summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/changelog404
-rw-r--r--debian/control175
-rw-r--r--debian/copyright408
-rw-r--r--debian/copyright-scan-patterns.yml33
-rw-r--r--debian/fill.copyright.blanks.yml18
-rw-r--r--debian/fix.scanned.copyright368
-rw-r--r--debian/gbp.conf4
-rw-r--r--debian/kea-admin.install3
-rw-r--r--debian/kea-admin.lintian-overrides2
-rw-r--r--debian/kea-admin.manpages2
-rw-r--r--debian/kea-common.install4
-rw-r--r--debian/kea-common.lintian-overrides1
-rw-r--r--debian/kea-common.manpages1
-rw-r--r--debian/kea-common.postinst39
-rw-r--r--debian/kea-ctrl-agent.init163
-rw-r--r--debian/kea-ctrl-agent.install4
-rw-r--r--debian/kea-ctrl-agent.lintian-overrides2
-rw-r--r--debian/kea-ctrl-agent.manpages2
-rw-r--r--debian/kea-ctrl-agent.service22
-rw-r--r--debian/kea-dev.install2
-rw-r--r--debian/kea-dhcp-ddns-server.init163
-rw-r--r--debian/kea-dhcp-ddns-server.install3
-rw-r--r--debian/kea-dhcp-ddns-server.lintian-overrides2
-rw-r--r--debian/kea-dhcp-ddns-server.manpages1
-rw-r--r--debian/kea-dhcp-ddns-server.service22
-rw-r--r--debian/kea-dhcp4-server.init163
-rw-r--r--debian/kea-dhcp4-server.install3
-rw-r--r--debian/kea-dhcp4-server.manpages1
-rw-r--r--debian/kea-dhcp4-server.service21
-rw-r--r--debian/kea-dhcp6-server.init163
-rw-r--r--debian/kea-dhcp6-server.install3
-rw-r--r--debian/kea-dhcp6-server.manpages1
-rw-r--r--debian/kea-dhcp6-server.service21
-rw-r--r--debian/kea-doc.README.Debian13
-rw-r--r--debian/kea-doc.doc-base11
-rw-r--r--debian/kea-doc.docs3
-rw-r--r--debian/kea-doc.lintian-overrides3
-rw-r--r--debian/not-installed4
-rw-r--r--debian/patches/0001-support_kfreebsd.patch28
-rw-r--r--debian/patches/0002-kea_admin_fix.patch20
-rw-r--r--debian/patches/0009-disable-database-tests.patch26
-rw-r--r--debian/patches/0010-set-control-sockets-location.patch116
-rw-r--r--debian/patches/series4
-rw-r--r--debian/python3-kea-connector.install2
-rwxr-xr-xdebian/rules58
-rw-r--r--debian/salsa-ci.yml7
-rw-r--r--debian/source/format1
-rw-r--r--debian/source/lintian-overrides1
-rw-r--r--debian/tests/control7
-rw-r--r--debian/tests/kea-dhcp4245
-rw-r--r--debian/tests/kea-dhcp4.conf.template71
-rw-r--r--debian/tests/smoke-tests38
-rw-r--r--debian/upstream/metadata6
-rw-r--r--debian/upstream/signing-key.asc308
-rw-r--r--debian/usr.sbin.kea-ctrl-agent28
-rw-r--r--debian/usr.sbin.kea-dhcp-ddns31
-rw-r--r--debian/usr.sbin.kea-dhcp444
-rw-r--r--debian/usr.sbin.kea-dhcp644
-rw-r--r--debian/usr.sbin.kea-lfc31
-rw-r--r--debian/watch8
-rw-r--r--debian/watch.include-odd-versions8
61 files changed, 3390 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..058678a
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,404 @@
+isc-kea (2.2.0-6) unstable; urgency=medium
+
+ [ Andreas Hasenack ]
+ * apparmor: use the apparmor nameservice abstraction.
+ Use the apparmor nameservice abstraction instead of hand-picked rules.
+ (Closes: #1033640, #1033639)
+
+ -- Paride Legovini <paride@debian.org> Mon, 03 Apr 2023 12:48:28 +0200
+
+isc-kea (2.2.0-5) unstable; urgency=medium
+
+ [ Paride Legovini ]
+ * d/control: update to Standards-Version 4.6.2, no changes needed
+
+ [ Andreas Hasenack ]
+ * d/t/kea-dhcp4.conf.template: retry opening a socket. Sometimes the
+ `keabr0` bridge used in the DEP8 test takes a while to become ready, and
+ kea-dhcp4 fails to open a socket on it. Add configuration options to
+ kea-dhcp4 to retry opening the socket a few times before giving up.
+ (LP: #2008932)
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com> Thu, 02 Mar 2023 14:00:17 -0300
+
+isc-kea (2.2.0-4) unstable; urgency=medium
+
+ [ Athos Ribeiro ]
+ * d/rules: use MathJax from libjs-mathjax instead loading from external CDN
+
+ [ Andreas Hasenack ]
+ * d/t/kea-dhcp4: make the test more robust
+ - increase dhclient timeout to 60s, and run in verbose mode
+ - show logs in the case of failure
+ - set +e inside the cleanup handler
+ - fix resolv.conf regexp
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com> Mon, 27 Feb 2023 14:58:26 -0300
+
+isc-kea (2.2.0-3) unstable; urgency=medium
+
+ [ Andreas Hasenack ]
+ * Add apparmor profiles.
+ - d/control: add build-depends on dh-apparmor
+ - d/usr.sbin.kea-*: add the profiles
+ - d/kea-*.install: install the profiles
+ - d/rules: use dh_apparmor to enable the profiles
+ * d/tests: Add DEP8 test for kea-dhcp4
+
+ -- Paride Legovini <paride@debian.org> Fri, 17 Feb 2023 19:59:43 +0100
+
+isc-kea (2.2.0-2) unstable; urgency=medium
+
+ [ Athos Ribeiro ]
+ * d/tests: add simple DEP8 smoke tests
+ * Set default control sockets location to /run/kea (Closes: #1014929)
+ (LP: #1863100)
+
+ [ Paride Legovini ]
+ * d/control: drop dependency on lsb-base (obsolete)
+ * d/salsa-ci.yml: enable the autopkgtest job
+ * d/kea-common.*:
+ - Do not install keactrl. The keactrl script is not systemd-aware and not
+ installed by the upstream .deb packages. Remove it from the Debian
+ packaging
+ - Leave handling of /var/*/kea directories to systemd. No need to create
+ them in packaging as the systemd units will automatically create them
+ with the right ownership and permissions
+ * d/*.service:
+ - Do not set KEA_LOGGER_DESTINATION. The variable is meant to tell the
+ daemons where to log *before* their config files are loaded. If unset
+ the default is stdout, which works well with systemd
+ - Do not set KEA_PIDFILE_DIR. What we set it to corresponds to the
+ defaults. The documentation says that KEA_PIDFILE_DIR "is intended
+ primarily for testing"
+ * d/rules: use the systemd journal for logging (Closes: #1016747)
+ (LP: #2006522)
+ * d/kea-doc.README.Debian: document how logging is done by default
+ * d/tests/smoke-tests: check location of PID and lock files
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com> Tue, 14 Feb 2023 11:24:58 -0300
+
+isc-kea (2.2.0-1) unstable; urgency=medium
+
+ * New upstream version 2.2.0.
+ Thanks to Daniel Baumann (Closes: #1016109)
+ * debian/patches:
+ - 0002-kea_admin_fix.patch: refresh patch
+ - 0007-keyctrl-colored-ddns-status.patch: drop patch (fixed upstream)
+ - 0009-disable-database-tests.patch: refresh patch
+ - 0010-build-libco-when-gtest-is-not-enabled: drop patch (fixed upstream)
+ - 0011-sphinx-set-language.patch: drop patch (fixed upstream)
+ * d/kea-doc.doc-base: register documentation to doc-base
+ * Lintian overrides:
+ - *.lintian-overrides: adapt to "pointed hints" syntax
+ - kea-admin.l-o: bash-term-in-posix-shell (false positives)
+ - d/kea-doc.l-o: add overrides for sphinx installed fonts.
+ + font-in-non-font-package [usr/share/doc/kea/html/_static/fonts/*]
+ + font-outside-font-dir [usr/share/doc/kea/html/_static/fonts/*]
+ * d/copyright: remove file patterns made unnecessary by new release
+ * d/salsa-ci.yml: add salsa CI
+
+ -- Paride Legovini <paride@debian.org> Tue, 02 Aug 2022 12:16:45 +0000
+
+isc-kea (2.0.2-3) unstable; urgency=medium
+
+ * d/rules: configure: specify the Python site packages location.
+ Related changes:
+ - d/python3-kea-connector.install: update paths accordingly
+ Thanks to Kilian Krause (Closes: #1014995)
+
+ -- Paride Legovini <paride@debian.org> Wed, 20 Jul 2022 16:03:19 +0000
+
+isc-kea (2.0.2-2) unstable; urgency=medium
+
+ * d/patches: explicitly set the sphinx doc language.
+ Needed for compatibility with Sphinx 5.0. New patch:
+ - d/p/0011-sphinx-set-language.patch (Closes: #1013407)
+ * d/control: bump Standards-Version to 4.6.1, no changes needed
+ * d/gbp.conf: debian-branch = debian/unstable (DEP-14)
+ * d/gbp.conf: enable use of pristine-tar
+ * d/watch.include-odd-versions: alternative watch file.
+ Also covers the odd-numbered (= devel) upstream releases.
+
+ -- Paride Legovini <paride@debian.org> Sun, 26 Jun 2022 14:48:25 +0000
+
+isc-kea (2.0.2-1) unstable; urgency=medium
+
+ * New upstream version 2.0.2
+
+ -- Paride Legovini <paride@debian.org> Mon, 07 Mar 2022 21:13:17 +0000
+
+isc-kea (2.0.1-2) unstable; urgency=medium
+
+ * Upload to Debian unstable
+ * wrap-and-sort -bast (cosmetic)
+
+ -- Paride Legovini <paride@debian.org> Sun, 30 Jan 2022 19:39:09 +0100
+
+isc-kea (2.0.1-1) experimental; urgency=medium
+
+ * New upstream version 2.0.1 (Closes: #954768, #973641)
+ * d/watch: fix search path and only match stable versions (Closes: #974611)
+ * d/u/signing-key.asc: replace with new key for 2021-2022.
+ * d/control:
+ - Update Standards-Version to 4.6.0 (no changes needed)
+ - Switch to dh compat level 13
+ - Set Rules-Requires-Root: no
+ - Drop ORed dependency on obsolete libmysqlclient-dev
+ - Add python3-kea-connector dependency to kea-ctrl-agent
+ - Build-Depend on procps (test dependency)
+ - Drop Section: libs for kea-common (fallback to Section: net)
+ - Minor cosmetic changes to the descriptions
+ * d/rules:
+ - Don't pass --as-needed to ld (it's now the default)
+ - Drop explicit `dh_missing --fail-missing` (default in dh 13)
+ - Drop useless override_dh_auto_make target
+ - Drop override_dh_clean (not needed)
+ - Use execute_after_* targets where appropriate
+ - Do not ignore the test results
+ - Drop unnecessary $@ in override_dh_auto_configure
+ - Disable out-of-source building (dh -B)
+ - Set localstatedir to /var (Closes: #959149)
+ - Delete __pycache__ recursively
+ - Don't delete keactrl.8
+ - Drop `dh_installdocs -A`: it prevents using a main doc package
+ - Build perfdhcp (configure flag: --enable-perfdhcp)
+ * d/patches:
+ - 0001-support_kfreebsd: refresh patch
+ - 0002-kea_admin_fix: refresh patch
+ - 0003-Use-runstatedir-for-pid-file-location.patch: drop, fixed upstream
+ - d/p/0004-Put-KEA_LOCKFILE_DIR-to-runstatedir.patch: drop patch.
+ Replaced by setting the KEA_LOCKFILE_DIR environment variable.
+ - 0007-keyctrl-colored-ddns-status.patch: add patch
+ - 0009-disable-database-tests.patch: add patch.
+ Skip the database tests (problematic to run in automation).
+ - 0010-build-libco-when-gtest-is-not-enabled.patch: add patch.
+ Fix test suite fails if Kea is built without gtest.
+ - Always use the .patch extension for uniformity
+ * d/docs: drop file, replaced by kea-doc.docs
+ * d/kea-doc.install: drop file, replaced by d/kea-doc.docs
+ * d/kea-admin.install: install perfdhcp
+ * d/*.install: move manpages to d/*.manpages
+ * d/kea-common.manpages: install keactrl.8
+ * d/kea-doc.docs:
+ - Add CONTRIBUTING.md
+ - Install the API reference
+ * d/not-installed: refresh list of not-installed files
+ * d/s/lintian-overrides: override very-long-line-length-in-source-file
+ * d/kea-common.l-o: override script-not-executable etc/kea/keactrl.conf.
+ Has a shebang but it's meant to be sourced, not executed.
+ * d/u/metadata: add upstream metadata file
+ * d/copyright:
+ - Add Canonical Ltd. for debian/*
+ - Drop references to nonexisting files
+ * d/control: add Paride Legovini to Uploaders
+
+ -- Paride Legovini <paride@debian.org> Thu, 27 Jan 2022 12:27:23 +0100
+
+isc-kea (1.7.5-1) unstable; urgency=medium
+
+ * Bump dh compat to 12, bump debian standard to 4.5.0
+ (dh_compat v11 is broken and should not be used)
+ * New upstream version 1.7.5
+ * Security issues fixed since 1.5.0-2:
+ + CVE-2019-6472: A packet containing a malformed DUID can cause the
+ kea-dhcp6 server to terminate
+ + CVE-2019-6473: An invalid hostname option can cause the kea-dhcp4
+ server to terminate
+ + CVE-2019-6474: An oversight when validating incoming client requests
+ can lead to a situation where the Kea server will exit when trying to
+ restart
+ * Add python3-sphinx and python3-sphinx-rtd-theme to Build-Depends to
+ build the documentation
+ * Adjust installed files
+ * Add 'kea' metapackage that depends on all server components of Kea
+ * Fix more ISC KEA -> Kea naming
+ * Cleanup the lintian warnings
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 23 Mar 2020 11:11:05 +0100
+
+isc-kea (1.5.0-2) unstable; urgency=medium
+
+ [ Jason Guy ]
+ * Stop deleting _kea user and group on postrm for security
+ * Drop debhelper compat to v11; v12 adds dependency on init-system-helpers
+ (>=1.52), and stretch uses 1.48.
+
+ [ Badreddin Aboubakr ]
+ * Fix systemd service file & create group kea
+ * Fix maintaner scripts to handle the _kea group (Closes: #924105)
+
+ [ Michal Nowikowski ]
+ * Fixed names of referenced services in WantedBy fields
+
+ -- Ondřej Surý <ondrej@sury.org> Wed, 12 Jun 2019 16:11:11 +0200
+
+isc-kea (1.5.0-1) unstable; urgency=medium
+
+ [ Ondřej Surý ]
+ * New upstream version 1.5.0 (Closes: #916288)
+ * Update d/watch to use better mangling and https:// URL
+ * Update ISC signing key
+ * Bump debhelper compat level to v12
+ * Fix some default paths to use runstatedir
+ * Create a non-privileged user _kea and run the Kea services under that user
+ (Closes: #910671)
+ * Add the netconf stuff to d/not-installed
+ * Greatly simplify d/copyright (Closes: #905214)
+ * Fix dpkg-statoverride usage in maintscripts
+ * Add adduser to kea-common Depends
+ * Add Pre-Depends: ${misc:Pre-Depends} for systemd Pre-Depends
+ * DHCPv4 daemon also needs CAP_NET_RAW
+ * It's Kea, not ISC KEA; fix the .service files
+
+ [ Yuval Freund ]
+ * Fix python dep issue. (Closes: #905977, #908491)
+
+ [ Badreddin Aboubakr ]
+ * Fix systemd Unit Files
+ + Change lock directory (systemd nesting issue)
+ + Quote RuntimeDirectory
+ + Remove "LogsDirectory" and "LogsDirectoryMode" (they are not
+ supported in systemd 232)
+
+ [ Jason Guy ]
+ * Added a new patch to fix the kea-admin script.
+ * Fixed the postrm script (Closes: #905421)
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 25 Feb 2019 12:12:36 +0000
+
+isc-kea (1.4.0.P1-5) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Added a missing python3 dependency (Closes: #905977)
+ * Fixed kea-ctrl-agent dependency (Closes: #908491)
+ * Fixed kea-common postrm script (Closes: #905421)
+ * Fixed state directories (Closes: #910671)
+ * Fixed copyright (Closes: #905214)
+ * Cleaned up quilt patches.
+
+ -- Jason Guy <jason.e.guy@gmail.com> Sun, 16 Dec 2018 19:31:18 -0500
+
+isc-kea (1.4.0.P1-3) unstable; urgency=medium
+
+ [ Ondřej Surý ]
+ * Install keactrl binary and manpage to kea-common package
+ * Make package backportable to Ubuntu Trusty that doesn't have
+ debian/not-installed support yet
+ * Tighten the permissions on the /run/lock/kea, /var/log/kea and
+ /var/lib/kea directory
+ * Merge little bits from Jason in d/control and d/rules
+ * Cleanup install files
+
+ [ Jason Guy ]
+ * Added missing files.
+ * Minor fixes to the lockfile paths.
+
+ [ Adam Majer ]
+ * Update ISC signing key for 2017-2018
+ * Add python3-kea-connector and kea-ctrl-agent files
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 16 Jul 2018 15:53:56 +0000
+
+isc-kea (1.4.0.P1-2) unstable; urgency=medium
+
+ * Add alternative dependency for default-libmysqlclient-dev to make
+ backporting easier
+ * Re-enable mysql and pgsql backends
+
+ -- Ondřej Surý <ondrej@debian.org> Sat, 14 Jul 2018 12:14:40 +0000
+
+isc-kea (1.4.0.P1-1) unstable; urgency=medium
+
+ * New upstream version 1.4.0.P1
+ + [CVE-2018-5739]: failure to release memory may exhaust system
+ resources (Closes: #903729)
+
+ -- Ondřej Surý <ondrej@debian.org> Sat, 14 Jul 2018 08:51:37 +0000
+
+isc-kea (1.4.0-2) experimental; urgency=medium
+
+ * New upstream version 1.4.0 (Closes: #874501, #874501)
+ * Update Maintainer, Uploaders and Vcs-* Links
+ * Use --fail-missing to catch files not installed which should be
+ * Update bug numbers in d/changelog
+ * Add kea-admin binary into kea-admin package (Closes: #851712)
+ * Install hooks in kea-common package and kea-ctrl-agent into kea-utils
+ package
+ * Move kea-ctrl-agent to kea-admin package
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 13 Jul 2018 20:00:33 +0000
+
+isc-kea (1.4.0-1) experimental; urgency=medium
+
+ * New upstream version 1.4.0 (Closes: #874501, #874501)
+ * Rebase patches on top of Kea 1.4
+ * Use upstream conffiles
+ * Run d/ through wrap-and-sort -a + add dh-autoconf
+ * Enable autoreconf
+ * Don't install *.spec files
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 13 Jul 2018 18:42:25 +0000
+
+isc-kea (1.1.0-1) unstable; urgency=medium
+
+ * New upstream version 1.1.0 (closes: #844536)
+ + support PostgreSQL and MySQL for host reservation for both
+ DHCPv4 and DHCPv6
+ + allows MySQL and PostgreSQL host reservations databases
+ to operate in read-only mode
+ + extends host reservations capabilities based on specific
+ DHCP options.
+ + expanded client classification system
+ + DHCPv4-over-DHCPv6 - RFC7341
+ * builds with default mysql library (closes: #845856)
+ * debian/patches:
+ - fix_gcc6 - removed, upstreamed
+ - openssl1.1 - add OpenSSL 1.1 support (closes: #828356)
+
+ -- Adam Majer <adamm@zombino.com> Sun, 27 Nov 2016 23:07:17 +0100
+
+isc-kea (1.0.0-4) unstable; urgency=medium
+
+ * debian/rules:
+ + Disable warnings being treated as errors during compilation.
+ This fixes compilation with GCC 6.0 and Kea's use of
+ auto_ptr which trigger depreciation warning (closes: #831123)
+ * debian/patches/fix_gcc6:
+ + fix compilation with gcc6 C++14
+
+ -- Adam Majer <adamm@zombino.com> Mon, 25 Jul 2016 22:23:36 +0200
+
+isc-kea (1.0.0-3) unstable; urgency=medium
+
+ * debian/patches/support_kfreebsd:
+ + Add support for kFreeBSD - detect it as FreeBSD
+ * debian/watch:
+ + Only detect X.Y.Z* version formats
+ + Sort beta and other candidates before final release
+ + Verify upstream GPG signature
+ * debian/control:
+ + Remove dependency on Botan. Use OpenSSL instead.
+ * debian/rules:
+ + Disable dependency tracking for faster build
+ + Fix typo in configure script
+ * Updated .service files to start KEA services only after
+ network is up and time has been synced.
+ * Update Standard to 3.9.7. No changes.
+
+ -- Adam Majer <adamm@zombino.com> Thu, 03 Mar 2016 20:49:02 -0600
+
+isc-kea (1.0.0-2) unstable; urgency=medium
+
+ * debian/copyright:
+ + Explicitly list more embedded boost headers
+ * debian/control:
+ + Do not require specific PostgreSQL version (closes: #814323)
+
+ -- Adam Majer <adamm@zombino.com> Fri, 26 Feb 2016 13:37:51 -0600
+
+isc-kea (1.0.0-1) unstable; urgency=low
+
+ * Initial release (Closes: #759703)
+
+ -- Adam Majer <adamm@zombino.com> Tue, 19 Jan 2016 13:15:40 -0600
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..d8d1260
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,175 @@
+Source: isc-kea
+Section: net
+Priority: optional
+Maintainer: Kea <isc-kea@packages.debian.org>
+Uploaders:
+ Adam Majer <adamm@zombino.com>,
+ Ondřej Surý <ondrej@debian.org>,
+ Jason Guy <jason.e.guy@gmail.com>,
+ Paride Legovini <paride@debian.org>,
+Build-Depends:
+ bison,
+ debhelper-compat (= 13),
+ default-libmysqlclient-dev,
+ dh-apparmor,
+ dh-python,
+ docbook,
+ docbook-xsl,
+ elinks,
+ flex,
+ libboost-dev,
+ libboost-system-dev,
+ liblog4cplus-dev,
+ libpq-dev,
+ libssl-dev,
+ postgresql-server-dev-all,
+ procps,
+ python3-dev,
+ python3-sphinx,
+ python3-sphinx-rtd-theme,
+ xsltproc,
+Standards-Version: 4.6.2
+Homepage: http://kea.isc.org/
+Vcs-Git: https://salsa.debian.org/debian/isc-kea.git
+Vcs-Browser: https://salsa.debian.org/debian/isc-kea
+Rules-Requires-Root: no
+
+Package: kea
+Architecture: all
+Depends:
+ kea-admin,
+ kea-ctrl-agent,
+ kea-dhcp-ddns-server,
+ kea-dhcp4-server,
+ kea-dhcp6-server,
+ ${misc:Depends},
+Description: DHCP server [meta]
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium
+ providing a very high-performance with PostgreSQL, MySQL and memfile backends.
+ .
+ This is a metapackage that depends on all server components of Kea.
+
+Package: kea-admin
+Architecture: any
+Section: admin
+Depends:
+ kea-common (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: Administration utilities for Kea DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides backend database initialization and migration
+ scripts and a DHCP benchmark tool.
+
+Package: kea-common
+Architecture: any
+Depends:
+ adduser,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: Common libraries for the Kea DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides common libraries used by Kea servers and utilities.
+
+Package: kea-ctrl-agent
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends},
+Depends:
+ kea-common (= ${binary:Version}),
+ python3-kea-connector,
+ ${misc:Depends},
+ ${python3:Depends},
+ ${shlibs:Depends},
+Suggests:
+ kea-doc,
+Description: REST API service for Kea DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides the REST API service agent for Kea DHCP.
+
+Package: kea-dev
+Architecture: any
+Section: devel
+Depends:
+ kea-common (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: Development headers for Kea DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides headers and static libraries of the common Kea
+ libraries, including libdhcp++.
+
+Package: kea-dhcp-ddns-server
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends},
+Depends:
+ kea-common (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Suggests:
+ kea-doc,
+Description: DHCP Dynamic DNS service
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides Dynamic DNS service to update DNS mapping based on
+ DHCP lease events.
+
+Package: kea-dhcp4-server
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends},
+Depends:
+ kea-common (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Suggests:
+ kea-doc,
+Description: IPv4 DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium
+ providing a very high-performance with PostgreSQL, MySQL and memfile backends.
+ .
+ This package provides the IPv4 DHCP server.
+
+Package: kea-dhcp6-server
+Architecture: any
+Pre-Depends:
+ ${misc:Pre-Depends},
+Depends:
+ kea-common (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Suggests:
+ kea-doc,
+Description: IPv6 DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium
+ providing a very high-performance with PostgreSQL, MySQL and memfile backends.
+ .
+ This package provides the IPv6 DHCP server.
+
+Package: kea-doc
+Architecture: all
+Section: doc
+Depends:
+ ${misc:Depends},
+Recommends:
+ libjs-mathjax,
+Description: Documentation for Kea DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides documentation for the DHCP servers.
+
+Package: python3-kea-connector
+Architecture: all
+Section: python
+Depends:
+ ${misc:Depends},
+ ${python3:Depends},
+Description: Python3 management connector for Kea DHCP server
+ Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
+ .
+ This package provides Python3 connector.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..8cb8cd3
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,408 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+
+Files: *
+Copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC")
+License: MPL-2.0
+
+Files: debian/*
+Copyright: 2016-2018, Adam Majer <adamm@zombino.com>
+ 2017-2018, Jason Guy (jason.e.guy@gmail.com)
+ 2018-2019, Internet Systems Consortium, Inc.
+ 2022, Canonical Ltd.
+License: MPL-2.0
+
+Files: src/bin/agent/agent_parser.cc
+ src/bin/agent/agent_parser.h
+ src/bin/agent/location.hh
+ src/bin/d2/d2_parser.cc
+ src/bin/d2/d2_parser.h
+ src/bin/d2/location.hh
+ src/bin/dhcp4/dhcp4_parser.cc
+ src/bin/dhcp4/dhcp4_parser.h
+ src/bin/dhcp4/location.hh
+ src/bin/dhcp6/dhcp6_parser.cc
+ src/bin/dhcp6/dhcp6_parser.h
+ src/bin/dhcp6/location.hh
+ src/lib/eval/location.hh
+ src/lib/eval/parser.cc
+ src/lib/eval/parser.h
+Copyright: 2002-2015, Free Software Foundation, Inc.
+License: GPL-3+-with-bison-exception
+
+Files: src/lib/util/encode/*
+Copyright: 2002, Robert Ramey - http:www.rrsd.com .
+License: BSL-1.0
+
+License: GPL-3+-with-bison-exception
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 3 dated June, 2007, or (at
+ your option) any later version.
+ .
+ As a special exception, you may create a larger work that contains
+ part or all of the Bison parser skeleton and distribute that work
+ under terms of your choice, so long as that work isn't itself a
+ parser generator using the skeleton or a modified version thereof
+ as a parser skeleton. Alternatively, if you modify or redistribute
+ the parser skeleton itself, you may (at your option) remove this
+ special exception, which will cause the skeleton and the resulting
+ Bison output files to be licensed under the GNU General Public
+ License without this special exception.
+ .
+ On Debian systems, the complete text of version 3 of the GNU General
+ Public License can be found in '/usr/share/common-licenses/GPL-3'.
+
+License: MPL-2.0
+ .
+ Mozilla Public License Version 2.0
+ ==================================
+ .
+ 1. Definitions
+ --------------
+ 1.1. "Contributor"
+ means each individual or legal entity that creates, contributes to
+ the creation of, or owns Covered Software.
+ 1.2. "Contributor Version"
+ means the combination of the Contributions of others (if any) used
+ by a Contributor and that particular Contributor's Contribution.
+ 1.3. "Contribution"
+ means Covered Software of a particular Contributor.
+ 1.4. "Covered Software"
+ means Source Code Form to which the initial Contributor has attached
+ the notice in Exhibit A, the Executable Form of such Source Code
+ Form, and Modifications of such Source Code Form, in each case
+ including portions thereof.
+ 1.5. "Incompatible With Secondary Licenses"
+ means
+ (a) that the initial Contributor has attached the notice described
+ in Exhibit B to the Covered Software; or
+ (b) that the Covered Software was made available under the terms of
+ version 1.1 or earlier of the License, but not also under the
+ terms of a Secondary License.
+ 1.6. "Executable Form"
+ means any form of the work other than Source Code Form.
+ 1.7. "Larger Work"
+ means a work that combines Covered Software with other material, in
+ a separate file or files, that is not Covered Software.
+ 1.8. "License"
+ means this document.
+ 1.9. "Licensable"
+ means having the right to grant, to the maximum extent possible,
+ whether at the time of the initial grant or subsequently, any and
+ all of the rights conveyed by this License.
+ 1.10. "Modifications"
+ means any of the following:
+ (a) any file in Source Code Form that results from an addition to,
+ deletion from, or modification of the contents of Covered
+ Software; or
+ (b) any new file in Source Code Form that contains any Covered
+ Software.
+ 1.11. "Patent Claims" of a Contributor
+ means any patent claim(s), including without limitation, method,
+ process, and apparatus claims, in any patent Licensable by such
+ Contributor that would be infringed, but for the grant of the
+ License, by the making, using, selling, offering for sale, having
+ made, import, or transfer of either its Contributions or its
+ Contributor Version.
+ 1.12. "Secondary License"
+ means either the GNU General Public License, Version 2.0, the GNU
+ Lesser General Public License, Version 2.1, the GNU Affero General
+ Public License, Version 3.0, or any later versions of those
+ licenses.
+ 1.13. "Source Code Form"
+ means the form of the work preferred for making modifications.
+ 1.14. "You" (or "Your")
+ means an individual or a legal entity exercising rights under this
+ License. For legal entities, "You" includes any entity that
+ controls, is controlled by, or is under common control with You. For
+ purposes of this definition, "control" means (a) the power, direct
+ or indirect, to cause the direction or management of such entity,
+ whether by contract or otherwise, or (b) ownership of more than
+ fifty percent (50%) of the outstanding shares or beneficial
+ ownership of such entity.
+ .
+ 2. License Grants and Conditions
+ --------------------------------
+ 2.1. Grants
+ Each Contributor hereby grants You a world-wide, royalty-free,
+ non-exclusive license:
+ (a) under intellectual property rights (other than patent or trademark)
+ Licensable by such Contributor to use, reproduce, make available,
+ modify, display, perform, distribute, and otherwise exploit its
+ Contributions, either on an unmodified basis, with Modifications, or
+ as part of a Larger Work; and
+ (b) under Patent Claims of such Contributor to make, use, sell, offer
+ for sale, have made, import, and otherwise transfer either its
+ Contributions or its Contributor Version.
+ .
+ 2.2. Effective Date
+ The licenses granted in Section 2.1 with respect to any Contribution
+ become effective for each Contribution on the date the Contributor first
+ distributes such Contribution.
+ .
+ 2.3. Limitations on Grant Scope
+ The licenses granted in this Section 2 are the only rights granted under
+ this License. No additional rights or licenses will be implied from the
+ distribution or licensing of Covered Software under this License.
+ Notwithstanding Section 2.1(b) above, no patent license is granted by a
+ Contributor:
+ (a) for any code that a Contributor has removed from Covered Software;
+ or
+ (b) for infringements caused by: (i) Your and any other third party's
+ modifications of Covered Software, or (ii) the combination of its
+ Contributions with other software (except as part of its Contributor
+ Version); or
+ (c) under Patent Claims infringed by Covered Software in the absence of
+ its Contributions.
+ This License does not grant any rights in the trademarks, service marks,
+ or logos of any Contributor (except as may be necessary to comply with
+ the notice requirements in Section 3.4).
+ .
+ 2.4. Subsequent Licenses
+ No Contributor makes additional grants as a result of Your choice to
+ distribute the Covered Software under a subsequent version of this
+ License (see Section 10.2) or under the terms of a Secondary License (if
+ permitted under the terms of Section 3.3).
+ .
+ 2.5. Representation
+ Each Contributor represents that the Contributor believes its
+ Contributions are its original creation(s) or it has sufficient rights
+ to grant the rights to its Contributions conveyed by this License.
+ .
+ 2.6. Fair Use
+ This License is not intended to limit any rights You have under
+ applicable copyright doctrines of fair use, fair dealing, or other
+ equivalents.
+ .
+ 2.7. Conditions
+ Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+ in Section 2.1.
+ .
+ 3. Responsibilities
+ -------------------
+ 3.1. Distribution of Source Form
+ All distribution of Covered Software in Source Code Form, including any
+ Modifications that You create or to which You contribute, must be under
+ the terms of this License. You must inform recipients that the Source
+ Code Form of the Covered Software is governed by the terms of this
+ License, and how they can obtain a copy of this License. You may not
+ attempt to alter or restrict the recipients' rights in the Source Code
+ Form.
+ .
+ 3.2. Distribution of Executable Form
+ If You distribute Covered Software in Executable Form then:
+ (a) such Covered Software must also be made available in Source Code
+ Form, as described in Section 3.1, and You must inform recipients of
+ the Executable Form how they can obtain a copy of such Source Code
+ Form by reasonable means in a timely manner, at a charge no more
+ than the cost of distribution to the recipient; and
+ (b) You may distribute such Executable Form under the terms of this
+ License, or sublicense it under different terms, provided that the
+ license for the Executable Form does not attempt to limit or alter
+ the recipients' rights in the Source Code Form under this License.
+ 3.3. Distribution of a Larger Work
+ You may create and distribute a Larger Work under terms of Your choice,
+ provided that You also comply with the requirements of this License for
+ the Covered Software. If the Larger Work is a combination of Covered
+ Software with a work governed by one or more Secondary Licenses, and the
+ Covered Software is not Incompatible With Secondary Licenses, this
+ License permits You to additionally distribute such Covered Software
+ under the terms of such Secondary License(s), so that the recipient of
+ the Larger Work may, at their option, further distribute the Covered
+ Software under the terms of either this License or such Secondary
+ License(s).
+ .
+ 3.4. Notices
+ You may not remove or alter the substance of any license notices
+ (including copyright notices, patent notices, disclaimers of warranty,
+ or limitations of liability) contained within the Source Code Form of
+ the Covered Software, except that You may alter any license notices to
+ the extent required to remedy known factual inaccuracies.
+ .
+ 3.5. Application of Additional Terms
+ You may choose to offer, and to charge a fee for, warranty, support,
+ indemnity or liability obligations to one or more recipients of Covered
+ Software. However, You may do so only on Your own behalf, and not on
+ behalf of any Contributor. You must make it absolutely clear that any
+ such warranty, support, indemnity, or liability obligation is offered by
+ You alone, and You hereby agree to indemnify every Contributor for any
+ liability incurred by such Contributor as a result of warranty, support,
+ indemnity or liability terms You offer. You may include additional
+ disclaimers of warranty and limitations of liability specific to any
+ jurisdiction.
+ .
+ 4. Inability to Comply Due to Statute or Regulation
+ ---------------------------------------------------
+ .
+ If it is impossible for You to comply with any of the terms of this
+ License with respect to some or all of the Covered Software due to
+ statute, judicial order, or regulation then You must: (a) comply with
+ the terms of this License to the maximum extent possible; and (b)
+ describe the limitations and the code they affect. Such description must
+ be placed in a text file included with all distributions of the Covered
+ Software under this License. Except to the extent prohibited by statute
+ or regulation, such description must be sufficiently detailed for a
+ recipient of ordinary skill to be able to understand it.
+ .
+ 5. Termination
+ --------------
+ .
+ 5.1. The rights granted under this License will terminate automatically
+ if You fail to comply with any of its terms. However, if You become
+ compliant, then the rights granted under this License from a particular
+ Contributor are reinstated (a) provisionally, unless and until such
+ Contributor explicitly and finally terminates Your grants, and (b) on an
+ ongoing basis, if such Contributor fails to notify You of the
+ non-compliance by some reasonable means prior to 60 days after You have
+ come back into compliance. Moreover, Your grants from a particular
+ Contributor are reinstated on an ongoing basis if such Contributor
+ notifies You of the non-compliance by some reasonable means, this is the
+ first time You have received notice of non-compliance with this License
+ from such Contributor, and You become compliant prior to 30 days after
+ Your receipt of the notice.
+ .
+ 5.2. If You initiate litigation against any entity by asserting a patent
+ infringement claim (excluding declaratory judgment actions,
+ counter-claims, and cross-claims) alleging that a Contributor Version
+ directly or indirectly infringes any patent, then the rights granted to
+ You by any and all Contributors for the Covered Software under Section
+ 2.1 of this License shall terminate.
+ .
+ 5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+ end user license agreements (excluding distributors and resellers) which
+ have been validly granted by You or Your distributors under this License
+ prior to termination shall survive termination.
+ .
+ ************************************************************************
+ * *
+ * 6. Disclaimer of Warranty *
+ * ------------------------- *
+ * *
+ * Covered Software is provided under this License on an "as is" *
+ * basis, without warranty of any kind, either expressed, implied, or *
+ * statutory, including, without limitation, warranties that the *
+ * Covered Software is free of defects, merchantable, fit for a *
+ * particular purpose or non-infringing. The entire risk as to the *
+ * quality and performance of the Covered Software is with You. *
+ * Should any Covered Software prove defective in any respect, You *
+ * (not any Contributor) assume the cost of any necessary servicing, *
+ * repair, or correction. This disclaimer of warranty constitutes an *
+ * essential part of this License. No use of any Covered Software is *
+ * authorized under this License except under this disclaimer. *
+ * *
+ ************************************************************************
+ .
+ ************************************************************************
+ * *
+ * 7. Limitation of Liability *
+ * -------------------------- *
+ * *
+ * Under no circumstances and under no legal theory, whether tort *
+ * (including negligence), contract, or otherwise, shall any *
+ * Contributor, or anyone who distributes Covered Software as *
+ * permitted above, be liable to You for any direct, indirect, *
+ * special, incidental, or consequential damages of any character *
+ * including, without limitation, damages for lost profits, loss of *
+ * goodwill, work stoppage, computer failure or malfunction, or any *
+ * and all other commercial damages or losses, even if such party *
+ * shall have been informed of the possibility of such damages. This *
+ * limitation of liability shall not apply to liability for death or *
+ * personal injury resulting from such party's negligence to the *
+ * extent applicable law prohibits such limitation. Some *
+ * jurisdictions do not allow the exclusion or limitation of *
+ * incidental or consequential damages, so this exclusion and *
+ * limitation may not apply to You. *
+ * *
+ ************************************************************************
+ .
+ 8. Litigation
+ -------------
+ Any litigation relating to this License may be brought only in the
+ courts of a jurisdiction where the defendant maintains its principal
+ place of business and such litigation shall be governed by laws of that
+ jurisdiction, without reference to its conflict-of-law provisions.
+ Nothing in this Section shall prevent a party's ability to bring
+ cross-claims or counter-claims.
+ .
+ 9. Miscellaneous
+ ----------------
+ This License represents the complete agreement concerning the subject
+ matter hereof. If any provision of this License is held to be
+ unenforceable, such provision shall be reformed only to the extent
+ necessary to make it enforceable. Any law or regulation which provides
+ that the language of a contract shall be construed against the drafter
+ shall not be used to construe this License against a Contributor.
+ .
+ 10. Versions of the License
+ ---------------------------
+ .
+ 10.1. New Versions
+ Mozilla Foundation is the license steward. Except as provided in Section
+ 10.3, no one other than the license steward has the right to modify or
+ publish new versions of this License. Each version will be given a
+ distinguishing version number.
+ .
+ 10.2. Effect of New Versions
+ You may distribute the Covered Software under the terms of the version
+ of the License under which You originally received the Covered Software,
+ or under the terms of any subsequent version published by the license
+ steward.
+ .
+ 10.3. Modified Versions
+ If you create software not governed by this License, and you want to
+ create a new license for such software, you may create and use a
+ modified version of this License if you rename the license and remove
+ any references to the name of the license steward (except to note that
+ such modified license differs from this License).
+ .
+ 10.4. Distributing Source Code Form that is Incompatible With Secondary
+ Licenses
+ .
+ If You choose to distribute Source Code Form that is Incompatible With
+ Secondary Licenses under the terms of this version of the License, the
+ notice described in Exhibit B of this License must be attached.
+ .
+ Exhibit A - Source Code Form License Notice
+ -------------------------------------------
+ .
+ This Source Code Form is subject to the terms of the Mozilla Public
+ License, v. 2.0. If a copy of the MPL was not distributed with this
+ file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ .
+ If it is not possible or desirable to put the notice in a particular
+ file, then You may include the notice in a location (such as a LICENSE
+ file in a relevant directory) where a recipient would be likely to look
+ for such a notice.
+ .
+ You may add additional accurate notices of copyright ownership.
+ .
+ Exhibit B - "Incompatible With Secondary Licenses" Notice
+ ---------------------------------------------------------
+ .
+ This Source Code Form is "Incompatible With Secondary Licenses", as
+ defined by the Mozilla Public License, v. 2.0.
+
+License: BSL-1.0
+ Boost Software License - Version 1.0 - August 17th, 2003
+ .
+ Permission is hereby granted, free of charge, to any person or organization
+ obtaining a copy of the software and accompanying documentation covered by
+ this license (the "Software") to use, reproduce, display, distribute,
+ execute, and transmit the Software, and to prepare derivative works of the
+ Software, and to permit third-parties to whom the Software is furnished to
+ do so, all subject to the following:
+ .
+ The copyright notices in the Software and this entire statement, including
+ the above license grant, this restriction and the following disclaimer,
+ must be included in all copies of the Software, in whole or in part, and
+ all derivative works of the Software, unless such copies or derivative
+ works are solely in the form of machine-executable object code generated by
+ a source language processor.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+ SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+ FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ DEALINGS IN THE SOFTWARE.
diff --git a/debian/copyright-scan-patterns.yml b/debian/copyright-scan-patterns.yml
new file mode 100644
index 0000000..3592d24
--- /dev/null
+++ b/debian/copyright-scan-patterns.yml
@@ -0,0 +1,33 @@
+---
+check:
+ suffixes:
+ - asm
+ - lua
+ - nqp
+ - s
+ - template
+ignore:
+ pattern:
+ - /debian/
+ - Makefile
+ - AUTHORS
+ - README
+ - ChangeLog
+ - INSTALL
+ - MANIFEST
+ - /config(.guess|ure|ure.ac|.h.in|.sub)
+ suffixes:
+ - generic
+ - rst
+ - jpg
+ - yml
+ - png
+ - dia
+ - o
+ - htm
+ - html
+ - txt
+ - install
+ - M
+ - in
+
diff --git a/debian/fill.copyright.blanks.yml b/debian/fill.copyright.blanks.yml
new file mode 100644
index 0000000..b1c7e8e
--- /dev/null
+++ b/debian/fill.copyright.blanks.yml
@@ -0,0 +1,18 @@
+---
+src/hooks/* :
+ copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC")
+ license: MPL-2.0
+doc/* :
+ copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC")
+ license: MPL-2.0
+src/lib/dhcpsrv/cache_host_data_source.h :
+ copyright: 2018, Internet Systems Consortium, Inc. ("ISC")
+ license: MPL-2.0
+ext/* :
+ copyright: 2010-2018, Internet Systems Consortium, Inc. ("ISC")
+ license: MPL-2.0
+m4macros/* :
+ copyright: 1994-2013, Free Software Foundation, Inc.
+ license: MPL-2.0
+
+
diff --git a/debian/fix.scanned.copyright b/debian/fix.scanned.copyright
new file mode 100644
index 0000000..2f1c741
--- /dev/null
+++ b/debian/fix.scanned.copyright
@@ -0,0 +1,368 @@
+! License:"MPL-2.0"
+ text="
+ Mozilla Public License Version 2.0
+ ==================================
+ .
+ 1. Definitions
+ --------------
+ 1.1. \"Contributor\"
+ means each individual or legal entity that creates, contributes to
+ the creation of, or owns Covered Software.
+ 1.2. \"Contributor Version\"
+ means the combination of the Contributions of others (if any) used
+ by a Contributor and that particular Contributor's Contribution.
+ 1.3. \"Contribution\"
+ means Covered Software of a particular Contributor.
+ 1.4. \"Covered Software\"
+ means Source Code Form to which the initial Contributor has attached
+ the notice in Exhibit A, the Executable Form of such Source Code
+ Form, and Modifications of such Source Code Form, in each case
+ including portions thereof.
+ 1.5. \"Incompatible With Secondary Licenses\"
+ means
+ (a) that the initial Contributor has attached the notice described
+ in Exhibit B to the Covered Software; or
+ (b) that the Covered Software was made available under the terms of
+ version 1.1 or earlier of the License, but not also under the
+ terms of a Secondary License.
+ 1.6. \"Executable Form\"
+ means any form of the work other than Source Code Form.
+ 1.7. \"Larger Work\"
+ means a work that combines Covered Software with other material, in
+ a separate file or files, that is not Covered Software.
+ 1.8. \"License\"
+ means this document.
+ 1.9. \"Licensable\"
+ means having the right to grant, to the maximum extent possible,
+ whether at the time of the initial grant or subsequently, any and
+ all of the rights conveyed by this License.
+ 1.10. \"Modifications\"
+ means any of the following:
+ (a) any file in Source Code Form that results from an addition to,
+ deletion from, or modification of the contents of Covered
+ Software; or
+ (b) any new file in Source Code Form that contains any Covered
+ Software.
+ 1.11. \"Patent Claims\" of a Contributor
+ means any patent claim(s), including without limitation, method,
+ process, and apparatus claims, in any patent Licensable by such
+ Contributor that would be infringed, but for the grant of the
+ License, by the making, using, selling, offering for sale, having
+ made, import, or transfer of either its Contributions or its
+ Contributor Version.
+ 1.12. \"Secondary License\"
+ means either the GNU General Public License, Version 2.0, the GNU
+ Lesser General Public License, Version 2.1, the GNU Affero General
+ Public License, Version 3.0, or any later versions of those
+ licenses.
+ 1.13. \"Source Code Form\"
+ means the form of the work preferred for making modifications.
+ 1.14. \"You\" (or \"Your\")
+ means an individual or a legal entity exercising rights under this
+ License. For legal entities, \"You\" includes any entity that
+ controls, is controlled by, or is under common control with You. For
+ purposes of this definition, \"control\" means (a) the power, direct
+ or indirect, to cause the direction or management of such entity,
+ whether by contract or otherwise, or (b) ownership of more than
+ fifty percent (50%) of the outstanding shares or beneficial
+ ownership of such entity.
+ .
+ 2. License Grants and Conditions
+ --------------------------------
+ 2.1. Grants
+ Each Contributor hereby grants You a world-wide, royalty-free,
+ non-exclusive license:
+ (a) under intellectual property rights (other than patent or trademark)
+ Licensable by such Contributor to use, reproduce, make available,
+ modify, display, perform, distribute, and otherwise exploit its
+ Contributions, either on an unmodified basis, with Modifications, or
+ as part of a Larger Work; and
+ (b) under Patent Claims of such Contributor to make, use, sell, offer
+ for sale, have made, import, and otherwise transfer either its
+ Contributions or its Contributor Version.
+ .
+ 2.2. Effective Date
+ The licenses granted in Section 2.1 with respect to any Contribution
+ become effective for each Contribution on the date the Contributor first
+ distributes such Contribution.
+ .
+ 2.3. Limitations on Grant Scope
+ The licenses granted in this Section 2 are the only rights granted under
+ this License. No additional rights or licenses will be implied from the
+ distribution or licensing of Covered Software under this License.
+ Notwithstanding Section 2.1(b) above, no patent license is granted by a
+ Contributor:
+ (a) for any code that a Contributor has removed from Covered Software;
+ or
+ (b) for infringements caused by: (i) Your and any other third party's
+ modifications of Covered Software, or (ii) the combination of its
+ Contributions with other software (except as part of its Contributor
+ Version); or
+ (c) under Patent Claims infringed by Covered Software in the absence of
+ its Contributions.
+ This License does not grant any rights in the trademarks, service marks,
+ or logos of any Contributor (except as may be necessary to comply with
+ the notice requirements in Section 3.4).
+ .
+ 2.4. Subsequent Licenses
+ No Contributor makes additional grants as a result of Your choice to
+ distribute the Covered Software under a subsequent version of this
+ License (see Section 10.2) or under the terms of a Secondary License (if
+ permitted under the terms of Section 3.3).
+ .
+ 2.5. Representation
+ Each Contributor represents that the Contributor believes its
+ Contributions are its original creation(s) or it has sufficient rights
+ to grant the rights to its Contributions conveyed by this License.
+ .
+ 2.6. Fair Use
+ This License is not intended to limit any rights You have under
+ applicable copyright doctrines of fair use, fair dealing, or other
+ equivalents.
+ .
+ 2.7. Conditions
+ Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+ in Section 2.1.
+ .
+ 3. Responsibilities
+ -------------------
+ 3.1. Distribution of Source Form
+ All distribution of Covered Software in Source Code Form, including any
+ Modifications that You create or to which You contribute, must be under
+ the terms of this License. You must inform recipients that the Source
+ Code Form of the Covered Software is governed by the terms of this
+ License, and how they can obtain a copy of this License. You may not
+ attempt to alter or restrict the recipients' rights in the Source Code
+ Form.
+ .
+ 3.2. Distribution of Executable Form
+ If You distribute Covered Software in Executable Form then:
+ (a) such Covered Software must also be made available in Source Code
+ Form, as described in Section 3.1, and You must inform recipients of
+ the Executable Form how they can obtain a copy of such Source Code
+ Form by reasonable means in a timely manner, at a charge no more
+ than the cost of distribution to the recipient; and
+ (b) You may distribute such Executable Form under the terms of this
+ License, or sublicense it under different terms, provided that the
+ license for the Executable Form does not attempt to limit or alter
+ the recipients' rights in the Source Code Form under this License.
+ 3.3. Distribution of a Larger Work
+ You may create and distribute a Larger Work under terms of Your choice,
+ provided that You also comply with the requirements of this License for
+ the Covered Software. If the Larger Work is a combination of Covered
+ Software with a work governed by one or more Secondary Licenses, and the
+ Covered Software is not Incompatible With Secondary Licenses, this
+ License permits You to additionally distribute such Covered Software
+ under the terms of such Secondary License(s), so that the recipient of
+ the Larger Work may, at their option, further distribute the Covered
+ Software under the terms of either this License or such Secondary
+ License(s).
+ .
+ 3.4. Notices
+ You may not remove or alter the substance of any license notices
+ (including copyright notices, patent notices, disclaimers of warranty,
+ or limitations of liability) contained within the Source Code Form of
+ the Covered Software, except that You may alter any license notices to
+ the extent required to remedy known factual inaccuracies.
+ .
+ 3.5. Application of Additional Terms
+ You may choose to offer, and to charge a fee for, warranty, support,
+ indemnity or liability obligations to one or more recipients of Covered
+ Software. However, You may do so only on Your own behalf, and not on
+ behalf of any Contributor. You must make it absolutely clear that any
+ such warranty, support, indemnity, or liability obligation is offered by
+ You alone, and You hereby agree to indemnify every Contributor for any
+ liability incurred by such Contributor as a result of warranty, support,
+ indemnity or liability terms You offer. You may include additional
+ disclaimers of warranty and limitations of liability specific to any
+ jurisdiction.
+ .
+ 4. Inability to Comply Due to Statute or Regulation
+ ---------------------------------------------------
+ .
+ If it is impossible for You to comply with any of the terms of this
+ License with respect to some or all of the Covered Software due to
+ statute, judicial order, or regulation then You must: (a) comply with
+ the terms of this License to the maximum extent possible; and (b)
+ describe the limitations and the code they affect. Such description must
+ be placed in a text file included with all distributions of the Covered
+ Software under this License. Except to the extent prohibited by statute
+ or regulation, such description must be sufficiently detailed for a
+ recipient of ordinary skill to be able to understand it.
+ .
+ 5. Termination
+ --------------
+ .
+ 5.1. The rights granted under this License will terminate automatically
+ if You fail to comply with any of its terms. However, if You become
+ compliant, then the rights granted under this License from a particular
+ Contributor are reinstated (a) provisionally, unless and until such
+ Contributor explicitly and finally terminates Your grants, and (b) on an
+ ongoing basis, if such Contributor fails to notify You of the
+ non-compliance by some reasonable means prior to 60 days after You have
+ come back into compliance. Moreover, Your grants from a particular
+ Contributor are reinstated on an ongoing basis if such Contributor
+ notifies You of the non-compliance by some reasonable means, this is the
+ first time You have received notice of non-compliance with this License
+ from such Contributor, and You become compliant prior to 30 days after
+ Your receipt of the notice.
+ .
+ 5.2. If You initiate litigation against any entity by asserting a patent
+ infringement claim (excluding declaratory judgment actions,
+ counter-claims, and cross-claims) alleging that a Contributor Version
+ directly or indirectly infringes any patent, then the rights granted to
+ You by any and all Contributors for the Covered Software under Section
+ 2.1 of this License shall terminate.
+ .
+ 5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+ end user license agreements (excluding distributors and resellers) which
+ have been validly granted by You or Your distributors under this License
+ prior to termination shall survive termination.
+ .
+ ************************************************************************
+ * *
+ * 6. Disclaimer of Warranty *
+ * ------------------------- *
+ * *
+ * Covered Software is provided under this License on an \"as is\" *
+ * basis, without warranty of any kind, either expressed, implied, or *
+ * statutory, including, without limitation, warranties that the *
+ * Covered Software is free of defects, merchantable, fit for a *
+ * particular purpose or non-infringing. The entire risk as to the *
+ * quality and performance of the Covered Software is with You. *
+ * Should any Covered Software prove defective in any respect, You *
+ * (not any Contributor) assume the cost of any necessary servicing, *
+ * repair, or correction. This disclaimer of warranty constitutes an *
+ * essential part of this License. No use of any Covered Software is *
+ * authorized under this License except under this disclaimer. *
+ * *
+ ************************************************************************
+ .
+ ************************************************************************
+ * *
+ * 7. Limitation of Liability *
+ * -------------------------- *
+ * *
+ * Under no circumstances and under no legal theory, whether tort *
+ * (including negligence), contract, or otherwise, shall any *
+ * Contributor, or anyone who distributes Covered Software as *
+ * permitted above, be liable to You for any direct, indirect, *
+ * special, incidental, or consequential damages of any character *
+ * including, without limitation, damages for lost profits, loss of *
+ * goodwill, work stoppage, computer failure or malfunction, or any *
+ * and all other commercial damages or losses, even if such party *
+ * shall have been informed of the possibility of such damages. This *
+ * limitation of liability shall not apply to liability for death or *
+ * personal injury resulting from such party's negligence to the *
+ * extent applicable law prohibits such limitation. Some *
+ * jurisdictions do not allow the exclusion or limitation of *
+ * incidental or consequential damages, so this exclusion and *
+ * limitation may not apply to You. *
+ * *
+ ************************************************************************
+ .
+ 8. Litigation
+ -------------
+ Any litigation relating to this License may be brought only in the
+ courts of a jurisdiction where the defendant maintains its principal
+ place of business and such litigation shall be governed by laws of that
+ jurisdiction, without reference to its conflict-of-law provisions.
+ Nothing in this Section shall prevent a party's ability to bring
+ cross-claims or counter-claims.
+ .
+ 9. Miscellaneous
+ ----------------
+ This License represents the complete agreement concerning the subject
+ matter hereof. If any provision of this License is held to be
+ unenforceable, such provision shall be reformed only to the extent
+ necessary to make it enforceable. Any law or regulation which provides
+ that the language of a contract shall be construed against the drafter
+ shall not be used to construe this License against a Contributor.
+ .
+ 10. Versions of the License
+ ---------------------------
+ .
+ 10.1. New Versions
+ Mozilla Foundation is the license steward. Except as provided in Section
+ 10.3, no one other than the license steward has the right to modify or
+ publish new versions of this License. Each version will be given a
+ distinguishing version number.
+ .
+ 10.2. Effect of New Versions
+ You may distribute the Covered Software under the terms of the version
+ of the License under which You originally received the Covered Software,
+ or under the terms of any subsequent version published by the license
+ steward.
+ .
+ 10.3. Modified Versions
+ If you create software not governed by this License, and you want to
+ create a new license for such software, you may create and use a
+ modified version of this License if you rename the license and remove
+ any references to the name of the license steward (except to note that
+ such modified license differs from this License).
+ .
+ 10.4. Distributing Source Code Form that is Incompatible With Secondary
+ Licenses
+ .
+ If You choose to distribute Source Code Form that is Incompatible With
+ Secondary Licenses under the terms of this version of the License, the
+ notice described in Exhibit B of this License must be attached.
+ .
+ Exhibit A - Source Code Form License Notice
+ -------------------------------------------
+ .
+ This Source Code Form is subject to the terms of the Mozilla Public
+ License, v. 2.0. If a copy of the MPL was not distributed with this
+ file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ .
+ If it is not possible or desirable to put the notice in a particular
+ file, then You may include the notice in a location (such as a LICENSE
+ file in a relevant directory) where a recipient would be likely to look
+ for such a notice.
+ .
+ You may add additional accurate notices of copyright ownership.
+ .
+ Exhibit B - \"Incompatible With Secondary Licenses\" Notice
+ ---------------------------------------------------------
+ .
+ This Source Code Form is \"Incompatible With Secondary Licenses\", as
+ defined by the Mozilla Public License, v. 2.0."
+
+! License:"BSL-1.0"
+ text="
+ Boost Software License - Version 1.0 - August 17th, 2003
+ .
+ Permission is hereby granted, free of charge, to any person or organization
+ obtaining a copy of the software and accompanying documentation covered by
+ this license (the \"Software\") to use, reproduce, display, distribute,
+ execute, and transmit the Software, and to prepare derivative works of the
+ Software, and to permit third-parties to whom the Software is furnished to
+ do so, all subject to the following:
+ .
+ The copyright notices in the Software and this entire statement, including
+ the above license grant, this restriction and the following disclaimer,
+ must be included in all copies of the Software, in whole or in part, and
+ all derivative works of the Software, unless such copies or derivative
+ works are solely in the form of machine-executable object code generated by
+ a source language processor.
+ .
+ THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+ SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+ FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ DEALINGS IN THE SOFTWARE."
+
+! Files:"*"
+ Copyright="2010-2018, Internet Systems Consortium, Inc. (\"ISC\")"
+ License short_name="MPL-2.0"
+
+! Files:"debian/*"
+ Copyright="2016-2018, Adam Majer <adamm@zombino.com> / 2017-2018, Jason Guy (jason.e.guy@gmail.com) / 2018-2018, Internet Systems Consortium, Inc."
+ License short_name="MPL-2.0"
+
+! Files:"src/lib/util/encode/*"
+ Copyright="2002, Robert Ramey - http:www.rrsd.com ."
+ License short_name="BSL-1.0"
+
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..ed04da0
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,4 @@
+[DEFAULT]
+debian-branch = debian/unstable
+pristine-tar = True
+pristine-tar-commit = True
diff --git a/debian/kea-admin.install b/debian/kea-admin.install
new file mode 100644
index 0000000..9117487
--- /dev/null
+++ b/debian/kea-admin.install
@@ -0,0 +1,3 @@
+usr/sbin/kea-admin
+usr/sbin/perfdhcp
+usr/share/kea/scripts
diff --git a/debian/kea-admin.lintian-overrides b/debian/kea-admin.lintian-overrides
new file mode 100644
index 0000000..8500cf7
--- /dev/null
+++ b/debian/kea-admin.lintian-overrides
@@ -0,0 +1,2 @@
+kea-admin: script-not-executable [usr/share/kea/scripts/*]
+kea-admin: bash-term-in-posix-shell
diff --git a/debian/kea-admin.manpages b/debian/kea-admin.manpages
new file mode 100644
index 0000000..342d39e
--- /dev/null
+++ b/debian/kea-admin.manpages
@@ -0,0 +1,2 @@
+usr/share/man/man8/kea-admin.8
+usr/share/man/man8/perfdhcp.8
diff --git a/debian/kea-common.install b/debian/kea-common.install
new file mode 100644
index 0000000..b7023a0
--- /dev/null
+++ b/debian/kea-common.install
@@ -0,0 +1,4 @@
+debian/usr.sbin.kea-lfc etc/apparmor.d/
+usr/lib/*/kea/hooks
+usr/lib/*/libkea-*.so.*
+usr/sbin/kea-lfc
diff --git a/debian/kea-common.lintian-overrides b/debian/kea-common.lintian-overrides
new file mode 100644
index 0000000..0efd491
--- /dev/null
+++ b/debian/kea-common.lintian-overrides
@@ -0,0 +1 @@
+kea-common: package-name-doesnt-match-sonames *
diff --git a/debian/kea-common.manpages b/debian/kea-common.manpages
new file mode 100644
index 0000000..12f0ade
--- /dev/null
+++ b/debian/kea-common.manpages
@@ -0,0 +1 @@
+usr/share/man/man8/kea-lfc.8
diff --git a/debian/kea-common.postinst b/debian/kea-common.postinst
new file mode 100644
index 0000000..61957be
--- /dev/null
+++ b/debian/kea-common.postinst
@@ -0,0 +1,39 @@
+#!/bin/sh
+# postinst script for kea-common
+#
+# see: dh_installdeb(1)
+
+set -e
+
+case "$1" in
+ configure)
+ addgroup --force-badname --system _kea >/dev/null || exit 1
+ adduser --force-badname --quiet --system --home /var/lib/kea \
+ --shell /bin/false --no-create-home --disabled-password --disabled-login \
+ --gecos "Kea DHCP User" --group _kea >/dev/null || exit 1
+
+ # From version 2.2.0-2 we leave the handling of the /var/log/kea and
+ # /var/lib/kea directories to systemd (creation and ownership/permissions
+ # settings). When upgrading from kea-common (< 2.2.0-2) drop the now
+ # useless dpkg-statoverrides.
+ if [ "$2" != "" ] && dpkg --compare-versions "$2" lt "2.2.0-2"; then
+ for d in /var/log/kea /var/lib/kea; do
+ if dpkg-statoverride --list $d >/dev/null 2>&1; then
+ dpkg-statoverride --remove $d
+ fi
+ done
+ fi
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/kea-ctrl-agent.init b/debian/kea-ctrl-agent.init
new file mode 100644
index 0000000..3219004
--- /dev/null
+++ b/debian/kea-ctrl-agent.init
@@ -0,0 +1,163 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: kea-ctrl-agent
+# Required-Start: $local_fs $network $remote_fs $syslog
+# Required-Stop: $local_fs $network $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Kea DHCP Control Agent for REST Service
+# Description: <Enter a long description of the software>
+# <...>
+# <...>
+### END INIT INFO
+# Author: Jason Guy <jason.e.guy@gmail.com>
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC=kea-ctrl-agent
+NAME=kea-ctrl-agent
+DAEMON=kea-ctrl-agent
+DAEMON_ARGS="-c /etc/kea/kea-ctrl-agent.conf"
+PIDFILE=/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+KEA_PIDFILE_DIR=/run/
+KEA_LOCKFILE_DIR=/run/lock/kea/
+KEA_LOGGER_DESTINATION=/var/log/kea/
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+create_lockfile_dir()
+{
+ if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ fi
+}
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ create_lockfile_dir
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ #
+ # If the daemon can reload its configuration without
+ # restarting (for example, when it is sent a SIGHUP),
+ # then implement that here.
+ #
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+ return 0
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ #reload|force-reload)
+ #
+ # If do_reload() is not implemented then leave this commented out
+ # and leave 'force-reload' as an alias for 'restart'.
+ #
+ #log_daemon_msg "Reloading $DESC" "$NAME"
+ #do_reload
+ #log_end_msg $?
+ #;;
+ restart|force-reload)
+ #
+ # If the "reload" option is implemented then remove the
+ # 'force-reload' alias
+ #
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/debian/kea-ctrl-agent.install b/debian/kea-ctrl-agent.install
new file mode 100644
index 0000000..c1184cf
--- /dev/null
+++ b/debian/kea-ctrl-agent.install
@@ -0,0 +1,4 @@
+etc/kea/kea-ctrl-agent.conf
+usr/sbin/kea-ctrl-agent
+usr/sbin/kea-shell
+debian/usr.sbin.kea-ctrl-agent etc/apparmor.d/
diff --git a/debian/kea-ctrl-agent.lintian-overrides b/debian/kea-ctrl-agent.lintian-overrides
new file mode 100644
index 0000000..735c4ac
--- /dev/null
+++ b/debian/kea-ctrl-agent.lintian-overrides
@@ -0,0 +1,2 @@
+kea-ctrl-agent: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp4-server.service [lib/systemd/system/kea-ctrl-agent.service]
+kea-ctrl-agent: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp6-server.service [lib/systemd/system/kea-ctrl-agent.service]
diff --git a/debian/kea-ctrl-agent.manpages b/debian/kea-ctrl-agent.manpages
new file mode 100644
index 0000000..ff73f6e
--- /dev/null
+++ b/debian/kea-ctrl-agent.manpages
@@ -0,0 +1,2 @@
+usr/share/man/man8/kea-ctrl-agent.8
+usr/share/man/man8/kea-shell.8
diff --git a/debian/kea-ctrl-agent.service b/debian/kea-ctrl-agent.service
new file mode 100644
index 0000000..e3737c1
--- /dev/null
+++ b/debian/kea-ctrl-agent.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=Kea Control Agent
+Documentation=man:kea-ctrl-agent(8)
+After=network-online.target time-sync.target
+
+[Service]
+User=_kea
+Environment="KEA_LOCKFILE_DIR=/run/lock/kea"
+ConfigurationDirectory=kea
+RuntimeDirectory=kea lock/kea
+RuntimeDirectoryPreserve=yes
+LogsDirectory=kea
+LogsDirectoryMode=0750
+StateDirectory=kea
+ExecStart=/usr/sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+
+[Install]
+WantedBy=kea-dhcp4-server.service
+WantedBy=kea-dhcp6-server.service
diff --git a/debian/kea-dev.install b/debian/kea-dev.install
new file mode 100644
index 0000000..c32c7a8
--- /dev/null
+++ b/debian/kea-dev.install
@@ -0,0 +1,2 @@
+usr/include/kea/*
+usr/lib/*/libkea-*.so
diff --git a/debian/kea-dhcp-ddns-server.init b/debian/kea-dhcp-ddns-server.init
new file mode 100644
index 0000000..f3e9d40
--- /dev/null
+++ b/debian/kea-dhcp-ddns-server.init
@@ -0,0 +1,163 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: kea-dhcp-ddns
+# Required-Start: $local_fs $network $remote_fs $syslog
+# Required-Stop: $local_fs $network $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Kea DHCP DDNS Server
+# Description: <Enter a long description of the software>
+# <...>
+# <...>
+### END INIT INFO
+# Author: Adam Majer <adamm@zombino.com>
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC=kea-dhcp-ddns
+NAME=kea-dhcp-ddns
+DAEMON=kea-dhcp-ddns
+DAEMON_ARGS="-c /etc/kea/kea-dhcp-ddns.conf"
+PIDFILE=/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+KEA_PIDFILE_DIR=/run/
+KEA_LOCKFILE_DIR=/run/lock/kea/
+KEA_LOGGER_DESTINATION=/var/log/kea/
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+create_lockfile_dir()
+{
+ if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ fi
+}
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ create_lockfile_dir
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ #
+ # If the daemon can reload its configuration without
+ # restarting (for example, when it is sent a SIGHUP),
+ # then implement that here.
+ #
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+ return 0
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ #reload|force-reload)
+ #
+ # If do_reload() is not implemented then leave this commented out
+ # and leave 'force-reload' as an alias for 'restart'.
+ #
+ #log_daemon_msg "Reloading $DESC" "$NAME"
+ #do_reload
+ #log_end_msg $?
+ #;;
+ restart|force-reload)
+ #
+ # If the "reload" option is implemented then remove the
+ # 'force-reload' alias
+ #
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/debian/kea-dhcp-ddns-server.install b/debian/kea-dhcp-ddns-server.install
new file mode 100644
index 0000000..d029623
--- /dev/null
+++ b/debian/kea-dhcp-ddns-server.install
@@ -0,0 +1,3 @@
+etc/kea/kea-dhcp-ddns.conf
+usr/sbin/kea-dhcp-ddns
+debian/usr.sbin.kea-dhcp-ddns /etc/apparmor.d/
diff --git a/debian/kea-dhcp-ddns-server.lintian-overrides b/debian/kea-dhcp-ddns-server.lintian-overrides
new file mode 100644
index 0000000..a83cf9d
--- /dev/null
+++ b/debian/kea-dhcp-ddns-server.lintian-overrides
@@ -0,0 +1,2 @@
+kea-dhcp-ddns-server: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp4-server.service [lib/systemd/system/kea-dhcp-ddns-server.service]
+kea-dhcp-ddns-server: systemd-service-file-refers-to-unusual-wantedby-target kea-dhcp6-server.service [lib/systemd/system/kea-dhcp-ddns-server.service]
diff --git a/debian/kea-dhcp-ddns-server.manpages b/debian/kea-dhcp-ddns-server.manpages
new file mode 100644
index 0000000..4dde921
--- /dev/null
+++ b/debian/kea-dhcp-ddns-server.manpages
@@ -0,0 +1 @@
+usr/share/man/man8/kea-dhcp-ddns.8
diff --git a/debian/kea-dhcp-ddns-server.service b/debian/kea-dhcp-ddns-server.service
new file mode 100644
index 0000000..7975771
--- /dev/null
+++ b/debian/kea-dhcp-ddns-server.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=Kea DDNS Service
+Documentation=man:kea-dhcp-ddns(8)
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+User=_kea
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+Environment="KEA_LOCKFILE_DIR=/run/lock/kea"
+ConfigurationDirectory=kea
+RuntimeDirectory=kea lock/kea
+RuntimeDirectoryPreserve=yes
+LogsDirectory=kea
+LogsDirectoryMode=0750
+StateDirectory=kea
+ExecStart=/usr/sbin/kea-dhcp-ddns -c /etc/kea/kea-dhcp-ddns.conf
+
+[Install]
+WantedBy=kea-dhcp4-server.service
+WantedBy=kea-dhcp6-server.service
diff --git a/debian/kea-dhcp4-server.init b/debian/kea-dhcp4-server.init
new file mode 100644
index 0000000..bcf4ad8
--- /dev/null
+++ b/debian/kea-dhcp4-server.init
@@ -0,0 +1,163 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: kea-dhcp4-server
+# Required-Start: $local_fs $network $remote_fs $syslog
+# Required-Stop: $local_fs $network $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Kea DHCP IPv4 Server
+# Description: <Enter a long description of the software>
+# <...>
+# <...>
+### END INIT INFO
+# Author: Adam Majer <adamm@zombino.com>
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="kea-dhcp4"
+NAME=kea-dhcp4-server
+DAEMON=/usr/sbin/kea-dhcp4
+DAEMON_ARGS="-c /etc/kea/kea-dhcp4.conf"
+PIDFILE=/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+KEA_PIDFILE_DIR=/run/
+KEA_LOCKFILE_DIR=/run/lock/kea/
+KEA_LOGGER_DESTINATION=/var/log/kea/
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+create_lockfile_dir()
+{
+ if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ fi
+}
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ create_lockfile_dir
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ #
+ # If the daemon can reload its configuration without
+ # restarting (for example, when it is sent a SIGHUP),
+ # then implement that here.
+ #
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+ return 0
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ #reload|force-reload)
+ #
+ # If do_reload() is not implemented then leave this commented out
+ # and leave 'force-reload' as an alias for 'restart'.
+ #
+ #log_daemon_msg "Reloading $DESC" "$NAME"
+ #do_reload
+ #log_end_msg $?
+ #;;
+ restart|force-reload)
+ #
+ # If the "reload" option is implemented then remove the
+ # 'force-reload' alias
+ #
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/debian/kea-dhcp4-server.install b/debian/kea-dhcp4-server.install
new file mode 100644
index 0000000..59f61d2
--- /dev/null
+++ b/debian/kea-dhcp4-server.install
@@ -0,0 +1,3 @@
+etc/kea/kea-dhcp4.conf
+usr/sbin/kea-dhcp4
+debian/usr.sbin.kea-dhcp4 /etc/apparmor.d/
diff --git a/debian/kea-dhcp4-server.manpages b/debian/kea-dhcp4-server.manpages
new file mode 100644
index 0000000..05225e5
--- /dev/null
+++ b/debian/kea-dhcp4-server.manpages
@@ -0,0 +1 @@
+usr/share/man/man8/kea-dhcp4.8
diff --git a/debian/kea-dhcp4-server.service b/debian/kea-dhcp4-server.service
new file mode 100644
index 0000000..43b70c8
--- /dev/null
+++ b/debian/kea-dhcp4-server.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=Kea IPv4 DHCP daemon
+Documentation=man:kea-dhcp4(8)
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+User=_kea
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
+Environment="KEA_LOCKFILE_DIR=/run/lock/kea"
+ConfigurationDirectory=kea
+RuntimeDirectory=kea lock/kea
+RuntimeDirectoryPreserve=yes
+LogsDirectory=kea
+LogsDirectoryMode=0750
+StateDirectory=kea
+ExecStart=/usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/kea-dhcp6-server.init b/debian/kea-dhcp6-server.init
new file mode 100644
index 0000000..0aa0e27
--- /dev/null
+++ b/debian/kea-dhcp6-server.init
@@ -0,0 +1,163 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: kea-dhcp6-server
+# Required-Start: $local_fs $network $remote_fs $syslog
+# Required-Stop: $local_fs $network $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Kea DHCP IPv6 Server
+# Description: <Enter a long description of the software>
+# <...>
+# <...>
+### END INIT INFO
+# Author: Adam Majer <adamm@zombino.com>
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="kea-dhcp6"
+NAME=kea-dhcp6-server
+DAEMON=/usr/sbin/kea-dhcp6
+DAEMON_ARGS="-c /etc/kea/kea-dhcp6.conf"
+PIDFILE=/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+KEA_PIDFILE_DIR=/run/
+KEA_LOCKFILE_DIR=/run/lock/kea/
+KEA_LOGGER_DESTINATION=/var/log/kea/
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+create_lockfile_dir()
+{
+ if [ ! -d "$KEA_LOCKFILE_DIR" ]; then
+ mkdir -m 0750 -p "$KEA_LOCKFILE_DIR"
+ fi
+}
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ create_lockfile_dir
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ #
+ # If the daemon can reload its configuration without
+ # restarting (for example, when it is sent a SIGHUP),
+ # then implement that here.
+ #
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+ return 0
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ #reload|force-reload)
+ #
+ # If do_reload() is not implemented then leave this commented out
+ # and leave 'force-reload' as an alias for 'restart'.
+ #
+ #log_daemon_msg "Reloading $DESC" "$NAME"
+ #do_reload
+ #log_end_msg $?
+ #;;
+ restart|force-reload)
+ #
+ # If the "reload" option is implemented then remove the
+ # 'force-reload' alias
+ #
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/debian/kea-dhcp6-server.install b/debian/kea-dhcp6-server.install
new file mode 100644
index 0000000..d22f7a7
--- /dev/null
+++ b/debian/kea-dhcp6-server.install
@@ -0,0 +1,3 @@
+etc/kea/kea-dhcp6.conf
+usr/sbin/kea-dhcp6
+debian/usr.sbin.kea-dhcp6 /etc/apparmor.d/
diff --git a/debian/kea-dhcp6-server.manpages b/debian/kea-dhcp6-server.manpages
new file mode 100644
index 0000000..b6c99cb
--- /dev/null
+++ b/debian/kea-dhcp6-server.manpages
@@ -0,0 +1 @@
+usr/share/man/man8/kea-dhcp6.8
diff --git a/debian/kea-dhcp6-server.service b/debian/kea-dhcp6-server.service
new file mode 100644
index 0000000..7944a09
--- /dev/null
+++ b/debian/kea-dhcp6-server.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=Kea IPv6 DHCP daemon
+Documentation=man:kea-dhcp6(8)
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+User=_kea
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+Environment="KEA_LOCKFILE_DIR=/run/lock/kea"
+ConfigurationDirectory=kea
+RuntimeDirectory=kea lock/kea
+RuntimeDirectoryPreserve=yes
+LogsDirectory=kea
+LogsDirectoryMode=0750
+StateDirectory=kea
+ExecStart=/usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/kea-doc.README.Debian b/debian/kea-doc.README.Debian
new file mode 100644
index 0000000..03c9d46
--- /dev/null
+++ b/debian/kea-doc.README.Debian
@@ -0,0 +1,13 @@
+# ISC Kea for Debian
+
+## Logging
+
+Following what upstream does with their .deb packaging, the Debian packages by
+default log to the systemd journal. If logging to file is desired just edit the
+config files and change the loggers "output" to a file under /var/log/kea/,
+e.g. for /etc/kea/kea-dhcp4.conf:
+
+ "output": "/var/log/kea/kea-dhcp4.log"
+
+The systemd units automatically create the /var/log/kea/ right ownership and
+permissions.
diff --git a/debian/kea-doc.doc-base b/debian/kea-doc.doc-base
new file mode 100644
index 0000000..e403e79
--- /dev/null
+++ b/debian/kea-doc.doc-base
@@ -0,0 +1,11 @@
+Document: kea
+Title: Kea Administrator Reference Manual
+Author: Internet Systems Consortium
+Abstract: This is the reference guide for Kea, an open source implementation
+ of the Dynamic Host Configuration Protocol (DHCP) servers, developed and
+ maintained by Internet Systems Consortium (ISC).
+Section: System/Administration
+
+Format: HTML
+Files: /usr/share/doc/kea/html/*
+Index: /usr/share/doc/kea/html/index.html
diff --git a/debian/kea-doc.docs b/debian/kea-doc.docs
new file mode 100644
index 0000000..df73e67
--- /dev/null
+++ b/debian/kea-doc.docs
@@ -0,0 +1,3 @@
+CONTRIBUTING.md
+usr/share/doc/kea/*
+usr/share/kea/api
diff --git a/debian/kea-doc.lintian-overrides b/debian/kea-doc.lintian-overrides
new file mode 100644
index 0000000..6e30f23
--- /dev/null
+++ b/debian/kea-doc.lintian-overrides
@@ -0,0 +1,3 @@
+kea-doc: embedded-javascript-library *
+kea-doc: font-in-non-font-package [usr/share/doc/kea/html/_static/fonts/*]
+kea-doc: font-outside-font-dir [usr/share/doc/kea/html/_static/fonts/*]
diff --git a/debian/not-installed b/debian/not-installed
new file mode 100644
index 0000000..045263b
--- /dev/null
+++ b/debian/not-installed
@@ -0,0 +1,4 @@
+usr/share/man/man8/kea-netconf.8
+usr/sbin/keactrl
+usr/share/man/man8/keactrl.8
+etc/kea/keactrl.conf
diff --git a/debian/patches/0001-support_kfreebsd.patch b/debian/patches/0001-support_kfreebsd.patch
new file mode 100644
index 0000000..f262959
--- /dev/null
+++ b/debian/patches/0001-support_kfreebsd.patch
@@ -0,0 +1,28 @@
+From: Adam Majer <adamm@zombino.com>
+Date: Fri, 13 Jul 2018 17:06:51 +0000
+Subject: support_kfreebsd
+
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -454,7 +454,7 @@
+ [AC_MSG_RESULT([OS X >= 10.9])
+ kea_undefined_pthread_behavior=yes])
+ ;;
+-*-freebsd*)
++*-freebsd*|*-kfreebsd*)
+ # On FreeBSD10.1 pthread_cond_destroy doesn't work as documented, which
+ # causes the CondVarTest.destroyWhileWait test to fail. According to the
+ # pthread_cond_destroy documentation for FreeBSD, this function should
+@@ -552,7 +552,7 @@
+ BSD_TYPE="OSX"
+ CPPFLAGS="$CPPFLAGS -DOS_BSD"
+ ;;
+- *-freebsd*)
++ *-freebsd*|*-kfreebsd*)
+ AC_DEFINE([OS_BSD], [1], [Running on BSD?])
+ AC_DEFINE([OS_FREEBSD], [1], [Running on FreeBSD?])
+ OS_TYPE="BSD"
diff --git a/debian/patches/0002-kea_admin_fix.patch b/debian/patches/0002-kea_admin_fix.patch
new file mode 100644
index 0000000..99ec4ed
--- /dev/null
+++ b/debian/patches/0002-kea_admin_fix.patch
@@ -0,0 +1,20 @@
+From: Kea <isc-kea@packages.debian.org>
+Date: Tue, 19 Feb 2019 12:39:35 +0000
+Subject: kea_admin_fix
+
+Removed the fallback to the build version of kea-admin since it will not exist on users hosts.
+---
+ src/bin/admin/kea-admin.in | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/src/bin/admin/kea-admin.in
++++ b/src/bin/admin/kea-admin.in
+@@ -50,8 +50,6 @@
+ # Include the installed admin-utils.sh if available. Fallback to sources otherwise.
+ if test -d "@datarootdir@/@PACKAGE_NAME@"; then
+ . "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"
+-else
+- . "@abs_top_srcdir@/src/bin/admin/admin-utils.sh"
+ fi
+
+ # Find the installed kea-lfc if available. Fallback to sources otherwise.
diff --git a/debian/patches/0009-disable-database-tests.patch b/debian/patches/0009-disable-database-tests.patch
new file mode 100644
index 0000000..ec12c0c
--- /dev/null
+++ b/debian/patches/0009-disable-database-tests.patch
@@ -0,0 +1,26 @@
+Description: Skip the database tests
+ The MySQL and PostgreSQL tests require a server with username,
+ password and tables setup for the test, see doc/devel/unit-tests.dox.
+ There's no way to instruct the build system to skip specific tests,
+ so let's disable them with a patch.
+Forwarded: not-needed
+Author: Paride Legovini <paride.legovini@canonical.com>
+Last-Update: 2020-12-03
+--- a/src/bin/admin/tests/mysql_tests.sh.in
++++ b/src/bin/admin/tests/mysql_tests.sh.in
+@@ -1,4 +1,6 @@
+ #!/bin/sh
++echo "SKIPPING MYSQL TEST"
++exit 0
+
+ # Copyright (C) 2014-2022 Internet Systems Consortium, Inc. ("ISC")
+ #
+--- a/src/bin/admin/tests/pgsql_tests.sh.in
++++ b/src/bin/admin/tests/pgsql_tests.sh.in
+@@ -1,4 +1,6 @@
+ #!/bin/sh
++echo "SKIPPING POSTGRESQL TEST"
++exit 0
+
+ # Copyright (C) 2015-2022 Internet Systems Consortium, Inc. ("ISC")
+ #
diff --git a/debian/patches/0010-set-control-sockets-location.patch b/debian/patches/0010-set-control-sockets-location.patch
new file mode 100644
index 0000000..f8be1d3
--- /dev/null
+++ b/debian/patches/0010-set-control-sockets-location.patch
@@ -0,0 +1,116 @@
+From: Athos Ribeiro <athos.ribeiro@canonical.com>
+Date: Mon, 13 Feb 2023 16:20:18 -0300
+Subject: d/rules: set the default location for control sockets to /run/kea
+
+The default config files place the control sockets in /tmp, which is
+insecure. Mangle the config files to place the sockets under _kea-owned
+/run/kea instead.
+
+Patch originally submitted by Paride Legovini in
+https://salsa.debian.org/debian/isc-kea/-/merge_requests/15.
+
+Last-Update: 2023-02-13
+Bug: https://gitlab.isc.org/isc-projects/kea/-/issues/2495
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014929
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/1863100
+---
+ src/bin/keactrl/kea-ctrl-agent.conf.pre | 6 +++---
+ src/bin/keactrl/kea-dhcp-ddns.conf.pre | 2 +-
+ src/bin/keactrl/kea-dhcp4.conf.pre | 2 +-
+ src/bin/keactrl/kea-dhcp6.conf.pre | 2 +-
+ src/bin/keactrl/kea-netconf.conf.pre | 4 ++--
+ 5 files changed, 8 insertions(+), 8 deletions(-)
+
+--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre
++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre
+@@ -32,15 +32,15 @@
+ "control-sockets": {
+ "dhcp4": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea4-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket"
+ },
+ "dhcp6": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea6-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket"
+ },
+ "d2": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea-ddns-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea-ddns-ctrl-socket"
+ }
+ },
+
+--- a/src/bin/keactrl/kea-dhcp-ddns.conf.pre
++++ b/src/bin/keactrl/kea-dhcp-ddns.conf.pre
+@@ -23,7 +23,7 @@
+ "port": 53001,
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea-ddns-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea-ddns-ctrl-socket"
+ },
+ "tsig-keys": [],
+ "forward-ddns" : {},
+--- a/src/bin/keactrl/kea-dhcp4.conf.pre
++++ b/src/bin/keactrl/kea-dhcp4.conf.pre
+@@ -49,7 +49,7 @@
+ // more. For detailed description, see Sections 8.8, 16 and 15.
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea4-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket"
+ },
+
+ // Use Memfile lease database backend to store leases in a CSV file.
+--- a/src/bin/keactrl/kea-dhcp6.conf.pre
++++ b/src/bin/keactrl/kea-dhcp6.conf.pre
+@@ -43,7 +43,7 @@
+ // description, see Sections 9.12, 16 and 15.
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea6-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket"
+ },
+
+ // Use Memfile lease database backend to store leases in a CSV file.
+--- a/src/bin/keactrl/kea-netconf.conf.pre
++++ b/src/bin/keactrl/kea-netconf.conf.pre
+@@ -30,13 +30,13 @@
+ "dhcp4": {
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea4-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea4-ctrl-socket"
+ }
+ },
+ "dhcp6": {
+ "control-socket": {
+ "socket-type": "unix",
+- "socket-name": "/tmp/kea6-ctrl-socket"
++ "socket-name": "@runstatedir@/@PACKAGE@/kea6-ctrl-socket"
+ }
+ }
+ },
+--- a/tools/path_replacer.sh.in
++++ b/tools/path_replacer.sh.in
+@@ -28,13 +28,17 @@
+ localstatedir="@localstatedir@"
+ exec_prefix="@exec_prefix@"
+ libdir="@libdir@"
++runstatedir="@runstatedir@"
++PACKAGE="@PACKAGE@"
+
+ echo "Replacing \@prefix\@ with ${prefix}"
+ echo "Replacing \@libdir\@ with ${libdir}"
+ echo "Replacing \@sysconfdir\@ with ${sysconfdir}"
+ echo "Replacing \@localstatedir\@ with ${localstatedir}"
++echo "Replacing \@runstatedir\@ with ${runstatedir}"
++echo "Replacing \@PACKAGE\@ with ${PACKAGE}"
+
+ echo "Input file: $1"
+ echo "Output file: $2"
+
+-sed -e "s@SEP@\@libdir\@@SEP@${libdir}@SEP@g; s@SEP@\@localstatedir\@@SEP@${localstatedir}@SEP@g; s@SEP@\@prefix\@@SEP@${prefix}@SEP@g; s@SEP@\@sysconfdir\@@SEP@${sysconfdir}@SEP@g" "${1}" > "${2}"
++sed -e "s@SEP@\@libdir\@@SEP@${libdir}@SEP@g; s@SEP@\@localstatedir\@@SEP@${localstatedir}@SEP@g; s@SEP@\@prefix\@@SEP@${prefix}@SEP@g; s@SEP@\@sysconfdir\@@SEP@${sysconfdir}@SEP@g; s@SEP@\@runstatedir\@@SEP@${runstatedir}@SEP@g; s@SEP@\@PACKAGE\@@SEP@${PACKAGE}@SEP@g" "${1}" > "${2}"
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..841ddad
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,4 @@
+0001-support_kfreebsd.patch
+0002-kea_admin_fix.patch
+0009-disable-database-tests.patch
+0010-set-control-sockets-location.patch
diff --git a/debian/python3-kea-connector.install b/debian/python3-kea-connector.install
new file mode 100644
index 0000000..d0b8f74
--- /dev/null
+++ b/debian/python3-kea-connector.install
@@ -0,0 +1,2 @@
+usr/lib/python3/dist-packages/kea/kea_conn.py
+usr/lib/python3/dist-packages/kea/kea_connector3.py
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..7982c6e
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,58 @@
+#!/usr/bin/make -f
+
+# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/*
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/default.mk
+
+# see FEATURE AREAS in dpkg-buildflags(1)
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+%:
+ dh $@ --with python3 -X.la
+
+override_dh_auto_configure:
+ dh_auto_configure -- \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --with-openssl \
+ --with-mysql \
+ --with-pgsql \
+ --with-boost-libs=-lboost_system \
+ --enable-generate-docs \
+ --enable-shell \
+ --disable-static \
+ --disable-rpath \
+ --enable-generate-parser \
+ --disable-dependency-tracking \
+ --enable-perfdhcp \
+ --without-werror \
+ --with-site-packages=/usr/lib/python3/dist-packages
+
+execute_after_dh_auto_build-indep:
+ # Do not download external JS components in binary documentation package
+ # Inspired by similar removal in python-pyopencl
+ # Thanks to Andreas Beckmann
+ find doc/sphinx/_build/html -name '*.html' -exec sed -r -i -e '\,( *)<script async="async" src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>,i \1<script src="/usr/share/javascript/mathjax/MathJax.js"></script>' {} +
+ find doc/sphinx/_build/html -name '*.html' -exec sed -r -i -e 's,https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js,/usr/share/javascript/mathjax/config/TeX-MML-AM_CHTML.js,' {} +
+
+execute_after_dh_install:
+ dh_apparmor -pkea-ctrl-agent --profile-name=usr.sbin.kea-ctrl-agent
+ dh_apparmor -pkea-dhcp4-server --profile-name=usr.sbin.kea-dhcp4
+ dh_apparmor -pkea-dhcp6-server --profile-name=usr.sbin.kea-dhcp6
+ dh_apparmor -pkea-dhcp-ddns-server --profile-name=usr.sbin.kea-dhcp-ddns
+ dh_apparmor -pkea-common --profile-name=usr.sbin.kea-lfc
+
+override_dh_auto_test:
+ dh_auto_test --no-parallel
+
+execute_after_dh_auto_install:
+ rm -rv \
+ debian/tmp/usr/share/doc/kea/ChangeLog \
+ debian/tmp/usr/share/doc/kea/COPYING \
+ debian/tmp/usr/lib/python3/dist-packages/kea/__pycache__ \
+ debian/tmp/usr/lib/python3/dist-packages/kea/kea_connector2.py
+ # log to stdout (i.e. to to the systemd journal), and use a shorter log
+ # pattern that avoids logging information made redundant by the journal.
+ # adapted from: https://gitlab.isc.org/isc-projects/kea-packaging/-/blob/master/debian/rules
+ sed -i -e 's/"output": .*/"output": "stdout",/' -e 's@// "pattern"@"pattern"@' debian/tmp/etc/kea/kea-*.conf
diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml
new file mode 100644
index 0000000..8d6a858
--- /dev/null
+++ b/debian/salsa-ci.yml
@@ -0,0 +1,7 @@
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
+variables:
+ # The package isn't near to be reproducible.
+ SALSA_CI_DISABLE_REPROTEST: 1
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
new file mode 100644
index 0000000..8d87da8
--- /dev/null
+++ b/debian/source/lintian-overrides
@@ -0,0 +1 @@
+isc-kea source: very-long-line-length-in-source-file
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..c8bea51
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,7 @@
+Tests: smoke-tests
+Restrictions: needs-root, allow-stderr
+Depends: kea, curl, jq
+
+Tests: kea-dhcp4
+Restrictions: needs-root, allow-stderr, breaks-testbed
+Depends: kea-dhcp4-server, kea-ctrl-agent, isc-dhcp-client, bridge-utils, iproute2, jq
diff --git a/debian/tests/kea-dhcp4 b/debian/tests/kea-dhcp4
new file mode 100644
index 0000000..1a2bb66
--- /dev/null
+++ b/debian/tests/kea-dhcp4
@@ -0,0 +1,245 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+bridge="keabr0"
+bridge_ip="192.168.127.1/24"
+subnetcidr="192.168.127.0/24"
+pool_range="192.168.127.10 - 192.168.127.250"
+test_domain="example.autopkgtest"
+server_iface="p1"
+client_iface="client0"
+client_ns="clientns"
+declare -A dhcp4_config
+resolv_conf_bkp=$(mktemp)
+
+cleanup() {
+ rc=$?
+ set +e # so we don't exit midcleanup
+ if [ ${rc} -ne 0 ]; then
+ echo "## FAIL"
+ echo
+ echo "## dmesg"
+ dmesg -T | tail -n 500
+ echo
+ echo "## kea logs"
+ journalctl -u kea-dhcp4-server.service
+ fi
+ echo
+ echo "## Cleaning up"
+ ip link set "${server_iface}" down
+ ip link del "${server_iface}"
+ ip link set "${bridge}" down
+ brctl delbr "${bridge}"
+ ip netns delete "${client_ns}"
+ sed -r -i "/example.autopkgtest/d" /etc/hosts
+ if [ -s "${resolv_conf_bkp}" ]; then
+ cat "${resolv_conf_bkp}" > /etc/resolv.conf
+ fi
+ rm -f "${resolv_conf_bkp}"
+ # restore it for when we are called from the main script, and not the trap
+ set -e
+}
+
+trap cleanup EXIT
+
+run_on_client() {
+ ip netns exec "${client_ns}" "$@"
+}
+
+setup() {
+ cleanup 2>/dev/null
+ # so we don't have to worry about it being a symlink
+ cat /etc/resolv.conf > "${resolv_conf_bkp}"
+ echo "127.0.1.1 $(hostname).${test_domain} $(hostname)" >> /etc/hosts
+ ip netns add "${client_ns}"
+ ip link add "${server_iface}" type veth peer "${client_iface}" netns "${client_ns}"
+ brctl addbr "${bridge}"
+ brctl addif "${bridge}" "${server_iface}"
+ ip link set "${server_iface}" up
+ ip link set "${bridge}" up
+ ip addr add "${bridge_ip}" dev "${bridge}"
+}
+
+render_dhcp4_conf() {
+ local -n config="${1}"
+ local -r service="dhcp4"
+
+ template="debian/tests/kea-${service}.conf.template"
+ [ -f "${template}" ] || return 1
+ output="/etc/kea/kea-${service}.conf"
+
+ cat "${template}" | sed -r \
+ -e "s,@interface@,${config[interface]}," \
+ -e "s,@dnsip@,${config[dnsip]}," \
+ -e "s,@domain@,${config[domain]}," \
+ -e "s/@domainsearch@/${config[domainsearch]}/" \
+ -e "s,@router@,${config[router]}," \
+ -e "s,@subnetcidr@,${config[subnetcidr]}," \
+ -e "s,@poolrange@,${config[poolrange]}," \
+ -e "s,@multiarch@,$(dpkg-architecture -qDEB_HOST_MULTIARCH)," \
+ > "${output}"
+}
+
+json_get_length() {
+ echo "${1}" | jq '. | length'
+}
+
+kea_get_leases_by_mac() {
+ local mac="${1}"
+ echo "\"hw-address\": \"${mac}\"" | kea-shell --service dhcp4 lease4-get-by-hw-address
+}
+
+get_result_from_lease() {
+ echo "${1}" | jq -r '.[0].result'
+}
+
+get_number_of_leases() {
+ echo "${1}" | jq '.[0].arguments.leases | length'
+}
+
+get_ip_from_lease() {
+ echo "${1}" | jq -r '.[0]["arguments"]["leases"][0]["ip-address"]'
+}
+
+get_mac_from_lease() {
+ echo "${1}" | jq -r '.[0]["arguments"]["leases"][0]["hw-address"]'
+}
+
+check_leases() {
+ local data="${1}"
+ local if_mac="${2}"
+ local if_ip="${3}"
+ local res
+
+ res=$(json_get_length "${data}")
+ if [ ${res} != 1 ]; then
+ echo "## ERROR"
+ echo "## Expected 1 result, got ${res}:"
+ return 1
+ fi
+
+ res=$(get_result_from_lease "${data}")
+ if [ ${res} != 0 ]; then
+ echo "## ERROR"
+ echo "## Failed to obtain leases from server, code ${res}"
+ return 1
+ fi
+
+ res=$(get_number_of_leases "${data}")
+ if [ ${res} -ne 1 ]; then
+ echo "## ERROR"
+ echo "## Expected 1 lease, got ${res}:"
+ return 1
+ fi
+
+ res=$(get_ip_from_lease "${data}")
+ if [ "${if_ip}" != "${res}" ]; then
+ echo "## ERROR"
+ echo "## IP from lease (${res}) does not match IP from interface: ${if_ip}"
+ run_on_client ip a show
+ return 1
+ fi
+
+ res=$(get_mac_from_lease "${data}")
+ if [ "${if_mac}" != "${res}" ]; then
+ echo "## ERROR"
+ echo "## MAC from lease (${res}) does not match MAC from client interface: ${if_mac}"
+ run_on_client ip l show
+ return 1
+ fi
+}
+
+
+setup
+
+dhcp4_config["interface"]="${bridge}"
+# get rid of the CIDR part at the end
+dhcp4_config["dnsip"]="${bridge_ip%%/*}"
+dhcp4_config["domain"]="${test_domain}"
+dhcp4_config["domainsearch"]="${test_domain}"
+# get rid of the CIDR part at the end
+dhcp4_config["router"]="${bridge_ip%%/*}"
+dhcp4_config["subnetcidr"]="${subnetcidr}"
+dhcp4_config["poolrange"]="${pool_range}"
+
+echo
+echo "## Configuring kea-dhcp4 and restarting the service"
+render_dhcp4_conf dhcp4_config
+systemctl restart kea-dhcp4-server.service
+sleep 2s
+
+echo
+echo "## Obtaining IP via dhclient"
+run_on_client timeout -v 60s dhclient -v "${client_iface}"
+echo "## OK"
+
+ip=$(run_on_client ip -4 -o addr show dev "${client_iface}" | awk '{print $4}')
+ip=${ip%%/*} # remove the CIDR part
+mac=$(run_on_client ip -4 link show dev "${client_iface}" | grep "link/ether" | awk '{print $2}')
+
+echo
+echo "## Got ip=${ip}"
+
+echo
+echo "## Checking leases that match client's ethernet address ${mac}"
+# this will break if/when we close LP: #2007312
+leases=$(kea_get_leases_by_mac "${mac}")
+echo "## Leases:"
+echo "${leases}" | jq .
+
+check_leases "${leases}" "${mac}" "${ip}"
+echo "## OK"
+
+echo
+echo "## INFO: Networking in the ${client_ns} namespace:"
+echo
+echo "## Interfaces"
+run_on_client ip a
+echo
+echo "## Routes"
+run_on_client ip route
+echo
+echo "## DNS"
+if command -v resolvectl > /dev/null 2>&1; then
+ run_on_client resolvectl status
+else
+ echo "## Skipping DNS info (no resolvectl installed)"
+fi
+
+echo
+echo "## Checking that the DNS domain \"${test_domain}\" was added to resolv.conf"
+if grep -E "^search[[:blank:]]" /etc/resolv.conf | grep -q -w -F "${test_domain}"; then
+ echo "## OK"
+else
+ echo "## ERROR"
+ echo "## /etc/resolv.conf does not contain ${test_domain}"
+ cat /etc/resolv.conf
+ exit 1
+fi
+
+echo
+echo "## Releasing IP via dhclient -r"
+run_on_client timeout -v 60s dhclient -v -r
+echo "## OK"
+
+echo
+echo "## Checking that the lease was removed"
+leases=$(kea_get_leases_by_mac "${mac}")
+echo "${leases}" | jq .
+n_results=$(json_get_length "${leases}")
+if [ ${n_results} -ne 1 ]; then
+ echo "## ERROR, expected 1 result, got ${n_results}"
+ echo "${leases}" | jq .
+ exit 1
+fi
+
+n_leases=$(get_number_of_leases "${leases}")
+if [ ${n_leases} -ne 0 ]; then
+ echo "## ERROR"
+ echo "## Expected 0 leases, got ${n_leases}:"
+ echo "${leases}" | jq .
+ exit 1
+fi
+echo "## OK"
diff --git a/debian/tests/kea-dhcp4.conf.template b/debian/tests/kea-dhcp4.conf.template
new file mode 100644
index 0000000..2addefd
--- /dev/null
+++ b/debian/tests/kea-dhcp4.conf.template
@@ -0,0 +1,71 @@
+{
+"Dhcp4": {
+ "interfaces-config": {
+ "interfaces": [ "@interface@" ],
+ "service-sockets-max-retries": 10,
+ "service-sockets-retry-wait-time": 1000
+ },
+ "control-socket": {
+ "socket-type": "unix",
+ "socket-name": "/run/kea/kea4-ctrl-socket"
+ },
+ "hooks-libraries": [
+ {
+ "library": "/usr/lib/@multiarch@/kea/hooks/libdhcp_lease_cmds.so"
+ }
+ ],
+ "lease-database": {
+ "type": "memfile",
+ "lfc-interval": 3600
+ },
+ "expired-leases-processing": {
+ "reclaim-timer-wait-time": 10,
+ "flush-reclaimed-timer-wait-time": 25,
+ "hold-reclaimed-time": 3600,
+ "max-reclaim-leases": 100,
+ "max-reclaim-time": 250,
+ "unwarned-reclaim-cycles": 5
+ },
+ "renew-timer": 900,
+ "rebind-timer": 1800,
+ "valid-lifetime": 3600,
+ "option-data": [
+ {
+ "name": "domain-name-servers",
+ "data": "@dnsip@"
+ },
+ {
+ "code": 15,
+ "data": "@domain@"
+ },
+ {
+ "name": "domain-search",
+ "data": "@domainsearch@"
+ }
+ ],
+ "subnet4": [
+ {
+ "subnet": "@subnetcidr@",
+ "pools": [ { "pool": "@poolrange@" } ],
+ "option-data": [
+ {
+ "name": "routers",
+ "data": "@router@"
+ }
+ ]
+ }
+ ],
+ "loggers": [
+ {
+ "name": "kea-dhcp4",
+ "output_options": [
+ {
+ "output": "stdout"
+ }
+ ],
+ "severity": "INFO",
+ "debuglevel": 0
+ }
+ ]
+}
+}
diff --git a/debian/tests/smoke-tests b/debian/tests/smoke-tests
new file mode 100644
index 0000000..9aa9592
--- /dev/null
+++ b/debian/tests/smoke-tests
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+set -exo pipefail
+
+# Check that the PID files are in the right location
+for f in kea-dhcp4.kea-dhcp4.pid kea-dhcp6.kea-dhcp6.pid kea-ctrl-agent.kea-ctrl-agent.pid kea-dhcp-ddns.kea-dhcp-ddns.pid; do
+ test -f "/run/kea/$f"
+done
+
+# Check that the sockets are in the right location
+for socket in kea-ddns-ctrl-socket kea4-ctrl-socket kea6-ctrl-socket; do
+ test -S "/run/kea/$socket"
+done
+
+# Check that lock files are in the right location
+test -f /run/lock/kea/logger_lockfile
+
+check_kea_version() {
+ CHECKED_VERSION=$1
+ if [[ ! ${CHECKED_VERSION} =~ [0-9]+(\.[0-9]+){2} ]]; then
+ echo "Version [ ${CHECKED_VERSION} ] does not match X.Y.Z format"
+ exit 1
+ fi
+}
+
+# Check dhcp4 server configuration file
+kea-dhcp4 -t /etc/kea/kea-dhcp4.conf > /dev/null
+
+# Check dhcp6 server configuration file
+kea-dhcp6 -t /etc/kea/kea-dhcp6.conf > /dev/null
+
+# Check control agent API
+TEST_KEA_VERSION=$(curl -s -X POST -H "Content-Type: application/json" -d '{ "command": "version-get", "service": [ "dhcp4" ] }' 127.0.0.1:8000 | jq -r '.[0].text')
+check_kea_version "${TEST_KEA_VERSION}"
+
+# Check control agent API through kea-shell
+TEST_KEA_VERSION=$(echo | kea-shell --service dhcp4 --host 127.0.0.1 --port 8000 version-get | jq -r '.[0].text')
+check_kea_version "${TEST_KEA_VERSION}"
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..7ffad73
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,6 @@
+Documentation: https://kea.readthedocs.io/
+Changelog: https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes
+Bug-Database: https://gitlab.isc.org/isc-projects/kea/-/issues
+Bug-Submit: https://gitlab.isc.org/isc-projects/kea/-/issues
+Repository: https://gitlab.isc.org/isc-projects/kea.git
+Repository-Browse: https://gitlab.isc.org/isc-projects/kea/
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
new file mode 100644
index 0000000..2fed2ae
--- /dev/null
+++ b/debian/upstream/signing-key.asc
@@ -0,0 +1,308 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF/u5KMBEAC0hPiTonjYEe5FqNzFn73KmcN8KGD2wzujmWWLnFXGEVDEpFcS
+ULQDshhCclwNeXUArUey4nficwpqUe+Xl2h4dP4z7yh3WiL5nA5JRjJjw8KJQGVW
+AkgiZTnJHH8DrzNt9LnDL516qMDJarTHemDUUUZLNxnuv0RDEhDxsXWiVCQZZcw/
+41yIY97uCf30dsDwnckVl3iEmYaGTYavWbKP60S8WaxO0YG57RI1etmlIQ0nMmka
+4bvFnwwb9Jdnwle4LIiRMCGymsheaKCKrEZgIJY+idyBuExLLykiL8iNBj2Pzi7z
+XSCniH9qcEwfqgZlP/KZwujLhGOc4c4peNwpuDGcmYZoAsUD8CZ8H/LU1FIR2A1u
+/UrRREtC8nNTDGxCckSMEquHNURfMk1QmDbJ9gaa9aOk0AArxuTxyj6Cn+KQd5l5
+0mN0R1sDVQq9xWdvnB7N0d3MDhnV7f19iUhi3KYvjVTkCMXjhNXjDH/KXFKoFhKa
+9SkxYGfW25inwSQoqbP1TE5+rESf57bo+XFxfVQuYfVJ5BlZobz+sRl2iDQyBJDM
+uDFyXE/t+E76BmwyHeOI1weqUMYebqHgu0x76dTYj9yWgWdQAC1pXi15/MTIaOtQ
+hWezb5rkI2yZqaZLaRBOIRBIPM5C5AOjL2XbfwUuSr2W4+TvxLocxi48DwARAQAB
+tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5
+LCAyMDIxLTIwMjIpIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBH4ckayA
+MKWlnR76uXUPPIdyPkASBQJf7uSjAhsPBQkD60WABQsJCAcCBhUKCQgLAgQWAgMB
+Ah4BAheAAAoJEHUPPIdyPkAS0lMP/2IgMErScBUaXrZXqYXoluR8xU0p9DyZEBx+
+ZGNAcJ2CTPAbn3FrkNGNpK4SOCLXEZPKOQ09umaIxl8H6uEGaTut1JLj1qGaZ8ID
+4gAeQcTIN9OQA5ElQo+ci20XE9JSvzqY1zb04EkMuVL678xPCYJhUSLS0MAQkcDJ
+JQLN17SwNi4vGqzVhnwKUviQU9/s+LRUkThsTg4qT0fNnmGoVJXqrshxJa2ZWM6J
+QtOWBgJiC6xZ+zRiZS898L0tekU4o9yxtnnDWry2bI+mJbxAp94ZAXgKahOU7LKV
+3SPxkx7TAng24nOWi1EaP51pe7usTFH1BR3CUHZdoIQ4xruZGkt/qPumskofzl+1
+8bw1bEFbq8S6jC+twT3JUcE02HbEIbrd6l2T8pYBXaojFggGjUTSv9d5YUN5N9U/
+/Qy0o3xZwHNdXLx6xSrUO+NT5JU1Nh/0sutEH7ru/YqFZof9vfCbV86y8fIOPgk8
+LkJNUSu4QCJ1PHKB+fJp7yAhlPkOXNG1b9+W/hVp96rdkovpCUkLD83s+suQyJGk
+QB7Qpem7nS4zp7/Naui+g3M3p/uRSzZgELTnXNyY//bw9fOqx5SDLjSUslUMz+TH
+sFTwfo/Mot70MPHMe6aE6tdTDoJTcv4Iim/8MDhJ6yqKt8sxprataZoWwFi6zAF9
+BzWkJcrbuQINBF/u5P4BEACso8iLzFJ+M1wqcsCDup+GtRMzte04CAlLmaLgyzfL
+3xxBo4AUgX6UbUCGycG878JVn52S6Nsl6FlasmyH00MGjZt1CuNz4htfSmLGcBMj
+IwQv1CYR8bm9EPwR15NaWdgzJHShCduMHv4HdfqSa6UQfzO/P8mwioER19fkDQSE
+U1KsY0yl//ipWiW3ZJGShGHLnn4YbxogQtsRPESKUsQ9MtzuMt3ehGtkN4RguOXC
+6pCWP8J4F9lgjSZ+uLOQKV4rmpbSMXntOJi2nu+14Zj36enW8xyAXO/w5z/wci2G
+LN/aa/v2a3GM3WJQsPNzpDwB+pr1n0Kp+wK6K7siVmDoV+WecD2KNNgOuSyUve7h
+BjWRM9W13LsgLGhKJA8yUpPvhXk91vLRUhwFJ2GUirxLPLs2TSTjHlHvhcPy6aX2
+HxbHkcOt53n2h0zx7ntl1N7XHozMWmHphPsSvOZ5StuQRAFvfE63EyfR84KUPIbZ
+kvftbAJPKCJC8W6GqhfORzYZqldDNNva5iYHF1OItF79ZLGI56diNsBV9SOVKk4d
+f9Qp6urYOd+9RGQGmCQte/WSFaU9z9QYPEGl1NlmGAWt7KKyB6QXZH1oEMwXtPd8
+4GQX3XGtyggEp6BGwkFFWRQzF1EZ0maRPrpN4bpQqLXSJiqQxsX+FAcOkhpo6X7b
+8QARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5P4CGwIF
+CQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQTpq255IzwEFuiZP0UMA6+pClln
+xAUCX+7k/gAKCRAMA6+pCllnxDtmD/0YCUccmKudW9PiQw7mI1HSuwL6aS+MlG6/
+LJ79nmi6TTpe87NDcEv2bBpVWYcQK87smCxIYyuj4SCZuBQivjyuecipRoG14PUh
+KU8UiqdF+vKDvUAA7huOBlR4dgr7/KvjirnbwO3mGouwZszDOLvaHuO403+TPm1b
+mJtEA9y6Wbk/+PTtfPymQwnaiJkPhQ6Q7ZbyasRIisO3MRPacUjt2DXFi5VV/Mya
+8o5Pae3zY+5SjMyE2siPnVE4/nzp424jDzSq4DGEUip/x+QYHFwxhCJmdZlRIFmn
+vSCAGXBpyPVbckC0Gw8kZ8HsGzNbMbx/VjDG3LFT8TR2Djsh99/6icO1J+jDkPNn
+IFEsYjAw7Tos5IPhIT1XkSCW84KqBG5pGI5h7fJzf19sR7Ki6XyFe6VYvggeQIS7
+VN1ISl3tRN/dk0GbrKkUKr0OVfaRD0wXQHTzbec8Fs43G0z/DKoFutGB/J3yjAmw
+IOcP5R6rqjhVp4APQpsB51XCaaqEXaXZyMWrKILbPIjlE6FHeh1qd+zdIjullnF2
+YZv89HU9dIXxKr35CM8f3BWm4D4cRjsUOWoGhMNwdHzHYOdys6T72KBK9D2irz8C
+L0bycjN+SIpde/auo+dQKqKD3/ipr4dyKJyOUsls9cyhxkFp031cZ5rWbXcLJ8/s
+1BeVPjFCngqPD/9rMKA6kCSnTo+rSqZRxo9RlQwy4K6xfPPdHZvBi3A4UYCsurgl
+qLtFtGG8SMWigmUZWLT6uhsi0orR5wfG7vzajF0Hcd8yuWa4zGeu0rFJXgG64Pyj
+nJHtv2Tzi8DNY5Y+8mfXqUewyEUXQLxnLqpGlPjNUAJKvjm4SstNadewgWeb6F8x
+UQJc8owGmK5+yZQ5LZj6bjt9Dr3SCM3Og/iS5XK5POGUJgtgXLXp3uy7p9SzsJ73
+qhrDII/YqSwToMu8tUv4xEGxyceVPDm+ywde5SXYmtvMYrq5DBdlalZ9kBlC5fyc
+IIzKoIOOkKKpa/YAyKdLTk8ZByjDk1RrdcOyP4VNpCvyisf6JPwWfKdM5mxf47hb
+s7zioUH7miUGA6i5TNi1e+DU2mL92sJwQ0WkHw6KaUez2Y9CaD8hZnQw/h/JcNq6
+nb8y0GR8h7qWms3K0rtSs8SuDXUsdZrFAeURivccmohXddtt0FDzkheKGXs27SSl
+8oOCh+jl/hEUzz2mJGFwRBo0FI5ipN51IfjhMJ8zzSmvfrtdwT2Tu6wSY9DLsYR7
+0tWGOc2HA6o7kdcC1V0p2jvQct281FrC9dTXFgcDuGUBYhzEZeWwjuYQXBzMquF6
+ersVnPo/Z5l1SnkK+wVBQbf4igHOaobl0AQxnb86W4CXBTZ3CvRq6o8vWbkCDQRf
+7uUlARAA7oTlVZXhdVlPnSQlnI5JwovG2jEIrRifpbyavlhlosX+rgtQ5EILn0DS
+PJ35CNfOAeOcLQeRrJAZj6w/x9FHWfKRAHUeiTTsVDzTrDyJBCVuC40ck587KVUc
+GuB3vee03/y8qAczj5TZNaDdl+4qAzOFQuV4MjwJOx5fsXZw3dUAS7pw1mTkAYTh
+nz557buc8JJCxrebT6FvN8bugk7LJ8SYmI154Q5wCdXB6Q42sdSMFlKKPYRRmIvX
+vI4Ytl/J35v43gCLbXccTWQpBX+ra75sndS2hYGQhcC+WdNtt4THgU6Sb7ErpJK7
+7A1r1Wf0WSioQ2VWjT0QbUE+6IXD1J8duh6ZgzuqppMm13aDdMDZGwdcxlFw+vlo
+bM+IAX+QgzPjslM3FHVvvfCLka+ctMO+lL0bz1G4njNEXcIAILhmoqRI4ItVH7Nl
+ZI3pAfLLB4qbhTKTIiS+uIoA82RU86ozr5oJZCsJa5N5EpJnYxnjv2tYhU42eh+j
+hyM+5ra1dXtveKvL5SkVuRUlPZvgOuwQ14Qnj6sv8CmtBpyVpupHmY2RbNtLVLdH
+Ix3lyQbgVo9iMJIoXiPXmcRWCgLgOeuETjFXsEcFLxuN+D0My0dtwWcg+271vtPn
+0orTObxkctFK+V32ByJYxVvytNCW245bICpxCicxmh5kYEmQCnMAEQEAAYkEcgQY
+AQgAJhYhBH4ckayAMKWlnR76uXUPPIdyPkASBQJf7uUlAhsCBQkD60WAAkAJEHUP
+PIdyPkASwXQgBBkBCAAdFiEEqtu6UHTxQC97adVrxbTukxqfnf0FAl/u5SUACgkQ
+xbTukxqfnf2aeg//ZspIr4ETVf3ai0dXCm2Pf6gpM7QUfI9fPUHymvBhNrNhfZqN
+ADpzbJefzLif8as7kUr904zTc5Jse5a0MzCrMyEwTDIoCKDv2ktLq1L20bwflZs+
+oP27CYC5FkJYgLYPrQZ/7hRC8EWjgn6v3seJtEo8G73kiVEBOnxVEfGZ8zxmX1Cp
+aOWfhiFYCmkEe6Ck9hG+OaWt7+WW0wWT1UFiluzRRAEMROcCUtyB5IPCqCH/Rz/m
+/bE6G+lHZo6OY/wY2q/oW2f9JB/4QyJeSI+fkjY/wDjfNQjiPMLfZctv25IeZYVY
+ZvIKrdnjbzRe+GwYLg5G/SbpSOEb5O55Ps8mNUpYFaMCfefW+DG48a4WyUGzFr52
+BMKvHKtc6c7P3+muBAqcNZYxRqyLIQiYiV9CCjpIV1WgUeedroHUXvJF/SAvNVvB
+ZR00I/D2hsD9BFh3B1FEYbw7GuYuG27Z6fgRolOQUeTabjQLI386SV3IxZ1KFwm4
+GU8BTbUA2zwT3hu/BaaCI5jTSLyBpdo10b1wgMEnqmXG6AbNdxFVEWwE+CE++BHW
+0YBhKp8fghHwwN1fwTCV+QyA4Qn6EBVDkTrUPKqTeCmHzt3AQh8WVrsmrodyr5Yp
+69LoRnlkLcGJiOCKMOmkop9Z32ckGieYHrl24Dw6hmUSWDG+pBn0ezbSPit3FhAA
+qD2y1VzqxsaCOD634Ltq8AbvphP8XZPrrsC3DIA36ITaCQDa5Cn7madLCXy/uP6N
++tojtzXf4tUzumwGJGFLtdMXNmuEuXrj++NrU1xcscbvDn5O4NDMadwI1EDlQo7w
+uWK9jaQAVhF7iDEBEazZe26knQFxC0my4SyO1uQaEg3BKHj6z7dkAjzWJaQZhzql
+yrRzbCiVUUI8ZkrgM/+/6NJohUG/had6DoefgK6H8/yjgVx1Wtx+XAuBQ2cvclhc
+TAmHs128dWduNHxI2Yx+uM4kuHYpPKBwdEh91ZNeNqtBJURfSVjBCjKkTYiS7kiv
+XyvQOBdZVeSVpj/QoAfaUlQoBVm7aF6xf7GtYlVzjMsLYdpjXhy4ZbQQVUuPI+1f
+yFkw8PpASZ3gvO6KQ4V2w3hOYAxYQ1kSwTtaA7+18nyv65VolTmAotmLun94UKn7
+zjopByBnC/XEqsU3tibg9A7xQ2KUpWkpmG35f4ZR9aEIxSe2Jmm+Se0JfiAq6Szf
+dyWvr/TzaS/BZL4WEPk2Vw/mzWEPZOscpIkBFGK+Ul7yuXvbrbwr+zmAikHmTb1V
+XfPb9eBnwDDuRHhLBym4FMrPjzeziAxxkScTfDjWq6rvMmaEe1CX+dj6ldx9Jp9d
+iUngol89eSgAQOtptjcit5o0Y0Mu/RF6KIBG89ghFly5Ag0EX+7lVAEQAKFx5asK
+W7A9BNKPkaXgym0AlW2szQR1nwxi3APLVLS0Al9Y/3mnBbYyO84HDr82AtMSWSMY
+UZIKtkUj2sVqUb+xHOPkY/MenyoBrCl2qaTVJ89nnWMUjtrX2qk0O09+ByoYXTit
+BVPAIZ/qZfGNB+Dsp1haNKRdowkf6WXkw7A9dHB5isVmaM/Z0THNJRHwc6mcqbEV
+M4fDL+OCx6m2KQHTHirk+OE9Nwral82IIqj3d5UBHmjHAbQNXTDzZbWg6tYbLN3I
+EYxSRQpkJZIVheyBmWFZuivm4hCDZxJlZ1sgxQeIZk6wR2LBR6ccTW6PH11PhIpr
+6O8aQh8JUMg+/aJK2eQXINozYdjOTUjnWAUeUqML7Pg/vERRAgHXO9Z+NTIEWEOo
+Ee+8WOFmrmfjb9Uz27DtymhUjOl0ryiG6F1b90t1rZvVKWR2OaCUhICm88o3MCgb
+HFeOh7v3tnQb2Uot7kY1hgch6j1MNYWGb8LjwoTAmx9okEv9mh119k+SdVJP6wsX
+ZtL4860vTfTw6RQM7rkZBzTyf4qCvU5uRSd2u6JqtUhw4m/gkKQyW8jLEkqX7JaT
++iEBgPzjALvfSWDbDgst0szqU5jltYpgjG3On7/ZGFFJrkB06orUvovxLThWWvm1
+iugw4/av3n64hl/yfxvKQHLQA3Kfkjjzc3oPABEBAAGJBHIEGAEIACYWIQR+HJGs
+gDClpZ0e+rl1DzyHcj5AEgUCX+7lVAIbAgUJA+tFgAJACRB1DzyHcj5AEsF0IAQZ
+AQgAHRYhBGFPhWcuJXtdQn6ZBiGZBzrXgrS4BQJf7uVUAAoJECGZBzrXgrS4jfkP
+/ApYZIRnBL+LdTPYdbZDYXotkE6RO6ZsPdcV1G6na5jJ7igdVuvoz5nP3rX+oQoH
+6k9DysQzyh/SkXRPnbOOyvQsI7atmH7SkhNn7ke8zmEJLzApHA0ZMGXtBJHQkZwA
+5LDWIQb8HbtJTBr2DyJcQdpRmP3hHDgyYgwg0AUG/2JEwYqps+/pqJCrLSP+GLOA
+ia+wRH9xwv1Vl2gIxWXqEO6U3puqUg+0z1Av4Gj/xzuw1F3eLrOfgklhpASc8QtC
+89kx1nhFS+OybQfRAH7YN9DKE5L1kJxQ4t+uW8TiXf9r+MdcVMEI3LATZRtgowFc
+493g7EkTppmqabFns9OamyxXdIzLAKoKvykr7HPCBWUnZn2I2RrcGQltRBQlR0Mb
+jO+sFi89XnFPwXIw/t/9zoq1bXCGTt7H5RtrfxC1wTYXqLEdV9pptNj7j5mlff9g
+DMw1v3MfUxbz9gIDzs7ANnw3SkWi+d0v0bLadWdItkq2WKvvgB58NJtKPc8Jwilh
+nO7W31U/kv8FR9JcFXzS9+Y6ejIClF4FAwr5tK07N/xSFAKEs5kyAYEKxP6vI59m
+5h+tO8cws+pi4gqfWa3t3b+dVzKl9AIkWAYjq9FvbfiqZgKTlTviSUMpmK5qJVld
+72+NiolUVniJbw9Z10ps4G4zmXSl1ZxyKnehUzcKyPieEEsP/1/tctQx1LhVu0TJ
+RLtWrE523hqxpqDdF8/QrNp9dX3YVoEkMQW3YYir2oERtaosWXmRjldq5dNfgtwc
+lhG+/CP5rxNeCJlI+b64pC/yQMCrbz/V74aAipuv7ZZMflgr7ZD5i3jyM/7/AunS
+qOUPwkKrjetNF85eibeO7c0Y9/HhILkLQ8EoNfJshdc0/scwMZEpLHTMAHSrxCAV
+FuhLsF9epenA6IbtuMsp43aSxshX05RH7F94uj4VCMUSs/90viB5njItpPdZCqUH
+eXSvLSjxqsmS4Tz9Dn+uWvxleBLRRcpZykuNLGgwVXafWftWbA+U9KaJnDWFdzjJ
++gAsWfHfFBOa1RfXYP++e+VJflcHaEZ4byLG5Zf1HqAvvcaShAVuMXY1hoYJinvh
+uk1zJRW9dP7apZx7BXWxbWcn8LMR5GFfunl/M2iNASmkqxJ9gvy6TBRWJu2QeNbN
+5Ks0/GDUawQqvhmM3V6zFQWVsPwaHpufIaGqnKC2gXaIHXPP0ldyXdLXwgZ+6A7D
+IEqHQB2BDbiJtovk6GaK8PUCEHTiDmRF/mBzlpBJOn+Hc5ELufgr9E2lkrKJzFag
+CBCucNhVEaUedFrycxfSALing7DJPWb5cobu9K+3T9L3k57XgxSAj+g6vOxHuxHL
+ve1IPheCWfkKpJH5faFDWKpJYYPauQINBF/u5YABEADgWTS7wFA39XvpWNHSfAAR
+2/nlGWuTvD7zoirzUwOd2+I2XYwgl910KsznhlqDrHZlqKuGRjQlbpyTbsOH2N5k
+IE+0uEXidU3iwslSZ33RLL0h9+czDnlgijYXLCg5ScswBEC1E/kXX685AUCTPX2n
+D1+Ymxxgov3AvItVxKDd3N5ERsy6hYWPK4ACXt47hJFqPfPtnQe2IdFkRm3bOuX/
+X79Kb5N6cAoao65Tpsix1pm6tTNww0+THzIWzK/yhi1/tUOv/QJMEVAxeBAPr+Pm
+mvjHvsI9RNQt7VnoHVkqJhPDxyQZR2IOVQXvlYyCtkPA4WQlyxLzWM24TG8xhD1v
+zZzA8qs//o9QI8OLg2ZYxplC4lW6GEZk3GnrTXs7bW6HUq+RlayIbDw7oMs30jAv
+YyDdQpZrYuZvsWKbKu+65Yi3M5kW0v96LT3ueMJaL/RanL9JhAWuEqyezffsBZ5a
+88/i0n9FJ8cQ1fZq2/GLq/mN2JZ3e/HSWynTnlmk+qGk2bq0cRFJNHAs2HNAm0Id
+pjSFCPmek9j30wp2c2knML+SsSw5h6570mwILuKwFr6i2hyFlPk4H7nP04vPQ8P2
+Pu5O/Cfg9rPSBjIi9FsNS8/a29sSuOmsSGHZnMrVUpGw+iKmx/jVejOtqe6hYydu
+MSQtIU59E2fq5TM4tub6qwARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88
+h3I+QBIFAl/u5YACGwIFCQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQQjoUGa
+YHzyVyZWN3UsTffOV4ELlAUCX+7lgAAKCRAsTffOV4ELlDerEACBP9kAH17GHloL
+XJjd1IHttRWU2Qs/VV0H14g14hgRz2/Qa7KRR4mGrXPKS/ctMkDXwlvs4HPUTeO4
+MMT38hwxv54AjW7CtF8DR3EQFXKR51roICQognvqpPe1auNERdLzAdcn+NoHEQB7
+eyPqjQM3OGGq0SVRwNnv777o+Kd8Ncv/4fR1xvA20Ds94G5vCYpHB6J+lPPVXBmz
+rOYSf+QZWsXjAZdnAAYkpEjfJhNrqvqSoRxZ0dweCqieenm8Nzt/vdL9nT3+4AGy
+5hmaAG2ENj5AhI194gtgACvKwCl5hF0VKMhtm5d9SWS+1quHzgn3UFh3VZrfjPid
+CR64mIu3RpZe7EcR+lMl7gCJxdFlHVD3z1lbz2V6u+xH4ZsLrTY+v8kDxzY8ojM/
+zDbnlEK+xzA9akhlaD3D3wKXRVuSlrxfEVv14mwKN5AYHN7bLL3bjOo9WYtLznH6
+Av4GqXSQ+LOl0+6bLKmD68/N0q2IiZwUSOsxTE1fUdYPF8eiN8L+35Qt0jwybieU
+a3JYtmO8EW4ZEmjJGwKgyrf+eigJN2/0AeBwcJyUw1YfzaqqS35NNyn5eKANyFQ2
+ZhIjuXRyBOoUMBAx2TSm7FGeFOIw+aQgap6HuGbZ0EZBz6hr9ogNC9FVXCPENKo+
+GdTGoIEs0n6gGOPP5ssp7xUK3420AM3HEACSmYaNC1Gfq2d81fI0TBJ9ATCRPo14
+MjJGiWaFaXoVp/lQeOvlX2JyBG2I6fhMGPGKntCfX+/MERLNAiahQgOjvnOCQdlL
+hbq+6loQ1eSTX2AXpRlQpvyxLuebbM+HX3N/9mqAksgQdljmqoJQbiE/HqXqjmKe
+16ylU3Rjabyc2p/31p7hm0IJ/3yqDsM06FUBJ108SALQyVvKqRA6q1t/Odb3xgt2
+isbCEgvhJ8kYz3LQkvTW75rSa1cM53Udd1rbyo1t0PaOSGeUZw73/nY1+6LtUEg7
+Q0x4ohL1UE7z7+14mAtn4OvGDuZJil7Lf4cPszf0SFoHPs8iUFpSorBwn3u+5ZXW
+NYFblPU2WK3O52qZqsjuQI/gK7uQhXjJO5nA5M8Yv7bVrbLMOj64hdOpNbd56Ycc
+qwYbHZL3WyRAN7TNg5ZlHgIVac22StawjXiHWDGaAXpCaHJn8ryM3LY+LTz16R2M
+bi+HVaw+0fY9f/mIcOdT6AyDg+V200GkGXL6aw0LZkBZmDin+OMmL7AS8TZ4dvZt
+zj+sykcT8DsaFj5Au6zHJoCnsuShMquHOA/vcUkhoe8/E2Y2QdiX7zwDM8vFM8tX
+DujFLNPIZuItcVEpE3ysFV2ZfVgBXoxTlZUQxdgJBQ0zg6Ez7rDYEAhVqo2gY9sk
+XtN80X/unsjGSbkCDQRf7uWiARAA3i7pu8/QvukeIBoIk1V0GHGPjX+GeV3fR4fu
+ciYgx+NKTXT/oJ/89KVeetT4CSnGEZcEpAvsBL3hsiblJYyLVmeoCniFlU+rMem4
+zYP2PnEX70Q56d6SjBArs3K1FZK25S5qqv5ceM10NVRwPufV1RIuui6mQLm2ZwlY
+JyyANZZXMrHMJdaHpK9mMBSSF42MFQZhcauQCrhMhcpmZKn0D2+PpRveYwSr43Qi
+qBWR2INTDmj/V3ERMviE7vLajWQcmDdcrBp4u3miAJcJSn3XR5SiuL5W77jFEzgJ
+zR8yTC4hWE60nWJOk8UrEbpLyr7mBE0Tr7+1IBMgVXh8WHyzLE2ENREFvtp8KlSS
+y47Ky9n+5aqPI4M7epMNwU/ZGQnC8o3yX0zZL1tKq0fTAw1Ly4NGE1gRbmzrQcCh
+qUHg/J4KFYBMg8eCAzuPp4CRk8wUzu4fRWrOraoz/7bvhH8ilgPu1teLLKzDdOdx
+QAaiz/nGy00ICNbYqifR5m73K/rDdjtIqgsMp9Az0mEpgVNq8SPzM5grqAnP/iww
+QxwFftiXq/pEP2d8rn65e8NikN42Q28PH1D/uBYnOuVdZUvjU9wwywmfyr+NZMaH
+X9sN8R3Kk990W9VxwdOTITpAjz0qMtpE7i/GwPEtpZPTIfl54+cVKvyUjBuTXkWn
+vXN+6MkAEQEAAYkEcgQYAQgAJhYhBH4ckayAMKWlnR76uXUPPIdyPkASBQJf7uWi
+AhsCBQkD60WAAkAJEHUPPIdyPkASwXQgBBkBCAAdFiEEBjEqvVaiYb6sKxATk1aQ
+aqvQi4MFAl/u5aIACgkQk1aQaqvQi4P2Mg/9FXfsIZAgPN/Dq95y1fHG8jsPXEoY
+VNY1codxxAaNqvBXZkfJbFwSYpLY3xIbyxHuGuOtC9NpIy9M1+PR7MsxtZAvSjP+
+flP/12x+6nP2H3NWOICpsY1tNOnQe2SjKJxZXHFnDqDBgKpv3QfKUHmYEdExJe3p
+NQrjZAgmdbEHeoj+P2VV5vqRrJoqNV/pUbM9czfEHeMVMm/mwWNOi/paCh1y/PxZ
+Mkj2bqLMRFfML9O/7QOJRxu3wQwl6jJHj4o6CHks6t237FSB+qZhhQP+vR2CZl5w
+lQ4trw0wpNgbZRIMlU3tUfFQ+KdFsM7UqwzwrVgWFur5r7KrFzJN88EKSplrIY0q
+se6S5b58H7Tw1jtfjb/xF6jQz5aoZ9xemd8roLReRpKPq70o2eIP1HkjCtqmd5Xc
+RQaVEUvlv34WZQ5w2eA1bEBESjbrKhX+H0Un0msUS0JpnpegRNZqW3Bedeos0usy
+MsfqMYmZEcZb3hw51XnSb8B/WhkSmcoEuECRxeCu1tw0pn7o4GemAeqT5ng8LXeE
+RJhrUTlCIyRab8TIQZvmf6XjneT0stZLKCoZUXO+7FH7F7nPsew1dU+WFIauQX71
+PkZp2JMT7W57HKPuEillF8v5+H1k9Jq/2k+ZdgmT1Gd27nALBOc7q8rr00Lf6BU3
+K+XsfWo+p08CXKudfQ/+JFzzpyKeX5nVqiqbxqUakPy/Ot010/7457YVpvcLmcvT
+Yn4cR0dottl96lp5wT1jN7VXfZu/tsHEtTg1ofeExNuCL8DZVsSN836idRmObhLP
+dnYmThZcXBJ3RgSniQNwvuuGUtpH7OXb5vnAOe42+n3yucxhPI9Gzo5g6fTqWwb+
+qwh39ydxtiv3v3jgFixJLj/HH3MsxTm6cNUTWNLzvX+HugBeuOfyDG9++fe3UmZe
+MczAF9N9tDFP+0b1diXywJWfSdVLBmMARYeh0Swjud60SQLTqaqXVfPSECGo9LVc
+wot2u4q67QhUC2OTKiTkF6QVE05iKoPEPkCTmMvSpbHF3ERZE3J6YsVg17Uc7LrZ
+7DRRF+03mu4njS8LvIoeBuqsB96mNQNH/PwLSANWTtclCwj2C9W1HKy3zKjnu3kC
+PHLzwQFEO28TE5EsblnBdA8ozNIV887V7yw89MxPhpuXRn8BVAU1S9Dj7j3mNHLj
+rVAgZmr/nx3oDt8VfOZpK8u3u1voZdC+cnTBdcG2gzM8Ya+h8C60Y8dFzykr8hr4
+b5gDeDI1OkQ2vOQHtnQPdscYKl0v1ntHq2wrFuCIol4WneKh3Jrvdb37cL971u4g
+dpw0jTO/ykCvLlipxjJ/NrnXFb6TriZRgWZqiIwY2lKEfZDXqc/iOa2L0yBr21a5
+Ag0EX+7luwEQAM/CQdinTzIHaEJsCe42g6tt4dBC/UC4wD367rJcyJbEd+qaLJwS
+CQUbg/wrEdRT+aROHVKLwrvXxtgJs0x15vvFTurkn1BnNMh7p8woYwip7PKrNn2+
+96Yg7Aqc3a3gkDQeF8Q7uipOH/5feJh6l7Iu718pvnDUw4UFZt/RUrdqseFXVwr/
+ffSalLx7gJhL3mYuU1qpJZxsonNwAS43eViagI0FHSqixB5kPgFcbBf3BIiisOCy
+a1L9a+zSt1y1aEFC7m+9YlGJA3C0/X8s+dK0VWOrJlP/WmKUp3Epxpu6srsBItcT
+YMuGA82/03YAJ+jpGMRb+X1Dq9vuOUxvDjG+G10Cgew2EjiAkXpVg/1NsCrQWRbs
+KtFf5PXGfKCO0i8hEzwmJLd5OlNIIiup450iX4eS77Tey69hGyweLIC4YDPDwFpp
+bkDdRG6nDvePbEHi5z1L41NaWNa0wEyh28OqrmD0FCcGukk24pBVemVEx0En4siQ
+la6/1QXQlG/wTi7Yi71V/4oz7iZ4lSPWs0ACFGD9W5InlRykiRXC1cV27f+qMw9u
+Y6UbgvN70cWflK5C7e2h/eAQfxj+seYFUjMnJTkXiZE85m63p1Yu2A1c9+jqJ0L3
+Lfn5YIQdtWdY3Qc1RIQYPVRl5NcgXIPV7TwjvnjowuHjWX0IQbhv61lNABEBAAGJ
+BHIEGAEIACYWIQR+HJGsgDClpZ0e+rl1DzyHcj5AEgUCX+7luwIbAgUJA+tFgAJA
+CRB1DzyHcj5AEsF0IAQZAQgAHRYhBOJesM8c6ASdR/HZpjPhDkoYOo5GBQJf7uW7
+AAoJEDPhDkoYOo5GhpcQALowCpZ8UowMWlQFfZ2ySJalnZM6S2RxCFiss4W9pGuu
+9PKuN2wdXW3HGkBGDAuQgLwanSfhGSt/urT3+DT40OlDMzanRwEK0qiSaSs/xBtK
+dNL7JmGbcWTXpNP3aHhfYhVOg7NJnsfZ8Ti3dfuv3ZrjcLvgdnZ/s6O9S3gU8DtH
+fpnOfE3hxjUEHEw9hs9Otc6foCqMDZDvfU3emYduD5AvTiXYdeD/mZBD4OmF99II
+XWNuQexAJ+xgOPdvXaYt0lBuXmfMcn/1hrU3RJqguwnPZ2cU5zo41/uSbdsFrTHK
+yEOLTn0XYYk07mZGdscljzmXbpsbAC4Jp8CDBhUfdzfi1n3AOyblk1nywfionLlz
+HDtfWQYCxp16N8S2MU7tA1w8rFNwVDVwmxIfgjLrjPAgvqSpCmLHTXNBfdLUYRAv
+SpY9TR+U4YOOuEx2Niwnprdjm1qilN+fmPR3tWvVChlD3kHmSpi1+9ix+xizlBjN
+eZ08Eq5rDBPsTpqJmoNS8pHE0EL3IVpcB1pZ5rd6UBSa7LoMLeWwWm7Ap5VZALfp
+jMNws4SA2q5OTRY2or/+m1+cfDWIP+2XQV4YaNFMbO7XKr3vnUOxY9gyADqfRJiv
+DljHiw5iLzbkaHs7dYJOPNMGMlRzZfkkxg6Patx44TQ2rO7LnyCgVdFZWDHNevgR
+Z8AP/152xfh3qsOnT+R32Rt8CcwXmKFxLylgpjegcUmbutow9zdlX26qZ67cJ/3p
+hNLZgAYKPrGecGA0BJ2UzsPEKKz8I/dAp96LpHo/24WqUamh1z2PRAgyJGC43zm0
+rA/KAlcht8bbI/VuZ5eAYXjH01QfPS7i7fFOryYYFqfH+BTp3ZEr/A7FkcOZXmNV
+Gg4+oC2t6cJnzDsM0MUJ7dgNAHTLGx6RZZahdE3LJ8oVJ8Vek9KtjJbPr143EZLt
+ymkiy93pzLUaKWfCZJCCI9nfJnNZnvoQXv0l3wnrQIFE14Fv0jbTALHRgRJlB4cZ
+i3teEuf7shSDsd13JDdfmxMsxnfeVsIUPa+J0GBSbe14JHXlcd0t03cpbzO547Qb
+rFpD98XO6Y7OefWD3pwDF2Izjnn4Cny/hpUIEO1A2j4qHhUkqmnFmBO6yIFic637
+CJnYe3uU7ss/TNIUKLhujqlcNl8WeOMVPbhnCuOhyQh2aioAKn1yiQ1EgNSIGIVD
+LwqMt0kxI52/aDkZgCcEfBFC1c17IeUH+G0HMGm49/acFHkhX61S4efXhvzH5J0l
+Dr+0qk4aVKNwqkUNp56GSMLhiiSYivX9Xa4qQGNlmrki1pC2DamlTXDLB67XQcRp
+dAc+4nNTK4E/czrr0+wlkgz7pC1MAllCLilyTSPGnKIPlOd2uQINBF/u5d0BEADF
++6hDuKvzbmKWZNXjJK6Em/5nnzBOa155YQLN91zMs6COI4p+YuIVPPzVWZYR0yHs
+gTWw45cMV+RYwuL/P+1Z84bgOyPloIVF9VQjOC+wB3Gn4qmTzobr6q+UfQVvUiUQ
+8fGG11teWvYpWiG91uialjHZmrpAOQxjHRxHPpi0cZtTFEqinCIy6c942xbtZnzf
+nzPpxkKl0a8s1eKZ0KlDK6Ab59nxAinilohXRg/U6sqypsyLl41L0qMZek5dEt4C
+r3spdSkZgxqJpLTqQy/5VB4pcfEaIaank3sLxhpil/oQiq+38WA0VkICQyeiCsvf
+eEKyt1C6COBNH+olegUxudTKDHFthyGMPRz3McI5jHxCyru0mfLJag2hHXzgGoaD
+VkYIwkvyVsHWDqrZMMXcCIUVlpphxtHo1M32AATnWFe4K1nFdbejR9XC5xWOgwbT
+zCblqporHzU0c8WBbfJ0Y10IDrHsa/F08PkFvVN48Ydik6rcwowSPxP+59Q9AKLh
+Isd2hzfWU2zAbG5Ph1wecwlYR3tp/0i3uSTDXfuuaY+vrqpoECN6fnSg8NxiBbjU
+JR0Ju6KDM2SeBUz5hp9BzL8+OPTogRZoinxBogrRAvdGLOnLG5hMjBezzF8UEvp6
+IMisGHBZgXoX4Juvf78RE8JOwHa+HUejj5kYiQW6TwARAQABiQRyBBgBCAAmFiEE
+fhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5d0CGwIFCQPrRYACQAkQdQ88h3I+QBLB
+dCAEGQEIAB0WIQT2AU9wN9W7TuO6I3E56nu98JFFWwUCX+7l3QAKCRA56nu98JFF
+W5whD/9Hu5cnJ0hnzqk3MQsdMXbTNLsv+KePV71kcMRat4hjw2Li/TUaC8xtA81d
+O/1obmsuoDAgv82KlQ7DLDXjFk2q45lJdgZxAkN3dEoYakdTIEi11FvwbhV+qxZK
+jTq3jFQho4i3GDLgrvBMG4B1TGMH0IPux9fmBGpxYKmp1GjhpgoMXp9bqzsV/mPZ
+TxPlmIpeJEO2jeCWKhHHw6rzwGjF68G3HiJ0TqvjdCtcNrwd3GTDsdEJtUl49aqF
+M7VfoqKjVdRO/YDL//+TJNOYz5EBGjIZxbhgZJ9Qz+geSBx9GJtDWdq193ofFi39
+oleTFnEMj+OeIr1Bc2pc8Z3HJttFknicJDkeze3mM0CZAkhVkLFy6DvAQkXrgvfp
+AUYFACQW8E2XmRBiKd4huojWYz5QGSEIk2fYRVhse2HAUZ9gTODSX2L13nls+BEi
+sArsmSFA/RQslDXW+Jl+P0e37BzN51uk2Dg4ylJUBgcpTRUn4Q8c1DgHDhkEVnBI
+ny2H/MFuhImw9g5xqlBfCEKh5D8D0e4fX28MhSsBlOCeIKJoY85U3GNY0tlIwAt8
+M7IIHe1n1qncPbAMmq0K48J1lfyTEbXpnSfArzEdbnosjBUaiQX5EwA656eZ6wb3
+Vq02UDei6KPuOosl4Voy+Ffq5MCkanVMA97/0wV3CeCvQYGbsvsUD/9fLYc3yH7A
+0xksK7PImztDR8MLsUPoiv/vnfZ+WJJ+YJ0TKAHm1ZO3NqeZmD7XoWHKwh83zsK8
+x/JUASCBN16isC+Ym6IwF83/HXJfKNvvotkr2WG6Dv8Vg1Hhk2Iv5y3EMbFa9rfv
+6vjxho+0sYrraJH8qQAM08IIOi7+afrkR/ikgA8V7ymqmdxtMMHZqG+h5R0VGTVw
+QBxZ5/ZiY56Qn5UH2m0Tc2AHOcAQTvCEwyb19IPyhif+rek3npSvKtDc6WBJioyi
+gvDhl+jgIfcIo77w6GthgbFc9k68Je56Peu2J30zWj76Z+Di1OJhAj1wFr4/XT5o
+c1MB/Vfyx3hEPRDNz7dRaDqoVnYVdoI0blyCiSkD9I4/axb4X3xN2SK4XA/zv+Lb
+1FbCM1XFL2aF+09tk+77EVdWsBmQpOArD0d54E1YulBGaxVm5QKfov23KiqHIFVF
+8WYqJqNJwbJRZii7klczkVm3wFte3NWK7HW8kfF147lv0z3AiZYnk0O6Mj1ip3R8
+Qm5yiv57DbbgIMkSPWCpEtFGHIoK2msJ2bQcizh2WGxLos00RTx3IVAeSAS54+kr
+rMBg50wNczcGHKPDUKLwkYczgHonUtljAkeXnTl69rifChI+KpjHNtF6dFgC1aSt
+MOud6HhAcd0f3lmuPzCGGp4YOQx9tV139bkCDQRf7uX4ARAAxaybudQK4fMIzLiV
+grIzthhb3/DK83PNohTNMemM2V2z1Ij5Dlu2XNDypMdR0rKM/QI3zWud1+vd2h/l
+QZlg58FspvrY6I7hI+cbdRldVaAKDGQHo5Bi0a7BkonZvS/0wnNUPIhy/znzXtXR
+f4L7ePZMofH/2shz4TZ1yNpU8zaomY6eNjSc51P4vVxtDQ4QofQeJEn8aO9a4whu
+O0TVEAPKRYBRgjM8faDuUJtLfiC3OrhLg+B7JVSF3di4JITAyafPbZACLjV7Umxb
+SUL3qTJZVpIuhF0xQOCE+WRx3Xs7lkPdHMqP2OaJ8Y4ymR08cSfIP2XFKsQFtoqT
+VyMQgGgI6VXF8OfnCnGgx0Do1vJNoL0neFzVXpCPPzh1RbcrtndZWum/1R4egkYg
+J8TPQH5X391J58Uwd5l9/ZDdoSeeQYdtTR4YQ8//ATFO3hoSRvES4U6ZwO8LM6di
+ra6pqb6j0liT+DdcBwE4C1bGJMJ6d93S5SfH3llDIMJo7uJDbKILFMES9rg7S6I8
++SW75TjKUk4Y7L8R8qwURqEyuOOGfaQXirqvji4PdcGDBiIk2Oq69Ky6lmlJgyIH
+SZ7SO1JXk0yAJTXb+a6FJTLFxidkIZzu+LhLBn/MhAPjVyv3qCTQ7O0lu8Mfcqg5
+8hhJ6IE79PBHS3z8ok+mFK0iGrcAEQEAAYkEcgQYAQgAJhYhBH4ckayAMKWlnR76
+uXUPPIdyPkASBQJf7uX4AhsCBQkD60WAAkAJEHUPPIdyPkASwXQgBBkBCAAdFiEE
+JFV3TUL9/mucOD64/hACvFlwgR8FAl/u5fgACgkQ/hACvFlwgR+LoRAAgtIgaKb4
+ZY8qoAFZeph+Syg+mMKfPJkBuGUedJl6IxbHBSg2mhnCjJ0bmdqxsAXgtcSUqmtZ
+Yw9NyoGgiVjs+gu5sQp1Oxc2/keQXaVksTkoXwdnf+2iXyp1WPeeLGySHmzuwy9c
+eExt+h0mVmBgFls2wNdFGPbVfiT3PvFkwqsnta6HebDTN4pMzvG1IIGV7L5KRo1E
+dmkrt3lXQWmdgHl3JoNQ9v/Jgf4jo6gDw53YvJFKJcaOOAS3d4CzPWmcLzcy4mf0
+9YI3DoQCbYL3cRNelUwzUF2L6QyPCwonXemLCmfkBgsSVqvW4fq8qbEHGF2fK7x3
+d7bZEsUiGCt/tXOkDkNJ31T/mC35nxZfcj8AMPixO+BnAeKeYC37LbQD76jrw526
+tUXsAF+QON5DPeot+e8bIx9qSbvdqpXDkK4lGcRTuS2OVC8J9XfDTch4wm3Kd4P4
+lDdRAJWnLfVay0m05LGlekWdEzcjP8KDaICH9rEs6f9e1gy6mTEBnBW//41BxELT
+KxoTGlcX3yEhCmK36g5C/+d6b7Ji5arGGTCa96v/xG32KYc1zfn3TYkCx06pPUbz
+iAl2l0MTpGeqz2hJMOGA3JuxwlksJKqnPYy0hHKdVW4Pnn25NeXcBp8wpkt8VZOR
+bzjw/TJB7qvJHoRo1tat85Uij9rAXqTyO8Ea0hAAi/EfuiDDy3GV7bvjFSA1XEjL
+d+F40g2X0QG/PHTScYB4rFJwV0GFUxLHr4g7iypAVI+BB4EYikx8gpee6B0g3J+r
+aCFDDrRPDKdqrpZK53oYcBPkdSBbCr5MAa/M3DerKBEgoBVUbaSHWN7OH2ae+5R6
+X2ERmYZdW4PCj6lw7a+RhkAsgKo8RjonjV61ehQPZh20noI19Q80BYYSCfHHvzy5
+vwvByhmTMJNrl3PDpBy9/TwBR5DpnHfOPJX6bnl3pdu65F2TRM6yoFbfoUiEqrXV
+4wC1I++N9VjrQvXSp0ik/XaMWq87wLIg+1owElJIzwyZWukQkZMAYtesVFz20YwC
+7Nu8SNr/NTSCH1EqLsS4YhBTsjpc2T8AqUlgxKrilmLbrj64PXgMsQ9WYm5zwlC5
+UA5eky5YhETFJ25dIaplMm47aIbPSH5f9y5eYPkfOCoMu5oDzDzoXdH9V1YfsHqa
+8bboSgTdariC23x38E9PaWQNyY2MFKL6cFt2ilIsMSSD6JAm1x8kBtn1bBopG588
+7mTDtlqHCw/QrTuLreJG9KJ1dQFJ/Q42+csH09l081wlv4BBuVlN1Xmj+c2sWn90
+l1BPZfYHd9jhggI96yTZhfTfFbSMSuGPQyqHnwDYdA3cNj5BYievBkO5FZaCe9SZ
+4xcYgqlVpv15O7VrD+I=
+=Uugw
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/debian/usr.sbin.kea-ctrl-agent b/debian/usr.sbin.kea-ctrl-agent
new file mode 100644
index 0000000..8a6d1f4
--- /dev/null
+++ b/debian/usr.sbin.kea-ctrl-agent
@@ -0,0 +1,28 @@
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile kea-ctrl-agent /usr/sbin/kea-ctrl-agent {
+ include <abstractions/base>
+
+ network inet stream,
+
+ /etc/kea/ r,
+ /etc/kea/** r,
+ /usr/sbin/kea-ctrl-agent mr,
+
+ owner /run/kea/kea-ctrl-agent.kea-ctrl-agent.pid w,
+ owner /run/lock/kea/logger_lockfile rwk,
+
+ # Control sockets
+ # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both
+ # locations
+ owner /{tmp,run/kea}/kea-ddns-ctrl-socket rw,
+ owner /{tmp,run/kea}/kea4-ctrl-socket rw,
+ owner /{tmp,run/kea}/kea6-ctrl-socket rw,
+
+ owner /var/log/kea/kea-ctrl-agent.log rw,
+ owner /var/log/kea/kea-ctrl-agent.log.[0-9]* rw,
+ owner /var/log/kea/kea-ctrl-agent.log.lock rwk,
+
+}
diff --git a/debian/usr.sbin.kea-dhcp-ddns b/debian/usr.sbin.kea-dhcp-ddns
new file mode 100644
index 0000000..040f791
--- /dev/null
+++ b/debian/usr.sbin.kea-dhcp-ddns
@@ -0,0 +1,31 @@
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile kea-dhcp-ddns /usr/sbin/kea-dhcp-ddns {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/openssl>
+
+ network inet dgram,
+ network netlink raw,
+
+ /etc/kea/ r,
+ /etc/kea/** r,
+ /usr/sbin/kea-dhcp-ddns mr,
+
+ owner /run/kea/kea-dhcp-ddns.kea-dhcp-ddns.pid w,
+ owner /run/lock/kea/logger_lockfile rwk,
+ owner /run/kea/logger_lockfile rwk,
+
+ # Control sockets
+ # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both
+ # locations
+ owner /{tmp,run/kea}/kea-ddns-ctrl-socket w,
+ owner /{tmp,run/kea}/kea-ddns-ctrl-socket.lock rwk,
+
+ owner /var/log/kea/kea-ddns.log rw,
+ owner /var/log/kea/kea-ddns.log.[0-9]* rw,
+ owner /var/log/kea/kea-ddns.log.lock rwk,
+
+}
diff --git a/debian/usr.sbin.kea-dhcp4 b/debian/usr.sbin.kea-dhcp4
new file mode 100644
index 0000000..0572c21
--- /dev/null
+++ b/debian/usr.sbin.kea-dhcp4
@@ -0,0 +1,44 @@
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile kea-dhcp4 /usr/sbin/kea-dhcp4 {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+
+ # for MySQL access, localhost
+ include <abstractions/mysql>
+ include <abstractions/openssl>
+
+ capability net_bind_service,
+ capability net_raw,
+
+ network inet dgram,
+ network inet stream,
+ network netlink raw,
+ network packet raw,
+
+ /etc/gss/mech.d/ r,
+ /etc/gss/mech.d/* r,
+
+ /etc/kea/ r,
+ /etc/kea/** r,
+ /usr/sbin/kea-dhcp4 mr,
+ /usr/sbin/kea-lfc Px,
+
+ owner /run/kea/kea-dhcp4.kea-dhcp4.pid w,
+ owner /run/lock/kea/logger_lockfile rwk,
+
+ # Control sockets
+ # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both
+ # locations
+ owner /{tmp,run/kea}/kea4-ctrl-socket w,
+ owner /{tmp,run/kea}/kea4-ctrl-socket.lock rwk,
+
+ # this includes .completed, .output, .pid, .[0-9]
+ owner /var/lib/kea/kea-leases4.csv* rw,
+
+ owner /var/log/kea/kea-dhcp4.log rw,
+ owner /var/log/kea/kea-dhcp4.log.[0-9]* rw,
+ owner /var/log/kea/kea-dhcp4.log.lock rwk,
+}
diff --git a/debian/usr.sbin.kea-dhcp6 b/debian/usr.sbin.kea-dhcp6
new file mode 100644
index 0000000..77d4bdc
--- /dev/null
+++ b/debian/usr.sbin.kea-dhcp6
@@ -0,0 +1,44 @@
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile kea-dhcp6 /usr/sbin/kea-dhcp6 {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+
+ # for MySQL access, localhost
+ include <abstractions/mysql>
+ include <abstractions/openssl>
+
+ network inet dgram,
+ network inet stream,
+ network netlink raw,
+ network packet raw,
+
+ /etc/gss/mech.d/ r,
+ /etc/gss/mech.d/* r,
+
+ /etc/kea/ r,
+ /etc/kea/** r,
+ /usr/sbin/kea-dhcp6 mr,
+ /usr/sbin/kea-lfc Px,
+
+ owner /run/kea/kea-dhcp6.kea-dhcp6.pid w,
+ owner /run/lock/kea/logger_lockfile rwk,
+
+ # Control sockets
+ # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both
+ # locations
+ owner /{tmp,run/kea}/kea6-ctrl-socket w,
+ owner /{tmp,run/kea}/kea6-ctrl-socket.lock rwk,
+
+ owner /var/lib/kea/kea-dhcp6-serverid rw,
+
+ # this includes .completed, .output, .pid, .[0-9]
+ owner /var/lib/kea/kea-leases6.csv* rw,
+
+ owner /var/log/kea/kea-dhcp6.log rw,
+ owner /var/log/kea/kea-dhcp6.log.[0-9]* rw,
+ owner /var/log/kea/kea-dhcp6.log.lock rwk,
+
+}
diff --git a/debian/usr.sbin.kea-lfc b/debian/usr.sbin.kea-lfc
new file mode 100644
index 0000000..32f1f9b
--- /dev/null
+++ b/debian/usr.sbin.kea-lfc
@@ -0,0 +1,31 @@
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile kea-lfc /usr/sbin/kea-lfc {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+
+ network inet dgram,
+
+ /usr/sbin/kea-lfc mr,
+
+ owner /run/kea/logger_lockfile rwk,
+ owner /run/lock/kea/logger_lockfile rw,
+
+ # Control sockets
+ # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both
+ # locations
+ owner /{tmp,run/kea}/kea4-ctrl-socket.lock r,
+ owner /{tmp,run/kea}/kea6-ctrl-socket.lock r,
+
+ # this includes .completed, .output, .pid, .[0-9]
+ owner /var/lib/kea/kea-leases4.csv* rw,
+
+ # this includes .completed, .output, .pid, .[0-9]
+ owner /var/lib/kea/kea-leases6.csv* rw,
+
+ owner /var/log/kea/kea-dhcp4.log w,
+ owner /var/log/kea/kea-dhcp6.log w,
+
+}
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..7e174c3
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,8 @@
+version=4
+opts=\
+compression=xz,\
+uversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\
+dirversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\
+dversionmangle=s/\.dfsg\./-/;s/[\.\+]dfsg$//,\
+pgpsigurlmangle=s/$/.asc/ \
+ https://ftp.isc.org/isc/kea/(\d+\.\d*[02468]+\.\d+)/kea-(.+)\.tar\.gz
diff --git a/debian/watch.include-odd-versions b/debian/watch.include-odd-versions
new file mode 100644
index 0000000..be33fe3
--- /dev/null
+++ b/debian/watch.include-odd-versions
@@ -0,0 +1,8 @@
+version=4
+opts=\
+compression=xz,\
+uversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\
+dirversionmangle=s/((rc|b)\d+)$/~$1/;s/-P(\d+)$/.P$1/,\
+dversionmangle=s/\.dfsg\./-/;s/[\.\+]dfsg$//,\
+pgpsigurlmangle=s/$/.asc/ \
+ https://ftp.isc.org/isc/kea/(\d+\.\d+\.\d+)/kea-(.+)\.tar\.gz