpd <<EOF
# CONFIGFILE="/etc/dhcpd.conf" # CONFIGFILE="/etc/dhcpd.conf"
# Where to store the lease state information. # Where to store the lease state information.
# LEASEFILE="/var/lib/dhcpd/dhcpd.leases" # LEASEFILE="%{var_dhcpd}/dhcpd.leases"
# Define INTERFACES to limit which network interfaces dhcpd listens on. # Define INTERFACES to limit which network interfaces dhcpd listens on.
# The default null value causes dhcpd to listen on all interfaces. # The default null value causes dhcpd to listen on all interfaces.
@ -234,11 +239,6 @@ cat > %{buildroot}%{_sysconfdir}/sysconfig/dhcpd <<EOF
OPTIONS="-q" OPTIONS="-q"
EOF EOF
install -d %{buildroot}%{_var}/lib/dhcpd
touch %{buildroot}%{_var}/lib/dhcpd/dhcpd.leases
install -d %{buildroot}%{_var}/lib/dhclient
touch %{buildroot}%{_var}/lib/dhclient/dhclient.leases
cat > %{buildroot}%{_sysconfdir}/sysconfig/dhcrelay <<EOF cat > %{buildroot}%{_sysconfdir}/sysconfig/dhcrelay <<EOF
# Define SERVERS with a list of one or more DHCP servers where # Define SERVERS with a list of one or more DHCP servers where
# DHCP packets are to be relayed to and from. This is mandatory. # DHCP packets are to be relayed to and from. This is mandatory.
@ -283,16 +283,14 @@ include %{_sysconfdir}/openldap/schema/dhcp.schema
EOF EOF
%pre server
%_pre_useradd dhcpd /dev/null /bin/false
%post server %post server
%_post_service dhcpd %_post_service dhcpd
%tmpfiles_create dhcpd.conf %tmpfiles_create dhcpd.conf
# New dhcpd lease file %sysusers_create isc-dhcpd.conf
if [ ! -f %{_var}/lib/dhcpd/dhcpd.leases ]; then # migrate from root:root as it was before ROSA package v4.4.1
touch %{_var}/lib/dhcpd/dhcpd.leases # create this directory if it does not esist and then chmod it to allow dhcpd to work properly
fi [ ! -d %{var_dhcpd}/ ] && mkdir -p %{var_dhcpd}/
[ -d %{var_dhcpd} ] && chown -R isc-dhcpd:isc-dhcpd %{var_dhcpd}/
%preun server %preun server
%_preun_service dhcpd %_preun_service dhcpd
@ -305,14 +303,18 @@ fi
%_preun_service dhcrelay %_preun_service dhcrelay
%post client %post client
touch %{_var}/lib/dhclient/dhclient.leases # migrate from root:root as it was before ROSA package v4.4.1
# create this directory if it does not esist and then chmod it to allow dhcpd to work properly
[ ! -d %{var_dhclient}/ ] && mkdir -p %{var_dhclient}/
%tmpfiles_create dhclient.conf %tmpfiles_create dhclient.conf
%postun client %postun server
rm -rf %{_var}/lib/dhclient/dhclient.leases # Migrate from dhcpd user created by scripts
# to a dynamic user by systemd-sysusers
%_postun_userdel dhcpd 2>&1 >/dev/null || true
%files common %files common
%doc README contrib/ldap/README.ldap RELNOTES %doc README ROSA-NEWS contrib/ldap/README.ldap RELNOTES
%doc contrib/3.0b1-lease-convert %doc contrib/3.0b1-lease-convert
%{_mandir}/man5/dhcp-options.5* %{_mandir}/man5/dhcp-options.5*
@ -338,8 +340,7 @@ rm -rf %{_var}/lib/dhclient/dhclient.leases
%{_mandir}/man5/dhcpd.leases.5* %{_mandir}/man5/dhcpd.leases.5*
%{_mandir}/man5/dhcp-eval.5* %{_mandir}/man5/dhcp-eval.5*
%{_mandir}/man8/dhcpd.8* %{_mandir}/man8/dhcpd.8*
%dir %{_var}/lib/dhcpd %config %{_sysusersdir}/isc-dhcpd.conf
%config(noreplace) %ghost %{_var}/lib/dhcpd/dhcpd.leases
%files relay %files relay
%{_unitdir}/dhcrelay.service %{_unitdir}/dhcrelay.service
@ -352,13 +353,12 @@ rm -rf %{_var}/lib/dhclient/dhclient.leases
%doc client/dhclient.conf.example %doc client/dhclient.conf.example
%attr (0755,root,root) /sbin/dhclient-script %attr (0755,root,root) /sbin/dhclient-script
%{_tmpfilesdir}/dhclient.conf %{_tmpfilesdir}/dhclient.conf
%{_unitdir}/dhclient@.service
/sbin/dhclient /sbin/dhclient
%{_mandir}/man5/dhclient.conf.5* %{_mandir}/man5/dhclient.conf.5*
%{_mandir}/man5/dhclient.leases.5* %{_mandir}/man5/dhclient.leases.5*
%{_mandir}/man8/dhclient.8* %{_mandir}/man8/dhclient.8*
%{_mandir}/man8/dhclient-script.8* %{_mandir}/man8/dhclient-script.8*
%dir %{_var}/lib/dhclient
%config(noreplace) %ghost %{_var}/lib/dhclient/dhclient.leases
%files devel %files devel
%{_includedir}/* %{_includedir}/*

24
dhcpd.service
View file

@ -1,13 +1,33 @@
[Unit] [Unit]
Description=DHCPv4 Server Daemon Description=DHCPv4 Server Daemon
After=syslog.target network.target ldap.service Documentation=man:dhcpd(8) man:dhcpd.conf(5)
Wants=network-online.target
# ldap.service: probably LDAP server starts first and dhcpd must start providing DHCP server only after LDAP has started to use LDAP for IP addresses (?)
After=network-online.target time-sync.target ldap.service
[Service] [Service]
Environment=CONFIGFILE=/etc/dhcpd.conf LEASEFILE=/var/lib/dhcpd/dhcpd.leases Environment=CONFIGFILE=/etc/dhcpd.conf LEASEFILE=/var/lib/dhcpd/dhcpd.leases
EnvironmentFile=-/etc/sysconfig/dhcpd EnvironmentFile=-/etc/sysconfig/dhcpd
Type=forking Type=forking
PIDFile=/run/dhcpd/dhcpd.pid
ExecStart=/usr/sbin/dhcpd -pf /run/dhcpd/dhcpd.pid -cf $CONFIGFILE -lf $LEASEFILE $OPTIONS $INTERFACES ExecStart=/usr/sbin/dhcpd -pf /run/dhcpd/dhcpd.pid -cf $CONFIGFILE -lf $LEASEFILE $OPTIONS $INTERFACES
PIDFile=/run/dhcpd/dhcpd.pid
User=isc-dhcpd
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN
# not ProtectSystem=full because we need a writable leases file in /var
ProtectSystem=true
ProtectHome=true
KillSignal=SIGINT
# We pull in network-online.target for a configured network connection.
# However this is not guaranteed to be the network connection our
# networks are configured for. So try to restart on failure with a delay
# of two seconds. Rate limiting kicks in after 12 seconds.
RestartSec=2s
Restart=on-failure
StartLimitInterval=12s
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
# This unit file in based on ROSA's unit file and Arch's
# https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/dhcp

2
dhcpd.tmpfiles
View file

@ -1 +1 @@
d /run/dhcpd 755 root root d /run/dhcpd 755 isc-dhcpd isc-dhcpd

32
dhcpd6.service
View file

@ -1,13 +1,33 @@
[Unit] [Unit]
Description=DHCPv6 Server Daemon Description=DHCPv4 Server Daemon
After=syslog.target network.target Documentation=man:dhcpd(8) man:dhcpd.conf(5)
Wants=network-online.target
# ldap.service: probably LDAP server starts first and dhcpd must start providing DHCP server only after LDAP has started to use LDAP for IP addresses (?)
After=network-online.target time-sync.target ldap.service
[Service] [Service]
Environment=CONFIGFILE=/etc/dhcpd6.conf LEASEFILE=/var/lib/dhcp/dhcpd6.leases Environment=CONFIGFILE=/etc/dhcpd6.conf LEASEFILE=/var/lib/dhcpd/dhcpd6.leases
EnvironmentFile=-/etc/sysconfig/dhcpd6 EnvironmentFile=-/etc/sysconfig/dhcpd
Type=forking Type=forking
PIDFile=/var/run/dhcpd6.pid ExecStart=/usr/sbin/dhcpd -6 -pf /run/dhcpd/dhcpd6.pid -cf $CONFIGFILE -lf $LEASEFILE $OPTIONS $INTERFACES
ExecStart=/usr/sbin/dhcpd -6 -pf /var/run/dhcpd6.pid -cf $CONFIGFILE -lf $LEASEFILE $OPTIONS $INTERFACES PIDFile=/run/dhcpd/dhcpd6.pid
User=isc-dhcpd
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN
# not ProtectSystem=full because we need a writable leases file in /var
ProtectSystem=true
ProtectHome=true
KillSignal=SIGINT
# We pull in network-online.target for a configured network connection.
# However this is not guaranteed to be the network connection our
# networks are configured for. So try to restart on failure with a delay
# of two seconds. Rate limiting kicks in after 12 seconds.
RestartSec=2s
Restart=on-failure
StartLimitInterval=12s
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
# This unit file in based on ROSA's unit file and Arch's
# https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/dhcp

4
isc-dhcp-client.conf Normal file
View file

@ -0,0 +1,4 @@
# The shell is /sbin/nologin
u isc-dhcp-client - "ISC DHCP client user" /
g isc-dhcp-client - "ISC DHCP client group"
m isc-dhcp-client isc-dhcp-client

4
isc-dhcpd.conf Normal file
View file

@ -0,0 +1,4 @@
# The shell is /sbin/nologin
u isc-dhcpd - "ISC DHCP daemon user" /
g isc-dhcpd - "ISC DHCP daemon group"
m isc-dhcpd isc-dhcpd