diff options
61 files changed, 3390 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..058678a --- /dev/null +++ b/debian/changelog @@ -0,0 +1,404 @@ +isc-kea (2.2.0-6) unstable; urgency=medium + + [ Andreas Hasenack ] + * apparmor: use the apparmor nameservice abstraction. + Use the apparmor nameservice abstraction instead of hand-picked rules. + (Closes: #1033640, #1033639) + + -- Paride Legovini <paride@debian.org> Mon, 03 Apr 2023 12:48:28 +0200 + +isc-kea (2.2.0-5) unstable; urgency=medium + + [ Paride Legovini ] + * d/control: update to Standards-Version 4.6.2, no changes needed + + [ Andreas Hasenack ] + * d/t/kea-dhcp4.conf.template: retry opening a socket. Sometimes the + `keabr0` bridge used in the DEP8 test takes a while to become ready, and + kea-dhcp4 fails to open a socket on it. Add configuration options to + kea-dhcp4 to retry opening the socket a few times before giving up. + (LP: #2008932) + + -- Athos Ribeiro <athos.ribeiro@canonical.com> Thu, 02 Mar 2023 14:00:17 -0300 + +isc-kea (2.2.0-4) unstable; urgency=medium + + [ Athos Ribeiro ] + * d/rules: use MathJax from libjs-mathjax instead loading from external CDN + + [ Andreas Hasenack ] + * d/t/kea-dhcp4: make the test more robust + - increase dhclient timeout to 60s, and run in verbose mode + - show logs in the case of failure + - set +e inside the cleanup handler + - fix resolv.conf regexp + + -- Athos Ribeiro <athos.ribeiro@canonical.com> Mon, 27 Feb 2023 14:58:26 -0300 + +isc-kea (2.2.0-3) unstable; urgency=medium + + [ Andreas Hasenack ] + * Add apparmor profiles. + - d/control: add build-depends on dh-apparmor + - d/usr.sbin.kea-*: add the profiles + - d/kea-*.install: install the profiles + - d/rules: use dh_apparmor to enable the profiles + * d/tests: Add DEP8 test for kea-dhcp4 + + -- Paride Legovini <paride@debian.org> Fri, 17 Feb 2023 19:59:43 +0100 + +isc-kea (2.2.0-2) unstable; urgency=medium + + [ Athos Ribeiro ] + * d/tests: add simple DEP8 smoke tests + * Set default control sockets location to /run/kea (Closes: #1014929) + (LP: #1863100) + + [ Paride Legovini ] + * d/control: drop dependency on lsb-base (obsolete) + * d/salsa-ci.yml: enable the autopkgtest job + * d/kea-common.*: + - Do not install keactrl. The keactrl script is not systemd-aware and not + installed by the upstream .deb packages. Remove it from the Debian + packaging + - Leave handling of /var/*/kea directories to systemd. No need to create + them in packaging as the systemd units will automatically create them + with the right ownership and permissions + * d/*.service: + - Do not set KEA_LOGGER_DESTINATION. The variable is meant to tell the + daemons where to log *before* their config files are loaded. If unset + the default is stdout, which works well with systemd + - Do not set KEA_PIDFILE_DIR. What we set it to corresponds to the + defaults. The documentation says that KEA_PIDFILE_DIR "is intended + primarily for testing" + * d/rules: use the systemd journal for logging (Closes: #1016747) + (LP: #2006522) + * d/kea-doc.README.Debian: document how logging is done by default + * d/tests/smoke-tests: check location of PID and lock files + + -- Athos Ribeiro <athos.ribeiro@canonical.com> Tue, 14 Feb 2023 11:24:58 -0300 + +isc-kea (2.2.0-1) unstable; urgency=medium + + * New upstream version 2.2.0. + Thanks to Daniel Baumann (Closes: #1016109) + * debian/patches: + - 0002-kea_admin_fix.patch: refresh patch + - 0007-keyctrl-colored-ddns-status.patch: drop patch (fixed upstream) + - 0009-disable-database-tests.patch: refresh patch + - 0010-build-libco-when-gtest-is-not-enabled: drop patch (fixed upstream) + - 0011-sphinx-set-language.patch: drop patch (fixed upstream) + * d/kea-doc.doc-base: register documentation to doc-base + * Lintian overrides: + - *.lintian-overrides: adapt to "pointed hints" syntax + - kea-admin.l-o: bash-term-in-posix-shell (false positives) + - d/kea-doc.l-o: add overrides for sphinx installed fonts. + + font-in-non-font-package [usr/share/doc/kea/html/_static/fonts/*] + + font-outside-font-dir [usr/share/doc/kea/html/_static/fonts/*] + * d/copyright: remove file patterns made unnecessary by new release + * d/salsa-ci.yml: add salsa CI + + -- Paride Legovini <paride@debian.org> Tue, 02 Aug 2022 12:16:45 +0000 + +isc-kea (2.0.2-3) unstable; urgency=medium + + * d/rules: configure: specify the Python site packages location. + Related changes: + - d/python3-kea-connector.install: update paths accordingly + Thanks to Kilian Krause (Closes: #1014995) + + -- Paride Legovini <paride@debian.org> Wed, 20 Jul 2022 16:03:19 +0000 + +isc-kea (2.0.2-2) unstable; urgency=medium + + * d/patches: explicitly set the sphinx doc language. + Needed for compatibility with Sphinx 5.0. New patch: + - d/p/0011-sphinx-set-language.patch (Closes: #1013407) + * d/control: bump Standards-Version to 4.6.1, no changes needed + * d/gbp.conf: debian-branch = debian/unstable (DEP-14) + * d/gbp.conf: enable use of pristine-tar + * d/watch.include-odd-versions: alternative watch file. + Also covers the odd-numbered (= devel) upstream releases. + + -- Paride Legovini <paride@debian.org> Sun, 26 Jun 2022 14:48:25 +0000 + +isc-kea (2.0.2-1) unstable; urgency=medium + + * New upstream version 2.0.2 + + -- Paride Legovini <paride@debian.org> Mon, 07 Mar 2022 21:13:17 +0000 + +isc-kea (2.0.1-2) unstable; urgency=medium + + * Upload to Debian unstable + * wrap-and-sort -bast (cosmetic) + + -- Paride Legovini <paride@debian.org> Sun, 30 Jan 2022 19:39:09 +0100 + +isc-kea (2.0.1-1) experimental; urgency=medium + + * New upstream version 2.0.1 (Closes: #954768, #973641) + * d/watch: fix search path and only match stable versions (Closes: #974611) + * d/u/signing-key.asc: replace with new key for 2021-2022. + * d/control: + - Update Standards-Version to 4.6.0 (no changes needed) + - Switch to dh compat level 13 + - Set Rules-Requires-Root: no + - Drop ORed dependency on obsolete libmysqlclient-dev + - Add python3-kea-connector dependency to kea-ctrl-agent + - Build-Depend on procps (test dependency) + - Drop Section: libs for kea-common (fallback to Section: net) + - Minor cosmetic changes to the descriptions + * d/rules: + - Don't pass --as-needed to ld (it's now the default) + - Drop explicit `dh_missing --fail-missing` (default in dh 13) + - Drop useless override_dh_auto_make target + - Drop override_dh_clean (not needed) + - Use execute_after_* targets where appropriate + - Do not ignore the test results + - Drop unnecessary $@ in override_dh_auto_configure + - Disable out-of-source building (dh -B) + - Set localstatedir to /var (Closes: #959149) + - Delete __pycache__ recursively + - Don't delete keactrl.8 + - Drop `dh_installdocs -A`: it prevents using a main doc package + - Build perfdhcp (configure flag: --enable-perfdhcp) + * d/patches: + - 0001-support_kfreebsd: refresh patch + - 0002-kea_admin_fix: refresh patch + - 0003-Use-runstatedir-for-pid-file-location.patch: drop, fixed upstream + - d/p/0004-Put-KEA_LOCKFILE_DIR-to-runstatedir.patch: drop patch. + Replaced by setting the KEA_LOCKFILE_DIR environment variable. + - 0007-keyctrl-colored-ddns-status.patch: add patch + - 0009-disable-database-tests.patch: add patch. + Skip the database tests (problematic to run in automation). + - 0010-build-libco-when-gtest-is-not-enabled.patch: add patch. + Fix test suite fails if Kea is built without gtest. + - Always use the .patch extension for uniformity + * d/docs: drop file, replaced by kea-doc.docs + * d/kea-doc.install: drop file, replaced by d/kea-doc.docs + * d/kea-admin.install: install perfdhcp + * d/*.install: move manpages to d/*.manpages + * d/kea-common.manpages: install keactrl.8 + * d/kea-doc.docs: + - Add CONTRIBUTING.md + - Install the API reference + * d/not-installed: refresh list of not-installed files + * d/s/lintian-overrides: override very-long-line-length-in-source-file + * d/kea-common.l-o: override script-not-executable etc/kea/keactrl.conf. + Has a shebang but it's meant to be sourced, not executed. + * d/u/metadata: add upstream metadata file + * d/copyright: + - Add Canonical Ltd. for debian/* + - Drop references to nonexisting files + * d/control: add Paride Legovini to Uploaders + + -- Paride Legovini <paride@debian.org> Thu, 27 Jan 2022 12:27:23 +0100 + +isc-kea (1.7.5-1) unstable; urgency=medium + + * Bump dh compat to 12, bump debian standard to 4.5.0 + (dh_compat v11 is broken and should not be used) + * New upstream version 1.7.5 + * Security issues fixed since 1.5.0-2: + + CVE-2019-6472: A packet containing a malformed DUID can cause the + kea-dhcp6 server to terminate + + CVE-2019-6473: An invalid hostname option can cause the kea-dhcp4 + server to terminate + + CVE-2019-6474: An oversight when validating incoming client requests + can lead to a situation where the Kea server will exit when trying to + restart + * Add python3-sphinx and python3-sphinx-rtd-theme to Build-Depends to + build the documentation + * Adjust installed files + * Add 'kea' metapackage that depends on all server components of Kea + * Fix more ISC KEA -> Kea naming + * Cleanup the lintian warnings + + -- Ondřej Surý <ondrej@debian.org> Mon, 23 Mar 2020 11:11:05 +0100 + +isc-kea (1.5.0-2) unstable; urgency=medium + + [ Jason Guy ] + * Stop deleting _kea user and group on postrm for security + * Drop debhelper compat to v11; v12 adds dependency on init-system-helpers + (>=1.52), and stretch uses 1.48. + + [ Badreddin Aboubakr ] + * Fix systemd service file & create group kea + * Fix maintaner scripts to handle the _kea group (Closes: #924105) + + [ Michal Nowikowski ] + * Fixed names of referenced services in WantedBy fields + + -- Ondřej Surý <ondrej@sury.org> Wed, 12 Jun 2019 16:11:11 +0200 + +isc-kea (1.5.0-1) unstable; urgency=medium + + [ Ondřej Surý ] + * New upstream version 1.5.0 (Closes: #916288) + * Update d/watch to use better mangling and https:// URL + * Update ISC signing key + * Bump debhelper compat level to v12 + * Fix some default paths to use runstatedir + * Create a non-privileged user _kea and run the Kea services under that user + (Closes: #910671) + * Add the netconf stuff to d/not-installed + * Greatly simplify d/copyright (Closes: #905214) + * Fix dpkg-statoverride usage in maintscripts + * Add adduser to kea-common Depends + * Add Pre-Depends: ${misc:Pre-Depends} for systemd Pre-Depends + * DHCPv4 daemon also needs CAP_NET_RAW + * It's Kea, not ISC KEA; fix the .service files + + [ Yuval Freund ] + * Fix python dep issue. (Closes: #905977, #908491) + + [ Badreddin Aboubakr ] + * Fix systemd Unit Files + + Change lock directory (systemd nesting issue) + + Quote RuntimeDirectory + + Remove "LogsDirectory" and "LogsDirectoryMode" (they are not + supported in systemd 232) + + [ Jason Guy ] + * Added a new patch to fix the kea-admin script. + * Fixed the postrm script (Closes: #905421) + + -- Ondřej Surý <ondrej@debian.org> Mon, 25 Feb 2019 12:12:36 +0000 + +isc-kea (1.4.0.P1-5) unstable; urgency=medium + + * Non-maintainer upload. + * Added a missing python3 dependency (Closes: #905977) + * Fixed kea-ctrl-agent dependency (Closes: #908491) + * Fixed kea-common postrm script (Closes: #905421) + * Fixed state directories (Closes: #910671) + * Fixed copyright (Closes: #905214) + * Cleaned up quilt patches. + + -- Jason Guy <jason.e.guy@gmail.com> Sun, 16 Dec 2018 19:31:18 -0500 + +isc-kea (1.4.0.P1-3) unstable; urgency=medium + + [ Ondřej Surý ] + * Install keactrl binary and manpage to kea-common package + * Make package backportable to Ubuntu Trusty that doesn't have + debian/not-installed support yet + * Tighten the permissions on the /run/lock/kea, /var/log/kea and + /var/lib/kea directory + * Merge little bits from Jason in d/control and d/rules + * Cleanup install files + + [ Jason Guy ] + * Added missing files. + * Minor fixes to the lockfile paths. + + [ Adam Majer ] + * Update ISC signing key for 2017-2018 + * Add python3-kea-connector and kea-ctrl-agent files + + -- Ondřej Surý <ondrej@debian.org> Mon, 16 Jul 2018 15:53:56 +0000 + +isc-kea (1.4.0.P1-2) unstable; urgency=medium + + * Add alternative dependency for default-libmysqlclient-dev to make + backporting easier + * Re-enable mysql and pgsql backends + + -- Ondřej Surý <ondrej@debian.org> Sat, 14 Jul 2018 12:14:40 +0000 + +isc-kea (1.4.0.P1-1) unstable; urgency=medium + + * New upstream version 1.4.0.P1 + + [CVE-2018-5739]: failure to release memory may exhaust system + resources (Closes: #903729) + + -- Ondřej Surý <ondrej@debian.org> Sat, 14 Jul 2018 08:51:37 +0000 + +isc-kea (1.4.0-2) experimental; urgency=medium + + * New upstream version 1.4.0 (Closes: #874501, #874501) + * Update Maintainer, Uploaders and Vcs-* Links + * Use --fail-missing to catch files not installed which should be + * Update bug numbers in d/changelog + * Add kea-admin binary into kea-admin package (Closes: #851712) + * Install hooks in kea-common package and kea-ctrl-agent into kea-utils + package + * Move kea-ctrl-agent to kea-admin package + + -- Ondřej Surý <ondrej@debian.org> Fri, 13 Jul 2018 20:00:33 +0000 + +isc-kea (1.4.0-1) experimental; urgency=medium + + * New upstream version 1.4.0 (Closes: #874501, #874501) + * Rebase patches on top of Kea 1.4 + * Use upstream conffiles + * Run d/ through wrap-and-sort -a + add dh-autoconf + * Enable autoreconf + * Don't install *.spec files + + -- Ondřej Surý <ondrej@debian.org> Fri, 13 Jul 2018 18:42:25 +0000 + +isc-kea (1.1.0-1) unstable; urgency=medium + + * New upstream version 1.1.0 (closes: #844536) + + support PostgreSQL and MySQL for host reservation for both + DHCPv4 and DHCPv6 + + allows MySQL and PostgreSQL host reservations databases + to operate in read-only mode + + extends host reservations capabilities based on specific + DHCP options. + + expanded client classification system + + DHCPv4-over-DHCPv6 - RFC7341 + * builds with default mysql library (closes: #845856) + * debian/patches: + - fix_gcc6 - removed, upstreamed + - openssl1.1 - add OpenSSL 1.1 support (closes: #828356) + + -- Adam Majer <adamm@zombino.com> Sun, 27 Nov 2016 23:07:17 +0100 + +isc-kea (1.0.0-4) unstable; urgency=medium + + * debian/rules: + + Disable warnings being treated as errors during compilation. + This fixes compilation with GCC 6.0 and Kea's use of + auto_ptr which trigger depreciation warning (closes: #831123) + * debian/patches/fix_gcc6: + + fix compilation with gcc6 C++14 + + -- Adam Majer <adamm@zombino.com> Mon, 25 Jul 2016 22:23:36 +0200 + +isc-kea (1.0.0-3) unstable; urgency=medium + + * debian/patches/support_kfreebsd: + + Add support for kFreeBSD - detect it as FreeBSD + * debian/watch: + + Only detect X.Y.Z* version formats + + Sort beta and other candidates before final release + + Verify upstream GPG signature + * debian/control: + + Remove dependency on Botan. Use OpenSSL instead. + * debian/rules: + + Disable dependency tracking for faster build + + Fix typo in configure script + * Updated .service files to start KEA services only after + network is up and time has been synced. + * Update Standard to 3.9.7. No changes. + + -- Adam Majer <adamm@zombino.com> Thu, 03 Mar 2016 20:49:02 -0600 + +isc-kea (1.0.0-2) unstable; urgency=medium + + * debian/copyright: + + Explicitly list more embedded boost headers + * debian/control: + + Do not require specific PostgreSQL version (closes: #814323) + + -- Adam Majer <adamm@zombino.com> Fri, 26 Feb 2016 13:37:51 -0600 + +isc-kea (1.0.0-1) unstable; urgency=low + + * Initial release (Closes: #759703) + + -- Adam Majer <adamm@zombino.com> Tue, 19 Jan 2016 13:15:40 -0600 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..d8d1260 --- /dev/null +++ b/debian/control @@ -0,0 +1,175 @@ +Source: isc-kea +Section: net +Priority: optional +Maintainer: Kea <isc-kea@packages.debian.org> +Uploaders: + Adam Majer <adamm@zombino.com>, + Ondřej Surý <ondrej@debian.org>, + Jason Guy <jason.e.guy@gmail.com>, + Paride Legovini <paride@debian.org>, +Build-Depends: + bison, + debhelper-compat (= 13), + default-libmysqlclient-dev, + dh-apparmor, + dh-python, + docbook, + docbook-xsl, + elinks, + flex, + libboost-dev, + libboost-system-dev, + liblog4cplus-dev, + libpq-dev, + libssl-dev, + postgresql-server-dev-all, + procps, + python3-dev, + python3-sphinx, + python3-sphinx-rtd-theme, + xsltproc, +Standards-Version: 4.6.2 +Homepage: http://kea.isc.org/ +Vcs-Git: https://salsa.debian.org/debian/isc-kea.git +Vcs-Browser: https://salsa.debian.org/debian/isc-kea +Rules-Requires-Root: no + +Package: kea +Architecture: all +Depends: + kea-admin, + kea-ctrl-agent, + kea-dhcp-ddns-server, + kea-dhcp4-server, + kea-dhcp6-server, + ${misc:Depends}, +Description: DHCP server [meta] + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium + providing a very high-performance with PostgreSQL, MySQL and memfile backends. + . + This is a metapackage that depends on all server components of Kea. + +Package: kea-admin +Architecture: any +Section: admin +Depends: + kea-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: Administration utilities for Kea DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides backend database initialization and migration + scripts and a DHCP benchmark tool. + +Package: kea-common +Architecture: any +Depends: + adduser, + ${misc:Depends}, + ${shlibs:Depends}, +Description: Common libraries for the Kea DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides common libraries used by Kea servers and utilities. + +Package: kea-ctrl-agent +Architecture: any +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + kea-common (= ${binary:Version}), + python3-kea-connector, + ${misc:Depends}, + ${python3:Depends}, + ${shlibs:Depends}, +Suggests: + kea-doc, +Description: REST API service for Kea DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides the REST API service agent for Kea DHCP. + +Package: kea-dev +Architecture: any +Section: devel +Depends: + kea-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Description: Development headers for Kea DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides headers and static libraries of the common Kea + libraries, including libdhcp++. + +Package: kea-dhcp-ddns-server +Architecture: any +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + kea-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Suggests: + kea-doc, +Description: DHCP Dynamic DNS service + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides Dynamic DNS service to update DNS mapping based on + DHCP lease events. + +Package: kea-dhcp4-server +Architecture: any +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + kea-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Suggests: + kea-doc, +Description: IPv4 DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium + providing a very high-performance with PostgreSQL, MySQL and memfile backends. + . + This package provides the IPv4 DHCP server. + +Package: kea-dhcp6-server +Architecture: any +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + kea-common (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Suggests: + kea-doc, +Description: IPv6 DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium + providing a very high-performance with PostgreSQL, MySQL and memfile backends. + . + This package provides the IPv6 DHCP server. + +Package: kea-doc +Architecture: all +Section: doc +Depends: + ${misc:Depends}, +Recommends: + libjs-mathjax, +Description: Documentation for Kea DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides documentation for the DHCP servers. + +Package: python3-kea-connector +Architecture: all +Section: python +Depends: + ${misc:Depends}, + ${python3:Depends}, +Description: Python3 management connector for Kea DHCP server + Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. + . + This package provides Python3 connector. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..8cb8cd3 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,408 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ + +Files: * +Copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC") +License: MPL-2.0 + +Files: debian/* +Copyright: 2016-2018, Adam Majer <adamm@zombino.com> + 2017-2018, Jason Guy (jason.e.guy@gmail.com) + 2018-2019, Internet Systems Consortium, Inc. + 2022, Canonical Ltd. +License: MPL-2.0 + +Files: src/bin/agent/agent_parser.cc + src/bin/agent/agent_parser.h + src/bin/agent/location.hh + src/bin/d2/d2_parser.cc + src/bin/d2/d2_parser.h + src/bin/d2/location.hh + src/bin/dhcp4/dhcp4_parser.cc + src/bin/dhcp4/dhcp4_parser.h + src/bin/dhcp4/location.hh + src/bin/dhcp6/dhcp6_parser.cc + src/bin/dhcp6/dhcp6_parser.h + src/bin/dhcp6/location.hh + src/lib/eval/location.hh + src/lib/eval/parser.cc + src/lib/eval/parser.h +Copyright: 2002-2015, Free Software Foundation, Inc. +License: GPL-3+-with-bison-exception + +Files: src/lib/util/encode/* +Copyright: 2002, Robert Ramey - http:www.rrsd.com . +License: BSL-1.0 + +License: GPL-3+-with-bison-exception + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 3 dated June, 2007, or (at + your option) any later version. + . + As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + . + On Debian systems, the complete text of version 3 of the GNU General + Public License can be found in '/usr/share/common-licenses/GPL-3'. + +License: MPL-2.0 + . + Mozilla Public License Version 2.0 + ================================== + . + 1. Definitions + -------------- + 1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + 1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + 1.3. "Contribution" + means Covered Software of a particular Contributor. + 1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + 1.5. "Incompatible With Secondary Licenses" + means + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + 1.6. "Executable Form" + means any form of the work other than Source Code Form. + 1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + 1.8. "License" + means this document. + 1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + 1.10. "Modifications" + means any of the following: + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + (b) any new file in Source Code Form that contains any Covered + Software. + 1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + 1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + 1.13. "Source Code Form" + means the form of the work preferred for making modifications. + 1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + . + 2. License Grants and Conditions + -------------------------------- + 2.1. Grants + Each Contributor hereby grants You a world-wide, royalty-free, + non-exclusive license: + (a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + (b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + . + 2.2. Effective Date + The licenses granted in Section 2.1 with respect to any Contribution + become effective for each Contribution on the date the Contributor first + distributes such Contribution. + . + 2.3. Limitations on Grant Scope + The licenses granted in this Section 2 are the only rights granted under + this License. No additional rights or licenses will be implied from the + distribution or licensing of Covered Software under this License. + Notwithstanding Section 2.1(b) above, no patent license is granted by a + Contributor: + (a) for any code that a Contributor has removed from Covered Software; + or + (b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + (c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + This License does not grant any rights in the trademarks, service marks, + or logos of any Contributor (except as may be necessary to comply with + the notice requirements in Section 3.4). + . + 2.4. Subsequent Licenses + No Contributor makes additional grants as a result of Your choice to + distribute the Covered Software under a subsequent version of this + License (see Section 10.2) or under the terms of a Secondary License (if + permitted under the terms of Section 3.3). + . + 2.5. Representation + Each Contributor represents that the Contributor believes its + Contributions are its original creation(s) or it has sufficient rights + to grant the rights to its Contributions conveyed by this License. + . + 2.6. Fair Use + This License is not intended to limit any rights You have under + applicable copyright doctrines of fair use, fair dealing, or other + equivalents. + . + 2.7. Conditions + Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted + in Section 2.1. + . + 3. Responsibilities + ------------------- + 3.1. Distribution of Source Form + All distribution of Covered Software in Source Code Form, including any + Modifications that You create or to which You contribute, must be under + the terms of this License. You must inform recipients that the Source + Code Form of the Covered Software is governed by the terms of this + License, and how they can obtain a copy of this License. You may not + attempt to alter or restrict the recipients' rights in the Source Code + Form. + . + 3.2. Distribution of Executable Form + If You distribute Covered Software in Executable Form then: + (a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + (b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + 3.3. Distribution of a Larger Work + You may create and distribute a Larger Work under terms of Your choice, + provided that You also comply with the requirements of this License for + the Covered Software. If the Larger Work is a combination of Covered + Software with a work governed by one or more Secondary Licenses, and the + Covered Software is not Incompatible With Secondary Licenses, this + License permits You to additionally distribute such Covered Software + under the terms of such Secondary License(s), so that the recipient of + the Larger Work may, at their option, further distribute the Covered + Software under the terms of either this License or such Secondary + License(s). + . + 3.4. Notices + You may not remove or alter the substance of any license notices + (including copyright notices, patent notices, disclaimers of warranty, + or limitations of liability) contained within the Source Code Form of + the Covered Software, except that You may alter any license notices to + the extent required to remedy known factual inaccuracies. + . + 3.5. Application of Additional Terms + You may choose to offer, and to charge a fee for, warranty, support, + indemnity or liability obligations to one or more recipients of Covered + Software. However, You may do so only on Your own behalf, and not on + behalf of any Contributor. You must make it absolutely clear that any + such warranty, support, indemnity, or liability obligation is offered by + You alone, and You hereby agree to indemnify every Contributor for any + liability incurred by such Contributor as a result of warranty, support, + indemnity or liability terms You offer. You may include additional + disclaimers of warranty and limitations of liability specific to any + jurisdiction. + . + 4. Inability to Comply Due to Statute or Regulation + --------------------------------------------------- + . + If it is impossible for You to comply with any of the terms of this + License with respect to some or all of the Covered Software due to + statute, judicial order, or regulation then You must: (a) comply with + the terms of this License to the maximum extent possible; and (b) + describe the limitations and the code they affect. Such description must + be placed in a text file included with all distributions of the Covered + Software under this License. Except to the extent prohibited by statute + or regulation, such description must be sufficiently detailed for a + recipient of ordinary skill to be able to understand it. + . + 5. Termination + -------------- + . + 5.1. The rights granted under this License will terminate automatically + if You fail to comply with any of its terms. However, if You become + compliant, then the rights granted under this License from a particular + Contributor are reinstated (a) provisionally, unless and until such + Contributor explicitly and finally terminates Your grants, and (b) on an + ongoing basis, if such Contributor fails to notify You of the + non-compliance by some reasonable means prior to 60 days after You have + come back into compliance. Moreover, Your grants from a particular + Contributor are reinstated on an ongoing basis if such Contributor + notifies You of the non-compliance by some reasonable means, this is the + first time You have received notice of non-compliance with this License + from such Contributor, and You become compliant prior to 30 days after + Your receipt of the notice. + . + 5.2. If You initiate litigation against any entity by asserting a patent + infringement claim (excluding declaratory judgment actions, + counter-claims, and cross-claims) alleging that a Contributor Version + directly or indirectly infringes any patent, then the rights granted to + You by any and all Contributors for the Covered Software under Section + 2.1 of this License shall terminate. + . + 5.3. In the event of termination under Sections 5.1 or 5.2 above, all + end user license agreements (excluding distributors and resellers) which + have been validly granted by You or Your distributors under this License + prior to termination shall survive termination. + . + ************************************************************************ + * * + * 6. Disclaimer of Warranty * + * ------------------------- * + * * + * Covered Software is provided under this License on an "as is" * + * basis, without warranty of any kind, either expressed, implied, or * + * statutory, including, without limitation, warranties that the * + * Covered Software is free of defects, merchantable, fit for a * + * particular purpose or non-infringing. The entire risk as to the * + * quality and performance of the Covered Software is with You. * + * Should any Covered Software prove defective in any respect, You * + * (not any Contributor) assume the cost of any necessary servicing, * + * repair, or correction. This disclaimer of warranty constitutes an * + * essential part of this License. No use of any Covered Software is * + * authorized under this License except under this disclaimer. * + * * + ************************************************************************ + . + ************************************************************************ + * * + * 7. Limitation of Liability * + * -------------------------- * + * * + * Under no circumstances and under no legal theory, whether tort * + * (including negligence), contract, or otherwise, shall any * + * Contributor, or anyone who distributes Covered Software as * + * permitted above, be liable to You for any direct, indirect, * + * special, incidental, or consequential damages of any character * + * including, without limitation, damages for lost profits, loss of * + * goodwill, work stoppage, computer failure or malfunction, or any * + * and all other commercial damages or losses, even if such party * + * shall have been informed of the possibility of such damages. This * + * limitation of liability shall not apply to liability for death or * + * personal injury resulting from such party's negligence to the * + * extent applicable law prohibits such limitation. Some * + * jurisdictions do not allow the exclusion or limitation of * + * incidental or consequential damages, so this exclusion and * + * limitation may not apply to You. * + * * + ************************************************************************ + . + 8. Litigation + ------------- + Any litigation relating to this License may be brought only in the + courts of a jurisdiction where the defendant maintains its principal + place of business and such litigation shall be governed by laws of that + jurisdiction, without reference to its conflict-of-law provisions. + Nothing in this Section shall prevent a party's ability to bring + cross-claims or counter-claims. + . + 9. Miscellaneous + ---------------- + This License represents the complete agreement concerning the subject + matter hereof. If any provision of this License is held to be + unenforceable, such provision shall be reformed only to the extent + necessary to make it enforceable. Any law or regulation which provides + that the language of a contract shall be construed against the drafter + shall not be used to construe this License against a Contributor. + . + 10. Versions of the License + --------------------------- + . + 10.1. New Versions + Mozilla Foundation is the license steward. Except as provided in Section + 10.3, no one other than the license steward has the right to modify or + publish new versions of this License. Each version will be given a + distinguishing version number. + . + 10.2. Effect of New Versions + You may distribute the Covered Software under the terms of the version + of the License under which You originally received the Covered Software, + or under the terms of any subsequent version published by the license + steward. + . + 10.3. Modified Versions + If you create software not governed by this License, and you want to + create a new license for such software, you may create and use a + modified version of this License if you rename the license and remove + any references to the name of the license steward (except to note that + such modified license differs from this License). + . + 10.4. Distributing Source Code Form that is Incompatible With Secondary + Licenses + . + If You choose to distribute Source Code Form that is Incompatible With + Secondary Licenses under the terms of this version of the License, the + notice described in Exhibit B of this License must be attached. + . + Exhibit A - Source Code Form License Notice + ------------------------------------------- + . + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + . + If it is not possible or desirable to put the notice in a particular + file, then You may include the notice in a location (such as a LICENSE + file in a relevant directory) where a recipient would be likely to look + for such a notice. + . + You may add additional accurate notices of copyright ownership. + . + Exhibit B - "Incompatible With Secondary Licenses" Notice + --------------------------------------------------------- + . + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. + +License: BSL-1.0 + Boost Software License - Version 1.0 - August 17th, 2003 + . + Permission is hereby granted, free of charge, to any person or organization + obtaining a copy of the software and accompanying documentation covered by + this license (the "Software") to use, reproduce, display, distribute, + execute, and transmit the Software, and to prepare derivative works of the + Software, and to permit third-parties to whom the Software is furnished to + do so, all subject to the following: + . + The copyright notices in the Software and this entire statement, including + the above license grant, this restriction and the following disclaimer, + must be included in all copies of the Software, in whole or in part, and + all derivative works of the Software, unless such copies or derivative + works are solely in the form of machine-executable object code generated by + a source language processor. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT + SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE + FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE. diff --git a/debian/copyright-scan-patterns.yml b/debian/copyright-scan-patterns.yml new file mode 100644 index 0000000..3592d24 --- /dev/null +++ b/debian/copyright-scan-patterns.yml @@ -0,0 +1,33 @@ +--- +check: + suffixes: + - asm + - lua + - nqp + - s + - template +ignore: + pattern: + - /debian/ + - Makefile + - AUTHORS + - README + - ChangeLog + - INSTALL + - MANIFEST + - /config(.guess|ure|ure.ac|.h.in|.sub) + suffixes: + - generic + - rst + - jpg + - yml + - png + - dia + - o + - htm + - html + - txt + - install + - M + - in + diff --git a/debian/fill.copyright.blanks.yml b/debian/fill.copyright.blanks.yml new file mode 100644 index 0000000..b1c7e8e --- /dev/null +++ b/debian/fill.copyright.blanks.yml @@ -0,0 +1,18 @@ +--- +src/hooks/* : + copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC") + license: MPL-2.0 +doc/* : + copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC") + license: MPL-2.0 +src/lib/dhcpsrv/cache_host_data_source.h : + copyright: 2018, Internet Systems Consortium, Inc. ("ISC") + license: MPL-2.0 +ext/* : + copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC") + license: MPL-2.0 +m4macros/* : + copyright: 1994-2013, Free Software Foundation, Inc. + license: MPL-2.0 + + diff --git a/debian/fix.scanned.copyright b/debian/fix.scanned.copyright new file mode 100644 index 0000000..2f1c741 --- /dev/null +++ b/debian/fix.scanned.copyright @@ -0,0 +1,368 @@ +! License:"MPL-2.0" + text=" + Mozilla Public License Version 2.0 + ================================== + . + 1. Definitions + -------------- + 1.1. \"Contributor\" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + 1.2. \"Contributor Version\" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + 1.3. \"Contribution\" + means Covered Software of a particular Contributor. + 1.4. \"Covered Software\" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + 1.5. \"Incompatible With Secondary Licenses\" + means + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + 1.6. \"Executable Form\" + means any form of the work other than Source Code Form. + 1.7. \"Larger Work\" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + 1.8. \"License\" + means this document. + 1.9. \"Licensable\" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + 1.10. \"Modifications\" + means any of the following: + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + (b) any new file in Source Code Form that contains any Covered + Software. + 1.11. \"Patent Claims\" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + 1.12. \"Secondary License\" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + 1.13. \"Source Code Form\" + means the form of the work preferred for making modifications. + 1.14. \"You\" (or \"Your\") + means an individual or a legal entity exercising rights under this + License. For legal entities, \"You\" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, \"control\" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + . + 2. License Grants and Conditions + -------------------------------- + 2.1. Grants + Each Contributor hereby grants You a world-wide, royalty-free, + non-exclusive license: + (a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + (b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + . + 2.2. Effective Date + The licenses granted in Section 2.1 with respect to any Contribution + become effective for each Contribution on the date the Contributor first + distributes such Contribution. + . + 2.3. Limitations on Grant Scope + The licenses granted in this Section 2 are the only rights granted under + this License. No additional rights or licenses will be implied from the + distribution or licensing of Covered Software under this License. + Notwithstanding Section 2.1(b) above, no patent license is granted by a + Contributor: + (a) for any code that a Contributor has removed from Covered Software; + or + (b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + (c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + This License does not grant any rights in the trademarks, service marks, + or logos of any Contributor (except as may be necessary to comply with + the notice requirements in Section 3.4). + . + 2.4. Subsequent Licenses + No Contributor makes additional grants as a result of Your choice to + distribute the Covered Software under a subsequent version of this + License (see Section 10.2) or under the terms of a Secondary License (if + permitted under the terms of Section 3.3). + . + 2.5. Representation + Each Contributor represents that the Contributor believes its + Contributions are its original creation(s) or it has sufficient rights + to grant the rights to its Contributions conveyed by this License. + . + 2.6. Fair Use + This License is not intended to limit any rights You have under + applicable copyright doctrines of fair use, fair dealing, or other + equivalents. + . + 2.7. Conditions + Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted + in Section 2.1. + . + 3. Responsibilities + ------------------- + 3.1. Distribution of Source Form + All distribution of Covered Software in Source Code Form, including any + Modifications that You create or to which You contribute, must be under + the terms of this License. You must inform recipients that the Source + Code Form of the Covered Software is governed by the terms of this + License, and how they can obtain a copy of this License. You may not + attempt to alter or restrict the recipients' rights in the Source Code + Form. + . + 3.2. Distribution of Executable Form + If You distribute Covered Software in Executable Form then: + (a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + (b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + 3.3. Distribution of a Larger Work + You may create and distribute a Larger Work under terms of Your choice, + provided that You also comply with the requirements of this License for + the Covered Software. If the Larger Work is a combination of Covered + Software with a work governed by one or more Secondary Licenses, and the + Covered Software is not Incompatible With Secondary Licenses, this + License permits You to additionally distribute such Covered Software + under the terms of such Secondary License(s), so that the recipient of + the Larger Work may, at their option, further distribute the Covered + Software under the terms of either this License or such Secondary + License(s). + . + 3.4. Notices + You may not remove or alter the substance of any license notices + (including copyright notices, patent notices, disclaimers of warranty, + or limitations of liability) contained within the Source Code Form of + the Covered Software, except that You may alter any license notices to + the extent required to remedy known factual inaccuracies. + . + 3.5. Application of Additional Terms + You may choose to offer, and to charge a fee for, warranty, support, + indemnity or liability obligations to one or more recipients of Covered + Software. However, You may do so only on Your own behalf, and not on + behalf of any Contributor. You must make it absolutely clear that any + such warranty, support, indemnity, or liability obligation is offered by + You alone, and You hereby agree to indemnify every Contributor for any + liability incurred by such Contributor as a result of warranty, support, + indemnity or liability terms You offer. You may include additional + disclaimers of warranty and limitations of liability specific to any + jurisdiction. + . + 4. Inability to Comply Due to Statute or Regulation + --------------------------------------------------- + . + If it is impossible for You to comply with any of the terms of this + License with respect to some or all of the Covered Software due to + statute, judicial order, or regulation then You must: (a) comply with + the terms of this License to the maximum extent possible; and (b) + describe the limitations and the code they affect. Such description must + be placed in a text file included with all distributions of the Covered + Software under this License. Except to the extent prohibited by statute + or regulation, such description must be sufficiently detailed for a + recipient of ordinary skill to be able to understand it. + . + 5. Termination + -------------- + . + 5.1. The rights granted under this License will terminate automatically + if You fail to comply with any of its terms. However, if You become + compliant, then the rights granted under this License from a particular + Contributor are reinstated (a) provisionally, unless and until such + Contributor explicitly and finally terminates Your grants, and (b) on an + ongoing basis, if such Contributor fails to notify You of the + non-compliance by some reasonable means prior to 60 days after You have + come back into compliance. Moreover, Your grants from a particular + Contributor are reinstated on an ongoing basis if such Contributor + notifies You of the non-compliance by some reasonable means, this is the + first time You have received notice of non-compliance with this License + from such Contributor, and You become compliant prior to 30 days after + Your receipt of the notice. + . + 5.2. If You initiate litigation against any entity by asserting a patent + infringement claim (excluding declaratory judgment actions, + counter-claims, and cross-claims) alleging that a Contributor Version + directly or indirectly infringes any patent, then the rights granted to + You by any and all Contributors for the Covered Software under Section + 2.1 of this License shall terminate. + . + 5.3. In the event of termination under Sections 5.1 or 5.2 above, all + end user license agreements (excluding distributors and resellers) which + have been validly granted by You or Your distributors under this License + prior to termination shall survive termination. + . + ************************************************************************ + * * + * 6. Disclaimer of Warranty * + * ------------------------- * + * * + * Covered Software is provided under this License on an \"as is\" * + * basis, without warranty of any kind, either expressed, implied, or * + * statutory, including, without limitation, warranties that the * + * Covered Software is free of defects, merchantable, fit for a * + * particular purpose or non-infringing. The entire risk as to the * + * quality and performance of the Covered Software is with You. * + * Should any Covered Software prove defective in any respect, You * + * (not any Contributor) assume the cost of any necessary servicing, * + * repair, or correction. This disclaimer of warranty constitutes an * + * essential part of this License. No use of any Covered Software is * + * authorized under this License except under this disclaimer. * + * * + ************************************************************************ + . + ************************************************************************ + * * + * 7. Limitation of Liability * + * -------------------------- * + * * + * Under no circumstances and under no legal theory, whether tort * + * (including negligence), contract, or otherwise, shall any * + * Contributor, or anyone who distributes Covered Software as * + * permitted above, be liable to You for any direct, indirect, * + * special, incidental, or consequential damages of any character * + * including, without limitation, damages for lost profits, loss of * + * goodwill, work stoppage, computer failure or malfunction, or any * + * and all other commercial damages or losses, even if such party * + * shall have been informed of the possibility of such damages. This * + * limitation of liability shall not apply to liability for death or * + * personal injury resulting from such party's negligence to the * + * extent applicable law prohibits such limitation. Some * + * jurisdictions do not allow the exclusion or limitation of * + * incidental or consequential damages, so this exclusion and * + * limitation may not apply to You. * + * * + ************************************************************************ + . + 8. Litigation + ------------- + Any litigation relating to this License may be brought only in the + courts of a jurisdiction where the defendant maintains its principal + place of business and such litigation shall be governed by laws of that + jurisdiction, without reference to its conflict-of-law provisions. + Nothing in this Section shall prevent a party's ability to bring + cross-claims or counter-claims. + . + 9. Miscellaneous + ---------------- + This License represents the complete agreement concerning the subject + matter hereof. If any provision of this License is held to be + unenforceable, such provision shall be reformed only to the extent + necessary to make it enforceable. Any law or regulation which provides + that the language of a contract shall be construed against the drafter + shall not be used to construe this License against a Contributor. + . + 10. Versions of the License + --------------------------- + . + 10.1. New Versions + Mozilla Foundation is the license steward. Except as provided in Section + 10.3, no one other than the license steward has the right to modify or + publish new versions of this License. Each version will be given a + distinguishing version number. + . + 10.2. Effect of New Versions + You may distribute the Covered Software under the terms of the version + of the License under which You originally received the Covered Software, + or under the terms of any subsequent version published by the license + steward. + . + 10.3. Modified Versions + If you create software not governed by this License, and you want to + create a new license for such software, you may create and use a + modified version of this License if you rename the license and remove + any references to the name of the license steward (except to note that + such modified license differs from this License). + . + 10.4. Distributing Source Code Form that is Incompatible With Secondary + Licenses + . + If You choose to distribute Source Code Form that is Incompatible With + Secondary Licenses under the terms of this version of the License, the + notice described in Exhibit B of this License must be attached. + . + Exhibit A - Source Code Form License Notice + ------------------------------------------- + . + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + . + If it is not possible or desirable to put the notice in a particular + file, then You may include the notice in a location (such as a LICENSE + file in a relevant directory) where a recipient would be likely to look + for such a notice. + . + You may add additional accurate notices of copyright ownership. + . + Exhibit B - \"Incompatible With Secondary Licenses\" Notice + --------------------------------------------------------- + . + This Source Code Form is \"Incompatible With Secondary Licenses\", as + defined by the Mozilla Public License, v. 2.0." + +! License:"BSL-1.0" + text=" + Boost Software License - Version 1.0 - August 17th, 2003 + . + Permission is hereby granted, free of charge, to any person or organization + obtaining a copy of the software and accompanying documentation covered by + this license (the \"Software\") to use, reproduce, display, distribute, + execute, and transmit the Software, and to prepare derivative works of the + Software, and to permit third-parties to whom the Software is furnished to + do so, all subject to the following: + . + The copyright notices in the Software and this entire statement, including + the above license grant, this restriction and the following disclaimer, + must be included in all copies of the Software, in whole or in part, and + all derivative works of the Software, unless such copies or derivative + works are solely in the form of machine-executable object code generated by + a source language processor. + . + THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT + SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE + FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE." + +! Files:"*" + Copyright="2010-2018, Internet Systems Consortium, Inc. (\"ISC\")" + License short_name="MPL-2.0" + +! Files:"debian/*" + Copyright="2016-2018, Adam Majer <adamm@zombino.com> / 2017-2018, Jason Guy (jason.e.guy@gmail.com) / 2018-2018, Internet Systems Consortium, Inc." + License short_name="MPL-2.0" + +! Files:"src/lib/util/encode/*" + Copyright="2002, Robert Ramey - http:www.rrsd.com ." + License short_name="BSL-1.0" + diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..ed04da0 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,4 @@ +[DEFAULT] +debian-branch = debian/unstable +pristine-tar = True +pristine-tar-commit = True diff --git a/debian/kea-admin.install b/debian/kea-admin.install new file mode 100644 index 0000000..9117487 --- /dev/null +++ b/debian/kea-admin.install @@ -0,0 +1,3 @@ +usr/sbin/kea-admin +usr/sbin/perfdhcp +usr/share/kea/scripts diff --git a/debian/kea-admin.lintian-overrides b/debian/kea-admin.lintian-overrides new file mode 100644 index 0000000..8500cf7 --- /dev/null +++ b/debian/kea-admin.lintian-overrides @@ -0,0 +1,2 @@ +kea-admin: script-not-executable [usr/share/kea/scripts/*] +kea-admin: bash-term-in-posix-shell diff --git a/debian/kea-admin.manpages b/debian/kea-admin.manpages new file mode 100644 index 0000000..342d39e --- /dev/null +++ b/debian/kea-admin.manpages @@ -0,0 +1,2 @@ +usr/share/man/man8/kea-admin.8 +usr/share/man/man8/perfdhcp.8 diff --git a/debian/kea-common.install b/debian/kea-common.install new file mode 100644 index 0000000..b7023a0 --- /dev/null +++ b/debian/kea-common.install @@ -0,0 +1,4 @@ +debian/usr.sbin.kea-lfc etc/apparmor.d/ +usr/lib/*/kea/hooks +usr/lib/*/libkea-*.so.* +usr/sbin/kea-lfc diff --git a/debian/kea-common.lintian-overrides b/debian/kea-common.lintian-overrides new file mode 100644 index 0000000..0efd491 --- /dev/null +++ b/debian/kea-common.lintian-overrides @@ -0,0 +1 @@ +kea-common: package-name-doesnt-match-sonames * diff --git a/debian/kea-common.manpages b/debian/kea-common.manpages new file mode 100644 index 0000000..12f0ade --- /dev/null +++ b/debian/kea-common.manpages @@ -0,0 +1 @@ +usr/share/man/man8/kea-lfc.8 diff --git a/debian/kea-common.postinst b/debian/kea-common.postinst new file mode 100644 index 0000000..61957be --- /dev/null +++ b/debian/kea-common.postinst @@ -0,0 +1,39 @@ +#!/bin/sh +# postinst script for kea-common +# +# see: dh_installdeb(1) + +set -e + +case "$1" in + configure) + addgroup --force-badname --system _kea >/dev/null || exit 1 + adduser --force-badname --quiet --system --home /var/lib/kea \ + --shell /bin/false --no-create-home --disabled-password --disabled-login \ + --gecos "Kea DHCP User" --group _kea >/dev/null || exit 1 + + # From version 2.2.0-2 we leave the handling of the /var/log/kea and + # /var/lib/kea directories to systemd (creation and ownership/permissions + # settings). When upgrading from kea-common (< 2.2.0-2) drop the now + # useless dpkg-statoverrides. + if [ "$2" != "" ] && dpkg --compare-versions "$2" lt "2.2.0-2"; then + for d in /var/log/kea /var/lib/kea; do + if dpkg-statoverride --list $d >/dev/null 2>&1; then + dpkg-statoverride --remove $d + fi + done + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/kea-ctrl-agent.init b/debian/kea-ctrl-agent.init new file mode 100644 index 0000000..3219004 --- /dev/null +++ b/debian/kea-ctrl-agent.init @@ -0,0 +1,163 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-ctrl-agent +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Kea DHCP Control Agent for REST Service +# Description: <Enter a long description of the software> +# <...> +# <...> +### END INIT INFO +# Author: Jason Guy <jason.e.guy@gmail.com> +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC=kea-ctrl-agent +NAME=kea-ctrl-agent +DAEMON=kea-ctrl-agent +DAEMON_ARGS="-c /etc/kea/kea-ctrl-agent.conf" +PIDFILE=/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +KEA_PIDFILE_DIR=/run/ +KEA_LOCKFILE_DIR=/run/lock/kea/ +KEA_LOGGER_DESTINATION=/var/log/kea/ + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +create_lockfile_dir() +{ + if [ ! -d "$KEA_LOCKFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_LOCKFILE_DIR" + fi +} + +# +# Function that starts the daemon/service +# +do_start() +{ + create_lockfile_dir + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/kea-ctrl-agent.install b/debian/kea-ctrl-agent.install new file mode 100644 index 0000000..c1184cf --- /dev/null +++ b/debian/kea-ctrl-agent.install @@ -0,0 +1,4 @@ +etc/kea/kea-ctrl-agent.conf +usr/sbin/kea-ctrl-agent +usr/sbin/kea-shell +debian/usr.sbin.kea-ctrl-agent etc/apparmor.d/ diff --git a/debian/kea-ctrl-agent.lintian-overrides b/debian/kea-ctrl-agent.lintian-overrides new file mode 100644 index 0000000..735c4ac --- /dev/null +++ b/debian/kea-ctrl-agent.lintian-overrides @@ -0,0 +1,2 @@ +kea-ctrl-agent: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp4-server.service [lib/systemd/system/kea-ctrl-agent.service] +kea-ctrl-agent: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp6-server.service [lib/systemd/system/kea-ctrl-agent.service] diff --git a/debian/kea-ctrl-agent.manpages b/debian/kea-ctrl-agent.manpages new file mode 100644 index 0000000..ff73f6e --- /dev/null +++ b/debian/kea-ctrl-agent.manpages @@ -0,0 +1,2 @@ +usr/share/man/man8/kea-ctrl-agent.8 +usr/share/man/man8/kea-shell.8 diff --git a/debian/kea-ctrl-agent.service b/debian/kea-ctrl-agent.service new file mode 100644 index 0000000..e3737c1 --- /dev/null +++ b/debian/kea-ctrl-agent.service @@ -0,0 +1,22 @@ +[Unit] +Description=Kea Control Agent +Documentation=man:kea-ctrl-agent(8) +After=network-online.target time-sync.target + +[Service] +User=_kea +Environment="KEA_LOCKFILE_DIR=/run/lock/kea" +ConfigurationDirectory=kea +RuntimeDirectory=kea lock/kea +RuntimeDirectoryPreserve=yes +LogsDirectory=kea +LogsDirectoryMode=0750 +StateDirectory=kea +ExecStart=/usr/sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure + +[Install] +WantedBy=kea-dhcp4-server.service +WantedBy=kea-dhcp6-server.service diff --git a/debian/kea-dev.install b/debian/kea-dev.install new file mode 100644 index 0000000..c32c7a8 --- /dev/null +++ b/debian/kea-dev.install @@ -0,0 +1,2 @@ +usr/include/kea/* +usr/lib/*/libkea-*.so diff --git a/debian/kea-dhcp-ddns-server.init b/debian/kea-dhcp-ddns-server.init new file mode 100644 index 0000000..f3e9d40 --- /dev/null +++ b/debian/kea-dhcp-ddns-server.init @@ -0,0 +1,163 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-dhcp-ddns +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Kea DHCP DDNS Server +# Description: <Enter a long description of the software> +# <...> +# <...> +### END INIT INFO +# Author: Adam Majer <adamm@zombino.com> +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC=kea-dhcp-ddns +NAME=kea-dhcp-ddns +DAEMON=kea-dhcp-ddns +DAEMON_ARGS="-c /etc/kea/kea-dhcp-ddns.conf" +PIDFILE=/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +KEA_PIDFILE_DIR=/run/ +KEA_LOCKFILE_DIR=/run/lock/kea/ +KEA_LOGGER_DESTINATION=/var/log/kea/ + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +create_lockfile_dir() +{ + if [ ! -d "$KEA_LOCKFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_LOCKFILE_DIR" + fi +} + +# +# Function that starts the daemon/service +# +do_start() +{ + create_lockfile_dir + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/kea-dhcp-ddns-server.install b/debian/kea-dhcp-ddns-server.install new file mode 100644 index 0000000..d029623 --- /dev/null +++ b/debian/kea-dhcp-ddns-server.install @@ -0,0 +1,3 @@ +etc/kea/kea-dhcp-ddns.conf +usr/sbin/kea-dhcp-ddns +debian/usr.sbin.kea-dhcp-ddns /etc/apparmor.d/ diff --git a/debian/kea-dhcp-ddns-server.lintian-overrides b/debian/kea-dhcp-ddns-server.lintian-overrides new file mode 100644 index 0000000..a83cf9d --- /dev/null +++ b/debian/kea-dhcp-ddns-server.lintian-overrides @@ -0,0 +1,2 @@ +kea-dhcp-ddns-server: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp4-server.service [lib/systemd/system/kea-dhcp-ddns-server.service] +kea-dhcp-ddns-server: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp6-server.service [lib/systemd/system/kea-dhcp-ddns-server.service] diff --git a/debian/kea-dhcp-ddns-server.manpages b/debian/kea-dhcp-ddns-server.manpages new file mode 100644 index 0000000..4dde921 --- /dev/null +++ b/debian/kea-dhcp-ddns-server.manpages @@ -0,0 +1 @@ +usr/share/man/man8/kea-dhcp-ddns.8 diff --git a/debian/kea-dhcp-ddns-server.service b/debian/kea-dhcp-ddns-server.service new file mode 100644 index 0000000..7975771 --- /dev/null +++ b/debian/kea-dhcp-ddns-server.service @@ -0,0 +1,22 @@ +[Unit] +Description=Kea DDNS Service +Documentation=man:kea-dhcp-ddns(8) +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +User=_kea +AmbientCapabilities=CAP_NET_BIND_SERVICE +Environment="KEA_LOCKFILE_DIR=/run/lock/kea" +ConfigurationDirectory=kea +RuntimeDirectory=kea lock/kea +RuntimeDirectoryPreserve=yes +LogsDirectory=kea +LogsDirectoryMode=0750 +StateDirectory=kea +ExecStart=/usr/sbin/kea-dhcp-ddns -c /etc/kea/kea-dhcp-ddns.conf + +[Install] +WantedBy=kea-dhcp4-server.service +WantedBy=kea-dhcp6-server.service diff --git a/debian/kea-dhcp4-server.init b/debian/kea-dhcp4-server.init new file mode 100644 index 0000000..bcf4ad8 --- /dev/null +++ b/debian/kea-dhcp4-server.init @@ -0,0 +1,163 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-dhcp4-server +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Kea DHCP IPv4 Server +# Description: <Enter a long description of the software> +# <...> +# <...> +### END INIT INFO +# Author: Adam Majer <adamm@zombino.com> +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="kea-dhcp4" +NAME=kea-dhcp4-server +DAEMON=/usr/sbin/kea-dhcp4 +DAEMON_ARGS="-c /etc/kea/kea-dhcp4.conf" +PIDFILE=/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +KEA_PIDFILE_DIR=/run/ +KEA_LOCKFILE_DIR=/run/lock/kea/ +KEA_LOGGER_DESTINATION=/var/log/kea/ + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +create_lockfile_dir() +{ + if [ ! -d "$KEA_LOCKFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_LOCKFILE_DIR" + fi +} + +# +# Function that starts the daemon/service +# +do_start() +{ + create_lockfile_dir + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/kea-dhcp4-server.install b/debian/kea-dhcp4-server.install new file mode 100644 index 0000000..59f61d2 --- /dev/null +++ b/debian/kea-dhcp4-server.install @@ -0,0 +1,3 @@ +etc/kea/kea-dhcp4.conf +usr/sbin/kea-dhcp4 +debian/usr.sbin.kea-dhcp4 /etc/apparmor.d/ diff --git a/debian/kea-dhcp4-server.manpages b/debian/kea-dhcp4-server.manpages new file mode 100644 index 0000000..05225e5 --- /dev/null +++ b/debian/kea-dhcp4-server.manpages @@ -0,0 +1 @@ +usr/share/man/man8/kea-dhcp4.8 diff --git a/debian/kea-dhcp4-server.service b/debian/kea-dhcp4-server.service new file mode 100644 index 0000000..43b70c8 --- /dev/null +++ b/debian/kea-dhcp4-server.service @@ -0,0 +1,21 @@ +[Unit] +Description=Kea IPv4 DHCP daemon +Documentation=man:kea-dhcp4(8) +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +User=_kea +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW +Environment="KEA_LOCKFILE_DIR=/run/lock/kea" +ConfigurationDirectory=kea +RuntimeDirectory=kea lock/kea +RuntimeDirectoryPreserve=yes +LogsDirectory=kea +LogsDirectoryMode=0750 +StateDirectory=kea +ExecStart=/usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf + +[Install] +WantedBy=multi-user.target diff --git a/debian/kea-dhcp6-server.init b/debian/kea-dhcp6-server.init new file mode 100644 index 0000000..0aa0e27 --- /dev/null +++ b/debian/kea-dhcp6-server.init @@ -0,0 +1,163 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-dhcp6-server +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Kea DHCP IPv6 Server +# Description: <Enter a long description of the software> +# <...> +# <...> +### END INIT INFO +# Author: Adam Majer <adamm@zombino.com> +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="kea-dhcp6" +NAME=kea-dhcp6-server +DAEMON=/usr/sbin/kea-dhcp6 +DAEMON_ARGS="-c /etc/kea/kea-dhcp6.conf" +PIDFILE=/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +KEA_PIDFILE_DIR=/run/ +KEA_LOCKFILE_DIR=/run/lock/kea/ +KEA_LOGGER_DESTINATION=/var/log/kea/ + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +create_lockfile_dir() +{ + if [ ! -d "$KEA_LOCKFILE_DIR" ]; then + mkdir -m 0750 -p "$KEA_LOCKFILE_DIR" + fi +} + +# +# Function that starts the daemon/service +# +do_start() +{ + create_lockfile_dir + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/kea-dhcp6-server.install b/debian/kea-dhcp6-server.install new file mode 100644 index 0000000..d22f7a7 --- /dev/null +++ b/debian/kea-dhcp6-server.install @@ -0,0 +1,3 @@ +etc/kea/kea-dhcp6.conf +usr/sbin/kea-dhcp6 +debian/usr.sbin.kea-dhcp6 /etc/apparmor.d/ diff --git a/debian/kea-dhcp6-server.manpages b/debian/kea-dhcp6-server.manpages new file mode 100644 index 0000000..b6c99cb --- /dev/null +++ b/debian/kea-dhcp6-server.manpages @@ -0,0 +1 @@ +usr/share/man/man8/kea-dhcp6.8 diff --git a/debian/kea-dhcp6-server.service b/debian/kea-dhcp6-server.service new file mode 100644 index 0000000..7944a09 --- /dev/null +++ b/debian/kea-dhcp6-server.service @@ -0,0 +1,21 @@ +[Unit] +Description=Kea IPv6 DHCP daemon +Documentation=man:kea-dhcp6(8) +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +User=_kea +AmbientCapabilities=CAP_NET_BIND_SERVICE +Environment="KEA_LOCKFILE_DIR=/run/lock/kea" +ConfigurationDirectory=kea +RuntimeDirectory=kea lock/kea +RuntimeDirectoryPreserve=yes +LogsDirectory=kea +LogsDirectoryMode=0750 +StateDirectory=kea +ExecStart=/usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf + +[Install] +WantedBy=multi-user.target diff --git a/debian/kea-doc.README.Debian b/debian/kea-doc.README.Debian new file mode 100644 index 0000000..03c9d46 --- /dev/null +++ b/debian/kea-doc.README.Debian @@ -0,0 +1,13 @@ +# ISC Kea for Debian + +## Logging + +Following what upstream does with their .deb packaging, the Debian packages by +default log to the systemd journal. If logging to file is desired just edit the +config files and change the loggers "output" to a file under /var/log/kea/, +e.g. for /etc/kea/kea-dhcp4.conf: + + "output": "/var/log/kea/kea-dhcp4.log" + +The systemd units automatically create the /var/log/kea/ right ownership and +permissions. diff --git a/debian/kea-doc.doc-base b/debian/kea-doc.doc-base new file mode 100644 index 0000000..e403e79 --- /dev/null +++ b/debian/kea-doc.doc-base @@ -0,0 +1,11 @@ +Document: kea +Title: Kea Administrator Reference Manual +Author: Internet Systems Consortium +Abstract: This is the reference guide for Kea, an open source implementation + of the Dynamic Host Configuration Protocol (DHCP) servers, developed and + maintained by Internet Systems Consortium (ISC). +Section: System/Administration + +Format: HTML +Files: /usr/share/doc/kea/html/* +Index: /usr/share/doc/kea/html/index.html diff --git a/debian/kea-doc.docs b/debian/kea-doc.docs new file mode 100644 index 0000000..df73e67 --- /dev/null +++ b/debian/kea-doc.docs @@ -0,0 +1,3 @@ +CONTRIBUTING.md +usr/share/doc/kea/* +usr/share/kea/api diff --git a/debian/kea-doc.lintian-overrides b/debian/kea-doc.lintian-overrides new file mode 100644 index 0000000..6e30f23 --- /dev/null +++ b/debian/kea-doc.lintian-overrides @@ -0,0 +1,3 @@ +kea-doc: embedded-javascript-library * +kea-doc: font-in-non-font-package [usr/share/doc/kea/html/_static/fonts/*] +kea-doc: font-outside-font-dir [usr/share/doc/kea/html/_static/fonts/*] diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 0000000..045263b --- /dev/null +++ b/debian/not-installed @@ -0,0 +1,4 @@ +usr/share/man/man8/kea-netconf.8 +usr/sbin/keactrl +usr/share/man/man8/keactrl.8 +etc/kea/keactrl.conf diff --git a/debian/patches/0001-support_kfreebsd.patch b/debian/patches/0001-support_kfreebsd.patch new file mode 100644 index 0000000..f262959 --- /dev/null +++ b/debian/patches/0001-support_kfreebsd.patch @@ -0,0 +1,28 @@ +From: Adam Majer <adamm@zombino.com> +Date: Fri, 13 Jul 2018 17:06:51 +0000 +Subject: support_kfreebsd + +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/configure.ac ++++ b/configure.ac +@@ -454,7 +454,7 @@ + [AC_MSG_RESULT([OS X >= 10.9]) + kea_undefined_pthread_behavior=yes]) + ;; +-*-freebsd*) ++*-freebsd*|*-kfreebsd*) + # On FreeBSD10.1 pthread_cond_destroy doesn't work as documented, which + # causes the CondVarTest.destroyWhileWait test to fail. According to the + # pthread_cond_destroy documentation for FreeBSD, this function should +@@ -552,7 +552,7 @@ + BSD_TYPE="OSX" + CPPFLAGS="$CPPFLAGS -DOS_BSD" + ;; +- *-freebsd*) ++ *-freebsd*|*-kfreebsd*) + AC_DEFINE([OS_BSD], [1], [Running on BSD?]) + AC_DEFINE([OS_FREEBSD], [1], [Running on FreeBSD?]) + OS_TYPE="BSD" diff --git a/debian/patches/0002-kea_admin_fix.patch b/debian/patches/0002-kea_admin_fix.patch new file mode 100644 index 0000000..99ec4ed --- /dev/null +++ b/debian/patches/0002-kea_admin_fix.patch @@ -0,0 +1,20 @@ +From: Kea <isc-kea@packages.debian.org> +Date: Tue, 19 Feb 2019 12:39:35 +0000 +Subject: kea_admin_fix + +Removed the fallback to the build version of kea-admin since it will not exist on users hosts. +--- + src/bin/admin/kea-admin.in | 2 -- + 1 file changed, 2 deletions(-) + +--- a/src/bin/admin/kea-admin.in ++++ b/src/bin/admin/kea-admin.in +@@ -50,8 +50,6 @@ + # Include the installed admin-utils.sh if available. Fallback to sources otherwise. + if test -d "@datarootdir@/@PACKAGE_NAME@"; then + . "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh" +-else +- . "@abs_top_srcdir@/src/bin/admin/admin-utils.sh" + fi + + # Find the installed kea-lfc if available. Fallback to sources otherwise. diff --git a/debian/patches/0009-disable-database-tests.patch b/debian/patches/0009-disable-database-tests.patch new file mode 100644 index 0000000..ec12c0c --- /dev/null +++ b/debian/patches/0009-disable-database-tests.patch @@ -0,0 +1,26 @@ +Description: Skip the database tests + The MySQL and PostgreSQL tests require a server with username, + password and tables setup for the test, see doc/devel/unit-tests.dox. + There's no way to instruct the build system to skip specific tests, + so let's disable them with a patch. +Forwarded: not-needed +Author: Paride Legovini <paride.legovini@canonical.com> +Last-Update: 2020-12-03 +--- a/src/bin/admin/tests/mysql_tests.sh.in ++++ b/src/bin/admin/tests/mysql_tests.sh.in +@@ -1,4 +1,6 @@ + #!/bin/sh ++echo "SKIPPING MYSQL TEST" ++exit 0 + + # Copyright (C) 2014-2022 Internet Systems Consortium, Inc. ("ISC") + # +--- a/src/bin/admin/tests/pgsql_tests.sh.in ++++ b/src/bin/admin/tests/pgsql_tests.sh.in +@@ -1,4 +1,6 @@ + #!/bin/sh ++echo "SKIPPING POSTGRESQL TEST" ++exit 0 + + # Copyright (C) 2015-2022 Internet Systems Consortium, Inc. ("ISC") + # diff --git a/debian/patches/0010-set-control-sockets-location.patch b/debian/patches/0010-set-control-sockets-location.patch new file mode 100644 index 0000000..f8be1d3 --- /dev/null +++ b/debian/patches/0010-set-control-sockets-location.patch @@ -0,0 +1,116 @@ +From: Athos Ribeiro <athos.ribeiro@canonical.com> +Date: Mon, 13 Feb 2023 16:20:18 -0300 +Subject: d/rules: set the default location for control sockets to /run/kea + +The default config files place the control sockets in /tmp, which is +insecure. Mangle the config files to place the sockets under _kea-owned +/run/kea instead. + +Patch originally submitted by Paride Legovini in +https://salsa.debian.org/debian/isc-kea/-/merge_requests/15. + +Last-Update: 2023-02-13 +Bug: https://gitlab.isc.org/isc-projects/kea/-/issues/2495 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014929 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/1863100 +--- + src/bin/keactrl/kea-ctrl-agent.conf.pre | 6 +++--- + src/bin/keactrl/kea-dhcp-ddns.conf.pre | 2 +- + src/bin/keactrl/kea-dhcp4.conf.pre | 2 +- + src/bin/keactrl/kea-dhcp6.conf.pre | 2 +- + src/bin/keactrl/kea-netconf.conf.pre | 4 ++-- + 5 files changed, 8 insertions(+), 8 deletions(-) + +--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre ++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre +@@ -32,15 +32,15 @@ + "control-sockets": { + "dhcp4": { + "socket-type": "unix", +- "socket-name": "/tmp/kea4-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket" + }, + "dhcp6": { + "socket-type": "unix", +- "socket-name": "/tmp/kea6-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket" + }, + "d2": { + "socket-type": "unix", +- "socket-name": "/tmp/kea-ddns-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea-ddns-ctrl-socket" + } + }, + +--- a/src/bin/keactrl/kea-dhcp-ddns.conf.pre ++++ b/src/bin/keactrl/kea-dhcp-ddns.conf.pre +@@ -23,7 +23,7 @@ + "port": 53001, + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea-ddns-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea-ddns-ctrl-socket" + }, + "tsig-keys": [], + "forward-ddns" : {}, +--- a/src/bin/keactrl/kea-dhcp4.conf.pre ++++ b/src/bin/keactrl/kea-dhcp4.conf.pre +@@ -49,7 +49,7 @@ + // more. For detailed description, see Sections 8.8, 16 and 15. + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea4-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket" + }, + + // Use Memfile lease database backend to store leases in a CSV file. +--- a/src/bin/keactrl/kea-dhcp6.conf.pre ++++ b/src/bin/keactrl/kea-dhcp6.conf.pre +@@ -43,7 +43,7 @@ + // description, see Sections 9.12, 16 and 15. + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea6-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket" + }, + + // Use Memfile lease database backend to store leases in a CSV file. +--- a/src/bin/keactrl/kea-netconf.conf.pre ++++ b/src/bin/keactrl/kea-netconf.conf.pre +@@ -30,13 +30,13 @@ + "dhcp4": { + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea4-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket" + } + }, + "dhcp6": { + "control-socket": { + "socket-type": "unix", +- "socket-name": "/tmp/kea6-ctrl-socket" ++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket" + } + } + }, +--- a/tools/path_replacer.sh.in ++++ b/tools/path_replacer.sh.in +@@ -28,13 +28,17 @@ + localstatedir="@localstatedir@" + exec_prefix="@exec_prefix@" + libdir="@libdir@" ++runstatedir="@runstatedir@" ++PACKAGE="@PACKAGE@" + + echo "Replacing \@prefix\@ with ${prefix}" + echo "Replacing \@libdir\@ with ${libdir}" + echo "Replacing \@sysconfdir\@ with ${sysconfdir}" + echo "Replacing \@localstatedir\@ with ${localstatedir}" ++echo "Replacing \@runstatedir\@ with ${runstatedir}" ++echo "Replacing \@PACKAGE\@ with ${PACKAGE}" + + echo "Input file: $1" + echo "Output file: $2" + +-sed -e "s@SEP@\@libdir\@@SEP@${libdir}@SEP@g; s@SEP@\@localstatedir\@@SEP@${localstatedir}@SEP@g; s@SEP@\@prefix\@@SEP@${prefix}@SEP@g; s@SEP@\@sysconfdir\@@SEP@${sysconfdir}@SEP@g" "${1}" > "${2}" ++sed -e "s@SEP@\@libdir\@@SEP@${libdir}@SEP@g; s@SEP@\@localstatedir\@@SEP@${localstatedir}@SEP@g; s@SEP@\@prefix\@@SEP@${prefix}@SEP@g; s@SEP@\@sysconfdir\@@SEP@${sysconfdir}@SEP@g; s@SEP@\@runstatedir\@@SEP@${runstatedir}@SEP@g; s@SEP@\@PACKAGE\@@SEP@${PACKAGE}@SEP@g" "${1}" > "${2}" diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..841ddad --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,4 @@ +0001-support_kfreebsd.patch +0002-kea_admin_fix.patch +0009-disable-database-tests.patch +0010-set-control-sockets-location.patch diff --git a/debian/python3-kea-connector.install b/debian/python3-kea-connector.install new file mode 100644 index 0000000..d0b8f74 --- /dev/null +++ b/debian/python3-kea-connector.install @@ -0,0 +1,2 @@ +usr/lib/python3/dist-packages/kea/kea_conn.py +usr/lib/python3/dist-packages/kea/kea_connector3.py diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..7982c6e --- /dev/null +++ b/debian/rules @@ -0,0 +1,58 @@ +#!/usr/bin/make -f + +# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/* +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/default.mk + +# see FEATURE AREAS in dpkg-buildflags(1) +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +%: + dh $@ --with python3 -X.la + +override_dh_auto_configure: + dh_auto_configure -- \ + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --with-openssl \ + --with-mysql \ + --with-pgsql \ + --with-boost-libs=-lboost_system \ + --enable-generate-docs \ + --enable-shell \ + --disable-static \ + --disable-rpath \ + --enable-generate-parser \ + --disable-dependency-tracking \ + --enable-perfdhcp \ + --without-werror \ + --with-site-packages=/usr/lib/python3/dist-packages + +execute_after_dh_auto_build-indep: + # Do not download external JS components in binary documentation package + # Inspired by similar removal in python-pyopencl + # Thanks to Andreas Beckmann + find doc/sphinx/_build/html -name '*.html' -exec sed -r -i -e '\,( *)<script async="async" src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>,i \1<script src="/usr/share/javascript/mathjax/MathJax.js"></script>' {} + + find doc/sphinx/_build/html -name '*.html' -exec sed -r -i -e 's,https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js,/usr/share/javascript/mathjax/config/TeX-MML-AM_CHTML.js,' {} + + +execute_after_dh_install: + dh_apparmor -pkea-ctrl-agent --profile-name=usr.sbin.kea-ctrl-agent + dh_apparmor -pkea-dhcp4-server --profile-name=usr.sbin.kea-dhcp4 + dh_apparmor -pkea-dhcp6-server --profile-name=usr.sbin.kea-dhcp6 + dh_apparmor -pkea-dhcp-ddns-server --profile-name=usr.sbin.kea-dhcp-ddns + dh_apparmor -pkea-common --profile-name=usr.sbin.kea-lfc + +override_dh_auto_test: + dh_auto_test --no-parallel + +execute_after_dh_auto_install: + rm -rv \ + debian/tmp/usr/share/doc/kea/ChangeLog \ + debian/tmp/usr/share/doc/kea/COPYING \ + debian/tmp/usr/lib/python3/dist-packages/kea/__pycache__ \ + debian/tmp/usr/lib/python3/dist-packages/kea/kea_connector2.py + # log to stdout (i.e. to to the systemd journal), and use a shorter log + # pattern that avoids logging information made redundant by the journal. + # adapted from: https://gitlab.isc.org/isc-projects/kea-packaging/-/blob/master/debian/rules + sed -i -e 's/"output": .*/"output": "stdout",/' -e 's@// "pattern"@"pattern"@' debian/tmp/etc/kea/kea-*.conf diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml new file mode 100644 index 0000000..8d6a858 --- /dev/null +++ b/debian/salsa-ci.yml @@ -0,0 +1,7 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + +variables: + # The package isn't near to be reproducible. + SALSA_CI_DISABLE_REPROTEST: 1 diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 0000000..8d87da8 --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1 @@ +isc-kea source: very-long-line-length-in-source-file diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..c8bea51 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,7 @@ +Tests: smoke-tests +Restrictions: needs-root, allow-stderr +Depends: kea, curl, jq + +Tests: kea-dhcp4 +Restrictions: needs-root, allow-stderr, breaks-testbed +Depends: kea-dhcp4-server, kea-ctrl-agent, isc-dhcp-client, bridge-utils, iproute2, jq diff --git a/debian/tests/kea-dhcp4 b/debian/tests/kea-dhcp4 new file mode 100644 index 0000000..1a2bb66 --- /dev/null +++ b/debian/tests/kea-dhcp4 @@ -0,0 +1,245 @@ +#!/bin/bash + +set -e +set -o pipefail + +bridge="keabr0" +bridge_ip="192.168.127.1/24" +subnetcidr="192.168.127.0/24" +pool_range="192.168.127.10 - 192.168.127.250" +test_domain="example.autopkgtest" +server_iface="p1" +client_iface="client0" +client_ns="clientns" +declare -A dhcp4_config +resolv_conf_bkp=$(mktemp) + +cleanup() { + rc=$? + set +e # so we don't exit midcleanup + if [ ${rc} -ne 0 ]; then + echo "## FAIL" + echo + echo "## dmesg" + dmesg -T | tail -n 500 + echo + echo "## kea logs" + journalctl -u kea-dhcp4-server.service + fi + echo + echo "## Cleaning up" + ip link set "${server_iface}" down + ip link del "${server_iface}" + ip link set "${bridge}" down + brctl delbr "${bridge}" + ip netns delete "${client_ns}" + sed -r -i "/example.autopkgtest/d" /etc/hosts + if [ -s "${resolv_conf_bkp}" ]; then + cat "${resolv_conf_bkp}" > /etc/resolv.conf + fi + rm -f "${resolv_conf_bkp}" + # restore it for when we are called from the main script, and not the trap + set -e +} + +trap cleanup EXIT + +run_on_client() { + ip netns exec "${client_ns}" "$@" +} + +setup() { + cleanup 2>/dev/null + # so we don't have to worry about it being a symlink + cat /etc/resolv.conf > "${resolv_conf_bkp}" + echo "127.0.1.1 $(hostname).${test_domain} $(hostname)" >> /etc/hosts + ip netns add "${client_ns}" + ip link add "${server_iface}" type veth peer "${client_iface}" netns "${client_ns}" + brctl addbr "${bridge}" + brctl addif "${bridge}" "${server_iface}" + ip link set "${server_iface}" up + ip link set "${bridge}" up + ip addr add "${bridge_ip}" dev "${bridge}" +} + +render_dhcp4_conf() { + local -n config="${1}" + local -r service="dhcp4" + + template="debian/tests/kea-${service}.conf.template" + [ -f "${template}" ] || return 1 + output="/etc/kea/kea-${service}.conf" + + cat "${template}" | sed -r \ + -e "s,@interface@,${config[interface]}," \ + -e "s,@dnsip@,${config[dnsip]}," \ + -e "s,@domain@,${config[domain]}," \ + -e "s/@domainsearch@/${config[domainsearch]}/" \ + -e "s,@router@,${config[router]}," \ + -e "s,@subnetcidr@,${config[subnetcidr]}," \ + -e "s,@poolrange@,${config[poolrange]}," \ + -e "s,@multiarch@,$(dpkg-architecture -qDEB_HOST_MULTIARCH)," \ + > "${output}" +} + +json_get_length() { + echo "${1}" | jq '. | length' +} + +kea_get_leases_by_mac() { + local mac="${1}" + echo "\"hw-address\": \"${mac}\"" | kea-shell --service dhcp4 lease4-get-by-hw-address +} + +get_result_from_lease() { + echo "${1}" | jq -r '.[0].result' +} + +get_number_of_leases() { + echo "${1}" | jq '.[0].arguments.leases | length' +} + +get_ip_from_lease() { + echo "${1}" | jq -r '.[0]["arguments"]["leases"][0]["ip-address"]' +} + +get_mac_from_lease() { + echo "${1}" | jq -r '.[0]["arguments"]["leases"][0]["hw-address"]' +} + +check_leases() { + local data="${1}" + local if_mac="${2}" + local if_ip="${3}" + local res + + res=$(json_get_length "${data}") + if [ ${res} != 1 ]; then + echo "## ERROR" + echo "## Expected 1 result, got ${res}:" + return 1 + fi + + res=$(get_result_from_lease "${data}") + if [ ${res} != 0 ]; then + echo "## ERROR" + echo "## Failed to obtain leases from server, code ${res}" + return 1 + fi + + res=$(get_number_of_leases "${data}") + if [ ${res} -ne 1 ]; then + echo "## ERROR" + echo "## Expected 1 lease, got ${res}:" + return 1 + fi + + res=$(get_ip_from_lease "${data}") + if [ "${if_ip}" != "${res}" ]; then + echo "## ERROR" + echo "## IP from lease (${res}) does not match IP from interface: ${if_ip}" + run_on_client ip a show + return 1 + fi + + res=$(get_mac_from_lease "${data}") + if [ "${if_mac}" != "${res}" ]; then + echo "## ERROR" + echo "## MAC from lease (${res}) does not match MAC from client interface: ${if_mac}" + run_on_client ip l show + return 1 + fi +} + + +setup + +dhcp4_config["interface"]="${bridge}" +# get rid of the CIDR part at the end +dhcp4_config["dnsip"]="${bridge_ip%%/*}" +dhcp4_config["domain"]="${test_domain}" +dhcp4_config["domainsearch"]="${test_domain}" +# get rid of the CIDR part at the end +dhcp4_config["router"]="${bridge_ip%%/*}" +dhcp4_config["subnetcidr"]="${subnetcidr}" +dhcp4_config["poolrange"]="${pool_range}" + +echo +echo "## Configuring kea-dhcp4 and restarting the service" +render_dhcp4_conf dhcp4_config +systemctl restart kea-dhcp4-server.service +sleep 2s + +echo +echo "## Obtaining IP via dhclient" +run_on_client timeout -v 60s dhclient -v "${client_iface}" +echo "## OK" + +ip=$(run_on_client ip -4 -o addr show dev "${client_iface}" | awk '{print $4}') +ip=${ip%%/*} # remove the CIDR part +mac=$(run_on_client ip -4 link show dev "${client_iface}" | grep "link/ether" | awk '{print $2}') + +echo +echo "## Got ip=${ip}" + +echo +echo "## Checking leases that match client's ethernet address ${mac}" +# this will break if/when we close LP: #2007312 +leases=$(kea_get_leases_by_mac "${mac}") +echo "## Leases:" +echo "${leases}" | jq . + +check_leases "${leases}" "${mac}" "${ip}" +echo "## OK" + +echo +echo "## INFO: Networking in the ${client_ns} namespace:" +echo +echo "## Interfaces" +run_on_client ip a +echo +echo "## Routes" +run_on_client ip route +echo +echo "## DNS" +if command -v resolvectl > /dev/null 2>&1; then + run_on_client resolvectl status +else + echo "## Skipping DNS info (no resolvectl installed)" +fi + +echo +echo "## Checking that the DNS domain \"${test_domain}\" was added to resolv.conf" +if grep -E "^search[[:blank:]]" /etc/resolv.conf | grep -q -w -F "${test_domain}"; then + echo "## OK" +else + echo "## ERROR" + echo "## /etc/resolv.conf does not contain ${test_domain}" + cat /etc/resolv.conf + exit 1 +fi + +echo +echo "## Releasing IP via dhclient -r" +run_on_client timeout -v 60s dhclient -v -r +echo "## OK" + +echo +echo "## Checking that the lease was removed" +leases=$(kea_get_leases_by_mac "${mac}") +echo "${leases}" | jq . +n_results=$(json_get_length "${leases}") +if [ ${n_results} -ne 1 ]; then + echo "## ERROR, expected 1 result, got ${n_results}" + echo "${leases}" | jq . + exit 1 +fi + +n_leases=$(get_number_of_leases "${leases}") +if [ ${n_leases} -ne 0 ]; then + echo "## ERROR" + echo "## Expected 0 leases, got ${n_leases}:" + echo "${leases}" | jq . + exit 1 +fi +echo "## OK" diff --git a/debian/tests/kea-dhcp4.conf.template b/debian/tests/kea-dhcp4.conf.template new file mode 100644 index 0000000..2addefd --- /dev/null +++ b/debian/tests/kea-dhcp4.conf.template @@ -0,0 +1,71 @@ +{ +"Dhcp4": { + "interfaces-config": { + "interfaces": [ "@interface@" ], + "service-sockets-max-retries": 10, + "service-sockets-retry-wait-time": 1000 + }, + "control-socket": { + "socket-type": "unix", + "socket-name": "/run/kea/kea4-ctrl-socket" + }, + "hooks-libraries": [ + { + "library": "/usr/lib/@multiarch@/kea/hooks/libdhcp_lease_cmds.so" + } + ], + "lease-database": { + "type": "memfile", + "lfc-interval": 3600 + }, + "expired-leases-processing": { + "reclaim-timer-wait-time": 10, + "flush-reclaimed-timer-wait-time": 25, + "hold-reclaimed-time": 3600, + "max-reclaim-leases": 100, + "max-reclaim-time": 250, + "unwarned-reclaim-cycles": 5 + }, + "renew-timer": 900, + "rebind-timer": 1800, + "valid-lifetime": 3600, + "option-data": [ + { + "name": "domain-name-servers", + "data": "@dnsip@" + }, + { + "code": 15, + "data": "@domain@" + }, + { + "name": "domain-search", + "data": "@domainsearch@" + } + ], + "subnet4": [ + { + "subnet": "@subnetcidr@", + "pools": [ { "pool": "@poolrange@" } ], + "option-data": [ + { + "name": "routers", + "data": "@router@" + } + ] + } + ], + "loggers": [ + { + "name": "kea-dhcp4", + "output_options": [ + { + "output": "stdout" + } + ], + "severity": "INFO", + "debuglevel": 0 + } + ] +} +} diff --git a/debian/tests/smoke-tests b/debian/tests/smoke-tests new file mode 100644 index 0000000..9aa9592 --- /dev/null +++ b/debian/tests/smoke-tests @@ -0,0 +1,38 @@ +#!/bin/bash + +set -exo pipefail + +# Check that the PID files are in the right location +for f in kea-dhcp4.kea-dhcp4.pid kea-dhcp6.kea-dhcp6.pid kea-ctrl-agent.kea-ctrl-agent.pid kea-dhcp-ddns.kea-dhcp-ddns.pid; do + test -f "/run/kea/$f" +done + +# Check that the sockets are in the right location +for socket in kea-ddns-ctrl-socket kea4-ctrl-socket kea6-ctrl-socket; do + test -S "/run/kea/$socket" +done + +# Check that lock files are in the right location +test -f /run/lock/kea/logger_lockfile + +check_kea_version() { + CHECKED_VERSION=$1 + if [[ ! ${CHECKED_VERSION} =~ [0-9]+(\.[0-9]+){2} ]]; then + echo "Version [ ${CHECKED_VERSION} ] does not match X.Y.Z format" + exit 1 + fi +} + +# Check dhcp4 server configuration file +kea-dhcp4 -t /etc/kea/kea-dhcp4.conf > /dev/null + +# Check dhcp6 server configuration file +kea-dhcp6 -t /etc/kea/kea-dhcp6.conf > /dev/null + +# Check control agent API +TEST_KEA_VERSION=$(curl -s -X POST -H "Content-Type: application/json" -d '{ "command": "version-get", "service": [ "dhcp4" ] }' 127.0.0.1:8000 | jq -r '.[0].text') +check_kea_version "${TEST_KEA_VERSION}" + +# Check control agent API through kea-shell +TEST_KEA_VERSION=$(echo | kea-shell --service dhcp4 --host 127.0.0.1 --port 8000 version-get | jq -r '.[0].text') +check_kea_version "${TEST_KEA_VERSION}" diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000..7ffad73 --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,6 @@ +Documentation: https://kea.readthedocs.io/ +Changelog: https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes +Bug-Database: https://gitlab.isc.org/isc-projects/kea/-/issues +Bug-Submit: https://gitlab.isc.org/isc-projects/kea/-/issues +Repository: https://gitlab.isc.org/isc-projects/kea.git +Repository-Browse: https://gitlab.isc.org/isc-projects/kea/ diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..2fed2ae --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,308 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF/u5KMBEAC0hPiTonjYEe5FqNzFn73KmcN8KGD2wzujmWWLnFXGEVDEpFcS +ULQDshhCclwNeXUArUey4nficwpqUe+Xl2h4dP4z7yh3WiL5nA5JRjJjw8KJQGVW +AkgiZTnJHH8DrzNt9LnDL516qMDJarTHemDUUUZLNxnuv0RDEhDxsXWiVCQZZcw/ +41yIY97uCf30dsDwnckVl3iEmYaGTYavWbKP60S8WaxO0YG57RI1etmlIQ0nMmka +4bvFnwwb9Jdnwle4LIiRMCGymsheaKCKrEZgIJY+idyBuExLLykiL8iNBj2Pzi7z +XSCniH9qcEwfqgZlP/KZwujLhGOc4c4peNwpuDGcmYZoAsUD8CZ8H/LU1FIR2A1u +/UrRREtC8nNTDGxCckSMEquHNURfMk1QmDbJ9gaa9aOk0AArxuTxyj6Cn+KQd5l5 +0mN0R1sDVQq9xWdvnB7N0d3MDhnV7f19iUhi3KYvjVTkCMXjhNXjDH/KXFKoFhKa +9SkxYGfW25inwSQoqbP1TE5+rESf57bo+XFxfVQuYfVJ5BlZobz+sRl2iDQyBJDM +uDFyXE/t+E76BmwyHeOI1weqUMYebqHgu0x76dTYj9yWgWdQAC1pXi15/MTIaOtQ +hWezb5rkI2yZqaZLaRBOIRBIPM5C5AOjL2XbfwUuSr2W4+TvxLocxi48DwARAQAB +tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5 +LCAyMDIxLTIwMjIpIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBH4ckayA +MKWlnR76uXUPPIdyPkASBQJf7uSjAhsPBQkD60WABQsJCAcCBhUKCQgLAgQWAgMB +Ah4BAheAAAoJEHUPPIdyPkAS0lMP/2IgMErScBUaXrZXqYXoluR8xU0p9DyZEBx+ +ZGNAcJ2CTPAbn3FrkNGNpK4SOCLXEZPKOQ09umaIxl8H6uEGaTut1JLj1qGaZ8ID +4gAeQcTIN9OQA5ElQo+ci20XE9JSvzqY1zb04EkMuVL678xPCYJhUSLS0MAQkcDJ +JQLN17SwNi4vGqzVhnwKUviQU9/s+LRUkThsTg4qT0fNnmGoVJXqrshxJa2ZWM6J +QtOWBgJiC6xZ+zRiZS898L0tekU4o9yxtnnDWry2bI+mJbxAp94ZAXgKahOU7LKV +3SPxkx7TAng24nOWi1EaP51pe7usTFH1BR3CUHZdoIQ4xruZGkt/qPumskofzl+1 +8bw1bEFbq8S6jC+twT3JUcE02HbEIbrd6l2T8pYBXaojFggGjUTSv9d5YUN5N9U/ +/Qy0o3xZwHNdXLx6xSrUO+NT5JU1Nh/0sutEH7ru/YqFZof9vfCbV86y8fIOPgk8 +LkJNUSu4QCJ1PHKB+fJp7yAhlPkOXNG1b9+W/hVp96rdkovpCUkLD83s+suQyJGk +QB7Qpem7nS4zp7/Naui+g3M3p/uRSzZgELTnXNyY//bw9fOqx5SDLjSUslUMz+TH +sFTwfo/Mot70MPHMe6aE6tdTDoJTcv4Iim/8MDhJ6yqKt8sxprataZoWwFi6zAF9 +BzWkJcrbuQINBF/u5P4BEACso8iLzFJ+M1wqcsCDup+GtRMzte04CAlLmaLgyzfL +3xxBo4AUgX6UbUCGycG878JVn52S6Nsl6FlasmyH00MGjZt1CuNz4htfSmLGcBMj +IwQv1CYR8bm9EPwR15NaWdgzJHShCduMHv4HdfqSa6UQfzO/P8mwioER19fkDQSE +U1KsY0yl//ipWiW3ZJGShGHLnn4YbxogQtsRPESKUsQ9MtzuMt3ehGtkN4RguOXC +6pCWP8J4F9lgjSZ+uLOQKV4rmpbSMXntOJi2nu+14Zj36enW8xyAXO/w5z/wci2G +LN/aa/v2a3GM3WJQsPNzpDwB+pr1n0Kp+wK6K7siVmDoV+WecD2KNNgOuSyUve7h +BjWRM9W13LsgLGhKJA8yUpPvhXk91vLRUhwFJ2GUirxLPLs2TSTjHlHvhcPy6aX2 +HxbHkcOt53n2h0zx7ntl1N7XHozMWmHphPsSvOZ5StuQRAFvfE63EyfR84KUPIbZ +kvftbAJPKCJC8W6GqhfORzYZqldDNNva5iYHF1OItF79ZLGI56diNsBV9SOVKk4d +f9Qp6urYOd+9RGQGmCQte/WSFaU9z9QYPEGl1NlmGAWt7KKyB6QXZH1oEMwXtPd8 +4GQX3XGtyggEp6BGwkFFWRQzF1EZ0maRPrpN4bpQqLXSJiqQxsX+FAcOkhpo6X7b +8QARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5P4CGwIF +CQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQTpq255IzwEFuiZP0UMA6+pClln +xAUCX+7k/gAKCRAMA6+pCllnxDtmD/0YCUccmKudW9PiQw7mI1HSuwL6aS+MlG6/ +LJ79nmi6TTpe87NDcEv2bBpVWYcQK87smCxIYyuj4SCZuBQivjyuecipRoG14PUh +KU8UiqdF+vKDvUAA7huOBlR4dgr7/KvjirnbwO3mGouwZszDOLvaHuO403+TPm1b +mJtEA9y6Wbk/+PTtfPymQwnaiJkPhQ6Q7ZbyasRIisO3MRPacUjt2DXFi5VV/Mya +8o5Pae3zY+5SjMyE2siPnVE4/nzp424jDzSq4DGEUip/x+QYHFwxhCJmdZlRIFmn +vSCAGXBpyPVbckC0Gw8kZ8HsGzNbMbx/VjDG3LFT8TR2Djsh99/6icO1J+jDkPNn +IFEsYjAw7Tos5IPhIT1XkSCW84KqBG5pGI5h7fJzf19sR7Ki6XyFe6VYvggeQIS7 +VN1ISl3tRN/dk0GbrKkUKr0OVfaRD0wXQHTzbec8Fs43G0z/DKoFutGB/J3yjAmw +IOcP5R6rqjhVp4APQpsB51XCaaqEXaXZyMWrKILbPIjlE6FHeh1qd+zdIjullnF2 +YZv89HU9dIXxKr35CM8f3BWm4D4cRjsUOWoGhMNwdHzHYOdys6T72KBK9D2irz8C +L0bycjN+SIpde/auo+dQKqKD3/ipr4dyKJyOUsls9cyhxkFp031cZ5rWbXcLJ8/s +1BeVPjFCngqPD/9rMKA6kCSnTo+rSqZRxo9RlQwy4K6xfPPdHZvBi3A4UYCsurgl +qLtFtGG8SMWigmUZWLT6uhsi0orR5wfG7vzajF0Hcd8yuWa4zGeu0rFJXgG64Pyj +nJHtv2Tzi8DNY5Y+8mfXqUewyEUXQLxnLqpGlPjNUAJKvjm4SstNadewgWeb6F8x +UQJc8owGmK5+yZQ5LZj6bjt9Dr3SCM3Og/iS5XK5POGUJgtgXLXp3uy7p9SzsJ73 +qhrDII/YqSwToMu8tUv4xEGxyceVPDm+ywde5SXYmtvMYrq5DBdlalZ9kBlC5fyc +IIzKoIOOkKKpa/YAyKdLTk8ZByjDk1RrdcOyP4VNpCvyisf6JPwWfKdM5mxf47hb +s7zioUH7miUGA6i5TNi1e+DU2mL92sJwQ0WkHw6KaUez2Y9CaD8hZnQw/h/JcNq6 +nb8y0GR8h7qWms3K0rtSs8SuDXUsdZrFAeURivccmohXddtt0FDzkheKGXs27SSl +8oOCh+jl/hEUzz2mJGFwRBo0FI5ipN51IfjhMJ8zzSmvfrtdwT2Tu6wSY9DLsYR7 +0tWGOc2HA6o7kdcC1V0p2jvQct281FrC9dTXFgcDuGUBYhzEZeWwjuYQXBzMquF6 +ersVnPo/Z5l1SnkK+wVBQbf4igHOaobl0AQxnb86W4CXBTZ3CvRq6o8vWbkCDQRf +7uUlARAA7oTlVZXhdVlPnSQlnI5JwovG2jEIrRifpbyavlhlosX+rgtQ5EILn0DS +PJ35CNfOAeOcLQeRrJAZj6w/x9FHWfKRAHUeiTTsVDzTrDyJBCVuC40ck587KVUc +GuB3vee03/y8qAczj5TZNaDdl+4qAzOFQuV4MjwJOx5fsXZw3dUAS7pw1mTkAYTh +nz557buc8JJCxrebT6FvN8bugk7LJ8SYmI154Q5wCdXB6Q42sdSMFlKKPYRRmIvX +vI4Ytl/J35v43gCLbXccTWQpBX+ra75sndS2hYGQhcC+WdNtt4THgU6Sb7ErpJK7 +7A1r1Wf0WSioQ2VWjT0QbUE+6IXD1J8duh6ZgzuqppMm13aDdMDZGwdcxlFw+vlo +bM+IAX+QgzPjslM3FHVvvfCLka+ctMO+lL0bz1G4njNEXcIAILhmoqRI4ItVH7Nl +ZI3pAfLLB4qbhTKTIiS+uIoA82RU86ozr5oJZCsJa5N5EpJnYxnjv2tYhU42eh+j +hyM+5ra1dXtveKvL5SkVuRUlPZvgOuwQ14Qnj6sv8CmtBpyVpupHmY2RbNtLVLdH +Ix3lyQbgVo9iMJIoXiPXmcRWCgLgOeuETjFXsEcFLxuN+D0My0dtwWcg+271vtPn +0orTObxkctFK+V32ByJYxVvytNCW245bICpxCicxmh5kYEmQCnMAEQEAAYkEcgQY +AQgAJhYhBH4ckayAMKWlnR76uXUPPIdyPkASBQJf7uUlAhsCBQkD60WAAkAJEHUP +PIdyPkASwXQgBBkBCAAdFiEEqtu6UHTxQC97adVrxbTukxqfnf0FAl/u5SUACgkQ +xbTukxqfnf2aeg//ZspIr4ETVf3ai0dXCm2Pf6gpM7QUfI9fPUHymvBhNrNhfZqN +ADpzbJefzLif8as7kUr904zTc5Jse5a0MzCrMyEwTDIoCKDv2ktLq1L20bwflZs+ +oP27CYC5FkJYgLYPrQZ/7hRC8EWjgn6v3seJtEo8G73kiVEBOnxVEfGZ8zxmX1Cp +aOWfhiFYCmkEe6Ck9hG+OaWt7+WW0wWT1UFiluzRRAEMROcCUtyB5IPCqCH/Rz/m +/bE6G+lHZo6OY/wY2q/oW2f9JB/4QyJeSI+fkjY/wDjfNQjiPMLfZctv25IeZYVY +ZvIKrdnjbzRe+GwYLg5G/SbpSOEb5O55Ps8mNUpYFaMCfefW+DG48a4WyUGzFr52 +BMKvHKtc6c7P3+muBAqcNZYxRqyLIQiYiV9CCjpIV1WgUeedroHUXvJF/SAvNVvB +ZR00I/D2hsD9BFh3B1FEYbw7GuYuG27Z6fgRolOQUeTabjQLI386SV3IxZ1KFwm4 +GU8BTbUA2zwT3hu/BaaCI5jTSLyBpdo10b1wgMEnqmXG6AbNdxFVEWwE+CE++BHW +0YBhKp8fghHwwN1fwTCV+QyA4Qn6EBVDkTrUPKqTeCmHzt3AQh8WVrsmrodyr5Yp +69LoRnlkLcGJiOCKMOmkop9Z32ckGieYHrl24Dw6hmUSWDG+pBn0ezbSPit3FhAA +qD2y1VzqxsaCOD634Ltq8AbvphP8XZPrrsC3DIA36ITaCQDa5Cn7madLCXy/uP6N ++tojtzXf4tUzumwGJGFLtdMXNmuEuXrj++NrU1xcscbvDn5O4NDMadwI1EDlQo7w +uWK9jaQAVhF7iDEBEazZe26knQFxC0my4SyO1uQaEg3BKHj6z7dkAjzWJaQZhzql +yrRzbCiVUUI8ZkrgM/+/6NJohUG/had6DoefgK6H8/yjgVx1Wtx+XAuBQ2cvclhc +TAmHs128dWduNHxI2Yx+uM4kuHYpPKBwdEh91ZNeNqtBJURfSVjBCjKkTYiS7kiv +XyvQOBdZVeSVpj/QoAfaUlQoBVm7aF6xf7GtYlVzjMsLYdpjXhy4ZbQQVUuPI+1f +yFkw8PpASZ3gvO6KQ4V2w3hOYAxYQ1kSwTtaA7+18nyv65VolTmAotmLun94UKn7 +zjopByBnC/XEqsU3tibg9A7xQ2KUpWkpmG35f4ZR9aEIxSe2Jmm+Se0JfiAq6Szf +dyWvr/TzaS/BZL4WEPk2Vw/mzWEPZOscpIkBFGK+Ul7yuXvbrbwr+zmAikHmTb1V +XfPb9eBnwDDuRHhLBym4FMrPjzeziAxxkScTfDjWq6rvMmaEe1CX+dj6ldx9Jp9d +iUngol89eSgAQOtptjcit5o0Y0Mu/RF6KIBG89ghFly5Ag0EX+7lVAEQAKFx5asK +W7A9BNKPkaXgym0AlW2szQR1nwxi3APLVLS0Al9Y/3mnBbYyO84HDr82AtMSWSMY +UZIKtkUj2sVqUb+xHOPkY/MenyoBrCl2qaTVJ89nnWMUjtrX2qk0O09+ByoYXTit +BVPAIZ/qZfGNB+Dsp1haNKRdowkf6WXkw7A9dHB5isVmaM/Z0THNJRHwc6mcqbEV +M4fDL+OCx6m2KQHTHirk+OE9Nwral82IIqj3d5UBHmjHAbQNXTDzZbWg6tYbLN3I +EYxSRQpkJZIVheyBmWFZuivm4hCDZxJlZ1sgxQeIZk6wR2LBR6ccTW6PH11PhIpr +6O8aQh8JUMg+/aJK2eQXINozYdjOTUjnWAUeUqML7Pg/vERRAgHXO9Z+NTIEWEOo +Ee+8WOFmrmfjb9Uz27DtymhUjOl0ryiG6F1b90t1rZvVKWR2OaCUhICm88o3MCgb +HFeOh7v3tnQb2Uot7kY1hgch6j1MNYWGb8LjwoTAmx9okEv9mh119k+SdVJP6wsX +ZtL4860vTfTw6RQM7rkZBzTyf4qCvU5uRSd2u6JqtUhw4m/gkKQyW8jLEkqX7JaT ++iEBgPzjALvfSWDbDgst0szqU5jltYpgjG3On7/ZGFFJrkB06orUvovxLThWWvm1 +iugw4/av3n64hl/yfxvKQHLQA3Kfkjjzc3oPABEBAAGJBHIEGAEIACYWIQR+HJGs +gDClpZ0e+rl1DzyHcj5AEgUCX+7lVAIbAgUJA+tFgAJACRB1DzyHcj5AEsF0IAQZ +AQgAHRYhBGFPhWcuJXtdQn6ZBiGZBzrXgrS4BQJf7uVUAAoJECGZBzrXgrS4jfkP +/ApYZIRnBL+LdTPYdbZDYXotkE6RO6ZsPdcV1G6na5jJ7igdVuvoz5nP3rX+oQoH +6k9DysQzyh/SkXRPnbOOyvQsI7atmH7SkhNn7ke8zmEJLzApHA0ZMGXtBJHQkZwA +5LDWIQb8HbtJTBr2DyJcQdpRmP3hHDgyYgwg0AUG/2JEwYqps+/pqJCrLSP+GLOA +ia+wRH9xwv1Vl2gIxWXqEO6U3puqUg+0z1Av4Gj/xzuw1F3eLrOfgklhpASc8QtC +89kx1nhFS+OybQfRAH7YN9DKE5L1kJxQ4t+uW8TiXf9r+MdcVMEI3LATZRtgowFc +493g7EkTppmqabFns9OamyxXdIzLAKoKvykr7HPCBWUnZn2I2RrcGQltRBQlR0Mb +jO+sFi89XnFPwXIw/t/9zoq1bXCGTt7H5RtrfxC1wTYXqLEdV9pptNj7j5mlff9g +DMw1v3MfUxbz9gIDzs7ANnw3SkWi+d0v0bLadWdItkq2WKvvgB58NJtKPc8Jwilh +nO7W31U/kv8FR9JcFXzS9+Y6ejIClF4FAwr5tK07N/xSFAKEs5kyAYEKxP6vI59m +5h+tO8cws+pi4gqfWa3t3b+dVzKl9AIkWAYjq9FvbfiqZgKTlTviSUMpmK5qJVld +72+NiolUVniJbw9Z10ps4G4zmXSl1ZxyKnehUzcKyPieEEsP/1/tctQx1LhVu0TJ +RLtWrE523hqxpqDdF8/QrNp9dX3YVoEkMQW3YYir2oERtaosWXmRjldq5dNfgtwc +lhG+/CP5rxNeCJlI+b64pC/yQMCrbz/V74aAipuv7ZZMflgr7ZD5i3jyM/7/AunS +qOUPwkKrjetNF85eibeO7c0Y9/HhILkLQ8EoNfJshdc0/scwMZEpLHTMAHSrxCAV +FuhLsF9epenA6IbtuMsp43aSxshX05RH7F94uj4VCMUSs/90viB5njItpPdZCqUH +eXSvLSjxqsmS4Tz9Dn+uWvxleBLRRcpZykuNLGgwVXafWftWbA+U9KaJnDWFdzjJ ++gAsWfHfFBOa1RfXYP++e+VJflcHaEZ4byLG5Zf1HqAvvcaShAVuMXY1hoYJinvh +uk1zJRW9dP7apZx7BXWxbWcn8LMR5GFfunl/M2iNASmkqxJ9gvy6TBRWJu2QeNbN +5Ks0/GDUawQqvhmM3V6zFQWVsPwaHpufIaGqnKC2gXaIHXPP0ldyXdLXwgZ+6A7D +IEqHQB2BDbiJtovk6GaK8PUCEHTiDmRF/mBzlpBJOn+Hc5ELufgr9E2lkrKJzFag +CBCucNhVEaUedFrycxfSALing7DJPWb5cobu9K+3T9L3k57XgxSAj+g6vOxHuxHL +ve1IPheCWfkKpJH5faFDWKpJYYPauQINBF/u5YABEADgWTS7wFA39XvpWNHSfAAR +2/nlGWuTvD7zoirzUwOd2+I2XYwgl910KsznhlqDrHZlqKuGRjQlbpyTbsOH2N5k +IE+0uEXidU3iwslSZ33RLL0h9+czDnlgijYXLCg5ScswBEC1E/kXX685AUCTPX2n +D1+Ymxxgov3AvItVxKDd3N5ERsy6hYWPK4ACXt47hJFqPfPtnQe2IdFkRm3bOuX/ +X79Kb5N6cAoao65Tpsix1pm6tTNww0+THzIWzK/yhi1/tUOv/QJMEVAxeBAPr+Pm +mvjHvsI9RNQt7VnoHVkqJhPDxyQZR2IOVQXvlYyCtkPA4WQlyxLzWM24TG8xhD1v +zZzA8qs//o9QI8OLg2ZYxplC4lW6GEZk3GnrTXs7bW6HUq+RlayIbDw7oMs30jAv +YyDdQpZrYuZvsWKbKu+65Yi3M5kW0v96LT3ueMJaL/RanL9JhAWuEqyezffsBZ5a +88/i0n9FJ8cQ1fZq2/GLq/mN2JZ3e/HSWynTnlmk+qGk2bq0cRFJNHAs2HNAm0Id +pjSFCPmek9j30wp2c2knML+SsSw5h6570mwILuKwFr6i2hyFlPk4H7nP04vPQ8P2 +Pu5O/Cfg9rPSBjIi9FsNS8/a29sSuOmsSGHZnMrVUpGw+iKmx/jVejOtqe6hYydu +MSQtIU59E2fq5TM4tub6qwARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88 +h3I+QBIFAl/u5YACGwIFCQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQQjoUGa +YHzyVyZWN3UsTffOV4ELlAUCX+7lgAAKCRAsTffOV4ELlDerEACBP9kAH17GHloL +XJjd1IHttRWU2Qs/VV0H14g14hgRz2/Qa7KRR4mGrXPKS/ctMkDXwlvs4HPUTeO4 +MMT38hwxv54AjW7CtF8DR3EQFXKR51roICQognvqpPe1auNERdLzAdcn+NoHEQB7 +eyPqjQM3OGGq0SVRwNnv777o+Kd8Ncv/4fR1xvA20Ds94G5vCYpHB6J+lPPVXBmz +rOYSf+QZWsXjAZdnAAYkpEjfJhNrqvqSoRxZ0dweCqieenm8Nzt/vdL9nT3+4AGy +5hmaAG2ENj5AhI194gtgACvKwCl5hF0VKMhtm5d9SWS+1quHzgn3UFh3VZrfjPid +CR64mIu3RpZe7EcR+lMl7gCJxdFlHVD3z1lbz2V6u+xH4ZsLrTY+v8kDxzY8ojM/ +zDbnlEK+xzA9akhlaD3D3wKXRVuSlrxfEVv14mwKN5AYHN7bLL3bjOo9WYtLznH6 +Av4GqXSQ+LOl0+6bLKmD68/N0q2IiZwUSOsxTE1fUdYPF8eiN8L+35Qt0jwybieU +a3JYtmO8EW4ZEmjJGwKgyrf+eigJN2/0AeBwcJyUw1YfzaqqS35NNyn5eKANyFQ2 +ZhIjuXRyBOoUMBAx2TSm7FGeFOIw+aQgap6HuGbZ0EZBz6hr9ogNC9FVXCPENKo+ +GdTGoIEs0n6gGOPP5ssp7xUK3420AM3HEACSmYaNC1Gfq2d81fI0TBJ9ATCRPo14 +MjJGiWaFaXoVp/lQeOvlX2JyBG2I6fhMGPGKntCfX+/MERLNAiahQgOjvnOCQdlL +hbq+6loQ1eSTX2AXpRlQpvyxLuebbM+HX3N/9mqAksgQdljmqoJQbiE/HqXqjmKe +16ylU3Rjabyc2p/31p7hm0IJ/3yqDsM06FUBJ108SALQyVvKqRA6q1t/Odb3xgt2 +isbCEgvhJ8kYz3LQkvTW75rSa1cM53Udd1rbyo1t0PaOSGeUZw73/nY1+6LtUEg7 +Q0x4ohL1UE7z7+14mAtn4OvGDuZJil7Lf4cPszf0SFoHPs8iUFpSorBwn3u+5ZXW +NYFblPU2WK3O52qZqsjuQI/gK7uQhXjJO5nA5M8Yv7bVrbLMOj64hdOpNbd56Ycc +qwYbHZL3WyRAN7TNg5ZlHgIVac22StawjXiHWDGaAXpCaHJn8ryM3LY+LTz16R2M +bi+HVaw+0fY9f/mIcOdT6AyDg+V200GkGXL6aw0LZkBZmDin+OMmL7AS8TZ4dvZt +zj+sykcT8DsaFj5Au6zHJoCnsuShMquHOA/vcUkhoe8/E2Y2QdiX7zwDM8vFM8tX +DujFLNPIZuItcVEpE3ysFV2ZfVgBXoxTlZUQxdgJBQ0zg6Ez7rDYEAhVqo2gY9sk +XtN80X/unsjGSbkCDQRf7uWiARAA3i7pu8/QvukeIBoIk1V0GHGPjX+GeV3fR4fu +ciYgx+NKTXT/oJ/89KVeetT4CSnGEZcEpAvsBL3hsiblJYyLVmeoCniFlU+rMem4 +zYP2PnEX70Q56d6SjBArs3K1FZK25S5qqv5ceM10NVRwPufV1RIuui6mQLm2ZwlY +JyyANZZXMrHMJdaHpK9mMBSSF42MFQZhcauQCrhMhcpmZKn0D2+PpRveYwSr43Qi +qBWR2INTDmj/V3ERMviE7vLajWQcmDdcrBp4u3miAJcJSn3XR5SiuL5W77jFEzgJ +zR8yTC4hWE60nWJOk8UrEbpLyr7mBE0Tr7+1IBMgVXh8WHyzLE2ENREFvtp8KlSS +y47Ky9n+5aqPI4M7epMNwU/ZGQnC8o3yX0zZL1tKq0fTAw1Ly4NGE1gRbmzrQcCh +qUHg/J4KFYBMg8eCAzuPp4CRk8wUzu4fRWrOraoz/7bvhH8ilgPu1teLLKzDdOdx +QAaiz/nGy00ICNbYqifR5m73K/rDdjtIqgsMp9Az0mEpgVNq8SPzM5grqAnP/iww +QxwFftiXq/pEP2d8rn65e8NikN42Q28PH1D/uBYnOuVdZUvjU9wwywmfyr+NZMaH +X9sN8R3Kk990W9VxwdOTITpAjz0qMtpE7i/GwPEtpZPTIfl54+cVKvyUjBuTXkWn +vXN+6MkAEQEAAYkEcgQYAQgAJhYhBH4ckayAMKWlnR76uXUPPIdyPkASBQJf7uWi +AhsCBQkD60WAAkAJEHUPPIdyPkASwXQgBBkBCAAdFiEEBjEqvVaiYb6sKxATk1aQ +aqvQi4MFAl/u5aIACgkQk1aQaqvQi4P2Mg/9FXfsIZAgPN/Dq95y1fHG8jsPXEoY +VNY1codxxAaNqvBXZkfJbFwSYpLY3xIbyxHuGuOtC9NpIy9M1+PR7MsxtZAvSjP+ +flP/12x+6nP2H3NWOICpsY1tNOnQe2SjKJxZXHFnDqDBgKpv3QfKUHmYEdExJe3p +NQrjZAgmdbEHeoj+P2VV5vqRrJoqNV/pUbM9czfEHeMVMm/mwWNOi/paCh1y/PxZ +Mkj2bqLMRFfML9O/7QOJRxu3wQwl6jJHj4o6CHks6t237FSB+qZhhQP+vR2CZl5w +lQ4trw0wpNgbZRIMlU3tUfFQ+KdFsM7UqwzwrVgWFur5r7KrFzJN88EKSplrIY0q +se6S5b58H7Tw1jtfjb/xF6jQz5aoZ9xemd8roLReRpKPq70o2eIP1HkjCtqmd5Xc +RQaVEUvlv34WZQ5w2eA1bEBESjbrKhX+H0Un0msUS0JpnpegRNZqW3Bedeos0usy +MsfqMYmZEcZb3hw51XnSb8B/WhkSmcoEuECRxeCu1tw0pn7o4GemAeqT5ng8LXeE +RJhrUTlCIyRab8TIQZvmf6XjneT0stZLKCoZUXO+7FH7F7nPsew1dU+WFIauQX71 +PkZp2JMT7W57HKPuEillF8v5+H1k9Jq/2k+ZdgmT1Gd27nALBOc7q8rr00Lf6BU3 +K+XsfWo+p08CXKudfQ/+JFzzpyKeX5nVqiqbxqUakPy/Ot010/7457YVpvcLmcvT +Yn4cR0dottl96lp5wT1jN7VXfZu/tsHEtTg1ofeExNuCL8DZVsSN836idRmObhLP +dnYmThZcXBJ3RgSniQNwvuuGUtpH7OXb5vnAOe42+n3yucxhPI9Gzo5g6fTqWwb+ +qwh39ydxtiv3v3jgFixJLj/HH3MsxTm6cNUTWNLzvX+HugBeuOfyDG9++fe3UmZe +MczAF9N9tDFP+0b1diXywJWfSdVLBmMARYeh0Swjud60SQLTqaqXVfPSECGo9LVc +wot2u4q67QhUC2OTKiTkF6QVE05iKoPEPkCTmMvSpbHF3ERZE3J6YsVg17Uc7LrZ +7DRRF+03mu4njS8LvIoeBuqsB96mNQNH/PwLSANWTtclCwj2C9W1HKy3zKjnu3kC +PHLzwQFEO28TE5EsblnBdA8ozNIV887V7yw89MxPhpuXRn8BVAU1S9Dj7j3mNHLj +rVAgZmr/nx3oDt8VfOZpK8u3u1voZdC+cnTBdcG2gzM8Ya+h8C60Y8dFzykr8hr4 +b5gDeDI1OkQ2vOQHtnQPdscYKl0v1ntHq2wrFuCIol4WneKh3Jrvdb37cL971u4g +dpw0jTO/ykCvLlipxjJ/NrnXFb6TriZRgWZqiIwY2lKEfZDXqc/iOa2L0yBr21a5 +Ag0EX+7luwEQAM/CQdinTzIHaEJsCe42g6tt4dBC/UC4wD367rJcyJbEd+qaLJwS +CQUbg/wrEdRT+aROHVKLwrvXxtgJs0x15vvFTurkn1BnNMh7p8woYwip7PKrNn2+ +96Yg7Aqc3a3gkDQeF8Q7uipOH/5feJh6l7Iu718pvnDUw4UFZt/RUrdqseFXVwr/ +ffSalLx7gJhL3mYuU1qpJZxsonNwAS43eViagI0FHSqixB5kPgFcbBf3BIiisOCy +a1L9a+zSt1y1aEFC7m+9YlGJA3C0/X8s+dK0VWOrJlP/WmKUp3Epxpu6srsBItcT +YMuGA82/03YAJ+jpGMRb+X1Dq9vuOUxvDjG+G10Cgew2EjiAkXpVg/1NsCrQWRbs +KtFf5PXGfKCO0i8hEzwmJLd5OlNIIiup450iX4eS77Tey69hGyweLIC4YDPDwFpp +bkDdRG6nDvePbEHi5z1L41NaWNa0wEyh28OqrmD0FCcGukk24pBVemVEx0En4siQ +la6/1QXQlG/wTi7Yi71V/4oz7iZ4lSPWs0ACFGD9W5InlRykiRXC1cV27f+qMw9u +Y6UbgvN70cWflK5C7e2h/eAQfxj+seYFUjMnJTkXiZE85m63p1Yu2A1c9+jqJ0L3 +Lfn5YIQdtWdY3Qc1RIQYPVRl5NcgXIPV7TwjvnjowuHjWX0IQbhv61lNABEBAAGJ +BHIEGAEIACYWIQR+HJGsgDClpZ0e+rl1DzyHcj5AEgUCX+7luwIbAgUJA+tFgAJA +CRB1DzyHcj5AEsF0IAQZAQgAHRYhBOJesM8c6ASdR/HZpjPhDkoYOo5GBQJf7uW7 +AAoJEDPhDkoYOo5GhpcQALowCpZ8UowMWlQFfZ2ySJalnZM6S2RxCFiss4W9pGuu +9PKuN2wdXW3HGkBGDAuQgLwanSfhGSt/urT3+DT40OlDMzanRwEK0qiSaSs/xBtK +dNL7JmGbcWTXpNP3aHhfYhVOg7NJnsfZ8Ti3dfuv3ZrjcLvgdnZ/s6O9S3gU8DtH +fpnOfE3hxjUEHEw9hs9Otc6foCqMDZDvfU3emYduD5AvTiXYdeD/mZBD4OmF99II +XWNuQexAJ+xgOPdvXaYt0lBuXmfMcn/1hrU3RJqguwnPZ2cU5zo41/uSbdsFrTHK +yEOLTn0XYYk07mZGdscljzmXbpsbAC4Jp8CDBhUfdzfi1n3AOyblk1nywfionLlz +HDtfWQYCxp16N8S2MU7tA1w8rFNwVDVwmxIfgjLrjPAgvqSpCmLHTXNBfdLUYRAv +SpY9TR+U4YOOuEx2Niwnprdjm1qilN+fmPR3tWvVChlD3kHmSpi1+9ix+xizlBjN +eZ08Eq5rDBPsTpqJmoNS8pHE0EL3IVpcB1pZ5rd6UBSa7LoMLeWwWm7Ap5VZALfp +jMNws4SA2q5OTRY2or/+m1+cfDWIP+2XQV4YaNFMbO7XKr3vnUOxY9gyADqfRJiv +DljHiw5iLzbkaHs7dYJOPNMGMlRzZfkkxg6Patx44TQ2rO7LnyCgVdFZWDHNevgR +Z8AP/152xfh3qsOnT+R32Rt8CcwXmKFxLylgpjegcUmbutow9zdlX26qZ67cJ/3p +hNLZgAYKPrGecGA0BJ2UzsPEKKz8I/dAp96LpHo/24WqUamh1z2PRAgyJGC43zm0 +rA/KAlcht8bbI/VuZ5eAYXjH01QfPS7i7fFOryYYFqfH+BTp3ZEr/A7FkcOZXmNV +Gg4+oC2t6cJnzDsM0MUJ7dgNAHTLGx6RZZahdE3LJ8oVJ8Vek9KtjJbPr143EZLt +ymkiy93pzLUaKWfCZJCCI9nfJnNZnvoQXv0l3wnrQIFE14Fv0jbTALHRgRJlB4cZ +i3teEuf7shSDsd13JDdfmxMsxnfeVsIUPa+J0GBSbe14JHXlcd0t03cpbzO547Qb +rFpD98XO6Y7OefWD3pwDF2Izjnn4Cny/hpUIEO1A2j4qHhUkqmnFmBO6yIFic637 +CJnYe3uU7ss/TNIUKLhujqlcNl8WeOMVPbhnCuOhyQh2aioAKn1yiQ1EgNSIGIVD +LwqMt0kxI52/aDkZgCcEfBFC1c17IeUH+G0HMGm49/acFHkhX61S4efXhvzH5J0l +Dr+0qk4aVKNwqkUNp56GSMLhiiSYivX9Xa4qQGNlmrki1pC2DamlTXDLB67XQcRp +dAc+4nNTK4E/czrr0+wlkgz7pC1MAllCLilyTSPGnKIPlOd2uQINBF/u5d0BEADF ++6hDuKvzbmKWZNXjJK6Em/5nnzBOa155YQLN91zMs6COI4p+YuIVPPzVWZYR0yHs +gTWw45cMV+RYwuL/P+1Z84bgOyPloIVF9VQjOC+wB3Gn4qmTzobr6q+UfQVvUiUQ +8fGG11teWvYpWiG91uialjHZmrpAOQxjHRxHPpi0cZtTFEqinCIy6c942xbtZnzf +nzPpxkKl0a8s1eKZ0KlDK6Ab59nxAinilohXRg/U6sqypsyLl41L0qMZek5dEt4C +r3spdSkZgxqJpLTqQy/5VB4pcfEaIaank3sLxhpil/oQiq+38WA0VkICQyeiCsvf +eEKyt1C6COBNH+olegUxudTKDHFthyGMPRz3McI5jHxCyru0mfLJag2hHXzgGoaD +VkYIwkvyVsHWDqrZMMXcCIUVlpphxtHo1M32AATnWFe4K1nFdbejR9XC5xWOgwbT +zCblqporHzU0c8WBbfJ0Y10IDrHsa/F08PkFvVN48Ydik6rcwowSPxP+59Q9AKLh +Isd2hzfWU2zAbG5Ph1wecwlYR3tp/0i3uSTDXfuuaY+vrqpoECN6fnSg8NxiBbjU +JR0Ju6KDM2SeBUz5hp9BzL8+OPTogRZoinxBogrRAvdGLOnLG5hMjBezzF8UEvp6 +IMisGHBZgXoX4Juvf78RE8JOwHa+HUejj5kYiQW6TwARAQABiQRyBBgBCAAmFiEE +fhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5d0CGwIFCQPrRYACQAkQdQ88h3I+QBLB +dCAEGQEIAB0WIQT2AU9wN9W7TuO6I3E56nu98JFFWwUCX+7l3QAKCRA56nu98JFF +W5whD/9Hu5cnJ0hnzqk3MQsdMXbTNLsv+KePV71kcMRat4hjw2Li/TUaC8xtA81d +O/1obmsuoDAgv82KlQ7DLDXjFk2q45lJdgZxAkN3dEoYakdTIEi11FvwbhV+qxZK +jTq3jFQho4i3GDLgrvBMG4B1TGMH0IPux9fmBGpxYKmp1GjhpgoMXp9bqzsV/mPZ +TxPlmIpeJEO2jeCWKhHHw6rzwGjF68G3HiJ0TqvjdCtcNrwd3GTDsdEJtUl49aqF +M7VfoqKjVdRO/YDL//+TJNOYz5EBGjIZxbhgZJ9Qz+geSBx9GJtDWdq193ofFi39 +oleTFnEMj+OeIr1Bc2pc8Z3HJttFknicJDkeze3mM0CZAkhVkLFy6DvAQkXrgvfp +AUYFACQW8E2XmRBiKd4huojWYz5QGSEIk2fYRVhse2HAUZ9gTODSX2L13nls+BEi +sArsmSFA/RQslDXW+Jl+P0e37BzN51uk2Dg4ylJUBgcpTRUn4Q8c1DgHDhkEVnBI +ny2H/MFuhImw9g5xqlBfCEKh5D8D0e4fX28MhSsBlOCeIKJoY85U3GNY0tlIwAt8 +M7IIHe1n1qncPbAMmq0K48J1lfyTEbXpnSfArzEdbnosjBUaiQX5EwA656eZ6wb3 +Vq02UDei6KPuOosl4Voy+Ffq5MCkanVMA97/0wV3CeCvQYGbsvsUD/9fLYc3yH7A +0xksK7PImztDR8MLsUPoiv/vnfZ+WJJ+YJ0TKAHm1ZO3NqeZmD7XoWHKwh83zsK8 +x/JUASCBN16isC+Ym6IwF83/HXJfKNvvotkr2WG6Dv8Vg1Hhk2Iv5y3EMbFa9rfv +6vjxho+0sYrraJH8qQAM08IIOi7+afrkR/ikgA8V7ymqmdxtMMHZqG+h5R0VGTVw +QBxZ5/ZiY56Qn5UH2m0Tc2AHOcAQTvCEwyb19IPyhif+rek3npSvKtDc6WBJioyi +gvDhl+jgIfcIo77w6GthgbFc9k68Je56Peu2J30zWj76Z+Di1OJhAj1wFr4/XT5o +c1MB/Vfyx3hEPRDNz7dRaDqoVnYVdoI0blyCiSkD9I4/axb4X3xN2SK4XA/zv+Lb +1FbCM1XFL2aF+09tk+77EVdWsBmQpOArD0d54E1YulBGaxVm5QKfov23KiqHIFVF +8WYqJqNJwbJRZii7klczkVm3wFte3NWK7HW8kfF147lv0z3AiZYnk0O6Mj1ip3R8 +Qm5yiv57DbbgIMkSPWCpEtFGHIoK2msJ2bQcizh2WGxLos00RTx3IVAeSAS54+kr +rMBg50wNczcGHKPDUKLwkYczgHonUtljAkeXnTl69rifChI+KpjHNtF6dFgC1aSt +MOud6HhAcd0f3lmuPzCGGp4YOQx9tV139bkCDQRf7uX4ARAAxaybudQK4fMIzLiV +grIzthhb3/DK83PNohTNMemM2V2z1Ij5Dlu2XNDypMdR0rKM/QI3zWud1+vd2h/l +QZlg58FspvrY6I7hI+cbdRldVaAKDGQHo5Bi0a7BkonZvS/0wnNUPIhy/znzXtXR +f4L7ePZMofH/2shz4TZ1yNpU8zaomY6eNjSc51P4vVxtDQ4QofQeJEn8aO9a4whu +O0TVEAPKRYBRgjM8faDuUJtLfiC3OrhLg+B7JVSF3di4JITAyafPbZACLjV7Umxb +SUL3qTJZVpIuhF0xQOCE+WRx3Xs7lkPdHMqP2OaJ8Y4ymR08cSfIP2XFKsQFtoqT +VyMQgGgI6VXF8OfnCnGgx0Do1vJNoL0neFzVXpCPPzh1RbcrtndZWum/1R4egkYg +J8TPQH5X391J58Uwd5l9/ZDdoSeeQYdtTR4YQ8//ATFO3hoSRvES4U6ZwO8LM6di +ra6pqb6j0liT+DdcBwE4C1bGJMJ6d93S5SfH3llDIMJo7uJDbKILFMES9rg7S6I8 ++SW75TjKUk4Y7L8R8qwURqEyuOOGfaQXirqvji4PdcGDBiIk2Oq69Ky6lmlJgyIH +SZ7SO1JXk0yAJTXb+a6FJTLFxidkIZzu+LhLBn/MhAPjVyv3qCTQ7O0lu8Mfcqg5 +8hhJ6IE79PBHS3z8ok+mFK0iGrcAEQEAAYkEcgQYAQgAJhYhBH4ckayAMKWlnR76 +uXUPPIdyPkASBQJf7uX4AhsCBQkD60WAAkAJEHUPPIdyPkASwXQgBBkBCAAdFiEE +JFV3TUL9/mucOD64/hACvFlwgR8FAl/u5fgACgkQ/hACvFlwgR+LoRAAgtIgaKb4 +ZY8qoAFZeph+Syg+mMKfPJkBuGUedJl6IxbHBSg2mhnCjJ0bmdqxsAXgtcSUqmtZ +Yw9NyoGgiVjs+gu5sQp1Oxc2/keQXaVksTkoXwdnf+2iXyp1WPeeLGySHmzuwy9c +eExt+h0mVmBgFls2wNdFGPbVfiT3PvFkwqsnta6HebDTN4pMzvG1IIGV7L5KRo1E +dmkrt3lXQWmdgHl3JoNQ9v/Jgf4jo6gDw53YvJFKJcaOOAS3d4CzPWmcLzcy4mf0 +9YI3DoQCbYL3cRNelUwzUF2L6QyPCwonXemLCmfkBgsSVqvW4fq8qbEHGF2fK7x3 +d7bZEsUiGCt/tXOkDkNJ31T/mC35nxZfcj8AMPixO+BnAeKeYC37LbQD76jrw526 +tUXsAF+QON5DPeot+e8bIx9qSbvdqpXDkK4lGcRTuS2OVC8J9XfDTch4wm3Kd4P4 +lDdRAJWnLfVay0m05LGlekWdEzcjP8KDaICH9rEs6f9e1gy6mTEBnBW//41BxELT +KxoTGlcX3yEhCmK36g5C/+d6b7Ji5arGGTCa96v/xG32KYc1zfn3TYkCx06pPUbz +iAl2l0MTpGeqz2hJMOGA3JuxwlksJKqnPYy0hHKdVW4Pnn25NeXcBp8wpkt8VZOR +bzjw/TJB7qvJHoRo1tat85Uij9rAXqTyO8Ea0hAAi/EfuiDDy3GV7bvjFSA1XEjL +d+F40g2X0QG/PHTScYB4rFJwV0GFUxLHr4g7iypAVI+BB4EYikx8gpee6B0g3J+r +aCFDDrRPDKdqrpZK53oYcBPkdSBbCr5MAa/M3DerKBEgoBVUbaSHWN7OH2ae+5R6 +X2ERmYZdW4PCj6lw7a+RhkAsgKo8RjonjV61ehQPZh20noI19Q80BYYSCfHHvzy5 +vwvByhmTMJNrl3PDpBy9/TwBR5DpnHfOPJX6bnl3pdu65F2TRM6yoFbfoUiEqrXV +4wC1I++N9VjrQvXSp0ik/XaMWq87wLIg+1owElJIzwyZWukQkZMAYtesVFz20YwC +7Nu8SNr/NTSCH1EqLsS4YhBTsjpc2T8AqUlgxKrilmLbrj64PXgMsQ9WYm5zwlC5 +UA5eky5YhETFJ25dIaplMm47aIbPSH5f9y5eYPkfOCoMu5oDzDzoXdH9V1YfsHqa +8bboSgTdariC23x38E9PaWQNyY2MFKL6cFt2ilIsMSSD6JAm1x8kBtn1bBopG588 +7mTDtlqHCw/QrTuLreJG9KJ1dQFJ/Q42+csH09l081wlv4BBuVlN1Xmj+c2sWn90 +l1BPZfYHd9jhggI96yTZhfTfFbSMSuGPQyqHnwDYdA3cNj5BYievBkO5FZaCe9SZ +4xcYgqlVpv15O7VrD+I= +=Uugw +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/usr.sbin.kea-ctrl-agent b/debian/usr.sbin.kea-ctrl-agent new file mode 100644 index 0000000..8a6d1f4 --- /dev/null +++ b/debian/usr.sbin.kea-ctrl-agent @@ -0,0 +1,28 @@ +abi <abi/3.0>, + +include <tunables/global> + +profile kea-ctrl-agent /usr/sbin/kea-ctrl-agent { + include <abstractions/base> + + network inet stream, + + /etc/kea/ r, + /etc/kea/** r, + /usr/sbin/kea-ctrl-agent mr, + + owner /run/kea/kea-ctrl-agent.kea-ctrl-agent.pid w, + owner /run/lock/kea/logger_lockfile rwk, + + # Control sockets + # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both + # locations + owner /{tmp,run/kea}/kea-ddns-ctrl-socket rw, + owner /{tmp,run/kea}/kea4-ctrl-socket rw, + owner /{tmp,run/kea}/kea6-ctrl-socket rw, + + owner /var/log/kea/kea-ctrl-agent.log rw, + owner /var/log/kea/kea-ctrl-agent.log.[0-9]* rw, + owner /var/log/kea/kea-ctrl-agent.log.lock rwk, + +} diff --git a/debian/usr.sbin.kea-dhcp-ddns b/debian/usr.sbin.kea-dhcp-ddns new file mode 100644 index 0000000..040f791 --- /dev/null +++ b/debian/usr.sbin.kea-dhcp-ddns @@ -0,0 +1,31 @@ +abi <abi/3.0>, + +include <tunables/global> + +profile kea-dhcp-ddns /usr/sbin/kea-dhcp-ddns { + include <abstractions/base> + include <abstractions/nameservice> + include <abstractions/openssl> + + network inet dgram, + network netlink raw, + + /etc/kea/ r, + /etc/kea/** r, + /usr/sbin/kea-dhcp-ddns mr, + + owner /run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid w, + owner /run/lock/kea/logger_lockfile rwk, + owner /run/kea/logger_lockfile rwk, + + # Control sockets + # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both + # locations + owner /{tmp,run/kea}/kea-ddns-ctrl-socket w, + owner /{tmp,run/kea}/kea-ddns-ctrl-socket.lock rwk, + + owner /var/log/kea/kea-ddns.log rw, + owner /var/log/kea/kea-ddns.log.[0-9]* rw, + owner /var/log/kea/kea-ddns.log.lock rwk, + +} diff --git a/debian/usr.sbin.kea-dhcp4 b/debian/usr.sbin.kea-dhcp4 new file mode 100644 index 0000000..0572c21 --- /dev/null +++ b/debian/usr.sbin.kea-dhcp4 @@ -0,0 +1,44 @@ +abi <abi/3.0>, + +include <tunables/global> + +profile kea-dhcp4 /usr/sbin/kea-dhcp4 { + include <abstractions/base> + include <abstractions/nameservice> + + # for MySQL access, localhost + include <abstractions/mysql> + include <abstractions/openssl> + + capability net_bind_service, + capability net_raw, + + network inet dgram, + network inet stream, + network netlink raw, + network packet raw, + + /etc/gss/mech.d/ r, + /etc/gss/mech.d/* r, + + /etc/kea/ r, + /etc/kea/** r, + /usr/sbin/kea-dhcp4 mr, + /usr/sbin/kea-lfc Px, + + owner /run/kea/kea-dhcp4.kea-dhcp4.pid w, + owner /run/lock/kea/logger_lockfile rwk, + + # Control sockets + # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both + # locations + owner /{tmp,run/kea}/kea4-ctrl-socket w, + owner /{tmp,run/kea}/kea4-ctrl-socket.lock rwk, + + # this includes .completed, .output, .pid, .[0-9] + owner /var/lib/kea/kea-leases4.csv* rw, + + owner /var/log/kea/kea-dhcp4.log rw, + owner /var/log/kea/kea-dhcp4.log.[0-9]* rw, + owner /var/log/kea/kea-dhcp4.log.lock rwk, +} diff --git a/debian/usr.sbin.kea-dhcp6 b/debian/usr.sbin.kea-dhcp6 new file mode 100644 index 0000000..77d4bdc --- /dev/null +++ b/debian/usr.sbin.kea-dhcp6 @@ -0,0 +1,44 @@ +abi <abi/3.0>, + +include <tunables/global> + +profile kea-dhcp6 /usr/sbin/kea-dhcp6 { + include <abstractions/base> + include <abstractions/nameservice> + + # for MySQL access, localhost + include <abstractions/mysql> + include <abstractions/openssl> + + network inet dgram, + network inet stream, + network netlink raw, + network packet raw, + + /etc/gss/mech.d/ r, + /etc/gss/mech.d/* r, + + /etc/kea/ r, + /etc/kea/** r, + /usr/sbin/kea-dhcp6 mr, + /usr/sbin/kea-lfc Px, + + owner /run/kea/kea-dhcp6.kea-dhcp6.pid w, + owner /run/lock/kea/logger_lockfile rwk, + + # Control sockets + # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both + # locations + owner /{tmp,run/kea}/kea6-ctrl-socket w, + owner /{tmp,run/kea}/kea6-ctrl-socket.lock rwk, + + owner /var/lib/kea/kea-dhcp6-serverid rw, + + # this includes .completed, .output, .pid, .[0-9] + owner /var/lib/kea/kea-leases6.csv* rw, + + owner /var/log/kea/kea-dhcp6.log rw, + owner /var/log/kea/kea-dhcp6.log.[0-9]* rw, + owner /var/log/kea/kea-dhcp6.log.lock rwk, + +} diff --git a/debian/usr.sbin.kea-lfc b/debian/usr.sbin.kea-lfc new file mode 100644 index 0000000..32f1f9b --- /dev/null +++ b/debian/usr.sbin.kea-lfc @@ -0,0 +1,31 @@ +abi <abi/3.0>, + +include <tunables/global> + +profile kea-lfc /usr/sbin/kea-lfc { + include <abstractions/base> + include <abstractions/nameservice> + + network inet dgram, + + /usr/sbin/kea-lfc mr, + + owner /run/kea/logger_lockfile rwk, + owner /run/lock/kea/logger_lockfile rw, + + # Control sockets + # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both + # locations + owner /{tmp,run/kea}/kea4-ctrl-socket.lock r, + owner /{tmp,run/kea}/kea6-ctrl-socket.lock r, + + # this includes .completed, .output, .pid, .[0-9] + owner /var/lib/kea/kea-leases4.csv* rw, + + # this includes .completed, .output, .pid, .[0-9] + owner /var/lib/kea/kea-leases6.csv* rw, + + owner /var/log/kea/kea-dhcp4.log w, + owner /var/log/kea/kea-dhcp6.log w, + +} diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..7e174c3 --- /dev/null +++ b/debian/watch @@ -0,0 +1,8 @@ +version=4 +opts=\ +compression=xz,\ +uversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\ +dirversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\ +dversionmangle=s/\.dfsg\./-/;s/[\.\+]dfsg$//,\ +pgpsigurlmangle=s/$/.asc/ \ + https://ftp.isc.org/isc/kea/(\d+\.\d*[02468]+\.\d+)/kea-(.+)\.tar\.gz diff --git a/debian/watch.include-odd-versions b/debian/watch.include-odd-versions new file mode 100644 index 0000000..be33fe3 --- /dev/null +++ b/debian/watch.include-odd-versions @@ -0,0 +1,8 @@ +version=4 +opts=\ +compression=xz,\ +uversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\ +dirversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\ +dversionmangle=s/\.dfsg\./-/;s/[\.\+]dfsg$//,\ +pgpsigurlmangle=s/$/.asc/ \ + https://ftp.isc.org/isc/kea/(\d+\.\d+\.\d+)/kea-(.+)\.tar\.gz |